1 / 26

CIS 725

CIS 725. Guarded Command Notation. Programming language style notation. Guarded actions en(a)  a en(a): guard of the action boolean condition or boolean condition + receive statement. Normal form. init; do en(a 1 )  a 1 []

lixue
Télécharger la présentation

CIS 725

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIS 725 Guarded Command Notation

  2. Programming language style notation • Guarded actions • en(a)  a en(a): guard of the action boolean condition or boolean condition + receive statement

  3. Normal form • init; do en(a1)  a1 [] en(a2)  a2 : : od

  4. The execution of each iteration proceeds as follows: - All guards are first evaluated. - Among all of the true guards, one of them is selected non-deterministically, and the corresponding action is executed. • Weak Fairness: If a guard is true and remains true, then it is eventually selected for execution

  5. Token-based system • P1: hold1 = false; in_cs1 = false do ? token  hold1 = true [] hold1 /\ not in_cs1  !token; hold1 =false [] hold1  in_cs1 = true [] in_cs1  in_cs1 = false od

  6. Request-based system P1: hold = false; in_cs = false; req_sent = false; req_recd = false do ? token  hold = true [] hold /\ not in_cs /\ req_recd  ! token; hold =false; req_recd = false [] hold /\ not in_cs  in_cs = true [] in_cs  in_cs = false [] not hold  !req; req_sent = true [] ? req  req_recd = true od

  7. Example 2 • Three processes A, B and C • In each iteration, C sends message for a meeting. • A and B non-deterministically send a “yes” or a “no” message • If C receives yes from both, it sends a meet message to A and B • If C receives a no from anyone, it sends an cancel message to A and B. • After sending meet/cancel message, C can send a message for a meeting again.

  8. Example 2 C: recdA = false; recdB = false; next_round = true; start = false; do [] next_round A ! meeting; B ! meeting; next_round = false [] A ? x  recdA = true [] B ? y  recdB = true [] recdA /\ recdB  if x = yes and y = yes then A ! meet; B ! meet; start = true; else A ! cancel; B ! cancel; recdA = false; recdB = false; next_round = true; [] start  A ! meeting_done; B ! meeting_done; next_round = true; start = false od

  9. Example 2 A: waiting = false do [] ! waiting; C ? meeting  C ! yes; waiting = true [] ! waiting; C ? meeting  C ! no; waiting = true [] waiting; C ? meet  start = true; [] waiting; C ? Cancel  waiting = false [] C ? meeting_done  waiting = false od

  10. Example 2 - Modified A: waiting = false do [] ! waiting; C ? meeting  C ! yes; waiting = true [] ! waiting; C ? meeting  C ! no; waiting = false [] waiting; C ? meet  start = true; [] waiting; C ? Cancel  waiting = false [] C ? meeting_done  waiting = false od

  11. Example 2: Modified C: recdA = false; recdB = false; next_round = true; start = true; do [] next_round A ! meeting; B ! meeting; next_round = false [] A ? x  recdA = true; if x == no then A ! cancel; B ! cancel; next_round = true; recdA = false [] B ? y  recdB = true; if y == no then A ! cancel; B ! cancel; next_round = true; recdB = false [] recdA /\ recdB  if x = yes and y = yes then A ! meet; B ! meet; start = true; else A ! cancel; B ! cancel; recdA = false; recdB = false; next_round = true; [] start  A ! meeting_done; B ! meeting_done; next_round = true; start = false od

  12. Example 2: Modified C: recdA = 0; recdB = 0; next_round = true; round = 0; start = true; do [] next_round A ! meeting; B ! meeting; next_round = false [] recA = round /\ A ? x  recdA++; if x == no then B ! cancel; next_round = true; round++ [] recdA < round /\ A ? x  recdA++; [] recdB = round /\ B ? y  recdB++; if y == no then A ! cancel; next_round = true; round++ [] recdB < round /\ B ? x  recdB++; [] recdA /\ recdB  A ! meet; B ! meet; start = true; [] start  A ! meeting_done; B ! meeting_done; next_round = true; start = false; round++ od

  13. Promela • Protocol Meta Language • Modeling language • Verification of the model

  14. Example 1 int state = 1 proctype A() { state == 1  state = state + 1 } proctype B() { state == 1  state = state – 1 } init { run A(); run B() }

  15. Example 2 • chan a,b = [3] of {int} proctype A() { int x; x = 1; a ! x; b ? x } proctype B() { int y; a ? y; b ! y + 1} init { run A(); B() }

  16. do :: a > b; x = x + 1 :: a < b; x = x - 1 :: timeout  go to done od; done: y = y + 1

  17. Data types • int, bool, bytes, arrays • Conditions: a == b, a < b, a <= b, ….. • atomic statement atomic { a; b }

  18. Control statements • if :: a != b  x = x + 1 :: a == b  x = x - 1 fi if :: a > b; x = x + 1 :: a < b; x = x - 1 :: else x = l fi

  19. do :: a > b; x = x + 1 :: a < b; x = x - 1 :: timeout  go to done od; done: y = y + 1

  20. proctype P1() { int hold, incs; hold = 1; incs = 0; do :: (hold == 1) && incs==0  ch0!token; hold = 0 :: ch1 ? token  hold = 1 :: hold == 1& incs == 0  incs = 1 :: incs == 1  incs = 0 od } init { run P1(); run P2() }

  21. #define token 1 chan ch[2] of {int, int}; proctype P1(int id, int holdvalue) { int myid, other; hold = holdvalue; incs = 0; myid = id; other = (myid + 1) % 2; do :: (hold == 1) && incs==0  ch[myid]!token; hold = 0 :: ch[other] ? Token  hold = 1 :: hold == 1& incs == 0  incs = 1 :: incs == 1  incs = 0 od }

  22. init { run P(0,0), P(1,1) }

More Related