X-Git-Url: http://git.liburcu.org/?a=blobdiff_plain;f=formal-model%2Fooomem-two-writes%2Fmem.spin;h=1eb51c9893c8dc5a38e6f791257e96a8f9d79845;hb=b245dd5c50e7b1c66073d41edc44a09dc1b6c9f2;hp=cb206d2596ef0a24b5b1d29aafba953e0dd1b356;hpb=3db2d75b432e617014976239f694b91de2bc0d7d;p=urcu.git

diff --git a/formal-model/ooomem-two-writes/mem.spin b/formal-model/ooomem-two-writes/mem.spin
index cb206d2..1eb51c9 100644
--- a/formal-model/ooomem-two-writes/mem.spin
+++ b/formal-model/ooomem-two-writes/mem.spin
@@ -1,5 +1,18 @@
 /*
- * mem.spin: Promela code to validate memory barriers with OOO memory.
+ * mem.spin: Promela code to validate memory barriers with out-of-order memory
+ * and out-of-order instruction scheduling.
+ *
+ * Algorithm verified :
+ *
+ * alpha = 0;
+ * beta = 0;
+ *
+ * Process A                  Process B
+ * alpha = 1;                 beta = 1;
+ * mb();                      mb();
+ * x = beta;                  y = alpha;
+ *
+ * if x = 1, then y = 1 when read.
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -21,24 +34,22 @@
 /* Promela validation variables. */
 
 /*
- * Produced process data flow. Updated after each instruction to show which
- * variables are ready. Assigned using SSA (static single assignment) (defuse
- * analysis must be done on the program to map "real" variables to single define
- * followed by use). Using one-hot bit encoding per variable to save state
- * space.  Used as triggers to execute the instructions having those variables
- * as input.
+ * Produced process control and data flow. Updated after each instruction to
+ * show which variables are ready. Using one-hot bit encoding per variable to
+ * save state space. Used as triggers to execute the instructions having those
+ * variables as input. Leaving bits active to inhibit instruction execution.
+ * Scheme used to make instruction disabling and automatic dependency fall-back
+ * automatic.
  */
 
-#define PRODUCE_TOKENS(state, bits)	\
-	state = (state) | (bits)
+#define CONSUME_TOKENS(state, bits, notbits)			\
+	((!(state & (notbits))) && (state & (bits)) == (bits))
 
-/* All bits must be active to consume. All notbits must be inactive. */
-/* Consuming a token does not clear it, it just waits for it. */
-#define CONSUME_TOKENS(state, bits, notbits)				\
-	((!((state) & (notbits))) && ((state) & (bits)) == (bits))
+#define PRODUCE_TOKENS(state, bits)				\
+	state = state | (bits);
 
-#define CLEAR_TOKENS(state, bits)	\
-	state = (state) & ~(bits)
+#define CLEAR_TOKENS(state, bits)				\
+	state = state & ~(bits)
 
 #define NR_PROCS 2