Specification and verification of the powerScale~(TM) bus arbitration protocol: an industrial experiment with LOTOS

摘要

This paper presents the results of an industrial case-study concerning the use of formal methods for the validation of hardware design. The case-study focuses on PowerScale~(TM), a multiprocessor architecture based on PowerPC~(TM) micro-processors and used in Bull's Escala~(TM) series of servers and workstations~*. The specification language Lotos (Iso International Standard 8807) was used to describe formally the main components of this architecture (processors, memory controller and bus arbiter). Four correctness properties were identified, which express the essential requirements for a proper functioning of the arbitration algorithm, and formalized in terms of bisimulation relations (modulo abstractions) between finite labelled transition systems. Using the compositional and on-the-fly model-checking techniques implemented in the Cadp (Caesar/Aldebaran( toolbox, the correctness of the arbitration algorithm was established automatically in a few minutes.