Formal verification of a group membership protocol using model checking

The development of safety-critical embedded applications in domains such as automotive or avionics is an exceedingly challenging intellectual task. This task can, however, be significantly simplified through the use of middleware that offers specialized fault-tolerant services. This middleware must provide a high assurance level that it operates correctly. In this paper, we present a formal verification of a protocol for one such service, a Group Membership Service, using model checking. Through this verification we discovered that although the protocol specification is correct, a previously proposed implementation is not

A group membership protocol for communication systems with both static and dynamic scheduling

We present a group membership protocol specially designed for next generation communication systems for real-time safety-critical applications such as FlexRay and FTT-CAN. The proposed protocol imposes an overhead of two bits per processor per communication cycle, when the system is in a quiescent state, and is able to tolerate benign failures of up to half of the group members between consecutive executions. Additionally, it removes a faulty processor within two communication cycles in the worst case and reintegrates a processor at the latest two communication cycles after it recovers. Compared with protocols developed for similar systems, it is as tolerant as the most robust protocol with a traffic overhead slightly higher than the most efficient protocol, which is much less robust. © 2006 IEEE

Model-checking a group membership protocol for TDMA-based networks with both static and dynamic scheduling

We report ongoing work on a group membership protocolspecially designed to take advantage of the support of bothstatic and dynamic scheduling in new TDMA-based protocolsbeing proposed for safety critical applications, suchas Flex-Ray. In contrast with previous group membershipprotocols for TDMA-based networks, ours does not requirethe pre-allocation of group membership traffic in every cycle.Currently we are working on the formal verification ofits correctness using the UPPAAL model checker. This willprovide a higher assurance of correctness of the protocol,which is of foremost importance in safety critical applications