An assertional correctness proof of a self-stabilizing /spl lscr/-exclusion algorithm

A formal correctness proof of a self-stabilizing lscr-exclusion algorithm (SLEX) is described. The analyzed algorithm is an improvement of the SLEX due to Abraham, Dolev, Herman, and Koll, since our version satisfies a stronger liveness property. The proof is formulated in linear-time temporal logic and utilizes a history variable to model access to regular registers. The proof consists of a safety part and a liveness part. Our analysis provides some new insight in the correctness of the algorithm: (1) our proof is constructive. That is, we explicitly formulate auxiliary quantities required to establish some of the properties. This contrasts with the operational arguments of Abraham et al., where many quantities are not explicitly formulated and the validity of the above mentioned properties are established by disproving their non-existence. (2) We characterize processes (and their minimum number) identified by some process as attempting to enter the critical section. (3) A novel proof rule for reasoning about programs in the presence of disabled processes is presented to structure the liveness proof