9

I'm pretty new at spin model checking and wanted to know what this error means:

unreached in proctype P1
    ex2.pml:16, state 11, "-end-"
    (1 of 11 states)
unreached in proctype P2
    ex2.pml:29, state 11, "-end-"
    (1 of 11 states)

here is my code:

int y1, y2;
byte insideCritical;

active proctype P1(){
do
    ::true->
        y2 = y1 + 1;
        (y1 == 0 || y2 < y1);
        /* Entering critical section */
            insideCritical++;
            assert(insideCritical < 2);
            insideCritical--;
        /* Exiting critical section */
        y2 = 0;
od
}
active proctype P2(){
do
    ::true->
        y1 = y2 + 1;
        (y2 == 0 || y1 < y2);
        /* Entering critical section */
            insideCritical++;
            assert(insideCritical < 2);
            insideCritical--;
        /* Exiting critical section */
        y1 = 0;
od
}

It actually doesn't have to end, it is a mutual exclusion program that checks if the two processes aren't at the critical section together. Does the error means that the program doesn't end? Thanks!

4

2 回答 2

7

Spin 通知您,您的 proctype 永远不会达到“结束”状态,这当然是正确的,因为它们由无限循环组成。如果这不是预期的行为,那将是有用的信息。但是,在您的情况下,您可以通过在代码中添加结束标签来告诉 Spin,允许程序以与 do-loop 对应的状态结束,例如:

active proctype P1(){
  endHere:
  do
  :: true->
    y2 = y1 + 1;
    (y1 == 0 || y2 < y1);
    /* Entering critical section */
        insideCritical++;
        assert(insideCritical < 2);
        insideCritical--;
    /* Exiting critical section */
    y2 = 0;
  od
}

结束标签是任何以“结束”开头的标签。如果您的 proctype 以这种方式标记的状态结束,Spin 将不会向您显示这些警告。

于 2014-03-31T16:06:55.537 回答
6

检查的答案是一个很好的答案;end通过适当地添加标签来明确是一种很好的形式。但是,并非总是可以这样做,因此您可以通过使用标志运行pan验证来使SPIN 静音:-n

-n : no listing of unreached states at the end of the run
于 2014-04-09T14:36:53.630 回答