Why is the promela model timing out?

Question

I am working on a promela model that it fairly simple. Using two different modules, it acts as a crosswalk/Traffic light. The first module is the traffic light that outputs the current signal (green, red, yellow, pending). This module also receives as an input a signal called "pedestrian" which acts as an indicator that there are pedestrians wanting to cross. The second module acts as the crosswalk. It receives output signals from the traffic light module (green, yellow, green). It outputs the pedestrian signal to the traffic light module. This module simply defines whether the pedestrian(s) is crossing, waiting or not present. My issue is that upon running the model in Spin, it times out once the crosswalk begins toe execute its first few statements. I have attached the image of the trace I receive from the command line. I am completely new to Spin and Promela and so I am not entirely sure how to use the information form the trace to find my issue in the code. Any help is greatly appreciated.

Here is the code for the complete model:

mtype = {red, green, yellow, pending, none, crossing, waiting};
mtype traffic_mode;
mtype crosswalk_mode;
byte count;
chan pedestrian_chan = [0] of {byte};  
chan sigR_chan = [0] of {byte};
chan sigG_chan = [0] of {byte};
chan sigY_chan = [0] of {byte};

ltl l1 {!<> (pedestrian_chan[0] == 1) && (traffic_mode == green || traffic_mode == yellow || traffic_mode == pending)}
ltl l2 {[]<> (pedestrian_chan[0] == 1) -> crosswalk_mode == crossing }

active proctype traffic_controller(chan pedestrian_in, sigR_out, sigG_out, sigY_out)

{

do
    ::if
      ::(traffic_mode == red) -> 
        count = count + 1;
        if
        ::(count >= 60) ->
            sigG_out ! 1;
            count = 0;
            traffic_mode = green;
        fi
      ::(traffic_mode == green) -> 
        if
        ::(count < 60) ->
            count = count + 1;
            traffic_mode = green;
        ::(pedestrian_in == 1 & count < 60) ->
            count = count + 1;
            traffic_mode = pending;
        ::(pedestrian_in == 1 & count >= 60)
            count = 0;
            traffic_mode = yellow;
        fi
      ::(traffic_mode == pending) ->
        count = count + 1;
        traffic_mode = pending;
        if
        ::(count >= 60) ->
            sigY_out ! 1;
            count = 0;
            traffic_mode = yellow;
        fi  
      ::(traffic_mode == yellow) ->
        count = count + 1;
        traffic_mode = yellow;
        if
        ::(count >= 5) ->
            sigR_out ! 1;
            count = 0;
        fi
      fi
od  

}



active proctype crosswalk(chan sigR_in, sigG_in, sigY_in, pedestrian_out)

{
do
    ::if
      ::(crosswalk_mode == crossing) ->
        if
        ::(sigG_in == 1) -> crosswalk_mode = none;
        fi
      ::(crosswalk_mode == none) ->
        if  
        :: (1 == 1) -> crosswalk_mode = none;
        :: (1 == 1) -> 
            pedestrian_out ! 1;
            crosswalk_mode = waiting;
        fi
      ::(crosswalk_mode == waiting) ->
        if
        ::(sigR_in == 1) -> crosswalk_mode = crossing;
        fi
      fi
od   
}   
init

{
    count = 0;
    traffic_mode = red;
    crosswalk_mode = crossing;

    atomic
    {
        run traffic_controller(pedestrian_chan, sigR_chan, sigG_chan, sigY_chan);
        run crosswalk(sigR_chan, sigG_chan, sigY_chan, pedestrian_chan);
    }
}


[![enter image description here][1]][1]

Answer 1

The issue is very easy to spot, the system gets stuck in this code here:

    if
    ::(count >= 60) ->
        sigG_out ! 1;
        count = 0;
        traffic_mode = green;
    fi

what happens if count is not greater or equal 60?

The processes cannot execute the (only) branch, because the condition is false, so they both stop there waiting for it to become true some time in the future.

You should provide an alternative branch like else -> skip so the processes can simply get past that if ... fi statement.