Promela:为什么这个原子块不等同于赋值语句?
Promela: Why is not this atomic block equivalent to an assignment statement?
我写了以下 Promela 代码。此代码模拟两个进程递增共享计数器的情况。
我预计代码中的 assert 必须为真,但 SPIN 显示 "assertion violated"。奇怪的是,当我将 atomic 块替换为 count = count + 1 时,错误消失了。
为什么这个原子块不等同于赋值语句?
byte count = 0;
bool finished[2];
proctype Increment(byte index) {
atomic {
byte c = count;
c = c + 1;
count = c;
}
finished[index] = true;
}
init {
run Increment(0);
run Increment(1);
(finished[0] && finished[1]);
assert(count == 2);
}
执行结果:
$ spin -a counter.pml
$ gcc -o pan pan.c
$ ./pan
pan:1: assertion violated (count==2) (at depth 9)
pan: wrote counter.pml.trail
(Spin Version 6.4.6 -- 2 December 2016)
Warning: Search not completed
+ Partial Order Reduction
Full statespace search for:
never claim - (none specified)
assertion violations +
acceptance cycles - (not selected)
invalid end states +
State-vector 36 byte, depth reached 11, errors: 1
28 states, stored
3 states, matched
31 transitions (= stored+matched)
0 atomic steps
hash conflicts: 0 (resolved)
Stats on memory usage (in Megabytes):
0.002 equivalent memory usage for states (stored*(State-vector + overhead))
0.292 actual memory usage for states
128.000 memory used for hash table (-w24)
0.534 memory used for DFS stack (-m10000)
128.730 total actual memory usage
pan: elapsed time 0 seconds
这是一个已知错误,自 Spin 的 6.4.8 版本以来已修复(至少)。
保持工具更新。
注意: 根据 @Brishna Batool 的要求添加了答案。
我写了以下 Promela 代码。此代码模拟两个进程递增共享计数器的情况。
我预计代码中的 assert 必须为真,但 SPIN 显示 "assertion violated"。奇怪的是,当我将 atomic 块替换为 count = count + 1 时,错误消失了。
为什么这个原子块不等同于赋值语句?
byte count = 0;
bool finished[2];
proctype Increment(byte index) {
atomic {
byte c = count;
c = c + 1;
count = c;
}
finished[index] = true;
}
init {
run Increment(0);
run Increment(1);
(finished[0] && finished[1]);
assert(count == 2);
}
执行结果:
$ spin -a counter.pml
$ gcc -o pan pan.c
$ ./pan
pan:1: assertion violated (count==2) (at depth 9)
pan: wrote counter.pml.trail
(Spin Version 6.4.6 -- 2 December 2016)
Warning: Search not completed
+ Partial Order Reduction
Full statespace search for:
never claim - (none specified)
assertion violations +
acceptance cycles - (not selected)
invalid end states +
State-vector 36 byte, depth reached 11, errors: 1
28 states, stored
3 states, matched
31 transitions (= stored+matched)
0 atomic steps
hash conflicts: 0 (resolved)
Stats on memory usage (in Megabytes):
0.002 equivalent memory usage for states (stored*(State-vector + overhead))
0.292 actual memory usage for states
128.000 memory used for hash table (-w24)
0.534 memory used for DFS stack (-m10000)
128.730 total actual memory usage
pan: elapsed time 0 seconds
这是一个已知错误,自 Spin 的 6.4.8 版本以来已修复(至少)。
保持工具更新。
注意: 根据 @Brishna Batool 的要求添加了答案。