J.S. Moore. A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol. Formal Aspects of Computing, 6(1):60-91, 1994.  Home/Search   Document Details and Download   Summary   Related Articles   Check

.... Speci cation and Veri cation of Biphase Mark Protocols in DC We present in this subsection a case study on the speci cation and veri cation of the Biphase Mark Protocol (BMP) taken in [21] There have been several papers presented methods for formal speci cation and veri cation of BMP, e.g. [37]. However, the model in this paper is too abstract, and does not give the concrete relations on parameters. We need a natural way to specify the Biphase Mark Protocol with more detailed physical assumptions and higher accuracy. The BMP protocol encodes a bit as a cell consisting of a mark subcell ....

J S. Moore. A Formal Model of Asynchronous Communication and Its Use in Mechanically Verifying a Biphase Mark Protocol. Formal Aspects of Computing, 6:60-91, 1994.

....more directly, the derivation of sucient conditions on the jitter between the clock of the sender and the clock of the receiver such that the protocol works properly. To our knowledge, there has been some work on the veri cation of instances of the protocol either using theorem proving techniques [Moo93] or model checking [IG99,Vaa] and one work presenting full parameter analysis using PVS and the Duration Calculus, however, without clock jitter. Using the techniques presented earlier in this paper, we have been able to fully analyze the protocol and to derive parameterized sucient conditions ....

J. S. Moore. A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol. Formal Aspects of Computing, 3(1), 1993.

....Let r be a state variable modelling the signal obtained by the receiver. Without loss of generality, assume that the delay between the sender and the receiver is 0. Physically, due to some disturbance, it takes some amount of time to the signal on the bus to change from high to low or vice versa [23, 24]. So the value of r is chosen arbitrarily among 0 and 1 if the digitised value is neither 0 nor 1. Therefore r is unreliable when the analog signal changes from high to low or from low to high. This is represented in Figure 9 by a white space in the corresponding time intervals. Let us assume that ....

Jay S. Moore. A Formal Model of Asynchronous Communication and Its Use in Mechanically Verifying a Biphase Mark Protocol. Formal Aspects of Computing, 6, 1994.

.... Theorem provers have been used in academia to verify software ( Joy89] Moo88] BW97] and hardware ( CGM87] Coh89] Win90] including complete microprocessors ( Gor83] GB89] Hun87] Joy88] Cul88] SB90] They have also been used in industry to verify properties of real world systems ( Moo92] DHaGAR88] Cam97] FWFC92] There are now many varieties of theorem provers. The Boyer Moore theorem porver is based on lisp with an untyped specification language and powerful tactics that may need human intervention; however, it gives human readable output. PVS is strongly typed and even ....

J. Strother Moore. A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol, 1992. NASA Contract NAS1-18878.

....induction rule on the length of words in the traditional way. To illustrate our approach, we try the approach to model and verify the Biphase Mark (BPM) protocol and the Audio Control protocol which are widely used in practice for asynchronous communication between two digital hardware devices. In [7], the Biphase Mark protocol is verified formally using Boyer Moore Logic for some specific encoding and decoding rules. In our model, however we can verify the BPM protocol for the more general encoding and decoding rules and we can make clear the assumption of the environments, namely we take ....

J. S. Moore. A Formal Model of Asynchronous Communication and Its Use in Mechanically Verifying a Biphase Mark Protocol. Formal Aspects of Computing, 6, 1994.

....PVS Dang Van Hung The United Nations University International Institute for Software Technology P.O. Box 3058, Macau Abstract The paper presents a model of Biphase Mark Protocols (BMP) using Duration Calculus, which seems to be more general and more intuitive than the others in the literature [9]. With Duration Calculus we can model the behaviour of the bus in a natural way and in more detail. The model makes it possible to specify and verify BMP using PVS DC Gamma [8] tool. The mechanical verification not only ensures the correctness of the protocol, but also helps engineers to choose ....

....Duration Calculus to model communication protocols taking into account how long it takes for the sender to change the signal from high to low and vice versa. The DC model of communication protocols given in that paper is proved to be more general and intuitive than the others in the literature [9, 1]. Duration Calculus (DC) 2] is a logic to reason about boolean functions based on interval temporal logics. This makes it one of the most suitable logics for specifying the communication protocols because the signal sent and received are usually modelled by boolean functions of time. In a ....

[Article contains additional citation context not shown here]

J. S. Moore "A formal model of asynchronous communication and its use in mechanically verifying a Biphase Mark Protocol", Formal Aspects of Computing, 6, 1994, pp. 60-91.

