├── .gitignore ├── AltBitProtocol ├── AltBitProtocol.cfg ├── AltBitProtocol.old ├── AltBitProtocol.tla └── AltBitProtocol.toolbox │ ├── .project │ ├── .settings │ └── org.lamport.tla.toolbox.prefs │ ├── AltBitProtocol.tla.pmap │ └── AltBitProtocol___ABP_Model_1.launch ├── AsyncInterface ├── AsyncInterface.cfg ├── AsyncInterface.old ├── AsyncInterface.tla └── AsyncInterface.toolbox │ ├── .project │ ├── .settings │ └── org.lamport.tla.toolbox.prefs │ ├── AI_Model_1 │ ├── AsyncInterface.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── AI_Model_2 │ ├── AsyncInterface.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── AsyncInterface.tla.pmap │ ├── AsyncInterface___AI_Model_1.launch │ └── AsyncInterface___AI_Model_2.launch ├── AsyncInterfaceChan ├── AsyncInterfaceChan.cfg ├── AsyncInterfaceChan.old ├── AsyncInterfaceChan.tla └── AsyncInterfaceChan.toolbox │ ├── .project │ ├── .settings │ └── org.lamport.tla.toolbox.prefs │ ├── AIChan_Model_1 │ ├── AsyncInterfaceChan.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── AIChan_Model_2 │ ├── AsyncInterfaceChan.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── AsyncInterfaceChan.tla.pmap │ ├── AsyncInterfaceChan___AIChan_Model_1.launch │ └── AsyncInterfaceChan___AIChan_Model_2.launch ├── Euclid ├── Euclid.cfg ├── Euclid.old ├── Euclid.tla └── Euclid.toolbox │ ├── .project │ ├── .settings │ └── org.lamport.tla.toolbox.prefs │ ├── Euclid___Model_1.launch │ └── Model_1 │ ├── Euclid.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out ├── FIFO ├── FIFO.cfg ├── FIFO.old ├── FIFO.tla └── FIFO.toolbox │ ├── .project │ ├── .settings │ └── org.lamport.tla.toolbox.prefs │ ├── FIFO.tla.pmap │ ├── FIFO_Model_4 │ ├── FIFO.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ └── FIFO___FIFO_Model_4.launch ├── FastMutex ├── FastMutex.cfg ├── FastMutex.old ├── FastMutex.tla └── FastMutex.toolbox │ ├── .project │ ├── .settings │ └── org.lamport.tla.toolbox.prefs │ ├── FM_Bad_Model_2 │ ├── FastMutex.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── FM_Model_1 │ ├── FastMutex.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── FM_Model_3 │ ├── FastMutex.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── FM_Model_4 │ ├── FastMutex.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── FM_Model_5 │ ├── FastMutex.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── FM_Model_6 │ ├── FastMutex.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── FastMutex.tla.pmap │ ├── FastMutex___FM_Bad_Model_2.launch │ ├── FastMutex___FM_Model_1.launch │ ├── FastMutex___FM_Model_3.launch │ ├── FastMutex___FM_Model_4.launch │ ├── FastMutex___FM_Model_5.launch │ └── FastMutex___FM_Model_6.launch ├── HourClock ├── HourClock.cfg ├── HourClock.old ├── HourClock.tla └── HourClock.toolbox │ ├── .project │ ├── .settings │ └── org.lamport.tla.toolbox.prefs │ ├── HR_Model_1 │ ├── HourClock.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── HR_Model_2 │ ├── HourClock.tla │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ └── MC_TE.out │ ├── HourClock.tla.pmap │ ├── HourClock___HR_Model_1.launch │ └── HourClock___HR_Model_2.launch ├── HyperBook ├── DieHarder │ ├── DieHarder.cfg │ ├── DieHarder.old │ └── DieHarder.tla └── TickTock │ ├── TickTock.cfg │ ├── TickTock.old │ └── TickTock.tla ├── HyperClock ├── HyperClock.cfg ├── HyperClock.old └── HyperClock.tla ├── HyperDieHard ├── HyperDieHard.tla ├── PCalDieHard.cfg ├── PCalDieHard.old └── PCalDieHard.tla ├── HyperEuclid ├── HyperEuclid.cfg ├── HyperEuclid.old └── HyperEuclid.tla ├── README.md ├── TE4 ├── TE4.cfg ├── TE4.old ├── TE4.play └── TE4.tla ├── TE42 ├── TE42.cfg ├── TE42.old └── TE42.tla ├── TwoPhaseCommit ├── TwoPhaseCommit.cfg ├── TwoPhaseCommit.old ├── TwoPhaseCommit.tla └── TwoPhaseCommit.toolbox │ ├── .project │ ├── .settings │ └── org.lamport.tla.toolbox.prefs │ ├── TPC_Model_2 │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ ├── MC_TE.out │ └── TwoPhaseCommit.tla │ ├── TPC_Model_3 │ ├── MC.cfg │ ├── MC.out │ ├── MC.tla │ ├── MC_TE.out │ └── TwoPhaseCommit.tla │ ├── TwoPhaseCommit.tla.pmap │ ├── TwoPhaseCommit___TPC_Model_1.launch │ ├── TwoPhaseCommit___TPC_Model_2.launch │ └── TwoPhaseCommit___TPC_Model_3.launch └── library └── GCD └── GCD.tla /.gitignore: -------------------------------------------------------------------------------- 1 | workspace/ 2 | TE4/TE4.toolbox 3 | TE4.pdf 4 | *toolbox/ 5 | -------------------------------------------------------------------------------- /AltBitProtocol/AltBitProtocol.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* Add statements after this line. 4 | -------------------------------------------------------------------------------- /AltBitProtocol/AltBitProtocol.old: -------------------------------------------------------------------------------- 1 | --------------------- MODULE AltBitProtocol ---------------------- 2 | EXTENDS Naturals, Sequences, TLC 3 | CONSTANT Msg 4 | 5 | Remove(i, seq) == [j \in 1..(Len(seq)-1) |-> IF j < i THEN seq[j] ELSE seq[j+1]] 6 | 7 | (* 8 | --algorithm AltBitProtocol { 9 | variables 10 | input = <<>>, output = <<>>, 11 | msgChan = <<>>, ackChan = <<>>, 12 | newChan = <<>>; 13 | 14 | macro Send(m, chan) { 15 | chan := Append(chan, m); 16 | } 17 | 18 | macro Recv(v, chan) { 19 | await chan # <<>>; \* could also do Len(chan) > 0 ?? 20 | v := Head(chan); 21 | chan := Tail(chan); 22 | } 23 | 24 | process (Sender = "S") 25 | variables next = 1, sbit = 0, ack; 26 | { 27 | s: while (TRUE) { 28 | either with (m \in Msg) { 29 | input := Append(input, m); 30 | 31 | } or { 32 | await next <= Len(input); 33 | Send(<>, msgChan); 34 | 35 | } or { 36 | Recv(ack, ackChan); 37 | if (ack = sbit) { 38 | next := next + 1; 39 | sbit := (sbit + 1) % 2; 40 | }; 41 | }; 42 | print <<"Sender", input>>; 43 | } 44 | }; \* end Sender process block 45 | 46 | process (Receiver = "R") 47 | variables rbit = 1, msg; 48 | { 49 | r: while (TRUE) { 50 | either { 51 | Send(rbit, ackChan); 52 | } or { 53 | Recv(msg, msgChan); 54 | if (msg[2] # rbit) { 55 | rbit := (rbit + 1) % 2; 56 | output := Append(output, msg[1]); 57 | }; 58 | }; 59 | } 60 | }; \* end Receiver process block 61 | 62 | process (LoseMsg = "L") { 63 | l: while (TRUE) { 64 | either with (i \in 1..Len(msgChan)) { 65 | msgChan := Remove(i, msgChan); 66 | } or with (i \in 1..Len(ackChan)) { 67 | ackChan := Remove(i, ackChan); 68 | }; 69 | } 70 | }; \* end LoseMsg process block 71 | 72 | } \* end algorithm 73 | *) 74 | \* BEGIN TRANSLATION 75 | CONSTANT defaultInitValue 76 | VARIABLES input, output, msgChan, ackChan, newChan, next, sbit, ack, rbit, 77 | msg 78 | 79 | vars == << input, output, msgChan, ackChan, newChan, next, sbit, ack, rbit, 80 | msg >> 81 | 82 | ProcSet == {"S"} \cup {"R"} \cup {"L"} 83 | 84 | Init == (* Global variables *) 85 | /\ input = <<>> 86 | /\ output = <<>> 87 | /\ msgChan = <<>> 88 | /\ ackChan = <<>> 89 | /\ newChan = <<>> 90 | (* Process Sender *) 91 | /\ next = 1 92 | /\ sbit = 0 93 | /\ ack = defaultInitValue 94 | (* Process Receiver *) 95 | /\ rbit = 1 96 | /\ msg = defaultInitValue 97 | 98 | Sender == /\ \/ /\ \E m \in Msg: 99 | input' = Append(input, m) 100 | /\ UNCHANGED <> 101 | \/ /\ next <= Len(input) 102 | /\ msgChan' = Append(msgChan, (<>)) 103 | /\ UNCHANGED <> 104 | \/ /\ ackChan # <<>> 105 | /\ ack' = Head(ackChan) 106 | /\ ackChan' = Tail(ackChan) 107 | /\ IF ack' = sbit 108 | THEN /\ next' = next + 1 109 | /\ sbit' = (sbit + 1) % 2 110 | ELSE /\ TRUE 111 | /\ UNCHANGED << next, sbit >> 112 | /\ UNCHANGED <> 113 | /\ PrintT(<<"Sender", input'>>) 114 | /\ UNCHANGED << output, newChan, rbit, msg >> 115 | 116 | Receiver == /\ \/ /\ ackChan' = Append(ackChan, rbit) 117 | /\ UNCHANGED <> 118 | \/ /\ msgChan # <<>> 119 | /\ msg' = Head(msgChan) 120 | /\ msgChan' = Tail(msgChan) 121 | /\ IF msg'[2] # rbit 122 | THEN /\ rbit' = (rbit + 1) % 2 123 | /\ output' = Append(output, msg'[1]) 124 | ELSE /\ TRUE 125 | /\ UNCHANGED << output, rbit >> 126 | /\ UNCHANGED ackChan 127 | /\ UNCHANGED << input, newChan, next, sbit, ack >> 128 | 129 | LoseMsg == /\ \/ /\ \E i \in 1..Len(msgChan): 130 | msgChan' = Remove(i, msgChan) 131 | /\ UNCHANGED ackChan 132 | \/ /\ \E i \in 1..Len(ackChan): 133 | ackChan' = Remove(i, ackChan) 134 | /\ UNCHANGED msgChan 135 | /\ UNCHANGED << input, output, newChan, next, sbit, ack, rbit, msg >> 136 | 137 | Next == Sender \/ Receiver \/ LoseMsg 138 | 139 | Spec == Init /\ [][Next]_vars 140 | 141 | \* END TRANSLATION 142 | 143 | ================================================================== 144 | -------------------------------------------------------------------------------- /AltBitProtocol/AltBitProtocol.tla: -------------------------------------------------------------------------------- 1 | --------------------- MODULE AltBitProtocol ---------------------- 2 | EXTENDS Naturals, Sequences, TLC 3 | CONSTANT Msg 4 | 5 | (******************************************************) 6 | (* AltBitProtocol from The PlusCal Algorithm Language *) 7 | (* paper by Lamport *) 8 | (******************************************************) 9 | 10 | Remove(i, seq) == [j \in 1..(Len(seq)-1) |-> IF j < i THEN seq[j] ELSE seq[j+1]] 11 | 12 | (* 13 | --algorithm AltBitProtocol { 14 | variables 15 | input = <<>>, output = <<>>, 16 | msgChan = <<>>, ackChan = <<>>, 17 | newChan = <<>>; 18 | 19 | macro Send(m, chan) { 20 | chan := Append(chan, m); 21 | } 22 | 23 | macro Recv(v, chan) { 24 | await chan # <<>>; \* could also do Len(chan) > 0 ?? 25 | v := Head(chan); 26 | chan := Tail(chan); 27 | } 28 | 29 | process (Sender = "S") 30 | variables next = 1, sbit = 0, ack; 31 | { 32 | s: while (TRUE) { 33 | either with (m \in Msg) { 34 | input := Append(input, m); 35 | 36 | } or { 37 | await next <= Len(input); 38 | Send(<>, msgChan); 39 | 40 | } or { 41 | Recv(ack, ackChan); 42 | if (ack = sbit) { 43 | next := next + 1; 44 | sbit := (sbit + 1) % 2; 45 | }; 46 | }; 47 | print <<"Sender", input>>; 48 | } 49 | }; \* end Sender process block 50 | 51 | process (Receiver = "R") 52 | variables rbit = 1, msg; 53 | { 54 | r: while (TRUE) { 55 | either { 56 | Send(rbit, ackChan); 57 | } or { 58 | Recv(msg, msgChan); 59 | if (msg[2] # rbit) { 60 | rbit := (rbit + 1) % 2; 61 | output := Append(output, msg[1]); 62 | }; 63 | }; 64 | } 65 | }; \* end Receiver process block 66 | 67 | process (LoseMsg = "L") { 68 | l: while (TRUE) { 69 | either with (i \in 1..Len(msgChan)) { 70 | msgChan := Remove(i, msgChan); 71 | } or with (i \in 1..Len(ackChan)) { 72 | ackChan := Remove(i, ackChan); 73 | }; 74 | } 75 | }; \* end LoseMsg process block 76 | 77 | } \* end algorithm 78 | *) 79 | \* BEGIN TRANSLATION 80 | CONSTANT defaultInitValue 81 | VARIABLES input, output, msgChan, ackChan, newChan, next, sbit, ack, rbit, 82 | msg 83 | 84 | vars == << input, output, msgChan, ackChan, newChan, next, sbit, ack, rbit, 85 | msg >> 86 | 87 | ProcSet == {"S"} \cup {"R"} \cup {"L"} 88 | 89 | Init == (* Global variables *) 90 | /\ input = <<>> 91 | /\ output = <<>> 92 | /\ msgChan = <<>> 93 | /\ ackChan = <<>> 94 | /\ newChan = <<>> 95 | (* Process Sender *) 96 | /\ next = 1 97 | /\ sbit = 0 98 | /\ ack = defaultInitValue 99 | (* Process Receiver *) 100 | /\ rbit = 1 101 | /\ msg = defaultInitValue 102 | 103 | Sender == /\ \/ /\ \E m \in Msg: 104 | input' = Append(input, m) 105 | /\ UNCHANGED <> 106 | \/ /\ next <= Len(input) 107 | /\ msgChan' = Append(msgChan, (<>)) 108 | /\ UNCHANGED <> 109 | \/ /\ ackChan # <<>> 110 | /\ ack' = Head(ackChan) 111 | /\ ackChan' = Tail(ackChan) 112 | /\ IF ack' = sbit 113 | THEN /\ next' = next + 1 114 | /\ sbit' = (sbit + 1) % 2 115 | ELSE /\ TRUE 116 | /\ UNCHANGED << next, sbit >> 117 | /\ UNCHANGED <> 118 | /\ PrintT(<<"Sender", input'>>) 119 | /\ UNCHANGED << output, newChan, rbit, msg >> 120 | 121 | Receiver == /\ \/ /\ ackChan' = Append(ackChan, rbit) 122 | /\ UNCHANGED <> 123 | \/ /\ msgChan # <<>> 124 | /\ msg' = Head(msgChan) 125 | /\ msgChan' = Tail(msgChan) 126 | /\ IF msg'[2] # rbit 127 | THEN /\ rbit' = (rbit + 1) % 2 128 | /\ output' = Append(output, msg'[1]) 129 | ELSE /\ TRUE 130 | /\ UNCHANGED << output, rbit >> 131 | /\ UNCHANGED ackChan 132 | /\ UNCHANGED << input, newChan, next, sbit, ack >> 133 | 134 | LoseMsg == /\ \/ /\ \E i \in 1..Len(msgChan): 135 | msgChan' = Remove(i, msgChan) 136 | /\ UNCHANGED ackChan 137 | \/ /\ \E i \in 1..Len(ackChan): 138 | ackChan' = Remove(i, ackChan) 139 | /\ UNCHANGED msgChan 140 | /\ UNCHANGED << input, output, newChan, next, sbit, ack, rbit, msg >> 141 | 142 | Next == Sender \/ Receiver \/ LoseMsg 143 | 144 | Spec == Init /\ [][Next]_vars 145 | 146 | \* END TRANSLATION 147 | 148 | ================================================================== 149 | -------------------------------------------------------------------------------- /AltBitProtocol/AltBitProtocol.toolbox/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | AltBitProtocol 4 | 5 | 6 | 7 | 8 | 9 | toolbox.builder.TLAParserBuilder 10 | 11 | 12 | 13 | 14 | toolbox.builder.PCalAlgorithmSearchingBuilder 15 | 16 | 17 | 18 | 19 | 20 | toolbox.natures.TLANature 21 | 22 | 23 | 24 | AltBitProtocol.tla 25 | 1 26 | /home/midpeter444/lang/tlaplus/pluscal/AltBitProtocol/AltBitProtocol.tla 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /AltBitProtocol/AltBitProtocol.toolbox/.settings/org.lamport.tla.toolbox.prefs: -------------------------------------------------------------------------------- 1 | #Mon Apr 06 21:15:47 EDT 2015 2 | ProjectRootFile=/home/midpeter444/lang/tlaplus/pluscal/AltBitProtocol/AltBitProtocol.tla 3 | ProjectToolboxDirSize=4 4 | eclipse.preferences.version=1 5 | -------------------------------------------------------------------------------- /AltBitProtocol/AltBitProtocol.toolbox/AltBitProtocol.tla.pmap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/quux00/PlusCal-Examples/1369a5c0531e20d476c501ca03a79c08ecf7c868/AltBitProtocol/AltBitProtocol.toolbox/AltBitProtocol.tla.pmap -------------------------------------------------------------------------------- /AltBitProtocol/AltBitProtocol.toolbox/AltBitProtocol___ABP_Model_1.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* Add statements after this line. 4 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.old: -------------------------------------------------------------------------------- 1 | ---------------------- MODULE AsyncInterface ----------------------- 2 | EXTENDS Naturals, TLC 3 | \*CONSTANT Data \* TODO: how specify Data as a range in the Model Checker? 4 | 5 | \* Based on the AsynchInterface TLA+ example in Ch. 3 of "Specifying Systems" 6 | 7 | (* 8 | --algorithm AsyncInterface { 9 | variables 10 | val \in 0..100, \* TODO: change 0..100 to Data 11 | rdy \in 0..1, 12 | ack \in 0..1; 13 | 14 | process (Send = "send") 15 | variable oldrdy; 16 | { 17 | s00: while (TRUE) { 18 | s01: await rdy = ack; 19 | s02: val := 44; \* TODO: how choose a random val? 20 | oldrdy := rdy; 21 | rdy := 1 - rdy; 22 | 23 | print <>; 24 | assert (val \in 0..100); 25 | assert (rdy \in 0..1); 26 | assert (ack \in 0..1); 27 | assert (rdy # oldrdy); 28 | assert (rdy # ack); 29 | } 30 | }; \* end process Send 31 | 32 | 33 | process (Recv = "recv") 34 | variable oldack; 35 | { 36 | r00: while (TRUE) { 37 | r01: await rdy # ack; 38 | r02: oldack := ack; 39 | ack := 1 - ack; 40 | 41 | print <>; 42 | \* TypeInvariants 43 | assert (val \in 0..100); 44 | assert (rdy \in 0..1); 45 | assert (ack \in 0..1); 46 | assert (ack # oldack); 47 | assert (rdy = ack); 48 | } 49 | }; \* end process Recv 50 | 51 | } \* end algorithm 52 | *) 53 | \* BEGIN TRANSLATION 54 | CONSTANT defaultInitValue 55 | VARIABLES val, rdy, ack, pc, oldrdy, oldack 56 | 57 | vars == << val, rdy, ack, pc, oldrdy, oldack >> 58 | 59 | ProcSet == {"send"} \cup {"recv"} 60 | 61 | Init == (* Global variables *) 62 | /\ val \in 0..100 63 | /\ rdy \in 0..1 64 | /\ ack \in 0..1 65 | (* Process Send *) 66 | /\ oldrdy = defaultInitValue 67 | (* Process Recv *) 68 | /\ oldack = defaultInitValue 69 | /\ pc = [self \in ProcSet |-> CASE self = "send" -> "s00" 70 | [] self = "recv" -> "r00"] 71 | 72 | s00 == /\ pc["send"] = "s00" 73 | /\ pc' = [pc EXCEPT !["send"] = "s01"] 74 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 75 | 76 | s01 == /\ pc["send"] = "s01" 77 | /\ rdy = ack 78 | /\ pc' = [pc EXCEPT !["send"] = "s02"] 79 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 80 | 81 | s02 == /\ pc["send"] = "s02" 82 | /\ val' = 44 83 | /\ oldrdy' = rdy 84 | /\ rdy' = 1 - rdy 85 | /\ PrintT(<>) 86 | /\ Assert((rdy' # oldrdy'), 87 | "Failure of assertion at line 24, column 15.") 88 | /\ Assert((rdy' = ack), "Failure of assertion at line 25, column 15.") 89 | /\ Assert((val' \in 0..100), 90 | "Failure of assertion at line 26, column 15.") 91 | /\ Assert((rdy' \in 0..1), 92 | "Failure of assertion at line 27, column 15.") 93 | /\ Assert((ack \in 0..1), 94 | "Failure of assertion at line 28, column 15.") 95 | /\ pc' = [pc EXCEPT !["send"] = "s00"] 96 | /\ UNCHANGED << ack, oldack >> 97 | 98 | Send == s00 \/ s01 \/ s02 99 | 100 | r00 == /\ pc["recv"] = "r00" 101 | /\ pc' = [pc EXCEPT !