Formal Veriication of a Tdma Protocol Startup Mechanism

In this paper we presents a formal analysis of the start-up algorithm of the DACAPO protocol. The protocol uses TDMA (Time Division Multiple Access) bus arbitration. It is checked that a system of four communicating stations becomes synchronised and operational within a bounded time from an arbitrary initial state. The system model allows a clock drift corresponding to 10 3. The protocol is modeled as a network of timed automata, and analysis is performed using the symbolic model-checking tool Uppaal.

[1]  H. Lonn,et al.  Synchronisation in safety-critical distributed control systems , 1995, Proceedings 1st International Conference on Algorithms and Architectures for Parallel Processing.

[2]  Joseph Sifakis,et al.  Using Abstractions for the Verification of Linear Hybrid Systems , 1994, CAV.

[3]  Kim Guldstrand Larsen,et al.  Model Checking via Reachability Testing for Timed Automata , 1997 .

[4]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[5]  Ozalp Babaoglu,et al.  Almost) No Cost Clock Synchronization , 1986 .

[6]  Hermann Kopetz,et al.  Should Responsive Systems be Event-Triggered or Time-Triggered ? , 1993 .

[7]  Conrado Daws,et al.  Two examples of verification of multirate timed automata with Kronos , 1995, Proceedings 16th IEEE Real-Time Systems Symposium.

[8]  Arne Skou,et al.  Modelling and analysis of a collision avoidance protocol using Spin and Uppaal , 1996, The Spin Verification System.

[9]  J. Torin,et al.  DACAPO: a distributed computer architecture for safety-critical control applications , 1995, Proceedings of the Intelligent Vehicles '95. Symposium.