Automated Formal Verification of the TTEthernet Synchronization Quality

Clock synchronization is the foundation of distributed realtime architectures such as the Timed-Triggered Architecture. Maintaining the local clocks synchronized is particularly important for fault tolerance, as it allows one to use simple and effective fault-tolerance algorithms that have been developed in the synchronous system model. Clock synchronization algorithms have been extensively studied since the 1980s, and many fundamental results have been established. Traditionally, the correctness of a new clock synchronization algorithm is shown by reduction to these results. Until now, formal proofs of correctness all relied on interactive theorem provers such as PVS or Isabelle/ HOL. In this paper, we present an automated proof of the TTEthernet clock-synchronization algorithm that is based on the SAL model checker.

[1]  Bruno Dutertre,et al.  SMT-Based Formal Verification of a TTEthernet Synchronization Function , 2010, FMICS.

[2]  Yassine Lakhnech,et al.  Formal Techniques, Modelling and Analysis of Timed and Fault-Tolerant Systems , 2004, Lecture Notes in Computer Science.

[3]  Joost-Pieter Katoen,et al.  A probabilistic extension of UML statecharts: Specification and Verification. , 2002 .

[4]  Damián Barsotti,et al.  Verification of clock synchronization algorithms: experiments on a combination of deductive tools , 2007, Formal Aspects of Computing.

[5]  M.R. Malekpour,et al.  Verification of a Byzantine-Fault-Tolerant Self-Stabilizing Protocol for Clock Synchronization , 2008, 2008 IEEE Aerospace Conference.

[6]  Hermann Kopetz,et al.  The time-triggered architecture , 1998, Proceedings First International Symposium on Object-Oriented Real-Time Distributed Computing (ISORC '98).

[7]  Lee Pike,et al.  Modeling Time-Triggered Protocols and Verifying Their Real-Time Schedules , 2007, Formal Methods in Computer Aided Design (FMCAD'07).

[8]  Fred B. Schneider,et al.  Understanding Protocols for Byzantine Clock Synchronization , 1987 .

[9]  H. Pfeifer,et al.  Formal verification for time-triggered clock synchronization , 1999, Dependable Computing for Critical Applications 7.

[10]  John Rushby,et al.  Formal Verification of the Interactive Convergence Clock Synchronization Algorithm using EHDM , 1989 .

[11]  Mahyar R. Malekpour,et al.  A Byzantine-Fault Tolerant Self-stabilizing Protocol for Distributed Clock Synchronization Systems , 2006, SSS.

[12]  Harald Ruess,et al.  Bounded Model Checking and Induction: From Refutation to Verification (Extended Abstract, Category A) , 2003, CAV.

[13]  Bruno Dutertre,et al.  Modeling and Verification of a Fault-Tolerant Real-Time Startup Protocol Using Calendar Automata , 2004, FORMATS/FTRTFT.

[14]  Nancy A. Lynch,et al.  An Upper and Lower Bound for Clock Synchronization , 1984, Inf. Control..

[15]  Friedrich W. von Henke,et al.  Mechanical Verification of Clock Synchronization Algorithms , 1998, FTRTFT.

[16]  S Miner Paul,et al.  Verification of Fault-Tolerant Clock Synchronization Systems , 2003 .

[17]  Natarajan Shankar Mechanical Verification of a Generalized Protocol for Byzantine Fault Tolerant Clock Synchronization , 1992, FTRTFT.