Timed model of the TTA Startup Protocol in SAL

The following SAL files illustrate the application of calendar automata to the modeling of real-time systems. Both are inspired from the TTA fault-tolerant startup protocol. The verification builds an abstraction of the protocol that is proved correct using the SAL infinite-state, bounded model checker. A correctness property is then derived from the abstraction.

Simplified version: no faults

SAL spec: simple_startup2.sal
Shell script that runs the proofs: abstract2

Version with one faulty node (no faulty hub yet)

SAL spec: startup5.sal
Shell script: abstract5

Minor variant, with a slightly different hub model.

SAL spec: startup6.sal
Shell script: abstract6