  1. Anish Arora & Mohamed Gouda
  2. Closure and Convergence: A Foundation for Fault-Tolerant Computing
  3. IEEE Trans on Software Eng VSE-19n11(Nov 1993)pp1015-1027
  4. =THEORY guarded commands formal reliability
      closure is a safety property: If a fault occurs when the system is OK then (and even if faults continue) the system enters a larger set of states

      Convergence is a liveness property: If faults stop occuring then the system eventually reaches an OK state

      OK state = legal.

      atomic commitment (two-phase commit), data transfer, Byzantyne agreement, sliding window, delay insensitivity, impossible requirements, design methods.

