2020-05-06 17:10:03 +02:00
|
|
|
MODULE main
|
|
|
|
VAR
|
|
|
|
turn: 1 .. 2;
|
|
|
|
p: proc(turn, 1);
|
|
|
|
q: proc(turn, 2);
|
|
|
|
ASSIGN
|
|
|
|
init(turn) := 1;
|
|
|
|
next(turn) :=
|
|
|
|
case
|
|
|
|
q.state = done: 1;
|
|
|
|
p.state = done: 2;
|
|
|
|
TRUE: turn;
|
|
|
|
esac;
|
|
|
|
|
|
|
|
CTLSPEC -- no mutual exclusion
|
|
|
|
AG (p.state != critical | q.state != critical)
|
|
|
|
|
|
|
|
CTLSPEC -- no deadlock
|
|
|
|
AG ((p.state = wait | q.state = wait) -> AF (p.state = critical | q.state = critical))
|
|
|
|
|
|
|
|
CTLSPEC -- no individual starvation
|
|
|
|
AG (p.state = wait -> AF p.state = critical)
|
|
|
|
CTLSPEC
|
|
|
|
AG (q.state = wait -> AF q.state = critical)
|
2020-05-07 17:47:52 +02:00
|
|
|
CTLSPEC
|
|
|
|
AG (q.state = wait -> EF q.state = critical)
|
2020-05-06 17:10:03 +02:00
|
|
|
|
|
|
|
MODULE proc(turn, id) -- Model a process taking turn
|
|
|
|
VAR
|
|
|
|
state: {begin, wait, critical, done};
|
|
|
|
ASSIGN
|
|
|
|
init(state) := begin;
|
|
|
|
next(state) :=
|
|
|
|
case
|
|
|
|
state = begin: {begin, wait};
|
|
|
|
state = wait & turn = id: critical;
|
2020-05-07 17:47:52 +02:00
|
|
|
state = critical: done;
|
2020-05-06 17:10:03 +02:00
|
|
|
state = done: begin;
|
|
|
|
TRUE: state;
|
|
|
|
esac;
|