References for Chapter III

[I] G. Agha, S. Frolund, R. Panwar and D. Sturman, "A Linguistic Framework for Dynamic Composition of Fault Tolerance Protocols", in Proc. 3rd IFfP Working Cont: on Dependable Computing for Critical Applications, (Mondello, Sicily), Dependable Computing and Fault-Tolerant Systems, 8, pp.345-64, 1992.

12J N. Ahituv, Y. Lapid and S. Neumann, "Processing Encrypted Data", Communications of the A CM, 30 (9), pp. 777 -80, September 1987.

[3) P. E. Ammann and J. C. Knight, "Data Diversity: An approach to software fault tolerance", IEEE Trans. Comput., 37 (4), pp.418-25, 1988.

[4) T. Anderson (Ed.), Resilient Computing Systems, Collins Professional and Technical Books, 1985.

[5) T. Anderson, "A Structured Decision Mechanism for Diverse Software", in Proc. 6th IEEE Symp. Reliability in Distributed Software and Database Systems, (Los Angeles, CA), pp.125-9, 1986.

[6] T. Anderson, P. A. Barrett, D. N. Halliwell and M. R. Moulding, "Software Fault Tolerance: An evaluation", IEEE Trans. Software Engineering, SE-II (12),pp.128-34,1985.

[7[ T. Anderson and 1. C. Knight, "A Framework for Software Fault Tolerance in Real-Time Systems", IEEE Trans. Soft. Eng., SE-9 (3), pp.355-64, 1983.

(8) T. Anderson and P. A. Lee, Fault Tolerance: Principles and practice, Prentice Hall, 1981.

[9] Arjuna, The A/juna System Programmer's Guide, Department of Computing Science, University of Newcastle upon Tyne, UK, July 1992.

[10] J. Arlat, M. Aguera, L. Amat, Y. Crouzet, J. C. Fabre, J. C. Laprie, E. Martins and D. Powell, "Fault Injection for Dependability Validation: A methodology and some applications", IEEE Transactions on Software Engineering, 16 (2), pp. I 66-82, February 1990.

[II) G. Attardi, C. Bonini, M. R. Boscotrecase, T. Flagella and M. Gaspari, "Metalevel Programming in CLOS", in Proc. 3rd European Conference on Object-Oriented Programming (ECOOP'89), pp.243-56, 1989.

[12] A. Avizienis, 'The N-version Approach to Fault-Tolerant Systems", IEEE Transactions on Software Engineering, II (12), pp.1491-501, December 1985.

[n) A. Avizienis and L. Chen, "On the Implementation of N-Version Programming for Software Fault Tolerance During Execution", in Int. Con! Comput. Soft. and Applic., (New York), pp.149-55, 1977.

[14] A. Avizienis and J. P. J. Kelly, "Fault Tolerance by Design Diversity: Concepts and experiments", IEEE Computer, 17 (8), pp.67-80, August 1984.

226 Fault Tolerance

[15] A. Avizienis and J. C. Laprie, "Dependable Computing: From concepts to design diversity", Proc. IEEE, 74 (5), pp.629-38, 1986.

[16] O. Babaoglu, "On the Reliability of Consensus-Based Fault-Tolerant Distributed Computing Systems", ACM Trans. on Computer Systems, 5 (3), pp.394-416, 1987.

[17] J. P. Banatre, M. Banatre and F. Ployette, 'The Concept of Multi-Functions: A general structuring tool for distributed operating systems", in Proc. 6th Int. Can! Distributed Computing Systems, ppA 78-85, 1986.

[18] M. Barborak, M. Malek and A. Dahbura, "The Consensus Problem in Fault­Tolerant Computing", ACM Computing Surveys, 25 (2), pp.171-220, June 1993.

[19] G. Barigazzi and L. Strigini, "Application-Transparent Setting of Recovery Points", in Proc. 13th Int. Symp. on Fault-Tolerant Computing (FTCS- J 3), (Milan), IEEE Computer Society Press, 1983.

[20] P. A. Barrett, A. M. Hilborne, P. G. Bond, D. T. Seaton, P. Verfssimo, L. Rodrigues and N. A. Speirs, "The Delta-4 Extra Performance Architecture (XPA)", in Proc. 20th Int. Symp. on Fault-Tolerant Computing Systems (FTCS-20), (Newcastle upon Tyne, UK), ppA81-8, IEEE Computer Society Press, 1990.

[21] J. F. Bartlett, "A Non-Stop (TM) Kernel", in Proc. 8th ACM Symp. on Operating Systems Principles, (Pacific Grove, CA, USA), pp.22-9, 1981.

[22] E. Best and B. Randell, "A Formal Model of Atomicity in Asynchronous Systems", Acta Informatica, 16, pp.93-124, 1981.

[23] K. P. Birman, "Replication and Fault-Tolerance in the ISIS System", A CM Operating Systems Review, 19 (5), pp.79-86, 1985.

[24] K. P. Birman and T. A. Joseph, "Exploiting Virtual Synchrony in Distributed Systems", ACM Operating Systems Review, 21 (5), pp.123-8, 1987.

[25] D. M. Blough and G. Sullivan, "A Comparison of Voting Strategies for Fault-Tolerant Distributed Systems", in Proc. 9th Symp. on Reliable Distributed Systems (SRDS-9), (Huntsville, Alabama), pp.136-45, 1990.

