--> --> Some notes: --> - For a specification S ::= <\Sigma,E>, "E |-_{\Sigma} e" is written --> as "S |- e". --> - "S |- p = true" is abbreviated as "S |- p". --> - (\forall X) is abbreviated as (\a X). --> --> We suppose that each S includes module BOOL, true and false are only --> constructors of sort Bool, for each sort Sort we have two equations --> eq (X:Sort = X) = true . --> eq X:Sort = Y:Sort if X = Y . --> --> Derived Proof Rules Used " - Sys-SIS: Structural Induction for sort Sys (QLOCK) QLOCK |-_{x} p(init,x) QLOCK U {(\a X)p(s,X) = true} |-_{s,k,x} p(want(s,k),x) QLOCK U {(\a X)p(s,X) = true} |-_{s,k,x} p(try(s,k),x) QLOCK U {(\a X)p(s,X) = true} |-_{s,k,x} p(exit(s,k),x) ------------------------------------------------------------------- QLOCK |- (\a S:Sys)(\a X)p(S,X) - E-OIMPL: Elimination of Object-level Implications S U {(\a X)(q = true)} |- q[X <- t] implies p ---------------------------------------------- S U {(\a X)(q = true)} |- p - TRANS-S: Transitivity in Specification t1 = t3 |- p ---------------------- {t1 = t2,t2 = t3} |- p - I-CONJ-S: Introduction of Conjunction in Specification S U {q = true,r = true} |- p -------------------------------- S U {q and r = true} |- p - I-OEQ-S: Introduction of Object-level Equality in Specification S U {t1 = t2} |- p ------------------------------- S U {(t1 = t2) = true} |- p - E-QCONS: Elimination of Queue Constructor S U {queue = q , elt} |-_{q} p ------------------------------- if S includes QUEUE S U {top(queue) = elt} |- p - CA+I-OEQ-S: Case Analysis + I-OEQ-S S U {t1 = t2} |- e S U {(t1 = t2) = false} |- e ------------------------------ S |- e - Sys-SSIS: Simultaneous Structural Induction for sort Sys (Qlock) QLOCK |-_{x} p(init,x) QLOCK U {(\a X)p(s,X) = true,(\a Y)q(s,Y) = true} |-_{s,k,x} p(want(s,k),x) QLOCK U {(\a X)p(s,X) = true,(\a Y)q(s,Y) = true} |-_{s,k,x} p(try(s,k),x) QLOCK U {(\a X)p(s,X) = true,(\a Y)q(s,Y) = true} |-_{s,k,x} p(exit(s,k),x) QLOCK |-_{y} q(init,y) QLOCK U {(\a X)p(s,X) = true,(\a Y)q(s,Y) = true} |-_{s,k,y} q(want(s,k),y) QLOCK U {(\a X)p(s,X) = true,(\a Y)q(s,Y) = true} |-_{s,k,y} q(try(s,k),y) QLOCK U {(\a X)p(s,X) = true,(\a Y)q(s,Y) = true} |-_{s,k,y} q(exit(s,k),y) ------------------------------------------------------------------------------- QLOCK |- (\a S:Sys)(\a X)p(S,X) - Queue-CS: Case Splitting on Queue Constructors S U {queue = empty} |- p S U {queue = q , a} |-_{a,q} p ------------------------------- if S includes QUEUE S |- p " --> --> Begin of constructing the proof tree of G. --> --> --> G: PRED-QLOCK |- (\a S:Sys)(\a I,J:Pid)inv1(S,I,J) --> --> Note that universally quantifiers will be omitted. --> --> 1. Sys-SIS on G --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G2: PRED-QLOCK U {inv1(s,I,J) = true} |-_{s,k,i,j} inv1(want(s,k),i,j) --> G3: PRED-QLOCK U {inv1(s,I,J) = true} |-_{s,k,i,j} inv1(try(s,k),i,j) --> G4: PRED-QLOCK U {inv1(s,I,J) = true} |-_{s,k,i,j} inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . red inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . red inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . red inv1(exit(s,k),i,j) . close --> --> 2. E-OIMPL on G2,G3,G4 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G5: PRED-QLOCK U {inv1(s,I,J) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G6: PRED-QLOCK U {inv1(s,I,J) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G7: PRED-QLOCK U {inv1(s,I,J) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 3. Case Analysis on G5,G6,G7 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G8: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G10: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G12: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = true . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = true . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = true . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 4. P-TRANS-S on G8,G10,G12 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G14: PRED-QLOCK U {inv1(s,I,J) = true,(pc(s,k) = rm) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G15: PRED-QLOCK U {inv1(s,I,J) = true, --> (pc(s,k) = wt and top(queue(s)) = k) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G16: PRED-QLOCK U {inv1(s,I,J) = true,(pc(s.k) = cs) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq (pc(s,k) = rm) = true . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq (pc(s,k) = wt and top(queue(s)) = k) = true . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq (pc(s,k) = cs) = true . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 5. I-CONJ-S on G15 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G14: PRED-QLOCK U {inv1(s,I,J) = true,(pc(s,k) = rm) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G17: PRED-QLOCK U {inv1(s,I,J) = true, --> (pc(s,k) = wt) = true,(top(queue(s)) = k) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G16: PRED-QLOCK U {inv1(s,I,J) = true,(pc(s.k) = cs) = true} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq (pc(s,k) = rm) = true . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq (pc(s,k) = wt) = true . eq (top(queue(s)) = k) = true . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq (pc(s,k) = cs) = true . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 6. I-OEQ-S on G14,G17,G16 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G18: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G19: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,top(queue(s)) = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G20: PRED-QLOCK U {inv1(s,I,J) = true,pc(s.k) = cs} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq top(queue(s)) = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 7. E-QCONS on G19 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G18: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G21: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G20: PRED-QLOCK U {inv1(s,I,J) = true,pc(s.k) = cs} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 8. CA+I-OEQ-S on G18 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G23: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm, --> (i = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G21: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G20: PRED-QLOCK U {inv1(s,I,J) = true,pc(s.k) = cs} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 9. CA+I-OEQ-S on G23 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G21: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G20: PRED-QLOCK U {inv1(s,I,J) = true,pc(s.k) = cs} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 10. CA+I-OEQ-S on G21 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G26: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G27: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G20: PRED-QLOCK U {inv1(s,I,J) = true,pc(s.k) = cs} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 11. CA+I-OEQ-S on G26,G27 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G29: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G30: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G20: PRED-QLOCK U {inv1(s,I,J) = true,pc(s.k) = cs} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 12. CA+I-OEQ-S on G20 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G29: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G30: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G33: PRED-QLOCK U {inv1(s,I,J) = true,pc(s.k) = cs, --> (i = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 13. CA+I-OEQ-S on G33 --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G29: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G30: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close --> --> 14. Sys-SSIS on G. --> We can reuse the proof (tree) fragment constructed so far. --> All we need to do for the fragment is to add a new induction --> hypothesis q(s,Y) to all the (sub-)goals that constitute the --> induction case in the fragment. --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G29: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G30: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G37: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true} |-_{s,k,i} --> inv2(want(s,k),i) --> G38: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true} |-_{s,k,i} --> inv2(try(s,k),i) --> G39: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true} |-_{s,k,i} --> inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . red inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . red inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . red inv2(exit(s,k),i) . close --> --> 15. E-OIMPL on G29,G30 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G37: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true} |-_{s,k,i} --> inv2(want(s,k),i) --> G38: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true} |-_{s,k,i} --> inv2(try(s,k),i) --> G39: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true} |-_{s,k,i} --> inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . red inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . red inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . red inv2(exit(s,k),i) . close --> --> 16. E-OIMPL on G37,G38,G39 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G42: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G43: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G44: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . red inv2(s,i) implies inv2(exit(s,k),i) . close --> --> 17. Case Analysis on G42,G43,G44 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G45: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G46: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G47: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G48: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G49: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> G50: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = true . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = true . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = true . red inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv2(s,i) implies inv2(exit(s,k),i) . close --> --> 18. P-TRANS-S on G45,G47,G49 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G51: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> (pc(s,k) = rm) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G46: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G52: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> (pc(s,k) = wt and top(queue(s)) = k) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G48: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G53: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> (pc(s.k) = cs) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> G50: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq (pc(s,k) = rm) = true . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq (pc(s,k) = wt and top(queue(s)) = k) = true . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq (pc(s,k) = cs) = true . red inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv2(s,i) implies inv2(exit(s,k),i) . close --> --> 19. I-CONJ-S on G52 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G51: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> (pc(s,k) = rm) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G46: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G54: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> (pc(s,k) = wt) = true,(top(queue(s)) = k) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G48: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G53: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> (pc(s.k) = cs) = true} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> G50: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq (pc(s,k) = rm) = true . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq (pc(s,k) = wt) = true . eq (top(queue(s)) = k) = true . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq (pc(s,k) = cs) = true . red inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv2(s,i) implies inv2(exit(s,k),i) . close --> --> 20. I-OEQ-S on G51,G54,G53 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G55: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G46: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G56: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,top(queue(s)) = k} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G48: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G57: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> G50: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq top(queue(s)) = k . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv2(s,i) implies inv2(exit(s,k),i) . close --> --> 21. E-QCONS on G56 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G55: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G46: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G58: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k} |-_{s,k,i,q} --> inv2(s,i) implies inv2(try(s,k),i) --> G48: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G57: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> G50: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv2(s,i) implies inv2(exit(s,k),i) . close --> --> 22. CA+I-OEQ-S on G55 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G59: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G60: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,(i = k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G46: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G58: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k} |-_{s,k,i,q} --> inv2(s,i) implies inv2(try(s,k),i) --> G48: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G57: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> G50: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv2(s,i) implies inv2(exit(s,k),i) . close --> --> 23. Queue-CS on G60 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G59: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G61: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,(i = k) = false,queue(s) = empty} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G62: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,(i = k) = false,queue(s) = q , l} |-_{s,k,i,l,q} --> inv2(s,i) implies inv2(want(s,k),i) --> G46: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G58: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k} |-_{s,k,i,q} --> inv2(s,i) implies inv2(try(s,k),i) --> G48: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G57: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> G50: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq queue(s) = empty . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i l : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq queue(s) = q , l . