Model Checking the FlexRay Startup Phase

The FlexRay protocol is an upcoming standard in automotive industry. Its specification is finalised and maintained by ISO. It is a time-triggered protocol that uses a fault-tolerant clock synchronisation mechanism. During a startup phase that should be resilient to certain faults, the clocks in the network are synchronised and the protocol is initialised. This paper presents a model of the startup phase of the protocol in the mCRL2 modelling language, and shows how model checking techniques can be used to check that the startup protocol fulfills the requirements. A previously unknown scenario is uncovered in which a single failing node can cause another node, or even the entire network, not to start up.

[1]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[2]  Jaco van de Pol,et al.  1 Motivation : A Modular , High-Performance Model Checker , 2010 .

[3]  Manfred Broy,et al.  On the correctness of upper layers of automotive systems , 2008, Formal Aspects of Computing.

[4]  Nancy A. Lynch,et al.  A New Fault-Tolerance Algorithm for Clock Synchronization , 1988, Inf. Comput..

[5]  Nancy A. Lynch,et al.  A new fault-tolerant algorithm for clock synchronization , 1984, PODC '84.

[6]  Bo Zhang On the Formal Verification of the FlexRay Communication Protocol , 2006 .

[7]  Jan Friso Groote,et al.  Dogfooding the structural operational semantics of mCRL2 , 2011 .

[8]  Maria Spichkova,et al.  Towards Modularized Verification of Distributed Time-Triggered Systems , 2006, FM.

[9]  Jan Friso Groote,et al.  The mCRL2 toolset , 2008 .

[10]  Maria Spichkova FlexRay: Verifikation of the FOCUS Specification in Isabelle/HOL. A Case Study , 2006 .

[11]  Jan Friso Groote,et al.  Analysis of distributed systems with mCRL2 , 2008 .

[12]  Damián Barsotti,et al.  Verification of clock synchronization algorithms: experiments on a combination of deductive tools , 2007, Formal Aspects of Computing.

[13]  Kamal Gupta,et al.  Towards a Combination of Heterogeneous Deductive Tools for System Verification , 2005 .

[14]  Jan Friso Groote,et al.  Verification of Temporal Properties of Processes in a Setting with Data , 1998, AMAST.

[15]  Jiří Novák,et al.  VERIFICATION OF FLEXRAY START-UP MECHANISM BY TIMED AUTOMATA , 2010 .

[16]  Michael Alexander,et al.  Process Algebra for Parallel and Distributed Processing , 2008 .

[17]  Bo Zhang Specifying and Verifying Timing Properties of a Time-triggered Protocol for In-vehicle Communication , 2008, 2008 Ninth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing.

[18]  Sjoerd Cranen,et al.  Stuttering Mostly Speeds Up Solving Parity Games , 2011, NASA Formal Methods.

[19]  Manfred Broy,et al.  Specification and development of interactive systems: focus on streams, interfaces, and refinement , 2001 .

[20]  Maria Spichkova,et al.  FlexRay und FTCom: Formale Spezifikation in Focus , 2006 .

[21]  Pjl Pieter Cuijpers,et al.  Queue merge : a binary operator for modeling queueing behavior , 2009 .

[22]  Maria Spichkova UPCOMING AUTOMOTIVE STANDARDS FOR FAULT-TOLERANT COMMUNICATION: FLEXRAY AND OSEKTIME FTCOM. , 2006 .

[23]  Petru Eles,et al.  Timing analysis of the FlexRay communication protocol , 2006, 18th Euromicro Conference on Real-Time Systems (ECRTS'06).