.... the definition of a circuit in our language that consists of two independently clocked sequential modules, and prove that communication between them is achieved by means of the well known biphase mark protocol [5] The circuit design and the proof are both based on Moore s work on asynchrony [4], which includes a formal model of asynchronous communication and a rigorous formulation of the protocol. Specification and Verification of VHDL Models Technical Report #99 3 The syntax and semantics of our language are both based on the S expressions of LISP. This decision was motivated by ....

....two modules are Specification and Verification of VHDL Models Technical Report #99 29 driven by the same clock. In this section, we shall examine the asynchronous case, in which the two clock inputs have different periods. Our treatment of this problem is based on Moore s model of asynchrony [4]. In this model, the behavior of a signal is characterized abstractly by three quantities: a base time, a period, and a bit vector (representing the values assumed on successive cycles) Moore postulates that the receiver s input vector is determined by a function asynch, the arguments of which ....

[Article contains additional citation context not shown here]

Moore, J S., "A Formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol", Formal Aspects of Computing 6, no. 1 (1994):60-91.

....most difficulty convincing themselves they ve got right. In the first years of the program, formal specifications and verifications for these building blocks were undertaken and completed in the following systems: EHDM and later in PVS at SRI [55, 50, 59] Nqthm, the Boyer Moore prover, at CLI [1, 2, 45, 44, 68]; and Clio and the Penelope Ada verification system at ORA [61, 4, 63, 30, 62] Concurrently we gained experience at Langley using a number of the prover systems including EHDM, Nqthm, and HOL. During that time we were primarily occupied with the design and verification (in EHDM) of a ....

J Strother Moore. A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol. NASA Contractor Report 4433, June 1992.

....encoding are widely used in applications, for instance in the Ethernet [25] It is therefore surprising that, as far as we know, there is almost no work on the rigorous analysis of the tolerance of asynchrony within this or related protocols. A notable exception is a recent paper by Moore [21], who mechanically verifies a biphase mark protocol. The protocol and model of Moore are slightly different from ours (for instance, clock jitter is ignored in the model) but despite these differences he surprisingly arrives at a maximal tolerance of 5 , which is very close to our result. Clearly, ....

J.S. Moore. A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol. Journal of Formal Aspects of Computing Science, 6(1):60--91, 1994.

....and Frits Vaandrager Computing Science Institute, University of Nijmegen P.O. Box 9010, 9500 GL Nijmegen, The Netherlands fsivanov, davidg, fvaang cs.kun.nl Abstract. We show how a symbolic model checker for linear hybrid systems can be used to analyze a biphase mark protocol. This protocol [Moo94] was first verified by Moore using a model of asynchrony. In this paper we demonstrate that algorithmic methods can automatically verify the correctness of the protocol for wider clock drifts. Due to the nature of linear hybrid automata we were able to drop one of the assumptions made in [Moo94] ....

....[Moo94] was first verified by Moore using a model of asynchrony. In this paper we demonstrate that algorithmic methods can automatically verify the correctness of the protocol for wider clock drifts. Due to the nature of linear hybrid automata we were able to drop one of the assumptions made in [Moo94]. We believe that linear hybrid automata enable a natural way of modeling the protocol. 1994 Extended Computing Reviews Classification System: B.4.4, B.6.3, C.2.2, D.2.1 1991 Mathematics Subject Classification: 68Q22, 68Q60, 68Q68 Keywords: formal methods, verification, communication protocols, ....

[Article contains additional citation context not shown here]

J.S. Moore. A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol. Formal Aspects of Computing, 6(1):60--91, 1994.

....relationships. Nqthm has been used (or is being used) to formalize and explicate . a commercial netlist language [6] a gate level description of a microprocessor [7] a model of asynchrony suitable to proving the reliability of communication protocols for independently clocked processors [8], Turing machines [9] Lambda calculus [10] a simple but usable machine code [11] a large part of the machine code for the MC68020 [12] a stack based assembly language [5] several high level languages including Micro Gypsy [13] Middle Gypsy [14] the Nqthm logic itself [2] ....

J S. Moore, "A Formal Model of Asynchronous Communication and Its Use in Mechanically Verifying a Biphase Mark Protocol", Tech. report CLI Technical Report 68, Computational Logic, Inc., 1717 W. Sixth Street, Suite 290, Austin, TX 78703, August 1991.

.... also verified a processor group membership protocol and the binary exponential backoff protocol [44, 45] and a safety property, together with a real time progress property of the ACCESS bus protocol in [43] Also the biphase mark protocol, similar to the protocol in [12] was proved by Moore in [62]. As an interesting benchmark problem for specification and verification, the interactive convergence clock synchronization algorithm [51] has been mechanically checked respectively with the Boyer Moore prover in [82] and with PVS in [73] Also, several versions of the oral messages algorithm [52] ....

J S. Moore. A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol. Journal of Formal Aspects of Computing Science 6(1):6091, 1994.

