in qlockWithSepWant.mod

-- mutual exclusion property
mod MEX {
 pr(QLOCKw2w)
 pred mutualEx : Sys Pid Pid .
 var S :  Sys . vars I J : Pid .
 eq mutualEx(S,I,J) = ((pc(S,I) = cs and pc(S,J) = cs) implies I = J) .
} 

-- QLOCKw2w with three agents
mod QLOCKw2w-ijx {
  pr(QLOCKw2w)
  ops i j : -> Pid -- arbitrary two agents/processes
  op x : -> Pid    -- represent any Pid other than i j
  eq (i = j) = false .
  eq (i = x) = false .
  -- eq (i = none) = false .
  eq (j = x) = false .
  -- eq (j = none) = false .
  -- eq (x = none) = false .
}

mod QLOCKw2w-ijxTrans {
  pr(QLOCKw2w-ijx)
  [ Config ]
  op <_> : Sys -> Config .
  var S : Sys .
  -- possible transitions in transition rules
  ctrans [want1-i] : < S > => < want1(S,i) > if c-want1(S,i) .
  ctrans [want1-j] : < S > => < want1(S,j) > if c-want1(S,j) .
  ctrans [want1-x] : < S > => < want1(S,x) > if c-want1(S,x) .

  ctrans [want2-i] : < S > => < want2(S,i) > if c-want2(S,i) .
  ctrans [want2-j] : < S > => < want2(S,j) > if c-want2(S,j) .
  ctrans [want2-x] : < S > => < want2(S,x) > if c-want2(S,x) .

  ctrans [try-i] : < S > => < try(S,i) > if c-try(S,i) .
  ctrans [try-j] : < S > => < try(S,j) > if c-try(S,j) .
  ctrans [try-x] : < S > => < try(S,x) > if c-try(S,x) .

  ctrans [exit-i] : < S > => < exit(S,i) > if c-exit(S,i) .
  ctrans [exit-j] : < S > => < exit(S,j) > if c-exit(S,j) .
  ctrans [exit-x] : < S > => < exit(S,x) > if c-exit(S,x) .
 }

eof

-- falsification: finding counter example
open (QLOCKw2w-ijxTrans + MEX)

pred mutualEx-ij : Sys .
var S : Sys .
eq mutualEx-ij(S) = mutualEx(S,i,j) .

red < init > =(1,3)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .
red < init > =(1,4)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .
red < init > =(1,5)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .

red < init > =(1,6)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .
-- find a counter example!
show path 382

red < init > =(2,6)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .
-- show path 382
sh path 402

red < init > =(3,6)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .
-- show path 382
-- sh path 402
sh path 567

red < init > =(4,6)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .
-- show path 382
-- sh path 402
-- sh path 567
sh path 587

red < init > =(5,6)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .
red < init > =(*,6)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .

red < init > =(5,7)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .
-- show path 382
-- sh path 402
-- sh path 567
-- sh path 587
sh path 908

red < init > =(6,7)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .
-- show path 382
-- sh path 402
-- sh path 567
-- sh path 587
-- sh path 908
sh path 923

red < init > =(7,7)=>* < S:Sys > suchThat (not mutualEx-ij(S)) .
-- show path 382
-- sh path 402
-- sh path 567
-- sh path 587
-- sh path 908
-- sh path 923
sh path 953

close