Holger Pfeifer, Detlef Schwier, and Friedrich W. von Henke. Formal verification for timetriggered clock synchronization. In Charles B. Weinstock and John Rushby, editors, Dependable Computing for Critical Applications -- 7, volume 12 of Dependable Computing and Fault Tolerant Systems, pages 207--226. IEEE Computer Society, January 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....in slot p arrives against s i (p) adjusted for known transmission delays) It then adjusts s i (or, equivalently, its local clock) by some fault tolerant average of its estimates of its skews to all (or, in the case of TTA, some) other controllers. This algorithm has been formally verified [PSvH99] One way to construct a startup algorithm is as a variation on a synchronization algorithm: even if the local clocks of various controllers are initially far apart, successive rounds of averaging should bring them into convergence. This is plausible, but Miner [Min93] presents scenarios in ....

Holger Pfeifer, Detlef Schwier, and Friedrich W. von Henke. Formal verification for time-triggered clock synchronization. In Charles B. Weinstock and John Rushby, editors, Dependable Computing for Critical Applications--- 7, volume 12 of Dependable Computing and Fault Tolerant Systems, pages 207--226, San Jose, CA, January 1999. IEEE Computer Society.

....of live critical embedded systems include medical devices and controllers in the avionics or automotive industry. Because of the high cost of design faults, theorem proving is already common in this area. Examples include the formal verification of a fault tolerant communication bus protocol [PSvH99, Pfe00] using PVS or the verification of tools for train borne control software systems [BT00] using ACL2 [KM96] In case of the chip industry, design faults are expensive due to shortening time to market. A well known example is the bug in Intel s Pentium floating point unit [V. 95] Despite of ....

Holger Pfeifer, Detlef Schwier, and Friedrich W. von Henke. Formal Verification for Time-Triggered Clock Synchronization. In Charles B. Weinstock and John Rushby (eds.), editors, Dependable Computing for Critical Applications 7, volume 12 of Dependable Computing and Fault-Tolerant Systems, pages 207--226. IEEE Computer Society, January 1999. 10

....the application in case a loss of consistency is caused by a violation of the fault hypothesis. The basic algorithms that provide this consistent distributed computing base (clock synchronization and membership) have been analyzed by formal methods and are implemented once and for all in silicon [56], 57] 58] 59] 60] 61] The application does not need to be concerned with the implementation and validation of the complex distributed agreement protocols that are needed to establish consistency in a distributed system. The architecture is replica deterministic, which means that any ....

H. Pfeifer, D. Schwier, and F. v. Henke. Formal Verification for TimeTriggered Clock Synchronization. In Proceedings of Seventh IFIP International Working Conference on Dependable Computing for Critical Applications, pages 207--226, 1999.

....be an error. Miner was translated to PVS and generalized (to admit nonaveraging algorithms such as that of Srikanth and Toueg [73] that do not conform to Schneider s treatment) by Schwier and von Henke [69] This treatment was then extended to the TTA algorithm by Pfeifer, Schwier and von Henke [45]. The TTA algorithm is intended to operate in networks where there are at least four good clocks, and it is able to mask any single fault in this circumstance. Pfeifer, Schwier and von Henke s verification establishes this property. Additional challenges still remain, however. In keeping with the ....

Holger Pfeifer, Detlef Schwier, and Friedrich W. von Henke. Formal verification for timetriggered clock synchronization. In Weinstock and Rushby [77], pages 207--226. 5

....by Honeywell will be certified under FAA requirements. The basic Welch Lynch clock synchronization protocol employed in TTA has been formally verified by Miner [Min93] and by Schwier and von Henke [SvH98] The actual TTA protocol has been formally verified by Pfeifer, Schwier, and von Henke [PSvH99] A new verification is planned (by me) that will extend the analysis beyond the standard fault hypothesis of TTA using a hybrid fault model developed by Schmid [Sch00] The membership and clique avoidance protocol of TTA has been formally verified by Pfeifer [Pfe00] but only under the standard ....

Holger Pfeifer, Detlef Schwier, and Friedrich W. von Henke. Formal verification for time-triggered clock synchronization. In Charles B. Weinstock and John Rushby, editors, Dependable Computing for Critical Applications--- 7, volume 12 of Dependable Computing and Fault Tolerant Systems, pages 207--226, San Jose, CA, January 1999. IEEE Computer Society.