[26] A. Bondavalli, S. Chiaradonna and F. Di Giandomenico, "Efficient Fault Tolerance: An approach to deal with transient faults in mUltiprocessor architectures", in Proc. Int. Can! on Parallel and Distributed Systems (ICPADS'94), (Hsinchu, Taiwan), pp.354-9, IEEE Computer Society, 1994.

[27] A. Bondavalli, F. Di Giandomenico and 1. Xu, "A Cost-Effective and Flexible Scheme for Software Fault Tolerance", 1. of Computer Systems Science and Engineering, 8 (4), pp.234-44, October 1993.

[28] A. Bondavalli and L. Simoncini, Failure Classification with respect to Detection, Esprit Project N°3092 (PDCS: Predictably Dependable Computing Systems), First Year Report, May 1990.

References 227

[29] A. Bondavalli, J. A. Stankovic and L. Strigini, "Adaptable Fault Tolerance for Real-Time Systems", in Proc. 3rd Int. Workshop on Responsive Computer Systems, (New Hampshire), pp.123-32, 1993.

[30] R. H. Campbell, K. H. Horton and G. G. Belford, "Simulations of a Fault­Tolerant Deadline Mechanism", in Proc. 9th Int. Symp. Fault-Tolerant Comput., (Madison), pp.95-101, 1979.

[31] R. H. Campbell and B. Randell, "Error Recovery in Asynchronous Systems", IEEE Trans. Software Engineering, SE-12 (8), pp.811-26, 1986.

[32] M. Chereque, D. Powell, P. Reynier, J.-L. Richier and J. Voiron, "Active Replication in Delta-4", in Proc. 22nd Int. Symp .. on Fault-Tolerant Computing (FTCS-22), (Boston, MA, USA), pp.28-37, IEEE Computer Society Press, 1992.

[33] D. R. Cheriton, "The V Distributed System", Communications of the ACM, 31 (3), pp.314-33, March 1988.

[34] S. Chiba and T. Masuda, "Designing an Extensible Distributed Language with Meta-Level Architecture", in Proc. 7th European Conference on Object­Oriented Programming (ECOOP'93), (0. Nierstrasz, Ed.), (Kaiserslautern, Germany), Lecture Notes in Computer Science, 707, pp.482-501, 1993.

[35] K. Y. Chwa and S. L. Hakimi, "Schemes for Fault-Tolerant Computing: A comparison of modularly redundant and t-diagnosable systems", Information and Control, 49 (3), pp.212-38, June 1981.

[36] F. Cristian, "Exception Handling and Software Fault Tolerance", IEEE Trans. on Computers, C-31 (6), pp.531-40, 1982.

[37] F. Cristian, "Exception Handling", in Dependability of Resilient Computers (T. Anderson. Ed.). pp.68-97. Blackwell Scientific Publications. 1989.

[38] F. Cristiano H. Aghili. R. Strong and D. Dolev. "Atomic Broadcast: From simple message diffusion to Byzantine agreement", in Proc. 15th Int. Symp. on Fault-Tolerant Computing (FTCS-15), (Ann Arbor, Michigan), pp.200-6. IEEE Computer Society Press. 1985.

[39] A. T. Dahbura, K. K. Sabnani and W. 1. Hery, "Spare Capacity as a Means of Fault Detection and Diagnosis in Multiprocessor Systems", IEEE Transactions on Computers, C-38 (6), pp.881-91, June 1989.

[40] A. T. Dahbura, K. K. Sabnani and L. L. King, "The Comparison Approach to Multiprocessor Fault Diagnosis", IEEE Transactions on Computers, C-36 (3), pp.373-8, March 1987.

[41] A. Damm, "The Effectiveness of Software Error-Detection Mechanisms in Real-Time Operating Systems", in Proc. 16th Int. Symp. on Fault-Tolerant Computing (FTCS- 16), (Vienna, Austria), pp.171-6, IEEE Computer Society Press, 1986.

[42] Y. Deswarte, L. Blain and J.-C. Fabre, "Intrusion Tolerance in Distributed Computing Systems", in Proc. 1991 Symp. on Research in Security and

228 Fault Tolerance

Privacy, (Oakland, California), pp.11 0-21, IEEE Computer Society Press, 1991.

[43] D. L. Detlefs, M. P. Herlihy and 1. M. Wing, "Inheritance of Synchronization and Recovery Properties in Avalon/C++", Computer, pp.57-69, December 1988.

[44] F. Di Giandomenico and L. Strigini, "Adjudicators for Diverse Redundant Components", in Proc. 9th Int. Symp. Reliable Distributed Systems, (Huntsville, Alabama), pp.114-23, IEEE, 1990.

[45] F. Di Giandomenico, 1. Xu and A. Bondavalli, "Software Fault Tolerance: Dynamic combination of dependability and efficiency", in 1st PDCS2 Open Workshop, (Toulouse, France), pp.93-116, 1993.

[46] K. Echtle, "Fault Diagnosis by Combination of Absolute and Relative Tests", in 1st European Workshop on Dependable Computing (no proceedings), (Toulouse), 1989.

