Metrol. Meas. Syst., Vol. XVII (2010), No. 3, pp. 461-480 ________________________________________________________________________________________________________________________________________________________________________________ Article history: received on Jan. 1, 2009; received in revised form on Jun. 29, 2010; accepted on Aug. 31, 2010; available online on Sept. 6, 2010. METROLOGY AND MEASUREMENT SYSTEMS Index 330930, ISSN 0860-8229 www.metrology.pg.gda.pl VERIFICATION OF FLEXRAY START-UP MECHANISM BY TIMED AUTOMATA Jan Malinský, Jiří Novák Czech Technical University, Faculty of Electrical Engineering, Technická 2, 166 27 Prague 6, Czech Republic ( malinsj@fel.cvut.cz, +420 22 435 2201, jnovak@fel.cvut.cz) Abstract This contribution deals with the modelling of a selected part of a new automotive communication standard called FlexRay. In particular, it focuses on the mechanism ensuring the start-up of a FlexRay network. The model has been created with the use of timed automata and verified. For this purpose the UPPAAL software tool has been used that allows the modelling of discrete event systems with the use of timed automata, and subsequently the verification of the model with the use of suitable queries compiled in the so called computation tree logic. This model can be used to look for incorrect settings of time parameters of communication nodes in the network that prevent network start-up and subsequently the start of the car. The existence of this model also opens the way for finding possible errors in the standard. On the basis of the model, the work gives a case study of the start-up mechanism behaviour verification in a FlexRay network consisting of three communication nodes. Keywords: FlexRay, timed automata, modelling. © 2010 Polish Academy of Sciences. All rights reserved 1. Introduction Together with the current trend of development of electronic systems in cars, the need has arisen for a new communication standard. The necessity of a new standard has been mainly due to x-by-wire technology [1], which makes it possible to remove some of existing mechanical and hydraulic parts from cars and to replace them with intelligent and reliable electronic systems. This is mainly the case of the following technologies: - Steer-by-wire provides electronic transfer of the turning angle of the steering wheel to the angle of the wheels. - Brake-by-wire means electronic transfer of the position of the brake pedal to the operational intervention of the braking system. - Drive-by-wire allows electronic transfer of the position of the accelerator pedal. The x-by-wire systems for cars have been taken over from aircrafts (fly-by-wire systems), where they have been being reliably used for years with communication protocol TTP/C [2]. These systems lay the foundations for new intelligent cars where the control system is informed about the driver’s intentions (to turn, to brake, to accelerate, etc.) electronically and together with other electronic systems and sensors it makes a decision on the safety of the driver’s request. Subsequently, to enhance the safety of the passengers, these systems can even intervene into the control of the vehicle. For deeper studies of this new standard the reference sources [3] and [4], dealing with the description of the link and the physical layer of the FlexRay (FR) communication standard of the latest version 2.1, are recommended. As all x-by-wire applications require hard real-time communication, FR is based on the TDMA (Time Division Multiple Access) medium access method, where dedicated time slots are used for communication. Such a system should provide a mechanism enabling the start of the network; here it is called start-up mechanism (SUM). Its correct and reliable functionality