- 120 Views
- Uploaded on
- Presentation posted in: General

CSCI 599 - Formal Methods Concurrency Examples

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Gas Station and Cruise Control

Specifications

Ronnie Apcar

Edwin Chiu

Hasmik Jerejian

November 2, 2000

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- Concurrency Issues
- Brief Tutorial of Petri Nets
- The Gas Station Specification
- The Cruise Control Specification
- Concluding Remarks
- Q&A

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- Synchronization and Communication
- Resource sharing
- Deadlock
- Starvation
- Non-determinism

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- What are Petri Nets?
- Petri Nets are a graphical formalism for systems specification

- Petri Nets are formed from finite sets of
- Places
- Transitions
- Arrows connecting either places to transitions or transitions to places

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- A Petri Net (PN) is given a state by marking its places.
- Marking of a PN consists of assigning a nonnegative integer to each place.
- Graphically, tokens are inserted in places of a PN

- Input place - arrow goes from the place to the transtion
- Output place - arrow goes from the transition to the place

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- A transition may have one or more Input and Output places
- A transition is enabled if there is at least one token in each of its input places.
- An Enabled transition may fire:
- one token is removed from each input place and one token is inserted in each ouput place of the transition

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- A Petri Net as a four-tuple (P,T,I,O), where
- P is a set of places
- T is a set of transitions
- I is an input function:
- for places leading into a transition

- O is an output function
- for places leading out of a transition

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- Describing Concurrent Systems with PN
- Transitions - model events or actions
- Transition Firings - model occurrence of events or execution of actions
- Presence of tokens - denote existence of some condition, that allow an event or action
- Transitions are concurrent - if enabled, firing of one does not prevent others from firing

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- Starvation
- a process never receives access to a needed resource

- Deadlock
- iff no transition is enabled in that marking

- Live
- no deadlock can ever occur

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- Limitations and extensions of Petri Nets
- similar to FSMs (Finite State Machines), control-oriented model
- tokens are anonymous
- solution: assigning values to tokens

- not possible to specify selection policy
- solution: prioritizing transitions

- timing issues - don’t take time into account
- solution: Timed PN

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

P2

P3

P1

1

3

4

4

7

t1

t2

P4

P5

Assigning values to tokens - Predicates and Functions

t1 associations:

P2 > P1 and

P4 := P2 + P1

t2 associations:

P3 > P2

P4 := P3 + P2

P5 := P2 + P3

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- Assumptions
- The gas filling process begins when a customer presses a nozzle, after which time the type of gas being filled cannot be changed.
- The pump nozzle and common storage tank sensors continuously sense tank fill status.
- When the set threshold of any one of the 3 common storage tanks is reached, all the pump nozzles associated with that storage tank are disabled.

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- Assumptions
- No more than one customer can be pulled up to a particular pump at any one time, thereby eliminating the previously specified race conditions.
- Each pump’s meter provides the following information:
- Amount of gas dispensed in gallons
- Total price of amount of gas dispensed.

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

Operator:

Refill_Done

Operator:

Enable_Pump

External:

Refill_Status

Operator:

Schedule_Refill

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

External:

Refill Event

Tank:

Reactivate_Fueling

Tank:

Refill_Detected

Customer:

Go_To_Operator

Pump:

Available

Serve

Customer:

At_Pump

Tank:

Not_Empty

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

Customer:

Drive_Away

Operator:

Enable_Pump

Customer:

Pumping

Customer:

Drive_Up

Customer:

Drive_Up

External:

Tank_Full

Not_Available

Customer:

Change_Status

Customer:

Stop_Pumping

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

Pump:

Available

Pump:

Available

Pump:

Not_Available

Operator:

Serve

Operator:

Available

Operator:

Available

Operator:

Busy

Pump:

Change_Status

Operator:

Customer_Paid

Pump:

Nozzle_Sensor

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

Operator:

Enabled

Tank:

Not_Empty

Pump:

Start_Fueling

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- Assumptions
- The six CC actions are implemented as pairs of actions on three separate steering column turn levers: on/off, set speed/resume speed, and accelerate/decelerate.
- Order of precedence for the CC actions:
- on/off
- set speed/resume speed
- accelerate/decelerate.

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- Assumptions
- When the cruise control system is enabled and either the accelerator pedal or brake pedal is depressed, the cruise control system is disabled and remains so until either set speed or resume speed is activated.
- Cruising speed in uphill and downhill driving conditions is not maintained by the cruise control system, and thus not modeled in the following specification.

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

CC:

Turn_CC_Off

CC:

Turn_CC_On

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

CC:

Disable_Cruising

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

Engine:

On

Gas/Break:

Pressed

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian

- Challenges
- Enforcing a certain selection property
- Maintaining global conditions throughout the system for all the states of the components
- Modeling complex multiple concurrencies
- Modeling data storage and access (e.g. Notion of variables in a programming language)

CSCI 599 Formal Methods

November 2, 2000

Concurrency Examples

R. Apcar, E. Chiu, H. Jerejian