["recv"] = "r01"] 102 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 103 | 104 | r01 == /\ pc["recv"] = "r01" 105 | /\ rdy # ack 106 | /\ pc' = [pc EXCEPT !["recv"] = "r02"] 107 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 108 | 109 | r02 == /\ pc["recv"] = "r02" 110 | /\ oldack' = ack 111 | /\ ack' = 1 - ack 112 | /\ PrintT(<>) 113 | /\ Assert((val \in 0..100) /\ 114 | (rdy \in 0..1) /\ 115 | (ack' \in 0..1) /\ 116 | (ack' # oldack') /\ 117 | (rdy = ack'), "Failure of assertion at line 43, column 15.") 118 | /\ pc' = [pc EXCEPT !["recv"] = "r00"] 119 | /\ UNCHANGED << val, rdy, oldrdy >> 120 | 121 | Recv == r00 \/ r01 \/ r02 122 | 123 | Next == Send \/ Recv 124 | 125 | Spec == Init /\ [][Next]_vars 126 | 127 | \* END TRANSLATION 128 | 129 | 130 | ==================================================================== 131 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.tla: -------------------------------------------------------------------------------- 1 | ---------------------- MODULE AsyncInterface ----------------------- 2 | EXTENDS Naturals, TLC 3 | \*CONSTANT Data \* TODO: how specify Data as a range in the Model Checker? 4 | 5 | \* Based on the AsynchInterface TLA+ example in Ch. 3 of "Specifying Systems" 6 | 7 | (* 8 | --algorithm AsyncInterface { 9 | variables 10 | val \in 0..100, \* TODO: change 0..100 to Data 11 | rdy \in 0..1, 12 | ack \in 0..1; 13 | 14 | process (Send = "send") 15 | variable oldrdy; 16 | { 17 | s00: while (TRUE) { 18 | s01: await rdy = ack; 19 | s02: val := 44; \* TODO: how choose a random val? 20 | oldrdy := rdy; 21 | rdy := 1 - rdy; 22 | 23 | print <>; 24 | assert (val \in 0..100); 25 | assert (rdy \in 0..1); 26 | assert (ack \in 0..1); 27 | assert (rdy # oldrdy); 28 | assert (rdy # ack); 29 | } 30 | }; \* end process Send 31 | 32 | 33 | process (Recv = "recv") 34 | variable oldack; 35 | { 36 | r00: while (TRUE) { 37 | r01: await rdy # ack; 38 | r02: oldack := ack; 39 | ack := 1 - ack; 40 | 41 | print <>; 42 | \* TypeInvariants 43 | assert (val \in 0..100); 44 | assert (rdy \in 0..1); 45 | assert (ack \in 0..1); 46 | assert (ack # oldack); 47 | assert (rdy = ack); 48 | } 49 | }; \* end process Recv 50 | 51 | } \* end algorithm 52 | *) 53 | \* BEGIN TRANSLATION 54 | CONSTANT defaultInitValue 55 | VARIABLES val, rdy, ack, pc, oldrdy, oldack 56 | 57 | vars == << val, rdy, ack, pc, oldrdy, oldack >> 58 | 59 | ProcSet == {"send"} \cup {"recv"} 60 | 61 | Init == (* Global variables *) 62 | /\ val \in 0..100 63 | /\ rdy \in 0..1 64 | /\ ack \in 0..1 65 | (* Process Send *) 66 | /\ oldrdy = defaultInitValue 67 | (* Process Recv *) 68 | /\ oldack = defaultInitValue 69 | /\ pc = [self \in ProcSet |-> CASE self = "send" -> "s00" 70 | [] self = "recv" -> "r00"] 71 | 72 | s00 == /\ pc["send"] = "s00" 73 | /\ pc' = [pc EXCEPT !["send"] = "s01"] 74 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 75 | 76 | s01 == /\ pc["send"] = "s01" 77 | /\ rdy = ack 78 | /\ pc' = [pc EXCEPT !["send"] = "s02"] 79 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 80 | 81 | s02 == /\ pc["send"] = "s02" 82 | /\ val' = 44 83 | /\ oldrdy' = rdy 84 | /\ rdy' = 1 - rdy 85 | /\ PrintT(<>) 86 | /\ Assert((val' \in 0..100), 87 | "Failure of assertion at line 24, column 15.") 88 | /\ Assert((rdy' \in 0..1), 89 | "Failure of assertion at line 25, column 15.") 90 | /\ Assert((ack \in 0..1), 91 | "Failure of assertion at line 26, column 15.") 92 | /\ Assert((rdy' # oldrdy'), 93 | "Failure of assertion at line 27, column 15.") 94 | /\ Assert((rdy' # ack), "Failure of assertion at line 28, column 15.") 95 | /\ pc' = [pc EXCEPT !["send"] = "s00"] 96 | /\ UNCHANGED << ack, oldack >> 97 | 98 | Send == s00 \/ s01 \/ s02 99 | 100 | r00 == /\ pc["recv"] = "r00" 101 | /\ pc' = [pc EXCEPT !["recv"] = "r01"] 102 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 103 | 104 | r01 == /\ pc["recv"] = "r01" 105 | /\ rdy # ack 106 | /\ pc' = [pc EXCEPT !["recv"] = "r02"] 107 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 108 | 109 | r02 == /\ pc["recv"] = "r02" 110 | /\ oldack' = ack 111 | /\ ack' = 1 - ack 112 | /\ PrintT(<>) 113 | /\ Assert((val \in 0..100), 114 | "Failure of assertion at line 43, column 15.") 115 | /\ Assert((rdy \in 0..1), 116 | "Failure of assertion at line 44, column 15.") 117 | /\ Assert((ack' \in 0..1), 118 | "Failure of assertion at line 45, column 15.") 119 | /\ Assert((ack' # oldack'), 120 | "Failure of assertion at line 46, column 15.") 121 | /\ Assert((rdy = ack'), "Failure of assertion at line 47, column 15.") 122 | /\ pc' = [pc EXCEPT !["recv"] = "r00"] 123 | /\ UNCHANGED << val, rdy, oldrdy >> 124 | 125 | Recv == r00 \/ r01 \/ r02 126 | 127 | Next == Send \/ Recv 128 | 129 | Spec == Init /\ [][Next]_vars 130 | 131 | \* END TRANSLATION 132 | 133 | 134 | ==================================================================== 135 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | AsyncInterface 4 | 5 | 6 | 7 | 8 | 9 | toolbox.builder.TLAParserBuilder 10 | 11 | 12 | 13 | 14 | toolbox.builder.PCalAlgorithmSearchingBuilder 15 | 16 | 17 | 18 | 19 | 20 | toolbox.natures.TLANature 21 | 22 | 23 | 24 | AsyncInterface.tla 25 | 1 26 | /home/midpeter444/lang/tlaplus/pluscal/AsyncInterface/AsyncInterface.tla 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/.settings/org.lamport.tla.toolbox.prefs: -------------------------------------------------------------------------------- 1 | #Sun Apr 05 14:20:17 EDT 2015 2 | ProjectRootFile=/home/midpeter444/lang/tlaplus/pluscal/AsyncInterface/AsyncInterface.tla 3 | ProjectToolboxDirSize=4 4 | eclipse.preferences.version=1 5 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/AI_Model_1/AsyncInterface.tla: -------------------------------------------------------------------------------- 1 | ---------------------- MODULE AsyncInterface ----------------------- 2 | EXTENDS Naturals, TLC 3 | \*CONSTANT Data 4 | 5 | \* Based on the AsynchInterface TLA+ example in Ch. 3 of "Specifying Systems" 6 | 7 | (* 8 | --algorithm AsyncInterface { 9 | variables 10 | val \in 0..100, 11 | rdy \in 0..1, 12 | ack \in 0..1; 13 | 14 | process (Send = "send") 15 | { 16 | s00: while (TRUE) { 17 | s01: await rdy = ack; 18 | s02: val := 44; \* how choose a random val? 19 | rdy := 1 - rdy; 20 | 21 | print <>; 22 | \* TypeInvariant 23 | assert (val \in 0..100) /\ 24 | (rdy \in 0..1) /\ 25 | (ack \in 0..1) 26 | } 27 | }; \* end process Send 28 | 29 | 30 | process (Recv = "recv") 31 | { 32 | r00: while (TRUE) { 33 | r01: await rdy # ack; 34 | r02: ack := 1 - ack; 35 | 36 | print <>; 37 | \* TypeInvariant 38 | assert (val \in 0..100) /\ 39 | (rdy \in 0..1) /\ 40 | (ack \in 0..1) 41 | } 42 | }; \* end process Recv 43 | 44 | } \* end algorithm 45 | *) 46 | \* BEGIN TRANSLATION 47 | VARIABLES val, rdy, ack, pc 48 | 49 | vars == << val, rdy, ack, pc >> 50 | 51 | ProcSet == {"send"} \cup {"recv"} 52 | 53 | Init == (* Global variables *) 54 | /\ val \in 0..100 55 | /\ rdy \in 0..1 56 | /\ ack \in 0..1 57 | /\ pc = [self \in ProcSet |-> CASE self = "send" -> "s00" 58 | [] self = "recv" -> "r00"] 59 | 60 | s00 == /\ pc["send"] = "s00" 61 | /\ pc' = [pc EXCEPT !["send"] = "s01"] 62 | /\ UNCHANGED << val, rdy, ack >> 63 | 64 | s01 == /\ pc["send"] = "s01" 65 | /\ rdy = ack 66 | /\ pc' = [pc EXCEPT !["send"] = "s02"] 67 | /\ UNCHANGED << val, rdy, ack >> 68 | 69 | s02 == /\ pc["send"] = "s02" 70 | /\ val' = 44 71 | /\ rdy' = 1 - rdy 72 | /\ PrintT(<>) 73 | /\ Assert((val' \in 0..100) /\ 74 | (rdy' \in 0..1) /\ 75 | (ack \in 0..1), 76 | "Failure of assertion at line 23, column 15.") 77 | /\ pc' = [pc EXCEPT !["send"] = "s00"] 78 | /\ ack' = ack 79 | 80 | Send == s00 \/ s01 \/ s02 81 | 82 | r00 == /\ pc["recv"] = "r00" 83 | /\ pc' = [pc EXCEPT !["recv"] = "r01"] 84 | /\ UNCHANGED << val, rdy, ack >> 85 | 86 | r01 == /\ pc["recv"] = "r01" 87 | /\ rdy # ack 88 | /\ pc' = [pc EXCEPT !["recv"] = "r02"] 89 | /\ UNCHANGED << val, rdy, ack >> 90 | 91 | r02 == /\ pc["recv"] = "r02" 92 | /\ ack' = 1 - ack 93 | /\ PrintT(<>) 94 | /\ Assert((val \in 0..100) /\ 95 | (rdy \in 0..1) /\ 96 | (ack' \in 0..1), 97 | "Failure of assertion at line 38, column 15.") 98 | /\ pc' = [pc EXCEPT !["recv"] = "r00"] 99 | /\ UNCHANGED << val, rdy >> 100 | 101 | Recv == r00 \/ r01 \/ r02 102 | 103 | Next == Send \/ Recv 104 | 105 | Spec == Init /\ [][Next]_vars 106 | 107 | \* END TRANSLATION 108 | 109 | 110 | ==================================================================== 111 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/AI_Model_1/MC.cfg: -------------------------------------------------------------------------------- 1 | \* INIT definition 2 | INIT 3 | init_1428261670838121000 4 | \* NEXT definition 5 | NEXT 6 | next_1428261670848122000 7 | \* Generated on Sun Apr 05 15:21:10 EDT 2015 -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/AI_Model_1/MC.out: -------------------------------------------------------------------------------- 1 | @!@!@STARTMSG 2262:0 @!@!@ 2 | TLC2 Version 2.05 of 23 July 2013 3 | @!@!@ENDMSG 2262 @!@!@ 4 | @!@!@STARTMSG 2187:0 @!@!@ 5 | Running in Model-Checking mode. 6 | @!@!@ENDMSG 2187 @!@!@ 7 | @!@!@STARTMSG 2220:0 @!@!@ 8 | Starting SANY... 9 | @!@!@ENDMSG 2220 @!@!@ 10 | Parsing file MC.tla 11 | Parsing file AsyncInterface.tla 12 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/TLC.tla 13 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Naturals.tla 14 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Sequences.tla 15 | Semantic processing of module Naturals 16 | Semantic processing of module Sequences 17 | Semantic processing of module TLC 18 | Semantic processing of module AsyncInterface 19 | Semantic processing of module MC 20 | @!@!@STARTMSG 2219:0 @!@!@ 21 | SANY finished. 22 | @!@!@ENDMSG 2219 @!@!@ 23 | @!@!@STARTMSG 2185:0 @!@!@ 24 | Starting... (2015-04-05 15:21:11) 25 | @!@!@ENDMSG 2185 @!@!@ 26 | @!@!@STARTMSG 2189:0 @!@!@ 27 | Computing initial states... 28 | @!@!@ENDMSG 2189 @!@!@ 29 | @!@!@STARTMSG 2190:0 @!@!@ 30 | Finished computing initial states: 0 distinct states generated. 31 | @!@!@ENDMSG 2190 @!@!@ 32 | @!@!@STARTMSG 2193:0 @!@!@ 33 | Model checking completed. No error has been found. 34 | Estimates of the probability that TLC did not check all reachable states 35 | because two distinct states had the same fingerprint: 36 | calculated (optimistic): val = 0.0 37 | based on the actual fingerprints: val = 1.1E-19 38 | @!@!@ENDMSG 2193 @!@!@ 39 | @!@!@STARTMSG 2200:0 @!@!@ 40 | Progress(0) at 2015-04-05 15:21:11: 0 states generated (0 s/min), 0 distinct states found (0 ds/min), 0 states left on queue. 41 | @!@!@ENDMSG 2200 @!@!@ 42 | @!@!@STARTMSG 2199:0 @!@!@ 43 | 0 states generated, 0 distinct states found, 0 states left on queue. 44 | @!@!@ENDMSG 2199 @!@!@ 45 | @!@!@STARTMSG 2194:0 @!@!@ 46 | The depth of the complete state graph search is 0. 47 | @!@!@ENDMSG 2194 @!@!@ 48 | @!@!@STARTMSG 2186:0 @!@!@ 49 | Finished. (2015-04-05 15:21:11) 50 | @!@!@ENDMSG 2186 @!@!@ 51 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/AI_Model_1/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS AsyncInterface, TLC 3 | 4 | \* INIT definition @modelBehaviorNoSpec:0 5 | init_1428261670838121000 == 6 | FALSE/\val = 0 7 | ---- 8 | \* NEXT definition @modelBehaviorNoSpec:0 9 | next_1428261670848122000 == 10 | FALSE/\val' = val 11 | ---- 12 | ============================================================================= 13 | \* Modification History 14 | \* Created Sun Apr 05 15:21:10 EDT 2015 by midpeter444 15 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/AI_Model_1/MC_TE.out: -------------------------------------------------------------------------------- 1 | @!@!@STARTMSG 2262:0 @!@!@ 2 | TLC2 Version 2.05 of 23 July 2013 3 | @!@!@ENDMSG 2262 @!@!@ 4 | @!@!@STARTMSG 2187:0 @!@!@ 5 | Running in Model-Checking mode. 6 | @!@!@ENDMSG 2187 @!@!@ 7 | @!@!@STARTMSG 2220:0 @!@!@ 8 | Starting SANY... 9 | @!@!@ENDMSG 2220 @!@!@ 10 | Parsing file MC.tla 11 | Parsing file AsyncInterface.tla 12 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/TLC.tla 13 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Naturals.tla 14 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Sequences.tla 15 | Semantic processing of module Naturals 16 | Semantic processing of module Sequences 17 | Semantic processing of module TLC 18 | Semantic processing of module AsyncInterface 19 | Semantic processing of module MC 20 | @!@!@STARTMSG 2219:0 @!@!@ 21 | SANY finished. 22 | @!@!@ENDMSG 2219 @!@!@ 23 | @!@!@STARTMSG 2185:0 @!@!@ 24 | Starting... (2015-04-05 15:21:11) 25 | @!@!@ENDMSG 2185 @!@!@ 26 | @!@!@STARTMSG 2189:0 @!@!@ 27 | Computing initial states... 28 | @!@!@ENDMSG 2189 @!@!@ 29 | @!@!@STARTMSG 2190:0 @!@!@ 30 | Finished computing initial states: 0 distinct states generated. 31 | @!@!@ENDMSG 2190 @!@!@ 32 | @!@!@STARTMSG 2193:0 @!@!@ 33 | Model checking completed. No error has been found. 34 | Estimates of the probability that TLC did not check all reachable states 35 | because two distinct states had the same fingerprint: 36 | calculated (optimistic): val = 0.0 37 | based on the actual fingerprints: val = 1.1E-19 38 | @!@!@ENDMSG 2193 @!@!@ 39 | @!@!@STARTMSG 2200:0 @!@!@ 40 | Progress(0) at 2015-04-05 15:21:11: 0 states generated (0 s/min), 0 distinct states found (0 ds/min), 0 states left on queue. 41 | @!@!@ENDMSG 2200 @!@!@ 42 | @!@!@STARTMSG 2199:0 @!@!@ 43 | 0 states generated, 0 distinct states found, 0 states left on queue. 44 | @!@!@ENDMSG 2199 @!@!@ 45 | @!@!@STARTMSG 2194:0 @!@!@ 46 | The depth of the complete state graph search is 0. 47 | @!@!@ENDMSG 2194 @!@!@ 48 | @!@!@STARTMSG 2186:0 @!@!@ 49 | Finished. (2015-04-05 15:21:11) 50 | @!@!@ENDMSG 2186 @!@!@ 51 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/AI_Model_2/AsyncInterface.tla: -------------------------------------------------------------------------------- 1 | ---------------------- MODULE AsyncInterface ----------------------- 2 | EXTENDS Naturals, TLC 3 | \*CONSTANT Data \* TODO: how specify Data as a range in the Model Checker? 4 | 5 | \* Based on the AsynchInterface TLA+ example in Ch. 3 of "Specifying Systems" 6 | 7 | (* 8 | --algorithm AsyncInterface { 9 | variables 10 | val \in 0..100, \* TODO: change 0..100 to Data 11 | rdy \in 0..1, 12 | ack \in 0..1; 13 | 14 | process (Send = "send") 15 | variable oldrdy; 16 | { 17 | s00: while (TRUE) { 18 | s01: await rdy = ack; 19 | s02: val := 44; \* TODO: how choose a random val? 20 | oldrdy := rdy; 21 | rdy := 1 - rdy; 22 | 23 | print <>; 24 | assert (val \in 0..100); 25 | assert (rdy \in 0..1); 26 | assert (ack \in 0..1); 27 | assert (rdy # oldrdy); 28 | assert (rdy # ack); 29 | } 30 | }; \* end process Send 31 | 32 | 33 | process (Recv = "recv") 34 | variable oldack; 35 | { 36 | r00: while (TRUE) { 37 | r01: await rdy # ack; 38 | r02: oldack := ack; 39 | ack := 1 - ack; 40 | 41 | print <>; 42 | \* TypeInvariants 43 | assert (val \in 0..100); 44 | assert (rdy \in 0..1); 45 | assert (ack \in 0..1); 46 | assert (ack # oldack); 47 | assert (rdy = ack); 48 | } 49 | }; \* end process Recv 50 | 51 | } \* end algorithm 52 | *) 53 | \* BEGIN TRANSLATION 54 | CONSTANT defaultInitValue 55 | VARIABLES val, rdy, ack, pc, oldrdy, oldack 56 | 57 | vars == << val, rdy, ack, pc, oldrdy, oldack >> 58 | 59 | ProcSet == {"send"} \cup {"recv"} 60 | 61 | Init == (* Global variables *) 62 | /\ val \in 0..100 63 | /\ rdy \in 0..1 64 | /\ ack \in 0..1 65 | (* Process Send *) 66 | /\ oldrdy = defaultInitValue 67 | (* Process Recv *) 68 | /\ oldack = defaultInitValue 69 | /\ pc = [self \in ProcSet |-> CASE self = "send" -> "s00" 70 | [] self = "recv" -> "r00"] 71 | 72 | s00 == /\ pc["send"] = "s00" 73 | /\ pc' = [pc EXCEPT !["send"] = "s01"] 74 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 75 | 76 | s01 == /\ pc["send"] = "s01" 77 | /\ rdy = ack 78 | /\ pc' = [pc EXCEPT !["send"] = "s02"] 79 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 80 | 81 | s02 == /\ pc["send"] = "s02" 82 | /\ val' = 44 83 | /\ oldrdy' = rdy 84 | /\ rdy' = 1 - rdy 85 | /\ PrintT(<>) 86 | /\ Assert((val' \in 0..100), 87 | "Failure of assertion at line 24, column 15.") 88 | /\ Assert((rdy' \in 0..1), 89 | "Failure of assertion at line 25, column 15.") 90 | /\ Assert((ack \in 0..1), 91 | "Failure of assertion at line 26, column 15.") 92 | /\ Assert((rdy' # oldrdy'), 93 | "Failure of assertion at line 27, column 15.") 94 | /\ Assert((rdy' # ack), "Failure of assertion at line 28, column 15.") 95 | /\ pc' = [pc EXCEPT !["send"] = "s00"] 96 | /\ UNCHANGED << ack, oldack >> 97 | 98 | Send == s00 \/ s01 \/ s02 99 | 100 | r00 == /\ pc["recv"] = "r00" 101 | /\ pc' = [pc EXCEPT !["recv"] = "r01"] 102 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 103 | 104 | r01 == /\ pc["recv"] = "r01" 105 | /\ rdy # ack 106 | /\ pc' = [pc EXCEPT !["recv"] = "r02"] 107 | /\ UNCHANGED << val, rdy, ack, oldrdy, oldack >> 108 | 109 | r02 == /\ pc["recv"] = "r02" 110 | /\ oldack' = ack 111 | /\ ack' = 1 - ack 112 | /\ PrintT(<>) 113 | /\ Assert((val \in 0..100), 114 | "Failure of assertion at line 43, column 15.") 