Summary: Preserving Liveness: Comments on ``Safety and
Liveness from a Methodological Point of View''
Mart'in Abadi \Lambda , Bowen Alpern y , Krzysztof R. Apt z , Nissim Francez x ,
Shmuel Katz x , Leslie Lamport \Lambda , and Fred B. Schneider --
January 9, 1991
revised June 26, 1991
Dederichs and Weber  define what it means for a property to be a
liveness property with respect to a safety property. They argue that a
specification should be written in the form P `` Q, where Q is a liveness
property with respect to the safety property P . They also criticize Alpern
and Schneider's general definitions of safety and liveness :
Alpern and Schneider's characterizations are problematic, since
they permit a certain kind of anomaly.
The anomaly is that a liveness property, which should constrain only infinite
behavior, can implicitly rule out some finite behaviors.
Dederichs and Weber's definition is not new. Such a pair P , Q of prop
erties was called machine closed by Abadi and Lamport , who explained
that one tries to write liveness properties that ``[do] not rule out any finite
behavior.'' The same idea was introduced independently by Apt, Francez,
and Katz , who defined a fairness condition for a programming language