....the success. 4.3. 2 Asynchronous Communication CLI developed a formal model of asynchronous communication and demonstrated its utility by formally verifying a widely used protocol for asynchronous communication called the bi phase mark protocol, also known as Bi Phi M, FM or single density [69]. It is one of several protocols implemented by microcontrollers such as the Intel 82530 and is used in the Intel 82C501AD Ethernet Serial Interface. 4.3.3 Digital Design Derivation Funded in part by a NASA Langley Graduate Student Research Program fellowship, Bhaskar Bose developed the Digital ....

J Strother Moore, "A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol", NASA CR-4433, June 1992.

....two such clocks are well within our bounds. We have proved that the conventional choice of cell size also works, provided the ratio of the clock rates is within 3 of unity, and we briefly indicate how the proof differs from the proof of the 18 cycle version. This article is a shortened version of [Moo92a], where we present the proof in full as well as develop a reusable theory that allows the application of our model to other protocols. 2. Logical Foundations We use the Nqthm computational logic described in [BM88] Truth values, bits, and signals will all be represented by the objects t and ....

....theorems are independent of the particular signals generated by the biphase mark protocol. They are a first step toward what we call a reusable formal theory or rule book for async. They are only the first step because we stopped when we had enough rules to prove biphase mark correct. See [Moo92a] for the presentation of the reusable theory. 7.2. A Sketch of the Proof of BPM18 Theorem: BPM18 ( bvp (msg) ts 2 ) tr 2 ) w 6 0) r 6 0) tr 6 ts) tr (ts w) rate proximity (w , r) p1 2 ) recv (len (msg) t, 10, async (send (msg , p1 , 5, 13, p2 ) ....

[Article contains additional citation context not shown here]

Moore, J S.: A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol. Technical Report NASA CR4433, NASA, 1992.

....by Yuan Yu at DEC s Systems Research Center in Palo Alto, California, Nqthm is being used to specify part of the DEC Alpha architecture. ffl Fault Tolerance A model of asynchronous communication was developed in Nqthm and used to prove the reliability of the biphase mark communications protocol [27]. The model transduces the waveform written by one processor into that read by an independently clocked processor, as a function of the phases and rates of the two clocks and the communications delay. The correcntess of a gate level design of a device implementing the biphase mark protocol has ....

J S. Moore. A Formal Model of Asynchronous Communication and Its Use in Mechanically Verifying a Biphase Mark Protocol, Formal Aspects of Computing 6(1), 60--91, 1994.

....practical for realistic data sizes. A more sensible design would use serial io, devoting one pin to each of the channels on which full vectors are currently exchanged. This would reduce the pin count to eighteen and allow arbitrarily sized data at the 16 cost of waiting for it to stream in. In [4], we verify that a biphase mark communications protocol allows reliable communication between two processors whose cycle times are within about 5 of each other. The reader of this document will recognize that it would be straightforward to implement the biphase mark specification in our Formal ....

....processors whose cycle times are within about 5 of each other. The reader of this document will recognize that it would be straightforward to implement the biphase mark specification in our Formal HDL and prove that we had done so. Proving that an HDL description implemented the send and recv of [4] would be an exercise very similar to proving that lstep implements local step except it would be easier because there is no need to parameterize the implementation and the state mapping is much simpler. Indeed, the whole approach taken in [4] was motivated by our concern that the ....

[Article contains additional citation context not shown here]

J S. Moore. A Formal Model of Asynchronous Communication and Its Use in Mechanically Verifying a Biphase Mark Protocol. Tech. Rept. NASA CR-4433, NASA, 1992.

....in this document are those of the author(s) and should not be interpreted as representing the official policies, either expressed or implied, of Computational Logic, Inc. the Defense Advanced Research Projects Agency, the Office of Naval Research, or the U.S. Government. earlier systems [3, 4, 5, 8, 10, 11, 13, 14, 15, 18, 19, 20, 29, 31, 32, 35, 36, 37, 38, 41, 42, 43] supports the claim that such a logic is sufficiently expressive to permit one to address deep mathematical problems and realistic verification projects. The fact that the Nqthm logic is executable is also an important asset when using it to model hardware and software systems: the models can be ....

J S. Moore. A Formal Model of Asynchronous Communication and Its Use in Mechanically Verifying a Biphase Mark Protocol, Formal Aspects of Computing 6(1), 60--91, 1994.

No context found.

J.S. Moore. A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol. Formal Aspects of Computing, 6(1):60-91, 1994.

No context found.

J.S. Moore. A formal model of asynchronous communication and its use in mechanically verifying a biphase mark protocol. Formal Aspects of Computing, 6(1):60--91, 1994.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC