X-Git-Url: http://git.liburcu.org/?a=blobdiff_plain;f=formal-model%2Fooomem-two-writes%2Fmem.spin;h=1eb51c9893c8dc5a38e6f791257e96a8f9d79845;hb=b245dd5c50e7b1c66073d41edc44a09dc1b6c9f2;hp=828ff4a5d9245e51c3ba529af0ff4c0189caefc8;hpb=4b8839f157982c717e307a2045428d3582185b11;p=urcu.git diff --git a/formal-model/ooomem-two-writes/mem.spin b/formal-model/ooomem-two-writes/mem.spin index 828ff4a..1eb51c9 100644 --- a/formal-model/ooomem-two-writes/mem.spin +++ b/formal-model/ooomem-two-writes/mem.spin @@ -1,5 +1,18 @@ /* - * mem.spin: Promela code to validate memory barriers with OOO memory. + * mem.spin: Promela code to validate memory barriers with out-of-order memory + * and out-of-order instruction scheduling. + * + * Algorithm verified : + * + * alpha = 0; + * beta = 0; + * + * Process A Process B + * alpha = 1; beta = 1; + * mb(); mb(); + * x = beta; y = alpha; + * + * if x = 1, then y = 1 when read. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,48 +34,22 @@ /* Promela validation variables. */ /* - * Produced process data flow. Updated after each instruction to show which - * variables are ready. Assigned using SSA (static single assignment) (defuse - * analysis must be done on the program to map "real" variables to single define - * followed by use). Using one-hot bit encoding per variable to save state - * space. Used as triggers to execute the instructions having those variables - * as input. - */ - -#define PRODUCE_TOKENS(state, bits) \ - state = (state) | (bits) - -/* All bits must be active to consume. All notbits must be inactive. */ -/* Consuming a token does not clear it, it just waits for it. */ -#define CONSUME_TOKENS(state, bits, notbits) \ - ((!((state) & (notbits))) && ((state) & (bits)) == (bits)) - -#define CLEAR_TOKENS(state, bits) \ - state = (state) & ~(bits) - -/* - * Bit encoding, proc_one_produced : + * Produced process control and data flow. Updated after each instruction to + * show which variables are ready. Using one-hot bit encoding per variable to + * save state space. Used as triggers to execute the instructions having those + * variables as input. Leaving bits active to inhibit instruction execution. + * Scheme used to make instruction disabling and automatic dependency fall-back + * automatic. */ -#define P1_PROD_NONE (1 << 0) - -#define P1_WRITE (1 << 1) -#define P1_WMB (1 << 2) -#define P1_SYNC_CORE (1 << 3) -#define P1_RMB (1 << 4) -#define P1_READ (1 << 5) - -int proc_one_produced; - -#define P2_PROD_NONE (1 << 0) +#define CONSUME_TOKENS(state, bits, notbits) \ + ((!(state & (notbits))) && (state & (bits)) == (bits)) -#define P2_WRITE (1 << 1) -#define P2_WMB (1 << 2) -#define P2_SYNC_CORE (1 << 3) -#define P2_RMB (1 << 4) -#define P2_READ (1 << 5) +#define PRODUCE_TOKENS(state, bits) \ + state = state | (bits); -int proc_two_produced; +#define CLEAR_TOKENS(state, bits) \ + state = state & ~(bits) #define NR_PROCS 2 @@ -172,6 +159,20 @@ DECLARE_CACHED_VAR(byte, beta, 0); byte read_one = 2; byte read_two = 2; +/* + * Bit encoding, proc_one_produced : + */ + +#define P1_PROD_NONE (1 << 0) + +#define P1_WRITE (1 << 1) +#define P1_WMB (1 << 2) +#define P1_SYNC_CORE (1 << 3) +#define P1_RMB (1 << 4) +#define P1_READ (1 << 5) + +int proc_one_produced; + active proctype test_proc_one() { assert(get_pid() < NR_PROCS); @@ -222,6 +223,21 @@ active proctype test_proc_one() assert(!(read_one == 0 && read_two == 0)); } + +/* + * Bit encoding, proc_two_produced : + */ + +#define P2_PROD_NONE (1 << 0) + +#define P2_WRITE (1 << 1) +#define P2_WMB (1 << 2) +#define P2_SYNC_CORE (1 << 3) +#define P2_RMB (1 << 4) +#define P2_READ (1 << 5) + +int proc_two_produced; + active proctype test_proc_two() { assert(get_pid() < NR_PROCS);