1

I am working on a promela model that it fairly simple. Using two different modules, it acts as a crosswalk/Traffic light. The first module is the traffic light that outputs the current signal (green, red, yellow, pending). This module also receives as an input a signal called "pedestrian" which acts as an indicator that there are pedestrians wanting to cross. The second module acts as the crosswalk. It receives output signals from the traffic light module (green, yellow, green). It outputs the pedestrian signal to the traffic light module. This module simply defines whether the pedestrian(s) is crossing, waiting or not present. My issue is that upon running the model in Spin, it times out once the crosswalk begins toe execute its first few statements. I have attached the image of the trace I receive from the command line. I am completely new to Spin and Promela and so I am not entirely sure how to use the information form the trace to find my issue in the code. Any help is greatly appreciated.

Here is the code for the complete model:

mtype = {red, green, yellow, pending, none, crossing, waiting};
mtype traffic_mode;
mtype crosswalk_mode;
byte count;
chan pedestrian_chan = [0] of {byte};  
chan sigR_chan = [0] of {byte};
chan sigG_chan = [0] of {byte};
chan sigY_chan = [0] of {byte};

ltl l1 {!<> (pedestrian_chan[0] == 1) && (traffic_mode == green || traffic_mode == yellow || traffic_mode == pending)}
ltl l2 {[]<> (pedestrian_chan[0] == 1) -> crosswalk_mode == crossing }

active proctype traffic_controller(chan pedestrian_in, sigR_out, sigG_out, sigY_out)

{

do
    ::if
      ::(traffic_mode == red) -> 
        count = count + 1;
        if
        ::(count >= 60) ->
            sigG_out ! 1;
            count = 0;
            traffic_mode = green;
        fi
      ::(traffic_mode == green) -> 
        if
        ::(count < 60) ->
            count = count + 1;
            traffic_mode = green;
        ::(pedestrian_in == 1 & count < 60) ->
            count = count + 1;
            traffic_mode = pending;
        ::(pedestrian_in == 1 & count >= 60)
            count = 0;
            traffic_mode = yellow;
        fi
      ::(traffic_mode == pending) ->
        count = count + 1;
        traffic_mode = pending;
        if
        ::(count >= 60) ->
            sigY_out ! 1;
            count = 0;
            traffic_mode = yellow;
        fi  
      ::(traffic_mode == yellow) ->
        count = count + 1;
        traffic_mode = yellow;
        if
        ::(count >= 5) ->
            sigR_out ! 1;
            count = 0;
        fi
      fi
od  

}



active proctype crosswalk(chan sigR_in, sigG_in, sigY_in, pedestrian_out)

{
do
    ::if
      ::(crosswalk_mode == crossing) ->
        if
        ::(sigG_in == 1) -> crosswalk_mode = none;
        fi
      ::(crosswalk_mode == none) ->
        if  
        :: (1 == 1) -> crosswalk_mode = none;
        :: (1 == 1) -> 
            pedestrian_out ! 1;
            crosswalk_mode = waiting;
        fi
      ::(crosswalk_mode == waiting) ->
        if
        ::(sigR_in == 1) -> crosswalk_mode = crossing;
        fi
      fi
od   
}   
init

{
    count = 0;
    traffic_mode = red;
    crosswalk_mode = crossing;

    atomic
    {
        run traffic_controller(pedestrian_chan, sigR_chan, sigG_chan, sigY_chan);
        run crosswalk(sigR_chan, sigG_chan, sigY_chan, pedestrian_chan);
    }
}


[![enter image description here][1]][1]

enter image description here

4

1 回答 1

2

这个问题很容易发现,系统在这里卡住了这段代码:

    if
    ::(count >= 60) ->
        sigG_out ! 1;
        count = 0;
        traffic_mode = green;
    fi

如果count不大于或等于会发生什么60

进程不能执行(唯一的)分支,因为条件是false,所以它们都停在那里等待它成为true未来的某个时间。

您应该提供一个替代分支,else -> skip这样流程就可以简单地通过该if ... fi语句。

于 2017-04-06T09:02:41.540 回答