Abstract
I2C is a pervasive bus protocol used for querying sensors and actuators, but it is plagued with incompatible devices, violating the specification at various levels.
Interacting with partially compliant devices poses several challenges. Compatibility of the controller interface, as well as the driver code, must be checked manually and potentially changed. This is a difficult process, as interactions with other bus devices must also be considered. We propose a model checking approach to quickly write high-assurance drivers and layers of the I2C stack. We do not propose a single, true formalization of I2C, but a framework that allows rapid modelling of non-compliant devices and verify the correct interaction with a host driver process.
Our contribution is twofold: First, we develop a framework that allows the specification of device and driver behavior together, and verification of their correct interaction. Second, we provide already verified, fine-grained building blocks, representing layers of the I2C stack that can be reused to interact with partially-compliant devices, as well as reducing model checking complexity.
Our specifications are stated in a machine-readable, executable, and layered DSL. From the DSL, we generate both Promela and C code. The Promela is used to apply model checking to ensure the layer implementations follow the abstract specifications. The C code is used to build and verify an EEPROM model and driver running on a Raspberry Pi.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Source code available http://github.com/lluki/filz.
- 2.
In this paper, we will use the current, more precise terms ‘controller’ for ‘master’ and ‘responder’ for ‘slave’.
References
Raspberry Pi I2C clock-stretching bug. https://www.advamation.com/knowhow/raspberrypi/rpi-i2c-bug.html. Accessed 01 Apr 2021
Video capture driver (video for linux 1/2). https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/drivers/media/i2c/ks0127.c?h=v5.8.3. Accessed 01 Apr 2021. Unfortunately the datasheet is not public
AMS AG. AS5011 Low power Integrated Hall IC for human interface applications, Rev. 3.6 (2009)
Boigelot, B., Godefroid, P.: Model checking in practice: an analysis of the ACCESS.bus\(^{\rm {TM}}\) protocol using SPIN. In: Gaudel, M.-C., Woodcock, J. (eds.) FME 1996. LNCS, vol. 1051, pp. 465–478. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-60973-3_102
Bos, S.H.J., Reniers, M.A.: The I2C-bus in discrete-time process algebra. Sci. Comput. Program. 29(1–2), 235–258 (1997)
Bošnački, D., Mathijssen, A., Usenko, Y.S.: Behavioural analysis of an I2C linux driver. In: Alpuente, M., Cook, B., Joubert, C. (eds.) FMICS 2009. LNCS, vol. 5825, pp. 205–206. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04570-7_18
Finkbeiner, B., Rabe, M.N., Sánchez, C.: Algorithms for model checking HyperLTL and HyperCTL\(^*\). In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 30–48. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_3
Gorai, S., Biswas, S., Bhatia, L., Tiwari, P., Mitra, R.S.: Directed-simulation assisted formal verification of serial protocol and bridge. In: Proceedings of the 43rd Annual Design Automation Conference, DAC 2006, pp. 731–736. Association for Computing Machinery, New York, NY, USA (2006)
Holzmann , G.J., Lieberman, W.S.: Design and Validation of Computer Protocols, vol. 512. Prentice hall Englewood Cliffs (1991)
Jiang, K., Jonsson, B.: Using spin to model check concurrent algorithms, using a translation from C to promela. In: MCC 2009, pp. 67–69. Department of Information Technology, Uppsala University (2009)
Klomp, A., Roebbers, H.W., Derwig, R., Bouwmeester, L.: Designing a mathematically verified I2C device driver using ASD. In: CPA, pp. 105–116 (2009)
Microchip. 24XX16: 16K I2C Serial EEPROM (2019)
NXP Semiconductors. I2C-bus specification and user manual, Rev. 6 (2014)
ON Semiconductor. CAT5259 Quad DigitalPotentiometer (POT) with 256 Tapsand I2C Interface, Rev. 11 (2013)
Pan, C., Guo, J., Zhu, L., Shi, J., Zhu, H., Zhou, X.: Modeling and Verification of CAN Bus with Application Layer using UPPAAL. Electr. Not. Theoret. Comput. Sci. 309, 31–49 (2014)
Roychoudhury, A., Mitra, T., Karri, S.R.: Using formal techniques to debug the amba system-on-chip bus protocol. In: 2003 Design, Automation and Test in Europe Conference and Exhibition, pp. 828–833 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Humbel, L. et al. (2021). A Model-Checked I2C Specification. In: Laarman, A., Sokolova, A. (eds) Model Checking Software. SPIN 2021. Lecture Notes in Computer Science(), vol 12864. Springer, Cham. https://doi.org/10.1007/978-3-030-84629-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-84629-9_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-84628-2
Online ISBN: 978-3-030-84629-9
eBook Packages: Computer ScienceComputer Science (R0)