Interface verification contd.

• Simple arbiter protocol: four-phase

  • client requests the privilege by setting req to true
  • when gr becomes true, the client enter its critical section
  • when leaving it, req is set false
  • gr becomes false following req is set false.

• This can be expressed formaly as follows:

req.posr?req.pre ? grant.post?req.post

grant.post?grant.pre ? grant.post=req.post

Both the arbiter and the client may assume that the other components follow this protocol. To verify that the changes made to gr by arbiter follow the protocol, it must be shown that all its transitions obey:

gr.post ? gr.pre ? req.post=gr.post;

Similarly, for client: req.post ? req.pre ? req.post ? gr.post

Previous slide

Next slide

Back to first slide

View graphic version