Promela |
Declarator |
accept |
NAME
accept -
label-name prefix used for specifying liveness properties.
SYNTAX
accept[a-zA-Z0-9_]*: stmnt
DESCRIPTION
An accept label is any label name that starts with the
six-character sequence
accept . It can appear anywhere a label can appear as a prefix
to a Promela statement.
Accept labels are used to formalize B\*:uchi acceptance conditions. They are most often used inside never claims, but their special meaning is also recognized when they are used inside trace assertions, or in the body of a proctype declaration. There can be any number of accept labels in a model, subject to the naming restrictions that apply to all labels (i.e., a given label name cannot appear more than once within the same defining scope).
A local process statement that is marked with an accept label can also mark a set of global system states. This set includes all states where the marked statement has been reached in the process considered, but where the statement has not yet been executed. The Spin generated verifiers can prove either the absence or presence of infinite runs that traverse at least one accept state in the global system state space infinitely often. The mechanism can be used, for instance, to prove LTL liveness properties.
EXAMPLES
The following
proctype declaration translates into an automaton with precisely
three local states: the initial state, the state
in between the send and the receive,
and the (unreachable) final state at the closing curly brace
of the declaration.
The accept label in this model formalizes the requirement that the second state cannot persist forever, and cannot be revisited infinitely often either. In the given program this would imply that the execution should eventually always stop at the initial state, just before the execution of sema!p .
active proctype dijkstra()
{ do
:: sema!p ->
accept: sema?v
od
}
NOTES
When a
never claim is generated from an LTL formula, it already
includes all required accept labels.
As an example, consider the following Spin generated
never claim:
dell: spin -f '[]<>(p U q)'
never { /* []<>(p U q) */
T0_init:
if
:: (q) -> goto accept_S9
:: (1) -> goto T0_init
fi;
accept_S9:
if
:: (1) -> goto T0_init
fi;
}
In this example, the second state of the
claim automaton was marked as an accepting state.
Since in most cases the accept labels are automatically generated from LTL formula, it should rarely be needed to manually add additional labels of this type elswhere in a verification model.
SEE ALSO
end
labels
ltl
never
progress
trace
|
Spin Online References Promela Manual Index Promela Grammar Spin HomePage |
(Page updated: 28 November 2004) |