0.3 Modeling concurrent processes (Page 16/21)

Page 16 / 21

You might have noticed that this example (unlike earlier ones) only has each process perform their critical section once.No problem, we can put that in a do loop: 1 /* An overflow bug sneaks into our Mutual exclusion, uh-oh! 2 * Lamport's "Bakery algorithm"3 * Procs which communicate only through ticket[].4 */ 56 byte ticket[2];7 int data = 0; 89 active [2] proctype customer()10 { 11 pid me = _pid;12 pid peer = 1-_pid; 1314 do 15 :: skip; /* Doing some non-critical work... */16 17 ticket[me]= 1; /* Declare desire to enter crit section. */18 ticket[me] = ticket[peer]+1; 19 ((ticket[peer]== 0) || (ticket[me]<ticket[peer])) ->20 21 /* Entering critical section. */22 data++; 23 assert (data == 1);24 data--; 25 /* Leaving critical section. */26 27 ticket[me]= 0; /* Relinquish our ticket-number. */ 28 od;29 } SPIN verifies thiwait a moment, the verification fails! And at depth 2058, no less.What's going on? A clue can be found in scrutinizing the output: spin: line 17 "mutexG2.pml", Error: value (256->0 (8)) truncated in assignment Our variable ticket , a byte , is overflowing!

Describe one example trace, where ticket can keep incrementing until overflow.
Does this overflow necessarily happen in every run?
What is the probability that this overflow will occur?
While changing the type of ticket from byte to int changes nothing conceptually, it does change SPIN's verification. Re-run the verification with this change.What is the difference?

Call the two processes P1 and P2.P1 might get the first ticket =1 and enter its critical section.While there, P2 takes ticket =2, blocking until P1 is done.Then P2 enters its critical section, but before P2 finishes P1 again requests its critical section,taking ticket =3. This process repeatseach process requesting the criticalsection (and bumping up the ticket number) before its peer finishes.
No. If there is a moment when no processes are wanting thecritical section, then the ticket number (intentionally) drops back to zero.
This is a trick question (as we've mentionedin a previous problem's solution ): For example,road construction may fundamentally shift the rate of clients in the bakery,or scheduling might even become adaptively adversarial (perhaps:a grudge-holding customer trying to continually thwart another customer, by continually taking numbers just toask for a glass of water).
SPIN runs out of state space before it detects the cycle.This justifies our initial use of byte : there is no conceptual difference in the verification errorsbetween using byte and int , but by keeping the state space from being extraneously large,we get better insight to what the difficulty was. (Imagine if we'd used int firstwe might have seen the state-space error, presumed that other parts ofour program made verification infeasible, crossed our fingers and given up.)

<< Chapter < Page Page > Chapter >>

Read also:

Get Jobilize Job Search Mobile App in your pocket Now!

100% Free Mobile Applications
Receive real-time job alerts and never miss the right job again

Source: OpenStax, Model checking concurrent programs. OpenStax CNX. Oct 27, 2005 Download for free at http://cnx.org/content/col10294/1.3

Google Play and the Google Play logo are trademarks of Google Inc.

Notification Switch

Would you like to follow the 'Model checking concurrent programs' conversation and receive update notifications?

Ask

	4 Psychology MCQ 2009 Final Exam By John Gabrieli Start Exam
	Financial Markets By Keyaira Braxton Start Exam
©flickr: Tim	Hazard Quiz By Royalle Moore Start Quiz
©flickr: Luis	Final Exam Review By Madison Christian Start Exam
	2011 Dynamics CRM By Danielrosenberger Start Quiz
	10 Sociology 10 Global Inequality MCQ By OpenStax Start Quiz
©flickr: Steve	C Programming Language By JavaChamp Team Start Quiz
	2 Neuroanatomy 02 Brain External Features By Stephen Voron Start Quiz
©flickr: U.S.	Biology Chapter 10 By Michael Sag Start Exam
	1 Timeshare 1 By Jams Kalo Start Quiz