Distributed applications can fail in subtle ways that depend on the state of multiple parts of a system. This complicates the validation of such systems via fault injection, since it suggests that faults should be injected based on the global state of the system. In Loki, fault injection is performed based on a partial view of the global state of a distributed system, i.e., faults injected in one node of the system can depend on the state of other nodes. Once faults are injected, a post-runtime analysis, using off-line clock synchronization, is used to place events and injections on a single global timeline and to determine whether the intended faults were properly injected. Finally, experiments containing successful fault injections are used to estimate the specified measures. In addition to reviewing briefly the concepts behind Loki and its organization, we detail Loki’s user interface. In particular, we describe the graphical user interfaces for specifying state machines and fa...
Ramesh Chandra, Ryan M. Lefever, Michel Cukier, Wi