Advertisement

Formal Proof of a Polychronous Protocol for Loosely Time-Triggered Architectures

  • Mickaël Kerbœuf
  • David Nowak
  • Jean-Pierre Talpin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2885)

Abstract

The verification of safety-critical systems has become an area of increasing importance in computer science. The notion of reactive system has emerged to concentrate on problems related to the control of interaction and response-time in mission-critical systems. Synchronous languages have proved to be well-adapted to the verification of reactive systems. It is nonetheless commonly argued that real-life systems often do not satisfy the strong hypotheses assumed by the synchronous approach: they are not synchronous. Protocols have however been proposed (e.g. in [1]) to provide an abstract synchronous specification on top of real-time architectures (e.g. loosely time-triggered architectures or LTTA). This abstract model is designed so as to satisfy the synchronous hypotheses and meet the implementation architecture constraints. It makes it possible to design, specify and verify reactive systems in the context of the synchronous approach. In this aim, the present article formalizes the LTTA protocol in the theorem prover Coq and proves its correctness.

Keywords

Model Check Formal Proof Linear Temporal Logic High Order Logic Abstract Data Type 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Benveniste, A., Caspi, P., Guernic, P.L., Marchand, H., Talpin, J.-P., Tripakis, S.: A protocol for loosely time-triggered architectures. In: Sangiovanni-Vincentelli, A.L., Sifakis, J. (eds.) EMSOFT 2002. LNCS, vol. 2491. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Benveniste, A., Le Guernic, P.: Synchronous Programming with Events and Relations: the Signal Language and its Semantics. Science of Computer Programming 16(2), 103–149 (1991)MATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Berry, G., Gonthier, G.: The Esterel Synchronous Programming Language: Design, Semantics, Implementation. Science of Computer Programming 19, 87–152 (1992)MATHCrossRefGoogle Scholar
  4. 4.
    Caspi, P., Mazuet, C., Salem, R., Weber, D.: Formal design of distributed control systems with lustre. In: Felici, M., Kanoun, K., Pasquini, A. (eds.) SAFECOMP 1999. LNCS, vol. 1698, p. 396. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Halbwachs, N., Caspi, P., Raymond, P., Pilaud, D.: The Synchronous Dataflow Programming Language Lustre. Proc. of the IEEE 79(9), 1305–1320 (1991)CrossRefGoogle Scholar
  6. 6.
    Kerboeuf, M., Nowak, D., Talpin, J.-P.: Specification and verification of a steamboiler with Signal-Coq. In: Aagaard, M.D., Harrison, J. (eds.) TPHOLs 2000. LNCS, vol. 1869, pp. 356–371. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Lazić, R., Nowak, D.: A unifying approach to data-independence. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 581–595. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  8. 8.
    Nowak, D., Beauvais, J.-R., Talpin, J.-P.: Co-inductive axiomatization of a synchronous language. In: Grundy, J., Newey, M. (eds.) TPHOLs 1998. LNCS, vol. 1479, pp. 387–399. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  9. 9.
    The Coq development team. The Coq proof assistant reference manual: Version 7.3.1. Technical report, INRIA (2002)Google Scholar
  10. 10.
    Werner, B.: Une Théorie des Constructions Inductives. PhD thesis, Université Paris VII (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Mickaël Kerbœuf
    • 1
  • David Nowak
    • 2
  • Jean-Pierre Talpin
    • 1
  1. 1.IRISA & INRIA Rennes 
  2. 2.LSV, CNRS & ENS Cachan 

Personalised recommendations