....up and has a welldefined restart and recovery strategy from fault arrivals that exceed this hypothesis. The prototype implementations of TTA have been subjected to extensive testing and fault injections, and deployed in experimental vehicles. Several of its algorithms have been formally verified [13,14], and aircraft applications under development are planned to lead to FAA certification. It is supported by an extensive tool suite that interfaces to standard CAD environments (e.g. Matlab Simulink and Beacon) Current implementations provide 25 Mbit s data rates; research projects are designing ....

Holger Pfeifer, Detlef Schwier, and Friedrich W. von Henke. Formal verification for timetriggered clock synchronization. In Charles B. Weinstock and John Rushby, eds., Dependable Computing for Critical Applications---7, Volume 12 of IEEE Computer Society Dependable Computing and Fault Tolerant Systems, pages 207--226, San Jose, CA, Jan. 1999.

No context found.

H. Pfeifer, D. Schwier, and F. W. von Henke. Formal verification for timetriggered clock synchronization. In C. B. Weinstock and J. Rushby, editors, Dependable Computing for Critical Applications---7, volume 12 of Dependable Computing and Fault Tolerant Systems, pages 207--226, San Jose, CA, Jan. 1999. IEEE Computer Society.

No context found.

H. Pfeifer, D. Schwier, and F. W. von Henke. Formal Verification for Time-Triggered Clock Synchronization. In C. B. Weinstock and J. Rushby, editors, Dependable Computing for Critical Applications 7, volume 12 of Dependable Computing and Fault-Tolerant Systems, pages 207--226. IEEE Computer Society, January 1999.

No context found.

H. Pfeifer, D. Schwier, and F. W. von Henke. Formal verification for time-triggered clock synchronization. In C. B. Weinstock and J. Rushby, editors, Dependable Computing for Critical Applications---7, volume 12 of Dependable Computing and Fault Tolerant Systems, pages 207--226, San Jose, CA, Jan. 1999. IEEE Computer Society.

....slot, in which it is allowed to send a message on the bus while the other processors listen. Slots are numbered and can be seen as an abstraction Formal Verification of the TTP Group Membership Algorithm 3 of a global time base that is provided by a separate clock synchronization algorithm [8, 11]. In our model we assume a set proc of n processors, labeled 0, 1, n 1, that are arranged in a logical ring. The period of n successive slots is called a TDMA round. Every processor p maintains a set mem t p the membership set of processor p that contains all processors that p ....

....Architecture, such as initialization or reintegration of nodes, and analyzing their interrelationships. For example, the group membership algorithm presented here is specified at the level of a synchronous system; for this model to be adequate, we have to assume faulttolerant clock synchronization [11]. Conversely, the clock synchronization mechanism of TTP also relies on the group membership service being able to avoid the formation of cliques of processors. Finding ways to clearly identify the relationships and interfaces of the various protocol services in order to avoid these circular ....

H. Pfeifer, D. Schwier, and F. W. von Henke. Formal Verification for Time-Triggered Clock Synchronization. In C. B. Weinstock and J. Rushby, editors, Dependable Computing for Critical Applications 7, volume 12 of Dependable Computing and Fault-Tolerant Systems, pages 207--226. IEEE Computer Society, January 1999.

No context found.

Holger Pfeifer, Detlef Schwier, and Friedrich W. von Henke. Formal verification for timetriggered clock synchronization. In Charles B. Weinstock and John Rushby, editors, Dependable Computing for Critical Applications -- 7, volume 12 of Dependable Computing and Fault Tolerant Systems, pages 207--226. IEEE Computer Society, January 1999.

No context found.

Pfeifer, H., Schwier, D., von Henke, F. W.: Formal Verification for Time Triggered Clock Synchronization. In: Proc. 7 IFIP International Working Conference on Dependable Computing for Critical Applications (Jan 1999)

No context found.

H. Pfeifer, D. Schwier, and F. v. Henke, "Formal Verification for Time-Triggered Clock Synchronization," In Proceedings of Seventh IFIP International Working Conference on Dependable Computing for Critical Applications, pp. 207-226, 1999.

No context found.

H. Pfeifer, D. Schwier, and F. v. Henke, "Formal Verification for Time-Triggered Clock Synchronization," In Proceedings of Seventh IFIP International Working Conference on Dependable Computing for Critical Applications, pp. 207-226, 1999.

No context found.

Pfeifer, H., D. Schwier, et al. (1999), "Formal Verification for Time-Triggered Clock Synchronization", Dependable Computing for Critical Applications 7, IEEE Press.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC