Continuous clock amortization need not affect the precision of a clock synchronization algorithm
PODC '90 Proceedings of the ninth annual ACM symposium on Principles of distributed computing
What's decidable about hybrid automata?
Journal of Computer and System Sciences
Fault-Tolerant Broadcasts in CAN
FTCS '98 Proceedings of the The Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing
Two examples of verification of multirate timed automata with Kronos
RTSS '95 Proceedings of the 16th IEEE Real-Time Systems Symposium
HSCC'05 Proceedings of the 8th international conference on Hybrid Systems: computation and control
| Hi-index | 0.00 |
An accurate and reliable clock synchronization mechanism is a basic requirement for the correctness of many safety-critical systems. Establishing the correctness of such mechanisms is thus imperative. This paper addresses the modeling and formal verification of a specific fault-tolerant master/slave clock synchronization system for the Controller Area Network. It is shown that this system may be modeled with hybrid automata in a very natural way. However, the verification of the resulting hybrid automata is intractable, since the modeling requires variables that are dependent. This particularity forced us to develop some modeling techniques by which we translate the hybrid automata into singlerate timed automata verifiable with the model-checker UPPAAL. These techniques are described and illustrated by means of a simple example.