Formal Verification of the TTP Group Membership Algorithm
This paper describes the formal verification of a fault-tolerant group membership algorithm that constitutes one of the central services of the Time-Triggered Protocol (TTP). The group membership algorithm is formally specified and verified using a diagrammatic representation of the algorithm. We describe the stepwise development of the diagram and outline the main part of the correctness proof. The verification has been mechanically checked with the PVS theorem prover.
KeywordsDeductive verification Time-Triggered Architecture fault-tolerant distributed algorithms safety-critical control.
- G. Bauer and M. Paulitsch. An Investigation of Membership and Clique Avoidance in TTP/C. In Proc. of 19th IEEE Symposium on Reliable Distributed Systems. IEEE, Oct. 2000. To appear.Google Scholar
- I. A. Browne, Z. Manna, and H. Sipma. Generalized Temporal Verification Diagrams. In 15th Conference on the Foundations of Software Technology and Theoretical Computer Science, volume 1026 of Lecture Notes in Computer Science, pages 484–498. Springer-Verlag, 1995.Google Scholar
- S. Katz, P. Lincoln, and J. Rushby. Low-Overhead Time-Triggered Group Membership. In M. Mavronicolas and P. Tsigas, editors, 11th International Workshop on Distributed Algorithms: WDAG’97, volume 1320 of Lecture Notes in Computer Science, pages 155–169, 1997.Google Scholar
- H. Kopetz. The Time-Triggered Approach to Real-Time System Design. In B. Randell, J.-C. Laprie, H. Kopetz, and B. Littlewood, editors, Predictably Dependable Computing Systems. Springer-Verlag, 1995.Google Scholar
- Z. Manna and A. Pnueli. Temporal Verification Diagrams. In M. Hagiya and J. C. Mitchell, editors, International Symposium on Theoretical Aspects of Computer Software: TACS’94, volume 789 of Lecture Notes in Computer Science, pages 726–765. Springer-Verlag, 1994.Google Scholar
- H. Pfeifer, D. Schwier, and F. W. von Henke. Formal Verification for Time-Triggered Clock Synchronization. In C. B. Weinstock and J. Rushby, editors, Dependable Computing for Critical Applications 7, volume 12 of Dependable Computing and Fault-Tolerant Systems, pages 207–226. IEEE Computer Society, January 1999.Google Scholar
- J. Rushby. Formal Methods and their Role in the Certification of Critical Systems. In R. Shaw, editor, Safety and Reliability of Software Based Systems (Twelfth Annual CSR Workshop). Springer-Verlag, 1995.Google Scholar
- J. Rushby. Formal Verification of a Low-Overhead Group Membership Algorithm, 2000. In Preparation.Google Scholar
- J. Rushby. Verification Diagrams Revisited: Disjunctive Invariants for Easy Verification. In Computer Aided Verification (CAV 2000), Chicago, IL, July 2000. To appear.Google Scholar
- C. Scheidler, G. Heiner, R. Sasse, E. Fuchs, H. Kopetz, and C. Temple. Time-Triggered Architecture. In J.-Y. Roger, B. Stanford-Smith, and P. T. Kidd, editors, Advances in Information Technologies: The Business Challenge. Proceedings of EMMSEC’97. IOS Press, 1997.Google Scholar
- http://www.informatik.uni-ulm.de/ki/PVS/membership.html.Google Scholar