PROBING AND FAULT INJECTION OF DEPENDABLE DISTRIBUTED PROTOCOLS

Ensuring that a distributed system with strict dependability constrain ts meets its prescribed specification is a growing challenge that conf ronts software developers and system engineers. This paper presents a technique for probing and fault injection of fault-tolerant distribute d protocols. The proposed technique, called script-driven probing and fault injection, can be used for studying the behaviour of distributed systems and for detecting design and implementation errors of fault-t olerant protocols. The focus of this work is on fault injection techni ques that can be used to demonstrate three aspects of a target protoco l: detection of design or implementation errors; identification of vio lations of protocol specifications; and insight into design decisions made by the implementers. The emphasis of our approach is on experimen tal techniques intended to identify specific ''problems'' in a protoco l or its implementation rather than the evaluation of system dependabi lity through statistical metrics such as fault coverage. To demonstrat e the capabilities of this technique, the paper describes a probing an d fault injection toot, called the PFI tool (probe/fault injection too l), and a summary of several extensive experiments that studied the be haviour of two protocols: the Transmission Control Protocol (TCP) and a group membership protocol (GMP).