115 | /\ Assert((rdy \in 0..1), 116 | "Failure of assertion at line 44, column 15.") 117 | /\ Assert((ack' \in 0..1), 118 | "Failure of assertion at line 45, column 15.") 119 | /\ Assert((ack' # oldack'), 120 | "Failure of assertion at line 46, column 15.") 121 | /\ Assert((rdy = ack'), "Failure of assertion at line 47, column 15.") 122 | /\ pc' = [pc EXCEPT !["recv"] = "r00"] 123 | /\ UNCHANGED << val, rdy, oldrdy >> 124 | 125 | Recv == r00 \/ r01 \/ r02 126 | 127 | Next == Send \/ Recv 128 | 129 | Spec == Init /\ [][Next]_vars 130 | 131 | \* END TRANSLATION 132 | 133 | 134 | ==================================================================== 135 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/AI_Model_2/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* SPECIFICATION definition 4 | SPECIFICATION 5 | spec_1428262496994134000 6 | \* Generated on Sun Apr 05 15:34:56 EDT 2015 -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/AI_Model_2/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS AsyncInterface, TLC 3 | 4 | \* SPECIFICATION definition @modelBehaviorSpec:0 5 | spec_1428262496994134000 == 6 | Spec 7 | ---- 8 | ============================================================================= 9 | \* Modification History 10 | \* Created Sun Apr 05 15:34:56 EDT 2015 by midpeter444 11 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/AsyncInterface.tla.pmap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/quux00/PlusCal-Examples/1369a5c0531e20d476c501ca03a79c08ecf7c868/AsyncInterface/AsyncInterface.toolbox/AsyncInterface.tla.pmap -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/AsyncInterface___AI_Model_1.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /AsyncInterface/AsyncInterface.toolbox/AsyncInterface___AI_Model_2.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* Add statements after this line. 4 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.old: -------------------------------------------------------------------------------- 1 | --------------------- MODULE AsyncInterfaceChan --------------------- 2 | EXTENDS Naturals, TLC 3 | \*CONSTANT Data \* TODO: how specify Data as a range in the Model Checker? 4 | 5 | \* Based on the AsynchInterface TLA+ example in Ch. 3 of "Specifying Systems" 6 | 7 | (* 8 | --algorithm AsyncInterfaceChan { 9 | variables 10 | chan \in [val : 0..100, 11 | rdy : 0..1, 12 | ack : 0..1]; 13 | 14 | process (Send = "send") 15 | variable oldrdy; 16 | { 17 | s00: while (TRUE) { 18 | s01: await chan.rdy = chan.ack; 19 | s02: oldrdy := chan.rdy; 20 | chan.rdy := 1 - chan.rdy; 21 | \* We don't assign chan.val here -> we let TLC pick all 22 | \* possible vals between 0 and 100 23 | 24 | print <>; 25 | assert (chan.val \in 0..100); 26 | assert (chan.rdy \in 0..1); 27 | assert (chan.ack \in 0..1); 28 | assert (chan.rdy # oldrdy); 29 | assert (chan.rdy # chan.ack); 30 | } 31 | }; \* end process Send 32 | 33 | 34 | process (Recv = "recv") 35 | variable oldack; 36 | { 37 | r00: while (TRUE) { 38 | r01: await chan.rdy # chan.ack; 39 | r02: oldack := chan.ack; 40 | chan.ack := 1 - chan.ack; 41 | 42 | print <>; 43 | \* TypeInvariants 44 | assert (chan.val \in 0..100); 45 | assert (chan.rdy \in 0..1); 46 | assert (chan.ack \in 0..1); 47 | assert (chan.ack # oldack); 48 | assert (chan.rdy = chan.ack); 49 | } 50 | }; \* end process Recv 51 | 52 | } \* end algorithm 53 | *) 54 | \* BEGIN TRANSLATION 55 | CONSTANT defaultInitValue 56 | VARIABLES chan, pc, oldrdy, oldack 57 | 58 | vars == << chan, pc, oldrdy, oldack >> 59 | 60 | ProcSet == {"send"} \cup {"recv"} 61 | 62 | Init == (* Global variables *) 63 | /\ chan \in [val : 0..100, 64 | rdy : 0..1, 65 | ack : 0..1] 66 | (* Process Send *) 67 | /\ oldrdy = defaultInitValue 68 | (* Process Recv *) 69 | /\ oldack = defaultInitValue 70 | /\ pc = [self \in ProcSet |-> CASE self = "send" -> "s00" 71 | [] self = "recv" -> "r00"] 72 | 73 | s00 == /\ pc["send"] = "s00" 74 | /\ pc' = [pc EXCEPT !["send"] = "s01"] 75 | /\ UNCHANGED << chan, oldrdy, oldack >> 76 | 77 | s01 == /\ pc["send"] = "s01" 78 | /\ chan.rdy = chan.ack 79 | /\ pc' = [pc EXCEPT !["send"] = "s02"] 80 | /\ UNCHANGED << chan, oldrdy, oldack >> 81 | 82 | s02 == /\ pc["send"] = "s02" 83 | /\ oldrdy' = chan.rdy 84 | /\ chan' = [chan EXCEPT !.rdy = 1 - chan.rdy] 85 | /\ PrintT(<>) 86 | /\ Assert((chan'.val \in 0..100), 87 | "Failure of assertion at line 23, column 15.") 88 | /\ Assert((chan'.rdy \in 0..1), 89 | "Failure of assertion at line 24, column 15.") 90 | /\ Assert((chan'.ack \in 0..1), 91 | "Failure of assertion at line 25, column 15.") 92 | /\ Assert((chan'.rdy # oldrdy'), 93 | "Failure of assertion at line 26, column 15.") 94 | /\ Assert((chan'.rdy # chan'.ack), 95 | "Failure of assertion at line 27, column 15.") 96 | /\ pc' = [pc EXCEPT !["send"] = "s00"] 97 | /\ UNCHANGED oldack 98 | 99 | Send == s00 \/ s01 \/ s02 100 | 101 | r00 == /\ pc["recv"] = "r00" 102 | /\ pc' = [pc EXCEPT !["recv"] = "r01"] 103 | /\ UNCHANGED << chan, oldrdy, oldack >> 104 | 105 | r01 == /\ pc["recv"] = "r01" 106 | /\ chan.rdy # chan.ack 107 | /\ pc' = [pc EXCEPT !["recv"] = "r02"] 108 | /\ UNCHANGED << chan, oldrdy, oldack >> 109 | 110 | r02 == /\ pc["recv"] = "r02" 111 | /\ oldack' = chan.ack 112 | /\ chan' = [chan EXCEPT !.ack = 1 - chan.ack] 113 | /\ PrintT(<>) 114 | /\ Assert((chan'.val \in 0..100), 115 | "Failure of assertion at line 42, column 15.") 116 | /\ Assert((chan'.rdy \in 0..1), 117 | "Failure of assertion at line 43, column 15.") 118 | /\ Assert((chan'.ack \in 0..1), 119 | "Failure of assertion at line 44, column 15.") 120 | /\ Assert((chan'.ack # oldack'), 121 | "Failure of assertion at line 45, column 15.") 122 | /\ Assert((chan'.rdy = chan'.ack), 123 | "Failure of assertion at line 46, column 15.") 124 | /\ pc' = [pc EXCEPT !["recv"] = "r00"] 125 | /\ UNCHANGED oldrdy 126 | 127 | Recv == r00 \/ r01 \/ r02 128 | 129 | Next == Send \/ Recv 130 | 131 | Spec == Init /\ [][Next]_vars 132 | 133 | \* END TRANSLATION 134 | ==================================================================== 135 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.tla: -------------------------------------------------------------------------------- 1 | --------------------- MODULE AsyncInterfaceChan --------------------- 2 | EXTENDS Naturals, TLC 3 | \*CONSTANT Data \* TODO: how specify Data as a range in the Model Checker? 4 | 5 | \* Based on the AsynchInterface TLA+ example in Ch. 3 of "Specifying Systems" 6 | 7 | (* 8 | --algorithm AsyncInterfaceChan { 9 | variables 10 | chan \in [val : 0..100, 11 | rdy : 0..1, 12 | ack : 0..1]; 13 | 14 | process (Send = "send") 15 | variable oldrdy; 16 | { 17 | s00: while (TRUE) { 18 | s01: await chan.rdy = chan.ack; 19 | s02: oldrdy := chan.rdy; 20 | chan.rdy := 1 - chan.rdy; 21 | \* We don't assign chan.val here -> we let TLC pick all 22 | \* possible vals between 0 and 100 23 | 24 | print <>; 25 | assert (chan.val \in 0..100); 26 | assert (chan.rdy \in 0..1); 27 | assert (chan.ack \in 0..1); 28 | assert (chan.rdy # oldrdy); 29 | assert (chan.rdy # chan.ack); 30 | } 31 | }; \* end process Send 32 | 33 | 34 | process (Recv = "recv") 35 | variable oldack; 36 | { 37 | r00: while (TRUE) { 38 | r01: await chan.rdy # chan.ack; 39 | r02: oldack := chan.ack; 40 | chan.ack := 1 - chan.ack; 41 | 42 | print <>; 43 | \* TypeInvariants 44 | assert (chan.val \in 0..100); 45 | assert (chan.rdy \in 0..1); 46 | assert (chan.ack \in 0..1); 47 | assert (chan.ack # oldack); 48 | assert (chan.rdy = chan.ack); 49 | } 50 | }; \* end process Recv 51 | 52 | } \* end algorithm 53 | *) 54 | \* BEGIN TRANSLATION 55 | CONSTANT defaultInitValue 56 | VARIABLES chan, pc, oldrdy, oldack 57 | 58 | vars == << chan, pc, oldrdy, oldack >> 59 | 60 | ProcSet == {"send"} \cup {"recv"} 61 | 62 | Init == (* Global variables *) 63 | /\ chan \in [val : 0..100, 64 | rdy : 0..1, 65 | ack : 0..1] 66 | (* Process Send *) 67 | /\ oldrdy = defaultInitValue 68 | (* Process Recv *) 69 | /\ oldack = defaultInitValue 70 | /\ pc = [self \in ProcSet |-> CASE self = "send" -> "s00" 71 | [] self = "recv" -> "r00"] 72 | 73 | s00 == /\ pc["send"] = "s00" 74 | /\ pc' = [pc EXCEPT !["send"] = "s01"] 75 | /\ UNCHANGED << chan, oldrdy, oldack >> 76 | 77 | s01 == /\ pc["send"] = "s01" 78 | /\ chan.rdy = chan.ack 79 | /\ pc' = [pc EXCEPT !["send"] = "s02"] 80 | /\ UNCHANGED << chan, oldrdy, oldack >> 81 | 82 | s02 == /\ pc["send"] = "s02" 83 | /\ oldrdy' = chan.rdy 84 | /\ chan' = [chan EXCEPT !.rdy = 1 - chan.rdy] 85 | /\ PrintT(<>) 86 | /\ Assert((chan'.val \in 0..100), 87 | "Failure of assertion at line 25, column 15.") 88 | /\ Assert((chan'.rdy \in 0..1), 89 | "Failure of assertion at line 26, column 15.") 90 | /\ Assert((chan'.ack \in 0..1), 91 | "Failure of assertion at line 27, column 15.") 92 | /\ Assert((chan'.rdy # oldrdy'), 93 | "Failure of assertion at line 28, column 15.") 94 | /\ Assert((chan'.rdy # chan'.ack), 95 | "Failure of assertion at line 29, column 15.") 96 | /\ pc' = [pc EXCEPT !["send"] = "s00"] 97 | /\ UNCHANGED oldack 98 | 99 | Send == s00 \/ s01 \/ s02 100 | 101 | r00 == /\ pc["recv"] = "r00" 102 | /\ pc' = [pc EXCEPT !["recv"] = "r01"] 103 | /\ UNCHANGED << chan, oldrdy, oldack >> 104 | 105 | r01 == /\ pc["recv"] = "r01" 106 | /\ chan.rdy # chan.ack 107 | /\ pc' = [pc EXCEPT !["recv"] = "r02"] 108 | /\ UNCHANGED << chan, oldrdy, oldack >> 109 | 110 | r02 == /\ pc["recv"] = "r02" 111 | /\ oldack' = chan.ack 112 | /\ chan' = [chan EXCEPT !.ack = 1 - chan.ack] 113 | /\ PrintT(<>) 114 | /\ Assert((chan'.val \in 0..100), 115 | "Failure of assertion at line 44, column 15.") 116 | /\ Assert((chan'.rdy \in 0..1), 117 | "Failure of assertion at line 45, column 15.") 118 | /\ Assert((chan'.ack \in 0..1), 119 | "Failure of assertion at line 46, column 15.") 120 | /\ Assert((chan'.ack # oldack'), 121 | "Failure of assertion at line 47, column 15.") 122 | /\ Assert((chan'.rdy = chan'.ack), 123 | "Failure of assertion at line 48, column 15.") 124 | /\ pc' = [pc EXCEPT !["recv"] = "r00"] 125 | /\ UNCHANGED oldrdy 126 | 127 | Recv == r00 \/ r01 \/ r02 128 | 129 | Next == Send \/ Recv 130 | 131 | Spec == Init /\ [][Next]_vars 132 | 133 | \* END TRANSLATION 134 | ==================================================================== 135 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | AsyncInterfaceChan 4 | 5 | 6 | 7 | 8 | 9 | toolbox.builder.TLAParserBuilder 10 | 11 | 12 | 13 | 14 | toolbox.builder.PCalAlgorithmSearchingBuilder 15 | 16 | 17 | 18 | 19 | 20 | toolbox.natures.TLANature 21 | 22 | 23 | 24 | AsyncInterfaceChan.tla 25 | 1 26 | /home/midpeter444/lang/tlaplus/pluscal/AsyncInterfaceChan/AsyncInterfaceChan.tla 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/.settings/org.lamport.tla.toolbox.prefs: -------------------------------------------------------------------------------- 1 | #Sun Apr 05 19:35:52 EDT 2015 2 | ProjectRootFile=/home/midpeter444/lang/tlaplus/pluscal/AsyncInterfaceChan/AsyncInterfaceChan.tla 3 | ProjectToolboxDirSize=4 4 | eclipse.preferences.version=1 5 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AIChan_Model_1/AsyncInterfaceChan.tla: -------------------------------------------------------------------------------- 1 | --------------------- MODULE AsyncInterfaceChan --------------------- 2 | EXTENDS Naturals, TLC 3 | \*CONSTANT Data \* TODO: how specify Data as a range in the Model Checker? 4 | 5 | \* Based on the AsynchInterface TLA+ example in Ch. 3 of "Specifying Systems" 6 | 7 | (* 8 | --algorithm AsyncInterfaceChan { 9 | variables 10 | \* chan = [val |-> 0..100, rdy |-> 0..1, ack |-> 0..1]; 11 | \* chan := [val \in 0..100, rdy \in 0..1, ack \in 0..1]; 12 | 13 | chan \in [val : Nat, 14 | rdy : Nat, 15 | ack : Nat]; 16 | 17 | process (Send = "send") 18 | variable oldrdy; 19 | { 20 | s00: while (TRUE) { 21 | s01: await chan.rdy = chan.ack; 22 | s02: chan.rdy := 1 - chan.rdy || chan.val := 44; \* TODO: how choose a random val? 23 | oldrdy := chan.rdy; 24 | 25 | print <>; 26 | assert (chan.val \in 0..100); 27 | assert (chan.rdy \in 0..1); 28 | assert (chan.ack \in 0..1); 29 | assert (chan.rdy # oldrdy); 30 | assert (chan.rdy # chan.ack); 31 | } 32 | }; \* end process Send 33 | 34 | 35 | process (Recv = "recv") 36 | variable oldack; 37 | { 38 | r00: while (TRUE) { 39 | r01: await chan.rdy # chan.ack; 40 | r02: oldack := chan.ack; 41 | chan.ack := 1 - chan.ack; 42 | 43 | print <>; 44 | \* TypeInvariants 45 | assert (chan.val \in 0..100); 46 | assert (chan.rdy \in 0..1); 47 | assert (chan.ack \in 0..1); 48 | assert (chan.ack # oldack); 49 | assert (chan.rdy = chan.ack); 50 | } 51 | }; \* end process Recv 52 | 53 | } \* end algorithm 54 | *) 55 | \* BEGIN TRANSLATION 56 | CONSTANT defaultInitValue 57 | VARIABLES chan, pc, oldrdy, oldack 58 | 59 | vars == << chan, pc, oldrdy, oldack >> 60 | 61 | ProcSet == {"send"} \cup {"recv"} 62 | 63 | Init == (* Global variables *) 64 | /\ chan \in [val : Nat, 65 | rdy : Nat, 66 | ack : Nat] 67 | (* Process Send *) 68 | /\ oldrdy = defaultInitValue 69 | (* Process Recv *) 70 | /\ oldack = defaultInitValue 71 | /\ pc = [self \in ProcSet |-> CASE self = "send" -> "s00" 72 | [] self = "recv" -> "r00"] 73 | 74 | s00 == /\ pc["send"] = "s00" 75 | /\ pc' = [pc EXCEPT !["send"] = "s01"] 76 | /\ UNCHANGED << chan, oldrdy, oldack >> 77 | 78 | s01 == /\ pc["send"] = "s01" 79 | /\ chan.rdy = chan.ack 80 | /\ pc' = [pc EXCEPT !["send"] = "s02"] 81 | /\ UNCHANGED << chan, oldrdy, oldack >> 82 | 83 | s02 == /\ pc["send"] = "s02" 84 | /\ chan' = [chan EXCEPT !.rdy = 1 - chan.rdy, 85 | !.val = 44] 86 | /\ oldrdy' = chan'.rdy 87 | /\ PrintT(<>) 88 | /\ Assert((chan'.val \in 0..100), 89 | "Failure of assertion at line 26, column 15.") 90 | /\ Assert((chan'.rdy \in 0..1), 91 | "Failure of assertion at line 27, column 15.") 92 | /\ Assert((chan'.ack \in 0..1), 93 | "Failure of assertion at line 28, column 15.") 94 | /\ Assert((chan'.rdy # oldrdy'), 95 | "Failure of assertion at line 29, column 15.") 96 | /\ Assert((chan'.rdy # chan'.ack), 97 | "Failure of assertion at line 30, column 15.") 98 | /\ pc' = [pc EXCEPT !["send"] = "s00"] 99 | /\ UNCHANGED oldack 100 | 101 | Send == s00 \/ s01 \/ s02 102 | 103 | r00 == /\ pc["recv"] = "r00" 104 | /\ pc' = [pc EXCEPT !["recv"] = "r01"] 105 | /\ UNCHANGED << chan, oldrdy, oldack >> 106 | 107 | r01 == /\ pc["recv"] = "r01" 108 | /\ chan.rdy # chan.ack 109 | /\ pc' = [pc EXCEPT !["recv"] = "r02"] 110 | /\ UNCHANGED << chan, oldrdy, oldack >> 111 | 112 | r02 == /\ pc["recv"] = "r02" 113 | /\ oldack' = chan.ack 114 | /\ chan' = [chan EXCEPT !.ack = 1 - chan.ack] 115 | /\ PrintT(<>) 116 | /\ Assert((chan'.val \in 0..100), 117 | "Failure of assertion at line 45, column 15.") 118 | /\ Assert((chan'.rdy \in 0..1), 119 | "Failure of assertion at line 46, column 15.") 120 | /\ Assert((chan'.ack \in 0..1), 121 | "Failure of assertion at line 47, column 15.") 122 | /\ Assert((chan'.ack # oldack'), 123 | "Failure of assertion at line 48, column 15.") 124 | /\ Assert((chan'.rdy = chan'.ack), 125 | "Failure of assertion at line 49, column 15.") 126 | /\ pc' = [pc EXCEPT !["recv"] = "r00"] 127 | /\ UNCHANGED oldrdy 128 | 129 | Recv == r00 \/ r01 \/ r02 130 | 131 | Next == Send \/ Recv 132 | 133 | Spec == Init /\ [][Next]_vars 134 | 135 | \* END TRANSLATION 136 | ==================================================================== 137 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AIChan_Model_1/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* INIT definition 4 | INIT 5 | init_1428281497447138000 6 | \* NEXT definition 7 | NEXT 8 | next_1428281497457139000 9 | \* Generated on Sun Apr 05 20:51:37 EDT 2015 -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AIChan_Model_1/MC.out: -------------------------------------------------------------------------------- 1 | @!@!@STARTMSG 2262:0 @!@!@ 2 | TLC2 Version 2.05 of 23 July 2013 3 | @!@!@ENDMSG 2262 @!@!@ 4 | @!@!@STARTMSG 2187:0 @!@!@ 5 | Running in Model-Checking mode. 6 | @!@!@ENDMSG 2187 @!@!@ 7 | @!@!@STARTMSG 2220:0 @!@!@ 8 | Starting SANY... 9 | @!@!@ENDMSG 2220 @!@!@ 10 | Parsing file MC.tla 11 | Parsing file AsyncInterfaceChan.tla 12 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/TLC.tla 13 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Naturals.tla 14 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Sequences.tla 15 | Semantic processing of module Naturals 16 | Semantic processing of module Sequences 17 | Semantic processing of module TLC 18 | Semantic processing of module AsyncInterfaceChan 19 | Semantic processing of module MC 20 | @!@!@STARTMSG 2219:0 @!@!@ 21 | SANY finished. 22 | @!@!@ENDMSG 2219 @!@!@ 23 | @!@!@STARTMSG 2185:0 @!@!@ 24 | Starting... (2015-04-05 20:51:37) 25 | @!@!@ENDMSG 2185 @!@!@ 26 | @!@!@STARTMSG 2189:0 @!@!@ 27 | Computing initial states... 28 | @!@!@ENDMSG 2189 @!@!@ 29 | @!@!@STARTMSG 2190:0 @!@!@ 30 | Finished computing initial states: 0 distinct states generated. 