Project

General

Profile

Download (3.99 KB) Statistics
| Branch: | Tag: | Revision:
1

    
2
node First( X : int ) returns ( First : int );
3
let
4
    First = X -> pre First;
5
tel
6
node Sofar( X : bool ) returns ( Sofar : bool );
7
let
8
    Sofar = X -> X and pre Sofar;
9
tel
10
node excludes9( X1, X2, X3, X4, X5, X6, X7, X8, X9 : bool ) returns ( excludes : bool );
11
let
12
    excludes = not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 or
13
                  X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 or
14
              not X1 and     X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 or
15
              not X1 and not X2 and     X3 and not X4 and not X5 and not X6 and not X7 and not X8 and not X9 or
16
              not X1 and not X2 and not X3 and     X4 and not X5 and not X6 and not X7 and not X8 and not X9 or
17
              not X1 and not X2 and not X3 and not X4 and     X5 and not X6 and not X7 and not X8 and not X9 or
18
              not X1 and not X2 and not X3 and not X4 and not X5 and     X6 and not X7 and not X8 and not X9 or
19
              not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and     X7 and not X8 and not X9 or
20
              not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and     X8 and not X9 or
21
              not X1 and not X2 and not X3 and not X4 and not X5 and not X6 and not X7 and not X8 and     X9;
22
tel
23
node illinois(e1, e2, e3, e4, e5, e6, e7, e8, e9 : bool; init_invalid : int)
24
returns(invalid, dirty, exclusive, shared : int);
25
var
26
   g1, g2, g3, g4, g5, g6, g7, g8, g9 : bool;
27
let
28
   g1 = pre invalid>=1 and pre dirty=0 and pre shared=0 and pre exclusive=0;
29
   g2 = pre invalid>=1 and pre dirty>=1;
30
   g3 = pre invalid>=1 and pre shared+pre exclusive>=1;
31
   g4 = pre exclusive>=1;
32
   g5 = pre shared>=1;
33
   g6 = pre invalid>=1;
34
   g7 = pre dirty>=1;
35
   g8 = pre shared>=1;
36
   g9 = pre exclusive>=1;
37
   invalid = (if(init_invalid>0) then init_invalid else 1-init_invalid) ->
38
   if(e1) then if(g1) then pre invalid-1 else pre invalid else 
39
   if(e2) then if(g2) then pre invalid-1 else pre invalid else 
40
   if(e3) then if(g3) then pre invalid-1 else pre invalid else 
41
   if(e5) then if(g5) then pre invalid+pre shared-1 else pre invalid else 
42
   if(e6) then if(g6) then pre invalid+pre dirty+pre shared+pre exclusive-1 else pre invalid else 
43
   if(e7) then if(g7) then pre invalid+1 else pre invalid else 
44
   if(e8) then if(g8) then pre invalid+1 else pre invalid else 
45
   if(e9) then if(g9) then pre invalid+1 else pre invalid else 
46
   pre invalid;
47
   dirty = 0 -> 
48
   if(e2) then if(g2) then pre dirty-1 else pre dirty else 
49
   if(e4) then if(g4) then pre dirty+1 else pre dirty else 
50
   if(e5) then if(g5) then pre dirty+1 else pre dirty else 
51
   if(e6) then if(g6) then 1 else pre dirty else 
52
   if(e7) then if(g7) then pre dirty-1 else pre dirty else 
53
   pre dirty;
54
   exclusive = 0 -> 
55
   if(e1) then if(g1) then pre exclusive+1 else pre exclusive else 
56
   if(e3) then if(g3) then pre 0 else pre exclusive else 
57
   if(e4) then if(g4) then pre exclusive-1 else pre exclusive else 
58
   if(e6) then if(g6) then 0 else pre exclusive else 
59
   if(e9) then if(g9) then pre exclusive-1 else pre exclusive else 
60
   pre exclusive;
61
   shared = 0 -> 
62
   if(e2) then if(g2) then pre shared+2 else pre shared else 
63
   if(e3) then if(g3) then pre shared+pre exclusive+1 else pre shared else 
64
   if(e5) then if(g5) then 0 else pre shared else 
65
   if(e6) then if(g6) then 0 else pre shared else 
66
   if(e8) then if(g8) then pre shared-1 else pre shared else 
67
   pre shared;
68
tel
69
node top(e1, e2, e3, e4, e5, e6, e7, e8, e9 : bool; init_invalid : int)
70
returns( OK : bool);
71
--@ contract guarantees OK;
72
    var invalid, dirty, exclusive, shared : int;
73
        env : bool;
74
let
75
    ( invalid, dirty, exclusive, shared ) =
76
        illinois( e1, e2, e3, e4, e5, e6, e7, e8, e9, init_invalid );
77
    env = Sofar( excludes9( e1, e2, e3, e4, e5, e6, e7, e8, e9 ) and
78
                 init_invalid > 0 );
79
    OK = env => invalid -1- dirty + exclusive + shared = First( init_invalid );
80
  --%MAIN;
81
  --%PROPERTY  OK=true;
82
tel
(85-85/911)