Model Checking the FlexRay Physical Layer Protocol

  • Michael Gerke
  • Rüdiger Ehlers
  • Bernd Finkbeiner
  • Hans-Jörg Peter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6371)


The FlexRay standard, developed by a cooperation of leading companies in the automotive industry, is a robust communication protocol for distributed components in modern vehicles. In this paper, we present the first timed automata model of its physical layer protocol, and we use automatic verification to prove fault tolerance under several error models and hardware assumptions.

The key challenge in the analysis is that the correctness of the protocol relies on the interplay of the bit-clock alignment mechanism with the precise timing behavior of the underlying asynchronous hardware. We give a general hardware model that is parameterized in low-level timing details such as hold times and propagation delays. Instantiating this model for a realistic design from the Nangate Open Cell Library, and verifying the resulting model using the real-time model checker Uppaal, we show that the communication system meets, and in fact exceeds, the fault-tolerance guarantees claimed in the FlexRay specification.


Model Check Fault Tolerance Clock Cycle Communicate Sequential Process Alignment Mechanism 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alkassar, E., Böhm, P., Knapp, S.: Formal correctness of an automotive bus controller implementation at gate-level. In: Kleinjohann, B., Kleinjohann, L., Wolf, W. (eds.) 6th IFIP Working Conference on Distributed and Parallel Embedded Systems (DIPES 2008), International Federation for Information Processing, vol. 271, pp. 57–67. Springer, Heidelberg (2008)Google Scholar
  2. 2.
    Alur, R., Dill, D.L.: A theory of timed automata. Theo. Comp. Sci. 126(2) (1994)Google Scholar
  3. 3.
    Behrmann, G., David, A., Larsen, K.G.: A tutorial on uppaal. In: Bernardo, M., Corradini, F. (eds.) SFM-RT 2004. LNCS, vol. 3185, pp. 200–236. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Beyer, S., Böhm, P., Gerke, M., Hillebrand, M., Rieden, T.I.d., Knapp, S., Leinenbach, D., Paul, W.J.: Towards the formal verification of lower system layers in automotive systems. In: ICCD ’05: Proceedings of the 2005 International Conference on Computer Design, pp. 317–326. IEEE Computer Society, Los Alamitos (2005)CrossRefGoogle Scholar
  5. 5.
    Bozga, M., Jianmin, H., Maler, O., Yovine, S.: Verification of asynchronous circuits using timed automata. Electr. Notes Theor. Comput. Sci. 65(6) (2002)Google Scholar
  6. 6.
    Brown, G.M., Pike, L.: Easy parameterized verification of biphase mark and 8N1 protocols. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 58–72. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    FlexRay Consortium: FlexRay Communications System Protocol Specification Version 2.1 Revision A (2005)Google Scholar
  8. 8.
    Keller, J., Paul, W.J.: Hardware design: Formaler Entwurf digitaler Schaltungen, vol. 15. Teubner-Texte zur Informatik (1995)Google Scholar
  9. 9.
    Knapp, S., Paul, W.: Realistic worst case execution time analysis in the context of pervasive system verification. In: Reps, T., Sagiv, M., Bauer, J. (eds.) Wilhelm Festschrift. LNCS, vol. 4444, pp. 53–81. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Männer, R.: Metastable states in asynchronous digital systems: Avoidable or unavoidable? Microelectronics Reliability 28(2), 295–307 (1998)CrossRefGoogle Scholar
  11. 11.
    Nangate Inc.: Nangate 45nm Open Cell Library Databook (2009)Google Scholar
  12. 12.
    Schmaltz, J.: A Formal Model of Clock Domain Crossing and Automated Verification of Time-Triggered Hardware. In: Baumgartner, J., Sheeran, M. (eds.) 7th International Conference on Formal Methods in Computer-Aided Design (FMCAD’07), November 11-14, pp. 223–230. IEEE Press Society, Los Alamitos (2007)Google Scholar
  13. 13.
    Schmaltz, J.: A formal model of lower system layers. In: Formal Methods in Computer Aided Design (FMCAD’06), pp. 191–192. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  14. 14.
    Vaandrager, F., Groot, A.d.: Analysis of a biphase mark protocol with Uppaal and PVS. Formal Aspects of Computing Journal 18(4), 433–458 (2006)CrossRefzbMATHGoogle Scholar
  15. 15.
    Wang, X., Kwiatkowska, M.Z., Theodoropoulos, G.K., Zhang, Q.: Towards a unifying CSP approach to hierarchical verification of asynchronous hardware. Electr. Notes Theo. Comp. Sci. 128(6), 231–246 (2005)CrossRefzbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Michael Gerke
    • 1
  • Rüdiger Ehlers
    • 1
  • Bernd Finkbeiner
    • 1
  • Hans-Jörg Peter
    • 1
  1. 1.Reactive Systems GroupSaarland UniversitySaarbrückenGermany

Personalised recommendations