pat advanced tutorial. outline alphabet calculation and declaration global variables –var, array,...
TRANSCRIPT
PAT Advanced Tutorial
Outline
• Alphabet calculation and declaration
• Global Variables– Var, array, size
• Tips
• Examples– Dining Philosophers– Peterson’s Algorithm
Alphabet calculation and declaration
• PAT automatically calculates the alphabet of the expression.VM() = insertcoin -> coffee -> VM();
VM() = insertcoin -> Inserted(); Inserted() = coffee -> VM();
• User can explicitly specify the alphabet for a particular processClock(i) = tick.i -> Clock(i+1);System = Clock(0) || Skip;#alphabet Clock {tick};#alphabet Clock {tick.i};
Global Variables
• Variable declaration (No type)– Simple variable
• var x;• var y = 0;• var z = false;
– Array• var array = [0, 1, 3, 5];• var floor[5]; • var floor[N];
– Channel• channel c 5;
• Scope: Global
Process Parameters vs. Global Variables
• Used in event expressions– GV can (supported from v1.3.0)– PP can
• Used as parameter for process– GV can (supported from v1.3.0)– PP can
• LHS of event assignment– GV can– PP can NOT
• RHS of event assignment– Both can
var x = 0;P(i) = a.x -> P(i); P(i) = a.i -> P(i);
var x = 0;P(i) = a -> P(x); P(i) = a -> P(i+2);
var x = 0;P(i) = a{x=9;} -> P(i); P(i) = a{i=9;} -> P(i); (wrong)
var x = 0;P(i) = a{x=x+1;} -> P(x); P(i) = a{x=i+1;} -> P(i);
Finite Model
• # of different process needs to be finite– P(i) = a.i -> P(i); – P(i) = a.i -> P(i+1); (infinite)
• Value range of global variables needs to be finite– var x = 0;– P(i) = a{x=x+1;} -> P(i); (infinite)
• Out of memory exception will be thrown• Check for infinite model
– System = P(0);– #define out x > 100;– #assert System reaches out;
Data Race!
• var x = 0;
• P = a{x=1;} -> P;
• Q = a{x=2;} -> Q;
• S = P || Q;
Fairness
• PAT supports two ways of adding fairness into the systems– Event annotation: wf, sf, wl, sl
• wl(pick.i.i)– Process level option: weak fairness, strong local
fairness, strong global fairness• When do we need fairness?
– Counterexamples with loop. • Leader election in ring example.
• How to add fairness?– Try process level option first.– Ask us.
What properties to test?
• Deadlock free
• Safety properties: bad things never happen– #define badthing …– #assert System reaches badthing
• Liveness properties: good things eventually happen– #assert System |= []<> goodthing
Dining Philosophers
Peterson's algorithm
PAT Model of Peterson’s Algorithm• var flag[2];• var turn = 0;
• var counter = 0;
• P0 = set0.1{flag[0] = 1;} -> set0.2{turn=1;} -> LoopTest(1); cs.0{counter = counter +1;} -> exit.0{flag[0] = 0;counter = counter -1;} -> P0;
• LoopTest(i) = if(flag[i] == 1 && turn == i)• {• loop -> LoopTest(i)• }• else• {• Skip• };
• P1 = set1.1{flag[1] = 1;} -> set1.2{turn=0;} -> LoopTest(0); cs.1{counter = counter +1;} -> exit.1{flag[1] = 0;counter = counter -1;} -> P1;
• Peterson() = P0() ||| P1();
• #define goal counter > 1;• #assert Peterson() reaches goal;• #assert Peterson() |= []<> cs.0;