使用Spin进行Promela建模

时间:2017-04-06 21:37:04

标签: model-checking spin promela

我正在研究一种相当简单的promela模型。它使用两个不同的模块,充当人行横道/交通信号灯。第一个模块是交通灯,输出当前信号(绿色,红色,黄色,待定)。该模块还接收称为"行人"的信号作为输入。这可以作为行人想要穿越的指标。第二个模块充当人行横道。它接收来自交通信号灯模块的输出信号(绿色,黄色,绿色)。它将行人信号输出到交通信号灯模块。该模块简单地定义了行人是否正在穿越,等待或不在场。我的问题是,一旦计数值变为60,就会发生超时。我相信声明" SigG_out! 1"导致错误,但我不知道为什么。我附加了从命令行收到的跟踪图像。我是Spin和Promela的新手,因此我不确定如何使用跟踪信息在代码中查找我的问题。非常感谢任何帮助。

以下是完整模型的代码:

mtype = {red, green, yellow, pending, none, crossing, waiting};
mtype traffic_mode;
mtype crosswalk_mode;
int count;
chan pedestrian_chan = [0] of {byte};

chan sigR_chan = [0] of {byte};

chan sigG_chan = [0] of {byte};

chan sigY_chan = [0] of {byte};

ltl l1 {!<> (pedestrian_chan[0] == 1) && (traffic_mode == green || traffic_mode == yellow || traffic_mode == pending)}
ltl l2 {[]<> (pedestrian_chan[0] == 1) -> crosswalk_mode == crossing }

proctype traffic_controller(chan pedestrian_in, sigR_out, sigG_out, sigY_out)

{

do
    ::if
      ::(traffic_mode == red) -> 
        count = count + 1;
        if
        ::(count >= 60) ->
            sigG_out ! 1;
            count = 0;
            traffic_mode = green;
        :: else -> skip;
        fi
      ::(traffic_mode == green) -> 
        if
        ::(count < 60) ->
            count = count + 1;
        ::(pedestrian_in == 1 & count < 60) ->
            count = count + 1;
            traffic_mode = pending;
        ::(pedestrian_in == 1 & count >= 60)
            count = 0;
            traffic_mode = yellow;
        fi
      ::(traffic_mode == pending) ->
        count = count + 1;
        if
        ::(count >= 60) ->
            sigY_out ! 1;
            count = 0;
            traffic_mode = yellow;
        ::else -> skip;
        fi  
      ::(traffic_mode == yellow) ->
        count = count + 1;
        if
        ::(count >= 5) ->
            sigR_out ! 1;
            count = 0;
            traffic_mode = red;
        :: else -> skip;
        fi
      fi
od  

}



proctype crosswalk(chan sigR_in, sigG_in, sigY_in, pedestrian_out)

{
do
    ::if
      ::(crosswalk_mode == crossing) ->
        if
        ::(sigG_in == 1) -> crosswalk_mode = none;
        fi
      ::(crosswalk_mode == none) ->
        if  
        :: (1 == 1) -> crosswalk_mode = none
        :: (1 == 1) -> 
            pedestrian_out ! 1
            crosswalk_mode = waiting
        fi
      ::(crosswalk_mode == waiting) ->
        if
        ::(sigR_in == 1) -> crosswalk_mode = crossing;
        fi
      fi
od   
}


init

{

    count = 0;

    traffic_mode = red;

    crosswalk_mode = crossing;


    atomic
    {
        run traffic_controller(pedestrian_chan, sigR_chan, sigG_chan, sigY_chan);
        run crosswalk(sigR_chan, sigG_chan, sigY_chan, pedestrian_chan);
    }

}

enter image description here

1 个答案:

答案 0 :(得分:1)

您错误地使用了channels,尤其是这条线我甚至不知道如何解释它:

:: (sigG_in == 1) ->

  1. 您的频道同步,这意味着每当进程发送某一方时,另一个进程必须在上侦听 频道的另一端,以便传递消息。否则,进程阻止直到情况发生变化。您的频道同步,因为您宣称它们的大小为0

  2. 要从频道中读取,您需要使用正确的语法:

    int some_var;
...
some_channel?some_var;
// here some_var contains value received through some_channel

    3. 使用三个不同的通道发送不同的信号似乎毫无意义。那么使用三个不同的值呢?

    mtype = { RED, GREEN, YELLOW };
chan c = [0] of { mtype };
...
c!RED
...
// (some other process)
...
mtype var;
c?var;
// here var contains RED
...
相关问题
最新问题