```
– Module petersons_algo -
EXTENDS Integers
VARIABLES pc0, pc1, turn, intr0, intr1
TypeOK \triangleq
\land pc0 \in 0...7
\land pc1 \in 0 \dots 7
\wedge turn \in \{0, 1\}
\land intr0 \in \{\text{TRUE}, \text{FALSE}\}
\land intr1 \in \{\text{TRUE}, \text{FALSE}\}
asynchronous system
for i = 0, 1
the algorithm is
0: while(True){
1: \hspace{0.5cm} /\!/non \hspace{0.1cm} critical \hspace{0.1cm} section
2: \quad intr[i] = \mathit{True}
3: turn = 1 - i
4: while(turn \stackrel{\Delta}{=} 1 \text{ and } intr[1-i] \stackrel{\Delta}{=} 1)//wait
5: //critical section
6: intr[i] = 0
7:}
5^{\hat{}}i = 5
Init0 \stackrel{\triangle}{=}
\wedge turn = 0
\wedge intr0 = \text{false}
\wedge pc0 = 0
Init1 \triangleq
\wedge \; turn = 0
\wedge intr1 = \text{False}
\wedge pc1 = 0
Init \stackrel{\triangle}{=} Init0 \wedge Init1
L01 \triangleq
\wedge pc0 = 0
\wedge pc0' = 1
\land UNCHANGED \langle turn, intr0, intr1 \rangle
L12 \triangleq
\wedge pc0 = 1
```

 $\wedge pc0' = 2$ 

 $\land$  UNCHANGED  $\langle turn, intr0, intr1 \rangle$ 

```
L23 \triangleq
\wedge pc0 = 2
\wedge pc0' = 3
\wedge intr0 = \text{true}
\land UNCHANGED \langle intr1, turn \rangle
L34 \stackrel{\triangle}{=}
\wedge pc0 = 3
\wedge pc0' = 4
\wedge turn' = 1
\land UNCHANGED \langle intr0, intr1 \rangle
L44 \triangleq
\wedge pc0 = 4
\wedge \; pc0' \, = 4
\wedge \; turn = 1
\wedge turn' = 1
\wedge intr1' = TRUE
\land UNCHANGED intr0
L45 \triangleq
\wedge pc0 = 4
\wedge pc0' = 5
\wedge (turn = 0 \lor intr1 = FALSE)
\land UNCHANGED \langle turn, intr0, intr1 \rangle
L56 \triangleq
\wedge pc0 = 5
\wedge pc0' = 6
\land UNCHANGED \langle intr0, intr1, turn \rangle
L67 \triangleq
\land \ pc0 = 6
\wedge pc0' = 7
\wedge intr0' = 0
\land \ \mathtt{UNCHANGED} \ \langle intr1, \ turn \rangle
L70 \triangleq
\wedge pc0 = 7
\wedge \ pc0' = 0
\land UNCHANGED \langle turn, intr0, intr1 \rangle
SLOGP \triangleq \text{UNCHANGED } \langle pc0, intr0, intr1, turn \rangle
 for the second system
M01 \triangleq
\wedge pc1 = 0
```

```
\wedge pc1' = 1
\land UNCHANGED \langle turn, intr0, intr1 \rangle
M12 \triangleq
\wedge \ pc1 = 1
\wedge pc1' = 2
\land UNCHANGED \langle turn, intr0, intr1 \rangle
M23 \triangleq
\wedge pc1 = 2
\wedge \ pc1' = 3
\wedge \; intr 1 = \texttt{true}
\land UNCHANGED \langle intr0, turn \rangle
M34 \triangleq
\wedge pc1 = 3
\wedge pc1' = 4
\wedge turn' = 0
\land UNCHANGED \langle intr0, intr1 \rangle
M44 \triangleq
\wedge pc1 = 4
\wedge pc1' = 4
\wedge turn = 0
\wedge turn' = 0
\wedge intr0' = TRUE
\land UNCHANGED intr1
M45 \triangleq
\wedge pc1 = 4
\land pc1' = 5
\wedge (turn = 1 \vee intr0 = FALSE)
\land UNCHANGED \langle turn, intr0, intr1 \rangle
M56 \stackrel{\triangle}{=}
\wedge pc1 = 5
\wedge pc1' = 6
\land UNCHANGED \langle intr0, intr1, turn \rangle
M67 \triangleq
\wedge pc1 = 6
\wedge pc1' = 7
\wedge \; intr 1' = 0
\land UNCHANGED \langle intr0, turn \rangle
M70 \triangleq
\wedge pc1 = 7
```

```
\wedge pc1' = 0
\land UNCHANGED \langle turn, intr0, intr1 \rangle
SLOGQ \stackrel{\triangle}{=} UNCHANGED \langle pc1, intr0, intr1, turn \rangle
Next\_First \triangleq
\vee L01
\vee L12
\vee L23
\vee L34
\vee L45
\vee L56
\vee L67
\vee L70
\vee SLOGP
Next\_Second \triangleq
\vee M01
\vee M12
\vee M23
\vee M34
\vee M45
\vee M56
\vee M67
\vee M70
\vee SLOGQ
Next \triangleq (Next\_First \land \texttt{UNCHANGED} \ pc1) \lor (Next\_Second \land \texttt{UNCHANGED} \ pc0)
Mutual\_Exclusion \triangleq (pc0 \neq 5) \lor (pc1 \neq 5)
 we need justice conditions, because here in this example, it can happen that
 the scheduler never schedules one process
 we want to avoid such runs?????
 justice conditions
J00 \stackrel{\triangle}{=} pc0 \neq 0
J02 \stackrel{\triangle}{=} pc0 \neq 2
J03 \stackrel{\triangle}{=} pc0 \neq 3
 we cannot write pc0 \neq 4, because that's not a requirement, it should be proven
J04 \stackrel{\triangle}{=} \neg((pc0=4) \land ((turn=0) \lor (intr1=FALSE)))
\begin{array}{ccc} J05 & \stackrel{\triangle}{=} & pc0 \neq 5 \\ J06 & \stackrel{\triangle}{=} & pc0 \neq 6 \end{array}
J07 \stackrel{\triangle}{=} pc0 \neq 7
```

