Example: Infinite Split and Merge #define N 128 #define size 16 chan in = [size] of {short}; chan large = [size] of {short}; chan small = [size] of {short};

Slides:



Advertisements
Similar presentations
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
Advertisements

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
1 Carnegie Mellon UniversitySPIN ExamplesFlavio Lerda Bug Catching SPIN Examples.
MPI Message Passing Interface
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
1 MODULE name (parameters) “Ontology” “Program” “Properties” The NuSMV language A module can contain modules Top level: parameters less module Lower level.
UPPAAL Introduction Chien-Liang Chen.
Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.
Operating System Concepts and Techniques Lecture 12 Interprocess communication-1 M. Naghibzadeh Reference M. Naghibzadeh, Operating System Concepts and.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.
1 SpaceWire Update NASA GSFC November 25, GSFC SpaceWire Status New Link core with split clock domains complete (Much faster) New Router core.
The model checker SPIN1 The Model Checker SPIN. The model checker SPIN2 SPIN & Promela SPIN(=Simple Promela Interpreter) –tool for analyzing the logical.
VIP: A Visual Editor and Compiler for v-Promela Stefan Leue Albert-Ludwigs-University Freiburg
תרגול 9 META LABELS. Basic types of claims State properties.
Frederico Araujo CS6362 – Fall 2010 The SPIN Model Checker.
Wishnu Prasetya Model Checking with SPIN Modeling and Verification with SPIN.
CIS 725 Guarded Command Notation. Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean.
The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
1 Choose a Leader Example: find extrema in unidirectional ring There are N processes configured into a unidirectional ring; i.e. For 1
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
Shin Hong, KAIST17 th April,2007 1/33 Provable Software Laboratory, CS KAIST.
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki November 2, 2011.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki October 31, 2011.
OOTI Workshop on Model Checking and Static Analysis Day 3 Dragan Bošnački Eindhoven University of Technology The Netherlands.
Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 5: Some PROMELA examples.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
5.6.2 Thread Synchronization with Semaphores Semaphores can be used to notify other threads that events have occurred –Producer-consumer relationship Producer.
More on RDT Robert John Walters. RDT – a reprise A Graphically based formal modelling language Models represented as diagrams (not text) Communications.
Automating Checking of Models Built Using a Graphically Based Formal Language Robert John Walters.
CS 290C: Formal Models for Web Software Lecture 4: Model Checking Navigation Models with Spin Instructor: Tevfik Bultan.
A given modeling and code generation framework Formalization of UML with Traceability Department of Computer Science & Engineering College of Engineering.
Methods of Assessing Model Behavior Testing “spot checks” aspects of real system Simulation “spot checks” aspects of abstract (model) system Deductive.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Correctness requirements. Basic Types of Claims Basic assertions End-state labels Progress-state labels Accept-state labels Never claims Trace assertions.
Korea Advanced Institute of Science and Technology The Spin Model Checker - Advanced Features Moonzoo Kim CS Dept. KAIST.
1 Rendez-Vous Logical extension of chan buffer = [N] of byte is chan port = [0] of byte Channel port is a rendez-vous port (binary handshake). Two processes,
1-1 NET+OS Software Group Flash API Multiple flash memory bank support New Flash API introduction Detailed Flash API Function presentation Supporting.
Concurrency. A process is a program executing on a virtual computer Processor speed and multiplexing of shared resources are ignored Order of thread execution.
Lecture51 Timed Automata II CS 5270 Lecture 5.
Today’s Agenda  Quiz 4 next Tuesday  Quick Review  Continue on SPIN Overview.
Radu Iosif Introduction to SPIN Radu Iosif
Temporal Logic Model-checking with SPIN
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
May University of Glasgow Generalising Feature Interactions in Muffy Calder, Alice Miller Dept. of Computing Science University of Glasgow.
The Spin Model Checker : Part I Moonzoo Kim KAIST.
Chapter 10 Structures, Unions, Bit Manipulations, and Enumerations Associate Prof. Yuh-Shyan Chen Dept. of Computer Science and Information Engineering.
Q1:Royal Garden’s Puzzle as a Model Checking Problem Pictures from UbiSoft HW6: Due Dec 4th 23:59.
 In the java programming language, a keyword is one of 50 reserved words which have a predefined meaning in the language; because of this,
/ PSWLAB S PIN Search Optimization from “THE SPIN MODEL CHECKER” by G. Holzmann Presented by Hong,Shin 23 th Nov SPIN Search.
Lecture 4 Introduction to Promela. Promela and Spin Promela - process meta language G. Holzmann, Bell Labs (Lucent) C-like language + concurrency dyamic.
Alternating Bit Protocol Protocol for simplex data-transfer channel: data flows from sender to receiver control flows in both directions the transfer medium.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
1 Pass the Parcel /* Pass the parcel in Promela */ /* passing is not atomic */ /* communication is asynchronous */ /* Muffy Calder, November 2000 */ mtype.
Wishnu Prasetya Model Checking with SPIN Modeling and Verification with Promela.
Formal verification in SPIN
CSE 503 – Software Engineering
The Spin Model Checker - Advanced Features
An explicit state model checker
A Refinement Calculus for Promela
CSE 555 Protocol Engineering
HW6: Due Dec 14 23:59 To specify a corresponding Promela specification
HW6: Due Nov 26 23:59 To specify a corresponding Promela specification
The Spin Model Checker - Advanced Features
CSE 503 – Software Engineering
HW6: Due Dec 20 23:59 To specify a corresponding Promela specification
Presentation transcript:

