Veri cation of a Parameterized Bus Arbitration Protocol

Model Checking is well established as a veriication technique for nite-state systems. Several important types of systems, such as protocols parameterized by the number of processes, are however inherently innnite-state, hence Model Checking cannot be applied directly to determine correctness of the system. We present here a case study on the veriication of such a parameterized protocol, the SAE-J1850 data transfer procotol. This is an standard in the automobile industry, where it is used to transmit data between various sensors and micro-controllers in an automobile. The protocol communicates data over a single-wire bus, and provides on-they arbitration between competing transmissions. Our veriication eeort is interesting from many aspects : it proves correctness for arbitrary instances, is largely automated, and uses abstraction in an essential way. The abstractions used are exact, in the sense that a property is true of the parameterized protocol ii it is true of the nite-state abstraction.