mtype = {M_UP, M_DW};
#define LEN 0
chan Chan_data_down = [LEN] of {mtype};chan Chan_data_up = [LEN] of {mtype};
proctype P1 (chan Chan_data_in, Chan_data_out){ do :: Chan_data_in ? M_UP -> skip; :: Chan_data_out ! M_DW -> skip; od;};proctype P2 (chan Chan_data_in, Chan_data_out){ do :: Chan_data_in ? M_DW -> skip; :: Chan_data_out ! M_UP -> skip; od;};
init{ atomic { run P1 (Chan_data_down, Chan_data_up); run P2 (Chan_data_up, Chan_data_down); }}Wednesday, March 18, 2009
010 - A running Promela model
Why does this code run and don't deadlock?
Subscribe to:
Post Comments (Atom)
Popular Posts
-
10May2021: Moved to https://www.teigfam.net/oyvind/home/older-blog-notes/
-
Updated 8Jan11 Intro Being year's passover 2010/11 it may be late to comment on a paper I found in a pile of IEEE Computer magazines...
-
1. From Apple Pages to iPhoto and your own paper book I have now for the second time used Apple Pages and iPhoto to make my own books. Appl...
-
Updated 15Aug11 Intro The scope of this post is to learn how the renewed C and C++ standards may help programmers of concurrent systems ...
Øyvind Teig
- aclassifier
- Trondheim, Norway
All new blogs and new home page start at
http://www.teigfam.net/oyvind/home
Overview of old blog notes here
My technology blog was at
http://oyvteig.blogspot.com
and my handicraft blog was at
http://oyvteig-2.blogspot.com
PS: just call me "Oyvind"
All statements in an if or do have the same priority here (because there isn't an unless clause). Each transition is checked for "executability". Rendezvous communication statements (synchronous send and receives) set a local variable (rv) that represent the channel and that it is synchronous.
ReplyDeleteA wish for a send sets a "handshake" representing the wish and the channel. If a receive statement wish to receive on a channel on which a handshake is active then, provided the pattern-match fits, it will become executable (rv matches the handshake). In your example all receive-statements matches the sends, and then a non-deterministic choice is made between them. As at least one transition is possible there is no deadlock.
Remember that the semantics are defined on the global/complete state-machine, and all statements are checked for executability before one is chosen. Hope this helps.
Can you say why you originally thought that it should deadlock? is it because of the skip statements (which are redundant of course) ?
ReplyDeleteBy reading it, and mentally thinking about the two equal parts, with respect to input and output. The two parties wanting and providing the services of and to each other - symmetrically - would naturally ring a deadlock bell in my head! At the moment, being new to Promela, I in a way disagree with the non-deadlocking semantics. I haven't yet learned that behaviour! Is there too much "Promela semantics" below this code, causing it not to deadlock?
ReplyDeleteI have tried to make a summary of this at the Wikipedia Promela article (after some private communications as well). See http://en.wikipedia.org/wiki/Promela. Try Executability.
ReplyDelete