• Summary
• Related Documents
  • Active Bibliography
  • Co-citation
• Version History

Abstract:

Compilers in general and renements in particular do not necessarily preserve fault-tolerance. That is, given a fault-tolerant system as input, the concrete implementation that is output may not be fault-tolerant. In this paper, we identify a special class of renement, namely \convergence re-nement", that preserves the fault-tolerance property of stabilization. We illustrate the use of convergence renement by presenting the rst formal design of Dijkstra's little-understood 3-state stabilizing token-ring system. A dierent formal design yields a new 3-state stabilizing token-ring system. Our designs start with simple, high-atomicity token-ring systems that are not stabilizing, and then add a high-atomicity \wrapper " to the systems so as to achieve stabilization. Both the system and the wrapper are then independently rened to obtain a low-atomicity implementation, while preserving stabilization. We also show that convergence renement is amenable for graybox design of stabilization, i.e., design of stabilization based on system speci cation without knowledge of implementation details. Keywords: Fault-tolerance, stabilization, compilers, renements, convergence renement, atomicity, protocols, token-ring, graybox design Regular paper, eligible for best student paper award.

Citations