Error: indexing array 'channels'

Question

I get this error with Spin 6.4.8:

spin: indexing channels[-1] - size is 3
spin: 2.pml:13, Error: indexing array 'channels'

when running a simulation of the following Promela Model:

chan channels[3] = [1] of { pid };

active [3] proctype node () {
    short pred = (_pid - 1) % 3;
    short succ = (_pid + 1) % 3;
    printf("Values(%d): %d, %d\n", _pid, pred, succ);
    if
        :: pred == -1 -> pred = 2;
        :: else -> skip;
    fi;
    printf("Corrected Values(%d): %d, %d\n", _pid, pred, succ);
    {
        chan pc = channels[pred];
        chan sc = channels[succ];
    }
}

As witnessed by the following output trace, I do not access the offending -1 array location as claimed by the error message:

  Values(0): -1, 1
          Values(2): 1, 0
      Values(1): 0, 2
      Corrected Values(1): 0, 2
          Corrected Values(2): 1, 0
  Corrected Values(0): 2, 1

After further analysis, which is not shown here, it also looks like that pc and sc are always initialized to the right channel value when I try to access them.

Q: why do I get an error message, and how do I fix that?

Patrick Trentin · Accepted Answer · 2018-04-18T16:22:26.190

NOTE: the code proposed in the question will no longer produce any error starting from Spin version 6.4.9 onward, thanks to updates.

Here is the solution:

Variables that apper anywhere in a proctype body are instantiated when the process is created. [...] To avoid this kind of thing it's better to separate declaration from initialization.

[G. H., private communication]

For some reasons, if a variable is both declared and initialized in the same statement, when Spin 6.4.8 instantiates them at process creation it also attempts to perform the same kind of initialization specified in the Promela Model.

On the given example, the node with _pid equal to 0 has pred equal to -1 at creation time, so Spin's attempt to also execute chan pc = channels[pred]; leads to an error because there is an out-of-bounds access.

As suggested above, one can fix this issue by separating declaration from initialization:

chan channels[3] = [1] of { pid };

active [3] proctype node () {
    short pred = (_pid - 1) % 3;
    short succ = (_pid + 1) % 3;
    printf("Values(%d): %d, %d\n", _pid, pred, succ);
    if
        :: pred == -1 -> pred = 2;
        :: else -> skip;
    fi;
    printf("Corrected Values(%d): %d, %d\n", _pid, pred, succ);
    {
        chan pc;
        chan sc;
        pc = channels[pred];
        sc = channels[succ];
    }
}

has the following output:

~$ spin test.pml 
              Values(2): 1, 0
      Values(0): -1, 1
          Values(1): 0, 2
          Corrected Values(1): 0, 2
              Corrected Values(2): 1, 0
      Corrected Values(0): 2, 1
3 processes created

Alternatively, one can circumvent the problem and prevent pred from ever having an invalid value:

chan channels[3] = [1] of { pid };

active [3] proctype node () {
    short pred = (_pid - 1 + 3) % 3;
    short succ = (_pid + 1) % 3;
    printf("Values(%d): %d, %d\n", _pid, pred, succ);
    {
        chan pc = channels[pred];
        chan sc = channels[succ];
    }
}

Error: indexing array 'channels'

1 Answers1