Book Description

In 1987, Schneider presented a general paradigm that provides a single proof of a number of fault tolerant clock synchronization algorithms. His proof was subsequently subjected to the rigor of mechanical verification by Shankar. However, both Schneider and Shankar assumed a condition Shankar refers to as a bounded delay. This condition states that the elapsed time between synchronization events (i.e., the time that the local process applies an adjustment to its logical clock) is bounded. This property is really a result of the algorithm and should not be assumed in a proof of correctness. This paper remedies this by providing a proof of this property in the context of the general paradigm proposed by Schneider. The argument given is a generalization of Welch and Lynch's proof of a related property for their algorithm. Miner, Paul S. Langley Research Center...