Analysis of a biphase mark protocol with UPPAAL and PVS - Intranet ...

intranet.cs.aau.dk

Analysis of a biphase mark protocol with UPPAAL and PVS - Intranet ...

Analysis of a biphase mark protocol 439tock?new == oldtock?m < sample - 1m := m+1D0tock?new != oldold := newD1put!m := 0tock?m == sample - 1out := (new != old),m := m + 1,old := newD2Fig. 9. Decoderput?out == input?out == bufget!in := 0get!buf := in,in := 0T0get!in := 1T1get!buf := in,in := 1T2get!T3put?put?out != input?out != bufErrorFig. 10. Testerbit that has been accepted by the Coder but not yet delivered by the Decoder. While searching for error scenariosthat arise for parameter assignments that do not satisfy the constraints, we will encounter instances of our modelin which two bits can be inside the protocol. We felt no need to model a tester that can handle situations in whichthree or more bits are sent but not yet received. Whenever the protocol (the Decoder) produces an output, theTester checks whether this is the expected value. If it is correct, the Tester forgets the value, otherwise it jumps toa special Error location. If the protocol is correct then the Error location can not be reached.3.10. UPPAAL analysis resultsThe set of reachable symbolic states of our model is relatively small, and for all properties and parameter assignmentsthat we tried, Uppaal managed to establish validity or produced a counterexample within a second (runningUpppaal version 3.4.7 on a standard PC). Some basic well-formedness properties that we tested are that the systemcontains no deadlocks, the coder never starts another voltage transition (edge) while the Wire automaton is stillin its unstable location, and that there are never more than two bits in transit in the protocol:A[] not (deadlock or Wire.W2 or Tester.T3).

More magazines by this user
Similar magazines