Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 725 Guarded Command Notation. Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean.

Published byJakobe Cowherd Modified over 9 years ago

Similar presentations

Presentation on theme: "CIS 725 Guarded Command Notation. Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean."— Presentation transcript:

1 CIS 725 Guarded Command Notation

2 Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean condition + receive statement

3 Normal form init; do en(a 1 )  a 1 [] en(a 2 )  a 2 : od

4 The execution of each iteration proceeds as follows: - All guards are first evaluated. - Among all of the true guards, one of them is selected non-deterministically, and the corresponding action is executed. Weak Fairness: If a guard is true and remains true, then it is eventually selected for execution

5 Token-based system P1: hold1 = false; in_cs1 = false do ? token  hold1 = true [] hold1 /\ not in_cs1  !token; hold1 =false [] hold1  in_cs1 = true [] in_cs1  in_cs1 = false od

6 Request-based system P1: hold = false; in_cs = false; req_sent = false; req_recd = false do ? token  hold = true [] hold /\ not in_cs /\ req_recd  ! token; hold =false; req_recd = false [] hold /\ not in_cs  in_cs = true [] in_cs  in_cs = false [] not hold  !req; req_sent = true [] ? req  req_recd = true od

7 Example 2 Three processes A, B and C In each iteration, C sends message for a meeting. A and B non-deterministically send a “yes” or a “no” message If C receives yes from both, it sends a meet message to A and B If C receives a no from anyone, it sends an cancel message to A and B. After sending meet/cancel message, C can send a message for a meeting again.

8 Example 2 C: recdA = false; recdB = false; next_round = true; start = false; do [] next_round  A ! meeting; B ! meeting; next_round = false [] A ? x  recdA = true [] B ? y  recdB = true [] recdA /\ recdB  if x = yes and y = yes then A ! meet; B ! meet; start = true; else A ! cancel; B ! cancel; recdA = false; recdB = false; next_round = true; [] start  A ! meeting_done; B ! meeting_done; next_round = true; start = false od

9

10 Example 2 A: waiting = false do [] ! waiting; C ? meeting  C ! yes; waiting = true [] ! waiting; C ? meeting  C ! no; waiting = true [] waiting; C ? meet  start = true; [] waiting; C ? Cancel  waiting = false [] C ? meeting_done  waiting = false od

11 Example 2 - Modified A: waiting = false do [] ! waiting; C ? meeting  C ! yes; waiting = true [] ! waiting; C ? meeting  C ! no; waiting = false [] waiting; C ? meet  start = true; [] waiting; C ? Cancel  waiting = false [] C ? meeting_done  waiting = false od

12 Example 2: Modified C: recdA = false; recdB = false; next_round = true; start = true; do [] next_round  A ! meeting; B ! meeting; next_round = false [] A ? x  recdA = true; if x == no then A ! cancel; B ! cancel; next_round = true; recdA = false [] B ? y  recdB = true; if y == no then A ! cancel; B ! cancel; next_round = true; recdB = false [] recdA /\ recdB  if x = yes and y = yes then A ! meet; B ! meet; start = true; else A ! cancel; B ! cancel; recdA = false; recdB = false; next_round = true; [] start  A ! meeting_done; B ! meeting_done; next_round = true; start = false od

13

14 Example 2: Modified C: recdA = 0; recdB = 0; next_round = true; round = 0; start = true; do [] next_round  A ! meeting; B ! meeting; next_round = false [] recA = round /\ A ? x  recdA++; if x == no then B ! cancel; next_round = true; round++ [] recdA < round /\ A ? x  recdA++; [] recdB = round /\ B ? y  recdB++; if y == no then A ! cancel; next_round = true; round++ [] recdB < round /\ B ? x  recdB++; [] recdA /\ recdB  A ! meet; B ! meet; start = true; [] start  A ! meeting_done; B ! meeting_done; next_round = true; start = false; round++ od

15

16 Promela Protocol Meta Language Modeling language Verification of the model

17 Example 1 int state = 1 proctype A() { state == 1  state = state + 1 } proctype B() { state == 1  state = state – 1 } init { run A(); run B() }

18 Example 2 chan a,b = [3] of {int} proctype A() { int x; x = 1; a ! x; b ? x } proctype B() { int y; a ? y; b ! y + 1} init { run A(); B() }

