Easy Parameterized Verification of Biphase Mark and 8N1 Protocols

Brown, Geoffrey; Pike, Lee

doi:10.1007/11691372_4

Cited by 30 publications

(30 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Previously, timed-automata have been used to verify a low level protocol based on Manchester encoding and developed by Philips [3]. Another recent proof of the BiphaseMark protocol has been proposed by Brown and Pike [4]. They developed a general model of asynchronous communications in the formalism of the tool SAL [10] developed at SRI.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Formal Model of Clock Domain Crossing and Automated Verification of Time-Triggered Hardware

Schmaltz

2007

Formal Methods in Computer Aided Design (FMCAD'07)

View full text Add to dashboard Cite

Abstract-We develop formal arguments about a bit clock synchronization mechanism for time-triggered hardware. The architecture is inspired by the FlexRay standard and described at the gate-level. The synchronization algorithm relies on a specific value of a counter. We prove or disprove values proposed in the literature. Our framework is based on a general and precise model of clock domain crossing, which considers metastability and clock imperfections. Our approach combines this model with the state transition representation of hardware. The result is a clear separation of analog and digital behaviors. Analog considerations are formalized in the logic of the Isabelle/HOL theorem prover. Digital arguments are discharged using the NuSMV model checker. To the best of our knowledge, this is the first verification effort tackling asynchronous transmissions at the gate-level.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Shadrin wrote the translator from Isabelle to Verilog. This work initiates from the lecture "Computer Architecture 2 -Automotive Systems" given by Paul at Saarland University and notes taken by students 4 .…”

Section: Acknowledgmentsmentioning

confidence: 99%

A Formal Model of Clock Domain Crossing and Automated Verification of Time-Triggered Hardware

Schmaltz

2007

Formal Methods in Computer Aided Design (FMCAD'07)

View full text Add to dashboard Cite

show abstract

“…The proof technique implemented is k-induction, a generalization of induction over (infinite-state) transition systems; for brevity, we will call the technique infinite-bmc induction (for inf inite-state bounded model checking induction) [dMRS03,Rus06]. One implementation of infinite-bmc induction is in SRI International's Symbolic Correspondence and offprint requests to: geobrown@cs.indiana.edu, leepike@gmail.com Based on material originally published in [BP06] and on "Temporal Refinement Using SMT and Model Checking with an Application to Physical-Layer Protocols" by Brown and Pike which appears in "The Proceedings of the Fifth ACM-IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE'07)" c 2007 IEEE. [BP07] Analysis Laboratory (SAL) [dMOR + 04].…”

Section: Introductionmentioning

confidence: 99%

“…The first example considered in this paper is the Biphase Mark protocol (BMP) used in CD-player decoders, Ethernet, and Tokenring [BP06]. To motivate why infinite-bmc induction is of interest in realtime verification, consider that the verification of BMP presented herein results in an orders-of-magnitude reduction in effort as compared to the protocol's previous formal verifications using mechanical theoremproving.…”

mentioning

confidence: 99%

Automated verification and refinement for physical-layer protocols

Brown

Pike

2011

Form. Asp. Comput.

Self Cite

View full text Add to dashboard Cite

Abstract. This paper demonstrates how to use a satisfiability modulo theories (SMT) solver together with a bounded model checker to verify properties of real-time physical layer protocols. The method is first used to verify the Biphase Mark protocol, a protocol that has been verified numerous times previously, allowing for a comparison of results. The techniques are extended to the 8N1 protocol used in universal asynchronous receiver transmitters (UARTs). We then demonstrate the use of temporal refinement to link a finite state specification of 8N1 with its real-time implementation. This refinement relationship relieves a significant disadvantage of SMT approaches-their inability to scale to large problems. Finally, capturing the impact of metastability on timing requirements is a key issue in modeling physical-layer protocols. Rather than model metastability directly, a contribution of our models is treating its effect as a constraint on non-determinism.

show abstract

“…In this paper we discuss the application of the SMT-based verification approach introduced in [7] and [8] to fault-tolerant clock synchronization problems. To our knowledge this is the first time that model-checking has been applied to the verification of a convergence function such as the faulttolerant median.…”

Section: Introductionmentioning

confidence: 99%

SMT-Based Formal Verification of a TTEthernet Synchronization Function

Steiner

Dutertre

2010

Formal Methods for Industrial Critical Systems

View full text Add to dashboard Cite

Abstract. TTEthernet is a communication infrastructure for mixedcriticality systems that integrates dataflow from applications with different criticality levels on a single network. For applications of highest criticality, TTEthernet provides a synchronization strategy that tolerates multiple failures. The resulting fault-tolerant timebase can then be used for time-triggered communication to ensure temporal partitioning on the shared network.In this paper, we present the formal verification of the compression function which is a core element of the clock synchronization service of TTEthernet. The compression function is located in the TTEthernet switches: it collects clock readings from the end systems, performs a faulttolerant median calculation, and feedbacks the result to the end systems. While traditionally the formal proof of these types of algorithms is done by theorem proving, we successfully use the model checker sal-inf-bmc incorporating the YICES SMT solver. This approach improves the automatized verification process and, thus, reduces the manual verification overhead.

show abstract

Easy Parameterized Verification of Biphase Mark and 8N1 Protocols

Cited by 30 publications

References 12 publications

A Formal Model of Clock Domain Crossing and Automated Verification of Time-Triggered Hardware

A Formal Model of Clock Domain Crossing and Automated Verification of Time-Triggered Hardware

Automated verification and refinement for physical-layer protocols

SMT-Based Formal Verification of a TTEthernet Synchronization Function

Contact Info

Product

Resources

About