我想用 nuSMV 对对称分布式四处理器三着色协议进行建模。我的规范——我确信它的正确性——必须是正确的,但是当我对“Finally”属性使用关键字“F”时,nuSMV 在第一步就给了我一个反例并停止处理下一个状态。我应该怎么做才能修复它并检查 LTL 中的 finally 属性?
这是我的 SMV 代码:
MODULE proc(former_proc ,further_proc )
VAR
self_proc : {zero, on, two};
ASSIGN
init(self_proc) :={zero, on, two};
next(self_proc) :=
case
(self_proc = two) & (further_proc = two | further_proc = zero) & (former_proc = two) : on;
(self_proc = two) & (further_proc = two) & (former_proc = zero) : zero;
(self_proc = on) & (further_proc = two | further_proc = on) & (former_proc = on) : zero;
(self_proc = on | self_proc = zero) & (further_proc = on) & (former_proc = zero) : two;
(self_proc = on) & (further_proc = zero) & (former_proc = on) : two;
(self_proc = zero) & (further_proc = zero) & (former_proc = on | former_proc = zero) : two;
TRUE : self_proc;
esac;
MODULE main
VAR
p1 : process proc( p4.self_proc ,p2.self_proc );
p2 : process proc( p1.self_proc ,p3.self_proc );
p3 : process proc( p2.self_proc ,p4.self_proc );
p4 : process proc( p3.self_proc ,p1.self_proc );
FAIRNESS running
LTLSPEC F((p1.self_proc != p2.self_proc) & (p1.self_proc != p4.self_proc) & (p2.self_proc != p3.self_proc) & (p3.self_proc != p4.self_proc))
这是我从 nuSMV 获得的反例:
-- specification F (((p1.self_proc != p2.self_proc & p1.self_proc != p4.self_proc) & p2.self_proc != p3.self_proc) & p3.self_proc != p4.self_proc) is false
-- as demonstrated by the following execution sequence
Trace Description: LTL Counterexample
Trace Type: Counterexample
-- Loop starts here
-> State: 1.1 <-
p1.self_proc = on
p2.self_proc = on
p3.self_proc = zero
p4.self_proc = zero
-> Input: 1.2 <-
_process_selector_ = main
running = TRUE
p4.running = FALSE
p3.running = FALSE
p2.running = FALSE
p1.running = FALSE
-- Loop starts here
-> State: 1.2 <-
-> Input: 1.3 <-
-> State: 1.3 <-
谢谢你。