Example: Infinite Split and Merge #define N 128 #define size 16 chan in = [size] of {short}; chan large = [size] of {short}; chan small = [size] of {short}; proctype split() {short cargo; do :: in?cargo -> if :: (cargo >= N) -> large!cargo :: (cargo small!cargo fi od} proctype merge() { short cargo; do :: if :: large?cargo :: small?cargo fi; in!cargo od} init {in!345; in!12; in!6777; in!32; in!0; run split(); run merge()}

2 Data Types Basic bit byte short- (2^15)-1.. (2^15)-1 int - (2^31)-1.. (2^31)-1 Arrays byte state[N]state[0].. State[N-1] Enumerated Type mtype = {one, two, three, ok, ready, ack, message} one mtype definition, at most 256 symbolic constants Structures typedef Msg { byte a[3], b; chan p } Msg x; x.a[1]

3 Exercise Develop a Promela description of the following: There are 3 worker processes and 1 hammer. A worker’s arm can be up or down; his/her arm can only go down (i.e. work!) when the worker has the hammer. When the worker has finished working, he/she passes the hammer to another worker. Assume mtype ={hammer, up, down}

4 Workers mtype ={hammer, up, down} chan one= [1] of {mtype}; chan two = [1] of {mtype}; chan three= [1] of {mtype}; proctype worker(chan mine, a, b) {mtype m; mtype arm = up; idle: mine?m; goto work; work: arm = down; if :: atomic {a!hammer; arm = up; goto idle} :: atomic {b!hammer; arm = up; goto idle} fi } init { atomic { run worker(one,two,three); run worker(two, three,one); run worker(three,one,two); one!hammer }

5 Exercise Develop a Promela description of the following: Now a worker needs both a hammer and a mallet to work and must have received the hammer first. He/she can pass the tools one at a time, randomly. Assume mtype ={hammer, up, down,mallet}

6 Workers II mtype ={hammer, mallet, up, down}... proctype worker(chan mine, a, b; bit tools) {mtype m; mtype arm = up; idle: mine?m; if :: m == hammer -> tools = tools+1; goto idle; :: m == mallet -> if :: tools== 0 -> if :: atomic {a!m; goto idle} :: atomic {b!m; goto idle} fi :: tools== 1 -> tools = 0; goto work fi work: arm = down; arm = up; if :: a!hammer; a!mallet :: b!hammer; a!mallet :: a!hammer; b!mallet … /*8 possibilities */ fi goto idle }

7 Process identifiers Every process instance has a unique, positive instantiation number, returned by run: short pid1 = -1; short pid2 = -1; short pid3 = -1; init { run semaphore(); pid1 = run user(); pid2 = run user(); pid3 = run user() } Uses enabled(pid) true if process is enabled cannot use with synchronous communication pcvalue(pid) returns number of state that process with no. pid is in remote reference true if process with no. pid of type procname is at label

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.