Formal Modeling and Analysis of AFDX Frame Management Design

The Avionics Full Duplex Switched Ethernet (AFDX) has been developed to provide reliable data exchange with strong data transmission time guarantees in internal communication of the aircraft. The AFDX design is based on the principle of a switched network with physically redundant links to support availability and be tolerant to transmission and link failures in the network. In this work, we develop a formal model of the AFDX frame management to ascertain the reliability properties of the design. To capture the precise temporal semantics, we model the system as a network of timed automata and use UPPAAL to model-check for the desired properties expressed in CTL. Our analysis indicates that the design of the AFDX frame management is vulnerable to faults such as network babbling which can trigger unwarranted system resets. We show that these problems can be alleviated by modifying the original design to include a priority queue at the receiver for storing the frames. We also suggest communicating redundant copies of the reset message to achieve tolerance to network babbling. Comments Copyright 2006 IEEE. Reprinted from the 9th IEEE International Symposium on Object-oriented Real-time Distributed Computing (ISORC 2006), pages: 393-399 This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to [email protected]. By choosing to view this document, you agree to all provisions of the copyright laws protecting it. This conference paper is available at ScholarlyCommons: http://repository.upenn.edu/cis_papers/246 Formal Modeling and Analysis of the AFDX Frame Management Design ∗ Madhukar Anand University of Pennsylvania, Philadelphia, PA 19104 [email protected] Steve Vestal Honeywell Technology Center, Minneapolis, MN 55418 [email protected] Samar Dajani-Brown Honeywell Technology Center, Minneapolis, MN 55418 [email protected] Insup Lee University of Pennsylvania, Philadelphia, PA 19104