A Trace-Based Compositional Proof Theory for Fault Tolerant Distributed Systems

We present a compositional network proof theory to specify and verify safety properties of fault tolerant distributed systems. In this proof theory we abstract from the precise nature and occurrence of faults, but mode1 their effect on the externally visible input and output behaviour. To this end we formalize a fault hypothesis as a reflexive relation between the normal behaviour (i.e. the behaviour when no faults occur) of a system and its acceptable beha.viour, that is, the normal behaviour together with the exceptional behaviour (Le. the behaviour whose abnormality should be tolerated). The method is composit.ional to allow for the reasoning with the specifications of processes while ignoring their implement.ation details. This compositionality is achieved by starting from a SAT formalism to reason about the normal behaviour and extending it with a single rule to obtain a specification of the acceptable behaviour from the specification of the normal behaviour and a predicate characterizing the fault hypothesis. We prove soundness and relative network completeness of the method. Our approach is illustrated by a.pplying it to a triple modular redundant component and the alternating bit protocol.