CIS 725 Guarded Command Notation Programming language style

Programming language style notation • Guarded actions • en(a) a en(a): guard of the

Normal form • init; do en(a 1) a 1 [] en(a 2) a 2

• The execution of each iteration proceeds as follows: - All guards are

Token-based system • P 1: hold 1 = false; in_cs 1 = false do

Request-based system P 1: hold = false; in_cs = false; req_sent = false; req_recd

Example 2 • Three processes A, B and C • In each iteration, C

Example 2 C: recd. A = false; recd. B = false; next_round = true;

Example 2 A: waiting = false do [] ! waiting; C ? meeting C

Example 2 - Modified A: waiting = false do [] ! waiting; C ?

Example 2: Modified C: recd. A = false; recd. B = false; next_round =

Example 2: Modified C: recd. A = 0; recd. B = 0; next_round =

Promela • Protocol Meta Language • Modeling language • Verification of the model

Example 1 int state = 1 proctype A() { state == 1 state =

Example 2 • chan a, b = [3] of {int} proctype A() { int

Data types • int, bool, bytes, arrays • Conditions: a == b, a <=

Control statements • if : : a != b x = x + 1

proctype P 1() { int hold, incs; hold = 1; incs = 0; do

• #define token 1 chan ch[2] of {int, int}; proctype P 1(int id,

Slides: 26

Download presentation

CIS 725 Guarded Command Notation

Programming language style notation • Guarded actions • en(a) a en(a): guard of the action boolean condition or boolean condition + receive statement

Normal form • init; do en(a 1) a 1 [] en(a 2) a 2 : : od

• The execution of each iteration proceeds as follows: - All guards are first evaluated. - Among all of the true guards, one of them is selected non-deterministically, and the corresponding action is executed. • Weak Fairness: If a guard is true and remains true, then it is eventually selected for execution

Token-based system • P 1: hold 1 = false; in_cs 1 = false do ? token hold 1 = true [] hold 1 / not in_cs 1 !token; hold 1 =false [] hold 1 in_cs 1 = true [] in_cs 1 = false od

Request-based system P 1: hold = false; in_cs = false; req_sent = false; req_recd = false do ? token hold = true [] hold / not in_cs / req_recd ! token; hold =false; req_recd = false [] hold / not in_cs = true [] in_cs = false [] not hold !req; req_sent = true [] ? req_recd = true od

Example 2 • Three processes A, B and C • In each iteration, C sends message for a meeting. • A and B non-deterministically send a “yes” or a “no” message • If C receives yes from both, it sends a meet message to A and B • If C receives a no from anyone, it sends an cancel message to A and B. • After sending meet/cancel message, C can send a message for a meeting again.

Example 2 C: recd. A = false; recd. B = false; next_round = true; start = false; do [] next_round A ! meeting; B ! meeting; next_round = false [] A ? x recd. A = true [] B ? y recd. B = true [] recd. A / recd. B if x = yes and y = yes then A ! meet; B ! meet; start = true; else A ! cancel; B ! cancel; recd. A = false; recd. B = false; next_round = true; [] start A ! meeting_done; B ! meeting_done; next_round = true; start = false od

Example 2 A: waiting = false do [] ! waiting; C ? meeting C ! yes; waiting = true [] ! waiting; C ? meeting C ! no; waiting = true [] waiting; C ? meet start = true; [] waiting; C ? Cancel waiting = false [] C ? meeting_done waiting = false od

Example 2 - Modified A: waiting = false do [] ! waiting; C ? meeting C ! yes; waiting = true [] ! waiting; C ? meeting C ! no; waiting = false [] waiting; C ? meet start = true; [] waiting; C ? Cancel waiting = false [] C ? meeting_done waiting = false od

Example 2: Modified C: recd. A = false; recd. B = false; next_round = true; start = true; do [] next_round A ! meeting; B ! meeting; next_round = false [] A ? x recd. A = true; if x == no then A ! cancel; B ! cancel; next_round = true; recd. A = false [] B ? y recd. B = true; if y == no then A ! cancel; B ! cancel; next_round = true; recd. B = false [] recd. A / recd. B if x = yes and y = yes then A ! meet; B ! meet; start = true; else A ! cancel; B ! cancel; recd. A = false; recd. B = false; next_round = true; [] start A ! meeting_done; B ! meeting_done; next_round = true; start = false od

Example 2: Modified C: recd. A = 0; recd. B = 0; next_round = true; round = 0; start = true; do [] next_round A ! meeting; B ! meeting; next_round = false [] rec. A = round / A ? x recd. A++; if x == no then B ! cancel; next_round = true; round++ [] recd. A < round / A ? x recd. A++; [] recd. B = round / B ? y recd. B++; if y == no then A ! cancel; next_round = true; round++ [] recd. B < round / B ? x recd. B++; [] recd. A / recd. B A ! meet; B ! meet; start = true; [] start A ! meeting_done; B ! meeting_done; next_round = true; start = false; round++ od

Promela • Protocol Meta Language • Modeling language • Verification of the model

Example 1 int state = 1 proctype A() { state == 1 state = state + 1 } proctype B() { state == 1 state = state – 1 } init { run A(); run B() }

Example 2 • chan a, b = [3] of {int} proctype A() { int x; x = 1; a ! x; b ? x } proctype B() { int y; a ? y; b ! y + 1} init { run A(); B() }

• do : : a > b; x = x + 1 : : a < b; x = x - 1 : : timeout go to done od; done: y = y + 1

Data types • int, bool, bytes, arrays • Conditions: a == b, a <= b, …. . • atomic statement atomic { a; b }

Control statements • if : : a != b x = x + 1 : : a == b x = x - 1 fi if : : a > b; x = x + 1 : : a < b; x = x - 1 : : else x = l fi

• do : : a > b; x = x + 1 : : a < b; x = x - 1 : : timeout go to done od; done: y = y + 1

proctype P 1() { int hold, incs; hold = 1; incs = 0; do : : (hold == 1) && incs==0 ch 0!token; hold = 0 : : ch 1 ? token hold = 1 : : hold == 1& incs == 0 incs = 1 : : incs == 1 incs = 0 od } init { run P 1(); run P 2() }

• #define token 1 chan ch[2] of {int, int}; proctype P 1(int id, int holdvalue) { int myid, other; hold = holdvalue; incs = 0; myid = id; other = (myid + 1) % 2; do : : (hold == 1) && incs==0 ch[myid]!token; hold = 0 : : ch[other] ? Token hold = 1 : : hold == 1& incs == 0 incs = 1 : : incs == 1 incs = 0 od }

• init { run P(0, 0), P(1, 1) }