Sustaining Property Verification of Synchronous Dependable Protocols Over Implementation

It is often considered that a protocol that has been verified for its dependability properties at the protocol level maintains these proven properties over its implementation. Focusing on synchronous protocols, we demonstrate that this assumption can easily be fallacious. We utilize the example of an existing formally verified diagnostic protocol as implemented onto the targeted time-triggered architecture (TTA). The cause is identified as the overlap mismatch across the computation and communication phases in TTA, which does not match the system assumptions of the protocol. To address this mismatch problem, we develop the concept of a generic alignment (co-ordination) layer to implement the desired communication assumptions. The verification of this layer ensures that the formally proved properties of a protocol also hold over their varied implementation.

[1]  Ingo Stürmer,et al.  Systematic Testing of Model-Based Code Generators , 2007, IEEE Transactions on Software Engineering.

[2]  H. Pfeifer,et al.  Formal verification for time-triggered clock synchronization , 1999, Dependable Computing for Critical Applications 7.

[3]  Neeraj Suri,et al.  Formally Verified On-Line Diagnosis , 1997, IEEE Trans. Software Eng..

[4]  Nancy A. Lynch,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[5]  Stephan Merz,et al.  Specifying and Verifying Fault-Tolerant Systems , 1994, FTRTFT.

[6]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[7]  David S. Rosenblum,et al.  A historical perspective on runtime assertion checking in software development , 2006, SOEN.

[8]  Narayanan Vijaykrishnan,et al.  Improving soft-error tolerance of FPGA configuration bits , 2004, ICCAD 2004.

[9]  John M. Rushby,et al.  Systematic Formal Verification for Fault-Tolerant Time-Triggered Algorithms , 1999, IEEE Trans. Software Eng..

[10]  R. L. Pease,et al.  An observation of proton-induced latchup (in CMOS microprocessor) , 1992 .

[11]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[12]  Chris J. Walter,et al.  The MAFT Architecture for Distributed Fault Tolerance , 1988, IEEE Trans. Computers.

[13]  Michael Paulitsch,et al.  An investigation of membership and clique avoidance in TTP/C , 2000, Proceedings 19th IEEE Symposium on Reliable Distributed Systems SRDS-2000.

[14]  Luigi Carro,et al.  Reducing pin and area overhead in fault-tolerant FPGA-based designs , 2003, FPGA '03.

[15]  Neeraj Suri,et al.  A Tunable Add-On Diagnostic Protocol for Time-Triggered Systems , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).

[16]  Mohamed G. Gouda,et al.  Correct implementation of network protocols , 2004 .

[17]  Hermann Kopetz,et al.  The time-triggered architecture , 2003 .

[18]  Håkan Sivencrona,et al.  Byzantine Fault Tolerance, from Theory to Reality , 2003, SAFECOMP.

[19]  S. Crain,et al.  Analog and digital single-event effects experiments in space , 2001 .