SMV Example: Bus Protocol Ed Clarke Daniel Kroening Carnegie Mellon University.

Slides:

Advertisements

Similar presentations

Oracle Partner of the year 2010 & (0) A RedStack Technology Company Oracle EMEA Database Partner.

Advertisements

Does the IEEE MAC Protocol Work Well in Multihop Wireless Ad Hoc Networks? Shugong Xu Tark Saadawi June, 2001 IEEE Communications Magazine.

DATE 2003, Munich, Germany Formal Verification of a System-on-Chip Bus Protocol Abhik Roychoudhury Tulika Mitra S.R. Karri National University of Singapore.

Object / Notification Service (v0.1). Hypothetical tree that stores the information about workstations a user is logged in to. Each o is a node. Although.

Introduction to SMV Part 2

Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Distributed Constraint Optimization Problems M OHSEN A FSHARCHI.

CS425 /CSE424/ECE428 – Distributed Systems – Fall 2011 Material derived from slides by I. Gupta, M. Harandi, J. Hou, S. Mitra, K. Nahrstedt, N. Vaidya.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Mutual Exclusion By Shiran Mizrahi. Critical Section class Counter { private int value = 1; //counter starts at one public Counter(int c) { //constructor.

Chapter 15 Basic Asynchronous Network Algorithms

Leader Election Let G = (V,E) define the network topology. Each process i has a variable L(i) that defines the leader.  i,j  V  i,j are non-faulty.

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Fundamentals of Computer Networks ECE 478/578 Lecture #9: Collision Resolution and Collision Free Protocols Instructor: Loukas Lazos Dept of Electrical.

Parallel Processing (CS526) Spring 2012(Week 6).  A parallel algorithm is a group of partitioned tasks that work with each other to solve a large problem.

Minimum Spanning Trees

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

© 2011 Carnegie Mellon University Introduction to SMV Part 2 Arie Gurfinkel (SEI/CMU) based on material by Prof. Clarke and others.

What we will cover…  Distributed Coordination 1-1.

CS 582 / CMPE 481 Distributed Systems Fault Tolerance.

FSMs 1 Sequential logic implementation  Sequential circuits  primitive sequential elements  combinational logic  Models for representing sequential.

SMV Examples Bug Catching in 2006 Fall Oct. 24, 2006.

1 Using Cadence SMV to verify temporal properties of finite-state machines : Intro to Model Checking October 9, 2008.

A Fault-Tolerant h-out of-k Mutual Exclusion Algorithm Using Cohorts Coteries for Distributed Systems Presented by Jehn-Ruey Jiang National Central University.

Distributed systems Module 1 -Basic networking Teaching unit 1 – LAN standards Ernesto Damiani University of Bozen-Bolzano Lesson 4 – Ethernet frame.

Dave Mills CANbus: A brief introduction Incorporating: The Fujitsu status Dave Mills Queen Mary, University of London.

Josef Widder1 Why, Where and How to Use the  - Model Josef Widder Embedded Computing Systems Group INRIA Rocquencourt, March 10,

The Rare Glitch Project: Verifying Bus Protocols for Embedded Systems Edmund Clarke, Daniel Kroening Carnegie Mellon University.

Introduction to computer networking Distributed Algorithms Class Recitation.

Introduction to Media Access Control Protocols Yerang Hur and Jiaxiang Zhou System Design Research Lab. Dept. of Computer and Information Science.

Introduction to Software Testing Chapter 9.4 Model-Based Grammars Paul Ammann & Jeff Offutt

Paxos Made Simple Jinghe Zhang. Introduction Lock is the easiest way to manage concurrency Mutex and semaphore. Read and write locks. In distributed system:

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved Chapter 6 Synchronization.

LECTURE9 NET301. DYNAMIC MAC PROTOCOL: CONTENTION PROTOCOL Carrier Sense Multiple Access (CSMA): A protocol in which a node verifies the absence of other.

