Promela |
Declarator |
progress(2) |
NAME
progress
-
label-name prefix, for specifying progress properties (liveness).
SYNTAX
progress[a-zA-Z0-9_]*:
stmnt
DESCRIPTION
A progress label is any label-name that starts with the
eight-character sequence
progress .
It can appear anywhere a label can appear
(see
labels(3)).
A label always prefixes a statement, and thereby uniquely identifies a local process state (i.e., the source state of the transition that corresponds to the labeled statement). A progress label marks a state that is required to be traversed in any infinite execution sequence.
A progress -label can appear in a proctype , or trace declaration, but has no special semantics when used in a never claim or in notrace declarations. The labeled state appears within the transition system of the proctype or trace declaration. Because a global system state is a composite of local component states (e.g., proctype instantiations, and an optional trace component) each progress -label also marks those global system states where one or more of the component systems is labeled with an progress .
A progress -label defines the correctness claim that the labeled global system state is required to be visited infinitely often in any infinite system execution.
EXAMPLES
active proctype dijkstra()
{ do
:: sema!p ->
progress: sema?v
od
}
The requirement expressed here is that any infinite system
execution contains infinitely many executions of the statement
sema?v ,
and therefore (in this case) also infinitely many statements
sema!p .
NOTES
Progress labels are typically used to mark a state where effective
progress is being made in an execution, such as
a sequence number being incremented or valid data being accepted
by a receiver in a data transfer protocol.
They can, however, also be used during verifications
to prune away harmless variations of liveness violations.
One such application, for instance, can be to mark message loss
with a pseudo
progress
label, to indicate that sequences that contain infinitely many
message loss events are of secondary interest.
Spin has a special mode to prove absence of non-progress cycles. It does so with the predefined LTL formula: ( <>[] np_ ) , which formalizes all non-progress executions as a standard Büchi acceptance property (see ltl(1)).
The standard stutter-extension, to extend finite execution sequences into infinite ones by stuttering (repeating) the final state of the sequence, is applied in the detection of all acceptance properties, including non-progress cycles.
SEE ALSO
accept(2), end(2), ltl(1), never(2), trace(2), labels(3), np_(5).
|
Spin Online References Promela Manual Index Promela Grammar Spin HomePage |
(Page Updated: 16 May 2000) |