Menu
Home
People
Places
Arts
History
Plants & Animals
Science
Life & Culture
Technology
Reference.org
Safety and liveness properties
open-in-new
<p>Properties of an execution of a computer program—particularly for <a href="/facts/Concurrent_system/Ctnrrq4A">concurrent</a> and <a href="/facts/Distributed_system/o5nyhqTF">distributed systems</a>—have long been formulated by giving safety properties ("bad things don't happen") and liveness properties ("good things do happen"). </p><p>A program is <a href="/facts/Total_correctness/m4yxw3gw">totally correct</a> with respect to a <a href="/facts/Precondition/dWbBdG2e">precondition</a> P {\displaystyle P} and <a href="/facts/Postcondition/4tF1Havd">postcondition</a> Q {\displaystyle Q} if any execution started in a state satisfying P {\displaystyle P} terminates in a state satisfying Q {\displaystyle Q} . Total correctness is a conjunction of a safety property and a liveness property: </p> <ul><li>The safety property prohibits these "bad things": executions that start in a state satisfying P {\displaystyle P} and terminate in a final state that does not satisfy Q {\displaystyle Q} . For a program C {\displaystyle C} , this safety property is usually written using the <a href="/facts/Hoare_logic/UoMg08wo">Hoare triple</a> { P } C { Q } {\displaystyle \{P\}C\{Q\}} .</li> <li>The liveness property, the "good thing", is that execution that starts in a state satisfying P {\displaystyle P} terminates.</li></ul> <p>Note that a <i>bad thing</i> is discrete, since it happens at a particular place during execution. A "good thing" need not be discrete, but the liveness property of termination is discrete. </p><p>Formal definitions that were ultimately proposed for safety properties and liveness properties demonstrated that this decomposition is not only intuitively appealing but is also complete: all properties of an execution are a conjunction of safety and liveness properties. Moreover, undertaking the decomposition can be helpful, because the formal definitions enable a proof that different methods must be used for verifying safety properties versus for verifying liveness properties. </p>