This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Specifying Graceful Degradation
January 1991 (vol. 2 no. 1)
pp. 93-104

A description is given of the relaxation lattice method, a new approach to specifyinggraceful degradation for a large class of programs. A relaxation lattice is a lattice ofspecifications parameterized by a set of constraints, where the stronger the set ofconstraints, the more restrictive the specification. While a program is able to satisfy itsstrongest set of constraints, it satisfies its preferred specification, but if changes to theenvironment force it to satisfy a weaker set, then it will permit additional weaklyconsistent computations which are undesired but tolerated. The use of relaxation latticesis illustrated by specifications for programs that tolerate (1) faults, such as site crashesand network partitions, (2) timing anomalies, such as attempting to read a value too soonafter it was written, (3) synchronization conflicts, such as choosing the oldest unlockeditem from a queue, and (4) security breaches, such as acquiring unauthorized capabilities.

[1] M. Ahamad and M.H. Ammar, "Performance characterization of quorum-consensus algorithms for replicated data," Tech. Rep. GITICS-86/23, School of Inform. and Comput. Sci., Georgia Institute of Technol., Sept. 1986.
[2] D.E. Bell and L. J. LaPadula, "Secure computer systems: Unified exposition and multics interpretation," Tech. Rep. ESD-TR-75-306, The MITRE Corp., Bedford, MA, Mar. 1976.
[3] P. A. Bernstein and N. Goodman, "The failure and recovery problem for replicated databases," inProc. 2nd Ann. Symp. Principles of Distributed Computing, 1983, pp. 114-122.
[4] K. Birman, "Replication and fault-tolerance in the Isis system," inProc. 10th Symp. Oper. Syst. Principles, ACM/SIGOPS, Dec. 1985, pp. 79-86.
[5] A.D. Birrell et al., "Grapevine: An Exercise in Distributed Computing,"Comm. ACM, Apr. 1982, pp. 260-274.
[6] J. Chang and N. F. Maxemchuk, "Reliable broadcast protocols,"ACM Trans. Comput. Syst., vol. 2, no. 3, pp. 251-273, Aug. 1984.
[7] F. Cristian, "A rigorous approach to fault-tolerant system development," Tech. Rep. RJ 4008, IBM Res. Lab., Sept. 1983.
[8] I. Durham and M. Shaw, "Specifying reliability as a software attribute," Tech. Rep. CS-82-148, Carnegie-Mellon Univ., Dec. 1982.
[9] K. P. Eswaran, J. N. Gray, R. A. Lorie, and I. L. Traiger, "The notions of consistency and predicate locks in a database system,"Commun. ACM, vol. 19, no. 11, pp. 624-633, Nov. 1976.
[10] M. Fischer and A. Michael, "Sacrificing serializability to attain high availability of data in an unreliable network," inProc. 1st Symp. Principles Database Systems, Mar. 1982, pp. 70-75.
[11] H. Garcia-Molina, "Using semantic knowledge for transaction processing in a distributed database,"ACM Trans. Database Syst., vol. 8, no. 2, June 1983.
[12] D. Gifford, "Weighted voting for replicated data," inProc. 7th ACM Symp. Oper. Syst. Principles, Dec. 1979, pp. 150-162.
[13] J. Gray, "Notes on database operation systems," inOperating Systems: An Advanced Course(Lecture Notes in Computer Science, vol. 60) Berlin: Springer-Verlag, 1978.
[14] J. V. Guttag, J. J. Horning, and J. M. Wing, "The Larch family of specification languages,"IEEE Softwure, vol. 2, no. 5, pp. 24-36, Sept. 1985.
[15] J. V. Guttag, J. J. Horning, and J. M. Wing, "Larch in five easy pieces," Tech. Rep. 5, DEC Systems Research Center, July 1985.
[16] M. P. Herlihy, "A quorum-consensus replication method for abstract data types,"ACM Trans. Comput. Syst., vol. 4, no. 1, Feb. 1986.
[17] M. P. Herlihy and J. M. Wing, "Specifying graceful degradation in distributed systems," inProc. Principles of Distributed Computing, Vancouver, B.C., Canada, 1987.
[18] S. Khosla, T. S. E. Maibaum, and M. Sadler, "Large database specifications from small views," inProc. Fifth Conf. Foundations software Technol. Theoret. Comput. Science (LNCS 206).Berlin, Germany: Springer-Verlag, 1985, pp. 246-271.
[19] L. Lamport, "Time, clocks, and the ordering of events in a distributed system,"Commun. ACM, vol. 21, no. 7, pp. 558-565, July 1978.
[20] L. Lamport, "A simple approach to specifying concurrent systems,"Commun. ACM, vol. 32, pp. 32-45, 1989.
[21] B. W. Lampson, "Protection,"ACM Oper. Syst. Rev., vol. 19, no. 5, pp. 13-24, Dec. 1985.
[22] B. Liskov and R. Scheifler, "Guardians and actions: linguistic support for robust, distributed programs,"ACM Trans. Program. Languages Syst., vol. 5, no. 3, pp. 381-404, July 1983.
[23] B. H. Liskov and W.E. Weihl, "Specifications of distributed programs,"Distributed Comput., vol. 1, no. 2, pp. 102-118, Apr. 1986.
[24] G. Popeket al., "LOCUS: A network transparent, high reliability distributed system," inProc. 8th ACM Symp. on Operating Systems Principles, dec. 1981, pp. 169-177.
[25] P. M. Schwarz and A. Z. Spector, "Synchronization shared abstract types,"ACM Trans. Comput. Syst., Aug. 1984.
[26] W. E. Weihl, "Specification and implementation of atomic data types," Ph.D. dissertation, Massachusetts Instit. Technol., 1984. Available as Tech. Rep. MIT/LCS/TR 314.
[27] W. E. Weihl and B. Liskov, "Specification and implementation of resilient atomic data types," inProc. SIGPLAN Symp. Programming Language Issues, June 1983.
[28] J. M. Wing, "A two-tiered approach to specifying programs," Tech. Rep. MIT-LCS-TR-299, MIT Lab. for Comput. Sci., June 1983.
[29] J. M. Wing, "A specifier's introduction to formal methods,"IEEE Comput. Mag., Sept. 1990.

Index Terms:
Index Termsgraceful degradation specification; relaxation lattice method; large class of programs; site crashes; network partitions; timing anomalies; synchronization conflicts; security breaches; fault tolerant computing; formal specification
Citation:
M.P. Herlihy, J.M. Wing, "Specifying Graceful Degradation," IEEE Transactions on Parallel and Distributed Systems, vol. 2, no. 1, pp. 93-104, Jan. 1991, doi:10.1109/71.80192
Usage of this product signifies your acceptance of the Terms of Use.