| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 |
- /*
- * This model describes the interaction between ctx->notify_me
- * and aio_notify().
- *
- * Author: Paolo Bonzini <pbonzini@redhat.com>
- *
- * This file is in the public domain. If you really want a license,
- * the WTFPL will do.
- *
- * To simulate it:
- * spin -p docs/aio_notify.promela
- *
- * To verify it:
- * spin -a docs/aio_notify.promela
- * gcc -O2 pan.c
- * ./a.out -a
- *
- * To verify it (with a bug planted in the model):
- * spin -a -DBUG docs/aio_notify.promela
- * gcc -O2 pan.c
- * ./a.out -a
- */
- #define MAX 4
- #define LAST (1 << (MAX - 1))
- #define FINAL ((LAST << 1) - 1)
- bool notify_me;
- bool event;
- int req;
- int done;
- active proctype waiter()
- {
- int fetch;
- do
- :: true -> {
- notify_me++;
- if
- #ifndef BUG
- :: (req > 0) -> skip;
- #endif
- :: else ->
- // Wait for a nudge from the other side
- do
- :: event == 1 -> { event = 0; break; }
- od;
- fi;
- notify_me--;
- atomic { fetch = req; req = 0; }
- done = done | fetch;
- }
- od
- }
- active proctype notifier()
- {
- int next = 1;
- do
- :: next <= LAST -> {
- // generate a request
- req = req | next;
- next = next << 1;
- // aio_notify
- if
- :: notify_me == 1 -> event = 1;
- :: else -> printf("Skipped event_notifier_set\n"); skip;
- fi;
- // Test both synchronous and asynchronous delivery
- if
- :: 1 -> do
- :: req == 0 -> break;
- od;
- :: 1 -> skip;
- fi;
- }
- od;
- }
- never { /* [] done < FINAL */
- accept_init:
- do
- :: done < FINAL -> skip;
- od;
- }
|
