Modeling and Verification of TTCAN Startup Protocol Using Synchronous Calendar

We describe the modeling and verification of TTCAN startup protocol using SAL model checker. For the modeling purposes we propose a new modeling framework called Synchronous Calendar which can be seen as an adaptation of Calendar based models introduced by Duterte and Sorea. A Synchronous Calendar can express dense time systems without relying on continuously varying clocks and supports synchronous message transmission. We capture both fault-free and fault-tolerant aspects of startup algorithm of TTCAN in two different models and verify the safety and liveness properties for them. Our verification technique relies on induction and abstraction methods which are supported by SAL model checker. To our knowledge this is the first work towards a formal analysis of TTCAN startup protocol.

[1]  Russell Schechter,et al.  Introduction to Simulation and SLAM , 1979 .

[2]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[3]  César Muñoz,et al.  An Overview of SAL , 2000 .

[4]  Steven D. Johnson,et al.  The formal verification of a reintegration protocol , 2005, EMSOFT.

[5]  Ashish Tiwari,et al.  Sal 2 , 2004, CAV.

[6]  Darren D. Cofer,et al.  Modeling the ASCB-D Synchronization Algorithm with SPIN: A Case Study , 2000, SPIN.

[7]  Hermann Kopetz,et al.  The time-triggered model of computation , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[8]  Bruno Dutertre,et al.  Modeling and Verification of a Fault-Tolerant Real-Time Startup Protocol Using Calendar Automata , 2004, FORMATS/FTRTFT.

[9]  John M. Rushby Verification Diagrams Revisited: Disjunctive Invariants for Easy Verification , 2000, CAV.

[10]  Holger Zeltwanger,et al.  Time-Triggered Communication on CAN , 2002 .

[11]  T. Führer,et al.  Time Triggered Communication on CAN ( Time Triggered CAN-TTCAN ) , 2000 .

[12]  Maria Sorea,et al.  Model checking a fault-tolerant startup algorithm: from design exploration to exhaustive fault simulation , 2004, International Conference on Dependable Systems and Networks, 2004.

[13]  Thomas Führer,et al.  The Steer-By-Wire Prototype Implementation: Realizing Time Triggered System Design, Fail Silence Behavior and Active Replication with Fault-Tolerance Support , 1999 .

[14]  Alan J. Mayne,et al.  Introduction to Simulation and SLAM , 1979 .

[15]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[16]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[17]  Bruno Dutertre,et al.  Timed Systems in SAL , 2004 .