[47J D. E. Eckhardt, A. K. Caglayan, 1. C. Knight, L. D. Lee, D. F. McAllister, M. A. Vouk and 1. P. 1. Kelly, "An Experimental Evaluation of Software Redundancy as a Strategy for Improving Reliability", IEEE Trans. Soft. Eng., 17 (7), pp.692-702, 1991.

[48] P. D. Ezhilchelvan and S. K. Shrivastava, "A Characterization of Faults in Systems", in Proc. 5th IEEE Int. Symp. Reliability in Distributed Software and Database Systems, (Los Angeles, CA. USA), pp.215-22, IEEE Computer Society Press, 1986.

[49] P. D. Ezhilchelvan and S. K. Shrivastava, A Classification of Faults in Systems. U ni versity of Newcastle upon Tyne, UK, Technical Report, 1989.

[50] 1. C. Fabre, Y. Deswarte and B. Randell, "Designing Secure and Reliable Applications using Fragmentation-Redundancy-Scattering: An object-oriented approach", in Proc. of the First European Dependable Computing Conference (EDCC-I), (Berlin, Germany), Lecture Notes in Computer Science, 852, (K. Echtle, D. Hammer and D. Powell, Eds.), pp.23-38, Springer-Verlag, 1994.

[51J 1. C. Fabre, V. Nicomette, T. Perennou, R. 1. Stroud and Z. Wu, "Implementing Fault-Tolerant Applications using Reflective Object-Oriented Programming", in Proc. 25th Int. Symp. on Fault-Tolerant Computing (FTCS-25), (Pasadena, CA, USA), IEEE Computer Society Press, 1995.

[52] 1. C. Fabre and B. Randell, "An Object-Oriented View of Fragmented Data Processing for Fault and Intrusion Tolerance in Distributed Systems", in Proc. 2nd European Symp. on Research in Computer Security (ESORICS 92), (Y. Deswarte, G. Eizenberg and 1.-1. Quisquater, Eds.), (Toulouse, France), Lecture Notes on Computer Science, 648, pp.193-208, Berlin: Springer­Verlag, 1992.

[53] 1. Gray, "Why Do Computers Stop And What Can Be Done About It?", in Proc. 5th Symp. on Reliability in Distributed Software and Database Systems, (Los Angeles, CA, USA), pp.3-12, IEEE Computer Society Press, 1986.

References 229

[54] 1. Gray and A. Reuter, Transaction Processing: Concepts and techniques, Morgan Kaufmann, 1993.

[55] S. T. Gregory and 1. C. Knight, "A New Linguistic Approach to Backward Error Recovery", in Proc. 15th Int. Symp. Fault-Tolerant Computing (FTCS-15), (Michigan), pp.404-9, IEEE Computer Society Press, 1985.

[56] G. Grunsteidl and H. Kopetz, "A Reliable Multicast Protocol for Distributed Real-Time Systems", in Proc. 8th IEEE Workshop on Real-Time Operating Systems and Software, (Atlanta, GA, USA), pp.19-24, 1991.

[57] H. Hecht, "Fault-Tolerant Software for Real-Time Applications", A C M Computing Surveys, 8 (4), pp.391-407, 1976.

[58] M. Hecht, J. Agron, H. Hecht and K. H. Kim, "A Distributed Fault-Tolerant Architecture for Nuclear Reactor and Other Critical Process Control Applications", in Proc. 21st Int. Symp. Fault-Tolerant Computing (FTCS-2/), (Montreal), pp.462-9, IEEE Computer Society Press, 1991.

[59] M. Herlihy, "Apologizing Versus Asking Permission: Optimistic concurrency control for abstract data types", ACM Trans. DataBase Systems, 15 (I), pp.96-124, 1990.

[60] J. J. Horning, H. C. Lauer, P. M. Melliar-Smith and B. Randell, "A Program Structure for Error Detection and Recovery", Lecture Notes in Computer Science, 16, pp.I77-93, 1974.

[61] Y. Huang and C. M. R. Kintala, "Software Implemented Fault Tolerance: Technologies and experience", in Proc. 23rd Int. Con! Fault-Tolerant Computing (FTCS-23). (Toulouse, France), pp.2-9, IEEE Computer Society Press, 1993.

[62] The Isis Distrihuted Toolkit: User reference manual, Isis Distributed Systems, Inc., 1992.

[63] V. Issarny, "An Exception Handling Mechanism for Parallel Object-Oriented Programming: Towards reusable, robust distributed software", Journal of Ohject-Oriented Programming, 6 (6), pp.29-40, 1993.

[64] P. Jalote and R. H. Campbell, "Atomic Actions for Fault Tolerance using CSP", IEEE Trans. Soft. Eng., SE-12 (I), pp.59-68, 1986.

[65] B. W. Johnson, Design and Analysis of Fault-Tolerant Digital Systems, Addison-Wesley Pub. Co., 1989.

[66] K. Kanekawa, H. Maejima, H. Kato and H. Ihara, "Dependable Onboard Computer Systems with a New Method: Stepwise negotiating voting", in Proc. 19th Int. Symp. Fault-Tolerant Computing (FTCS-19), (Chicago), pp.13-9, 1989.

