Abstract
We present an automated technique that combines fault injection with model checking to verify fault tolerance, recoverability, and diagnosability in multi-agent systems. We define a general method for mutating a multi-agent systems model representing correct behaviour by injecting faults into it, and specification patterns based on temporal-epistemic formulas to reason about the correct and faulty behaviours of the mutated model. The technique is implemented in a toolkit that can be used for injecting automatically faults into a multi-agent systems program. The usefulness of the methodology is demonstrated by injecting a number of faults into a model of the IEEE 802.5 token ring LAN protocol and analysing the protocol's fault tolerance, by verifying a number of temporal-epistemic specifications.
Highlights
The multi-agent systems (MAS) paradigm [1] has been employed successfully in several disciplines studying systems whose core components, or agents, autonomously interact with one another, engaging in communication, negotiation, coordination, etc
In the previous sections we have introduced a taxonomy of specifications for reasoning about faults, recovery, and diagnosability in the context of temporal-epistemic specifications for MAS
This has formed the backbone of a methodology for model mutation that allows to take any MAS model programmed in ISPL and inject faults automatically into it through a toolkit thereby obtaining an updated model representing the faulty behaviour under analysis
Summary
The multi-agent systems (MAS) paradigm [1] has been employed successfully in several disciplines studying systems whose core components, or agents, autonomously interact with one another, engaging in communication, negotiation, coordination, etc. Techniques that allow automation when injecting faults into the system model are attractive to non-experts in verification due to the high level of usability implied by the automatic nature of both the fault injection and the verification process [9] Due to their modelling formalisms and sole support of temporal logic [18] as a specification language, these tools are not directly applicable for verifying MAS since their specifications involve rich, AI-based primitives, such as knowledge, beliefs, desires and intentions. The mutated model is verified against temporal-epistemic specifications to reason about the correct and faulty behaviours of the MAS, in order to assess properties of fault tolerance, recoverability, and diagnosability.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
