pedro souto

The development of safety-critical embedded applications in domains such as automotive or avionics is an exceedingly challenging intellectual task. This task can, however, be significantly simplified through the use of middleware that offers specialized fault-tolerant services. This middleware must provide a high assurance level that it operates correctly. In this paper, we present a formal verification of a protocol for one such service, a Group Membership Service, using model checking. Through this verification we discovered that although the protocol specification is correct, a previously proposed implementation is not.

Abstract We present a group membership protocol specially designed for next generation communication systems for real-time safety-critical applications such as FlexRay and FTT-CAN. The proposed protocol imposes an overhead of two bits per processor per communication cycle, when the system is in a quiescent state, and is able to tolerate benign failures of up to half of the group members between consecutive executions. Additionally, it removes a faulty processor within two communication cycles in the worst case and ...

We present a reliability evaluation of a group membership protocol (GMP), by computing the probability of violating the fault assumptions made in its proof. The evaluation of the reliability of a GMP is of paramount importance because group membership services are often used as building blocks in the design of fault-tolerant applications. The GMP that we consider here has been proposed for dual scheduled TDMA networks such as FlexRay, a protocol that is likely to become the de-facto standard for next generation automotive networks. Our study is carried out by modeling the GMP with discrete-time Markov chains. The models consider different fault scenarios, including permanent, transient and common-mode faults, affecting both channels and nodes. Furthermore we perform a sensitivity analysis to assess the influence of different parameters on the protocol’s reliability. The results show that the GMP can achieve reliability levels in the range required for safety critical applications.

We present a family of reliable broadcast protocols designed to take advantage of the dual scheduling TDMA (DuST) scheme provided by current state-of-the-art automotive control networks such as FlexRay. These protocols are a complement to FlexRay's native communication services, which do not provide sufficient fault tolerance for safety-critical applications. A reliability evaluation of the proposed protocols carried out with the help of the probabilistic model checker PRISM shows that the proposed protocols can achieve reliability levels suitable for safety-critical applications.

Keeping up with the timing constraints of real-time traffic in wireless environments is a hard task. One of the reasons is that the real-time stations have to share the same communication medium with stations that are out of the sphere-of control of the real-time architecture. That is, with stations that generate timing unconstrained traffic. The VTP-CSMA architecture targets this problem in IEEE 802.11 wireless networks. It is based on a Virtual Token Passing procedure (VTP) that circulates a virtual token among real-time stations, enabling the coexistence of real-time and non realtime stations in a shared communication environment. The worst-case timing analysis of the VTP-CSMA mechanism shows that the token rotation time is upper-bounded, even when the communication medium is shared with timing unconstrained stations. Additionally, the simulation analysis shows that the token rotation mechanism behaves adequately, even in the presence of error-prone communication channels. Therefore, the VTP-CSMA architecture enables the support of real-time communication in shared communication environments, without the need to control the timing behavior of every communicating device. A ring management procedure for the VTP-CSMA architecture is also proposed, allowing real-time stations to adequately join/leave the virtual ring. This ring management procedure is mandatory for dynamic operating scenarios, such as those found in VoIP applications.

Abstract Keeping up with the timing constraints of real-time traffic in wireless environments is a hard task. One of the reasons is that the real-time stations have to share the same communication medium with stations that are out of the sphere-of control of the real-time architecture. That is, with stations that generate timing unconstrained traffic. The VTP-CSMA architecture targets this problem in IEEE 802.11 wireless networks. It is based on a Virtual Token Passing procedure (VTP) that circulates a virtual token among real-time stations, ...

Abstract Wireless Mesh Networks (WMNs) are a promising communication technology that may offer greater flexibility and reliability, when compared to traditional wireless networks. WMNs open up new applications domains, but still need to find efficient mechanisms to deal with scalability and timeliness requirements. This paper proposes a scheme for Path Selection and Message Forwarding in IEEE 802.11 s networks, that is suitable to be used in industrial environments. We present the DHT-based Cluster Routing Protocol (DCRP), a ...