--> **************************************************************** --> PROOF score for the initial states condition --> **************************************************************** --> ---------------------------------------------------------------- --> require qlock-prop require qlock-prop --> ---------------------------------------------------------------- --> INITcheck: module for checking initial condition --> ---------------------------------------------------------------- mod INITcheck { inc(INIT + MX + HQ=C) pred check-init_ : State . eq (check-init S:State) = (init S) implies ((mx S) and (hq=c S)) . -- fresh constants op aq : -> Aq . ops as-r as-w as-c : -> As . -- initial condition proposition op initCheck : -> Bool . eq initCheck = check-init [aq r as-r w as-w c as-c] . } --> ================================================================ --> check that (init implies q=wc) (1) --> ---------------------------------------------------------------- select INITcheck . :goal{eq initCheck = true .} :def csp-q = :csp{eq aq = empQ . eq (aq =aq empQ) = false .} :def csp-r = :csp{eq as-r = empS . eq (as-r =as empS) = false .} :def csp-w = :csp{eq as-w = empS . eq (as-w =as empS) = false .} :def csp-c = :csp{eq as-c = empS . eq (as-c =as empS) = false .} :apply(csp-q rd- csp-r rd- csp-w rd- csp-c rd-) --> QED --> ================================================================ #| INITcheck(X.STATE)> :show proof root* [csp-q] 1* [csp-r] 1-1* [csp-r] 1-2* [csp-w] 1-2-1* [csp-c] 1-2-1-1* [csp-c] 1-2-1-2* [csp-w] 1-2-2* [csp-q] 2* INITcheck(X.STATE)> :describe proof ==> root* -- context module: #Goal-root -- targeted sentence: eq initCheck = true . [csp-q] 1* -- context module: #Goal-1 -- assumption eq [csp-q]: aq = empQ . -- targeted sentence: eq initCheck = true . [csp-r] 1-1* -- context module: #Goal-1-1 -- assumptions eq [csp-q]: aq = empQ . eq [csp-r]: as-r = empS . -- discharged sentence: eq [RD-]: initCheck = true . [csp-r] 1-2* -- context module: #Goal-1-2 -- assumptions eq [csp-q]: aq = empQ . eq [csp-r]: as-r =as empS = false . -- targeted sentence: eq initCheck = true . [csp-w] 1-2-1* -- context module: #Goal-1-2-1 -- assumptions eq [csp-q]: aq = empQ . eq [csp-r]: as-r =as empS = false . eq [csp-w]: as-w = empS . -- targeted sentence: eq initCheck = true . [csp-c] 1-2-1-1* -- context module: #Goal-1-2-1-1 -- assumptions eq [csp-q]: aq = empQ . eq [csp-r]: as-r =as empS = false . eq [csp-w]: as-w = empS . eq [csp-c]: as-c = empS . -- discharged sentence: eq [RD-]: initCheck = true . [csp-c] 1-2-1-2* -- context module: #Goal-1-2-1-2 -- assumptions eq [csp-q]: aq = empQ . eq [csp-r]: as-r =as empS = false . eq [csp-w]: as-w = empS . eq [csp-c]: as-c =as empS = false . -- discharged sentence: eq [RD-]: initCheck = true . [csp-w] 1-2-2* -- context module: #Goal-1-2-2 -- assumptions eq [csp-q]: aq = empQ . eq [csp-r]: as-r =as empS = false . eq [csp-w]: as-w =as empS = false . -- discharged sentence: eq [RD-]: initCheck = true . [csp-q] 2* -- context module: #Goal-2 -- assumption eq [csp-q]: aq =aq empQ = false . -- discharged sentence: eq [RD-]: initCheck = true . |# --> ================================================================ --> check that (init implies q=wc) (2) --> ---------------------------------------------------------------- --> 1-1 open INITcheck . eq aq = empQ . eq as-r = empS . red initCheck . close --> 1-2-1-1 open INITcheck . eq aq = empQ . eq (as-r =as empS) = false . eq as-w = empS . eq as-c = empS . red initCheck . close --> 1-2-1-2 open INITcheck . eq aq = empQ . eq (as-r =as empS) = false . eq as-w = empS . eq (as-c =as empS) = false . red initCheck . close --> 1-2-2 open INITcheck . eq aq = empQ . eq (as-r =as empS) = false . eq (as-w =as empS) = false . red initCheck . close --> 2 open INITcheck . eq (aq =aq empQ) = false . red initCheck . close --> QED --> **************************************************************** --> end of file eof --> ****************************************************************