1. Home
  2. Model checking concurrent
  3. Model checking concurrent
  4. Using temporal logic to specify

0.5 Using temporal logic to specify properties  (Page 9/11)

<< Chapter < Page
  Model checking concurrent     Page 9 / 11
Chapter >> Page >

For our simple producer/consumer model, what is the basic property we'd like to guarantee?Roughly, ``each product is consumed exactly once''. That is, Produce and Consume are called alternatingly,starting with Produce. (In particular, as stated this precludes modeling``produce twice and queue the results''.)

Expressing this actually requires several clauses. Give colloquial English translations of the followingLTL formulas. We can make the generic model a bit concrete byinterpreting startProduce and finishProduce as starting and finishing the production of a fine, hand-craftedale, with startConsume , finishConsume corresponding to enjoying such an ale. (The more health-concious reader might preferto instead interpret these as start/finish the training for a marathon,and start/finish running a marathon, respectively.)

  • ( finishProduce startConsume )
  • ( finishProduce ( startProduce U finishConsume ) )
  • ( startConsume W finishProduce )
  • ( finishConsume ( startConsume W finishProduce ) )
  • If an ale is produced, then an ale willbe consumed (possibly immediately). Note that we don't talk about which ale is consumed; in the following clauses we will try to enforce that it really is the same ale that was recentlyproduced.
  • If an ale is produced, then no ale-productionis started until after an ale has been consumed.
  • No ale is consumed before (an initial)ale is produced. Note that a trace in which no ale is ever producedstill satisfies this formula.
  • If an ale is consumed, nothing else will be consumeduntil an(other) ale has been produced.

In the previous exercise , the formulas entailed that production of an item could noteven begin until the previous object had been entirely consumed. This requirement might make sense forthe interpretation of marathon training/running, but it doesn't seem essential to theproduction of hand-crafted ale, even if we do want to preserve the policy of never queuing up products.

Suppose we have a computer network port whose buffer can store only one web page's data at a time.The producer could correspond to some server sending a web page to that computer,and the consumer might be a browser which processes the data being received.

  • Do we want to allow the producer to be producingthe next product before the consumer finishes thecurrent one?
  • What change would you make to the formulas if you did want to allow this produce-while-consuming behavior(as in the ale interpretation)?
  • No. That would mean the buffer is being overwritten witha new web-page's data, even though the browser is still trying to process the current page in the buffer.
  • We would replace ( finishProduce ( startProduce U finishConsume ) ) with ( finishProduce ( finishProduce U finishConsume ) ) .

Note that we want to include the possibility that nothing is ever producedwe don't always want to enforce weak fairness. Consider an operating system's code for a print serverit is truly important that not owning a printer doesn't mean the OS always crashes!
<< Chapter < Page Page > Chapter >>

Read also:

Get Jobilize Job Search Mobile App in your pocket Now!

Get it on Google Play Download on the App Store Now




Source:  OpenStax, Model checking concurrent programs. OpenStax CNX. Oct 27, 2005 Download for free at http://cnx.org/content/col10294/1.3
Google Play and the Google Play logo are trademarks of Google Inc.

Notification Switch

Would you like to follow the 'Model checking concurrent programs' conversation and receive update notifications?

Ask