[cap-talk] controversial article
Mark Miller
erights at gmail.com
Sat Jul 4 18:50:33 EDT 2009
On Sat, Jul 4, 2009 at 3:12 PM, Matej Kosik<kosik at fiit.stuba.sk> wrote:
> Toby Murray wrote:
>> ...
>>
>> So defensive consistency asserts that no misbehaving client can cause a
>> server to give incorrect service to a well behaved client.
>>
>> Defensive correctness asserts that no misbehaving client can prevent a
>> server from giving incorrect service to a well behaved client. It is
>> like a liveness property because it asserts that something ("correct
>> service being rendered to all well behaved clients, regardless of the
>> actions of misbehaving clients") must happen.
>
> I have somewhat updated my viewpoint.
> I have rewritten sections 2 and 3 in
> http://altair.fiit.stuba.sk/mediawiki/upload/2/2d/Sofsem2010.pdf
> Now I draw some analogies of our two properties with which we are concerned:
> - defensive consistency
> - defensive correctness
> with other safety or liveness properties. The new text makes more sense
> to. I must yet update the rest of the paper.
Hi Matej, still absorbing. But one quick comment:
"In order to prove that a given subsystem is defensively correct, it is
in general not enough to review its own code but it may be necessary to review
also client’s code."
This contradicts the definition of defensive correctness, including
the definition you give in the preceding paragraph. The rest of your
paper seems consistent with your definition rather than with the quote
above. Perhaps you meant "totally correct" in this quote?
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list