spin

How to print all states in Promela/SPIN

血红的双手。 提交于 2019-12-22 01:36:13
问题 I would like to print all states when checking my model. We do get a trail file when an assertion violation occurs but I want to see the states even when there are no assertion violations. How can I do that? 回答1: One option is to compile pan with the gcc flag -DVERBOSE and watch the full details of the verification run. Of course the run will take a while and will spit excessive output, but you will see all the states as they are visited (the format is not very easy to read, but may

自旋锁+信号量

 ̄綄美尐妖づ 提交于 2019-12-20 04:19:30
本文将为你介绍内核同步算法中的自旋锁和信号量。在这之前,先了解一些概念。 执行线程:thread of execution,指任何正在执行的代码实例,可能是一个正在内核线程,一个中断处理程序等。有时候会将执行线程简称为线程。 临界区:critical region,即访问和操作共享数据的代码段。 多个执行线程并发访问同一资源通常是不安全的,通常使用自旋锁和信号量来实现对临界区互斥的访问。 自旋锁 自旋锁(spin lock)是一个对临界资源进行互斥访问的典型手段。自旋锁至多只能被一个执行线程持有。当一个执行线程想要获得一个已被使用的自旋锁时,该线程就会一直进行忙等待直至该锁被释放,就如同“自旋”所表达的意思那样:在原地打转。 我们也可以这么理解自旋锁:它如同一把门锁,而临界区就如同门后面的房间。当一个线程A进入房间后,它会关闭房门,使得其他线程不得进入。此时如果其他某个进程B需要进入房间,那么只能在门外“打转”。当A进程打开们后,进程B才能进入房间。 自旋锁的使用 1.定义初始化自旋锁 使用下面的语句就可以先定一个自旋锁变量,再对其进行初始化: 1 spinlock_t lock; 2 spin_lock_init(&lock); 也可以这样初始化一个自旋锁: 1 spinlock_t lock=SPIN_LOCK_UNLOCKED; 2.获得自旋锁 1 void spin

How to transform LTL into Automato in Promela - SPIN?

拜拜、爱过 提交于 2019-12-20 02:54:50
问题 How can I transform LTL into Automata in PROMELA? I know that with the command SPIN -f "ltl x" it is possible transform the LTL into a never claim, but I want the automata of the LTL and not the negation one. It is correct If I negate the LTL before to generate the never claim. Can anyone help me? 回答1: Spin generates the Promela code equivalent to the Buchi Automaton which matches the LTL formula , and envelops it into a never block. From the docs: NAME never - declaration of a temporal claim

atomic sequences in Promela. Contradictory in documentation

百般思念 提交于 2019-12-18 09:26:33
问题 Here, http://spinroot.com/spin/Man/Manual.html, it is written that: In Promela there is also another way to avoid the test and set problem: atomic sequences. By prefixing a sequence of statements enclosed in curly braces with the keyword atomic the user can indicate that the sequence is to be executed as one indivisible unit, non-interleaved with any other processes. It causes a run-time error if any statement, other than the first statement, blocks in an atomic sequence . This is how we can

All possible Knight moving on a chessboard in promela

久未见 提交于 2019-12-12 19:09:55
问题 Is it possible to bypass a chessboard of size N × N with a knight from the initial position (I, J), having visited each square only once? #define A[] = True; A[I,J] = false; active proctype method(){ bit I=4; bit J=3; bit K=1; bit N=8; do ::I>2 && J<N && A[I-2,J+1] => I=I-2;J=J+1; A[I,J]=False; K++; printf("i %d j %d \n"i, j); ::I>2 && J>1 && A[I-2,J-1] => I=I-2;J=J-1; A[I,J]=False; K++; printf("i %d j %d \n"i, j); ::I<N && J>1 && A[I+1,J-2] => I=I+1;J=J-2; A[I,J]=False; K++; printf("i %d j

How to create two dimensional array in Promela?

让人想犯罪 __ 提交于 2019-12-11 05:53:47
问题 To create matrix in C we need to write: int[][] a = {{1,2,3},{1,2,3},{1,2,3}} How can I create a matrix in Promela? 回答1: From the docs: Multidimensional arrays can be constructed indirectly with the use of typedef definitions. Also from the docs: EXAMPLES The first example shows how to declare a two-dimensional array of elements of type byte with a typedef . typedef array { /* typedefs must be global */ byte aa[4] }; init { array a[8]; /* 8x4 = 32 bytes total */ a[3].aa[1] = 5 } A better

how to make a non-initialised variable in Spin?

