[qemu.git] / docs / spin / aio_notify.promela

/*
 * This model describes the interaction between ctx->notify_me
 * and aio_notify().
 *
 * Author: Paolo Bonzini <[email protected]>
 *
 * This file is in the public domain.  If you really want a license,
 * the WTFPL will do.
 *
 * To simulate it:
 *     spin -p docs/aio_notify.promela
 *
 * To verify it:
 *     spin -a docs/aio_notify.promela
 *     gcc -O2 pan.c
 *     ./a.out -a
 *
 * To verify it (with a bug planted in the model):
 *     spin -a -DBUG docs/aio_notify.promela
 *     gcc -O2 pan.c
 *     ./a.out -a
 */

#define MAX   4
#define LAST  (1 << (MAX - 1))
#define FINAL ((LAST << 1) - 1)

bool notify_me;
bool event;

int req;
int done;

active proctype waiter()
{
    int fetch;

    do
        :: true -> {
            notify_me++;

            if
#ifndef BUG
                :: (req > 0) -> skip;
#endif
                :: else ->
                    // Wait for a nudge from the other side
                    do
                        :: event == 1 -> { event = 0; break; }
                    od;
            fi;

            notify_me--;

            atomic { fetch = req; req = 0; }
            done = done | fetch;
        }
    od
}

active proctype notifier()
{
    int next = 1;

    do
        :: next <= LAST -> {
            // generate a request
            req = req | next;
            next = next << 1;

            // aio_notify
            if
                :: notify_me == 1 -> event = 1;
                :: else           -> printf("Skipped event_notifier_set\n"); skip;
            fi;

            // Test both synchronous and asynchronous delivery
            if
                :: 1 -> do
                            :: req == 0 -> break;
                        od;
                :: 1 -> skip;
            fi;
        }
    od;
}

never { /* [] done < FINAL */
accept_init:
        do
        :: done < FINAL -> skip;
        od;
}
Commit	Line	Data
0ceb849b	1	/*
eabc9779	2	* This model describes the interaction between ctx->notify_me
0ceb849b PB	3	* and aio_notify().
	4	*
	5	* Author: Paolo Bonzini <[email protected]>
	6	*
	7	* This file is in the public domain. If you really want a license,
	8	* the WTFPL will do.
	9	*
	10	* To simulate it:
	11	* spin -p docs/aio_notify.promela
	12	*
	13	* To verify it:
	14	* spin -a docs/aio_notify.promela
	15	* gcc -O2 pan.c
	16	* ./a.out -a
eabc9779 PB	17	*
	18	* To verify it (with a bug planted in the model):
	19	* spin -a -DBUG docs/aio_notify.promela
	20	* gcc -O2 pan.c
	21	* ./a.out -a
0ceb849b PB	22	*/
	23
	24	#define MAX 4
	25	#define LAST (1 << (MAX - 1))
	26	#define FINAL ((LAST << 1) - 1)
	27
eabc9779	28	bool notify_me;
0ceb849b PB	29	bool event;
0ceb849b PB	30
eabc9779 PB	31	int req;
eabc9779 PB	32	int done;
0ceb849b PB	33
	34	active proctype waiter()
	35	{
eabc9779	36	int fetch;
0ceb849b	37
eabc9779 PB	38	do
	39	:: true -> {
	40	notify_me++;
0ceb849b	41
eabc9779 PB	42	if
	43	#ifndef BUG
	44	:: (req > 0) -> skip;
	45	#endif
	46	:: else ->
	47	// Wait for a nudge from the other side
	48	do
	49	:: event == 1 -> { event = 0; break; }
	50	od;
	51	fi;
0ceb849b	52
eabc9779	53	notify_me--;
0ceb849b	54
eabc9779 PB	55	atomic { fetch = req; req = 0; }
eabc9779 PB	56	done = done \| fetch;
0ceb849b	57	}
0ceb849b PB	58	od
	59	}
	60
	61	active proctype notifier()
	62	{
	63	int next = 1;
0ceb849b PB	64
	65	do
	66	:: next <= LAST -> {
	67	// generate a request
	68	req = req \| next;
	69	next = next << 1;
	70
	71	// aio_notify
	72	if
eabc9779 PB	73	:: notify_me == 1 -> event = 1;
eabc9779 PB	74	:: else -> printf("Skipped event_notifier_set\n"); skip;
0ceb849b PB	75	fi;
	76
	77	// Test both synchronous and asynchronous delivery
	78	if
	79	:: 1 -> do
	80	:: req == 0 -> break;
	81	od;
	82	:: 1 -> skip;
	83	fi;
	84	}
0ceb849b	85	od;
0ceb849b PB	86	}
0ceb849b PB	87
eabc9779 PB	88	never { /* [] done < FINAL */
	89	accept_init:
	90	do
	91	:: done < FINAL -> skip;
	92	od;
0ceb849b	93	}