对于以下代码,
proctype A()
{
byte cond1;
time = time + 1;
time = time + 2;
t[0] = 3;
a[0] = 2;
do
:: (a[0] == 0)->break;
:: else -> a[0] = a[0] - 1;
do
:: (t[0] <= t[1])->break;
od;
if
:: (cond1 != 0) ->
lock(mutex);
time = time + 1;
time = time + 2;
t[0] = t[0] + 3;
unlock(mutex);
:: (cond1 == 0) -> time = time + 1;
fi
od;
t[0] = 1000;
}
我收到以下错误,
unreached in proctype A
code.pml:15, state 20, "time = (time+1)"
code.pml:14, state 23, "((mutex==0))"
code.pml:14, state 23, "else"
code.pml:18, state 25, "time = (time+1)"
code.pml:12, state 26, "((mutex==0))"
code.pml:12, state 26, "((mutex==1))"
code.pml:12, state 29, "((mutex==0))"
code.pml:12, state 29, "((mutex==1))"
code.pml:45, state 31, "time = (time+2)"
code.pml:46, state 32, "t[0] = (t[0]+3)"
(7 of 43 states)
为什么会这样? Promela不应该为cond1的每个值执行(cond1 == 0和cond1!= 0)。至少这是here中写的内容。
在验证期间,没有进行此类调用,因为有效地将在此模式下探索所有行为选项,一次一个。
答案 0 :(得分:1)
我通过使用select语句解决了这个问题。
select (cond1 : 0..1);
答案 1 :(得分:1)
cond1的初始值为零,并且永远不会更改 - 无论是Spin还是代码。因此条件cond1 != 0永远不会成立。要使该选项执行,您需要设置验证以生成cond1的其他/其他值,例如:
proctype A()
{
byte cond1;
if
:: cond1 = 0;
:: cond1 = 1;
/* … */
fi;
…
}