MODULE main
VAR
    turn: 1..2;
    p: proc(turn, 1);
    q: proc(turn, 2);
ASSIGN
    init(turn) := 1;
    next(turn) := case
                    p.state = done: 2;
                    q.state = done: 1;
                    TRUE: turn;
                  esac;

CTLSPEC -- no mutual exclusion
  AG (p.state != done | q.state != done)

CTLSPEC -- no deadlock
  AG ((p.state = await | q.state = await) -> AF (p.state = done | q.state = done))

CTLSPEC -- no individual starvation
  AG (p.state = await -> AF p.state = done)
CTLSPEC
  AG (q.state = await -> AF q.state = done)

CTLSPEC -- prova: path senza starvation
  AG (q.state = await -> EF q.state = done)


LTLSPEC -- no mutual exclusion
  G (p.state != done | q.state != done)
LTLSPEC -- no deadlock
  G ((p.state = await | q.state = await) -> F (p.state = done | q.state = done))
LTLSPEC -- no individual starvation
  G (p.state = await -> F p.state = done)
LTLSPEC
  G (q.state = await -> F q.state = done)




MODULE proc(turn, id)
VAR
    state: {await, done};
ASSIGN
    init(state) := await;
    next(state) := case
                    turn = id: {await, done};
                    state = await: await;
                    state = done: await;
                   esac;