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv2(s,i) implies inv2(exit(s,k),i) . close --> --> 24. CA+I-OEQ-S on G58 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G59: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G61: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,(i = k) = false,queue(s) = empty} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G62: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,(i = k) = false,queue(s) = q , l} |-_{s,k,i,l,q} --> inv2(s,i) implies inv2(want(s,k),i) --> G46: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G63: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k} |-_{s,k,i,q} --> inv2(s,i) implies inv2(try(s,k),i) --> G64: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false} |-_{s,k,i,q} --> inv2(s,i) implies inv2(try(s,k),i) --> G48: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G57: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> G50: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq queue(s) = empty . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i l : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq queue(s) = q , l . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . red inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv2(s,i) implies inv2(exit(s,k),i) . close --> --> 25. CA+I-OEQ-S on G57 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G59: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G61: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,(i = k) = false,queue(s) = empty} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G62: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,(i = k) = false,queue(s) = q , l} |-_{s,k,i,l,q} --> inv2(s,i) implies inv2(want(s,k),i) --> G46: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G63: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k} |-_{s,k,i,q} --> inv2(s,i) implies inv2(try(s,k),i) --> G64: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false} |-_{s,k,i,q} --> inv2(s,i) implies inv2(try(s,k),i) --> G48: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G65: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> G66: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,(i = k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> G50: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq queue(s) = empty . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i l : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq queue(s) = q , l . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . red inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv2(s,i) implies inv2(exit(s,k),i) . close --> --> 26. E-OIMPL on G66 --> --> G1: PRED-QLOCK |-_{i,j} inv1(init,i,j) --> G22: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G24: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G25: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s,k) = rm, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G9: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(want(s,k),i,j) --> G28: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,j = k} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G40: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k,(j = k) = false} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G41: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false,j = k} |-_{s,k,i,j,q} --> inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) --> G31: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false, --> (j = k) = false} |-_{s,k,i,j,q} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G11: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(try(s,k),i,j) --> G32: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G34: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,j = k} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G35: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true,pc(s.k) = cs, --> (i = k) = false,(j = k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> G13: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i,j} --> inv1(s,i,j) implies inv1(exit(s,k),i,j) --> --> G36: PRED-QLOCK |-_{i} inv2(init,i) --> G59: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,i = k} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G61: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,(i = k) = false,queue(s) = empty} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G62: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = rm,(i = k) = false,queue(s) = q , l} |-_{s,k,i,l,q} --> inv2(s,i) implies inv2(want(s,k),i) --> G46: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-want(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(want(s,k),i) --> G63: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,i = k} |-_{s,k,i,q} --> inv2(s,i) implies inv2(try(s,k),i) --> G64: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s,k) = wt,queue(s) = q , k,(i = k) = false} |-_{s,k,i,q} --> inv2(s,i) implies inv2(try(s,k),i) --> G48: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-try(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(try(s,k),i) --> G65: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,i = k} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> G67: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> pc(s.k) = cs,(i = k) = false} |-_{s,k,i} --> inv1(s,i,k) implies inv2(s,i) implies inv2(exit(s,k),i) --> G50: PRED-QLOCK U {inv1(s,I,J) = true,inv2(s,I) = true, --> c-exit(s,k) = false} |-_{s,k,i} --> inv2(s,i) implies inv2(exit(s,k),i) --> open PRED-QLOCK op s : -> Sys . ops i j : -> Pid . red inv1(init,i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv1(s,i,j) implies inv1(want(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq j = k . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . eq (j = k) = false . red inv2(s,j) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq j = k . red inv2(s,i) implies inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv1(s,i,j) implies inv1(try(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq j = k . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . eq (j = k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . ops k i j : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv1(s,i,j) implies inv1(exit(s,k),i,j) . close open PRED-QLOCK op s : -> Sys . op i : -> Pid . red inv2(init,i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq i = k . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq queue(s) = empty . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i l : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = rm . eq (i = k) = false . eq queue(s) = q , l . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-want(s,k) = false . red inv2(s,i) implies inv2(want(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq i = k . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . op q : -> Queue . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = wt . eq queue(s) = q , k . eq (i = k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-try(s,k) = false . red inv2(s,i) implies inv2(try(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq i = k . red inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq pc(s,k) = cs . eq (i = k) = false . red inv1(s,i,k) implies inv2(s,i) implies inv2(exit(s,k),i) . close open PRED-QLOCK op s : -> Sys . ops k i : -> Pid . --> eq inv1(s,I:Pid,J:Pid) = true . --> eq inv2(s,I:Pid) = true . eq c-exit(s,k) = false . red inv2(s,i) implies inv2(exit(s,k),i) . close --> --> QED --> --> --> End of constructing the proof tree of G. -->