promela

问题 Following is the code causing this. if :: ((fromProc[0] == MSG_SLEEP) && nempty(proc2clk[0])) -> proc2clk[0] ? fromProc[0]; // Woke up :: (!(fromProc[0] == MSG_SLEEP) && !(fromProc[0] == MSG_FIN)) -> clk2proc[0] ! 0; ::else -> time = time + 1; // just for debugging fi; If I remove the nempty call in the first condition, the error is gone. From what I've read, you can not use the else statement, if you use a receive or send statement in a condition, but from what I know, nempty is not a

问题 I am trying to figure out how SPIN chooses the order in which to execute and terminate processes in the following example. I realize that a main focus of SPIN is analyzing concurrent processes, but for my purposes I am just interested in simple linear execution. In the following example I just want step1() then step2() to be executed in that order. int globA; int globB; proctype step1() { atomic { globA = 1; } } proctype step2() { atomic { globB = 2; } } init { atomic { run step1(); run step2

问题 I need some help according to follow problem which I have to implemented it using jSpin and promela language. A home alarm system can be activated and deactivated using a personal ID key or password, after activation the system enters a waiting period of about 30 seconds, time that allows users to evacuate the secured area after which the alarm is armed, also when an intrusion is detected the alarm has a built in waiting period or delay of 15 seconds to allow the intruder to enter the

问题 Which would be right approach to do : repeat{ ... } until(<condition>) in Promela ? I have tried : do:: //.. (condition) -> break; od and do :: //.. if::(condition) -> break; else fi; od 回答1: Your first attempt is incorrect, because if <condition> is not true the process will simply block forever. Your second attempt is functionally correct. Personally, I would prefer a minor variant to your solution which does not drop the true entry condition for executing the bulk code . Given repeat{ //

问题 please i am a biginner on tihs domain how can i convert a classical example FIFO written in systemC code to PROMELA language with properties in LTL satisfy the following three properties: Mutual exclusion: The producer and consumer processes never access the shared buffer simultaneously. Non-starvation: The consumer accesses the buffer infinitely often. (You may assume that the producer never runs out of data to supply, and the consumer never stops attempting to read new data.) Producer

问题 I would like to print all states when checking my model. We do get a trail file when an assertion violation occurs but I want to see the states even when there are no assertion violations. How can I do that? 回答1: One option is to compile pan with the gcc flag -DVERBOSE and watch the full details of the verification run. Of course the run will take a while and will spit excessive output, but you will see all the states as they are visited (the format is not very easy to read, but may

问题 How can I transform LTL into Automata in PROMELA? I know that with the command SPIN -f "ltl x" it is possible transform the LTL into a never claim, but I want the automata of the LTL and not the negation one. It is correct If I negate the LTL before to generate the never claim. Can anyone help me? 回答1: Spin generates the Promela code equivalent to the Buchi Automaton which matches the LTL formula , and envelops it into a never block. From the docs: NAME never - declaration of a temporal claim

问题 Here, http://spinroot.com/spin/Man/Manual.html, it is written that: In Promela there is also another way to avoid the test and set problem: atomic sequences. By prefixing a sequence of statements enclosed in curly braces with the keyword atomic the user can indicate that the sequence is to be executed as one indivisible unit, non-interleaved with any other processes. It causes a run-time error if any statement, other than the first statement, blocks in an atomic sequence . This is how we can

问题 Is it possible to bypass a chessboard of size N × N with a knight from the initial position (I, J), having visited each square only once? #define A[] = True; A[I,J] = false; active proctype method(){ bit I=4; bit J=3; bit K=1; bit N=8; do ::I>2 && J<N && A[I-2,J+1] => I=I-2;J=J+1; A[I,J]=False; K++; printf("i %d j %d \n"i, j); ::I>2 && J>1 && A[I-2,J-1] => I=I-2;J=J-1; A[I,J]=False; K++; printf("i %d j %d \n"i, j); ::I<N && J>1 && A[I+1,J-2] => I=I+1;J=J-2; A[I,J]=False; K++; printf("i %d j

问题 To create matrix in C we need to write: int[][] a = {{1,2,3},{1,2,3},{1,2,3}} How can I create a matrix in Promela? 回答1: From the docs: Multidimensional arrays can be constructed indirectly with the use of typedef definitions. Also from the docs: EXAMPLES The first example shows how to declare a two-dimensional array of elements of type byte with a typedef . typedef array { /* typedefs must be global */ byte aa[4] }; init { array a[8]; /* 8x4 = 32 bytes total */ a[3].aa[1] = 5 } A better