通讯协议 ( 例子 )

通讯协议 (例子)

通讯协议 B A

通讯协议 B A R S

通讯协议 B A cha chb chr R S chs

通讯协议 prb pra cha chb chr prr pss ibuf[] recv[] m p obuf[] busy[] s q chs M W QS

通讯协议模型(主程序) VVM ft001 DEFINE QS=2 QSL=1 M=4 ML=3 W=2 WL=1 rr=0 ss=1 aa=2 bb=3 VAR err: 0..1; INIT err=0; PROC chr: chrs(); chs: chrs(); cha: chab(); chb: chab(); pra: mpra(); prb: mprb(); SPEC AG(err!=1);

进程模块说明1(通道) MODULE chrs() VAR contents[0..QSL]: {ack,red,green,blue}; seq[0..QSL]: 0..ML; len: 0..QS; start: 0..QSL; INIT (for xx in [0..QSL]): contents[xx]=0; (for xx in [0..QSL]): seq[xx]=0; len=0; start=0; TRANS len>0: (len,start):=(len-1,(start+1)%M); //loosy channel

进程模块说明2(通道) MODULE chab() VAR contents[0..QSL]: {ack,red,green,blue}; len: 0..QS; start: 0..QSL; INIT (for xx in [0..QSL]): contents[xx]=0; len=0; start=0; TRANS FALSE: TRUE;

过程说明1 PROCEDURE chget(nn,c,s) VAR INIT TRANS nn=rr: (c,s,chr.start,chr.len):=( chr.contents[chr.start],chr.seq[chr.start], (chr.start+1)%QS,chr.len-1)&RETURN; nn=ss: (c,s,chs.start,chs.len):=( chs.contents[chs.start],chs.seq[chs.start], (chs.start+1)%QS,chs.len-1)&RETURN; nn=aa: (c,cha.start,cha.len):=( cha.contents[cha.start],(cha.start+1)%QS,cha.len-1)&RETURN; nn=bb: (c,chb.start,chb.len):=( chb.contents[chb.start],(chb.start+1)%QS,chb.len-1)&RETURN;

过程说明2 PROCEDURE chput(nn,c,s) VAR pc: {s0,s1}; pos: 0..QS; INIT pc=s0; pos=0; TRANS nn=0&pc=s0: (pos,pc):=((chr.start+chr.len)%QS,s1); nn=0&pc=s1: (chr.contents[pos],chr.seq[pos],chr.len):=( c,s,chr.len+1)&RETURN; nn=1&pc=s0: (pos,pc):=((chs.start+chs.len)%QS,s1); nn=1&pc=s1: (chs.contents[pos],chs.seq[pos],chs.len):=( c,s,chs.len+1)&RETURN; nn=2&pc=s0: (pos,pc):=((cha.start+cha.len)%QS,s1); nn=2&pc=s1: (cha.contents[pos],cha.len):=(c,cha.len+1)&RETURN; nn=3&pc=s0: (pos,pc):=((chb.start+chb.len)%QS,s1); nn=3&pc=s1: (chb.contents[pos],chb.len):=(c,chb.len+1)&RETURN;

进程模块说明3(pss) MODULE mpss() VAR busy[0..ML]: 0..1; obuf[0..ML]: {ack,red,green,blue}; q: 0..ML; s: 0..ML; //q=oldest unacked,s=next to send y: 0..ML; wd: 0..W; INIT (for xx in [0..ML]): busy[xx]=0; (for xx in [0..ML]): obuf[xx]=0; q=0; s=0; y=0; wd=0; TRANS wd<W&cha.len>0&chr.len<QS: mpsscase1(wd,s)&(wd):=(wd); chs.len>0: chget(ss,ack,y)&(busy[y]):=(0); wd>0&busy[q]=0: (wd,q):=(wd-1,(q+1)%M); chr.len<QS&wd>0&busy[q]=1: mpsscase2(q)&(wd):=(wd);

过程说明3a PROCEDURE mpsscase1(wd,s) VAR pc: {s0,s1,s2,s3}; tmp: {ack,red,green,blue}; INIT pc=s0; tmp=0; TRANS pc=s0: chget(aa,tmp,s)&(pc):=(s1); pc=s1: (wd,pss.busy[s],pss.obuf[s],pc):=(wd+1,1,tmp,s2); pc=s2: chput(rr,tmp,s)&(s):=((s+1)%M)&RETURN;

过程说明3b PROCEDURE mpsscase2(q) VAR pc: {s0,s1}; tmp: {ack,red,green,blue}; INIT pc=s0; TRANS pc=s0: (tmp,pc):=(pss.obuf[q],s1); pc=s1: chput(rr,tmp,q)&RETURN;

进程模块说明4(prr) MODULE mprr() VAR recv[0..ML]: 0..1; ibuf[0..ML]: {ack,red,green,blue}; p: 0..ML; m: 0..ML; //p=last acked, m=last received INIT (for xx in [0..ML]): recv[xx]=0; (for xx in [0..ML]): ibuf[xx]=0; p=0; m=0; TRANS chr.len>0: mprrcase1(m,p)&(m):=(m); recv[p]=1&chb.len<QS&chs.len<QS: mprrcase2(p)&(m):=(m);

