1
|
|
2
|
node Sofar( X : bool ) returns ( Sofar : bool );
|
3
|
let
|
4
|
Sofar = X -> X or pre Sofar;
|
5
|
tel
|
6
|
node excludes12( X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X12 : bool ) returns ( excludes : bool );
|
7
|
let
|
8
|
excludes = not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
|
9
|
X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
|
10
|
not X1 and X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
|
11
|
not X1 and not X2 and X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
|
12
|
not X1 and not X2 and not X3 and X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
|
13
|
not X1 and not X2 and not X3 and not X4 and X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
|
14
|
not X1 and not X2 and not X3 and not X4 and not X5 and X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
|
15
|
not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
|
16
|
not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and X8 and not X9 and not X10 and not X11 and not X12 or
|
17
|
not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and X9 and not X10 and not X11 and not X12 or
|
18
|
not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and X10 and not X11 and not X12 or
|
19
|
not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and X11 and not X12 or
|
20
|
not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and X12;
|
21
|
tel
|
22
|
node DRAGON(e01, e02, e03, e04, e05, e06, e07, e08, e09, e10, e11, e12 : bool;
|
23
|
init_invalid : int)
|
24
|
returns(exclusive, shared, shared_dirty, dirty, invalid : int; erreur : bool);
|
25
|
var
|
26
|
g01, g02, g03, g04, g05, g06, g07, g08, g09, g10, g11, g12 : bool;
|
27
|
mem_init : int;
|
28
|
let
|
29
|
mem_init = init_invalid -> pre mem_init;
|
30
|
erreur = if(exclusive >= 2) then true else false;
|
31
|
g01 = pre invalid>=1 and pre dirty=0 and pre shared=0 and pre exclusive=0 and pre shared_dirty=0;
|
32
|
g02 = pre invalid>=1 and pre dirty -1+ pre shared + pre exclusive + pre shared_dirty>=1;
|
33
|
g03 = pre exclusive>=1;
|
34
|
g04 = pre shared_dirty=1 and pre shared=0;
|
35
|
g05 = pre shared_dirty=0 and pre shared=1;
|
36
|
g06 = pre shared_dirty + pre shared>=2;
|
37
|
g07 = pre invalid>=1 and pre dirty=0 and pre shared=0 and pre exclusive=0 and pre shared_dirty=0;
|
38
|
g08 = pre invalid>=1 and pre dirty + pre shared + pre exclusive + pre shared_dirty>=1;
|
39
|
g09 = pre dirty>=1;
|
40
|
g10 = pre shared>=1;
|
41
|
g11 = pre shared_dirty>=1;
|
42
|
g12 = pre exclusive>=1;
|
43
|
exclusive = 0 ->
|
44
|
if(e01) then if(g01) then pre exclusive+1 else pre exclusive else
|
45
|
if(e02) then if(g02) then 0 else pre exclusive else
|
46
|
if(e03) then if(g03) then pre exclusive-1 else pre exclusive else
|
47
|
if(e08) then if(g08) then 0 else pre exclusive else
|
48
|
if(e12) then if(g12) then pre exclusive-1 else pre exclusive else
|
49
|
pre exclusive;
|
50
|
shared = 0 ->
|
51
|
if(e02) then if(g02) then pre shared+pre exclusive+1 else pre shared else
|
52
|
if(e05) then if(g05) then 0 else pre shared else
|
53
|
if(e06) then if(g06) then pre shared+pre shared_dirty-1 else pre shared else
|
54
|
if(e08) then if(g08) then pre shared+pre exclusive+pre shared_dirty+pre dirty else pre shared else
|
55
|
if(e10) then if(g10) then pre shared-1 else pre shared else
|
56
|
pre shared;
|
57
|
shared_dirty = 0 ->
|
58
|
if(e02) then if(g02) then pre shared_dirty+pre dirty else pre shared_dirty else
|
59
|
if(e04) then if(g04) then 0 else pre shared_dirty else
|
60
|
if(e06) then if(g06) then 1 else pre shared_dirty else
|
61
|
if(e08) then if(g08) then 1 else pre shared_dirty else
|
62
|
if(e11) then if(g11) then pre shared_dirty-1 else pre shared_dirty else
|
63
|
pre shared_dirty;
|
64
|
dirty = 0 ->
|
65
|
if(e02) then if(g02) then 0 else pre dirty else
|
66
|
if(e03) then if(g03) then pre dirty+1 else pre dirty else
|
67
|
if(e04) then if(g04) then pre dirty+1 else pre dirty else
|
68
|
if(e05) then if(g05) then pre dirty+1 else pre dirty else
|
69
|
if(e07) then if(g07) then pre dirty+1 else pre dirty else
|
70
|
if(e08) then if(g08) then 0 else pre dirty else
|
71
|
if(e09) then if(g09) then pre dirty-1 else pre dirty else
|
72
|
pre dirty;
|
73
|
invalid = mem_init ->
|
74
|
if(e01) then if(g01) then pre invalid-1 else pre invalid else
|
75
|
if(e02) then if(g02) then pre invalid-1 else pre invalid else
|
76
|
if(e07) then if(g07) then pre invalid-1 else pre invalid else
|
77
|
if(e08) then if(g08) then pre invalid-1 else pre invalid else
|
78
|
if(e09) then if(g09) then pre invalid+1 else pre invalid else
|
79
|
if(e10) then if(g10) then pre invalid+1 else pre invalid else
|
80
|
if(e11) then if(g11) then pre invalid+1 else pre invalid else
|
81
|
if(e12) then if(g12) then pre invalid+1 else pre invalid else
|
82
|
pre invalid;
|
83
|
tel
|
84
|
node top( e01, e02, e03, e04, e05, e06, e07, e08, e09, e10, e11, e12 : bool;
|
85
|
init_invalid : int ) returns ( OK : bool );
|
86
|
--@ contract guarantees OK;
|
87
|
var exclusive, shared, shared_dirty, dirty, invalid : int;
|
88
|
erreur : bool;
|
89
|
env : bool;
|
90
|
let
|
91
|
( exclusive, shared, shared_dirty, dirty, invalid, erreur ) =
|
92
|
DRAGON( e01, e02, e03, e04, e05, e06, e07, e08, e09, e10, e11, e12,
|
93
|
init_invalid );
|
94
|
env = Sofar( excludes12( e01, e02, e03, e04, e05, e06, e07, e08, e09, e10,
|
95
|
e11, e12 ) and
|
96
|
init_invalid > 0 );
|
97
|
OK = env => dirty <= 1;
|
98
|
--%MAIN;
|
99
|
--%PROPERTY OK=true;
|
100
|
tel
|