As we have noted more than once, Promela is designed for modeling a system, not for implementing one with an executable program. Typically, a model will be relatively small in size, so that it will be feasible to verify correctness properties by searching its state space. A model with a handful of variables and two dozen statements can give rise to complex behavior that strains the model-checking abilities of Spin. For that reason Promela does not include an extensive set of constructs for structuring the program and its data; in particular, you will not find constructs like functions and classes that facilitate the development of large programs. Promela does have arrays and type definitions that are used for structuring data, and it has macros and inline declarations that can help make programs more readable.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag London Limited 2008

Personalised recommendations