diff --git a/prism/NOTES b/prism/NOTES index 4c2490c0..d7262ead 100644 --- a/prism/NOTES +++ b/prism/NOTES @@ -8,9 +8,9 @@ TODO (before any release) ------------------------- PTAs: -* Implement divergence fix -* Sort out "time-lock" error message * (Further) tidy of prism-examples/pta +* Clarify time divergence issues +* non-zeno checks? ======================================================= @@ -26,9 +26,6 @@ Filters, property semantics, etc. * Restructure Result class? e.g. separate bracketed comment? (done I think) - Errors (Exceptions) formatted properly? -Action labels: -* Check status of export/import trans wrt actions (alll models) - Sim: * tidy doSampling, looking at Vincent's code * seed issues (Vlad) @@ -43,12 +40,8 @@ PTAs: (see non-well-formed.nm/pctl for a test case) (if can't do that, syntax check using sat) - digital clocks: check invariants after transform/reach? - (might be like non-pta case: doing before reach causes false alarms?) -* Digital clocks time-bounded - - will need to make sure cmax is updated accordingly - (currently just from temporal operator time bound since no clocks in formula) - - also might need to access property constants (see TODO in DC.java) - +* Digital clocks: No time-bounded until yet +* Digital clocks: Translation done sep for each property (e.g. for cmax)? * Bug fix: action alphabet (syntactic) for sync lost in PTA object construction DOC (before public release) @@ -79,7 +72,6 @@ PTAs: - access to other local and global vars - system endsystem? (then test on Arnd's BRP model + others) -* Implement structurally non-zeno checks * BRP example * Translate non-convex guards to DNF and multiple transitions * Investigate whether non-convex invariants can be supported (look at zone ops) diff --git a/prism/NOTES-PTAS.txt b/prism/NOTES-PTAS.txt index 0f0b10fd..1d166754 100644 --- a/prism/NOTES-PTAS.txt +++ b/prism/NOTES-PTAS.txt @@ -9,8 +9,6 @@ In guards or invariants, references to clocks must be conjunctions of simple clo There are also some additional restrictions for PTA models. Modules cannot read the local variables of other modules and global variables are not permitted. The model must also have a single initial state (i.e. the init...endinit construct is not permitted). Again, when using digital clocks, the latter constraint does not apply. -Model checking requires several assumptions: we require PTAs to be well-formed and non-zeno (see e.g. [KNP09c] for details). Currently, PRISM does not check automatically that these assumptions are satisfied. - There are a set of PRISM PTA examples in the directory examples/pta. See the formats09.sh script in this directory for details of how to run the examples. * Properties diff --git a/prism/src/pta/ForwardsReach.java b/prism/src/pta/ForwardsReach.java index e433dd7a..16ddf88b 100644 --- a/prism/src/pta/ForwardsReach.java +++ b/prism/src/pta/ForwardsReach.java @@ -97,8 +97,7 @@ public class ForwardsReach IndexedSet Yset; //LocZoneSetOld Zset; ReachabilityGraph graph; - int src, dest, count, dests[]; - boolean canDiverge; + int src, dest, count; long timer, timerProgress; boolean progressDisplayed; @@ -139,34 +138,24 @@ public class ForwardsReach // Compute timed post for this zone (NB: do this before checking if target) lz = lz.deepCopy(); lz.tPost(pta); - // Is this a target state? (If so, don't explore) + // Is this a target state? if (targetLocs.get(lz.loc) && (targetConstraint == null || lz.zone.isSatisfied(targetConstraint))) { target.set(src); // Add null for this state (no need to store info) graph.addState(); continue; } - // Check if time can diverge in this state - canDiverge = lz.zone.allClocksAreUnbounded(); - // Explore this symbolic state - // First, check for possibility of timelock: if there are no PTA transitions - // and it is not possible for time to diverge in this state - if (!canDiverge && pta.getTransitions(lz.loc).size() == 0) { - throw new PrismException("Timelock (no transitions) in PTA at location \"" + pta.getLocationNameString(lz.loc) + "\""); + // Otherwise, explore this symbolic state + // First, check there is at least one transition + // (don't want deadlocks in non-target states) + if (pta.getTransitions(lz.loc).size() == 0) { + throw new PrismException("Deadlock (no transitions) in PTA at location \"" + pta.getLocationNameString(lz.loc) + "\""); } // Add current state to reachability graph graph.addState(); - // For unbounded case, add a special self-loop transition to model divergence - if (canDiverge) { - dests = new int[1]; - dests[0] = src; - Transition trNew = new Transition(pta, src, "_diverge"); - trNew.addEdge(1.0, src); - graph.addTransition(src, trNew, dests, null); - } // For each outgoing transition... for (Transition transition : pta.getTransitions(lz.loc)) { - dests = new int[transition.getNumEdges()]; + int[] dests = new int[transition.getNumEdges()]; boolean enabled = false; boolean unenabled = false; count = 0;