Presentation is loading. Please wait.

Presentation is loading. Please wait.

Example: Infinite Split and Merge #define N 128 #define size 16 chan in = [size] of {short}; chan large = [size] of {short}; chan small = [size] of {short};

Published byIsabella Fitzgerald Modified over 9 years ago

Similar presentations

Presentation on theme: "Example: Infinite Split and Merge #define N 128 #define size 16 chan in = [size] of {short}; chan large = [size] of {short}; chan small = [size] of {short};"— Presentation transcript:

1 Example: Infinite Split and Merge #define N 128 #define size 16 chan in = [size] of {short}; chan large = [size] of {short}; chan small = [size] of {short}; proctype split() {short cargo; do :: in?cargo -> if :: (cargo >= N) -> large!cargo :: (cargo small!cargo fi od} proctype merge() { short cargo; do :: if :: large?cargo :: small?cargo fi; in!cargo od} init {in!345; in!12; in!6777; in!32; in!0; run split(); run merge()}

2 2 Data Types Basic bit 0.. 1 byte0.. 255 short- (2^15)-1.. (2^15)-1 int - (2^31)-1.. (2^31)-1 Arrays byte state[N]state[0].. State[N-1] Enumerated Type mtype = {one, two, three, ok, ready, ack, message} one mtype definition, at most 256 symbolic constants Structures typedef Msg { byte a[3], b; chan p } Msg x; x.a[1]

3 3 Exercise Develop a Promela description of the following: There are 3 worker processes and 1 hammer. A worker’s arm can be up or down; his/her arm can only go down (i.e. work!) when the worker has the hammer. When the worker has finished working, he/she passes the hammer to another worker. Assume mtype ={hammer, up, down}

4 4 Workers mtype ={hammer, up, down} chan one= [1] of {mtype}; chan two = [1] of {mtype}; chan three= [1] of {mtype}; proctype worker(chan mine, a, b) {mtype m; mtype arm = up; idle: mine?m; goto work; work: arm = down; if :: atomic {a!hammer; arm = up; goto idle} :: atomic {b!hammer; arm = up; goto idle} fi } init { atomic { run worker(one,two,three); run worker(two, three,one); run worker(three,one,two); one!hammer }

5 5 Exercise Develop a Promela description of the following: Now a worker needs both a hammer and a mallet to work and must have received the hammer first. He/she can pass the tools one at a time, randomly. Assume mtype ={hammer, up, down,mallet}

6 6 Workers II mtype ={hammer, mallet, up, down}... proctype worker(chan mine, a, b; bit tools) {mtype m; mtype arm = up; idle: mine?m; if :: m == hammer -> tools = tools+1; goto idle; :: m == mallet -> if :: tools== 0 -> if :: atomic {a!m; goto idle} :: atomic {b!m; goto idle} fi :: tools== 1 -> tools = 0; goto work fi work: arm = down; arm = up; if :: a!hammer; a!mallet :: b!hammer; a!mallet :: a!hammer; b!mallet … /*8 possibilities */ fi goto idle }

7 7 Process identifiers Every process instance has a unique, positive instantiation number, returned by run: short pid1 = -1; short pid2 = -1; short pid3 = -1; init { run semaphore(); pid1 = run user(); pid2 = run user(); pid3 = run user() } Uses enabled(pid) true if process is enabled cannot use with synchronous communication pcvalue(pid) returns number of state that process with no. pid is in procname[pid]@label remote reference true if process with no. pid of type procname is at label

Download ppt "Example: Infinite Split and Merge #define N 128 #define size 16 chan in = [size] of {short}; chan large = [size] of {short}; chan small = [size] of {short};"

Similar presentations

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
1 Carnegie Mellon UniversitySPIN ExamplesFlavio Lerda Bug Catching15-398 SPIN Examples.

1 Carnegie Mellon UniversitySPIN ExamplesFlavio Lerda Bug Catching SPIN Examples.
MPI Message Passing Interface

MPI Message Passing Interface
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.

Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
1 MODULE name (parameters) “Ontology” “Program” “Properties” The NuSMV language A module can contain modules Top level: parameters less module Lower level.

1 MODULE name (parameters) “Ontology” “Program” “Properties” The NuSMV language A module can contain modules Top level: parameters less module Lower level.
UPPAAL Introduction Chien-Liang Chen.

UPPAAL Introduction Chien-Liang Chen.
Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.

Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.
Operating System Concepts and Techniques Lecture 12 Interprocess communication-1 M. Naghibzadeh Reference M. Naghibzadeh, Operating System Concepts and.

Operating System Concepts and Techniques Lecture 12 Interprocess communication-1 M. Naghibzadeh Reference M. Naghibzadeh, Operating System Concepts and.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.

Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.

An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.
1 SpaceWire Update NASA GSFC November 25, 2002. 2 GSFC SpaceWire Status New Link core with split clock domains complete (Much faster) New Router core.

1 SpaceWire Update NASA GSFC November 25, GSFC SpaceWire Status New Link core with split clock domains complete (Much faster) New Router core.
The model checker SPIN1 The Model Checker SPIN. The model checker SPIN2 SPIN & Promela SPIN(=Simple Promela Interpreter) –tool for analyzing the logical.

The model checker SPIN1 The Model Checker SPIN. The model checker SPIN2 SPIN & Promela SPIN(=Simple Promela Interpreter) –tool for analyzing the logical.
VIP: A Visual Editor and Compiler for v-Promela Stefan Leue Albert-Ludwigs-University Freiburg

VIP: A Visual Editor and Compiler for v-Promela Stefan Leue Albert-Ludwigs-University Freiburg
תרגול 9 META LABELS. Basic types of claims State properties.

תרגול 9 META LABELS. Basic types of claims State properties.
Frederico Araujo CS6362 – Fall 2010 The SPIN Model Checker.

Frederico Araujo CS6362 – Fall 2010 The SPIN Model Checker.
Wishnu Prasetya Model Checking with SPIN Modeling and Verification with SPIN.

Wishnu Prasetya Model Checking with SPIN Modeling and Verification with SPIN.
CIS 725 Guarded Command Notation. Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean.

CIS 725 Guarded Command Notation. Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean.

Similar presentations

Ads by Google