31 | @!@!@ENDMSG 2190 @!@!@ 32 | @!@!@STARTMSG 2193:0 @!@!@ 33 | Model checking completed. No error has been found. 34 | Estimates of the probability that TLC did not check all reachable states 35 | because two distinct states had the same fingerprint: 36 | calculated (optimistic): val = 0.0 37 | based on the actual fingerprints: val = 1.1E-19 38 | @!@!@ENDMSG 2193 @!@!@ 39 | @!@!@STARTMSG 2200:0 @!@!@ 40 | Progress(0) at 2015-04-05 20:51:37: 0 states generated (0 s/min), 0 distinct states found (0 ds/min), 0 states left on queue. 41 | @!@!@ENDMSG 2200 @!@!@ 42 | @!@!@STARTMSG 2199:0 @!@!@ 43 | 0 states generated, 0 distinct states found, 0 states left on queue. 44 | @!@!@ENDMSG 2199 @!@!@ 45 | @!@!@STARTMSG 2194:0 @!@!@ 46 | The depth of the complete state graph search is 0. 47 | @!@!@ENDMSG 2194 @!@!@ 48 | @!@!@STARTMSG 2186:0 @!@!@ 49 | Finished. (2015-04-05 20:51:37) 50 | @!@!@ENDMSG 2186 @!@!@ 51 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AIChan_Model_1/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS AsyncInterfaceChan, TLC 3 | 4 | \* INIT definition @modelBehaviorNoSpec:0 5 | init_1428281497447138000 == 6 | FALSE/\oldack = 0 7 | ---- 8 | \* NEXT definition @modelBehaviorNoSpec:0 9 | next_1428281497457139000 == 10 | FALSE/\oldack' = oldack 11 | ---- 12 | ============================================================================= 13 | \* Modification History 14 | \* Created Sun Apr 05 20:51:37 EDT 2015 by midpeter444 15 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AIChan_Model_1/MC_TE.out: -------------------------------------------------------------------------------- 1 | @!@!@STARTMSG 2262:0 @!@!@ 2 | TLC2 Version 2.05 of 23 July 2013 3 | @!@!@ENDMSG 2262 @!@!@ 4 | @!@!@STARTMSG 2187:0 @!@!@ 5 | Running in Model-Checking mode. 6 | @!@!@ENDMSG 2187 @!@!@ 7 | @!@!@STARTMSG 2220:0 @!@!@ 8 | Starting SANY... 9 | @!@!@ENDMSG 2220 @!@!@ 10 | Parsing file MC.tla 11 | Parsing file AsyncInterfaceChan.tla 12 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/TLC.tla 13 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Naturals.tla 14 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Sequences.tla 15 | Semantic processing of module Naturals 16 | Semantic processing of module Sequences 17 | Semantic processing of module TLC 18 | Semantic processing of module AsyncInterfaceChan 19 | Semantic processing of module MC 20 | @!@!@STARTMSG 2219:0 @!@!@ 21 | SANY finished. 22 | @!@!@ENDMSG 2219 @!@!@ 23 | @!@!@STARTMSG 2185:0 @!@!@ 24 | Starting... (2015-04-05 20:51:37) 25 | @!@!@ENDMSG 2185 @!@!@ 26 | @!@!@STARTMSG 2189:0 @!@!@ 27 | Computing initial states... 28 | @!@!@ENDMSG 2189 @!@!@ 29 | @!@!@STARTMSG 2190:0 @!@!@ 30 | Finished computing initial states: 0 distinct states generated. 31 | @!@!@ENDMSG 2190 @!@!@ 32 | @!@!@STARTMSG 2193:0 @!@!@ 33 | Model checking completed. No error has been found. 34 | Estimates of the probability that TLC did not check all reachable states 35 | because two distinct states had the same fingerprint: 36 | calculated (optimistic): val = 0.0 37 | based on the actual fingerprints: val = 1.1E-19 38 | @!@!@ENDMSG 2193 @!@!@ 39 | @!@!@STARTMSG 2200:0 @!@!@ 40 | Progress(0) at 2015-04-05 20:51:37: 0 states generated (0 s/min), 0 distinct states found (0 ds/min), 0 states left on queue. 41 | @!@!@ENDMSG 2200 @!@!@ 42 | @!@!@STARTMSG 2199:0 @!@!@ 43 | 0 states generated, 0 distinct states found, 0 states left on queue. 44 | @!@!@ENDMSG 2199 @!@!@ 45 | @!@!@STARTMSG 2194:0 @!@!@ 46 | The depth of the complete state graph search is 0. 47 | @!@!@ENDMSG 2194 @!@!@ 48 | @!@!@STARTMSG 2186:0 @!@!@ 49 | Finished. (2015-04-05 20:51:37) 50 | @!@!@ENDMSG 2186 @!@!@ 51 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AIChan_Model_2/AsyncInterfaceChan.tla: -------------------------------------------------------------------------------- 1 | --------------------- MODULE AsyncInterfaceChan --------------------- 2 | EXTENDS Naturals, TLC 3 | \*CONSTANT Data \* TODO: how specify Data as a range in the Model Checker? 4 | 5 | \* Based on the AsynchInterface TLA+ example in Ch. 3 of "Specifying Systems" 6 | 7 | (* 8 | --algorithm AsyncInterfaceChan { 9 | variables 10 | chan \in [val : 0..100, 11 | rdy : 0..1, 12 | ack : 0..1]; 13 | 14 | process (Send = "send") 15 | variable oldrdy; 16 | { 17 | s00: while (TRUE) { 18 | s01: await chan.rdy = chan.ack; 19 | s02: oldrdy := chan.rdy; 20 | chan.rdy := 1 - chan.rdy; 21 | \* We don't assign chan.val here -> we let TLC pick all 22 | \* possible vals between 0 and 100 23 | 24 | print <>; 25 | assert (chan.val \in 0..100); 26 | assert (chan.rdy \in 0..1); 27 | assert (chan.ack \in 0..1); 28 | assert (chan.rdy # oldrdy); 29 | assert (chan.rdy # chan.ack); 30 | } 31 | }; \* end process Send 32 | 33 | 34 | process (Recv = "recv") 35 | variable oldack; 36 | { 37 | r00: while (TRUE) { 38 | r01: await chan.rdy # chan.ack; 39 | r02: oldack := chan.ack; 40 | chan.ack := 1 - chan.ack; 41 | 42 | print <>; 43 | \* TypeInvariants 44 | assert (chan.val \in 0..100); 45 | assert (chan.rdy \in 0..1); 46 | assert (chan.ack \in 0..1); 47 | assert (chan.ack # oldack); 48 | assert (chan.rdy = chan.ack); 49 | } 50 | }; \* end process Recv 51 | 52 | } \* end algorithm 53 | *) 54 | \* BEGIN TRANSLATION 55 | CONSTANT defaultInitValue 56 | VARIABLES chan, pc, oldrdy, oldack 57 | 58 | vars == << chan, pc, oldrdy, oldack >> 59 | 60 | ProcSet == {"send"} \cup {"recv"} 61 | 62 | Init == (* Global variables *) 63 | /\ chan \in [val : 0..100, 64 | rdy : 0..1, 65 | ack : 0..1] 66 | (* Process Send *) 67 | /\ oldrdy = defaultInitValue 68 | (* Process Recv *) 69 | /\ oldack = defaultInitValue 70 | /\ pc = [self \in ProcSet |-> CASE self = "send" -> "s00" 71 | [] self = "recv" -> "r00"] 72 | 73 | s00 == /\ pc["send"] = "s00" 74 | /\ pc' = [pc EXCEPT !["send"] = "s01"] 75 | /\ UNCHANGED << chan, oldrdy, oldack >> 76 | 77 | s01 == /\ pc["send"] = "s01" 78 | /\ chan.rdy = chan.ack 79 | /\ pc' = [pc EXCEPT !["send"] = "s02"] 80 | /\ UNCHANGED << chan, oldrdy, oldack >> 81 | 82 | s02 == /\ pc["send"] = "s02" 83 | /\ oldrdy' = chan.rdy 84 | /\ chan' = [chan EXCEPT !.rdy = 1 - chan.rdy] 85 | /\ PrintT(<>) 86 | /\ Assert((chan'.val \in 0..100), 87 | "Failure of assertion at line 25, column 15.") 88 | /\ Assert((chan'.rdy \in 0..1), 89 | "Failure of assertion at line 26, column 15.") 90 | /\ Assert((chan'.ack \in 0..1), 91 | "Failure of assertion at line 27, column 15.") 92 | /\ Assert((chan'.rdy # oldrdy'), 93 | "Failure of assertion at line 28, column 15.") 94 | /\ Assert((chan'.rdy # chan'.ack), 95 | "Failure of assertion at line 29, column 15.") 96 | /\ pc' = [pc EXCEPT !["send"] = "s00"] 97 | /\ UNCHANGED oldack 98 | 99 | Send == s00 \/ s01 \/ s02 100 | 101 | r00 == /\ pc["recv"] = "r00" 102 | /\ pc' = [pc EXCEPT !["recv"] = "r01"] 103 | /\ UNCHANGED << chan, oldrdy, oldack >> 104 | 105 | r01 == /\ pc["recv"] = "r01" 106 | /\ chan.rdy # chan.ack 107 | /\ pc' = [pc EXCEPT !["recv"] = "r02"] 108 | /\ UNCHANGED << chan, oldrdy, oldack >> 109 | 110 | r02 == /\ pc["recv"] = "r02" 111 | /\ oldack' = chan.ack 112 | /\ chan' = [chan EXCEPT !.ack = 1 - chan.ack] 113 | /\ PrintT(<>) 114 | /\ Assert((chan'.val \in 0..100), 115 | "Failure of assertion at line 44, column 15.") 116 | /\ Assert((chan'.rdy \in 0..1), 117 | "Failure of assertion at line 45, column 15.") 118 | /\ Assert((chan'.ack \in 0..1), 119 | "Failure of assertion at line 46, column 15.") 120 | /\ Assert((chan'.ack # oldack'), 121 | "Failure of assertion at line 47, column 15.") 122 | /\ Assert((chan'.rdy = chan'.ack), 123 | "Failure of assertion at line 48, column 15.") 124 | /\ pc' = [pc EXCEPT !["recv"] = "r00"] 125 | /\ UNCHANGED oldrdy 126 | 127 | Recv == r00 \/ r01 \/ r02 128 | 129 | Next == Send \/ Recv 130 | 131 | Spec == Init /\ [][Next]_vars 132 | 133 | \* END TRANSLATION 134 | ==================================================================== 135 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AIChan_Model_2/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* SPECIFICATION definition 4 | SPECIFICATION 5 | spec_1428283002495145000 6 | \* Generated on Sun Apr 05 21:16:42 EDT 2015 -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AIChan_Model_2/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS AsyncInterfaceChan, TLC 3 | 4 | \* SPECIFICATION definition @modelBehaviorSpec:0 5 | spec_1428283002495145000 == 6 | Spec 7 | ---- 8 | ============================================================================= 9 | \* Modification History 10 | \* Created Sun Apr 05 21:16:42 EDT 2015 by midpeter444 11 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AsyncInterfaceChan.tla.pmap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/quux00/PlusCal-Examples/1369a5c0531e20d476c501ca03a79c08ecf7c868/AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AsyncInterfaceChan.tla.pmap -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AsyncInterfaceChan___AIChan_Model_1.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /AsyncInterfaceChan/AsyncInterfaceChan.toolbox/AsyncInterfaceChan___AIChan_Model_2.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Euclid/Euclid.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | \* Add statements after this line. 3 | -------------------------------------------------------------------------------- /Euclid/Euclid.old: -------------------------------------------------------------------------------- 1 | ------------------------ MODULE Euclid ---------------------------- 2 | EXTENDS Naturals, TLC 3 | CONSTANT N 4 | 5 | (* 6 | --algorithm Euclid { 7 | variables u = 24; 8 | v \in 1 .. N; 9 | v_init = v; 10 | { 11 | while (u # 0) { 12 | if (u < v) { 13 | u := v || v := u; 14 | }; 15 | u := u - v; 16 | }; 17 | print <<24, v_init, "have gcd", v>> 18 | } 19 | } 20 | *) 21 | =================================================================== 22 | -------------------------------------------------------------------------------- /Euclid/Euclid.tla: -------------------------------------------------------------------------------- 1 | ------------------------ MODULE Euclid ---------------------------- 2 | EXTENDS Naturals, TLC 3 | CONSTANT N 4 | 5 | (* 6 | --algorithm Euclid { 7 | variables u = 24; 8 | v \in 1 .. N; 9 | v_init = v; 10 | { 11 | while (u # 0) { 12 | if (u < v) { 13 | u := v || v := u; 14 | }; 15 | u := u - v; 16 | }; 17 | print <<24, v_init, "have gcd", v>> 18 | } 19 | } 20 | *) 21 | \* BEGIN TRANSLATION 22 | VARIABLES u, v, v_init, pc 23 | 24 | vars == << u, v, v_init, pc >> 25 | 26 | Init == (* Global variables *) 27 | /\ u = 24 28 | /\ v \in 1 .. N 29 | /\ v_init = v 30 | /\ pc = "Lbl_1" 31 | 32 | Lbl_1 == /\ pc = "Lbl_1" 33 | /\ IF u # 0 34 | THEN /\ IF u < v 35 | THEN /\ /\ u' = v 36 | /\ v' = u 37 | ELSE /\ TRUE 38 | /\ UNCHANGED << u, v >> 39 | /\ pc' = "Lbl_2" 40 | ELSE /\ PrintT(<<24, v_init, "have gcd", v>>) 41 | /\ pc' = "Done" 42 | /\ UNCHANGED << u, v >> 43 | /\ UNCHANGED v_init 44 | 45 | Lbl_2 == /\ pc = "Lbl_2" 46 | /\ u' = u - v 47 | /\ pc' = "Lbl_1" 48 | /\ UNCHANGED << v, v_init >> 49 | 50 | Next == Lbl_1 \/ Lbl_2 51 | \/ (* Disjunct to prevent deadlock on termination *) 52 | (pc = "Done" /\ UNCHANGED vars) 53 | 54 | Spec == Init /\ [][Next]_vars 55 | 56 | Termination == <>(pc = "Done") 57 | 58 | \* END TRANSLATION 59 | =================================================================== 60 | -------------------------------------------------------------------------------- /Euclid/Euclid.toolbox/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | Euclid 4 | 5 | 6 | 7 | 8 | 9 | toolbox.builder.TLAParserBuilder 10 | 11 | 12 | 13 | 14 | toolbox.builder.PCalAlgorithmSearchingBuilder 15 | 16 | 17 | 18 | 19 | 20 | toolbox.natures.TLANature 21 | 22 | 23 | 24 | Euclid.tla 25 | 1 26 | /home/midpeter444/lang/tlaplus/pluscal/Euclid/Euclid.tla 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /Euclid/Euclid.toolbox/.settings/org.lamport.tla.toolbox.prefs: -------------------------------------------------------------------------------- 1 | #Fri Apr 03 22:11:13 EDT 2015 2 | ProjectRootFile=/home/midpeter444/lang/tlaplus/pluscal/Euclid/Euclid.tla 3 | ProjectToolboxDirSize=4 4 | eclipse.preferences.version=1 5 | -------------------------------------------------------------------------------- /Euclid/Euclid.toolbox/Euclid___Model_1.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /Euclid/Euclid.toolbox/Model_1/Euclid.tla: -------------------------------------------------------------------------------- 1 | ------------------------ MODULE Euclid ---------------------------- 2 | EXTENDS Naturals, TLC 3 | CONSTANT N 4 | 5 | (* 6 | --algorithm Euclid { 7 | variables u = 24; 8 | v \in 1 .. N; 9 | v_init = v; 10 | { 11 | while (u # 0) { 12 | if (u < v) { 13 | u := v || v := u; 14 | }; 15 | u := u - v; 16 | }; 17 | print <<24, v_init, "have gcd", v>> 18 | } 19 | } 20 | *) 21 | \* BEGIN TRANSLATION 22 | VARIABLES u, v, v_init, pc 23 | 24 | vars == << u, v, v_init, pc >> 25 | 26 | Init == (* Global variables *) 27 | /\ u = 24 28 | /\ v \in 1 .. N 29 | /\ v_init = v 30 | /\ pc = "Lbl_1" 31 | 32 | Lbl_1 == /\ pc = "Lbl_1" 33 | /\ IF u # 0 34 | THEN /\ IF u < v 35 | THEN /\ /\ u' = v 36 | /\ v' = u 37 | ELSE /\ TRUE 38 | /\ UNCHANGED << u, v >> 39 | /\ pc' = "Lbl_2" 40 | ELSE /\ PrintT(<<24, v_init, "have gcd", v>>) 41 | /\ pc' = "Done" 42 | /\ UNCHANGED << u, v >> 43 | /\ UNCHANGED v_init 44 | 45 | Lbl_2 == /\ pc = "Lbl_2" 46 | /\ u' = u - v 47 | /\ pc' = "Lbl_1" 48 | /\ UNCHANGED << v, v_init >> 49 | 50 | Next == Lbl_1 \/ Lbl_2 51 | \/ (* Disjunct to prevent deadlock on termination *) 52 | (pc = "Done" /\ UNCHANGED vars) 53 | 54 | Spec == Init /\ [][Next]_vars 55 | 56 | Termination == <>(pc = "Done") 57 | 58 | \* END TRANSLATION 59 | =================================================================== 60 | -------------------------------------------------------------------------------- /Euclid/Euclid.toolbox/Model_1/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT definitions 2 | CONSTANT 3 | N <- const_142811373679112000 4 | \* SPECIFICATION definition 5 | SPECIFICATION 6 | spec_142811373680113000 7 | \* Generated on Fri Apr 03 22:15:36 EDT 2015 -------------------------------------------------------------------------------- /Euclid/Euclid.toolbox/Model_1/MC.out: -------------------------------------------------------------------------------- 1 | @!@!@STARTMSG 2262:0 @!@!@ 2 | TLC2 Version 2.05 of 23 July 2013 3 | @!@!@ENDMSG 2262 @!@!@ 4 | @!@!@STARTMSG 2188:0 @!@!@ 5 | Running Random Simulation with seed -5843496747848296339. 6 | @!@!@ENDMSG 2188 @!@!@ 7 | @!@!@STARTMSG 2220:0 @!@!@ 8 | Starting SANY... 9 | @!@!@ENDMSG 2220 @!@!@ 10 | Parsing file MC.tla 11 | Parsing file Euclid.tla 12 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/TLC.tla 13 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Naturals.tla 14 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Sequences.tla 15 | Semantic processing of module Naturals 16 | Semantic processing of module Sequences 17 | Semantic processing of module TLC 18 | Semantic processing of module Euclid 19 | Semantic processing of module MC 20 | @!@!@STARTMSG 2219:0 @!@!@ 21 | SANY finished. 22 | @!@!@ENDMSG 2219 @!@!@ 23 | @!@!@STARTMSG 2185:0 @!@!@ 24 | Starting... (2015-04-03 22:15:37) 25 | @!@!@ENDMSG 2185 @!@!@ 26 | -------------------------------------------------------------------------------- /Euclid/Euclid.toolbox/Model_1/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS Euclid, TLC 3 | 4 | \* CONSTANT definitions @modelParameterConstants:0N 5 | const_142811373679112000 == 6 | 9 7 | ---- 8 | 9 | \* SPECIFICATION definition @modelBehaviorSpec:0 10 | spec_142811373680113000 == 11 | Spec 12 | ---- 13 | ============================================================================= 14 | \* Modification History 15 | \* Created Fri Apr 03 22:15:36 EDT 2015 by midpeter444 16 | -------------------------------------------------------------------------------- /Euclid/Euclid.toolbox/Model_1/MC_TE.out: -------------------------------------------------------------------------------- 1 | @!@!@STARTMSG 2262:0 @!@!@ 2 | TLC2 Version 2.05 of 23 July 2013 3 | @!@!@ENDMSG 2262 @!@!@ 4 | @!@!@STARTMSG 2188:0 @!@!@ 5 | Running Random Simulation with seed -5843496747848296339. 6 | @!@!@ENDMSG 2188 @!@!@ 7 | @!@!@STARTMSG 2220:0 @!@!@ 8 | Starting SANY... 9 | @!@!@ENDMSG 2220 @!@!@ 10 | Parsing file MC.tla 11 | Parsing file Euclid.tla 12 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/TLC.tla 13 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Naturals.tla 14 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Sequences.tla 15 | Semantic processing of module Naturals 16 | Semantic processing of module Sequences 17 | Semantic processing of module TLC 18 | Semantic processing of module Euclid 19 | Semantic processing of module MC 20 | @!@!@STARTMSG 2219:0 @!@!@ 21 | SANY finished. 22 | @!@!@ENDMSG 2219 @!@!@ 23 | @!@!@STARTMSG 2185:0 @!@!