[67] J. Karlsson, U. Gunneflo and 1. Torin, 'The Effects of Heavy-Ion Induced Single Event Upsets in the MC6809E Microprocessor", in Proc 4th Int. Symp. Fault-Tolerant Computing Systems (FTCS-4), (Baden-Baden, W. Germany), Springer Verlag, 1989.

230 Fault Tolerance

[68] J. Karlsson, U. Gunnelfo and J. Torin, "Use of Heavy-Ion Radiation from Californium-252 for Fault Injection Experiments", in Proc. Int. Working Can! on Dependable Computing for Critical Applications, (Santa Barbara, CA, USA), pp.79-84, 1989.

[69] G. Kiczales, J. d. Rivieres and D. G. Bobrow, The Art of the Metaobject Protocol, MIT Press, 1991.

[70] K. H. Kim, "An Approach to Programmer-Transparent Coordination of Recovering Parallel Processes and its Efficient Implementation Rules", in Int. Can! Parallel Processing, pp.58-68, 1978.

[711 K. H. Kim, "Approaches to Mechanization of the Conversation Scheme Based on Monitors", IEEE Trans. Soft. Eng., SE-8 (3), pp. I 89-97, 1982.

[721 K. H. Kim, "Distributed Execution of Recovery Blocks: An approach to uniform treatment of hardware and software faults", in Proc. 4th Int. Can! Distrihuted Comput. Sys., pp.526-32, 1984.

[73J K. H. Kim and H. O. Welch, "Distributed Execution of Recovery Blocks: An approach for uniform treatment of hardware and software faults in real-time applications", IEEE Trans. Comput., C-38 (5), pp.626-36, May 1989.

[74] K. H. Kim and J. C. Yoon, "Approaches to Implementation of a Repairable Distributed Recovery Block Scheme", in Proc. 18th Int. Symp. Fault-Tolerant Computing (FTCS-18), (Tokyo), pp.50-5, IEEE Computer Society Press, 1988.

[75] K. H. Kim and J. H. You, "A Highly Decentralized Implementation Model for the Programmer-Transparent Coordination (PTC) Scheme for Cooperati ve Recovery", in Proc. 20th Int. Symp. Fault-Tolerant Computing (FTCS-20), (Newcastle), pp.282-9, IEEE Computer Society Press, 1990.

[761 J. C. Knight and N. G. Leveson, "An Experimental Evaluation of the Assumption of Independence in Mu1tiversion Programming", IEEE Trans. Soft. Eng., SE-12 (I), pp.96-1 09, 1986.

[77] J. C. Knight, N. G. Leveson and L. D. S. Jean, "A Large Scale Experiment in N-Version Programming", in Proc. 15th Int. Symp. Fault-Tolerant Computing (FTCS-J5), (Michigan), pp.135-40, IEEE Computer Society Press, 1985.

[78] A. Koenig and B. Stroustrup, "Exception Handling in C++", Journal of Object-Oriented Programming, 3 (7-8), pp.16-33, 1990.

[79J R. Koo and S. Toueg, "Checkpointing and Rollback-Recovery for Distributed Systems", IEEE Trans. Sofi. Eng., SE-13 (I), pp.23-31, 1987.

[80] H. Kopetz, A. Damm, C. Koza, M. Mulazzani, W. Schwabl, C. Senft and R. Zainlinger, "Distributed Fault-Tolerant Real-Time Systems: The MARS approach", IEEE Micro, 9 (I), pp.25-40, February 1989.

[81] H. Kopetz, G. Griinsteidl and J. Reisinger, "Fault-Tolerant Membership Service in a Synchronous Distributed Real-Time System", in Dependahle

References 231

Computing for Critical Applications (A. Avizienis and J. C. Laprie, Eds.), pp.411-29, Springer-Verlag, 1991.

[82J H. Kopetz and K. Kim, "Temporal Uncertainties in Interactions among Real­Time Objects", in Proc. 9th Symp. on Reliable Distributed Systems, (Huntsville, AL, USA), pp.165-74, IEEE Computer Society Press, 1990.

[83] H. Kopetz and W. Ochsenreiter, "Clock Synchronisation in Distributed Real­Time Systems", IEEE Trans. Computers, 36 (8), pp.933-40, August 1987.

[84] J. H. Lala and L. S. Alger, "Hardware and Software Fault Tolerance: A unified architectural approach", in Proc. 18th Int. Symp. Fault-Tolerant Computing (FTCS-18), (Tokyo), pp.240-5, 1988.

[85J L. Lamport, R. Shostak and M. Pease, "The Byzantine Generals Problem", ACM Trans. on Programming Languages and Systems, 4 (3), pp.382-401, 1982.

[86J 1. C. Laprie (Ed.), Dependability: Basic concepts and terminology - in English, French, German, German and Japanese, Dependable Computing and Fault Tolerance, 5, 265p., Springer-Verlag, Vienna, Austria, 1992.

[87] 1. C. Laprie, 1. Arlat, C. Beounes and K. Kanoun, "Definition and Analysis of Hardware-and-Software Fault-Tolerant Architecture, Appendix: Cost of software fault tolerance", in 1st Workshop Predictably Dependable Computing Systems, (Toulouse), 1990.

[88] 1. C. Laprie, J. Arlat, C. Beounes and K. Kanoun, "Definition and Analysis of Hardware-and-Software Fault-Tolerant Architectures", IEEE Computer (Special Issue on Fault Tolerant Systems), 23 (7), pp.39-51, July 1990.

