1 Introduction In this paper we describe a novel and powerful technique for achieving fault tolerance in systems. Although applicable to both hardware and software implementation, we restrict our discussion of this technique to implementation in software. To explain our technique, we will first discuss a simpler method. In this method the specification of a problem is given and an algorithm to solve it is constructed. This algorithm is executed on a particular input and the output is stored. Next, the same algorithm is executed again on the same input and the output is compared to the earlier output. If the outputs differ then an error is indicated, otherwise the output is accepted as correct. This method requires additional time, so called time

We report on the use of program checking in the LEDA library of efficient data types and algorithms.

Two-Stage Programming (2sp) is an experimental programming language, the first implementation of the Specification-Consistent Coordination Model (SCCM). The SCCM proposes a new, mixed-paradigm (functional/imperative) approach to developing reliable programs based on complete run-time checking of computations with respect to a given specification. A 2sp program consists of a functional specification and an imperative coordination tightly connected to the specification. The coordination maps the specification to an imperative and possibly parallel/distributed program. Normal termination of a 2sp program execution implies the correctness of the computed results with respect to the specification, for that execution. We present the basic features of the SCCM/2sp, a new message-passing system of 2sp with integrated run-time checking, and a larger case study. We show that 2sp provides: functional specifications, specification-consistent imperative coordinations, automatic run-time ...

A certifying algorithm is an algorithm that produces, with each output, a certificate or witness (easy-to-verify proof) that the particular output has not been compromised by a bug. A user of a certifying algorithm inputs x, receives the output y and the certificate w, and then checks, either manually or by use of a program, that w proves that y is a correct output for input x. In this way, he/she can be sure of the correctness of the output without having to trust the algorithm. We put forward the thesis that certifying algorithms are much superior to non-certifying algorithms, and that for complex algorithmic tasks, only certifying algorithms are satisfactory. Acceptance of this thesis would lead to a change of how algorithms are taught and how algorithms are researched. The widespread use of certifying algorithms would greatly enhance the reliability of algorithmic software. We survey the state of the art in certifying algorithms and add to it. In particular, we start a