Embed Size (px)
DESCRIPTION
通讯协议 ( 例子 ). 通讯协议. B. A. 通讯协议. B. A. R. S. 通讯协议. B. A. R. S. 通讯协议. B. A. cha. chb. chr. R. S. chs. 通讯协议. prb. pra. cha. chb. chr. prr. pss. ibuf[] recv[] m p. obuf[] busy[] s q. chs. M W QS. 通讯协议模型 ( 主程序 ). VVM ft001 DEFINE QS=2 - PowerPoint PPT Presentation
Citation preview
通讯协议 ( 例子 )
通讯协议
BBAA
通讯协议
BBAA
SS RR
通讯协议
BBAA
SS RR
通讯协议
BBchacha
AA
SS RR
chbchb
chrchr
chschs
通讯协议
prbprbchacha
prapra
psspss prrprr
chbchb
chrchr
chschs obuf[] busy[] s q
ibuf[] recv[] m p
MWQS
通讯协议模型 ( 主程序 )VVM ft001 DEFINE QS=2 QSL=1 M=4 ML=3 W=2 WL=1 rr=0 ss=1 aa=2 bb=3
VAR err: 0..1;INIT err=0;PROC chr: chrs(); chs: chrs(); cha: chab(); chb: chab(); pra: mpra(); prb: mprb();SPEC AG(err!=1);
进程模块说明 1( 通道 )MODULE chrs()VAR contents[0..QSL]: {ack,red,green,blue}; seq[0..QSL]: 0..ML; len: 0..QS; start: 0..QSL;INIT (for xx in [0..QSL]): contents[xx]=0; (for xx in [0..QSL]): seq[xx]=0; len=0; start=0;TRANS len>0: (len,start):=(len-1,(start+1)%M); //loosy channel
进程模块说明 2( 通道 )MODULE chab()VAR contents[0..QSL]: {ack,red,green,blue}; len: 0..QS; start: 0..QSL;INIT (for xx in [0..QSL]): contents[xx]=0; len=0; start=0;TRANS FALSE: TRUE;
过程说明 1PROCEDURE chget(nn,c,s)VARINITTRANS nn=rr: (c,s,chr.start,chr.len):=( chr.contents[chr.start],chr.seq[chr.start], (chr.start+1)%QS,chr.len-1)&RETURN; nn=ss: (c,s,chs.start,chs.len):=( chs.contents[chs.start],chs.seq[chs.start], (chs.start+1)%QS,chs.len-1)&RETURN; nn=aa: (c,cha.start,cha.len):=( cha.contents[cha.start],(cha.start+1)%QS,cha.len-1)&RETURN; nn=bb: (c,chb.start,chb.len):=( chb.contents[chb.start],(chb.start+1)%QS,chb.len-1)&RETURN;
过程说明 2PROCEDURE chput(nn,c,s)VAR pc: {s0,s1}; pos: 0..QS;INIT pc=s0; pos=0;TRANS nn=0&pc=s0: (pos,pc):=((chr.start+chr.len)%QS,s1); nn=0&pc=s1: (chr.contents[pos],chr.seq[pos],chr.len):=( c,s,chr.len+1)&RETURN; nn=1&pc=s0: (pos,pc):=((chs.start+chs.len)%QS,s1); nn=1&pc=s1: (chs.contents[pos],chs.seq[pos],chs.len):=( c,s,chs.len+1)&RETURN; nn=2&pc=s0: (pos,pc):=((cha.start+cha.len)%QS,s1); nn=2&pc=s1: (cha.contents[pos],cha.len):=(c,cha.len+1)&RETURN; nn=3&pc=s0: (pos,pc):=((chb.start+chb.len)%QS,s1); nn=3&pc=s1: (chb.contents[pos],chb.len):=(c,chb.len+1)&RETURN;
进程模块说明 3(pss)MODULE mpss()VAR busy[0..ML]: 0..1; obuf[0..ML]: {ack,red,green,blue}; q: 0..ML; s: 0..ML; //q=oldest unacked,s=next to send y: 0..ML; wd: 0..W; INIT (for xx in [0..ML]): busy[xx]=0; (for xx in [0..ML]): obuf[xx]=0; q=0; s=0; y=0; wd=0;TRANS wd<W&cha.len>0&chr.len<QS: mpsscase1(wd,s)&(wd):=(wd); chs.len>0: chget(ss,ack,y)&(busy[y]):=(0); wd>0&busy[q]=0: (wd,q):=(wd-1,(q+1)%M); chr.len<QS&wd>0&busy[q]=1: mpsscase2(q)&(wd):=(wd);
过程说明 3aPROCEDURE mpsscase1(wd,s)VAR pc: {s0,s1,s2,s3}; tmp: {ack,red,green,blue};INIT pc=s0; tmp=0;TRANS pc=s0: chget(aa,tmp,s)&(pc):=(s1); pc=s1: (wd,pss.busy[s],pss.obuf[s],pc):=(wd+1,1,tmp,s2); pc=s2: chput(rr,tmp,s)&(s):=((s+1)%M)&RETURN;
过程说明 3bPROCEDURE mpsscase2(q)VAR pc: {s0,s1}; tmp: {ack,red,green,blue};INIT pc=s0;TRANS pc=s0: (tmp,pc):=(pss.obuf[q],s1); pc=s1: chput(rr,tmp,q)&RETURN;