[89J 1. C. Laprie, J. Arlat, C. Beounes, K. Kanoun and C. Hourtolle, "Hardware and Software Fault Tolerance: Definition and analysis of architectural solutions", in Proc. 17th Int. Symp. on Fault-Tolerant Computing (FTCS­J 7), (Pittsburgh, PA), pp.1I6-121, IEEE Computer Society Press, 1987.

[90] J. C. Laprie, K. Kanoun, C. Beounes and M. Kaiiniche, "The Transformation Approach to the Modelling and Evaluation of Reliability and Availability Growth", in Proc. 20th Int. Symp. on Fault-Tolerant Computing (FTCS-20), (Newcastle upon Tyne), pp.364-71, IEEE Computer Society Press, 1990.

[91] R. Lea, P. Amaral and C. Jacquemot, "COOL-2: An object-oriented support platform built above the Chorus Micro-Kernel", in Proc. IEEE Int. Symp. on Object Orientation in Operating Systems (IWOOOS'91), (Palo Alto, CA, USA), pp.68-73, 1991.

[92] P. A. Lcc, "A Reconsideration of the Recovery Block Scheme", Computer Journal, 21 (4), pp.306-1 0, 1978.

[93] P. A. Lee and T. Anderson, Fault Tolerance: Principles and practice, Dependable Computing and Fault-Tolerant Systems, Springer-Verlag, Vienna, 1990.

[94] B. Liskov, "Distributed Programming in Argus", Comm. ACM, 31 (3), pp.300-12, 1988.

232 Fault Tolerance

[95] F. Lombardi, "Optimal Redundancy Management of Multiprocessor Systems for Supercomputing Applications", in Proc. / st Int. Con! Supercomputing Systems, (Petersbourgh), pp.414-22, 1985.

[96] D. B. Lomet, "Process Structuring, Synchronization, and Recovery Using Atomic Actions", ACM SIGPLAN Notices, 12 (3), pp.128-37, 1977.

[97] P. R. Lorczak, A. K. Caglayan and D. E. Eckhardt, "A Theoretical Investigation of Generalized Voters for Redundant Systems", in Proc. 19th Int. Symp. Fault-Tolerant Computing (FTCS-/9), (Chicago, Illinois), pp.444-51, 1989.

[98] J. Losq, "A Highly Efficient Redundancy Scheme: Self-purging redundancy", IEEE Transactions on Computer, C-25 (6), pp.569-78, June 1976.

[99] P. Maes, "Concepts and Experiments in Computational Reflection", in Proc. Conj: on Ohject-Oriented Programming Systems, Languages and Applications (OOPSLA '87) (ACM SIGPLAN Notices, 22,10), pp.147-55, 1987.

[100] S. V. Makam, Design Study of Fault-Tolerant Computer to Execute N­Version Software, Ph. D. Dissertation, UCLA Computer Science Department, 1982.

[1011 S. V. Makam and A. Avizienis, "ARIES 81: A reliability and life-cycle evaluation tool for fault-tolerant systems", in Proc. 12th IEEE Int. Symp. on Fault- Tolerant Computing (FTCS-12), (Santa Monica, CA), pp.267 -74, 1982.

[102] M. Malek and 1. Maeng, "Partitioning of Large Multicomputer Systems for Efficient Fault Diagnosis", in Proc. 12nd Int. Symp. Fault-Tolerant Computing (FTCS-12), (Santa Monica), pp.341-6, 1982.

[1031 S. Matsuoka, T. Watanabe and A. Yonezawa, "Hybrid Group Reflective Architecture for Object-Oriented Concurrent Reflective Programming", in Proc. ECOOP'91, pp.213-50, Springer-Verlag, 1991.

[104] P. M. Melliar-Smith and B. Randell, "Software Reliability: The role of programmed exception handling", in Proc. Con! on Language Design For Reliahle Software (ACM SIGPLAN Notices, vol. 12, no. 3, March 1977), (Raleigh), pp.95-100, ACM, 1977.

[105] P. M. Merlin and B. Randell, "State Restoration in Distributed Systems", in Proc. 8th Int. Symp. Fault-Tolerant Computing (FTCS-8), (Toulouse), pp.129-34, IEEE Computer Society Press, 1978.

[106] B. Meyer, Ohject-Oriented Software Construction, Prentice Hall, 1988.

[1071 M. H. Mills, ''Predictably Dependable Military Computer-Based Systems (invited speech)", in 1st Workshop Predictahly Dependahle Computing Systems 2, (Toulouse), 1993.

[108] W. R. Moore and N. A. Haynes, "A Review of Synchronisation and Matching in Fault-Tolerant Systems", Proc. of the lEE, E-I31 (4), pp.119-24, July 1984.

References 233

[109] J. E. B. Moss, Nested Transactions: An approach to reliable distributed computing, MIT Press, 1985.

[110] S. J. Mullender, G. v. Rossum, A. S. Tanenbaum, R. v. Renesse and H. v. Staveren, "Amoeba: A distributed operating system for the 1990s", IEEE Computer, 23 (5), pp.44-53, May 1990.

[Ill] Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria, National Computer Security Center, Report WNCSC-TG-005, 1987.

