Network Calculus (NC) [5] is an established theory for determining bounds on message delays and for dimensioning buffers in the design of networks for embedded systems. It is supported by academic and industrial tool sets and has been widely used, including for the design and certification of the Airbus A380 AFDX backbone [1,3,4]. However, while the theory of NC is generally well understood, results produced by existing tools have to be trusted: some algorithms require subtle reasoning in order to ensure their applicability, and implementation errors could result in faulty network design, with unpredictable consequences.Tools used in design processes for application domains with strict regulatory requirements are subject to a qualification process in order to gain confidence in the soundness of their results. Nevertheless, given the safety-critical nature of network designs, we believe that more formal evidence for their correctness should be given. We report here on work in progress towards using the interactive proof assistant Isabelle/HOL [6] for certifying the results of NC computations. In a nutshell (cf. Figure 1), the NC tool outputs a trace of the calculations it performs, as well as their results. The validity of the trace (w.r.t. the applicability of the computation steps and the numerical correctness of the result) is then established offline by a trusted checker.The approach of result certification is useful in general for computations performed at design time, as is the case with the use of NC tools, and the idea of using interactive theorem provers for result certification is certainly not new. In particular, it is usually easier to instrument an existing tool in order to produce a checkable trace than to attempt a full-fledged correctness proof. Also, the NC tool can be implemented by a tool provider using any software development process, programming language, and hardware, and it can be updated without having to be requalified, as long as it still produces certifiable traces.In the remainder, we give a brief introduction to NC, outline our ongoing work on formalizing NC in Isabelle/HOL, and finally illustrate its use for the certification of bounds on the message delay in a toy network.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.