```
- MODULE petersons_algo_modified -
EXTENDS Integers
VARIABLES pc0, pc1, turn, intr0, intr1
TypeOK \triangleq
\land pc0 \in 0...7
\land pc1 \in 0 \dots 7
\wedge turn \in \{0, 1\}
\wedge intr0 \in \{0, 1\}
\land intr1 \in \{0, 1\}
a) adding weak fairness constraints on steps where applicable and b) check
  i) whether all runs satisfy star
vation freeness i.e a process requesting to enter
 CS at any instant
  will be allowed to enter CS at a future instant ii) whether all runs mandate strict sequencing
  between process 1 and process 2 in critical section
      show a trace where strict sequencing need not hold
  Ref pg 36 of handbook of model checking
asynchronous system
for i = 0, 1
the algorithm is
0: while(True){
1: \hspace{0.5cm} /\!/ non \hspace{0.1cm} critical \hspace{0.1cm} section
2:
       intr[i] = \mathit{True}
      turn = 1 - i
3:
      while (turn \stackrel{\Delta}{=} 1 \ and \ intr[1-i] \stackrel{\Delta}{=} 1)//wait
4:
      //critical section
5:
6:
       intr[i] = 0
7:}
weak fairness:
Init0 \stackrel{\triangle}{=}
\wedge turn = 0
\wedge intr0 = 0
\wedge pc0 = 0
Init1 \triangleq
\wedge turn = 0
\wedge intr1 = 0
\wedge pc1 = 0
Init \stackrel{\triangle}{=} Init0 \wedge Init1
```

 $L01 \stackrel{\triangle}{=} \\ \wedge pc0 = 0$ 

```
\wedge pc0' = 1
\land UNCHANGED \langle turn, intr0, intr1 \rangle
L12 \triangleq
\wedge pc0 = 1
\wedge pc0' = 2
\land UNCHANGED \langle turn, intr0, intr1 \rangle
L23 \triangleq
\wedge pc0 = 2
\wedge \; pc0' = 3
\wedge intr0' = 1
\land UNCHANGED \langle intr1, turn \rangle
L34 \triangleq
\wedge pc0 = 3
\wedge pc0' = 4
\wedge turn' = 1
\land UNCHANGED \langle intr0, intr1 \rangle
L44 \triangleq
\wedge pc0 = 4
\wedge pc0' = 4
\wedge turn = 1
\wedge \; intr 1 = 1
\land UNCHANGED \langle intr0, intr1, turn \rangle
L45 \triangleq
\wedge pc0 = 4
\wedge pc0' = 5
\wedge (turn = 0 \lor intr1 = 0)
\land UNCHANGED \langle turn, intr0, intr1 \rangle
L56 \triangleq
\wedge pc0 = 5
\wedge \ pc0' = 6
\land UNCHANGED \langle intr0, intr1, turn \rangle
L67 \triangleq
\wedge pc0 = 6
\wedge pc0' = 7
\wedge intr0' = 0
\land UNCHANGED \langle intr1, turn \rangle
L70 \triangleq
\wedge pc0 = 7
\wedge pc0' = 0
```

```
\land UNCHANGED \langle turn, intr0, intr1 \rangle
SLOGP \stackrel{\triangle}{=} UNCHANGED \langle pc0, intr0, intr1, turn \rangle
 for the second system
M01 \stackrel{\triangle}{=}
\wedge pc1 = 0
\wedge pc1' = 1
\land UNCHANGED \langle turn, intr0, intr1 \rangle
M12 \stackrel{\triangle}{=}
\wedge pc1 = 1
\wedge pc1' = 2
\land UNCHANGED \langle turn, intr0, intr1 \rangle
M23 \triangleq
\wedge pc1 = 2
\wedge pc1' = 3
\wedge \; intr 1' = 1
\land UNCHANGED \langle intr0, turn \rangle
M34 \triangleq
\wedge pc1 = 3
\wedge pc1' = 4
\wedge turn' = 0
\land UNCHANGED \langle intr0, intr1 \rangle
M44 \triangleq
\wedge pc1 = 4
\wedge pc1' = 4
\wedge turn = 0
\wedge \; intr0 = 1
\land UNCHANGED \langle intr0, intr1, turn \rangle
M45 \triangleq
\wedge pc1 = 4
\wedge pc1' = 5
\wedge (turn = 1 \lor intr0 = 0)
\land UNCHANGED \langle turn, intr0, intr1 \rangle
M56 \triangleq
\wedge pc1 = 5
\wedge pc1' = 6
\land UNCHANGED \langle intr0, intr1, turn \rangle
M67 \triangleq
```

```
\wedge pc1 = 6
\wedge pc1' = 7
\wedge intr1' = 0
\land UNCHANGED \langle intr0, turn \rangle
M70 \triangleq
\wedge pc1 = 7
\wedge pc1' = 0
\land UNCHANGED \langle turn, intr0, intr1 \rangle
SLOGQ \triangleq UNCHANGED \langle pc1, intr0, intr1, turn \rangle
Next\_First \triangleq
\vee L01
\vee L12
\vee L23
\vee L34
\vee L45
\vee L56
\vee L67
\vee L70
\vee SLOGP
Next\_Second \triangleq
\vee M01
\vee M12
\vee\,M23
\vee M34
\vee M45
\vee M56
\vee M67
\vee M70
\vee SLOGQ
Next \triangleq (Next\_First \land UNCHANGED \ pc1) \lor (Next\_Second \land UNCHANGED \ pc0)
Mutual\_Exclusion \triangleq (pc0 \neq 5) \lor (pc1 \neq 5)
  we need justice conditions, because here in this example, it can happen that
  the scheduler never schedules one process
  we want to avoid such runs?????
 justice conditions
\begin{array}{ccc} J00 \; \stackrel{\triangle}{=} \; pc0 \neq 0 \\ J02 \; \stackrel{\triangle}{=} \; pc0 \neq 2 \\ J03 \; \stackrel{\triangle}{=} \; pc0 \neq 3 \end{array}
```

```
we cannot write pc0 \neq 4, because that's not a requirement, it should be proven
```

