Pass the Parcel Pass the parcel in Promela

  • Slides: 4
Download presentation
Pass the Parcel /* Pass the parcel in Promela */ /* passing is not

Pass the Parcel /* Pass the parcel in Promela */ /* passing is not atomic */ /* communication is asynchronous */ /* Muffy Calder, November 2000 */ mtype = {on, off, over}; chan one=[1] of {byte}; chan two= [1] of {byte}; chan three= [1] of {byte}; chan four= [1] of {byte}; chan music = [1] of {mtype}; chan game = [1] of {mtype} byte parcel; byte pid 1= -1; byte pid 2 = -1; byte pid 3 = -1; byte pid 4 = -1; byte winners = 0; 1

proctype player(chan in, out) { bit posess =0; bit wrapped =1; do : :

proctype player(chan in, out) { bit posess =0; bit wrapped =1; do : : music? <on> -> atomic{ if : : full(in) -> in? parcel; posess=1; wrapped =1; : : posess -> out!parcel; posess =0; : : !posess && empty(in) -> skip fi} : : music? <off> -> atomic{ if : : posess && wrapped -> parcel=parcel-1; wrapped = 0; /*unwrap*/ if : : (parcel == 0) -> break /* end of game */ : : else -> skip fi : : posess && !wrapped -> skip : : !(posess) -> if : : full(in) -> in? parcel; posess=1; parcel = parcel-1; wrapped=0; if : : (parcel == 0) -> break /* end of game */ : : else -> skip fi : : empty(in) -> skip fi fi} : : game? <over> -> goto finish od; game!over; winners = winners+1; finish: skip } 2

proctype musicprocess() {music!on; do : : music? on -> music!off : : music? off

proctype musicprocess() {music!on; do : : music? on -> music!off : : music? off -> music!on od } #define p 1 (player[pid 1]. posess ==1) #define p 2 (player[pid 2]. posess == 1) #define p 3 (player[pid 3]. posess == 1) #define p 4 (player[pid 4]. posess == 1) #define q 1 winners == 1 #define q 2 winners >1 init{ atomic{ parcel = 3; one!parcel; run musicprocess(); pid 1 = run player (one, two); pid 2 = run player (two, three); pid 3 = run player (three, four); pid 4 = run player (four, one) }} 3

#include "/users/fda/muffy/Checkers/testexamples/parcel_claim 2. p" /* claim 1 <> q 2 */ /* * Formula

#include "/users/fda/muffy/Checkers/testexamples/parcel_claim 2. p" /* claim 1 <> q 2 */ /* * Formula As Typed: <> q 2 * The Never Claim Below Corresponds * To The Negated Formula !(<> q 2) * (formalizing violations of the original) */ never { /* !(<> q 2) */ accept_init: T 0_init: if : : (! ((q 2))) -> goto T 0_init fi; } /*claim 2 [] (!q 2) */ /*claim 3 [] (p 1 -> !(p 2 && p 3 && p 4) */ 4

Pass the Parcel Task B Pass the ParcelPass the Parcel Task B Pass the Parcel
Pass the Parcel Task B Pass the ParcelPass the Parcel Task B Pass the Parcel
Pass the Parcel Task A Pass the parcelPass the Parcel Task A Pass the parcel