Skip to main content

Formalization and Analysis of a Solution to the PCI 2.1 Bus Transaction Ordering Problem


The transaction ordering problem of the original PCI 2.1 standard bus specification violates the desired correctness property of maintaining the so called ‘Producer/Consumer’ relationship between writers and readers of data. This violation stems mainly from the so called completion stealing problem, first identified and solved by Corella et al. [4], and supported by a formal paper and pencil argument. In this paper, we develop a flexible graph theory library in PVS for modeling computer bus structures, formalize the PCI 2.1 protocol containing the solution of [4] in it, and mechanically prove the absence of completion stealing. Next, we define the Producer/Consumer property in PVS and sketch its mechanical proof. Noting the complexity of this proof effort (unfinished as yet), we explore a combination of theorem proving and model-checking in which the model used for model-checking is made tractable by exploiting the formal theorems established during theorem-proving as well as several intuitively justified assumptions. The theorem-proving infrastructure we have built for modeling CPU interconnect structures is highly reusable. Our work is one example of a natural division of labor between theorem-proving and model-checking in tackling system-level verification problems under realistic time budgets.

This is a preview of subscription content, access via your institution.


  1. R.W. Butler and J.A. Sjogren, “A PVS graph theory library,” Technical Report Memorandum, NASA Langly Research Center., 1997.

  2. E.M. Clarke, O. Grumberg, H. Haraishi, S. Jha, D. Long, K.L. McMillan, and L. Ness, “Verification of the futurebus+ cache coherence protocol,” Technical Report CMU-CS-92-206, School of Computer Science, Carnegie Mellon University, 1992.

  3. F. Corella, “Proposal to fix ordering problem in PCI 2.1,” 1996.

  4. F. Corella, “Verifying memory ordering model of I/O system,” in '97, Toledo, Spain, 1997. Invited Talk.

  5. F. Corella, R. Shaw, and C. Zhang, “A formal proof of absence of dead-lock for any acyclic network of PCI buses,” in '97. Toledo, Spain, 1997.

  6. R. Ghughal, A. Mokkedem, R. Nalumasu, and G. Gopalakrishnan, “Using ‘test model-checking’ to verify the runway-PA8000 memory model,” in Tenth ACM Symposium on Parallel Algorithms and Architectures. Puerto Vallarta, Mexico, 1998, pp. 231–239.

  7. G. Gopalakrishnan, R. Ghughal, R. Hosabettu, A. Mokkedem, and R. Nalumasu, “Formal modeling and validation applied to a commercial coherent bus: A case study,” in H.F. Li and D.K. Probst (Eds.), '97. Montreal, Canada, 1997, pp. 48–62.

  8. G. Holzmann, Design and Validation of Computer Protocols. Prentice Hall, 1991.

  9. A. Mokkedem, R.M. Hosabettu, M.D. Jones, and G. Gopalakrishnan, “Formalization and analysis of a solution to the PCI 2.1 bus transaction ordering problem: PVS files,” Technical Report UUCS-99-007, 1999.

  10. V. Nagasamy, S. Rajan, and P.R. Panda, “Fiber channel protocol: Formal specification and verification,” in Sixth Annual Silicon Valley Networking Conference, 1997.

  11. R. Nalumasu, R. Ghughal, A. Mokkedem, and G. Gopalakrishnan, “The ‘test model-checking’ approach to the verification of formal memory models of multiprocessors,” in Lecture Notes in Computer Science, Vol. 1427 of Lecture Notes in Computer Science. Vancouver, BC, Canada, 1998, pp. 464–476.

    Google Scholar 

  12. S. Owre, J. Rushby, N. Shankar, and F. von Henke, “Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS,” IEEE Transactions on Software Engineering Vol. 21, No. 2, pp. 107–125, 1995.

    Google Scholar 

  13. S. Park and D.L. Dill, “Protocol verification by aggregation of distributed action,” in R. Alur and T.A. Henzinger (Eds.), '96, Vol. 1102 of Lecture Notes in Compuer Science. New Brunswick, NJ, 1996, pp. 300–310.

    Google Scholar 

  14. PCISIG, ‘PCI Special Interest Group–PCI Local Bus Specification, Revision 2.1', 1995.

  15. E. Solari and G. Willse, PCI Hardware and Software Architecture & Design. Annabooks, 3rd edition, ISBN 0-929392-32-9, 1996.

  16. VSI Alliance, “Interface standards for design re-use of virtual components,”

Download references

Author information

Authors and Affiliations


Rights and permissions

Reprints and Permissions

About this article

Cite this article

Mokkedem, A., Hosabettu, R.M., Jones, M.D. et al. Formalization and Analysis of a Solution to the PCI 2.1 Bus Transaction Ordering Problem. Formal Methods in System Design 16, 93–119 (2000).

Download citation

  • Issue Date:

  • DOI:

  • I/O systems
  • formal design
  • theorem-proving
  • model checking