qemu
1/*2* This model describes the interaction between ctx->notify_me3* and aio_notify().4*5* Author: Paolo Bonzini <pbonzini@redhat.com>6*7* This file is in the public domain. If you really want a license,8* the WTFPL will do.9*10* To simulate it:11* spin -p docs/aio_notify.promela12*13* To verify it:14* spin -a docs/aio_notify.promela15* gcc -O2 pan.c16* ./a.out -a17*18* To verify it (with a bug planted in the model):19* spin -a -DBUG docs/aio_notify.promela20* gcc -O2 pan.c21* ./a.out -a22*/23#define MAX 425#define LAST (1 << (MAX - 1))26#define FINAL ((LAST << 1) - 1)27bool notify_me;29bool event;30int req;32int done;33active proctype waiter()35{36int fetch;37do39:: true -> {40notify_me++;41if43#ifndef BUG44:: (req > 0) -> skip;45#endif46:: else ->47// Wait for a nudge from the other side48do49:: event == 1 -> { event = 0; break; }50od;51fi;52notify_me--;54atomic { fetch = req; req = 0; }56done = done | fetch;57}58od59}60active proctype notifier()62{63int next = 1;64do66:: next <= LAST -> {67// generate a request68req = req | next;69next = next << 1;70// aio_notify72if73:: notify_me == 1 -> event = 1;74:: else -> printf("Skipped event_notifier_set\n"); skip;75fi;76// Test both synchronous and asynchronous delivery78if79:: 1 -> do80:: req == 0 -> break;81od;82:: 1 -> skip;83fi;84}85od;86}87never { /* [] done < FINAL */89accept_init:90do91:: done < FINAL -> skip;92od;93}94