On Using Abstractions to Model Check an On-line Diagnostic Protocol

Distributed diagnostic protocols face the challenges posed by current rise in transient fault rates. The issue of discriminating between transient and intermittent faults becomes essential to avoid unnecessary isolations which reduce system resiliency and thus reliability. This issue can be solved using proper count and threshold mechanisms [1], that expect underlying diagnostic protocols to eventually detect not only permanent but also transient faults. We outline the model checking approach we developed to assess a synchronous frame based diagnostic protocol similar to the DD protocol presented in [2]. In that paper the formal verification of the protocol is done assuming all faults to be permanent. Instead, we proved that the protocol guarantees the desired properties, without posing constraints on the fault duration, as long as the necessary conditions to ensure consensus are met. To solve the state explosion problem we faced on the original state-based model, we exploited the symmetry of the problem to introduce a sound abstracted model with a significantly reduced state space.1 It was in fact sufficient to model only one single correct node instead of the whole set.