1

I want to formulate this problem in NuSMv : enter image description here

  • A user can be in one of these three states: U-need,U-using,U-sad(representing a user that needs a service, starts using and he/ she is happy with the quality of this service or starts using and he/ she is sad because of the bad quality of his service respectively).

  • A service can be in one of these three states: S-offer,S-good,S-bad; ;(representing a service that is not in use, a service offering a good quality or a service offering a bad quality respectively).

  • A set of events : look,use,stop,monitor,detect-p,remedy-p , representing looking for a service, start using a service, stop using a service , monitoring the quality, detecting a problem in a service and remedy the problem respectively.

  • this is my SMV code: 

     MODULE main
 VAR


 Service: {S-offer,S-good,S-bad};
 User:{U-need,U-using,U-sad};
 Event:{look,use,stop,monitor,detect-p,remedy-p};

  ASSIGN

      init(Event) := look; 
      init(User) := U-need;
      init(Service) := {S-offer,S-good};


    next(Event) := case

    (Event = look) &  (Service=S-offer) : look;
    (Event = look) &  (Service=S-good) : use;
    (Event = use) &  (Service=S-good) : monitor;
    (Event = monitor) &  (Service=S-good) : {monitor,stop,detect-p};
    (Event = detect-p)  : remedy-p;
    (Event = remedy-p)  : monitor;

    TRUE:Event;

             esac;


    next(User) := case

    (Event = look) &  next(Event)=look : U-need;
    (Event = look) &  next(Event)=use : U-using;
    (Event = use) &  next(Event)=monitor : U-using;
    (Event = monitor) &  next(Event)=monitor : U-using;
    (Event = monitor) &  next(Event)=stop : U-need;
    (Event = monitor) &  next(Event)=detect-p : U-sad;
    (Event = detect-p ) &  next(Event)=remedy-p :  U-using; 

                TRUE:User;

             esac;
      next(Service) := case

    (Event = look) &  next(Event)=look : S-offer;
    (Event = look) &  next(Event)=use : S-good;
    (Event = use) &  next(Event)=monitor : S-good;
    (Event = monitor) &  next(Event)=monitor : S-good;
    (Event = monitor) &  next(Event)=stop : S-offer;
    (Event = monitor) &  next(Event)=detect-p : S-bad;
    (Event = detect-p ) &  next(Event)=remedy-p :  S-good; 

                TRUE:Service;

             esac;

-I want to confirm that this code represents the problem I described above - I represent both the events and the states of services and users as variables, is this correct?

Patrick Trentin
  • 7,126
  • 3
  • 23
  • 40
sam
  • 53
  • 4
  • IMHO, it is difficult to answer this question as-is. The sketch doesn't seem to match with the the verbose specification in natural language, and the specification is not detailed enough to assess whether the model implements the desired behavior or not. You can try simulating the system and check whether the transition relation and the set of states matches what you have in mind. **Also:** the model would be more readable if each agent is contained in a different **module**. – Patrick Trentin May 30 '19 at 17:19
  • what I want exactly is to know : is it correct to use enumerate variables to model labelled transitions as I have done with the variable "Event" (I use it to represent the labelled transitions such as start, stop, monitor and detect-P) – sam May 30 '19 at 18:28
  • is there a difference between the use of kripke structure and the LTS (labeled transition systems) ? – sam May 30 '19 at 18:30
  • AFAIK, there are no *labeled transitions* in NuSMV. In general, I would personally model an **event** as a non-deterministic input of the system. However, what you call *"event"* in the specification looks more like an **action** than an event. For an example of an *agent+action* system, look at [this](https://stackoverflow.com/questions/47710169/how-to-use-nusmv-to-witness-the-man-in-the-middle-attack-needham-schroeder-prot/47851679#47851679) – Patrick Trentin May 30 '19 at 18:42
  • Ok Dr. Patrick Trentin, I have talked about labeled transition because I have read before a paper in which athours said that they implement LTS in the NuSMV model checker. "A model checking approach for user relationship management in the social network". https://www.emeraldinsight.com/doi/abs/10.1108/K-02-2018-0092 – sam May 30 '19 at 21:48
  • One thing is the abstraction that is being modeled, another thing is the language. A labeled transition `TR(S1, S2)` can be trivially modeled by substituting it with a pair of transitions `TR'(S1, ST)` and `TR''(ST, S2)`, where `ST` is a new state labeled with the name of `TR(S1,S2)`. Other, more sophisticated but also more efficient, approaches may exist. Having said that, I spoke from memory, so I might be wrong: **check the documentation!** – Patrick Trentin May 30 '19 at 21:56
  • Ok Dr. Patrick Trentin, as I said before, I am new with NuSMV model checker and formal verification (not more than one month), and I have sincerely learned a lot from you, have a good luck... – sam May 30 '19 at 22:04
  • note: no need to use titles here. ;) – Patrick Trentin May 30 '19 at 22:05

0 Answers0