╄→гoц情女王★ 提交于 2019-12-11 01:59:27
问题 It seems that Promela initialises each variable (by default, to 0, or to the value that is given in the declaration). How can I declare a variable that is initialised by an unknown value? The documentation suggests if :: p = 0 :: p = 1 fi but I don't think that it works: Spin still verifies this claim bit p init { if :: p = 0 :: p = 1 fi } ltl { ! p } (and falsifies p ) So what exactly is the semantics of init ? There still is some "pre-initial" state? How can I work around this - and not

Using (U)ntil operator in SPIN ltl formula

﹥>﹥吖頭↗ 提交于 2019-12-11 01:36:30
问题 I am trying to understand how to correctly use the Until operator in an ltl formula. I found this definition (below) to be clear: U ntil A U B: true if there exists i such that: B is true in [s i , s i+1 , s i+2 , … ] for all j such that 0 ≤ j < i, formula A is true in [s j , s j+1 , s j+2 , … ] meaning: B is true at time i for times between 0 and i-1, formula A is true still using the formalization of "true at time i" Sample code with example ltl formula: mtype = {Regular, Reverse, Quit}

内核同步-锁机制

好久不见. 提交于 2019-12-09 20:44:18
在 Linux 系统上,多个进程可以同时运行,以及各种中断发生的中断也在同时得到处理,这种多个上下文宏观上同时运行的情况称为并发。并发具体包括如下几种可能: 1) UP平台上,一个进程正在执行时被另一个进程抢占; 2) UP平台上,一个进程正在执行时发生了中断,内核转而执行中断处理程序; 3) SMP平台上,每个处理器都会发生 UP 平台上的情况; 4) SMP平台上,多个进程或中断同时在多个 CPU 上执行; 多个并发的上下文同时使用同一个资源的情况称为竞态,而可能发生竞态的这一段代码称为临界区。内核编程时的临界区,比较多的情况是: 1) 代码访问了全局变量,并且这段代码可被多个进程执行; 2) 代码访问了全局变量,并且这段代码可被进程执行,也可被中断处理程序执行; 针对上述情况,内核提供了如下手段来解决竟态问题: 1)锁机制: 2)院子操作: 下面会先介绍锁机制。 Linux内核提供了多种锁机制,这些锁机制的区别在于,当获取不到锁时,执行程序是否发生睡眠并进行系统调度。具体包括自旋锁、互斥体、信号量。 一、自旋锁:spinlock_t 自旋锁有两个基本操作:获取与释放。获取自旋锁时,当判断锁的状态为未锁,则会马上加锁,如果已经是锁定的状态,当期执行流程则会执行“忙等待”,中间没有任何的调度操作。也就说执行流程从判断锁的状态到完成加锁,是一个原子操作,在执行上是不可分割的。

spinlock与linux内核调度的关系

烈酒焚心 提交于 2019-12-09 20:22:18
作者: 刘洪涛, 华清远见嵌入式学院 高级讲师,ARM公司授权ATC讲师。 关于自旋锁用法介绍的文章,已经有很多,但有些细节的地方点的还不够透。我这里就把我个人认为大家容易有疑问的地方拿出来讨论一下。 一、自旋锁(spinlock)简介 自旋锁在同一时刻只能被最多一个内核任务持有,所以一个时刻只有一个线程允许存在于临界区中。这点可以应用在多处理机器、或运行在单处理器上的抢占式内核中需要的锁定服务。 二、信号量简介 这里也介绍下信号量的概念,因为它的用法和自旋锁有相似的地方。 Linux中的信号量是一种睡眠锁。如果有一个任务试图获得一个已被持有的信号量时,信号量会将其推入等待队列,然后让其睡眠。这时处理器获得自由去执行其它代码。当持有信号量的进程将信号量释放后,在等待队列中的一个任务将被唤醒,从而便可以获得这个信号量。 三、自旋锁和信号量对比 在很多地方自旋锁和信号量可以选择任何一个使用,但也有一些地方只能选择某一种。下面对比一些两者的用法。 表1-1自旋锁和信号量对比 应用场合 信号量or 自旋锁 低开销加锁(临界区执行时间较快) 优先选择 自旋锁 低开销加锁(临界区执行时间较长) 优先选择 信号量 临界区可能包含引起睡眠的代码 不能选自旋锁,可以选择 信号量 临界区位于非进程上下文时,此时不能睡眠 优先选择 自旋锁 ,即使选择信号量也只能用 down_trylock 非阻塞的方式