[112] A. Paepcke, "PCLOS: Stress testing CLOS", in Proc. Con! on Object­Oriented Programming Systems, Languages and Applications (OOPSLA '90) (ACM SIGPLAN Notices), pp.194-21 I, 1990.

[113] A. Pages and M. Gondran, System Reliability: Evaluation and prediction in engineering, Springer-Verlag, New York, USA, 1986.

[114] D. Powell, "FauIt-Tolerance in Distributed Systems: Error assumptions and their importance", in Proc. Franco-Brazilian Seminar on Distributed Computing Systems, (Florianopolis, SC, Brazil), pp.36-43, Federal University of Santa Catarina, 1989 (In French).

[115] D. Powell, "DeIta-4: A generic architecture for dependable distributed computing", in Research Reports ESPRIT (Vol. 1) p.484, Springer-Verlag, Berlin, Germany, 1991.

[116] D. Powell, Fault Assumptions and Assumption Coverage, Esprit Project W3092 (PDCS: Predictably Dependable Computing Systems), Second Year Report, May 1991.

[117] D. Powell, "Failure Mode Assumptions and Assumption Coverage", in Proc. 22nd Int. Symp. on Fault-Tolerant Computing (FTCS-22), (Boston, MA, USA), pp.386-95, IEEE Computer Society Press, 1992.

[118] D. Powell, "Distributed Fault-Tolerance: Lessons learnt from Delta-4", in Hardware and Software Architecture for Fault Tolerance: Experiences and Perspectives (M. Baniitre and P. A. Lee, Eds.), Lecture Notes in Computer Science, 774, pp.199-217, New York: Springer Verlag, 1994.

[119] D. Powell, G. Bonn, D. Seaton, P. Verissimo and F.Waeselynck, "The Delta-4 Approach to Dependability in Open Distributed Computing Systems", in Proc. of the 18th Int. Symp. on Fault-Tolerant Computing (FTCS-I8), (Tokyo, Japan), pp. 246-51, IEEE Computer Society Press, 1988.

[120] F. P. Preparata, G. Metze and R. T. Chien, "On the Connection Assignment Problem of Diagnosable System", IEEE Transactions on Electronic Computers, EC-16, pp.848-54, December 1967.

[121] P. Puschner and C. Koza, "Calculating the Maximum Execution Time of Real-Time Programs", Real-Time Systems, I (2), pp.159-76, September 1989.

[122] J. P. Queille and J. Sifakis, "Fairness and Related Properties in Transition Systems: A temporal logic to deal with fairness", Acta Informatica, 19 (3), pp.195-220, 1983.

234 Fault Tolerance

[123] M. O. Rabin, "Efficient Dispersal ofInformation for Security, Load Balancing and Fault-Tolerance", Journal of the ACM, 36 (2), pp.335-48, April 1989.

[124] P. Ramanathan and K. G. Shin, "Checkpointing and Rollback Recovery in a Distributed System using a Common Time Base", in Proc. 7th Symp. ReI. Distrib. Syst., (Columbus), pp.13-21, 1988.

[125] B. Randell, "System Structure for Software Fault Tolerance", IEEE Trans. on Software Engineering, SE-I (2), pp.220-32, 1975.

[126] B. Randell, "Fault Tolerance and System Structuring", in Proc. 4th Jerusalem Con! on Information Technology, (Jerusalem), pp.182-91, 1984.

[127] B. Randell, "Design Fault Tolerance", in Proc. IFfP Symp. on The Evolution of Fault-Tolerant Computing, (A. Avizienis, H. Kopetz and J.-c. Laprie, Eds.), (Baden, Austria), Dependable Computing and Fault-Tolerant Systems, I, (A. Avizienis, H. Kopetz and J.-c. Laprie, Eds.), pp.25 1-70, Springer­Verlag, 1986.

[128] B. Randell and J. Xu, "Object-Oriented Software Fault Tolerance: Framework, reuse and design diversity", in 1st PDCS2 Open Workshop, (Toulouse, France), pp.165-84, 1993.

[129] B. Randell and J. Xu, "The Evolution of the Recovery Block Concept", in Software Fault Tolerance (M. Lyu, Ed.), Trends in Software, pp.I-22, J. Wiley, 1994.

[130] S. Rangarajan and D. Fussel, "A Probabilistic Method for Fault Diagnosis of Multiprocessor Systems", in Proc. 18th Int. Symp. on Fault- Tolerant Computing (FTCS-18), (Tokyo, Japan), pp.278-83, 1988.

[131] J. Reisinger, "Time Driven Operating Systems: A case study on the MARS Kernel", in Pmc. 5th ACM SIGOPS European Workshop, (Le Mont Saint­Michel, France), IRISAIINRIA-Rennes, 1992.

[I32J D. Rennels, "Fault-Tolerant Computing: Concept and examples", IEEE Transactions on Computers, C-33 (12), pp.1 I 16-29, December 1984.

[133] R. L. Rivest, L. Adelman and M. L. Dertouzos, "On Data Banks and Privacy Homomorphisms", in Foundations of Secure Computations (R. A. DeMilio, D. D. Dobkin, A. K. Jones and R. J. Lipton, Eds.), pp.169-79, Academic Press, 1978.