进程模块说明 4(prr)MODULE mprr()VAR recv[0..ML]: 0..1; ibuf[0..ML]: {ack,red,green,blue}; p: 0..ML; m: 0..ML; //p=last acked, m=last receivedINIT (for xx in [0..ML]): recv[xx]=0; (for xx in [0..ML]): ibuf[xx]=0; p=0; m=0;TRANS chr.len>0: mprrcase1(m,p)&(m):=(m); recv[p]=1&chb.len<QS&chs.len<QS: mprrcase2(p)&(m):=(m);
过程说明 4aPROCEDURE mprrcase1(m,p)VAR pc: {s0,s1,s2}; tmp: {ack,red,green,blue};INIT pc=s0; tmp=0;TRANS pc=s0: chget(rr,tmp,m)&(pc):=(s1); pc=s1&prr.recv[m]=1&((p>m&p-m<=W)|(p+M>m&p+M-m<=W)): chput(ss,ack,m)&RETURN; pc=s1&prr.recv[m]=1&!((p>m&p-m<=W)|(p+M>m&p+M-m<=W)): RETURN; pc=s1&prr.recv[m]=0: (prr.ibuf[m],prr.recv[m],pc):=(tmp,1,s2); pc=s2: (prr.recv[(m+M-W)%M],pc):=(0,s2)&RETURN;
过程说明 4bPROCEDURE mprrcase2(p)VAR pc: {s0,s1,s2,s3}; tmp: {ack,red,green,blue};INIT pc=s0; tmp=0;TRANS pc=s0: (tmp,pc):=(prr.ibuf[p],s1); pc=s1: chput(bb,tmp,0)&(pc):=(s2); pc=s2: chput(ss,ack,p)&(p,pc):=((p+1)%M,s3); pc=s3: RETURN;
进程模块说明 ( 测试进程 pra)MODULE mpra()VAR pc: {s0,s1,s2,s3};INIT pc=s0;TRANS pc=s0&cha.len<QS: chput(aa,red,0)&(pc):=(s1); pc=s1&cha.len<QS: chput(aa,red,0)&(pc):=(s1); pc=s1&cha.len<QS: chput(aa,green,0)&(pc):=(s2); pc=s2&cha.len<QS: chput(aa,green,0)&(pc):=(s2); pc=s2&cha.len<QS: chput(aa,blue,0)&(pc):=(s3); pc=s3&cha.len<QS: chput(aa,blue,0)&(pc):=(s3);
进程模块说明 ( 测试进程 prb)MODULE mprb()VAR x: {ack,red,green,blue}; pc: {s0,s1,s2,s3,s4,s5,s6,s7};INIT x=0; pc=s0;TRANS pc=s0&chb.len>0: chget(bb,x,0)&(pc):=(s1); pc=s1&x=red: (pc):=(s2); pc=s1&x!=red: (err,pc):=(1,s1);
进程模块说明 ( 续 ) pc=s2&chb.len>0: chget(bb,x,0)&(pc):=(s3); pc=s3&x=red: (pc):=(s2); pc=s3&x=green: (pc):=(s4); pc=s3&x!=red&x!=green: (err,pc):=(1,s3); pc=s4&chb.len>0: chget(bb,x,0)&(pc):=(s5); pc=s5&x=green: (pc):=(s4); pc=s5&x=blue: (pc):=(s6); pc=s5&x!=green&x!=blue: (err,pc):=(1,s5);
pc=s6&chb.len>0: chget(bb,x,0)&(pc):=(s7); pc=s7&x=blue: (pc):=(s6); pc=s7&x!=blue: (err,pc):=(1,s7);
模型检测./verds -ck 1 ft001.vvmVERSION: verds 1.43 - JAN 2013FILE: ft001.vvmPROPERTY: A G (err B 1 )bound = 0 time = 2---------- time = 2bound = 1 time = 2---------- time = 2bound = 2 time = 2---------- time = 2..bound =102 time = 58706---------- time = 58706bound =103 time = 58824---------- time = 58824CONCLUSION: TRUE (time=58824)
可达性问题
通讯协议模型 ( 主程序 )VVM ft001 DEFINE QS=2 QSL=1 M=4 ML=3 W=2 WL=1 rr=0 ss=1 aa=2 bb=3
VAR err: 0..1;INIT err=0;PROC chr: chrs(); chs: chrs(); cha: chab(); chb: chab(); pra: mpra(); prb: mprb();SPEC AG(err!=1); AG(prb.pc!=s7);
模型检测./verds -Xce -ck 2 ft001.vvmVERSION: verds 1.43 - JAN 2013FILE: ft001.vvmPROPERTY: A G (err B 1 )bound = 0 time = 2---------- time = 2bound = 1 time = 2---------- time = 2bound = 2 time = 2---------- time = 2..bound = 26 time = 1449---------- time = 1449bound = 27 time = 1637---------- time = 1637CONCLUSION: FALSE (time=1986)
验证过程
验证问题验证问题 ModelModel建模建模
VERDSModel Checker
VERDSModel Checker
Positive Conclusion
Positive Conclusion
http://lcs.ios.ac.cn/~zwh/verds/
Negative ConclusionNegative
Conclusion
Error TraceError Trace
安全性质
问题 ?
