并发模型的验证 ( 例子 )
DESCRIPTION
并发模型的验证 ( 例子 ). 互斥协议模型:示意图. s0. t0. y=1,t=1. x=1,t=0. 初始状态 s0 t0 x=0 y=0 t=0. s1. t1. y==0||t==1. x==0||t==0. s2. t2. y=0. x=0. s3. t3. 互斥协议模型 (2). a=s0 b=t0 x=0 y=0 t=0. 并发模型的验证. 建模. 验证问题. Model. 并发模型 ( 主程序 ). VVM VAR x: 0..1; y: 0..1; t: 0..1; INIT - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/1.jpg)
并发模型的验证 (例子 )
![Page 2: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/2.jpg)
2
互斥协议模型:示意图
x==0||t==0
t0
x=1,t=0
t1
t2
y==0||t==1
t3
x=0
s0
y=1,t=1
s1
s2
s3
y=0
初始状态
s0t0
x=0y=0t=0
![Page 3: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/3.jpg)
互斥协议模型 (2)
a=s0b=t0x=0y=0t=0
![Page 4: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/4.jpg)
并发模型的验证
验证问题验证问题 ModelModel建模建模
![Page 5: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/5.jpg)
并发模型 (主程序 )VVMVAR x: 0..1; y: 0..1; t: 0..1;INIT x=0; y=0; t=0;PROC p0: p0m(); p1: p1m();SPEC AG(!(p0.a=s2&p1.b=t2)); AG((!p0.a=s1|AF(p0.a=s2|p1.b=t2))&(!p1.b=t1|AF(p0.a=s2|p1.b=t2))); AG((!p0.a=s1|AF(p0.a=s2))&(!p1.b=t1|AF(p1.b=t2))); AG((!p0.a=s1|EF(p0.a=s2))&(!p1.b=t1|EF(p1.b=t2)));
![Page 6: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/6.jpg)
并发模型 (进程模块说明 1)MODULE p0m()VAR a: {s0,s1,s2,s3};INIT a=s0;TRANS a=s0: (y,t,a):=(1,1,s1); a=s1&(x=0|t=0): (a):=(s2); a=s1&!(x=0|t=0): (a):=(s1); a=s2: (y,a):=(0,s3); a=s2: (a):=(s2); a=s3: (y,t,a):=(1,1,s1);
![Page 7: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/7.jpg)
并发模型 (进程模块说明 2)MODULE p1m()VAR b: {t0,t1,t2,t3};INIT b=t0; TRANS b=t0: (x,t,b):=(1,0,t1); b=t1&(y=0|t=1): (b):=(t2); b=t1&!(y=0|t=1): (b):=(t1); b=t2: (x,b):=(0,t3); b=t2: (b):=(t2); b=t3: (x,t,b):=(1,0,t1);
![Page 8: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/8.jpg)
模型检测./verds -ck 1 me002.vvmVERSION: verds 1.42 - DEC 2012FILE: me001.vvmPROPERTY: A G ! ((a = 2 )& (b = 2 ))bound = 1 time = 0---------- time = 0bound = 2 time = 0---------- time = 0bound = 3 time = 0---------- time = 0bound = 4 time = 0---------- time = 0bound = 5 time = 0---------- time = 0bound = 6 time = 0---------- time = 0CONCLUSION: TRUE (time=0)
![Page 9: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/9.jpg)
模型检测结论
Property Conclusion
AG(!(p0.a=2&p1.a=2)) true
AG((!p0.a=1|AF(p0.a=2|p1.a=2))&(!p1.a=1|AF(p0.a=2|p1.a=2)))
false
AG((!p0.a=1|AF(p0.a=2))&(!p1.a=1|AF(p1.a=2))) false
AG((!p0.a=1|EF(p0.a=2))&(!p1.a=1|EF(p1.a=2))) true
![Page 10: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/10.jpg)
进程公平性说明
![Page 11: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/11.jpg)
并发模型 (主程序 )VVMVAR x: 0..1; y: 0..1; t: 0..1;INIT x=0; y=0; t=0;PROC p0: p0m(); p1: p1m();SPEC AG(!(p0.a=s2&p1.b=t2)); AG((!p0.a=s1|AF(p0.a=s2|p1.b=t2))&(!p1.b=t1|AF(p0.a=s2|p1.b=t2))); AG((!p0.a=s1|AF(p0.a=s2))&(!p1.b=t1|AF(p1.b=t2))); AG((!p0.a=s1|EF(p0.a=s2))&(!p1.b=t1|EF(p1.b=t2)));
