FAIL-STOP COMPONENTS BY PATTERN MATCHING Tomasz Janowski and Wojciech I. Mostowski* The United Nations University International Institute for Software Technology P. O. Box 3058, Macau, China {tj,wim}<1liist.unu.edu Abstract We describe an approach to formally specify object-based software com- ponents, in order to be able to automatically check their behavior at run-time. The specification is a regular expression built from the propo- sitions about the states (or pairs of states) of a component. Checking is done by a specification-generated wrapper, which pro duces a fail-stop component from a component which fails in an arbitrary way. The wrapper-generator is implemented for a subset of Java classes. We ar- gue that specification-based error-detection is particularly suitable for the components of open, object-based distributed systems. Keywords: Formal specifications, run-time checking, component wrapping, appli- cation generators, correctness by construction, fault-tolerance. 1. INTRODUCTION Open object-based distributed systems challenge the traditional ways of applying formal methods via specification and proof. One of the prob- lems is the large number of the components involved, which are partly decided at compile-time (static invocation) and partly at run-time (dy- namic invocation). Another problem is having to rely on the vendor's claims about correctness of individual components, without being able (lacking the implement at ion details) to verify such claims ourselves. Yet another is expressing component specifications in an interface defini- tion language, which describe how to communicate with a component (syntactic level), but not the expected results of such communication (semantics). Such problems make static verification difficult, at best. "Institute of Mathematics, University of Gdarisk, Poland. S. F. Smith et al. (eds.), Formal Methods for Open Object-Based Distributed Systems IV © International Federation for Information Processing 2000