Introduction to Formal Verification using Rulebase April 18, 2001 Rebecca Gott eServer I/O Development Hardware Verification

Distributed Algorithms Lecture 10b – by Ali Ghodsi Fault-Tolerance in Asynchronous Networks – Probabilistic Consensus.

Real-Time Scheduling CS 3204 – Operating Systems Lecture 20 3/3/2006 Shahrooz Feizabadi.

1 Example: traffic light controller Guarantee no collisions Guarantee eventual service E S N.

Computer Architecture Lecture 2 System Buses. Program Concept Hardwired systems are inflexible General purpose hardware can do different tasks, given.

Program correctness The State-transition model A global states S  s 0 x s 1 x … x s m {s k = set of local states of process k} S0  S1  S2  Each state.

Real-Time Scheduling CS 3204 – Operating Systems Lecture 13 10/3/2006 Shahrooz Feizabadi.

Controller Area Network (CAN) is a broadcast, differential serial bus standard, originally developed in the 1980s by Intel and Robert Bosch GmbH, for.

A Breakthrough… Time Machine Evidence. Overview… VISIT TODAYVISIT TODAYVISIT.

Performance Evaluation of IEEE

LECTURE9 NET301 11/5/2015Lect 9 NET DYNAMIC MAC PROTOCOL: CONTENTION PROTOCOL Carrier Sense Multiple Access (CSMA): A protocol in which a node verifies.

Remote Deployment of Sensor Networks Presentation 3: Providing connectivity between sensor nodes and uplinks.

Distributed systems. distributed systems and protocols distributed systems: use components located at networked computers use message-passing to coordinate.

Compositional Verification for System-on-Chip Designs SRC Student Symposium Paper 16.5 Nishant Sinha Edmund Clarke Carnegie Mellon University.

Efficient Algorithms for Distributed Snapshots and Global Virtual Time Approximation Author: Friedermann Mattern Presented By: Shruthi Koundinya.

EEC 688/788 Secure and Dependable Computing Lecture 10 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

CSE 486/586 Distributed Systems Leader Election

Topics in Distributed Wireless Medium Access Control

Data Collection and Dissemination

Mutual Exclusion Continued

Distributed Snapshots & Termination detection

Data Collection and Dissemination

Virtual-Time Round-Robin: An O(1) Proportional Share Scheduler

EEC 688/788 Secure and Dependable Computing

CSE 486/586 Distributed Systems Leader Election

-.&- ·Af& Q 0 "i'/

EEC 688/788 Secure and Dependable Computing

EEC 688/788 Secure and Dependable Computing

Module IV Memory Organization.

Distributed Systems and Concurrency: Synchronization in Distributed Systems Majeed Kassis.

Distributed systems Consensus

CSE 486/586 Distributed Systems Reliable Multicast --- 2

CSE 486/586 Distributed Systems Leader Election

Ethernet (Medium Access Control Protocol)

Presentation transcript:

SMV Example: Bus Protocol Ed Clarke Daniel Kroening Carnegie Mellon University

Overview Node 1 Design goals: Collision free operation Priorities for the nodes Design goals: Collision free operation Priorities for the nodes Preliminaries: Single, shared bus Every node can broadcast on this bus Preliminaries: Single, shared bus Every node can broadcast on this bus Node 2 Node 3 Node 4 Similar busses are used in the automotive industry CAN Byteflight Similar busses are used in the automotive industry CAN Byteflight

Basic Idea Achieve design goals by: Assign unique time to each node Guarantees Collision free operation The node with the lower time gets priority Achieve design goals by: Assign unique time to each node Guarantees Collision free operation The node with the lower time gets priority Operation Principle Round based algorithm First person to start sending gets the bus Operation Principle Round based algorithm First person to start sending gets the bus

Example Node 1 Node 2 Node 3 Node 4 Bus time

Example Node 1 Node 2 Node 3 Node 4 Bus time Hm, I wont send

Example Node 1 Node 2 Node 3 Node 4 Bus time I will send!

