-- ========================================================================
--                  QLOCK property specification
-- ========================================================================

-- ========================================================================
-- a comment starts with '-- ' or '** ' and ends at the end of line
--
-- a convention for commenting:
--   '-- ' is used before the commented CafeOBJ text
--   '** ' is used after the commented CafeOBJ text

-- ========================================================================
require qlock-sys

-- ========================================================================
-- intitial states predicate
mod! INIT {pr(STATE)
pred init_ : As .
eq (init empS) = false .
eq (init (A:Aid AS:As)) = true .
pred init_ : State .
eq (init [Q:Aq r ASr:As w ASw:As c ASc:As]) 
    = ((Q = empQ) and (init ASr) and (ASw = empS) and (ASc = empS)) .
}

-- ========================================================================
-- mutual exclusion proporty: a target property
mod! MX {pr(STATE)
-- mutual exclusion property: at most one agent is in the critical section
-- this is the goal predicate
-- mx
pred mx_ : As .
eq (mx empS) = true .
eq (mx (A:Aid AS:As)) = (AS = empS) .
pred mx_ : State .
eq (mx [Q:Aq r ASr:As w ASw:As c ASc:As]) = (mx ASc) .
}

-- ========================================================================
-- only the top of the queue is in the critical section
mod! HQ=C {pr(STATE)
pred hq=c_ : State  .
eq (hq=c [Q:Aq r ASr:As w ASw:As c ASc:As]) = 
     (ASc = empS) or (not(Q = empQ) and ((hd Q) = ASc)) .
}

-- ========================================================================
-- this file provides feature qlock-prop
provide qlock-prop

-- ========================================================================
eof
** end of file