Download Formal Methods for System Development

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
page
96
Transcript 
Chapter 4. Spin introduction and tutorial
Whenever possible, deterministic sequences in processes should be enclosed in a d_step declaration. This helps the partial order reduction technique. A caveat with d_step as opposed to atomic is that no statements
except the first may block, else the determinism is broken.
A tip for reducing the number of processes is to drop the init process.
The init process is really just an active process that is started first. Any
processes may be started from an other active process, so by moving the
run-statements from the init process we reduce the state vector by four
bytes. Note that a more powerful pre-processor such as m4 enables us to
programmatically create processes with arguments as active processes.
Optionally Spin has several optimisations built-in. These are enabled
or disabled with compiler flags. Generally the optimisations are directed
towards memory usage, and will increase verification time. Optimisations
include state vector collapse compression (-DCOLLAPSE) and state vector
coding as minimised deterministic automaton (-DMA=n). Many optimisations
may be combined, but the benefits are highly problem specific.
The reference manual [14] and Theo Ruys’ Ph.D. thesis [22] provide
information on more advanced optimisations.
4.3
Semaphores—deadlocks and temporal claims
We start with modelling semaphores. Semaphores are common and their
usage error prone. In short, they are a very good candidate for verification.
The examples have been taken from The Little Book of Semaphores [8], with
the exception of the last one which is from [4].
4.3.1
Busy waiting, weak and strong semaphores
Busy waiting resembles the wait()/notifyAll() pattern from Java. Strong
semaphores have an associated queue. This queue is modelled using an
asynchronous channel. Waiting on a weak semaphore does not preserve
order. All a weak semaphore guarantees is that some waiting process will
be awaken at a signal-operation.
The naı̈ve model of a busy waiting semaphore is
wait:
if
:: atomic { sem > 0; sem-- }
:: else -> goto wait
fi
However, this will make the model actually loop, which is not needed.
A better model, that uses the fact that a Promela process is blocked until a
statement is executable, removes the loop. The wait-operation will then be
36
Related documents
EVID Compact Sound User Manual 5.36 MB - Electro
EVID Compact Sound User Manual 5.36 MB - Electro
Failures-Divergence Refinement
Failures-Divergence Refinement
BC OnLine Site Registry User's Guide
BC OnLine Site Registry User's Guide
FISC CDM Mirror Manager User's Guide - ftp cdpro
FISC CDM Mirror Manager User's Guide - ftp cdpro
Failures-Divergence Refinement
Failures-Divergence Refinement
Datacom Systems VS-1212-F Specifications
Datacom Systems VS-1212-F Specifications
Nuvis mini i only
Nuvis mini i only
Compute_n 15_p 101
Compute_n 15_p 101
Manual - Centipeak
Manual - Centipeak
Becoming textual: attempting to model XCHAN with CSPm
Becoming textual: attempting to model XCHAN with CSPm
Meritor - School Bus Brake Components
Meritor - School Bus Brake Components
CS 6110 – Formal Methods – Spring 2011
CS 6110 – Formal Methods – Spring 2011
EconExpert - for WIND Model User`s Manual
EconExpert - for WIND Model User`s Manual
Software Composition and Verification for Sensor Networks
Software Composition and Verification for Sensor Networks
Installation and Maintenance Manual Winches
Installation and Maintenance Manual Winches
dsse.ecs.soton.ac.uk - Electronics and Computer Science
dsse.ecs.soton.ac.uk - Electronics and Computer Science
Datacom Systems VS-1200 User's Manual
Datacom Systems VS-1200 User's Manual
3Com 10014299 Network Router User Manual
3Com 10014299 Network Router User Manual
Olympus 60 Digital Camera User Manual
Olympus 60 Digital Camera User Manual
HSF-SPIN User Manual
HSF-SPIN User Manual
Zoom FIRE-36 Specifications
Zoom FIRE-36 Specifications
XMesh USER MANUAL
XMesh USER MANUAL