![Page 12: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/12.jpg)
并发模型 (进程模块说明 1a)MODULE p0m()VAR a: {s0,s1,s2,s3};INIT a=s0;TRANS a=s0: (y,t,a):=(1,1,s1); a=s1&(x=0|t=0): (a):=(s2); a=s1&!(x=0|t=0): (a):=(s1); a=s2: (y,a):=(0,s3); a=s2: (a):=(s2); a=s3: (y,t,a):=(1,1,s1);FAIRNESS running;
![Page 13: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/13.jpg)
并发模型 (进程模块说明 2a)MODULE p1m()VAR b: {t0,t1,t2,t3};INIT b=t0; TRANS b=t0: (x,t,b):=(1,0,t1); b=t1&(y=0|t=1): (b):=(t2); b=t1&!(y=0|t=1): (b):=(t1); b=t2: (x,b):=(0,t3); b=t2: (b):=(t2); b=t3: (x,t,b):=(1,0,t1);FAIRNESS running;
![Page 14: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/14.jpg)
模型检测结论
Property Conclusion
AG(!(p0.a=2&p1.a=2)) true
AG((!p0.a=1|AF(p0.a=2|p1.a=2))&(!p1.a=1|AF(p0.a=2|p1.a=2)))
true
AG((!p0.a=1|AF(p0.a=2))&(!p1.a=1|AF(p1.a=2))) false
AG((!p0.a=1|EF(p0.a=2))&(!p1.a=1|EF(p1.a=2))) true
![Page 15: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/15.jpg)
进程公平性说明 2
![Page 16: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/16.jpg)
并发模型 (主程序 )VVMVAR x: 0..1; y: 0..1; t: 0..1;INIT x=0; y=0; t=0;PROC p0: p0m(); p1: p1m();SPEC AG(!(p0.a=s2&p1.b=t2)); AG((!p0.a=s1|AF(p0.a=s2|p1.b=t2))&(!p1.b=t1|AF(p0.a=s2|p1.b=t2))); AG((!p0.a=s1|AF(p0.a=s2))&(!p1.b=t1|AF(p1.b=t2))); AG((!p0.a=s1|EF(p0.a=s2))&(!p1.b=t1|EF(p1.b=t2)));
![Page 17: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/17.jpg)
并发模型 (进程模块说明 1b)MODULE p0m()VAR a: {s0,s1,s2,s3};INIT a=s0;TRANS a=s0: (y,t,a):=(1,1,s1); a=s1&(x=0|t=0): (a):=(s2); a=s1&!(x=0|t=0): (a):=(s1); a=s2: (y,a):=(0,s3); a=s2: (a):=(s2); a=s3: (y,t,a):=(1,1,s1);FAIRNESS running; a!=s2;
![Page 18: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/18.jpg)
并发模型 (进程模块说明 2b)MODULE p1m()VAR b: {t0,t1,t2,t3};INIT b=t0; TRANS b=t0: (x,t,b):=(1,0,t1); b=t1&(y=0|t=1): (b):=(t2); b=t1&!(y=0|t=1): (b):=(t1); b=t2: (x,b):=(0,t3); b=t2: (b):=(t2); b=t3: (x,t,b):=(1,0,t1);FAIRNESS running; b!=t2;
![Page 19: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/19.jpg)
模型检测结论
Property Conclusion
AG(!(p0.a=2&p1.a=2)) true
AG((!p0.a=1|AF(p0.a=2|p1.a=2))&(!p1.a=1|AF(p0.a=2|p1.a=2)))
true
AG((!p0.a=1|AF(p0.a=2))&(!p1.a=1|AF(p1.a=2))) true
AG((!p0.a=1|EF(p0.a=2))&(!p1.a=1|EF(p1.a=2))) true
![Page 20: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/20.jpg)
验证过程
验证问题验证问题 ModelModel建模建模
VERDSModel Checker
VERDSModel Checker
Positive Conclusion
Positive Conclusion
http://lcs.ios.ac.cn/~zwh/verds/
Negative ConclusionNegative
Conclusion
Error TraceError Trace
安全性质
![Page 21: 并发模型的验证 ( 例子 )](https://reader033.vdocuments.site/reader033/viewer/2022061416/5681365c550346895d9de953/html5/thumbnails/21.jpg)
问题 ?