An Overview of Formal Verification for the Time-Triggered Architecture

Rushby, John

doi:10.1007/3-540-45739-9_7

Cited by 38 publications

(27 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In comparison, PharOS imposes fewer static constraints on when tasks are scheduled, and it is designed to run on off-the-shelf hardware without a specific, deterministic communication substrate. TTA has also been the object of formal verification using the PVS proof assistant [14,15]. In contrast to our work, which focuses on a high-level property of the execution model, these proofs focus on algorithms that underly the implementations of mechanisms such as clock synchronization or group membership.…”

Section: Resultsmentioning

confidence: 99%

Proving Determinacy of the PharOS Real-Time Operating System

Azaiez

Doligez

Lemerre

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Executions in the PharOS real-time system are deterministic in the sense that the sequence of local states for every process is independent of the order in which processes are scheduled. The essential ingredient for achieving this property is that a temporal window of execution is associated with every instruction. Messages become visible to receiving processes only after the time window of the sending message has elapsed. We present a high-level model of PharOS in TLA + and formally state and prove determinacy using the TLA + Proof System.

show abstract

Section: Resultsmentioning

confidence: 99%

Proving Determinacy of the PharOS Real-Time Operating System

Azaiez

Doligez

Lemerre

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In the context of automation of addition of fault-tolerance, the theory has been exploited in [6,7,11,15,17]. In the context of verification, simplified versions of this theory are applied in verification of time-triggered architectures [19]. It has also been used in software verification through separation of concerns [18].…”

Section: Related Workmentioning

confidence: 99%

Disassembling real-time fault-tolerant programs

Bonakdarpour

Kulkarni

Arora

2008

Proceedings of the 8th ACM International Conference on Embedded Software

View full text Add to dashboard Cite

We focus on decomposition of hard-masking real-time faulttolerant programs (where safety, timing constraints, and liveness are preserved in the presence of faults) that are designed from their fault-intolerant versions. Towards this end, motivated by the concepts of state predicate detection and state predicate correction, we identify three types of faulttolerance components, namely, detectors, weak δ-correctors, and strong δ-correctors. We show that any hard-masking program can be decomposed into its fault-intolerant version plus a collection of detectors, and, weak and strong δ-correctors. We argue that such decomposition assists in providing assurance about dependability and timepredictability of embedded systems.

show abstract

“…Rushby gives an overview of the formal verification of the Time-Triggered Architecture [24] in [23] and also gives formal correctness proofs for some key algorithms, e.g. a clock synchronization algorithm based on the Welch-Lynch algorithm [30].…”

Section: Related Workmentioning

confidence: 99%

An approach to the pervasive formal specification and verification of an automotive system

Rieden

Knapp

2005

Proceedings of the 10th International Workshop on Formal Methods for Industrial Critical Systems

View full text Add to dashboard Cite

The Verisoft project aims at the pervasive formal verification of entire computer systems. In particular, the verification of functional and timing properties of the Automotive System is attempted. This is a distributed system, whose components consist of hardware (processor and devices), a real-time operating system, and applications. In this paper we give an overview of the system architecture and its industrial relevance. We will discuss in detail the model layers from the hardware up to a computational model for concurrent user processes interacting with a generic microkernel written in C. This is work in progress, so we will report on its current status, our goals and the next steps we want to take.

show abstract

An Overview of Formal Verification for the Time-Triggered Architecture

Cited by 38 publications

References 60 publications

Proving Determinacy of the PharOS Real-Time Operating System

Proving Determinacy of the PharOS Real-Time Operating System

Disassembling real-time fault-tolerant programs

An approach to the pervasive formal specification and verification of an automotive system

Contact Info

Product

Resources

About