Jørgen F. Søgaard-Andersen

Learn More
When proving the correctness of algorithms in distributed systems, one generally considers safety conditions and liveness conditions. The Input/Output (I/O) automaton model and its timed version have been used successfully, but have focused on safety conditions and on a restricted form of liveness called fairness. In this paper we develop a new I/O(More)
This paper presents a scalable approach to reasoning formally about distributed algorithms. It uses results about IIO automata to extract a set of proof obligations for showing that the behaviors of one algorithm are among those of another, and it uses the Larch tools for speciication and deduction to discharge these obligations in a natural and(More)
This paper addresses the issues of formal description and veriication for communication protocols. Speciically, we present the results of a project concerned with proving correctness of two diierent solutions to the at-most-once message delivery problem. The two implementations are the well-known ve-packet handshake protocol and a timing-based protocol(More)
" Liveness in timed and untimed systems, " Proc. 21st In-e.g. [11]), we can compute the expected time to deliver and the expected number of packets sent by a protocol over all packet histories in. As an example of the sort of lower bound one might try to prove in this model, we show the following result; speaking informally, it says that every algorithm(More)
  • 1