[134] L. Rodrigues and P. Verfssimo, "xAMp: A protocol suite for group communication", in Proc. I fth IEEE Int. Symp. on Reliable Distributed Systems (SRDS- JJ), pp.112-21, 1992.

[1351 M. Rozier, V. Abrossimov, F. Armand, I. Boule, M. Gien, M. Guillemont, F. Herrmann, C. Kaiser, S. Langlois, P. Leonard and W. Neuhauser,

Overview of the CHORUS® Distributed Operating Systems, Chorus Systemes, Report, WCS/TR-90-25, April 1990.

[136] C. M. F. Rubira-Calsavara and R. J. Stroud, "Forward and Backward Error Recovery in C++", Object-Oriented Systems, 1 (I), pp.61-85, 1994.

References 235

[137] D. L. Russell, "State Restoration in Systems of Communicating Processes", IEEE Trans. Soft. Eng., SE-6 (2), pp. I 83-94, 1980.

[138] D. L. Russell and M. J. Tiedeman, "Multiprocess Recovery using Conversations", in Proc. 9th Int. Symp. Fault-Tolerant Computing (FTCS-9), pp.1 06-9, IEEE Computer Society Press, 1979.

[139] c. H. Sauer, E. A. MacNair and J. F. Kurose, The Research Queueing Package Version 2: CMS users guide, IBM Thomas J. Watson Research Center Yorktown Heights, New York, Research Report, N°RA-139, 1982.

[140] R. D. Schlichting and F. B. Schneider, "Fail-Stop Processors: An approach to designing fault-tolerant computing systems", ACM Trans. on Computing Systems, I (3), pp.222-38, August 1983.

[141] M. E. Schmid, R. L. Trapp, A. E. Davidoff and G. M. Masson, "Upset Exposure by Means of Abstraction Verification", in Proc. 12th Int. Symp. Fault-Tolerant Computing (FTCS 12), (Santa Monica, CA), pp.237-44, IEEE Computer Society Press, 1982.

[142] F. B. Schneider, "Byzantine Generals in Action: Implementing fail-stop processors", ACM Transactions on Computer Systems, 2 (2), pp.145-54, May 1984.

[143] M. A. Schuette, J. P. Shen, D. P. Siewiorek and Y. X. Zhu, "Experimental Evaluation of Two Concurrent Error Detection Schemes", in Proc. 16th Int. Symp. on Fault-Tolerant Computing (FTCS- 16), (Vienna, Austria), pp.138-43, IEEE Computer Society Press, 1986.

[144] R. K. Scott, J. W. Gault and D. F. Mcallister, "The Consensus Recovery Block", in Proc. Total Sys. Reli. Symp., pp.74-85, 1985.

[145] R. K. Scott, J. W. Gault and D. F. McAllister, "Fault-Tolerant Software Reliability Modeling", IEEE Trans. Soft. Eng., SE-13 (5), pp.582-92, 1987.

[146] A. Shamir, "How to Share a Secret", Comm. ACM, 22 (II), pp.612-3, 1979.

[147] K. G. Shin and Y.-H. Lee, "Evaluation of Error Recovery Blocks used for Cooperating Processes", IEEE Trans. Soft. Eng., SE-IO (6), pp.692-700, 1984.

[148] S. K. Shrivastava and J.-P. Banatre, "Reliable Resource Allocation Between Unreliable Processes", IEEE Trans. Soft. Eng., SE-4 (3), pp.230-41, 1978.

[149] S. K. Shrivastava, G. N. Dixon and G. D. Parrington, "An Overview of the Arjuna Distributed Programming System", IEEE Software, 8 (I), pp.66-73, January 199 I.

[150] S. K. Shrivastava, P. D. EzhiJchelvan, N. A. Speirs, S. Tao and A. Tully, "Principal Features of the VOLT AN Family of Reliable Node Architectures for Distributed Systems", IEEE Transactions on Computers, 41 (5), pp.542-9, May 1992.

[151] D. P. Siewiorek and D. Johnson, "A Design Methodology", in Reliable Computer Systems - Design and Evaluation (D. P. Siewiorek and R. s. Swarz, Eds.), pp.739-67, Digital Press, Bedford, MA, USA, 1992.

236 Fault Tolerance

[152] B. C. Smith, "Reflection and Semantics in Lisp", in 11th Annual ACM Symposium on Principles of Programming Languages, pp.23-35, 1984.

[153] T. B. Smith, "High Performance Fault-Tolerant Real-Time Computer Architecture", in Proc. 16th Int. Symp. Fault-Tolerant Computing (FTCS-16). (Vienna, Austria), pp.14-9, IEEE Computer Society Press, 1986.

[154] N. A. Speirs and P. A. Barrett, "Using Passive Replicates in Delta-4 to Provide Dependable Distributed Computing", in Proc. 19th Int. Symp. on Fault-Tolerant Computing (FTCS-19). (Chicago, IL, USA), pp.184-90, IEEE Computer Society Press, 1989.

[155] A. Steininger and 1. Reisinger, "Integral Design of Hardware and Operating System for a DCCS", in Proc. 10th IFAC Workshop on Distributed Computer Control Systems. (Semmering, Austria), Pergamon Press, 1991.