@ 24 | Starting... (2015-04-03 22:15:37) 25 | @!@!@ENDMSG 2185 @!@!@ 26 | -------------------------------------------------------------------------------- /FIFO/FIFO.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* Add statements after this line. 4 | -------------------------------------------------------------------------------- /FIFO/FIFO.toolbox/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | FIFO 4 | 5 | 6 | 7 | 8 | 9 | toolbox.builder.TLAParserBuilder 10 | 11 | 12 | 13 | 14 | toolbox.builder.PCalAlgorithmSearchingBuilder 15 | 16 | 17 | 18 | 19 | 20 | toolbox.natures.TLANature 21 | 22 | 23 | 24 | FIFO.tla 25 | 1 26 | /home/midpeter444/lang/tlaplus/pluscal/FIFO/FIFO.tla 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /FIFO/FIFO.toolbox/.settings/org.lamport.tla.toolbox.prefs: -------------------------------------------------------------------------------- 1 | #Mon Apr 06 12:15:32 EDT 2015 2 | ProjectRootFile=/home/midpeter444/lang/tlaplus/pluscal/FIFO/FIFO.tla 3 | ProjectToolboxDirSize=70029 4 | eclipse.preferences.version=1 5 | -------------------------------------------------------------------------------- /FIFO/FIFO.toolbox/FIFO.tla.pmap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/quux00/PlusCal-Examples/1369a5c0531e20d476c501ca03a79c08ecf7c868/FIFO/FIFO.toolbox/FIFO.tla.pmap -------------------------------------------------------------------------------- /FIFO/FIFO.toolbox/FIFO_Model_4/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* CONSTANT definitions 4 | CONSTANT 5 | MaxBufSize <- const_14283687269234000 6 | \* SPECIFICATION definition 7 | SPECIFICATION 8 | spec_14283687269335000 9 | \* Generated on Mon Apr 06 21:05:26 EDT 2015 -------------------------------------------------------------------------------- /FIFO/FIFO.toolbox/FIFO_Model_4/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS FIFO, TLC 3 | 4 | \* CONSTANT definitions @modelParameterConstants:0MaxBufSize 5 | const_14283687269234000 == 6 | 3 7 | ---- 8 | 9 | \* SPECIFICATION definition @modelBehaviorSpec:0 10 | spec_14283687269335000 == 11 | Spec 12 | ---- 13 | ============================================================================= 14 | \* Modification History 15 | \* Created Mon Apr 06 21:05:26 EDT 2015 by midpeter444 16 | -------------------------------------------------------------------------------- /FIFO/FIFO.toolbox/FIFO___FIFO_Model_4.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* Add statements after this line. 4 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.old: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE FastMutex ------------------------- 2 | EXTENDS Naturals, TLC 3 | CONSTANT N 4 | 5 | (* 6 | --algorithm FastMutex { 7 | variables x, 8 | y = 0, 9 | b = [i \in 1..N |-> FALSE]; 10 | process (Proc \in 1..N) 11 | variable j; 12 | { 13 | ncs: while (TRUE) { 14 | skip; \* the noncritical section 15 | 16 | start: b[self] := TRUE; 17 | s01: x := self; 18 | 19 | s02: if (y # 0) { 20 | s03: b[self] := FALSE; 21 | s04: await y = 0; 22 | goto start; 23 | }; 24 | 25 | s05: y := self; 26 | s06: if (x # self) { 27 | s07: b[self] := FALSE; 28 | j := 1; 29 | 30 | s08: while (j <= N) { 31 | await ~b[j]; 32 | j :=j+2; \* should be j+1 33 | }; 34 | 35 | s09: if (y # self) { 36 | s10: await y = 0; 37 | goto start; 38 | }; 39 | }; 40 | 41 | cs: assert \A idx \in 1..N : (idx # self) => (pc[idx] # "cs"); \* critical section 42 | s11: y := 0; 43 | s12: b[self] := FALSE; 44 | } \* end outer while 45 | 46 | } \* end process block 47 | } \* end algorithm 48 | *) 49 | \* BEGIN TRANSLATION 50 | CONSTANT defaultInitValue 51 | VARIABLES x, y, b, pc, j 52 | 53 | vars == << x, y, b, pc, j >> 54 | 55 | ProcSet == (1..N) 56 | 57 | Init == (* Global variables *) 58 | /\ x = defaultInitValue 59 | /\ y = 0 60 | /\ b = [i \in 1..N |-> FALSE] 61 | (* Process Proc *) 62 | /\ j = [self \in 1..N |-> defaultInitValue] 63 | /\ pc = [self \in ProcSet |-> "ncs"] 64 | 65 | ncs(self) == /\ pc[self] = "ncs" 66 | /\ TRUE 67 | /\ pc' = [pc EXCEPT ![self] = "start"] 68 | /\ UNCHANGED << x, y, b, j >> 69 | 70 | start(self) == /\ pc[self] = "start" 71 | /\ b' = [b EXCEPT ![self] = TRUE] 72 | /\ pc' = [pc EXCEPT ![self] = "s01"] 73 | /\ UNCHANGED << x, y, j >> 74 | 75 | s01(self) == /\ pc[self] = "s01" 76 | /\ x' = self 77 | /\ pc' = [pc EXCEPT ![self] = "s02"] 78 | /\ UNCHANGED << y, b, j >> 79 | 80 | s02(self) == /\ pc[self] = "s02" 81 | /\ IF y # 0 82 | THEN /\ pc' = [pc EXCEPT ![self] = "s03"] 83 | ELSE /\ pc' = [pc EXCEPT ![self] = "s05"] 84 | /\ UNCHANGED << x, y, b, j >> 85 | 86 | s03(self) == /\ pc[self] = "s03" 87 | /\ b' = [b EXCEPT ![self] = FALSE] 88 | /\ pc' = [pc EXCEPT ![self] = "s04"] 89 | /\ UNCHANGED << x, y, j >> 90 | 91 | s04(self) == /\ pc[self] = "s04" 92 | /\ y = 0 93 | /\ pc' = [pc EXCEPT ![self] = "start"] 94 | /\ UNCHANGED << x, y, b, j >> 95 | 96 | s05(self) == /\ pc[self] = "s05" 97 | /\ y' = self 98 | /\ pc' = [pc EXCEPT ![self] = "s06"] 99 | /\ UNCHANGED << x, b, j >> 100 | 101 | s06(self) == /\ pc[self] = "s06" 102 | /\ IF x # self 103 | THEN /\ pc' = [pc EXCEPT ![self] = "s07"] 104 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 105 | /\ UNCHANGED << x, y, b, j >> 106 | 107 | s07(self) == /\ pc[self] = "s07" 108 | /\ b' = [b EXCEPT ![self] = FALSE] 109 | /\ j' = [j EXCEPT ![self] = 1] 110 | /\ pc' = [pc EXCEPT ![self] = "s08"] 111 | /\ UNCHANGED << x, y >> 112 | 113 | s08(self) == /\ pc[self] = "s08" 114 | /\ IF j[self] <= N 115 | THEN /\ ~b[j[self]] 116 | /\ j' = [j EXCEPT ![self] = j[self]+1] 117 | /\ pc' = [pc EXCEPT ![self] = "s08"] 118 | ELSE /\ pc' = [pc EXCEPT ![self] = "s09"] 119 | /\ j' = j 120 | /\ UNCHANGED << x, y, b >> 121 | 122 | s09(self) == /\ pc[self] = "s09" 123 | /\ IF y # self 124 | THEN /\ pc' = [pc EXCEPT ![self] = "s10"] 125 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 126 | /\ UNCHANGED << x, y, b, j >> 127 | 128 | s10(self) == /\ pc[self] = "s10" 129 | /\ y = 0 130 | /\ pc' = [pc EXCEPT ![self] = "start"] 131 | /\ UNCHANGED << x, y, b, j >> 132 | 133 | cs(self) == /\ pc[self] = "cs" 134 | /\ Assert(\A idx \in 1..N : (idx # self) => (pc[idx] # "cs"), 135 | "Failure of assertion at line 41, column 14.") 136 | /\ pc' = [pc EXCEPT ![self] = "s11"] 137 | /\ UNCHANGED << x, y, b, j >> 138 | 139 | s11(self) == /\ pc[self] = "s11" 140 | /\ y' = 0 141 | /\ pc' = [pc EXCEPT ![self] = "s12"] 142 | /\ UNCHANGED << x, b, j >> 143 | 144 | s12(self) == /\ pc[self] = "s12" 145 | /\ b' = [b EXCEPT ![self] = FALSE] 146 | /\ pc' = [pc EXCEPT ![self] = "ncs"] 147 | /\ UNCHANGED << x, y, j >> 148 | 149 | Proc(self) == ncs(self) \/ start(self) \/ s01(self) \/ s02(self) 150 | \/ s03(self) \/ s04(self) \/ s05(self) \/ s06(self) 151 | \/ s07(self) \/ s08(self) \/ s09(self) \/ s10(self) 152 | \/ cs(self) \/ s11(self) \/ s12(self) 153 | 154 | Next == (\E self \in 1..N: Proc(self)) 155 | 156 | Spec == Init /\ [][Next]_vars 157 | 158 | \* END TRANSLATION 159 | 160 | =================================================================== 161 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.tla: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE FastMutex ------------------------- 2 | EXTENDS Naturals, TLC 3 | CONSTANT N 4 | 5 | (* 6 | --algorithm FastMutex { 7 | variables x, 8 | y = 0, 9 | b = [i \in 1..N |-> FALSE]; 10 | process (Proc \in 1..N) 11 | variable j; 12 | { 13 | ncs: while (TRUE) { 14 | skip; \* the noncritical section 15 | 16 | start: b[self] := TRUE; 17 | s01: x := self; 18 | 19 | s02: if (y # 0) { 20 | s03: b[self] := FALSE; 21 | s04: await y = 0; 22 | goto start; 23 | }; 24 | 25 | s05: y := self; 26 | s06: if (x # self) { 27 | s07: b[self] := FALSE; 28 | j := 1; 29 | 30 | s08: while (j <= N) { 31 | await ~b[j]; 32 | j := j+1; \* change to j+2 to see a violation of the assertion below 33 | }; 34 | 35 | s09: if (y # self) { 36 | s10: await y = 0; 37 | goto start; 38 | }; 39 | }; 40 | 41 | cs: assert \A idx \in 1..N : (idx # self) => (pc[idx] # "cs"); \* critical section 42 | s11: y := 0; 43 | s12: b[self] := FALSE; 44 | } \* end outer while 45 | 46 | } \* end process block 47 | } \* end algorithm 48 | *) 49 | \* BEGIN TRANSLATION 50 | CONSTANT defaultInitValue 51 | VARIABLES x, y, b, pc, j 52 | 53 | vars == << x, y, b, pc, j >> 54 | 55 | ProcSet == (1..N) 56 | 57 | Init == (* Global variables *) 58 | /\ x = defaultInitValue 59 | /\ y = 0 60 | /\ b = [i \in 1..N |-> FALSE] 61 | (* Process Proc *) 62 | /\ j = [self \in 1..N |-> defaultInitValue] 63 | /\ pc = [self \in ProcSet |-> "ncs"] 64 | 65 | ncs(self) == /\ pc[self] = "ncs" 66 | /\ TRUE 67 | /\ pc' = [pc EXCEPT ![self] = "start"] 68 | /\ UNCHANGED << x, y, b, j >> 69 | 70 | start(self) == /\ pc[self] = "start" 71 | /\ b' = [b EXCEPT ![self] = TRUE] 72 | /\ pc' = [pc EXCEPT ![self] = "s01"] 73 | /\ UNCHANGED << x, y, j >> 74 | 75 | s01(self) == /\ pc[self] = "s01" 76 | /\ x' = self 77 | /\ pc' = [pc EXCEPT ![self] = "s02"] 78 | /\ UNCHANGED << y, b, j >> 79 | 80 | s02(self) == /\ pc[self] = "s02" 81 | /\ IF y # 0 82 | THEN /\ pc' = [pc EXCEPT ![self] = "s03"] 83 | ELSE /\ pc' = [pc EXCEPT ![self] = "s05"] 84 | /\ UNCHANGED << x, y, b, j >> 85 | 86 | s03(self) == /\ pc[self] = "s03" 87 | /\ b' = [b EXCEPT ![self] = FALSE] 88 | /\ pc' = [pc EXCEPT ![self] = "s04"] 89 | /\ UNCHANGED << x, y, j >> 90 | 91 | s04(self) == /\ pc[self] = "s04" 92 | /\ y = 0 93 | /\ pc' = [pc EXCEPT ![self] = "start"] 94 | /\ UNCHANGED << x, y, b, j >> 95 | 96 | s05(self) == /\ pc[self] = "s05" 97 | /\ y' = self 98 | /\ pc' = [pc EXCEPT ![self] = "s06"] 99 | /\ UNCHANGED << x, b, j >> 100 | 101 | s06(self) == /\ pc[self] = "s06" 102 | /\ IF x # self 103 | THEN /\ pc' = [pc EXCEPT ![self] = "s07"] 104 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 105 | /\ UNCHANGED << x, y, b, j >> 106 | 107 | s07(self) == /\ pc[self] = "s07" 108 | /\ b' = [b EXCEPT ![self] = FALSE] 109 | /\ j' = [j EXCEPT ![self] = 1] 110 | /\ pc' = [pc EXCEPT ![self] = "s08"] 111 | /\ UNCHANGED << x, y >> 112 | 113 | s08(self) == /\ pc[self] = "s08" 114 | /\ IF j[self] <= N 115 | THEN /\ ~b[j[self]] 116 | /\ j' = [j EXCEPT ![self] = j[self]+2] 117 | /\ pc' = [pc EXCEPT ![self] = "s08"] 118 | ELSE /\ pc' = [pc EXCEPT ![self] = "s09"] 119 | /\ j' = j 120 | /\ UNCHANGED << x, y, b >> 121 | 122 | s09(self) == /\ pc[self] = "s09" 123 | /\ IF y # self 124 | THEN /\ pc' = [pc EXCEPT ![self] = "s10"] 125 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 126 | /\ UNCHANGED << x, y, b, j >> 127 | 128 | s10(self) == /\ pc[self] = "s10" 129 | /\ y = 0 130 | /\ pc' = [pc EXCEPT ![self] = "start"] 131 | /\ UNCHANGED << x, y, b, j >> 132 | 133 | cs(self) == /\ pc[self] = "cs" 134 | /\ Assert(\A idx \in 1..N : (idx # self) => (pc[idx] # "cs"), 135 | "Failure of assertion at line 41, column 14.") 136 | /\ pc' = [pc EXCEPT ![self] = "s11"] 137 | /\ UNCHANGED << x, y, b, j >> 138 | 139 | s11(self) == /\ pc[self] = "s11" 140 | /\ y' = 0 141 | /\ pc' = [pc EXCEPT ![self] = "s12"] 142 | /\ UNCHANGED << x, b, j >> 143 | 144 | s12(self) == /\ pc[self] = "s12" 145 | /\ b' = [b EXCEPT ![self] = FALSE] 146 | /\ pc' = [pc EXCEPT ![self] = "ncs"] 147 | /\ UNCHANGED << x, y, j >> 148 | 149 | Proc(self) == ncs(self) \/ start(self) \/ s01(self) \/ s02(self) 150 | \/ s03(self) \/ s04(self) \/ s05(self) \/ s06(self) 151 | \/ s07(self) \/ s08(self) \/ s09(self) \/ s10(self) 152 | \/ cs(self) \/ s11(self) \/ s12(self) 153 | 154 | Next == (\E self \in 1..N: Proc(self)) 155 | 156 | Spec == Init /\ [][Next]_vars 157 | 158 | \* END TRANSLATION 159 | 160 | =================================================================== 161 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | FastMutex 4 | 5 | 6 | 7 | 8 | 9 | toolbox.builder.TLAParserBuilder 10 | 11 | 12 | 13 | 14 | toolbox.builder.PCalAlgorithmSearchingBuilder 15 | 16 | 17 | 18 | 19 | 20 | toolbox.natures.TLANature 21 | 22 | 23 | 24 | FastMutex.tla 25 | 1 26 | /home/midpeter444/lang/tlaplus/pluscal/FastMutex/FastMutex.tla 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/.settings/org.lamport.tla.toolbox.prefs: -------------------------------------------------------------------------------- 1 | #Sat Apr 04 13:26:38 EDT 2015 2 | ProjectRootFile=/home/midpeter444/lang/tlaplus/pluscal/FastMutex/FastMutex.tla 3 | ProjectToolboxDirSize=4 4 | eclipse.preferences.version=1 5 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Bad_Model_2/FastMutex.tla: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE FastMutex ------------------------- 2 | EXTENDS Naturals, TLC 3 | CONSTANT N 4 | 5 | (* 6 | --algorithm FastMutex { 7 | variables x, 8 | y = 0, 9 | b = [i \in 1..N |-> FALSE]; 10 | process (Proc \in 1..N) 11 | variable j; 12 | { 13 | ncs: while (TRUE) { 14 | skip; \* the noncritical section 15 | 16 | start: b[self] := TRUE; 17 | s01: x := self; 18 | 19 | s02: if (y # 0) { 20 | s03: b[self] := FALSE; 21 | s04: await y = 0; 22 | goto start; 23 | }; 24 | 25 | s05: y := self; 26 | s06: if (x # self) { 27 | s07: b[self] := FALSE; 28 | j := 1; 29 | 30 | s08: while (j <= N) { 31 | await ~b[j]; 32 | j :=j+1; 33 | }; 34 | 35 | s09: if (y # self) { 36 | s10: await y = 1; \* should be await y = 0 37 | goto start; 38 | }; 39 | }; 40 | 41 | cs: skip; \* critical section 42 | s11: y := 0; 43 | s12: b[self] := FALSE; 44 | } \* end outer while 45 | 46 | } \* end process block 47 | } \* end algorithm 48 | *) 49 | \* BEGIN TRANSLATION 50 | CONSTANT defaultInitValue 51 | VARIABLES x, y, b, pc, j 52 | 53 | vars == << x, y, b, pc, j >> 54 | 55 | ProcSet == (1..N) 56 | 57 | Init == (* Global variables *) 58 | /\ x = defaultInitValue 59 | /\ y = 0 60 | /\ b = [i \in 1..N |-> FALSE] 61 | (* Process Proc *) 62 | /\ j = [self \in 1..N |-> defaultInitValue] 63 | /\ pc = [self \in ProcSet |-> "ncs"] 64 | 65 | ncs(self) == /\ pc[self] = "ncs" 66 | /\ TRUE 67 | /\ pc' = [pc EXCEPT ![self] = "start"] 68 | /\ UNCHANGED << x, y, b, j >> 69 | 70 | start(self) == /\ pc[self] = "start" 71 | /\ b' = [b EXCEPT ![self] = TRUE] 72 | /\ pc' = [pc EXCEPT ![self] = "s01"] 73 | /\ UNCHANGED << x, y, j >> 74 | 75 | s01(self) == /\ pc[self] = "s01" 76 | /\ x' = self 77 | /\ pc' = [pc EXCEPT ![self] = "s02"] 78 | /\ UNCHANGED << y, b, j >> 79 | 80 | s02(self) == /\ pc[self] = "s02" 81 | /\ IF y # 0 82 | THEN /\ pc' = [pc EXCEPT ![self] = "s03"] 83 | ELSE /\ pc' = [pc EXCEPT ![self] = "s05"] 84 | /\ UNCHANGED << x, y, b, j >> 85 | 86 | s03(self) == /\ pc[self] = "s03" 87 | /\ b' = [b EXCEPT ![self] = FALSE] 88 | /\ pc' = [pc EXCEPT ![self] = "s04"] 89 | /\ UNCHANGED << x, y, j >> 90 | 91 | s04(self) == /\ pc[self] = "s04" 92 | /\ y = 0 93 | /\ pc' = [pc EXCEPT ![self] = "start"] 94 | /\ UNCHANGED << x, y, b, j >> 95 | 96 | s05(self) == /\ pc[self] = "s05" 97 | /\ y' = self 98 | /\ pc' = [pc EXCEPT ![self] = "s06"] 99 | /\ UNCHANGED << x, b, j >> 100 | 101 | s06(self) == /\ pc[self] = "s06" 102 | /\ IF x # self 103 | THEN /\ pc' = [pc EXCEPT ![self] = "s07"] 104 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 105 | /\ UNCHANGED << x, y, b, j >> 106 | 107 | s07(self) == /\ pc[self] = "s07" 108 | /\ b' = [b EXCEPT ![self] = FALSE] 109 | /\ j' = [j EXCEPT ![self] = 1] 110 | /\ pc' = [pc EXCEPT ![self] = "s08"] 111 | /\ UNCHANGED << x, y >> 112 | 113 | s08(self) == /\ pc[self] = "s08" 114 | /\ IF j[self] <= N 115 | THEN /\ ~b[j[self]] 116 | /\ j' = [j EXCEPT ![self] = j[self]+1] 117 | /\ pc' = [pc EXCEPT ![self] = "s08"] 118 | ELSE /\ pc' = [pc EXCEPT ![self] = "s09"] 119 | /\ j' = j 120 | /\ UNCHANGED << x, y, b >> 121 | 122 | s09(self) == /\ pc[self] = "s09" 123 | /\ IF y # self 124 | THEN /\ pc' = [pc EXCEPT ![self] = "s10"] 125 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 126 | /\ UNCHANGED << x, y, b, j >> 127 | 128 | s10(self) == /\ pc[self] = "s10" 129 | /\ y = 1 130 | /\ pc' = [pc EXCEPT ![self] = "start"] 131 | /\ UNCHANGED << x, y, b, j >> 132 | 133 | cs(self) == /\ pc[self] = "cs" 134 | /\ TRUE 135 | /\ pc' = [pc EXCEPT ![self] = "s11"] 136 | /\ UNCHANGED << x, y, b, j >> 137 | 138 | s11(self) == /\ pc[self] = "s11" 139 | /\ y' = 0 140 | /\ pc' = [pc EXCEPT ![self] = "s12"] 141 | /\ UNCHANGED << x, b, j >> 142 | 143 | s12(self) == /\ pc[self] = "s12" 144 | /\ b' = [b EXCEPT ![self] = FALSE] 145 | /\ pc' = [pc EXCEPT ![self] = "ncs"] 146 | /\ UNCHANGED << x, y, j >> 147 | 148 | Proc(self) == ncs(self) \/ start(self) \/ s01(self) \/ s02(self) 149 | \/ s03(self) \/ s04(self) \/ s05(self) \/ s06(self) 150 | \/ s07(self) \/ s08(self) \/ s09(self) \/ s10(self) 151 | \/ cs(self) \/ s11(self) \/ s12(self) 152 | 153 | Next == (\E self \in 1..N: Proc(self)) 154 | 155 | Spec == Init /\ [][Next]_vars 156 | 157 | \* END TRANSLATION 158 | 159 | =================================================================== 160 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Bad_Model_2/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* CONSTANT definitions 4 | CONSTANT 5 | N <- const_142818458933424000 6 | \* SPECIFICATION definition 7 | SPECIFICATION 8 | spec_142818458934425000 9 | \* Generated on Sat Apr 04 17:56:29 EDT 2015 -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Bad_Model_2/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS FastMutex, TLC 3 | 4 | \* CONSTANT definitions @modelParameterConstants:0N 5 | const_142818458933424000 == 6 | 3 7 | ---- 8 | 9 | \* SPECIFICATION definition @modelBehaviorSpec:0 10 | spec_142818458934425000 == 11 | Spec 12 | ---- 13 | ============================================================================= 14 | \* Modification History 15 | \* Created Sat Apr 04 17:56:29 EDT 2015 by midpeter444 16 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_1/FastMutex.tla: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE FastMutex ------------------------- 2 | EXTENDS Naturals, TLC 3 | CONSTANT N 4 | 5 | (* 6 | --algorithm FastMutex { 7 | variables x, 8 | y = 0, 9 | b = [i \in 1..N |-> FALSE]; 10 | process (Proc \in 1..N) 11 | variable j; 12 | { 13 | ncs: while (TRUE) { 14 | skip; \* the noncritical section 15 | 16 | start: b[self] := TRUE; 17 | s01: x := self; 18 | 19 | s02: if (y # 0) { 20 | s03: b[self] := FALSE; 21 | s04: await y = 0; 22 | goto start; 23 | }; 24 | 25 | s05: y := self; 26 | s06: if (x # self) { 27 | s07: b[self] := FALSE; 28 | j := 1; 29 | 30 | s08: while (j <= N) { 31 | await ~b[j]; 32 | j :=j+1; 33 | }; 34 | 35 | s09: if (y # self) { 36 | s10: await y = 0; 37 | goto start; 38 | }; 39 | }; 40 | 41 | cs: skip; \* critical section 42 | s11: y := 0; 43 | s12: b[self] := FALSE; 44 | } \* end outer while 45 | 46 | } \* end process block 47 | } \* end algorithm 48 | *) 49 | \* BEGIN TRANSLATION 50 | CONSTANT defaultInitValue 51 | VARIABLES x, y, b, pc, j 52 | 53 | vars == << x, y, b, pc, j >> 54 | 55 | ProcSet == (1..N) 56 | 57 | Init == (* Global variables *) 58 | /\ x = defaultInitValue 59 | /\ y = 0 60 | /\ b = [i \in 1..N |-> FALSE] 61 | (* Process Proc *) 62 | /\ j = [self \in 1..N |-> defaultInitValue] 63 | /\ pc = [self \in ProcSet |-> "ncs"] 64 | 65 | ncs(self) == /\ pc[self] = "ncs" 66 | /\ TRUE 67 | /\ pc' = [pc EXCEPT ![self] = "start"] 68 | /\ UNCHANGED << x, y, b, j >> 69 | 70 | start(self) == /\ pc[self] = "start" 71 | /\ b' = [b EXCEPT ![self] = TRUE] 72 | /\ pc' = [pc EXCEPT ![self] = "s01"] 73 | /\ UNCHANGED << x, y, j >> 74 | 75 | s01(self) == /\ pc[self] = "s01" 76 | /\ x' = self 77 | /\ pc' = [pc EXCEPT ![self] = "s02"] 78 | /\ UNCHANGED << y, b, j >> 79 | 80 | s02(self) == /\ pc[self] = "s02" 81 | /\ IF y # 0 82 | THEN /\ pc' = [pc EXCEPT ![self] = "s03"] 83 | ELSE /\ pc' = [pc EXCEPT ![self] = "s05"] 84 | /\ UNCHANGED << x, y, b, j >> 85 | 86 | s03(self) == /\ pc[self] = "s03" 87 | /\ b' = [b EXCEPT ![self] = FALSE] 88 | /\ pc' = [pc EXCEPT ![self] = "s04"] 89 | /\ UNCHANGED << x, y, j >> 90 | 91 | s04(self) == /\ pc[self] = "s04" 92 | /\ y = 0 93 | /\ pc' = [pc EXCEPT ![self] = "start"] 94 | /\ UNCHANGED << x, y, b, j >> 95 | 96 | s05(self) == /\ pc[self] = "s05" 97 | /\ y' = self 98 | /\ pc' = [pc EXCEPT ![self] = "s06"] 99 | /\ UNCHANGED << x, b, j >> 100 | 101 | s06(self) == /\ pc[self] = "s06" 102 | /\ IF x # self 103 | THEN /\ pc' = [pc EXCEPT ![self] = "s07"] 104 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 105 | /\ UNCHANGED << x, y, b, j >> 106 | 107 | s07(self) == /\ pc[self] = "s07" 108 | /\ b' = [b EXCEPT ![self] = FALSE] 109 | /\ j' = [j EXCEPT ![self] = 1] 110 | /\ pc' = [pc EXCEPT ![self] = "s08"] 111 | /\ UNCHANGED << x, y >> 112 | 113 | s08(self) == /\ pc[self] = "s08" 114 | /\ IF j[self] <= N 115 | THEN /\ ~b[j[self]] 116 | /\ j' = [j EXCEPT ![self] = j[self]+1] 117 | /\ pc' = [pc EXCEPT ![self] = "s08"] 118 | ELSE /\ pc' = [pc EXCEPT ![self] = "s09"] 119 | /\ j' = j 120 | /\ UNCHANGED << x, y, b >> 121 | 122 | s09(self) == /\ pc[self] = "s09" 123 | /\ IF y # self 124 | THEN /\ pc' = [pc EXCEPT ![self] = "s10"] 125 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 126 | /\ UNCHANGED << x, y, b, j >> 127 | 128 | s10(self) == /\ pc[self] = "s10" 129 | /\ y = 0 130 | /\ pc' = [pc EXCEPT ![self] = "start"] 131 | /\ UNCHANGED << x, y, b, j >> 132 | 133 | cs(self) == /\ pc[self] = "cs" 134 | /\ TRUE 135 | /\ pc' = [pc EXCEPT ![self] = "s11"] 136 | /\ UNCHANGED << x, y, b, j >> 137 | 138 | s11(self) == /\ pc[self] = "s11" 139 | /\ y' = 0 140 | /\ pc' = [pc EXCEPT ![self] = "s12"] 141 | /\ UNCHANGED << x, b, j >> 142 | 143 | s12(self) == /\ pc[self] = "s12" 144 | /\ b' = [b EXCEPT ![self] = FALSE] 145 | /\ pc' = [pc EXCEPT ![self] = "ncs"] 146 | /\ UNCHANGED << x, y, j >> 147 | 148 | Proc(self) == ncs(self) \/ start(self) \/ s01(self) \/ s02(self) 149 | \/ s03(self) \/ s04(self) \/ s05(self) \/ s06(self) 150 | \/ s07(self) \/ s08(self) \/ s09(self) \/ s10(self) 151 | \/ cs(self) \/ s11(self) \/ s12(self) 152 | 153 | Next == (\E self \in 1..N: Proc(self)) 154 | 155 | Spec == Init /\ [][Next]_vars 156 | 157 | \* END TRANSLATION 158 | 159 | =================================================================== 160 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_1/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* CONSTANT definitions 4 | CONSTANT 5 | N <- const_142818440974018000 6 | \* SPECIFICATION definition 7 | SPECIFICATION 8 | spec_142818440975119000 9 | \* Generated on Sat Apr 04 17:53:29 EDT 2015 -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_1/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS FastMutex, TLC 3 | 4 | \* CONSTANT definitions @modelParameterConstants:0N 5 | const_142818440974018000 == 6 | 4 7 | ---- 8 | 9 | \* SPECIFICATION definition @modelBehaviorSpec:0 10 | spec_142818440975119000 == 11 | Spec 12 | ---- 13 | ============================================================================= 14 | \* Modification History 15 | \* Created Sat Apr 04 17:53:29 EDT 2015 by midpeter444 16 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_3/FastMutex.tla: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE FastMutex ------------------------- 2 | EXTENDS Naturals, TLC 3 | CONSTANT N 4 | 5 | (* 6 | --algorithm FastMutex { 7 | variables x, 8 | y = 0, 9 | b = [i \in 1..N |-> FALSE]; 10 | process (Proc \in 1..N) 11 | variable j; 12 | { 13 | ncs: while (TRUE) { 14 | skip; \* the noncritical section 15 | 16 | start: b[self] := TRUE; 17 | s01: x := self; 18 | 19 | s02: if (y # 0) { 20 | s03: b[self] := FALSE; 21 | s04: await y = 0; 22 | goto start; 23 | }; 24 | 25 | s05: y := self; 26 | s06: if (x # self) { 27 | s07: b[self] := FALSE; 28 | j := 1; 29 | 30 | s08: while (j <= N) { 31 | await b[j]; \* should be await ~b[j] 32 | j :=j+1; 33 | }; 34 | 35 | s09: if (y # self) { 36 | s10: await y = 0; 37 | goto start; 38 | }; 39 | }; 40 | 41 | cs: skip; \* critical section 42 | s11: y := 0; 43 | s12: b[self] := FALSE; 44 | } \* end outer while 45 | 46 | } \* end process block 47 | } \* end algorithm 48 | *) 49 | \* BEGIN TRANSLATION 50 | CONSTANT defaultInitValue 51 | VARIABLES x, y, b, pc, j 52 | 53 | vars == << x, y, b, pc, j >> 54 | 55 | ProcSet == (1..N) 56 | 57 | Init == (* Global variables *) 58 | /\ x = defaultInitValue 59 | /\ y = 0 60 | /\ b = [i \in 1..N |-> FALSE] 61 | (* Process Proc *) 62 | /\ j = [self \in 1..N |-> defaultInitValue] 63 | /\ pc = [self \in ProcSet |-> "ncs"] 64 | 65 | ncs(self) == /\ pc[self] = "ncs" 66 | /\ TRUE 67 | /\ pc' = [pc EXCEPT ![self] = "start"] 68 | /\ UNCHANGED << x, y, b, j >> 69 | 70 | start(self) == /\ pc[self] = "start" 71 | /\ b' = [b EXCEPT ![self] = TRUE] 72 | /\ pc' = [pc EXCEPT ![self] = "s01"] 73 | /\ UNCHANGED << x, y, j >> 74 | 75 | s01(self) == /\ pc[self] = "s01" 76 | /\ x' = self 77 | /\ pc' = [pc EXCEPT ![self] = "s02"] 78 | /\ UNCHANGED << y, b, j >> 79 | 80 | s02(self) == /\ pc[self] = "s02" 81 | /\ IF y # 0 82 | THEN /\ pc' = [pc EXCEPT ![self] = "s03"] 83 | ELSE /\ pc' = [pc EXCEPT ![self] = "s05"] 84 | /\ UNCHANGED << x, y, b, j >> 85 | 86 | s03(self) == /\ pc[self] = "s03" 87 | /\ b' = [b EXCEPT ![self] = FALSE] 88 | /\ pc' = [pc EXCEPT ![self] = "s04"] 89 | /\ UNCHANGED << x, y, j >> 90 | 91 | s04(self) == /\ pc[self] = "s04" 92 | /\ y = 0 93 | /\ pc' = [pc EXCEPT ![self] = "start"] 94 | /\ UNCHANGED << x, y, b, j >> 95 | 96 | s05(self) == /\ pc[self] = "s05" 97 | /\ y' = self 98 | /\ pc' = [pc EXCEPT ![self] = "s06"] 99 | /\ UNCHANGED << x, b, j >> 100 | 101 | s06(self) == /\ pc[self] = "s06" 102 | /\ IF x # self 103 | THEN /\ pc' = [pc EXCEPT ![self] = "s07"] 104 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 105 | /\ UNCHANGED << x, y, b, j >> 106 | 107 | s07(self) == /\ pc[self] = "s07" 108 | /\ b' = [b EXCEPT ![self] = FALSE] 109 | /\ j' = [j EXCEPT ![self] = 1] 110 | /\ pc' = [pc EXCEPT ![self] = "s08"] 111 | /\ UNCHANGED << x, y >> 112 | 113 | s08(self) == /\ pc[self] = "s08" 114 | /\ IF j[self] <= N 115 | THEN /\ b[j[self]] 116 | /\ j' = [j EXCEPT ![self] = j[self]+1] 117 | /\ pc' = [pc EXCEPT ![self] = "s08"] 118 | ELSE /\ pc' = [pc EXCEPT ![self] = "s09"] 119 | /\ j' = j 120 | /\ UNCHANGED << x, y, b >> 121 | 122 | s09(self) == /\ pc[self] = "s09" 123 | /\ IF y # self 124 | THEN /\ pc' = [pc EXCEPT ![self] = "s10"] 125 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 126 | /\ UNCHANGED << x, y, b, j >> 127 | 128 | s10(self) == /\ pc[self] = "s10" 129 | /\ y = 0 130 | /\ pc' = [pc EXCEPT ![self] = "start"] 131 | /\ UNCHANGED << x, y, b, j >> 132 | 133 | cs(self) == /\ pc[self] = "cs" 134 | /\ TRUE 135 | /\ pc' = [pc EXCEPT ![self] = "s11"] 136 | /\ UNCHANGED << x, y, b, j >> 137 | 138 | s11(self) == /\ pc[self] = "s11" 139 | /\ y' = 0 140 | /\ pc' = [pc EXCEPT ![self] = "s12"] 141 | /\ UNCHANGED << x, b, j >> 142 | 143 | s12(self) == /\ pc[self] = "s12" 144 | /\ b' = [b EXCEPT ![self] = FALSE] 145 | /\ pc' = [pc EXCEPT ![self] = "ncs"] 146 | /\ UNCHANGED << x, y, j >> 147 | 148 | Proc(self) == ncs(self) \/ start(self) \/ s01(self) \/ s02(self) 149 | \/ s03(self) \/ s04(self) \/ s05(self) \/ s06(self) 150 | \/ s07(self) \/ s08(self) \/ s09(self) \/ s10(self) 151 | \/ cs(self) \/ s11(self) \/ s12(self) 152 | 153 | Next == (\E self \in 1..N: Proc(self)) 154 | 155 | Spec == Init /\ [][Next]_vars 156 | 157 | \* END TRANSLATION 158 | 159 | =================================================================== 160 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_3/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* CONSTANT definitions 4 | CONSTANT 5 | N <- const_142818470689528000 6 | \* SPECIFICATION definition 7 | SPECIFICATION 8 | spec_142818470690629000 9 | \* Generated on Sat Apr 04 17:58:26 EDT 2015 -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_3/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS FastMutex, TLC 3 | 4 | \* CONSTANT definitions @modelParameterConstants:0N 5 | const_142818470689528000 == 6 | 4 7 | ---- 8 | 9 | \* SPECIFICATION definition @modelBehaviorSpec:0 10 | spec_142818470690629000 == 11 | Spec 12 | ---- 13 | ============================================================================= 14 | \* Modification History 15 | \* Created Sat Apr 04 17:58:26 EDT 2015 by midpeter444 16 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_4/FastMutex.tla: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE FastMutex ------------------------- 2 | EXTENDS Naturals, TLC 3 | CONSTANT N 4 | 5 | (* 6 | --algorithm FastMutex { 7 | variables x, 8 | y = 0, 9 | b = [i \in 1..N |-> FALSE]; 10 | process (Proc \in 1..N) 11 | variable j; 12 | { 13 | ncs: while (TRUE) { 14 | skip; \* the noncritical section 15 | 16 | start: b[self] := TRUE; 17 | s01: x := self; 18 | 19 | s02: if (y # 0) { 20 | s03: b[self] := FALSE; 21 | s04: await y = 0; 22 | goto start; 23 | }; 24 | 25 | s05: y := self; 26 | s06: if (x # self) { 27 | s07: b[self] := FALSE; 28 | j := 1; 29 | 30 | s08: while (j <= N) { 31 | await ~b[j]; 32 | j :=j+2; \* should be j+1 33 | }; 34 | 35 | s09: if (y # self) { 36 | s10: await y = 0; 37 | goto start; 38 | }; 39 | }; 40 | 41 | cs: skip; \* critical section 42 | s11: y := 0; 43 | s12: b[self] := FALSE; 44 | } \* end outer while 45 | 46 | } \* end process block 47 | } \* end algorithm 48 | *) 49 | \* BEGIN TRANSLATION 50 | CONSTANT defaultInitValue 51 | VARIABLES x, y, b, pc, j 52 | 53 | vars == << x, y, b, pc, j >> 54 | 55 | ProcSet == (1..N) 56 | 57 | Init == (* Global variables *) 58 | /\ x = defaultInitValue 59 | /\ y = 0 60 | /\ b = [i \in 1..N |-> FALSE] 61 | (* Process Proc *) 62 | /\ j = [self \in 1..N |-> defaultInitValue] 63 | /\ pc = [self \in ProcSet |-> "ncs"] 64 | 65 | ncs(self) == /\ pc[self] = "ncs" 66 | /\ TRUE 67 | /\ pc' = [pc EXCEPT ![self] = "start"] 68 | /\ UNCHANGED << x, y, b, j >> 69 | 70 | start(self) == /\ pc[self] = "start" 71 | /\ b' = [b EXCEPT ![self] = TRUE] 72 | /\ pc' = [pc EXCEPT ![self] = "s01"] 73 | /\ UNCHANGED << x, y, j >> 74 | 75 | s01(self) == /\ pc[self] = "s01" 76 | /\ x' = self 77 | /\ pc' = [pc EXCEPT ![self] = "s02"] 78 | /\ UNCHANGED << y, b, j >> 79 | 80 | s02(self) == /\ pc[self] = "s02" 81 | /\ IF y # 0 82 | THEN /\ pc' = [pc EXCEPT ![self] = "s03"] 83 | ELSE /\ pc' = [pc EXCEPT ![self] = "s05"] 84 | /\ UNCHANGED << x, y, b, j >> 85 | 86 | s03(self) == /\ pc[self] = "s03" 87 | /\ b' = [b EXCEPT ![self] = FALSE] 88 | /\ pc' = [pc EXCEPT ![self] = "s04"] 89 | /\ UNCHANGED << x, y, j >> 90 | 91 | s04(self) == /\ pc[self] = "s04" 92 | /\ y = 0 93 | /\ pc' = [pc EXCEPT ![self] = "start"] 94 | /\ UNCHANGED << x, y, b, j >> 95 | 96 | s05(self) == /\ pc[self] = "s05" 97 | /\ y' = self 98 | /\ pc' = [pc EXCEPT ![self] = "s06"] 99 | /\ UNCHANGED << x, b, j >> 100 | 101 | s06(self) == /\ pc[self] = "s06" 102 | /\ IF x # self 103 | THEN /\ pc' = [pc EXCEPT ![self] = "s07"] 104 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 105 | /\ UNCHANGED << x, y, b, j >> 106 | 107 | s07(self) == /\ pc[self] = "s07" 108 | /\ b' = [b EXCEPT ![self] = FALSE] 109 | /\ j' = [j EXCEPT ![self] = 1] 110 | /\ pc' = [pc EXCEPT ![self] = "s08"] 111 | /\ UNCHANGED << x, y >> 112 | 113 | s08(self) == /\ pc[self] = "s08" 114 | /\ IF j[self] <= N 115 | THEN /\ ~b[j[self]] 116 | /\ j' = [j EXCEPT ![self] = j[self]+2] 117 | /\ pc' = [pc EXCEPT ![self] = "s08"] 118 | ELSE /\ pc' = [pc EXCEPT ![self] = "s09"] 119 | /\ j' = j 120 | /\ UNCHANGED << x, y, b >> 121 | 122 | s09(self) == /\ pc[self] = "s09" 123 | /\ IF y # self 124 | THEN /\ pc' = [pc EXCEPT ![self] = "s10"] 125 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 126 | /\ UNCHANGED << x, y, b, j >> 127 | 128 | s10(self) == /\ pc[self] = "s10" 129 | /\ y = 0 130 | /\ pc' = [pc EXCEPT ![self] = "start"] 131 | /\ UNCHANGED << x, y, b, j >> 132 | 133 | cs(self) == /\ pc[self] = "cs" 134 | /\ TRUE 135 | /\ pc' = [pc EXCEPT ![self] = "s11"] 136 | /\ UNCHANGED << x, y, b, j >> 137 | 138 | s11(self) == /\ pc[self] = "s11" 139 | /\ y' = 0 140 | /\ pc' = [pc EXCEPT ![self] = "s12"] 141 | /\ UNCHANGED << x, b, j >> 142 | 143 | s12(self) == /\ pc[self] = "s12" 144 | /\ b' = [b EXCEPT ![self] = FALSE] 145 | /\ pc' = [pc EXCEPT ![self] = "ncs"] 146 | /\ UNCHANGED << x, y, j >> 147 | 148 | Proc(self) == ncs(self) \/ start(self) \/ s01(self) \/ s02(self) 149 | \/ s03(self) \/ s04(self) \/ s05(self) \/ s06(self) 150 | \/ s07(self) \/ s08(self) \/ s09(self) \/ s10(self) 151 | \/ cs(self) \/ s11(self) \/ s12(self) 152 | 153 | Next == (\E self \in 1..N: Proc(self)) 154 | 155 | Spec == Init /\ [][Next]_vars 156 | 157 | \* END TRANSLATION 158 | 159 | =================================================================== 160 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_4/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* CONSTANT definitions 4 | CONSTANT 5 | N <- const_142818486890732000 6 | \* SPECIFICATION definition 7 | SPECIFICATION 8 | spec_142818486891733000 9 | \* Generated on Sat Apr 04 18:01:08 EDT 2015 -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_4/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS FastMutex, TLC 3 | 4 | \* CONSTANT definitions @modelParameterConstants:0N 5 | const_142818486890732000 == 6 | 4 7 | ---- 8 | 9 | \* SPECIFICATION definition @modelBehaviorSpec:0 10 | spec_142818486891733000 == 11 | Spec 12 | ---- 13 | ============================================================================= 14 | \* Modification History 15 | \* Created Sat Apr 04 18:01:08 EDT 2015 by midpeter444 16 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_5/FastMutex.tla: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE FastMutex ------------------------- 2 | EXTENDS Naturals, TLC 3 | CONSTANT N 4 | 5 | (* 6 | --algorithm FastMutex { 7 | variables x, 8 | y = 0, 9 | b = [i \in 1..N |-> FALSE]; 10 | process (Proc \in 1..N) 11 | variable j; 12 | { 13 | ncs: while (TRUE) { 14 | skip; \* the noncritical section 15 | 16 | start: b[self] := TRUE; 17 | s01: x := self; 18 | 19 | s02: if (y # 0) { 20 | s03: b[self] := FALSE; 21 | s04: await y = 0; 22 | goto start; 23 | }; 24 | 25 | s05: y := self; 26 | s06: if (x # self) { 27 | s07: b[self] := FALSE; 28 | j := 1; 29 | 30 | s08: while (j <= N) { 31 | await ~b[j]; 32 | j :=j+1; \* should be j+1 33 | }; 34 | 35 | s09: if (y # self) { 36 | s10: await y = 0; 37 | goto start; 38 | }; 39 | }; 40 | 41 | cs: assert \A idx \in 1..N : (idx # self) => (pc[idx] # "cs"); \* critical section 