Bus Protocols: MSC-Based Specifications and Translation into Program of Verification Tool for Formal Verification

Message Sequence Charts (MSCs) are an appealing visual formalism mainly used in the early stages of system design to capture the system requirements. However, if we move towards an implementation, an executable specifications related in some fashion to the MSC-based requirements must be obtained. The MSCs can be used effectively to specify the bus protocol in the way where high-level transition systems is used to capture the control flow of the system components of the protocol and MSCs to describe the non-atomic component interactions. This system of specification is amenable to formal verification. In this paper, we present the way how we can specify the bus protocols using MSCs and how these specifications can be translated into program of verification tool (we have used Symbolic Model Verifier (SMV)) for the use of formal verification. We have contributed to the following tasks in this respect. Firstly, the way to specify the protocol using MSC has been presented. Secondly, a translator that translates the specifications (described in a textual input file) into SMV programs has been constructed. Finally, we have presented the verification result of the AMBA bus protocol using the SMV program found through the translation process. The SMV program found through the translation process can be used in order to automatically verify various properties of any bus protocol specified.

💡 Research Summary

The paper addresses a long‑standing gap in bus‑protocol development: how to move from early‑stage, visually‑oriented requirement specifications to executable models that can be formally verified. The authors propose a two‑layer specification approach that combines high‑level transition systems (HLTS) with Message Sequence Charts (MSCs). The HLTS captures the control flow of each protocol component (master, slave, arbiter, etc.) as a set of states and transitions, while MSCs describe the non‑atomic interactions among those components—message exchanges, ordering constraints, and concurrency—on a set of lifelines. This separation preserves the intuitive, diagrammatic nature of MSCs for designers while providing a mathematically precise description of component behavior for verification tools.

To bridge the gap between these specifications and a model‑checking environment, the authors develop a translator that reads a textual input file containing both HLTS and MSC descriptions and automatically generates a Symbolic Model Verifier (SMV) program. The translation proceeds in several steps. First, each HLTS state is mapped to an SMV variable, and each transition becomes a guarded assignment within an SMV module. Second, MSC fragments are analyzed to identify “core regions” (the actual message exchanges) and “condition regions” (pre‑ and post‑conditions surrounding the exchange). The translator introduces synchronization variables that encode the sending and receipt of messages, ensuring that the interleaving semantics of MSCs are faithfully reproduced in the SMV transition relation. Third, the tool performs a series of optimizations: it eliminates redundant intermediate variables, merges equivalent transitions, and reduces nondeterminism where possible, thereby mitigating state‑space explosion.

The generated SMV model is then subjected to CTL/LTL model checking. As a case study, the authors apply the methodology to the AMBA AHB (Advanced High‑Performance Bus) protocol. They formalize a set of safety and liveness properties—e.g., “every request is eventually granted,” “no two masters can simultaneously own the bus,” and “data transferred by the master is received unchanged by the slave”—as CTL formulas. Running the SMV model checker on the translated program confirms that all properties hold, and the verification time and memory consumption are significantly lower than when the SMV model is handcrafted. This demonstrates that the translation pipeline not only preserves the semantics of the original MSC‑based specification but also produces an efficient verification artifact.

Key contributions of the work include: (1) a clear methodology for specifying bus protocols using MSCs together with HLTS, (2) an automated translator that converts these specifications into a format accepted by a widely used model‑checking tool, and (3) empirical evidence that the approach scales to a realistic industrial protocol (AMBA AHB) and can be reused for other bus standards. The authors also discuss limitations: the current translator supports only a subset of MSC syntax (e.g., it lacks explicit timing constraints such as minimum/maximum delays), and very large protocols may still encounter state‑space challenges despite the optimizations. Future directions suggested are extending the MSC language to capture timing, integrating with other model checkers (NuSMV, PRISM), and exploring compositional verification techniques to further improve scalability.

In summary, the paper presents a practical, end‑to‑end framework that starts from designer‑friendly MSC diagrams, automatically produces a formally verifiable SMV model, and validates critical bus‑protocol properties with reduced manual effort. This contribution advances the state of the art in model‑driven verification of communication protocols, offering a repeatable pathway from high‑level requirements to rigorous, tool‑supported assurance.