PAT Advanced Tutorial Outline Alphabet calculation and declaration
PAT Advanced Tutorial
Outline • Alphabet calculation and declaration • Global Variables – Var, array, size • Tips • Examples – Dining Philosophers – Peterson’s Algorithm
Alphabet calculation and declaration • PAT automatically calculates the alphabet of the expression. VM() = insertcoin -> coffee -> VM(); VM() = insertcoin -> Inserted(); Inserted() = coffee -> VM(); • User can explicitly specify the alphabet for a particular process Clock(i) = tick. i -> Clock(i+1); System = Clock(0) || Skip; #alphabet Clock {tick}; #alphabet Clock {tick. i};
Global Variables • Variable declaration (No type) – Simple variable • var x; • var y = 0; • var z = false; – Array • var array = [0, 1, 3, 5]; • var floor[N]; – Channel • channel c 5; • Scope: Global
Process Parameters vs. Global Variables • Used in event expressions – GV can (supported from v 1. 3. 0) – PP can var x = 0; P(i) = a. x -> P(i); P(i) = a. i -> P(i); • Used as parameter for process – GV can (supported from v 1. 3. 0) – PP can • LHS of event assignment – GV can – PP can NOT • RHS of event assignment – Both can var x = 0; P(i) = a -> P(x); P(i) = a -> P(i+2); var x = 0; P(i) = a{x=9; } -> P(i); P(i) = a{i=9; } -> P(i); (wrong) var x = 0; P(i) = a{x=x+1; } -> P(x); P(i) = a{x=i+1; } -> P(i);
Finite Model • # of different process needs to be finite – P(i) = a. i -> P(i); – P(i) = a. i -> P(i+1); (infinite) • Value range of global variables needs to be finite – var x = 0; – P(i) = a{x=x+1; } -> P(i); (infinite) • Out of memory exception will be thrown • Check for infinite model – System = P(0); – #define out x > 100; – #assert System reaches out;
Fairness • PAT supports two ways of adding fairness into the systems – Event annotation: wf, sf, wl, sl • wl(pick. i. i) – Process level option: weak fairness, strong local fairness, strong global fairness • When do we need fairness? – Counterexamples with loop. • Leader election in ring example. • How to add fairness? – Try process level option first. – Ask us.
What properties to test? • Deadlock free • Safety properties: bad things never happen – #define badthing … – #assert System reaches badthing • Liveness properties: good things eventually happen – #assert System |= []<> goodthing
Dining Philosophers
Peterson's algorithm
![PAT Model of Peterson’s Algorithm • • var flag[2]; var turn = 0; •](http://slidetodoc.com/presentation_image/d73775add05bc6077382486d5fee7e4a/image-12.jpg "PAT Model of Peterson’s Algorithm • • var flag[2]; var turn = 0; •")
PAT Model of Peterson’s Algorithm • • var flag[2]; var turn = 0; • var counter = 0; • P 0 = set 0. 1{flag[0] = 1; } -> set 0. 2{turn=1; } -> Loop. Test(1); cs. 0{counter = counter +1; } -> exit. 0{flag[0] = 0; counter = counter -1; } -> P 0; • • Loop. Test(i) = if(flag[i] == 1 && turn == i) { loop -> Loop. Test(i) } else { Skip }; • P 1 = set 1. 1{flag[1] = 1; } -> set 1. 2{turn=0; } -> Loop. Test(0); cs. 1{counter = counter +1; } -> exit. 1{flag[1] = 0; counter = counter -1; } -> P 1; • Peterson() = P 0() ||| P 1(); • • • #define goal counter > 1; #assert Peterson() reaches goal; #assert Peterson() |= []<> cs. 0;
- Slides: 12