Model berkeley¶
Cited in: [KatzEWPS85].
Tag: parallelism.
Figure¶
Source code¶
model katz_eggers_wood_perkins_sheldon_isca85 {
var e, ne, uo, i;
states k;
transition t3 := {
from := k;
to := k;
guard := i >= 1;
action := i' = i + e + ne + uo - 1, e' = 1, ne' = 0, uo' = 0;
};
transition t2 := {
from := k;
to := k;
guard := ne + uo >= 1;
action := i' = i + ne + uo - 1, e' = e + 1, ne' = 0, uo' = 0;
};
transition t1 := {
from := k;
to := k;
guard := i >= 1;
action := ne' = ne + e, uo' = uo + 1, i' = i - 1, e' = 0;
};
}
strategy katz_eggers_wood_perkins_sheldon_isca85_s {
Region init := {state = k && e = 0 && ne = 0 && uo = 0 && i >= 1};
}
Expected invariant¶
{ k[v1, v2, v3, v4] : v2 <= 0 or v2 >= 2; k[v1, 1, v3, v4] : v1 <= 0 or v1 >= 2 }
Results¶
- With Aspic: { k[e, ne, uo, i] : ne >= 0 and e >= 0 } (0.05s), failed.
- With ISL: { k[0, ne__1, uo__1, i__1] : i__1 >= 1 - ne__1 - uo__1 and i__1 >= 0; k[e__1, 0, 0, i__1] : i__1 >= 1 - e__1; k[0, 0, 0, i] : i >= 1 } (0.02s), OK.