Project

General

Profile

Download (6.79 KB) Statistics
| Branch: | Tag: | Revision:
1

    
2
node First( X : int ) returns ( First : int );
3
let
4
    First = X -> pre First;
5
tel
6
node Sofar( X : bool ) returns ( Sofar : bool );
7
let
8
    Sofar = X -> X and pre Sofar;
9
tel
10
node excludes12( X1, X2, X3, X4, X5, X6, X7, X8, X9, X10, X11, X12 : bool ) returns ( excludes : bool );
11
let
12
    excludes = not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
13
                  X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
14
              not X1 and     X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
15
              not X1 and not X2 and     X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
16
              not X1 and not X2 and not X3 and     X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
17
              not X1 and not X2 and not X3 and not X4 and     X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
18
              not X1 and not X2 and not X3 and not X4 and not X5 and     X6 and not X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
19
              not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and     X7 and not X8 and not X9 and not X10 and not X11 and not X12 or
20
              not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and     X8 and not X9 and not X10 and not X11 and not X12 or
21
              not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and     X9 and not X10 and not X11 and not X12 or
22
              not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and     X10 and not X11 and not X12 or
23
              not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and     X11 and not X12 or
24
              not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 and not X10 and not X11 and     X12;
25
tel
26
node DRAGON(e01, e02, e03, e04, e05, e06, e07, e08, e09, e10, e11, e12 : bool;
27
init_invalid : int)
28
returns(exclusive, shared, shared_dirty, dirty, invalid : int; erreur : bool);
29
var
30
   g01, g02, g03, g04, g05, g06, g07, g08, g09, g10, g11, g12 : bool;
31
   mem_init : int;
32
let
33
   mem_init = init_invalid -> pre mem_init;
34
   erreur = if(exclusive >= 2) then true else false;
35
   g01 = pre invalid>=1 and pre dirty=0 and pre shared=0 and pre exclusive=0 and pre shared_dirty=0;
36
   g02 = pre invalid>=1 and pre dirty -1- pre shared + pre exclusive + pre shared_dirty>=1;
37
   g03 = pre exclusive>=1;
38
   g04 = pre shared_dirty=1 and pre shared=0;
39
   g05 = pre shared_dirty=0 and pre shared=1;
40
   g06 = pre shared_dirty + pre shared>=2;
41
   g07 = pre invalid>=1 and pre dirty=0 and pre shared=0 and pre exclusive=0 and pre shared_dirty=0;
42
   g08 = pre invalid>=1 and pre dirty + pre shared + pre exclusive + pre shared_dirty>=1;
43
   g09 = pre dirty>=1;
44
   g10 = pre shared>=1;
45
   g11 = pre shared_dirty>=1;
46
   g12 = pre exclusive>=1;
47
   exclusive = 0 -> 
48
   if(e01) then if(g01) then pre exclusive+1 else pre exclusive else 
49
   if(e02) then if(g02) then 0 else pre exclusive else 
50
   if(e03) then if(g03) then pre exclusive-1 else pre exclusive else 
51
   if(e08) then if(g08) then 0 else pre exclusive else 
52
   if(e12) then if(g12) then pre exclusive-1 else pre exclusive else 
53
   pre exclusive;
54
   shared = 0 -> 
55
   if(e02) then if(g02) then pre shared+pre exclusive+1 else pre shared else 
56
   if(e05) then if(g05) then 0 else pre shared else 
57
   if(e06) then if(g06) then pre shared+pre shared_dirty-1 else pre shared else
58
   if(e08) then if(g08) then pre shared+pre exclusive+pre shared_dirty+pre dirty else pre shared else 
59
   if(e10) then if(g10) then pre shared-1 else pre shared else 
60
   pre shared;
61
   shared_dirty = 0 -> 
62
   if(e02) then if(g02) then pre shared_dirty+pre dirty else pre shared_dirty else 
63
   if(e04) then if(g04) then 0 else pre shared_dirty else 
64
   if(e06) then if(g06) then 1 else pre shared_dirty else 
65
   if(e08) then if(g08) then 1 else pre shared_dirty else 
66
   if(e11) then if(g11) then pre shared_dirty-1 else pre shared_dirty else 
67
   pre shared_dirty;
68
   dirty = 0 -> 
69
   if(e02) then if(g02) then 0 else pre dirty else 
70
   if(e03) then if(g03) then pre dirty+1 else pre dirty else 
71
   if(e04) then if(g04) then pre dirty+1 else pre dirty else 
72
   if(e05) then if(g05) then pre dirty+1 else pre dirty else 
73
   if(e07) then if(g07) then pre dirty+1 else pre dirty else 
74
   if(e08) then if(g08) then 0 else pre dirty else 
75
   if(e09) then if(g09) then pre dirty-1 else pre dirty else 
76
   pre dirty;
77
   invalid = mem_init -> 
78
   if(e01) then if(g01) then pre invalid-1 else pre invalid else 
79
   if(e02) then if(g02) then pre invalid-1 else pre invalid else 
80
   if(e07) then if(g07) then pre invalid-1 else pre invalid else 
81
   if(e08) then if(g08) then pre invalid-1 else pre invalid else 
82
   if(e09) then if(g09) then pre invalid+1 else pre invalid else 
83
   if(e10) then if(g10) then pre invalid+1 else pre invalid else 
84
   if(e11) then if(g11) then pre invalid+1 else pre invalid else 
85
   if(e12) then if(g12) then pre invalid+1 else pre invalid else 
86
   pre invalid;
87
tel
88
node top( e01, e02, e03, e04, e05, e06, e07, e08, e09, e10, e11, e12 : bool;
89
             init_invalid : int )
90
returns ( OK: bool );
91
--@ contract guarantees OK;
92
    var exclusive, shared, shared_dirty, dirty, invalid : int;
93
        R1, R2, R3, R4, R5, R6, R7, R8, R9, R10, R11, R12, R13, R14 : bool;
94
        erreur : bool;
95
        env : bool;
96
let
97
    ( exclusive, shared, shared_dirty, dirty, invalid, erreur ) =
98
        DRAGON( e01, e02, e03, e04, e05, e06, e07, e08, e09, e10, e11, e12,
99
                init_invalid );
100
    env = Sofar( excludes12( e01, e02, e03, e04, e05, e06, e07, e08, e09, e10,
101
                            e11, e12 ) and
102
                 init_invalid > 0 );
103
    R1 = env => not erreur;
104
    R2 = env => (true -> (exclusive+shared+shared_dirty+dirty+invalid) =
105
                   pre(exclusive+shared+shared_dirty+dirty+invalid)); 
106
    R3 = env => exclusive + shared + shared_dirty + dirty + invalid =
107
           First( init_invalid ); 
108
    R4 = env => dirty <= 1; 
109
    R5 = env => dirty < 1 or  shared < 1; 
110
    R6 = env => shared >= 0;
111
    R7 = env => exclusive >= 0;
112
    R8 = env => shared_dirty >= 0;
113
    R9 = env => dirty >= 0;
114
    R10 = env => invalid >= 0;
115
    R11 = env => shared <= First( init_invalid ); 
116
    R12 = env => shared_dirty <= First( init_invalid ); 
117
    R13 = env => dirty <= First( init_invalid ); 
118
    R14 = env => invalid <= First( init_invalid ); 
119
  --%MAIN;
120
    OK = R1 and R2 and R3 and R4 and R5 and R6 and R7 and R8 and R9 and R10 and R11 and R12 and R13 and R14;
121
    --%PROPERTY OK=true;
122
tel
(595-595/1414)