A Simple Verification of the Tree Identify Protocol with SMV

Traditional ways of validating and verifying software include testing/simulation and theorem proving. Testing may start as soon as the first prototype exists. No knowledge of a specialised formalism is required. Testing is based on a collection of test cases, correctness is assured for each test case. The number of test cases may grow exponentially with the number of input variables. Therefore, it is usually impossible to cover every potential behavior in a test suite. On the other hand, with theorem proving, correctness of software can be verified formally. Every potential behavior is covered. However, indepth knowledge and a lot of of experience in the use of the methodology is required. Model checking combines some of the advantages of both testing and theorem proving. Depending on the number of parameters left unspecified in the model a configuration corresponds to either a single or a large number of test cases which are verified in a single run of the model checker. By leaving all parameters unspecified all possible behaviors can be covered. However, with more free parameters the state space to be searched grows and thus the time needed increases. Other advantages include that model checking can start once the first prototype of the model and the specification have been finished. The use of a model checker requires only moderate knowledge of the underlying theory. In the past, model checking has successfully been applied to several case studies as well as in industry. See, for example, [1], [2] and [4]. The Tree Identify Protocol of the IEEE 1394 (FireWire) standard [5], [6], proposed as a case study for the application of formal methods [7], is given as a state machine. It can be translated easily into a corresponding model for a model checker. SMV [8], which we used in our evaluation, is probably one of the most widely used model checkers. This contribution describes on-going research on modeling and verifying the IEEE 1394 Tree Identify Protocol with SMV.