Safety and liveness properties

Properties of an execution of a computer program—particularly for concurrent and distributed systems—have long been formulated by giving safety properties ("bad things don't happen") and liveness properties ("good things do happen").[1]

A program is totally correct with respect to a precondition and postcondition if any execution started in a state satisfying terminates in a state satisfying . Total correctness is a conjunction of a safety property and a liveness property:[2]

  • The safety property prohibits these "bad things": executions that start in a state satisfying and terminate in a final state that does not satisfy . For a program , this safety property is usually written using the Hoare triple .
  • The liveness property, the "good thing", is that execution that starts in a state satisfying terminates.

Note that a bad thing is discrete,[3] since it happens at a particular place during execution. A "good thing" need not be discrete, but the liveness property of termination is discrete.

Formal definitions that were ultimately proposed for safety properties[4] and liveness properties[5] demonstrated that this decomposition is not only intuitively appealing but is also complete: all properties of an execution are a conjunction of safety and liveness properties.[5] Moreover, undertaking the decomposition can be helpful, because the formal definitions enable a proof that different methods must be used for verifying safety properties versus for verifying liveness properties.[6][7]

  1. ^ Lamport, Leslie (March 1977). "Proving the correctness of multiprocess programs". IEEE Transactions on Software Engineering. SE-3 (2): 125–143. CiteSeerX 10.1.1.137.9454. doi:10.1109/TSE.1977.229904. S2CID 9985552.
  2. ^ Manna, Zohar; Pnueli, Amir (September 1974). "Axiomatic approach to total correctness of programs". Acta Informatica. 3 (3): 243–263. doi:10.1007/BF00288637. S2CID 2988073.
  3. ^ i.e. it has finite duration
  4. ^ Alford, Mack W.; Lamport, Leslie; Mullery, Geoff P. (3 April 1984). "Basic concepts". Distributed Systems: Methods and Tools for Specification, An Advanced Course. Lecture Notes in Computer Science. Vol. 190. Munich, Germany: Springer Verlag. pp. 7–43. ISBN 3-540-15216-4.
  5. ^ a b c Alpern, Bowen; Schneider, Fred B. (1985). "Defining liveness". Information Processing Letters. 21 (4): 181–185. doi:10.1016/0020-0190(85)90056-0.
  6. ^ Alpern, Bowen; Schneider, Fred B. (1987). "Recognizing safety and liveness". Distributed Computing. 2 (3): 117–126. doi:10.1007/BF01782772. hdl:1813/6567. S2CID 9717112.
  7. ^ The paper[5] received the 2018 Dijkstra Prize ("for outstanding papers on the principles of distributed computing whose significance and impact on the theory and/or practice of distributed computing have been evident for at least a decade"), for the formal decomposition into safety and liveness properties was crucial to future research into proving properties of programs.