forked from cubicle-model-checker/cubicle
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ricart_abdulla_int.cub
124 lines (95 loc) · 2.47 KB
/
ricart_abdulla_int.cub
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
type state = Idle | Wait | Use
type msg = Empty | Req | Ack | Ok
var Timer : int
array State[proc] : state
array Clock[proc] : int
array Last[proc] : int
array Channel_msg[proc,proc] : msg
array Channel_timestamp[proc,proc] : int
const Tick : int
init (z z1) { State[z] = Idle &&
Clock[z] = 0 &&
Last[z] = 0 &&
Timer = 1 &&
Channel_msg[z,z1] = Empty &&
Channel_timestamp[z,z1] = 0 }
(* invariant () { Tick <= 0 } *)
unsafe (z1 z2) {
State[z1] = Use && State[z2] = Use &&
Channel_msg[z1,z2] = Ok && Channel_msg[z2,z1] = Ok
}
transition t1 (z)
requires { State[z] = Idle && 0 < Tick }
{
Timer := Timer + Tick;
State[z] := Wait;
Clock[z] := Timer;
Last[z] := Timer;
Channel_msg[s,r] := case
| s = z && Channel_msg[s,r] = Empty : Req
| _ : Channel_msg[s,r];
Channel_timestamp[s,r] := case
| s = z && Channel_msg[s,r] = Empty : Timer
| _ : Channel_timestamp[s,r];
}
transition t2 (z r)
requires { State[z] = Wait &&
Channel_msg[z,r] = Ack &&
0 < Tick}
{
Timer := Timer + Tick;
Clock[z] := Timer;
Channel_msg[z,r] := Ok;
Channel_timestamp[z,r] := Timer;
}
transition t3 (z)
requires { State[z] = Wait &&
forall_other j. Channel_msg[z,j] = Ok }
{
State[z] := Use;
}
transition t4 (z)
requires { State[z] = Use && 0 < Tick }
{
Timer := Timer + Tick;
State[z] := Idle;
Clock[z] := Timer;
Channel_msg[s,r] := case
| s = z && Channel_msg[s,r] = Ok : Empty
| r = z && Channel_msg[s,r] = Req : Ack
| _ : Channel_msg[s,r];
Channel_timestamp[s,r] := case
| r = z && Channel_msg[s,r] = Req : Timer
| _ : Channel_timestamp[s,r];
}
transition t5 (z s)
requires { State[z] = Idle &&
Channel_msg[s,z] = Req &&
Channel_timestamp[s,z] < Clock[z] && 0 < Tick }
{
Timer := Timer + Tick;
Clock[z] := Timer;
Channel_msg[s,z] := Ack;
Channel_timestamp[s,z] := Timer;
}
transition t6 (z s)
requires { State[z] = Wait &&
Channel_msg[s,z] = Req &&
Channel_timestamp[s,z] < Last[z] && 0 < Tick }
{
Timer := Timer + Tick;
Clock[z] := Timer;
Channel_msg[s,z] := Ack;
Channel_timestamp[s,z] := Timer;
}
transition t7 (z s)
requires { State[z] = Wait &&
Channel_msg[s,z] = Req &&
Channel_timestamp[s,z] = Last[z] &&
s < z && 0 < Tick }
{
Timer := Timer + Tick;
Clock[z] := Timer;
Channel_msg[s,z] := Ack;
Channel_timestamp[s,z] := Timer;
}