sp
/
tempest
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3023 Commits
1 Branch
0 Tags
187 MiB
Tree: 5310793653
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5310793653'
${ noResults }
tempest/examples/multi-objective/mdp/consensus/consensus2_multi3.nm

87 lines
3.1 KiB
Raw Normal View History

added examples from ATVA'12 paper Former-commit-id: a8dd5d09a568c33a471fb3e536d7b7194bb81764
9 years ago
  1. // model of randomised consensus
  3. mdp
  5. const int N = 2; // num processes
  6. const int MAX = 3; // num rounds (R)
  8. // need to turn these into local copies later so the reading phase is complete?
  9. formula leaders_agree1 = (p1=1 | r1<max(r1,r2)) & (p2=1 | r2<max(r1,r2));
  10. formula leaders_agree2 = (p1=2 | r1<max(r1,r2)) & (p2=2 | r2<max(r1,r2));
  12. formula decide1 = leaders_agree1 & (p1=1 | r1<max(r1,r2)-1) & (p2=1 | r2<max(r1,r2)-1);
  13. formula decide2 = leaders_agree2 & (p1=2 | r1<max(r1,r2)-1) & (p2=2 | r2<max(r1,r2)-1);
  15. module process1
  17. s1 : [0..5]; // local state
  18. // 0 initialise/read registers
  19. // 1 finish reading registers (make a decision)
  20. // 1 warn of change
  21. // 2 enter shared coin protocol
  22. // 4 finished
  23. // 5 error (reached max round and cannot decide)
  24. r1 : [0..MAX]; // round of the process
  25. p1 : [0..2]; // preference (0 corresponds to null)
  27. // nondeterministic choice as to initial preference
  28. [] s1=0 & r1=0 -> (p1'=1) & (r1'=1);
  29. [] s1=0 & r1=0 -> (p1'=2) & (r1'=1);
  31. // read registers (currently does nothing because read vs from other processes
  32. [] s1=0 & r1>0 & r1<=MAX -> (s1'=1);
  33. // maxke a decision
  34. [] s1=1 & decide1 -> (s1'=4) & (p1'=1);
  35. [] s1=1 & decide2 -> (s1'=4) & (p1'=2);
  36. [] s1=1 & r1<MAX & leaders_agree1 & !decide1 -> (s1'=0) & (p1'=1) & (r1'=r1+1);
  37. [] s1=1 & r1<MAX & leaders_agree2 & !decide2 -> (s1'=0) & (p1'=2) & (r1'=r1+1);
  38. [] s1=1 & r1<MAX & !(leaders_agree1 | leaders_agree2) -> (s1'=2) & (p1'=0);
  39. [] s1=1 & r1=MAX & !(decide1 | decide2) -> (s1'=5); // run out of rounds so error
  40. // enter the coin procotol for the current round
  41. [coin1_s1_start] s1=2 & r1=1 -> (s1'=3);
  42. [coin2_s1_start] s1=2 & r1=2 -> (s1'=3);
  43. // get response from the coin protocol
  44. [coin1_s1_p1] s1=3 & r1=1 -> (s1'=0) & (p1'=1) & (r1'=r1+1);
  45. [coin1_s1_p2] s1=3 & r1=1 -> (s1'=0) & (p1'=2) & (r1'=r1+1);
  46. [coin2_s1_p1] s1=3 & r1=2 -> (s1'=0) & (p1'=1) & (r1'=r1+1);
  47. [coin2_s1_p2] s1=3 & r1=2 -> (s1'=0) & (p1'=2) & (r1'=r1+1);
  48. // done so loop
  49. [done] s1>=4 -> true;
  51. endmodule
  53. module process2 = process1[ s1=s2,
  54. p1=p2,p2=p1,
  55. r1=r2,r2=r1,
  56. coin1_s1_start=coin1_s2_start,coin2_s1_start=coin2_s2_start,
  57. coin1_s1_p1=coin1_s2_p1,coin2_s1_p1=coin2_s2_p1,
  58. coin1_s1_p2=coin1_s2_p2,coin2_s1_p2=coin2_s2_p2 ]
  59. endmodule
  61. module coin1_error
  63. c1 : [0..1]; // 1 is the error state
  64. v1 : [0..2]; // value of the coin returned the first time
  66. // first returned value (any processes)
  67. [coin1_s1_p1] v1=0 -> (v1'=1);
  68. [coin1_s2_p1] v1=0 -> (v1'=1);
  69. [coin1_s1_p2] v1=0 -> (v1'=2);
  70. [coin1_s2_p2] v1=0 -> (v1'=2);
  71. // later values returned
  72. [coin1_s1_p1] v1=1 -> true; // good behaviour
  73. [coin1_s2_p1] v1=1 -> true; // good behaviour
  74. [coin1_s1_p2] v1=2 -> true; // good behaviour
  75. [coin1_s2_p2] v1=2 -> true; // good behaviour
  76. [coin1_s1_p1] v1=2 -> (c1'=1); // error
  77. [coin1_s2_p1] v1=2 -> (c1'=1); // error
  78. [coin1_s1_p2] v1=1 -> (c1'=1); // error
  79. [coin1_s2_p2] v1=1 -> (c1'=1); // error
  81. endmodule
  83. // coins 2 and 3 are of no use as there are not enough rounds afterwards to decide
  85. // Labels
  86. label "one_proc_err" = (s1=5 | s2=5);
  87. label "one_coin_ok" = (c1=0);