Example Node 1 Node 2 Node 3 Node 4 Bus time

Example Node 1 Node 2 Node 3 Node 4 Bus time

Example Node 1 Node 2 Node 3 Node 4 Bus time

Example Node 1 Node 2 Node 3 Node 4 Bus time RESET CLOCK! Start of new Cycle

Example Node 1 Node 2 Node 3 Node 4 Bus time Hm, I wont send

SMV Model Design: A state machine controls each node Counter keeps track of clock Design: A state machine controls each node Counter keeps track of clock Counter: Reset if someone sends Increment otherwise Counter: Reset if someone sends Increment otherwise MODULE node(bus_active) VAR counter: ; ASSIGN next(counter):= case bus_active : 0; counter < 99: counter + 1; 1: 99; esac;

SMV Model Design: A state machine controls each node Counter keeps track of the clock Design: A state machine controls each node Counter keeps track of the clock Bus busy Skip Wait Sending bus_active beginning counter=priority

SMV Model MODULE node(priority, bus_active) VAR counter: ; state: { busy, skip, waiting, sending }; ASSIGN init(state):=busy; next(state):= case state=busy & beginning : { skip, waiting }; state=busy : busy; state=skip & bus_active : busy; state=skip : skip; state=waiting & bus_active : waiting; state=waiting & counter=priority: sending; state=waiting: waiting; state=sending: { busy, sending }; esac;

SMV Model MODULE main VAR node1: node(1, bus_active); node2: node(2, bus_active); node3: node(3, bus_active); node4: node(4, bus_active); DEFINE bus_active:=node1.is_sending | node2.is_sending | node3.is_sending | node4.is_sending;

Properties Desired Properties Safety: Only one node uses the bus at a given time Desired Properties Safety: Only one node uses the bus at a given time SPEC AG (node1.is_sending -> (!node2.is_sending & !node3.is_sending & !node4.is_sending)) SPEC AG (node2.is_sending -> (!node1.is_sending & !node3.is_sending & !node4.is_sending)) SPEC AG (node3.is_sending -> (!node1.is_sending & !node2.is_sending & !node4.is_sending)) SPEC AG (node4.is_sending -> (!node1.is_sending & !node2.is_sending & !node3.is_sending)) SPEC AG (node1.is_sending -> (!node2.is_sending & !node3.is_sending & !node4.is_sending)) SPEC AG (node2.is_sending -> (!node1.is_sending & !node3.is_sending & !node4.is_sending)) SPEC AG (node3.is_sending -> (!node1.is_sending & !node2.is_sending & !node4.is_sending)) SPEC AG (node4.is_sending -> (!node1.is_sending & !node2.is_sending & !node3.is_sending))

Properties Desired Properties Liveness: a node that is waiting for the bus will eventually get it, given that the nodes with higher priority are fair Desired Properties Liveness: a node that is waiting for the bus will eventually get it, given that the nodes with higher priority are fair FAIRNESS node1.is_skipping FAIRNESS node1.is_skipping & node2.is_skipping FAIRNESS node1.is_skipping & node2.is_skipping & node3.is_skipping SPEC AG AF bus_active SPEC AG(node1.is_waiting -> AF node1.is_sending) SPEC AG(node2.is_waiting -> AF node2.is_sending) SPEC AG(node3.is_waiting -> AF node3.is_sending) SPEC AG(node4.is_waiting -> AF node4.is_sending) FAIRNESS node1.is_skipping FAIRNESS node1.is_skipping & node2.is_skipping FAIRNESS node1.is_skipping & node2.is_skipping & node3.is_skipping SPEC AG AF bus_active SPEC AG(node1.is_waiting -> AF node1.is_sending) SPEC AG(node2.is_waiting -> AF node2.is_sending) SPEC AG(node3.is_waiting -> AF node3.is_sending) SPEC AG(node4.is_waiting -> AF node4.is_sending)