SDL and Timed Petri Nets versus UPPAAL for the validation of embedded architecture in automotive

The emergence of new technologies in the automotive domain implies new characteristics and new constraints. The X-by-wire technology tends to replace mechanical components by electronic parts, implying distributed real-time broadcast architecture. These systems support safety-critical applications, as for example the steering control function. Thus they require hard constraints, both in the temporal and the fault-tolerance domain. In this context, one of the specific designed architectures is TTA (Time-Triggered Architecture) [Kop98], based on TTP/C (Time-Triggered Protocol for class C applications) [KG94], [TTT02]. This architecture is a hard real-time and fault-tolerant one, providing services developed to respect these specific temporal and fault-tolerant constraints. Obviously, such a design must be validated for the constraints it is supposed to support, even in presence of faults. Formal validation is a validation method based on the verification of constraints in a model of the system. It allows the exhaustive analysis of the system behavior, and an automatic verification. In this purpose various validation methods can be used, the choice mainly depends on the type of constraints to be validated and the characteristics of the target system. Consequently, the first important step of the validation process is the choice of a modeling formalism and an associated analysis method which correspond to the characteristics of the system. The study presented in this paper deals with the temporal validation of the TTA architecture. It presents a comparison between two different approaches. The first one is based on the use of two different modeling formalisms (namely SDL and Timed Petri Nets) for the different parts of TTA, and their association for the validation of the whole architecture. The second approach is the modeling and the analysis of the whole architecture with only one formalism : the Timed Safety Automata of UPPAAL ([BY04]). The first part of this article motivates the comparison between two validation approaches. Then the two following parts present respectively the first and the second approach, with some results on the validation of TTA. Finally the fourth part concludes this comparison.