## for the process 1

$$J10 \stackrel{\triangle}{=} pc1 \neq 0$$

$$\begin{array}{ccc} J10 \ \stackrel{\triangle}{=} \ pc1 \neq 0 \\ J12 \ \stackrel{\triangle}{=} \ pc1 \neq 2 \\ J13 \ \stackrel{\triangle}{=} \ pc1 \neq 3 \end{array}$$

$$J13 \stackrel{\triangle}{=} pc1 \neq 3$$

$$\begin{array}{ll} J14 \; \stackrel{\triangle}{=} \; \; \neg ((pc1=4) \wedge ((turn=0) \vee (intr0={\tt FALSE}))) \\ J15 \; \stackrel{\triangle}{=} \; pc1 \neq 5 \\ J16 \; \stackrel{\triangle}{=} \; pc1 \neq 6 \\ J17 \; \stackrel{\triangle}{=} \; pc1 \neq 7 \end{array}$$

$$J15 \stackrel{\triangle}{=} pc1 \neq 5$$

$$J16 \stackrel{\triangle}{=} pc1 \neq 6$$

$$J17 \triangleq pc1 \neq 7$$

the below justice conditions are to ensure that the scheduler is fair

$$J \triangleq$$

$$\wedge \, J00$$

$$\wedge J02$$

$$\wedge \, J03$$

$$\wedge J04$$

$$\wedge \, J05$$

$$\land J10 \\ \land J12$$

$$\wedge J13$$

$$\wedge J14$$

$$\wedge J15$$

$$\wedge\,J16$$

$$\wedge \ J17$$

- $\backslash * \ {\bf Modification} \ {\bf History}$
- \\* Last modified Fri Feb 02 11:18:12 IST 2024 by neerajkrishnan
- \ \* Created Tue Jan 30 17:52:27 IST 2024 by neerajkrishnan