Model checking 如何在Spin中生成非初始化变量?
Promela似乎初始化了每个变量(默认情况下,为0或声明中给定的值) 如何声明由未知值初始化的变量 文档建议Model checking 如何在Spin中生成非初始化变量?,model-checking,spin,promela,Model Checking,Spin,Promela,Promela似乎初始化了每个变量(默认情况下,为0或声明中给定的值) 如何声明由未知值初始化的变量 文档建议if::p=0::p=1fi,但我不这么认为 它是有效的:Spin仍然证实了这一说法 bit p init { if :: p = 0 :: p = 1 fi } ltl { ! p } (和伪造p) 那么,init的语义到底是什么呢?还有一些 “初始前”状态?我如何才能解决这个问题,而不让我的学生感到困惑 这是一个有趣的问题 表示每个变量都初始化为0,除非模型另有规定 与
if::p=0::p=1fibit p
init { if :: p = 0 :: p = 1 fi }
ltl { ! p }
pinit“初始前”状态?我如何才能解决这个问题,而不让我的学生感到困惑 这是一个有趣的问题 表示每个变量都初始化为0,除非模型另有规定 与所有变量声明一样,显式初始化字段是可选的。所有变量的默认初始值为零。这适用于标量变量和数组变量,也适用于全局变量和局部变量 在您的模型中,声明变量时不初始化变量,因此随后会在初始状态下将其赋值给值0,该值位于赋值之前:
bit p
init {
// THE INITIAL STATE IS HERE
if
:: p = 0
:: p = 1
fi
}
ltl { ! p }
一些实验。 为了避免这种限制,一个“幼稚”的想法是在调用
~$spin-A test.pmlvoid
iniglobals(int calling_pid)
{
now.p = 0;
#ifdef VAR_RANGES
logval("p", now.p);
#endif
}
void
iniglobals(int calling_pid)
{
srand(time(NULL));
now.p = rand() % 2;
#ifdef VAR_RANGES
logval("p", now.p);
#endif
}
#includegcc pan.c~$ ./a.out -a
pan:1: assertion violated !( !( !(p))) (at depth 0)
pan: wrote test.pml.trail
(Spin Version 6.4.3 -- 16 December 2014)
Warning: Search not completed
+ Partial Order Reduction
Full statespace search for:
never claim + (ltl_0)
assertion violations + (if within scope of claim)
acceptance cycles + (fairness disabled)
invalid end states - (disabled by never claim)
State-vector 28 byte, depth reached 0, errors: 1
1 states, stored
0 states, matched
1 transitions (= stored+matched)
0 atomic steps
hash conflicts: 0 (resolved)
Stats on memory usage (in Megabytes):
0.000 equivalent memory usage for states (stored*(State-vector + overhead))
0.291 actual memory usage for states
128.000 memory used for hash table (-w24)
0.534 memory used for DFS stack (-m10000)
128.730 total actual memory usage
pan: elapsed time 0 seconds
~$ ./a.out -a
(Spin Version 6.4.3 -- 16 December 2014)
+ Partial Order Reduction
Full statespace search for:
never claim + (ltl_0)
assertion violations + (if within scope of claim)
acceptance cycles + (fairness disabled)
invalid end states - (disabled by never claim)
State-vector 28 byte, depth reached 0, errors: 0
1 states, stored
0 states, matched
1 transitions (= stored+matched)
0 atomic steps
hash conflicts: 0 (resolved)
Stats on memory usage (in Megabytes):
0.000 equivalent memory usage for states (stored*(State-vector + overhead))
0.291 actual memory usage for states
128.000 memory used for hash table (-w24)
0.534 memory used for DFS stack (-m10000)
128.730 total actual memory usage
unreached in init
test.pml:8, state 5, "-end-"
(1 of 5 states)
unreached in claim ltl_0
_spin_nvr.tmp:8, state 8, "-end-"
(1 of 8 states)
pan: elapsed time 0 seconds
- 将初始状态初始化器转换为初始状态的生成器
- 修改验证例程,以考虑可能存在多个初始状态,并且属性必须为每个初始状态保留
解决方法。 如果您想声明某些内容在初始状态下为真,或从初始状态开始,并考虑某些非确定性行为,则应编写如下内容:
bit p
bool init_state = false
init {
if
:: p = 0
:: p = 1
fi
init_state = true // TARGET STATE
init_state = false
}
ltl { init_state & ! p }
~$ ./a.out -a
pan:1: assertion violated !( !((initialised& !(p)))) (at depth 0)
pan: wrote 2.pml.trail
(Spin Version 6.4.3 -- 16 December 2014)
Warning: Search not completed
+ Partial Order Reduction
Full statespace search for:
never claim + (ltl_0)
assertion violations + (if within scope of claim)
acceptance cycles + (fairness disabled)
invalid end states - (disabled by never claim)
State-vector 28 byte, depth reached 0, errors: 1
1 states, stored
0 states, matched
1 transitions (= stored+matched)
0 atomic steps
hash conflicts: 0 (resolved)
Stats on memory usage (in Megabytes):
0.000 equivalent memory usage for states (stored*(State-vector + overhead))
0.291 actual memory usage for states
128.000 memory used for hash table (-w24)
0.534 memory used for DFS stack (-m10000)
128.730 total actual memory usage
pan: elapsed time 0 seconds
Init语义。 Init仅保证是第一个生成的进程,并用于生成其他进程,例如,当其他例程将某些参数(例如,共享某些资源)作为输入时。更多信息 我认为这段文字有点误导: 初始化过程最常用于初始化全局变量, 以及通过使用run来实例化其他流程 操作员,在系统执行开始之前。任何过程,而不仅仅是 不过,init进程可以这样做
由于可以使用
原子{}do::p=0::p=1 odX位p=?