-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathDekker2.tla
99 lines (76 loc) · 3.1 KB
/
Dekker2.tla
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
-------------------------------- MODULE Dekker2 --------------------------------
EXTENDS Naturals, Integers, FiniteSets, Bags, Sequences, TLC
(*
\* http://en.wikipedia.org/wiki/Dekker%27s_algorithm. We only model 2 processes
--algorithm Dekker2 {
variables entrance_intents=[i \in 0..1 |-> FALSE], \* intent to enter critical section
turn=0; \* who's turn is it (first: p0)
fair process (proc \in 0..1)
variables other=1-self; \* the other process; works only with 2 processes
{
start:
while(TRUE) {
p0:
entrance_intents[self] := TRUE;
p1:
while(entrance_intents[other]) {
if(turn # self) {
entrance_intents[self] := FALSE;
bw:
\* while(turn # self) {skip;};
await turn = self;
entrance_intents[self] := TRUE;
}
};
cs: \* critical section
print <<"critical section", self>>;
turn := other;
entrance_intents[self] := FALSE;
}
}
}
*)
\* BEGIN TRANSLATION
VARIABLES entrance_intents, turn, pc, other
vars == << entrance_intents, turn, pc, other >>
ProcSet == (0..1)
Init == (* Global variables *)
/\ entrance_intents = [i \in 0..1 |-> FALSE]
/\ turn = 0
(* Process proc *)
/\ other = [self \in 0..1 |-> 1-self]
/\ pc = [self \in ProcSet |-> "start"]
start(self) == /\ pc[self] = "start"
/\ pc' = [pc EXCEPT ![self] = "p0"]
/\ UNCHANGED << entrance_intents, turn, other >>
p0(self) == /\ pc[self] = "p0"
/\ entrance_intents' = [entrance_intents EXCEPT ![self] = TRUE]
/\ pc' = [pc EXCEPT ![self] = "p1"]
/\ UNCHANGED << turn, other >>
p1(self) == /\ pc[self] = "p1"
/\ IF entrance_intents[other[self]]
THEN /\ IF turn # self
THEN /\ entrance_intents' = [entrance_intents EXCEPT ![self] = FALSE]
/\ pc' = [pc EXCEPT ![self] = "bw"]
ELSE /\ pc' = [pc EXCEPT ![self] = "p1"]
/\ UNCHANGED entrance_intents
ELSE /\ pc' = [pc EXCEPT ![self] = "cs"]
/\ UNCHANGED entrance_intents
/\ UNCHANGED << turn, other >>
bw(self) == /\ pc[self] = "bw"
/\ turn = self
/\ entrance_intents' = [entrance_intents EXCEPT ![self] = TRUE]
/\ pc' = [pc EXCEPT ![self] = "p1"]
/\ UNCHANGED << turn, other >>
cs(self) == /\ pc[self] = "cs"
/\ PrintT(<<"critical section", self>>)
/\ turn' = other[self]
/\ entrance_intents' = [entrance_intents EXCEPT ![self] = FALSE]
/\ pc' = [pc EXCEPT ![self] = "start"]
/\ other' = other
proc(self) == start(self) \/ p0(self) \/ p1(self) \/ bw(self) \/ cs(self)
Next == (\E self \in 0..1: proc(self))
Spec == /\ Init /\ [][Next]_vars
/\ \A self \in 0..1 : WF_vars(proc(self))
\* END TRANSLATION
=============================================================================