[156] A. Steininger and H. Schweinzer, "Towards an Optimal Combination of Error Detection Mechanisms", in Proc. Euromicro 91: Hardware and Software Design Automation, (Vienna, Austria), pp.253-9, 1991.

[157] J. J. Stiffler, "Fault Coverage and the Point of Diminishing Returns", Journal of Design Automation and Fault-Tolerant Computing, 2 (4), pp.289-30 I, October 1978.

[158] R. J. Stroud, "Transparency and Ret1ection in Distributed Systems", A CM Operating Systems Review, 22 (2), pp.99-103, April 1993.

[159] B. Stroustrup, The C++ Programming Language, Addison Wesley, 1991.

[160] G. Sullivan and G. Masson, "Using Certification Trails to Achieve Software Fault Tolerance", in Proc. 20th Int. Symp. Fault-Tolerant Computing (FTCS-20). (Newcastle), pp.423-31, IEEE Computer Society Press, 1990.

[161] A. T. Tai, A. Avizienis and J. F. Meyer, "Evaluation of Fault-Tolerant Software: A performability modeling approach", in Dependable Computing for Critical Applications 3 (c. E. Landwehr, B. Randell and L. Simoncini, Eds.), 8, Dependable Computing and Fault-Tolerant Systems, CA. Avizienis, H. Kopetz and J. C. Laprie, Eds.), pp.113-35, Sprinter-Verlag, 1993.

[162J A. T. Tai, A. Avizienis and J. F. Meyer, "Performability Enhancement of Fault-Tolerant Software", IEEE Transactions on Reliability, Special Issue on Fault-Tolerant Software, R-42 (2), pp.227-37, June 1993.

[163] P. Traverse, "AIRBUS and ATR System Architecture and Specification", in Software Diversity in Computerized Control Systems (U. Voges, Ed.), Springer-Verlag, 1988.

[164] G. Trouessin, J.-c. Fabre and Y. Deswarte, "Reliable Processing of Confidential Information", in Proc. of the 7th Int. Coni on Computer Security, IFIPlSEC'91, (Brighton, UK), pp.210-21, 1991.

[165] P. Verfssimo, "Redundant Media Mechanisms for Dependable Communication in Token-Bus LANs", in Proc. 13th Local Computer Network Coni, (Minneapolis, MN, USA), pp.453-62, IEEE Computer Society Press, 1988.

References 237

[166] u. Voges (Ed.), Proc. IFfP Working Con! "Design Diversity in Action", Baden, Austria, June, 1986, 2, 1986.

[167] u. Voges (Ed.), Software Diversity in Computerized Control Systems, 2, Springer-Verlag, Wien, 1988.

[168] A. Vrchoticky, ModulaiR Language Definition, Technische Universitat Wien, Research Report, N°2/92, March 1992.

[169] W. E. Weihl and B. Liskov, "Implementation of Resilient, Atomic Data Types", ACM Trans. Programming Languages and Systems, 7 (2), pp.244-69, 1985.

[170] P. D. Welch, "The Statistical Analysis of Simulation Results", in Computer Performance Modeling Handbook (S. S. Lavenberg, Ed.), Academic Press, New York, 1982.

[171] 1. H. Wensley, L. Lamport, 1. Goldberg, M. W. Green, K. N. Levitt, P. M. Melliar-Smith, R. E. Shostack and C. B. Weinstock, "SIFT: The design and analysis of a fault-tolerant computer for aircraft control", Proc. IEEE, 66 (10), pp.1240-55. 1978.

[172] W. Wood, "A Decentralised Recovery Control Protocol", in P roc. 11th Int. Symp. Fault-Tolerant Computing (FTCS-J/), pp.159-64, IEEE Computer Society Press, 1981.

[173] 1. Xu, Fault Tolerance Based on System Diagnosis Techniques, University of Newcastle upon Tyne, PDCS Technical Report Series, N°69. May 1991.

[174] 1. Xu, "The t/(n-I )-Diagnosability and its Applications to Fault Tolerance", in Proc. 21st Int. Symp. on Fault-Tolerant Computing (FTCS-2/), (Montreal), pp.496-503, IEEE Computer Society Press, 1991.

[175] 1. Xu, A. Bondavalli and F. Di Giandomenico, Software Fault Tolerance: Dvnamic combination of dependability and efficiency, Univ. of Newcastle upon Tyne, Tech. Report, N°442, 1993.

[176] 1. Xu, B. Randell, A. Romanovsky, C. M. F. Rubira, R. 1. Stroud and Z. Wu, "Fault Tolerance in Concurrent Object-Oriented Software through Coordinated Error Recovery", in Proc. 25th Int. Symp. Fault-Tolerant Computing (FTCS-25), (Los Angeles), IEEE Computer Society Press, 1995.

[177] 1. Xu, B. Randell, C. M. F. Rubira and R. 1. Stroud, "Toward an Object­Oriented Approach to Software Fault Tolerance", in Fault-Tolerant Parallel and Distributed Systems (D. R. Avresky, Ed.), IEEE Computer Society Press, 1994.

lin] S. S. Yau and R. C. Cheung, "Design of Self-Checking Software", in Proc. Int. COil! on Reliable Software, (Los Angeles, CA, USA), pp.450-7, IEEE Computer Society Press. 1975.