$$J04 \stackrel{\triangle}{=} \neg((pc0=4) \land ((turn=0) \lor (intr1=0)))$$

$$J05 \stackrel{\triangle}{=} pc0 \neq 5$$

$$J06 \stackrel{\triangle}{=} pc0 \neq 6$$

$$J07 \stackrel{\triangle}{=} pc0 \neq 7$$

## for the process 1

$$\begin{array}{ccc} J10 \; \stackrel{\Delta}{=} \; pc1 \neq 0 \\ J12 \; \stackrel{\Delta}{=} \; pc1 \neq 2 \end{array}$$

$$J12 \stackrel{\triangle}{=} pc1 \neq 2$$

$$J13 \stackrel{\triangle}{=} pc1 \neq 3$$

$$J14 \triangleq \neg((pc1=4) \land ((turn=0) \lor (intr0=0)))$$

$$J15 \stackrel{\triangle}{=} pc1 \neq 5$$

$$J16 \stackrel{\triangle}{=} pc1 \neq 6$$

$$J17 \stackrel{\triangle}{=} pc1 \neq 7$$

## the below justice conditions are to ensure that the scheduler is fair

## $J \triangleq$

$$\wedge J00$$

$$\wedge J02$$

$$\wedge J03$$

$$\wedge J04$$

$$\wedge J05$$

$$\wedge\,J06$$

$$\wedge J07$$

$$\wedge\,J10$$

$$\wedge \ J12$$

$$\land J13 \\ \land J14$$

$$\wedge J15$$

$$\wedge \, J16$$

$$\wedge \ J17$$

## $Fairness \stackrel{\Delta}{=}$

$$\wedge \operatorname{WF}_{pc0}(L01)$$

$$\wedge \operatorname{WF}_{pc0}(L12)$$

$$\wedge \operatorname{WF}_{pc0}(L23)$$

$$\wedge \operatorname{WF}_{pc0}(L34)$$

$$\wedge \operatorname{WF}_{pc0}(L56)$$

$$\wedge \mathrm{WF}_{pc0}(L67)$$

$$\wedge \operatorname{WF}_{pc0}(L70)$$

$$\wedge \operatorname{WF}_{pc1}(M01)$$

$$\wedge \operatorname{WF}_{pc1}(M12)$$

$$\wedge \operatorname{WF}_{pc1}(M23)$$

$$\wedge \operatorname{WF}_{pc1}(M34)$$

<sup>\*</sup> Last modified Tue Mar 05 17:28:48 IST 2024 by neeraj

<sup>\*</sup> Created Tue Mar 05 17:17:01 IST 2024 by neeraj