An Approach to Preserving Sufficient Correctness in Open Resource Coalitions
Most software that most people use most of the time needs only moderate assurance of fitness for its intended purpose. Unlike high-assurance software, where the consequences of failure justify substantial investment in validation, everyday software is used in settings where deviations from normal behavior, including occasional degraded service or even failure, is tolerable. Unlike high-assurance software, which has been the subject of extensive scrutiny, everyday software has only meager support for determining how good it must be, for establishing whether a system is sufficiently correct, or for detecting and remedying abnormalities. The need for such techniques is particularly strong for software that takes the form of open resource coalitions -- loosely-coupled aggregations of independent distributed resources. In this paper we discuss the problem of determining fitness for purpose, introduce a model for detecting abnormal behavior, and describe some of the ways of dealing with abnormalities when they are detected.