Fundamental principle

TOF, a nondeterminism culprit, introduces new define-use relations between W and R beyond traditional concurrency.

TOF bug categorization

• W_Crash: W from¹ the crash node
• R_Regular: R from¹ a non-crash node
• R_Recovery: R from¹ the recovery node

Crash-regular TOF bugs

• How can TOF determine the content consumed by R_Regular?
  • R_Regular happens-before W_Crash?
  • W_Crash happens-before R_Regular?
  • W_Crash concurrent with R_Regular?
• Fault-tolerant mechanism: timeout

Crash-recovery TOF bugs

• The content consumed by R_Recovery is completely determined by TOF.
• Fault-tolerance mechanisms: sanity check and data overwrite