A Language Support for Exhaustive Fault-Injection in Message-Passing System Models
This provides a tool for researchers and engineers to more easily verify fault-tolerant distributed systems, though it is incremental as it builds on existing verification methods.
The paper tackles the problem of verifying adaptive distributed systems by introducing a modeling language, Sandal, that abstracts faults like process termination and message loss, enabling automatic exhaustive fault-injection without manual specification. It demonstrates this by verifying a two-phase commit protocol model under faulty conditions.
This paper presents an approach towards specifying and verifying adaptive distributed systems. We here take fault-handling as an example of adaptive behavior and propose a modeling language Sandal for describing fault-prone message-passing systems. One of the unique mechanisms of the language is a linguistic support for abstracting typical faults such as unexpected termination of processes and random loss of messages. The Sandal compiler translates a model into a set of NuSMV modules. During the compilation process, faults specified in the model will be woven into the output. One can thus enjoy full-automatic exhaustive fault-injection without writing faulty behaviors explicitly. We demonstrate the advantage of the language by verifying a model of the two-phase commit protocol under faulty environment.