Q1:Royal Garden’s Puzzle as a Model Checking Problem Pictures from UbiSoft HW6: Due Dec 4th 23:59.

Slides:



Advertisements
Similar presentations
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
Advertisements

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
1 Carnegie Mellon UniversitySPIN ExamplesFlavio Lerda Bug Catching SPIN Examples.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
HW4:Royal Garden’s Puzzle as a Model Checking Problem Pictures from UbiSoft.
CSC321 Concurrent Programming: §3 The Mutual Exclusion Problem 1 Section 3 The Mutual Exclusion Problem.
Ch. 7 Process Synchronization (1/2) I Background F Producer - Consumer process :  Compiler, Assembler, Loader, · · · · · · F Bounded buffer.
Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 5: Process Synchronization.
Multiprocessor Synchronization Algorithms ( ) Lecturer: Danny Hendler The Mutual Exclusion problem.
Process Synchronization. Module 6: Process Synchronization Background The Critical-Section Problem Peterson’s Solution Synchronization Hardware Semaphores.
© 2011 Carnegie Mellon University SPIN: Part /614 Bug Catching: Automated Program Verification Sagar Chaki April 21, 2014.
/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct :021PROMELA Semantics.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Critical Section chapter3.
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 12 The Critical Section problem John Gurd, Graham Riley Centre for Novel.
Chapter 3 The Critical Section Problem
Parallel Processing (CS526) Spring 2012(Week 6).  A parallel algorithm is a group of partitioned tasks that work with each other to solve a large problem.
Necessity of Systematic & Automated Testing Techniques Moonzoo Kim CS Dept, KAIST.
The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
Concurrency.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki November 2, 2011.
© 2011 Carnegie Mellon University SPIN: Part Bug Catching: Automated Program Verification and Testing Sagar Chaki October 31, 2011.
Temporal Logic Model- checking with SPIN COMP6004 Stéphane Lo Presti Part 4: Specifications.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
Synchronization Principles. Race Conditions Race Conditions: An Example spooler directory out in 4 7 somefile.txt list.c scores.txt Process.
Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct.
Synchronization (other solutions …). Announcements Assignment 2 is graded Project 1 is due today.
Hardware solutions So far we have looked at software solutions for the critical section problem. –algorithms whose correctness does not rely on any other.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
1 Thread Synchronization: Too Much Milk. 2 Implementing Critical Sections in Software Hard The following example will demonstrate the difficulty of providing.
Wishnu Prasetya Model Checking with SPIN A Bit More about SPIN.
The Critical Section Problem
Correctness requirements. Basic Types of Claims Basic assertions End-state labels Progress-state labels Accept-state labels Never claims Trace assertions.
28/10/1999POS-A1 The Synchronization Problem Synchronization problems occur because –multiple processes or threads want to share data; –the executions.
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 15 More Advanced Program Properties: Temporal logic and jSpin John Gurd,
Concurrency. A process is a program executing on a virtual computer Processor speed and multiplexing of shared resources are ignored Order of thread execution.
Section 2.1 Solving Equations Using Properties of Equality.
Recursive Algorithms &
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts Essentials – 9 th Edition Chapter 5: Process Synchronization.
Temporal Logic Model-checking with SPIN
HW#3: Due Nov 9 NOTE. Submit both hardcopy and softcopy. 1. Formal verification of a flash memory reading unit (70 pts) – Show the correctness of the flash_read()
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Examples: Simple BIR-Lite Examples Copyright 2004, Matt Dwyer, John Hatcliff,
Operating Systems CMPSC 473 Mutual Exclusion Lecture 11: October 5, 2010 Instructor: Bhuvan Urgaonkar.
1 Lecture 8: Concurrency: Mutual Exclusion and Synchronization Advanced Operating System Fall 2012.
Lecture 4 Introduction to Promela. Promela and Spin Promela - process meta language G. Holzmann, Bell Labs (Lucent) C-like language + concurrency dyamic.
CS 2200 Presentation 18b MUTEX. Questions? Our Road Map Processor Networking Parallel Systems I/O Subsystem Memory Hierarchy.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Ex2. Tower of Hanio 1/11 Write down a C program to solve the Tower of Hanoi ga me (3 poles and 4 disks) by using CBMC – Hint: you may non-deterministically.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 6: Process Synchronization.
HW #5 Due Nov 14 23:59 1. Write down a C program and a Promela model to solve the Tower of Hanoi game (3 poles and 4 disks) by using CBMC and Spin Hint:
CSE 555 Protocol Engineering Dr. Mohammed H. Sqalli Computer Engineering Department King Fahd University of Petroleum & Minerals Credits: Dr. Abdul Waheed.
Designing Parallel Algorithms (Synchronization)
HW#2: Due Oct 18 NOTE. Submit both hardcopy and softcopy.
Grades.
The University of Adelaide, School of Computer Science
An explicit state model checker
HW6: Due Dec 14 23:59 To specify a corresponding Promela specification
COMP60621 Designing for Parallelism
HW6: Due Nov 26 23:59 To specify a corresponding Promela specification
Q1:Royal Garden’s Puzzle as a Model Checking Problem
Don Porter Portions courtesy Emmett Witchel
CSE 503 – Software Engineering
HW6: Due Dec 20 23:59 To specify a corresponding Promela specification
Presentation transcript:

Q1:Royal Garden’s Puzzle as a Model Checking Problem Pictures from UbiSoft HW6: Due Dec 4th 23:59

R1 R2R3R4 R8 R9R10R11 R5 R6R7 H1 H2 H3 H4 Source Sink HandleAreas rotated H1R1,R2,R5,R6 H2R2,R3,R4,R6,R7 H3R5,R6,R8,R9,R10 H4-R6,R7,-R10,R11 Type A Type B Type C

1.Write down a C model and a Promela model to solve the puzzle by using CB MC and Spin a.Use assert statement to detect when the route is established b.Find and explain the shortest solution by analyzing counter examples. Also show that why your solution is the shortest one for the route a.Hint: there exists a solution less than 10 steps c.Report the complexity of the problem – i.e., # of clauses and variables, # of states, memory usage, verification time, etc.

/* Assume that there are two processes */ char count=0,x=0,y=0,z=0; void process() { char me=_pid +1; /* me is 1 or 2*/ again: x= me; if (y ==0 || y== me) ; else goto again; z =me; if (x == me) ; else goto again; y=me; if(z==me); else goto again; /* enter a critical section */ count++; InCritSec: … count --; /* leaving a critical section */ goto again; } a. To specify a corresponding Promela specification – Note that no atomic allowed b. To specify the following properties in LTL – Note that returns a nonzero value only if a statemen t at the corresponding label is executable now 1.Mutual exclusion 2.Deadlock-freedom 3.Starvation-freedom c. Check if your Promela spec satisfies the above 3 properties by using Spin. Also explain the counter examples. 2. Faulty mutual exclusion algorithm

3. Build the following mutual exclusion protocol in Promela. - Your Promela spec should contain 2 processes. - You should use a global lock with atomic keyword to check entrance to the critical section. - Verify the following correctness properties of your Promela model – Mutual exclusion – Liveness mtype ={n,t,c} byte lock=0; active [2] proctype process() { byte status=n; … }

4. Build the following mutual exclusion protocol in Promela. And verify the correctness of your Promela model – Mutual exclusion – Liveness – You may use a global variable turn to indicate which process has a higher priority to enter critical section – Note that you can access a local variable of the other processes through remote reference procname[pid]:localvar mtype={n,t,c}; byte lock; byte turn=255; active [2] proctype process() { … }

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.