SMT-Based Formal Verification of a TTEthernet Synchronization Function

Steiner, Wilfried; Dutertre, Bruno

doi:10.1007/978-3-642-15898-8_10

Cited by 25 publications

(11 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This intuition was invaluable when the first protocol hardware implementations were debugged in the development laboratory. Other TTEthernet components, including several aspects of the clock-synchronization protocol, have also been formalized and verified using SAL [6,7]. This paper builds on these existing formalizations.…”

Section: Existing Ttethernet Formalizationsmentioning

confidence: 98%

“…In the case of TTEthernet, we have developed SAL models of some aspects of the clock synchronization protocol, and established correctness properties using bounded model checking [6,7]. However, the SAL models developed for this purpose abstracted away some of the protocol mechanisms, and the formalization considered only a limited set of small instances of TTEthernet (with as many as six SMs and two CMs).…”

Section: Formalization and Proofsmentioning

confidence: 99%

See 1 more Smart Citation

Model-based analysis of Timed-Triggered Ethernet

Dutertre

Easwaran

Hall

et al. 2012

2012 IEEE/AIAA 31st Digital Avionics Systems Conference (DASC)

View full text Add to dashboard Cite

Timed-Triggered Ethernet (TTEthernet) is a communication infrastructure that enables the use of Ethernet networks in real-time, distributed applications. The core of TTEthernet is a set of faulttolerant protocols for clock synchronization, startup, and clique detection and resolution. We present recent work on model-based analysis of the TTEthernet startup and synchronization protocols.We first use automated test-generation tools to drive high-coverage testing of prototype TTEthernet hardware, based on a state-machine model of the TTEthernet protocols. With almost no human guidance, this technique enables us to achieve MC/DC coverage of the startup protocol under valid fault scenarios.We then focus on the TTEthernet clocksynchronization protocol. We develop correctness proofs of key properties of this protocol using the PVS interactive theorem prover [1]. As a result of this formalization, we have identified a suboptimal design choice in the clock-compression function defined in the TTEthernet draft standard [2]. We propose an alternative definition and, using modelchecking tools, we show that the new function achieves better clock precision than the original.These results demonstrate effective use of modeling and formal techniques in proof and test of a fault-tolerant network infrastructure relevant to avionics and other embedded systems.

show abstract

Section: Existing Ttethernet Formalizationsmentioning

confidence: 98%

Section: Formalization and Proofsmentioning

confidence: 99%

Model-based analysis of Timed-Triggered Ethernet

Dutertre

Easwaran

Hall

et al. 2012

2012 IEEE/AIAA 31st Digital Avionics Systems Conference (DASC)

View full text Add to dashboard Cite

show abstract

“…TTEthernet (SAE AS6802) introduces a robust distributed timing, synchronous startup and recovery 5.B.3-7 capabilities [14][15][16]. Based on the availability of the continuous global time and predefined schedule for critical functions, the latency, jitter and strict determinism are always guaranteed for time-triggered messages.…”

Section: Sae As6802 (Ttethernet)mentioning

confidence: 99%

Ethernet protocol services for critical embedded systems applications

Jakovljević

Ademaj

2010

29th Digital Avionics Systems Conference

View full text Add to dashboard Cite

Ethernet is an evolving standard, not a static one. It's a family of frame-based networking technologies and communication services offering different communication capabilities and quality of service to distributed applications.Ethernet is becoming more present in critical embedded systems because of the supporting software and hardware ecosystem, and guaranteed growth path supported by different industries. Ethernet is a mature technology developed for besteffort communication in high-volume and consumer applications, but its properties have imposed limitations on design of fault-tolerant, time-critical, safety-critical and mission-critical systems. As Ethernet services are continuously evolving to cover different applications, modified variants of Ethernet and additional services have been developed to allow its use in low-latency, lossless application in data centers, as well as in embedded critical applications.This paper provides an overview and comparison of existing and ongoing Ethernet developments for design of time-, mission-, and safety-critical systems. It discusses the capabilities of different Ethernet QoS protocol services (among others IEEE AVB/DCB, ARINC 664, TTEthernet/SAE AS6802, and various Real-Time Ethernet modifications) and their applicability in critical embedded systems.

show abstract

“…Our focus is on the application of such automatic formal verification tools on distributed coordination problems. Several works such as [14,24] use SMT solvers to verify real-time communication protocols but do not consider mobility and spatial safety constraints. The problem of how autonomous traffic agents (or robots) should avoid collisions has also been treated formally with manual proof strategies.…”

Section: Related Workmentioning

confidence: 99%

A Formal Approach to Autonomous Vehicle Coordination

Asplund

Manzoor

Bouroche

et al. 2012

FM 2012: Formal Methods

View full text Add to dashboard Cite

Abstract. Increasing demands on safety and energy efficiency will require higher levels of automation in transportation systems. This involves dealing with safety-critical distributed coordination. In this paper we demonstrate how a Satisfiability Modulo Theories (SMT) solver can be used to prove correctness of a vehicular coordination problem. We formalise a recent distributed coordination protocol and validate our approach using an intersection collision avoidance (ICA) case study. The system model captures continuous time and space, and an unbounded number of vehicles and messages. The safety of the case study is automatically verified using the Z3 theorem prover.

show abstract

SMT-Based Formal Verification of a TTEthernet Synchronization Function

Cited by 25 publications

References 5 publications

Model-based analysis of Timed-Triggered Ethernet

Model-based analysis of Timed-Triggered Ethernet

Ethernet protocol services for critical embedded systems applications

A Formal Approach to Autonomous Vehicle Coordination

Contact Info

Product

Resources

About