要求在Spin中有多個（或全部）違規痕跡

Question

是否有可能使用Spin獲取屬性的多個（或全部）違規痕跡？

舉個例子，我創建了下面的PROMELA型號：

byte mutex = 0; 

active proctype A() { 
A1: mutex==0; /* Is free? */ 
A2: mutex++; /* Get mutex */ 
A3: /* A's critical section */ 
A4: mutex--; /* Release mutex */ 
} 

active proctype B() { 
B1: mutex==0; /* Is free? */ 
B2: mutex++; /* Get mutex */ 
B3: /* B's critical section */ 
B4: mutex--; /* Release mutex */ 
} 

ltl {[] (mutex < 2)} 

它有一個天真的互斥實現。人們可以預期流程A和B不會一起到達他們的關鍵部分，並且我寫了一個LTL表達式來檢查它。

運行

spin -run mutex_example.pml 

表明財產是無效的，並運行

spin -p -t mutex_example.pml 

表明違反財產語句序列。

Never claim moves to line 4  [(1)] 
    2: proc 1 (B:1) mutex_example.pml:11 (state 1) [((mutex==0))] 
    4: proc 0 (A:1) mutex_example.pml:4 (state 1)  [((mutex==0))] 
    6: proc 1 (B:1) mutex_example.pml:12 (state 2) [mutex = (mutex+1)] 
    8: proc 0 (A:1) mutex_example.pml:5 (state 2)  [mutex = (mutex+1)] 
spin: _spin_nvr.tmp:3, Error: assertion violated 
spin: text of failed assertion: assert(!(!((mutex<2)))) 
Never claim moves to line 3  [assert(!(!((mutex<2))))] 
spin: trail ends after 9 steps 
#processes: 2 
       mutex = 2 
    9: proc 1 (B:1) mutex_example.pml:14 (state 3) 
    9: proc 0 (A:1) mutex_example.pml:7 (state 3) 
    9: proc - (ltl_0:1) _spin_nvr.tmp:2 (state 6) 

這表明語句序列（由標籤指示）「B1」 - >「A1」 - >「B2」 - >「A2」違反屬性但也有其他的交織選擇通向該（例如'A1' - >'B1' - >'B2' - >'A2'）。

我可以問Spin給我多個（或全部）痕跡嗎？

Answer 1

我懷疑，你可以在旋得到所有侵犯的痕跡。

例如，如果我們考慮下面的型號，那麼有無限多的反例。

byte mutex = 0; 

active [2] proctype P() { 
    do 
     :: mutex == 0 -> 
      mutex++; 
      /* critical section */ 
      mutex--; 
    od 
} 

ltl {[] (mutex <= 1)} 

---

你能做什麼，就是用不同搜索算法爲您驗證，這可能會產生一些不同的反例

-search (or -run) generate a verifier, and compile and run it 
     options before -search are interpreted by spin to parse the input 
     options following a -search are used to compile and run the verifier pan 
     valid options that can follow a -search argument include: 
     -bfs perform a breadth-first search 
     -bfspar perform a parallel breadth-first search 
     -bcs use the bounded-context-switching algorithm 
     -bitstate or -bit, use bitstate storage 
     -biterate use bitstate with iterative search refinement (-w18..-w35) 
     -swarmN,M like -biterate, but running all iterations in parallel 
      perform N parallel runs and increment -w every M runs 
      default value for N is 10, default for M is 1 
     -link file.c link executable pan to file.c 
     -collapse use collapse state compression 
     -hc  use hash-compact storage 
     -noclaim ignore all ltl and never claims 
     -p_permute use process scheduling order permutation 
     -p_rotateN use process scheduling order rotation by N 
     -p_reverse use process scheduling order reversal 
     -ltl p verify the ltl property named p 
     -safety compile for safety properties only 
     -i   use the dfs iterative shortening algorithm 
     -a   search for acceptance cycles 
     -l   search for non-progress cycles 
    similarly, a -D... parameter can be specified to modify the compilation 
    and any valid runtime pan argument can be specified for the verification