42 | s11: y := 0; 43 | s12: b[self] := FALSE; 44 | } \* end outer while 45 | 46 | } \* end process block 47 | } \* end algorithm 48 | *) 49 | \* BEGIN TRANSLATION 50 | CONSTANT defaultInitValue 51 | VARIABLES x, y, b, pc, j 52 | 53 | vars == << x, y, b, pc, j >> 54 | 55 | ProcSet == (1..N) 56 | 57 | Init == (* Global variables *) 58 | /\ x = defaultInitValue 59 | /\ y = 0 60 | /\ b = [i \in 1..N |-> FALSE] 61 | (* Process Proc *) 62 | /\ j = [self \in 1..N |-> defaultInitValue] 63 | /\ pc = [self \in ProcSet |-> "ncs"] 64 | 65 | ncs(self) == /\ pc[self] = "ncs" 66 | /\ TRUE 67 | /\ pc' = [pc EXCEPT ![self] = "start"] 68 | /\ UNCHANGED << x, y, b, j >> 69 | 70 | start(self) == /\ pc[self] = "start" 71 | /\ b' = [b EXCEPT ![self] = TRUE] 72 | /\ pc' = [pc EXCEPT ![self] = "s01"] 73 | /\ UNCHANGED << x, y, j >> 74 | 75 | s01(self) == /\ pc[self] = "s01" 76 | /\ x' = self 77 | /\ pc' = [pc EXCEPT ![self] = "s02"] 78 | /\ UNCHANGED << y, b, j >> 79 | 80 | s02(self) == /\ pc[self] = "s02" 81 | /\ IF y # 0 82 | THEN /\ pc' = [pc EXCEPT ![self] = "s03"] 83 | ELSE /\ pc' = [pc EXCEPT ![self] = "s05"] 84 | /\ UNCHANGED << x, y, b, j >> 85 | 86 | s03(self) == /\ pc[self] = "s03" 87 | /\ b' = [b EXCEPT ![self] = FALSE] 88 | /\ pc' = [pc EXCEPT ![self] = "s04"] 89 | /\ UNCHANGED << x, y, j >> 90 | 91 | s04(self) == /\ pc[self] = "s04" 92 | /\ y = 0 93 | /\ pc' = [pc EXCEPT ![self] = "start"] 94 | /\ UNCHANGED << x, y, b, j >> 95 | 96 | s05(self) == /\ pc[self] = "s05" 97 | /\ y' = self 98 | /\ pc' = [pc EXCEPT ![self] = "s06"] 99 | /\ UNCHANGED << x, b, j >> 100 | 101 | s06(self) == /\ pc[self] = "s06" 102 | /\ IF x # self 103 | THEN /\ pc' = [pc EXCEPT ![self] = "s07"] 104 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 105 | /\ UNCHANGED << x, y, b, j >> 106 | 107 | s07(self) == /\ pc[self] = "s07" 108 | /\ b' = [b EXCEPT ![self] = FALSE] 109 | /\ j' = [j EXCEPT ![self] = 1] 110 | /\ pc' = [pc EXCEPT ![self] = "s08"] 111 | /\ UNCHANGED << x, y >> 112 | 113 | s08(self) == /\ pc[self] = "s08" 114 | /\ IF j[self] <= N 115 | THEN /\ ~b[j[self]] 116 | /\ j' = [j EXCEPT ![self] = j[self]+1] 117 | /\ pc' = [pc EXCEPT ![self] = "s08"] 118 | ELSE /\ pc' = [pc EXCEPT ![self] = "s09"] 119 | /\ j' = j 120 | /\ UNCHANGED << x, y, b >> 121 | 122 | s09(self) == /\ pc[self] = "s09" 123 | /\ IF y # self 124 | THEN /\ pc' = [pc EXCEPT ![self] = "s10"] 125 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 126 | /\ UNCHANGED << x, y, b, j >> 127 | 128 | s10(self) == /\ pc[self] = "s10" 129 | /\ y = 0 130 | /\ pc' = [pc EXCEPT ![self] = "start"] 131 | /\ UNCHANGED << x, y, b, j >> 132 | 133 | cs(self) == /\ pc[self] = "cs" 134 | /\ Assert(\A idx \in 1..N : (idx # self) => (pc[idx] # "cs"), 135 | "Failure of assertion at line 41, column 14.") 136 | /\ pc' = [pc EXCEPT ![self] = "s11"] 137 | /\ UNCHANGED << x, y, b, j >> 138 | 139 | s11(self) == /\ pc[self] = "s11" 140 | /\ y' = 0 141 | /\ pc' = [pc EXCEPT ![self] = "s12"] 142 | /\ UNCHANGED << x, b, j >> 143 | 144 | s12(self) == /\ pc[self] = "s12" 145 | /\ b' = [b EXCEPT ![self] = FALSE] 146 | /\ pc' = [pc EXCEPT ![self] = "ncs"] 147 | /\ UNCHANGED << x, y, j >> 148 | 149 | Proc(self) == ncs(self) \/ start(self) \/ s01(self) \/ s02(self) 150 | \/ s03(self) \/ s04(self) \/ s05(self) \/ s06(self) 151 | \/ s07(self) \/ s08(self) \/ s09(self) \/ s10(self) 152 | \/ cs(self) \/ s11(self) \/ s12(self) 153 | 154 | Next == (\E self \in 1..N: Proc(self)) 155 | 156 | Spec == Init /\ [][Next]_vars 157 | 158 | \* END TRANSLATION 159 | 160 | =================================================================== 161 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_5/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* CONSTANT definitions 4 | CONSTANT 5 | N <- const_142818515677336000 6 | \* SPECIFICATION definition 7 | SPECIFICATION 8 | spec_142818515678337000 9 | \* Generated on Sat Apr 04 18:05:56 EDT 2015 -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_5/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS FastMutex, TLC 3 | 4 | \* CONSTANT definitions @modelParameterConstants:0N 5 | const_142818515677336000 == 6 | 4 7 | ---- 8 | 9 | \* SPECIFICATION definition @modelBehaviorSpec:0 10 | spec_142818515678337000 == 11 | Spec 12 | ---- 13 | ============================================================================= 14 | \* Modification History 15 | \* Created Sat Apr 04 18:05:56 EDT 2015 by midpeter444 16 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_6/FastMutex.tla: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE FastMutex ------------------------- 2 | EXTENDS Naturals, TLC 3 | CONSTANT N 4 | 5 | (* 6 | --algorithm FastMutex { 7 | variables x, 8 | y = 0, 9 | b = [i \in 1..N |-> FALSE]; 10 | process (Proc \in 1..N) 11 | variable j; 12 | { 13 | ncs: while (TRUE) { 14 | skip; \* the noncritical section 15 | 16 | start: b[self] := TRUE; 17 | s01: x := self; 18 | 19 | s02: if (y # 0) { 20 | s03: b[self] := FALSE; 21 | s04: await y = 0; 22 | goto start; 23 | }; 24 | 25 | s05: y := self; 26 | s06: if (x # self) { 27 | s07: b[self] := FALSE; 28 | j := 1; 29 | 30 | s08: while (j <= N) { 31 | await ~b[j]; 32 | j :=j+2; \* should be j+1 33 | }; 34 | 35 | s09: if (y # self) { 36 | s10: await y = 0; 37 | goto start; 38 | }; 39 | }; 40 | 41 | cs: assert \A idx \in 1..N : (idx # self) => (pc[idx] # "cs"); \* critical section 42 | s11: y := 0; 43 | s12: b[self] := FALSE; 44 | } \* end outer while 45 | 46 | } \* end process block 47 | } \* end algorithm 48 | *) 49 | \* BEGIN TRANSLATION 50 | CONSTANT defaultInitValue 51 | VARIABLES x, y, b, pc, j 52 | 53 | vars == << x, y, b, pc, j >> 54 | 55 | ProcSet == (1..N) 56 | 57 | Init == (* Global variables *) 58 | /\ x = defaultInitValue 59 | /\ y = 0 60 | /\ b = [i \in 1..N |-> FALSE] 61 | (* Process Proc *) 62 | /\ j = [self \in 1..N |-> defaultInitValue] 63 | /\ pc = [self \in ProcSet |-> "ncs"] 64 | 65 | ncs(self) == /\ pc[self] = "ncs" 66 | /\ TRUE 67 | /\ pc' = [pc EXCEPT ![self] = "start"] 68 | /\ UNCHANGED << x, y, b, j >> 69 | 70 | start(self) == /\ pc[self] = "start" 71 | /\ b' = [b EXCEPT ![self] = TRUE] 72 | /\ pc' = [pc EXCEPT ![self] = "s01"] 73 | /\ UNCHANGED << x, y, j >> 74 | 75 | s01(self) == /\ pc[self] = "s01" 76 | /\ x' = self 77 | /\ pc' = [pc EXCEPT ![self] = "s02"] 78 | /\ UNCHANGED << y, b, j >> 79 | 80 | s02(self) == /\ pc[self] = "s02" 81 | /\ IF y # 0 82 | THEN /\ pc' = [pc EXCEPT ![self] = "s03"] 83 | ELSE /\ pc' = [pc EXCEPT ![self] = "s05"] 84 | /\ UNCHANGED << x, y, b, j >> 85 | 86 | s03(self) == /\ pc[self] = "s03" 87 | /\ b' = [b EXCEPT ![self] = FALSE] 88 | /\ pc' = [pc EXCEPT ![self] = "s04"] 89 | /\ UNCHANGED << x, y, j >> 90 | 91 | s04(self) == /\ pc[self] = "s04" 92 | /\ y = 0 93 | /\ pc' = [pc EXCEPT ![self] = "start"] 94 | /\ UNCHANGED << x, y, b, j >> 95 | 96 | s05(self) == /\ pc[self] = "s05" 97 | /\ y' = self 98 | /\ pc' = [pc EXCEPT ![self] = "s06"] 99 | /\ UNCHANGED << x, b, j >> 100 | 101 | s06(self) == /\ pc[self] = "s06" 102 | /\ IF x # self 103 | THEN /\ pc' = [pc EXCEPT ![self] = "s07"] 104 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 105 | /\ UNCHANGED << x, y, b, j >> 106 | 107 | s07(self) == /\ pc[self] = "s07" 108 | /\ b' = [b EXCEPT ![self] = FALSE] 109 | /\ j' = [j EXCEPT ![self] = 1] 110 | /\ pc' = [pc EXCEPT ![self] = "s08"] 111 | /\ UNCHANGED << x, y >> 112 | 113 | s08(self) == /\ pc[self] = "s08" 114 | /\ IF j[self] <= N 115 | THEN /\ ~b[j[self]] 116 | /\ j' = [j EXCEPT ![self] = j[self]+2] 117 | /\ pc' = [pc EXCEPT ![self] = "s08"] 118 | ELSE /\ pc' = [pc EXCEPT ![self] = "s09"] 119 | /\ j' = j 120 | /\ UNCHANGED << x, y, b >> 121 | 122 | s09(self) == /\ pc[self] = "s09" 123 | /\ IF y # self 124 | THEN /\ pc' = [pc EXCEPT ![self] = "s10"] 125 | ELSE /\ pc' = [pc EXCEPT ![self] = "cs"] 126 | /\ UNCHANGED << x, y, b, j >> 127 | 128 | s10(self) == /\ pc[self] = "s10" 129 | /\ y = 0 130 | /\ pc' = [pc EXCEPT ![self] = "start"] 131 | /\ UNCHANGED << x, y, b, j >> 132 | 133 | cs(self) == /\ pc[self] = "cs" 134 | /\ Assert(\A idx \in 1..N : (idx # self) => (pc[idx] # "cs"), 135 | "Failure of assertion at line 41, column 14.") 136 | /\ pc' = [pc EXCEPT ![self] = "s11"] 137 | /\ UNCHANGED << x, y, b, j >> 138 | 139 | s11(self) == /\ pc[self] = "s11" 140 | /\ y' = 0 141 | /\ pc' = [pc EXCEPT ![self] = "s12"] 142 | /\ UNCHANGED << x, b, j >> 143 | 144 | s12(self) == /\ pc[self] = "s12" 145 | /\ b' = [b EXCEPT ![self] = FALSE] 146 | /\ pc' = [pc EXCEPT ![self] = "ncs"] 147 | /\ UNCHANGED << x, y, j >> 148 | 149 | Proc(self) == ncs(self) \/ start(self) \/ s01(self) \/ s02(self) 150 | \/ s03(self) \/ s04(self) \/ s05(self) \/ s06(self) 151 | \/ s07(self) \/ s08(self) \/ s09(self) \/ s10(self) 152 | \/ cs(self) \/ s11(self) \/ s12(self) 153 | 154 | Next == (\E self \in 1..N: Proc(self)) 155 | 156 | Spec == Init /\ [][Next]_vars 157 | 158 | \* END TRANSLATION 159 | 160 | =================================================================== 161 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_6/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* CONSTANT definitions 4 | CONSTANT 5 | N <- const_142818528998540000 6 | \* SPECIFICATION definition 7 | SPECIFICATION 8 | spec_142818528999541000 9 | \* Generated on Sat Apr 04 18:08:09 EDT 2015 -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FM_Model_6/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS FastMutex, TLC 3 | 4 | \* CONSTANT definitions @modelParameterConstants:0N 5 | const_142818528998540000 == 6 | 4 7 | ---- 8 | 9 | \* SPECIFICATION definition @modelBehaviorSpec:0 10 | spec_142818528999541000 == 11 | Spec 12 | ---- 13 | ============================================================================= 14 | \* Modification History 15 | \* Created Sat Apr 04 18:08:09 EDT 2015 by midpeter444 16 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FastMutex.tla.pmap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/quux00/PlusCal-Examples/1369a5c0531e20d476c501ca03a79c08ecf7c868/FastMutex/FastMutex.toolbox/FastMutex.tla.pmap -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FastMutex___FM_Bad_Model_2.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FastMutex___FM_Model_1.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FastMutex___FM_Model_3.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FastMutex___FM_Model_4.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FastMutex___FM_Model_5.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /FastMutex/FastMutex.toolbox/FastMutex___FM_Model_6.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /HourClock/HourClock.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | \* Add statements after this line. 3 | -------------------------------------------------------------------------------- /HourClock/HourClock.old: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE HourClock ------------------------- 2 | EXTENDS Integers, TLC 3 | 4 | (* 5 | --algorithm HourClock { 6 | variables 7 | \* clockHoursSet = {1 .. 12}; 8 | hr \in 1..12; \* hr is a randomly chosen integer in range 1..12 9 | { 10 | while (TRUE) { 11 | hr := (hr % 12) + 1; 12 | print <
>; 13 | \* assert (hr \in Int) /\ (hr > 0) /\ (hr <= 12); 14 | assert (\E n \in 1..12: hr = n); 15 | }; 16 | } \* end master code block 17 | } \* end algorithm 18 | *) 19 | 20 | \* BEGIN TRANSLATION 21 | VARIABLE hr 22 | 23 | vars == << hr >> 24 | 25 | Init == (* Global variables *) 26 | /\ hr \in 1..12 27 | 28 | Next == /\ hr' = (hr % 12) + 1 29 | /\ PrintT(<>) 30 | /\ Assert((hr' \in Int) /\ (hr' > 0) /\ (hr' <= 12), 31 | "Failure of assertion at line 13, column 7.") 32 | /\ Assert((\E n \in 2..13: hr' = n), 33 | "Failure of assertion at line 14, column 7.") 34 | 35 | Spec == Init /\ [][Next]_vars 36 | 37 | \* END TRANSLATION 38 | ================================================================== 39 | -------------------------------------------------------------------------------- /HourClock/HourClock.tla: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE HourClock ------------------------- 2 | EXTENDS Integers, TLC \* Only need Naturals unless doing the assert with "Int" 3 | 4 | \* Based on the HourClock TLA+ example in Ch. 2 of "Specifying Systems" 5 | 6 | (* 7 | --algorithm HourClock { 8 | variables 9 | hr \in 1..12; \* hr is a randomly chosen integer in range 1..12 10 | { 11 | while (TRUE) { 12 | hr := (hr % 12) + 1; 13 | print <
>; 14 | \* assert (hr \in Int) /\ (hr > 0) /\ (hr <= 12); 15 | assert (\E n \in 1..12: hr = n); 16 | }; 17 | } \* end master code block 18 | } \* end algorithm 19 | *) 20 | 21 | \* BEGIN TRANSLATION 22 | VARIABLE hr 23 | 24 | vars == << hr >> 25 | 26 | Init == (* Global variables *) 27 | /\ hr \in 1..12 28 | 29 | Next == /\ hr' = (hr % 12) + 1 30 | /\ PrintT(<>) 31 | /\ Assert((\E n \in 1..12: hr' = n), 32 | "Failure of assertion at line 14, column 7.") 33 | 34 | Spec == Init /\ [][Next]_vars 35 | 36 | \* END TRANSLATION 37 | ================================================================== 38 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | HourClock 4 | 5 | 6 | 7 | 8 | 9 | toolbox.builder.TLAParserBuilder 10 | 11 | 12 | 13 | 14 | toolbox.builder.PCalAlgorithmSearchingBuilder 15 | 16 | 17 | 18 | 19 | 20 | toolbox.natures.TLANature 21 | 22 | 23 | 24 | HourClock.tla 25 | 1 26 | /home/midpeter444/lang/tlaplus/pluscal/HourClock/HourClock.tla 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/.settings/org.lamport.tla.toolbox.prefs: -------------------------------------------------------------------------------- 1 | #Sun Apr 05 09:14:50 EDT 2015 2 | ProjectRootFile=/home/midpeter444/lang/tlaplus/pluscal/HourClock/HourClock.tla 3 | ProjectToolboxDirSize=4 4 | eclipse.preferences.version=1 5 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HR_Model_1/HourClock.tla: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE HourClock ------------------------- 2 | EXTENDS Naturals, TLC 3 | 4 | (* 5 | --algorithm HourClock { 6 | variables hr = 0, clockHours = {1 ..12}; 7 | { 8 | hr := 0; \* TODO: how tell it to randomly choose a value in clockHours? 9 | while (TRUE) { 10 | hr := (hr % 12) + 1; 11 | print <
>; 12 | assert (hr \in clockHours); 13 | }; 14 | } \* end master code block 15 | } \* end algorithm 16 | *) 17 | 18 | \* BEGIN TRANSLATION 19 | VARIABLES hr, clockHours, pc 20 | 21 | vars == << hr, clockHours, pc >> 22 | 23 | Init == (* Global variables *) 24 | /\ hr = 0 25 | /\ clockHours = {1 ..12} 26 | /\ pc = "Lbl_1" 27 | 28 | Lbl_1 == /\ pc = "Lbl_1" 29 | /\ hr' = 0 30 | /\ pc' = "Lbl_2" 31 | /\ UNCHANGED clockHours 32 | 33 | Lbl_2 == /\ pc = "Lbl_2" 34 | /\ hr' = (hr % 12) + 1 35 | /\ PrintT(<>) 36 | /\ Assert((hr' \in clockHours), 37 | "Failure of assertion at line 12, column 7.") 38 | /\ pc' = "Lbl_2" 39 | /\ UNCHANGED clockHours 40 | 41 | Next == Lbl_1 \/ Lbl_2 42 | \/ (* Disjunct to prevent deadlock on termination *) 43 | (pc = "Done" /\ UNCHANGED vars) 44 | 45 | Spec == Init /\ [][Next]_vars 46 | 47 | Termination == <>(pc = "Done") 48 | 49 | \* END TRANSLATION 50 | ================================================================== 51 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HR_Model_1/MC.cfg: -------------------------------------------------------------------------------- 1 | \* INIT definition 2 | INIT 3 | init_142824570021766000 4 | \* NEXT definition 5 | NEXT 6 | next_142824570022767000 7 | \* Generated on Sun Apr 05 10:55:00 EDT 2015 -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HR_Model_1/MC.out: -------------------------------------------------------------------------------- 1 | @!@!@STARTMSG 2262:0 @!@!@ 2 | TLC2 Version 2.05 of 23 July 2013 3 | @!@!@ENDMSG 2262 @!@!@ 4 | @!@!@STARTMSG 2187:0 @!@!@ 5 | Running in Model-Checking mode. 6 | @!@!@ENDMSG 2187 @!@!@ 7 | @!@!@STARTMSG 2220:0 @!@!@ 8 | Starting SANY... 9 | @!@!@ENDMSG 2220 @!@!@ 10 | Parsing file MC.tla 11 | Parsing file HourClock.tla 12 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/TLC.tla 13 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Naturals.tla 14 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Sequences.tla 15 | Semantic processing of module Naturals 16 | Semantic processing of module Sequences 17 | Semantic processing of module TLC 18 | Semantic processing of module HourClock 19 | Semantic processing of module MC 20 | @!@!@STARTMSG 2219:0 @!@!@ 21 | SANY finished. 22 | @!@!@ENDMSG 2219 @!@!@ 23 | @!@!@STARTMSG 2185:0 @!@!@ 24 | Starting... (2015-04-05 10:55:00) 25 | @!@!@ENDMSG 2185 @!@!@ 26 | @!@!@STARTMSG 2189:0 @!@!@ 27 | Computing initial states... 28 | @!@!@ENDMSG 2189 @!@!@ 29 | @!@!@STARTMSG 2190:0 @!@!@ 30 | Finished computing initial states: 0 distinct states generated. 31 | @!@!@ENDMSG 2190 @!@!@ 32 | @!@!@STARTMSG 2193:0 @!@!@ 33 | Model checking completed. No error has been found. 34 | Estimates of the probability that TLC did not check all reachable states 35 | because two distinct states had the same fingerprint: 36 | calculated (optimistic): val = 0.0 37 | based on the actual fingerprints: val = 1.1E-19 38 | @!