Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simultaenous liveness and deadlock detection #20

Closed
paulthomson opened this issue Feb 4, 2016 · 5 comments
Closed

Simultaenous liveness and deadlock detection #20

paulthomson opened this issue Feb 4, 2016 · 5 comments

Comments

@paulthomson
Copy link

On master branch. How do I get a hot monitor to cause an error?

See TestMasterHot.p.

event eStart;

main machine MainMachine
{
    start state Init 
    {
        entry 
        {
            monitor eStart;
        }
    }
}

spec M monitors eStart
{
    start hot state Init
    {
        on eStart goto Init;
    }
}

>> load TestMasterHot.p
2s
>> test /liveness
Writing TestMasterHot.zing ...
Compiling TestMasterHot.zing to TestMasterHot.dll ...
7s
>>

D:\pazure\testing3>zinger TestMasterHot.dll -et:et.txt -stats -p:4 /NDFSLiveness

##################
Check Passed
##################
4 distinct states explored
Maximum Depth Explored : 0
Elapsed time : 00:00:00
Memory Stats:
Peak Virtual Memory Size: 560.4453125 MB
Peak Paged Memory Size  : 145.0625 MB
Peak Working Set Size   : 144.09375 MB

D:\pazure\testing3>

I have tried other Zinger liveness flags.
@paulthomson
Copy link
Author

OK, so it seems if I add an infinite cycle in the state-space then an error is found.

I would like to trigger an error at any terminal state if some condition does not hold. Is that possible?

@paulthomson paulthomson changed the title Can't get hot monitor to fail Can't get hot monitor to fail in terminal state Feb 4, 2016
@ankushdesai
Copy link
Member

Hi Paul,

The deadlock property is encoded as a safety assertion in P. If you want to
check an eventually or finally property on a finite trace it is implemented
as an assertion that at the end of execution when all the process are
terminated or blocked the system should not be in a hot state. For checking
such properties you must compile P program without liveness flag and run
normal zinger search. This error will then be caught as a safety assertion
violation. You dont need to add a infinite looping process in this case.

Note that by adding infinite looping process you made the trace infinite.

On Thu, Feb 4, 2016 at 1:32 PM Paul Thomson notifications@github.com
wrote:

OK, so it seems if I add an infinite cycle in the state-space then an
error is found.

I would like to trigger an error at any terminal state if some
condition does not hold. Is that possible?


Reply to this email directly or view it on GitHub
#20 (comment).

@paulthomson
Copy link
Author

Awesome! So doing the following makes it work:

>> load TestMasterHot.p
2s
>> test
Writing TestMasterHot.zing ...
Compiling TestMasterHot.zing to TestMasterHot.dll ...
7s
>>

The error message is not very clear though:

Error:
P Assertion failed:
Expression: assert(sizeof(SM_HANDLE.enabled) != 0 || sizeof(SM_HANDLE.hot) == 0)
Comment: Deadlock

Does it make sense to have both liveness and deadlock safety checks? So a program has infinite paths but also has some terminal states? E.g. A program might be able to get stuck in an infinite failure loop without making progress but might also be able to terminate in a hot state. If so, would it make sense for the safety check be added even when using the /liveness flag?

@ankushdesai
Copy link
Member

Excellent point Paul !
I had exact same conversation with Shaz today morning but with the way
liveness checking and deadlock detection is implemented right now both the
checks cannot be enabled simultaneously.
But I agree with you that it would be nice to merge these two checks. I
will think about it.

On Thu, Feb 4, 2016 at 2:28 PM Paul Thomson notifications@github.com
wrote:

Awesome! So doing the following makes it work:

load TestMasterHot.p
2s
test
Writing TestMasterHot.zing ...
Compiling TestMasterHot.zing to TestMasterHot.dll ...
7s

The error message is not very clear though:

Error:
P Assertion failed:
Expression: assert(sizeof(SM_HANDLE.enabled) != 0 || sizeof(SM_HANDLE.hot) == 0)
Comment: Deadlock

Does it make sense to have both liveness and deadlock safety checks? So a
program has infinite paths but also has some terminal states? E.g. A
program might be able to get stuck in an infinite failure loop without
making progress but might also be able to terminate in a hot state. If so,
would it make sense for the safety check be added even when using the
/liveness flag?


Reply to this email directly or view it on GitHub
#20 (comment).

@paulthomson paulthomson changed the title Can't get hot monitor to fail in terminal state Simultaenous liveness and deadlock detection Feb 4, 2016
@shazqadeer
Copy link
Collaborator

I am not convinced yet that merging deadlock and livelock detection is a good idea. The current design requires the programmer to explicitly consider whether she is looking for a finite (assertions and deadlocks) or an infinite (livelocks) error trace. Different options should be passed to pc and zinger (consistently) depending on that choice. These options result in significantly different encodings and search techniques.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@paulthomson @shazqadeer @ankushdesai