SPIN vs. VIS: a case study on the formal verification of the ATMR protocol

Nowadays, there exist a wide variety of verification tools. Some, like the SPIN model checker, are designed and mainly used for the verification of interleaving software systems, such as communication protocols. Others, like VIS (Verification Interacting with Synthesis), are designed and used for synchronous hardware systems verification. In this paper, we compare and contrast SPIN and VIS. In particular, we devote a special attention to the efficiency of these tools for the verification of communications protocols that can be implemented either in software or hardware. As a basis of our comparison, we formally describe and verify the ATMR (Asynchronous Transfer Mode Ring) medium access protocol using SPIN, and its hardware implementation using VIS. We believe that this study is of particular interest, as more and more protocols, like the ATM protocol stack, are being implemented in hardware in order to match high speed requirements. However, this is not a formal comparison of SPIN and VIS