19 do :: a > b; x = x + 1 :: a < b; x = x - 1 :: timeout  go to done od; done: y = y + 1

20 Data types int, bool, bytes, arrays Conditions: a == b, a < b, a <= b, ….. atomic statement atomic { a; b }

21 Control statements if :: a != b  x = x + 1 :: a == b  x = x - 1 fi if :: a > b; x = x + 1 :: a < b; x = x - 1 :: else x = l fi

22

23 do :: a > b; x = x + 1 :: a < b; x = x - 1 :: timeout  go to done od; done: y = y + 1

24 proctype P1() { int hold, incs; hold = 1; incs = 0; do :: (hold == 1) && incs==0  ch0!token; hold = 0 :: ch1 ? token  hold = 1 :: hold == 1& incs == 0  incs = 1 :: incs == 1  incs = 0 od } init { run P1(); run P2() }

25 #define token 1 chan ch[2] of {int, int}; proctype P1(int id, int holdvalue) { int myid, other; hold = holdvalue; incs = 0; myid = id; other = (myid + 1) % 2; do :: (hold == 1) && incs==0  ch[myid]!token; hold = 0 :: ch[other] ? Token  hold = 1 :: hold == 1& incs == 0  incs = 1 :: incs == 1  incs = 0 od }

26 init { run P(0,0), P(1,1) }

Download ppt "CIS 725 Guarded Command Notation. Programming language style notation Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean."

Similar presentations

Decision Structures - If / Else If / Else. Decisions Often we need to make decisions based on information that we receive. Often we need to make decisions.

Decision Structures - If / Else If / Else. Decisions Often we need to make decisions based on information that we receive. Often we need to make decisions.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.

The SPIN System. What is SPIN? Model-checker. Based on automata theory. Allows LTL or automata specification Efficient (on-the-fly model checking, partial.
CS 101 Introductory Programming - Lecture 7: Loops In C & Good Coding Practices Presenter: Ankur Chattopadhyay.

CS 101 Introductory Programming - Lecture 7: Loops In C & Good Coding Practices Presenter: Ankur Chattopadhyay.
Chapter 13 Control Structures. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 13-2 Control Structures Conditional.

Chapter 13 Control Structures. Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display Control Structures Conditional.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Expressions and Statements. 2 Contents Side effects: expressions and statements Expression notations Expression evaluation orders Conditional statements.

Expressions and Statements. 2 Contents Side effects: expressions and statements Expression notations Expression evaluation orders Conditional statements.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.

Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct 2007 08:021PROMELA Semantics.

/ PSWLAB P ROMELA Semantics from “THE SPIN MODEL CHECKER” by G. J. Holzmann Presented by Hong,Shin 5 th Oct :021PROMELA Semantics.
An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.

An Overview of PROMELA. A protocol Validation Language –A notation for the specification and verification of procedure rules. –A partial description of.
The model checker SPIN1 The Model Checker SPIN. The model checker SPIN2 SPIN & Promela SPIN(=Simple Promela Interpreter) –tool for analyzing the logical.

The model checker SPIN1 The Model Checker SPIN. The model checker SPIN2 SPIN & Promela SPIN(=Simple Promela Interpreter) –tool for analyzing the logical.
Wishnu Prasetya Model Checking with SPIN Modeling and Verification with SPIN.

Wishnu Prasetya Model Checking with SPIN Modeling and Verification with SPIN.
Failure detector The story goes back to the FLP’85 impossibility result about consensus in presence of crash failures. If crash can be detected, then consensus.

Failure detector The story goes back to the FLP’85 impossibility result about consensus in presence of crash failures. If crash can be detected, then consensus.
CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ 85287 Dr. Yann-Hang Lee

CSE 522 UPPAAL – A Model Checking Tool Computer Science & Engineering Department Arizona State University Tempe, AZ Dr. Yann-Hang Lee
The Spin Model Checker Promela Introduction 50374 Nguyen Tuan Duc 50378 Shogo Sawai.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
Example: Infinite Split and Merge #define N 128 #define size 16 chan in = [size] of {short}; chan large = [size] of {short}; chan small = [size] of {short};

Example: Infinite Split and Merge #define N 128 #define size 16 chan in = [size] of {short}; chan large = [size] of {short}; chan small = [size] of {short};
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

Similar presentations

Ads by Google