-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathferryman.smv
54 lines (43 loc) · 1.01 KB
/
ferryman.smv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
-- The ferry man example
MODULE main
VAR
ferryman : {initial,destination};
goat : {initial,destination};
cabbage : {initial,destination};
wolf : {initial,destination};
carry : {g,c,w,none};
ASSIGN
init(ferryman) := initial;
init(goat) := initial;
init(cabbage) := initial;
init(wolf) := initial;
init(carry) := none;
next(ferryman) := {initial,destination};
next(carry) :=
case
ferryman = goat : g;
TRUE : none;
esac union
case
ferryman = cabbage : c;
TRUE : none;
esac union
case
ferryman = wolf : w;
TRUE : none;
esac union none;
next(goat) := case
ferryman = goat & next(carry) = g : next(ferryman);
TRUE : goat;
esac;
next(cabbage) := case
ferryman = cabbage & next(carry) = c : next(ferryman);
TRUE : cabbage;
esac;
next(wolf) := case
ferryman = wolf & next(carry) = w : next(ferryman);
TRUE : wolf;
esac;
LTLSPEC !( ( (goat = cabbage | goat = wolf) -> goat = ferryman)
U (goat = destination & cabbage = destination &
wolf = destination & ferryman = destination))