Real-Time System Verification by k-Induction

We report the first formal verification of a reintegration protocol for a safety-critical, fault-tolerant, real-time distributed embedded system. A reintegration protocol increases system survivability by allowing a node that has suffered a fault to regain state consistent with the operational nodes. The protocol is verified in the Symbolic Analysis Laboratory (SAL), where bounded model checking and decision procedures are used to verify infinite-state systems by k-induction. The protocol and its environment are modeled as synchronizing timeout automata. Because kinduction is exponential with respect to k, we optimize the formal model to reduce the size of k. Also, the reintegrator’s event-triggered behavior is conservatively modeled as time-triggered behavior to further reduce the size of k and to make it invariant to the number of nodes modeled. A corollary is that a clique avoidance property is satisfied.

[1]  RushbyJohn Systematic Formal Verification for Fault-Tolerant Time-Triggered Algorithms , 1999 .

[2]  Holger Pfeifer,et al.  Formal analysis of fault tolerant algorithms in the time-triggered architecture , 2003 .

[3]  Jerry Banks,et al.  Discrete Event Simulation , 2002, Encyclopedia of Information Systems.

[4]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[5]  Donal Heffernan,et al.  Expanding Automotive Electronic Systems , 2002, Computer.

[6]  Sandip Ray,et al.  Proof Styles in Operational Semantics , 2004, FMCAD.

[7]  Mahyar R. Malekpour,et al.  A conceptual design for a Reliable Optical Bus (ROBUS) , 2002, Proceedings. The 21st Digital Avionics Systems Conference.

[8]  Thomas A. Henzinger,et al.  HYTECH: a model checker for hybrid systems , 1997, International Journal on Software Tools for Technology Transfer.

[9]  Alfons Geser,et al.  Abstractions for Fault-Tolerant Distributed System Verification , 2004, TPHOLs.

[10]  Günter Grünsteidl,et al.  TTP - A Protocol for Fault-Tolerant Real-Time Systems , 1994, Computer.

[11]  Natarajan Shankar,et al.  Experiments in Theorem Proving and Model Checking for Protocol Verification , 1996, FME.

[12]  Stavros Tripakis,et al.  The Tool KRONOS , 1996, Hybrid Systems.

[13]  Natarajan Shankar,et al.  Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[14]  Bruno Dutertre,et al.  Timed Systems in SAL , 2004 .

[15]  Martín Abadi,et al.  An old-fashioned recipe for real time , 1994, TOPL.

[16]  Niklas Sörensson,et al.  Temporal induction by incremental SAT solving , 2003, BMC@CAV.

[17]  John M. Rushby,et al.  An Overview of Formal Verification for the Time-Triggered Architecture , 2002, FTRTFT.

[18]  John M. Rushby Verification Diagrams Revisited: Disjunctive Invariants for Easy Verification , 2000, CAV.

[19]  Natarajan Shankar,et al.  The ICS Decision Procedures for Embedded Deduction , 2004, IJCAR.

[20]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[21]  John M. Rushby,et al.  Bus Architectures for Safety-Critical Embedded Systems , 2001, EMSOFT.

[22]  Zohar Manna,et al.  Temporal Verification Diagrams , 1994, TACS.

[23]  César Muñoz,et al.  An Overview of SAL , 2000 .

[24]  Alfons Geser,et al.  A Unified Fault-Tolerance Protocol , 2004, FORMATS/FTRTFT.

[25]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[26]  Michael Paulitsch,et al.  An investigation of membership and clique avoidance in TTP/C , 2000, Proceedings 19th IEEE Symposium on Reliable Distributed Systems SRDS-2000.