Download - Q1:Royal Garden’s Puzzle as a Model Checking Problem Pictures from UbiSoft HW6: Due Dec 4th 23:59
Q1:Royal Garden’s Puzzle as a Model Checking Problem
Pictures from UbiSoft
HW6: Due Dec 4th 23:59
• http://www.youtube.com/watch?v=1xv4KSUGSS8&hl=ko
R1 R2 R3 R4
R8 R9 R10 R11
R5 R6 R7
H1 H2
H3 H4
Source
Sink Handle Areas rotated
H1 R1,R2,R5,R6
H2 R2,R3,R4,R6,R7
H3 R5,R6,R8,R9,R10
H4 -R6,R7,-R10,R11
Type A
Type B
Type C
1. Write down a C model and a Promela model to solve the puzzle by using CBMC and Spina. Use assert statement to detect when the route is establishedb. Find and explain the shortest solution by analyzing
counter examples. Also show that why your solution is the shortest one for the route
a. Hint: there exists a solution less than 10 steps
c. Report the complexity of the problem– i.e., # of clauses and variables, # of states, memory usage, verifica-
tion time, etc.
/* Assume that there are two processes */char count=0,x=0,y=0,z=0;
void process() { char me=_pid +1; /* me is 1 or 2*/again:
x= me;if (y ==0 || y== me) ;else goto again;
z =me;if (x == me) ;else goto again;
y=me;if(z==me);else goto again; /* enter a critical section */count++;
InCritSec: … count --;/* leaving a critical section */
goto again;}
a. To specify a corresponding Promela specification
– Note that no atomic allowed
b. To specify the following properties in LTL
– Note that procname[pid]@label returns a nonzero value only if a statement at the corresponding label is executable now
1. Mutual exclusion2. Deadlock-freedom3. Starvation-freedom
c. Check if your Promela spec satisfies the above 3 properties by using Spin.
Also explain the counter examples.
2. Faulty mutual exclusion algorithm
3. Build the following mutual exclusion protocol in Promela. - Your Promela spec should contain 2 processes. - You should use a global lock with atomic keyword to check
entrance to the critical section. - Verify the following correctness properties of your Promela model
– Mutual exclusion – Liveness
mtype ={n,t,c}byte lock=0;
active [2] proctype process() { byte status=n; …}
4. Build the following mutual exclusion protocol in Promela. And verify the correctness of your Promela model– Mutual exclusion – Liveness– You may use a global variable turn to indicate which process has a higher pri-
ority to enter critical section– Note that you can access a local variable of the other processes through re-
mote reference procname[pid]:localvar
mtype={n,t,c}; byte lock;byte turn=255;
active [2] proctype process() { …}