过程说明4a PROCEDURE mprrcase1(m,p) VAR pc: {s0,s1,s2}; tmp: {ack,red,green,blue}; INIT pc=s0; tmp=0; TRANS pc=s0: chget(rr,tmp,m)&(pc):=(s1); pc=s1&prr.recv[m]=1&((p>m&p-m<=W)|(p+M>m&p+M-m<=W)): chput(ss,ack,m)&RETURN; pc=s1&prr.recv[m]=1&!((p>m&p-m<=W)|(p+M>m&p+M-m<=W)): RETURN; pc=s1&prr.recv[m]=0: (prr.ibuf[m],prr.recv[m],pc):=(tmp,1,s2); pc=s2: (prr.recv[(m+M-W)%M],pc):=(0,s2)&RETURN;

过程说明4b PROCEDURE mprrcase2(p) VAR pc: {s0,s1,s2,s3}; tmp: {ack,red,green,blue}; INIT pc=s0; tmp=0; TRANS pc=s0: (tmp,pc):=(prr.ibuf[p],s1); pc=s1: chput(bb,tmp,0)&(pc):=(s2); pc=s2: chput(ss,ack,p)&(p,pc):=((p+1)%M,s3); pc=s3: RETURN;

进程模块说明(测试进程pra) MODULE mpra() VAR pc: {s0,s1,s2,s3}; INIT pc=s0; TRANS pc=s0&cha.len<QS: chput(aa,red,0)&(pc):=(s1); pc=s1&cha.len<QS: chput(aa,red,0)&(pc):=(s1); pc=s1&cha.len<QS: chput(aa,green,0)&(pc):=(s2); pc=s2&cha.len<QS: chput(aa,green,0)&(pc):=(s2); pc=s2&cha.len<QS: chput(aa,blue,0)&(pc):=(s3); pc=s3&cha.len<QS: chput(aa,blue,0)&(pc):=(s3);

进程模块说明(测试进程prb) MODULE mprb() VAR x: {ack,red,green,blue}; pc: {s0,s1,s2,s3,s4,s5,s6,s7}; INIT x=0; pc=s0; TRANS pc=s0&chb.len>0: chget(bb,x,0)&(pc):=(s1); pc=s1&x=red: (pc):=(s2); pc=s1&x!=red: (err,pc):=(1,s1);

进程模块说明(续) pc=s2&chb.len>0: chget(bb,x,0)&(pc):=(s3); pc=s3&x=red: (pc):=(s2); pc=s3&x=green: (pc):=(s4); pc=s3&x!=red&x!=green: (err,pc):=(1,s3); pc=s4&chb.len>0: chget(bb,x,0)&(pc):=(s5); pc=s5&x=green: (pc):=(s4); pc=s5&x=blue: (pc):=(s6); pc=s5&x!=green&x!=blue: (err,pc):=(1,s5); pc=s6&chb.len>0: chget(bb,x,0)&(pc):=(s7); pc=s7&x=blue: (pc):=(s6); pc=s7&x!=blue: (err,pc):=(1,s7);

模型检测 ./verds -ck 1 ft001.vvm VERSION: verds 1.43 - JAN 2013 FILE: ft001.vvm PROPERTY: A G (err B 1 ) bound = 0 time = 2 ---------- time = 2 bound = 1 time = 2 ---------- time = 2 bound = 2 time = 2 ---------- time = 2 . . bound =102 time = 58706 ---------- time = 58706 bound =103 time = 58824 ---------- time = 58824 CONCLUSION: TRUE (time=58824)

可达性问题

通讯协议模型(主程序) VVM ft001 DEFINE QS=2 QSL=1 M=4 ML=3 W=2 WL=1 rr=0 ss=1 aa=2 bb=3 VAR err: 0..1; INIT err=0; PROC chr: chrs(); chs: chrs(); cha: chab(); chb: chab(); pra: mpra(); prb: mprb(); SPEC AG(err!=1); AG(prb.pc!=s7);

模型检测 ./verds -Xce -ck 2 ft001.vvm VERSION: verds 1.43 - JAN 2013 FILE: ft001.vvm PROPERTY: A G (err B 1 ) bound = 0 time = 2 ---------- time = 2 bound = 1 time = 2 ---------- time = 2 bound = 2 time = 2 ---------- time = 2 . . bound = 26 time = 1449 ---------- time = 1449 bound = 27 time = 1637 ---------- time = 1637 CONCLUSION: FALSE (time=1986)

验证过程 建模验证问题 Model VERDS Model Checker Positive Conclusion Negative Conclusion 安全性质 Error Trace http://lcs.ios.ac.cn/~zwh/verds/

问题?

通讯协议 ( 例子 )

通讯协议 ( 例子 )

Presentation Transcript