--> **************************************************************** --> QLOCK property specification --> **************************************************************** --> ---------------------------------------------------------------- --> require qlock-sys require qlock-sys --> ---------------------------------------------------------------- --> INIT: module for defining intitial states predicate --> ---------------------------------------------------------------- mod INIT { pr(STATE) pred init_ : As . eq (init empS) = false . eq (init (A:Aid AS:As)) = true . pred init_ : State . eq (init [Q:Aq r ASr:As w ASw:As c ASc:As]) = ((Q =aq empQ) and (init ASr) and (ASw =as empS) and (ASc =as empS)) . } --> ---------------------------------------------------------------- --> MX: module for defining mutual exclusion proporty --> (a target property) --> ---------------------------------------------------------------- mod MX { pr(STATE) -- mutual exclusion property: -- at most one agent is in the critical section, -- this is the goal predicate -- mx pred mx_ : As . eq (mx empS) = true . eq (mx (A:Aid AS:As)) = (AS =as empS) . pred mx_ : State . eq (mx [Q:Aq r ASr:As w ASw:As c ASc:As]) = (mx ASc) . } --> ---------------------------------------------------------------- --> HQ=C: only the top of the queue is in the critical section --> ---------------------------------------------------------------- mod HQ=C { pr(STATE) pred hq=c_ : State . eq (hq=c [Q:Aq r ASr:As w ASw:As c ASc:As]) = (ASc =as empS) or (not(Q =aq empQ) and ((hd Q) =as ASc)) . } --> ---------------------------------------------------------------- --> provide qlock-prop provide qlock-prop --> **************************************************************** --> end of file eof --> ****************************************************************