A Compared Study of Two Correctness Proofs for the Standardized Algorithm of ABR Conformance

The ABR conformance protocol is a real-time program that controls dataflow rates on ATM networks. A crucial part of this protocol is the dynamical computation of the expected rate of data cells. We present here a modelling of the corresponding program with its environment, using the notion of (parametric) timed automata. A fundamental property of the service provided by the protocol to the user is expressed in this framework and proved by two different methods. The first proof relies on inductive invariants, and was originally verified using theorem-proving assistant COQ. The second proof is based on reachability analysis, and was obtained using model-checker HYTECH. We explain and compare these two proofs in the unified framework of timed automata.