@!@ENDMSG 2193 @!@!@ 39 | @!@!@STARTMSG 2200:0 @!@!@ 40 | Progress(0) at 2015-04-05 10:55:00: 0 states generated (0 s/min), 0 distinct states found (0 ds/min), 0 states left on queue. 41 | @!@!@ENDMSG 2200 @!@!@ 42 | @!@!@STARTMSG 2199:0 @!@!@ 43 | 0 states generated, 0 distinct states found, 0 states left on queue. 44 | @!@!@ENDMSG 2199 @!@!@ 45 | @!@!@STARTMSG 2194:0 @!@!@ 46 | The depth of the complete state graph search is 0. 47 | @!@!@ENDMSG 2194 @!@!@ 48 | @!@!@STARTMSG 2186:0 @!@!@ 49 | Finished. (2015-04-05 10:55:00) 50 | @!@!@ENDMSG 2186 @!@!@ 51 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HR_Model_1/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS HourClock, TLC 3 | 4 | \* INIT definition @modelBehaviorNoSpec:0 5 | init_142824570021766000 == 6 | FALSE/\hr = 0 7 | ---- 8 | \* NEXT definition @modelBehaviorNoSpec:0 9 | next_142824570022767000 == 10 | FALSE/\hr' = hr 11 | ---- 12 | ============================================================================= 13 | \* Modification History 14 | \* Created Sun Apr 05 10:55:00 EDT 2015 by midpeter444 15 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HR_Model_1/MC_TE.out: -------------------------------------------------------------------------------- 1 | @!@!@STARTMSG 2262:0 @!@!@ 2 | TLC2 Version 2.05 of 23 July 2013 3 | @!@!@ENDMSG 2262 @!@!@ 4 | @!@!@STARTMSG 2187:0 @!@!@ 5 | Running in Model-Checking mode. 6 | @!@!@ENDMSG 2187 @!@!@ 7 | @!@!@STARTMSG 2220:0 @!@!@ 8 | Starting SANY... 9 | @!@!@ENDMSG 2220 @!@!@ 10 | Parsing file MC.tla 11 | Parsing file HourClock.tla 12 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/TLC.tla 13 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Naturals.tla 14 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Sequences.tla 15 | Semantic processing of module Naturals 16 | Semantic processing of module Sequences 17 | Semantic processing of module TLC 18 | Semantic processing of module HourClock 19 | Semantic processing of module MC 20 | @!@!@STARTMSG 2219:0 @!@!@ 21 | SANY finished. 22 | @!@!@ENDMSG 2219 @!@!@ 23 | @!@!@STARTMSG 2185:0 @!@!@ 24 | Starting... (2015-04-05 10:55:00) 25 | @!@!@ENDMSG 2185 @!@!@ 26 | @!@!@STARTMSG 2189:0 @!@!@ 27 | Computing initial states... 28 | @!@!@ENDMSG 2189 @!@!@ 29 | @!@!@STARTMSG 2190:0 @!@!@ 30 | Finished computing initial states: 0 distinct states generated. 31 | @!@!@ENDMSG 2190 @!@!@ 32 | @!@!@STARTMSG 2193:0 @!@!@ 33 | Model checking completed. No error has been found. 34 | Estimates of the probability that TLC did not check all reachable states 35 | because two distinct states had the same fingerprint: 36 | calculated (optimistic): val = 0.0 37 | based on the actual fingerprints: val = 1.1E-19 38 | @!@!@ENDMSG 2193 @!@!@ 39 | @!@!@STARTMSG 2200:0 @!@!@ 40 | Progress(0) at 2015-04-05 10:55:00: 0 states generated (0 s/min), 0 distinct states found (0 ds/min), 0 states left on queue. 41 | @!@!@ENDMSG 2200 @!@!@ 42 | @!@!@STARTMSG 2199:0 @!@!@ 43 | 0 states generated, 0 distinct states found, 0 states left on queue. 44 | @!@!@ENDMSG 2199 @!@!@ 45 | @!@!@STARTMSG 2194:0 @!@!@ 46 | The depth of the complete state graph search is 0. 47 | @!@!@ENDMSG 2194 @!@!@ 48 | @!@!@STARTMSG 2186:0 @!@!@ 49 | Finished. (2015-04-05 10:55:00) 50 | @!@!@ENDMSG 2186 @!@!@ 51 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HR_Model_2/HourClock.tla: -------------------------------------------------------------------------------- 1 | ----------------------- MODULE HourClock ------------------------- 2 | EXTENDS Integers, TLC 3 | 4 | (* 5 | --algorithm HourClock { 6 | variables 7 | \* clockHoursSet = {1 .. 12}; 8 | hr \in 1..12; \* hr is a randomly chosen integer in range 1..12 9 | { 10 | while (TRUE) { 11 | hr := (hr % 12) + 1; 12 | print <
>; 13 | \* assert (hr \in Int) /\ (hr > 0) /\ (hr <= 12); 14 | assert (\E n \in 1..12: hr = n); 15 | }; 16 | } \* end master code block 17 | } \* end algorithm 18 | *) 19 | 20 | \* BEGIN TRANSLATION 21 | VARIABLE hr 22 | 23 | vars == << hr >> 24 | 25 | Init == (* Global variables *) 26 | /\ hr \in 1..12 27 | 28 | Next == /\ hr' = (hr % 12) + 1 29 | /\ PrintT(<>) 30 | /\ Assert((\E n \in 1..12: hr' = n), 31 | "Failure of assertion at line 14, column 7.") 32 | 33 | Spec == Init /\ [][Next]_vars 34 | 35 | \* END TRANSLATION 36 | ================================================================== 37 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HR_Model_2/MC.cfg: -------------------------------------------------------------------------------- 1 | \* SPECIFICATION definition 2 | SPECIFICATION 3 | spec_142825687964190000 4 | \* Generated on Sun Apr 05 14:01:19 EDT 2015 -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HR_Model_2/MC.out: -------------------------------------------------------------------------------- 1 | @!@!@STARTMSG 2262:0 @!@!@ 2 | TLC2 Version 2.05 of 23 July 2013 3 | @!@!@ENDMSG 2262 @!@!@ 4 | @!@!@STARTMSG 2187:0 @!@!@ 5 | Running in Model-Checking mode. 6 | @!@!@ENDMSG 2187 @!@!@ 7 | @!@!@STARTMSG 2220:0 @!@!@ 8 | Starting SANY... 9 | @!@!@ENDMSG 2220 @!@!@ 10 | Parsing file MC.tla 11 | Parsing file HourClock.tla 12 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/TLC.tla 13 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Integers.tla 14 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Naturals.tla 15 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Sequences.tla 16 | Semantic processing of module Naturals 17 | Semantic processing of module Integers 18 | Semantic processing of module Sequences 19 | Semantic processing of module TLC 20 | Semantic processing of module HourClock 21 | Semantic processing of module MC 22 | @!@!@STARTMSG 2219:0 @!@!@ 23 | SANY finished. 24 | @!@!@ENDMSG 2219 @!@!@ 25 | @!@!@STARTMSG 2185:0 @!@!@ 26 | Starting... (2015-04-05 14:01:19) 27 | @!@!@ENDMSG 2185 @!@!@ 28 | @!@!@STARTMSG 2189:0 @!@!@ 29 | Computing initial states... 30 | @!@!@ENDMSG 2189 @!@!@ 31 | @!@!@STARTMSG 2190:0 @!@!@ 32 | Finished computing initial states: 12 distinct states generated. 33 | @!@!@ENDMSG 2190 @!@!@ 34 | <<2>> 35 | <<3>> 36 | <<5>> 37 | <<6>> 38 | <<9>> 39 | <<10>> 40 | <<11>> 41 | <<12>> 42 | <<1>> 43 | <<4>> 44 | <<8>> 45 | <<7>> 46 | @!@!@STARTMSG 2193:0 @!@!@ 47 | Model checking completed. No error has been found. 48 | Estimates of the probability that TLC did not check all reachable states 49 | because two distinct states had the same fingerprint: 50 | calculated (optimistic): val = 7.8E-18 51 | based on the actual fingerprints: val = 5.1E-18 52 | @!@!@ENDMSG 2193 @!@!@ 53 | @!@!@STARTMSG 2201:0 @!@!@ 54 | The coverage statistics at 2015-04-05 14:01:20 55 | @!@!@ENDMSG 2201 @!@!@ 56 | @!@!@STARTMSG 2221:0 @!@!@ 57 | line 28, col 12 to line 28, col 30 of module HourClock: 12 58 | @!@!@ENDMSG 2221 @!@!@ 59 | @!@!@STARTMSG 2202:0 @!@!@ 60 | End of statistics. 61 | @!@!@ENDMSG 2202 @!@!@ 62 | @!@!@STARTMSG 2200:0 @!@!@ 63 | Progress(1) at 2015-04-05 14:01:20: 24 states generated (11,076 s/min), 12 distinct states found (5,538 ds/min), 0 states left on queue. 64 | @!@!@ENDMSG 2200 @!@!@ 65 | @!@!@STARTMSG 2199:0 @!@!@ 66 | 24 states generated, 12 distinct states found, 0 states left on queue. 67 | @!@!@ENDMSG 2199 @!@!@ 68 | @!@!@STARTMSG 2194:0 @!@!@ 69 | The depth of the complete state graph search is 1. 70 | @!@!@ENDMSG 2194 @!@!@ 71 | @!@!@STARTMSG 2186:0 @!@!@ 72 | Finished. (2015-04-05 14:01:20) 73 | @!@!@ENDMSG 2186 @!@!@ 74 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HR_Model_2/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS HourClock, TLC 3 | 4 | \* SPECIFICATION definition @modelBehaviorSpec:0 5 | spec_142825687964190000 == 6 | Spec 7 | ---- 8 | ============================================================================= 9 | \* Modification History 10 | \* Created Sun Apr 05 14:01:19 EDT 2015 by midpeter444 11 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HR_Model_2/MC_TE.out: -------------------------------------------------------------------------------- 1 | @!@!@STARTMSG 2262:0 @!@!@ 2 | TLC2 Version 2.05 of 23 July 2013 3 | @!@!@ENDMSG 2262 @!@!@ 4 | @!@!@STARTMSG 2187:0 @!@!@ 5 | Running in Model-Checking mode. 6 | @!@!@ENDMSG 2187 @!@!@ 7 | @!@!@STARTMSG 2220:0 @!@!@ 8 | Starting SANY... 9 | @!@!@ENDMSG 2220 @!@!@ 10 | Parsing file MC.tla 11 | Parsing file HourClock.tla 12 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/TLC.tla 13 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Integers.tla 14 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Naturals.tla 15 | Parsing file /home/midpeter444/apps/TLAToolbox-1.4.8/plugins/org.lamport.tlatools_1.0.0.201403132202/tla2sany/StandardModules/Sequences.tla 16 | Semantic processing of module Naturals 17 | Semantic processing of module Integers 18 | Semantic processing of module Sequences 19 | Semantic processing of module TLC 20 | Semantic processing of module HourClock 21 | Semantic processing of module MC 22 | @!@!@STARTMSG 2219:0 @!@!@ 23 | SANY finished. 24 | @!@!@ENDMSG 2219 @!@!@ 25 | @!@!@STARTMSG 2185:0 @!@!@ 26 | Starting... (2015-04-05 14:01:19) 27 | @!@!@ENDMSG 2185 @!@!@ 28 | @!@!@STARTMSG 2189:0 @!@!@ 29 | Computing initial states... 30 | @!@!@ENDMSG 2189 @!@!@ 31 | @!@!@STARTMSG 2190:0 @!@!@ 32 | Finished computing initial states: 12 distinct states generated. 33 | @!@!@ENDMSG 2190 @!@!@ 34 | <<2>> 35 | <<3>> 36 | <<5>> 37 | <<6>> 38 | <<9>> 39 | <<10>> 40 | <<11>> 41 | <<12>> 42 | <<1>> 43 | <<4>> 44 | <<8>> 45 | <<7>> 46 | @!@!@STARTMSG 2193:0 @!@!@ 47 | Model checking completed. No error has been found. 48 | Estimates of the probability that TLC did not check all reachable states 49 | because two distinct states had the same fingerprint: 50 | calculated (optimistic): val = 7.8E-18 51 | based on the actual fingerprints: val = 5.1E-18 52 | @!@!@ENDMSG 2193 @!@!@ 53 | @!@!@STARTMSG 2201:0 @!@!@ 54 | The coverage statistics at 2015-04-05 14:01:20 55 | @!@!@ENDMSG 2201 @!@!@ 56 | @!@!@STARTMSG 2221:0 @!@!@ 57 | line 28, col 12 to line 28, col 30 of module HourClock: 12 58 | @!@!@ENDMSG 2221 @!@!@ 59 | @!@!@STARTMSG 2202:0 @!@!@ 60 | End of statistics. 61 | @!@!@ENDMSG 2202 @!@!@ 62 | @!@!@STARTMSG 2200:0 @!@!@ 63 | Progress(1) at 2015-04-05 14:01:20: 24 states generated (11,076 s/min), 12 distinct states found (5,538 ds/min), 0 states left on queue. 64 | @!@!@ENDMSG 2200 @!@!@ 65 | @!@!@STARTMSG 2199:0 @!@!@ 66 | 24 states generated, 12 distinct states found, 0 states left on queue. 67 | @!@!@ENDMSG 2199 @!@!@ 68 | @!@!@STARTMSG 2194:0 @!@!@ 69 | The depth of the complete state graph search is 1. 70 | @!@!@ENDMSG 2194 @!@!@ 71 | @!@!@STARTMSG 2186:0 @!@!@ 72 | Finished. (2015-04-05 14:01:20) 73 | @!@!@ENDMSG 2186 @!@!@ 74 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HourClock.tla.pmap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/quux00/PlusCal-Examples/1369a5c0531e20d476c501ca03a79c08ecf7c868/HourClock/HourClock.toolbox/HourClock.tla.pmap -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HourClock___HR_Model_1.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /HourClock/HourClock.toolbox/HourClock___HR_Model_2.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /HyperBook/DieHarder/DieHarder.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | \* Add statements after this line. 3 | -------------------------------------------------------------------------------- /HyperBook/DieHarder/DieHarder.old: -------------------------------------------------------------------------------- 1 | --------------------------- MODULE DieHarder ----------------------------- 2 | EXTENDS Integers, TLC 3 | CONSTANTS Goal, Jugs, Capacity 4 | 5 | ASSUME /\ Goal \in Nat 6 | /\ Capacity \in [Jugs -> Nat \ {0}] (***************************************) 7 | (* Capacity is an array with indices *) 8 | (* of type "Jugs" (e.g, string or int) *) 9 | (* and values of "type" positive ints *) 10 | (***************************************) 11 | 12 | 13 | Min(m, n) == IF m < n THEN m ELSE n 14 | 15 | (*************************************************************************** 16 | --algorithm DieHarder { 17 | variables injug = [j \in Jugs |-> 0]; 18 | { 19 | while (TRUE) { 20 | either with (j \in Jugs) { 21 | injug[j] := Capacity[j]; \* fill jug j 22 | 23 | } or with (j \in Jugs) { 24 | injug[j] := 0; \* empty jug j 25 | 26 | } or with (j \in Jugs, k \in Jugs \ {j}) { 27 | \* pour from jug j to jug k 28 | with (poured = Min(injug[j] + injug[k], Capacity[k]) - injug[k]) { 29 | injug[j] := injug[j] - poured || injug[k] := injug[k] + poured; 30 | }; 31 | }; 32 | }; 33 | } 34 | } 35 | 36 | ***************************************************************************) 37 | \* BEGIN TRANSLATION 38 | VARIABLE injug 39 | 40 | vars == << injug >> 41 | 42 | Init == (* Global variables *) 43 | /\ injug = [j \in Jugs |-> 0] 44 | 45 | Next == \/ /\ \E j \in Jugs: 46 | injug' = [injug EXCEPT ![j] = Capacity[j]] 47 | \/ /\ \E j \in Jugs: 48 | injug' = [injug EXCEPT ![j] = 0] 49 | \/ /\ \E j \in Jugs: 50 | \E k \in Jugs \ {j}: 51 | LET poured == Min(injug[j] + injug[k], Capacity[k]) - injug[k] IN 52 | injug' = [injug EXCEPT ![j] = injug[j] - poured, 53 | ![k] = injug[k] + poured] 54 | 55 | Spec == Init /\ [][Next]_vars 56 | 57 | \* END TRANSLATION 58 | ============================================================================ 59 | -------------------------------------------------------------------------------- /HyperBook/DieHarder/DieHarder.tla: -------------------------------------------------------------------------------- 1 | --------------------------- MODULE DieHarder ----------------------------- 2 | EXTENDS Integers, TLC 3 | CONSTANTS Goal, Jugs, Capacity 4 | 5 | ASSUME /\ Goal \in Nat 6 | /\ Capacity \in [Jugs -> Nat \ {0}] (***************************************) 7 | (* Capacity is an array with indices *) 8 | (* of type "Jugs" (e.g, string or int) *) 9 | (* and values of "type" positive ints *) 10 | (***************************************) 11 | 12 | 13 | Min(m, n) == IF m < n THEN m ELSE n 14 | 15 | (*************************************************************************** 16 | --algorithm DieHarder { 17 | variables injug = [j \in Jugs |-> 0]; 18 | { 19 | while (TRUE) { 20 | either with (j \in Jugs) { 21 | injug[j] := Capacity[j]; \* fill jug j 22 | 23 | } or with (j \in Jugs) { 24 | injug[j] := 0; \* empty jug j 25 | 26 | } or with (j \in Jugs, k \in Jugs \ {j}) { 27 | \* pour from jug j to jug k 28 | with (poured = Min(injug[j] + injug[k], Capacity[k]) - injug[k]) { 29 | injug[j] := injug[j] - poured || injug[k] := injug[k] + poured; 30 | }; 31 | }; 32 | }; 33 | } 34 | } 35 | 36 | ***************************************************************************) 37 | \* BEGIN TRANSLATION 38 | VARIABLE injug 39 | 40 | vars == << injug >> 41 | 42 | Init == (* Global variables *) 43 | /\ injug = [j \in Jugs |-> 0] 44 | 45 | Next == \/ /\ \E j \in Jugs: 46 | injug' = [injug EXCEPT ![j] = Capacity[j]] 47 | \/ /\ \E j \in Jugs: 48 | injug' = [injug EXCEPT ![j] = 0] 49 | \/ /\ \E j \in Jugs: 50 | \E k \in Jugs \ {j}: 51 | LET poured == Min(injug[j] + injug[k], Capacity[k]) - injug[k] IN 52 | injug' = [injug EXCEPT ![j] = injug[j] - poured, 53 | ![k] = injug[k] + poured] 54 | 55 | Spec == Init /\ [][Next]_vars 56 | 57 | \* END TRANSLATION 58 | ============================================================================ 59 | -------------------------------------------------------------------------------- /HyperBook/TickTock/TickTock.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | \* Add statements after this line. 3 | -------------------------------------------------------------------------------- /HyperBook/TickTock/TickTock.old: -------------------------------------------------------------------------------- 1 | --------------------------- MODULE TickTock ----------------------------- 2 | EXTENDS Integers, Sequences, TLC 3 | 4 | Put(s) == Append(s, "widget") 5 | Get(s) == Tail(s) 6 | 7 | (*************************************************************** 8 | --algorithm Alternate { 9 | variable b = 0, box = << >>; 10 | 11 | process (Producer = 0) { 12 | t0: while (TRUE) { 13 | await b = 0; 14 | box := Put(box); 15 | b := 1 16 | } 17 | } 18 | 19 | process (Consumer = 1) { 20 | t1: while (TRUE) { 21 | await b = 1; 22 | box := Get(box); 23 | b := 0 24 | } 25 | } 26 | } 27 | ***************************************************************) 28 | \* BEGIN TRANSLATION 29 | VARIABLES b, box 30 | 31 | vars == << b, box >> 32 | 33 | ProcSet == {0} \cup {1} 34 | 35 | Init == (* Global variables *) 36 | /\ b = 0 37 | /\ box = << >> 38 | 39 | Producer == /\ b = 0 40 | /\ box' = Put(box) 41 | /\ b' = 1 42 | 43 | Consumer == /\ b = 1 44 | /\ box' = Get(box) 45 | /\ b' = 0 46 | 47 | Next == Producer \/ Consumer 48 | 49 | Spec == /\ Init /\ [][Next]_vars 50 | /\ WF_vars(Producer) 51 | 52 | \* END TRANSLATION 53 | ======================================================================== 54 | -------------------------------------------------------------------------------- /HyperBook/TickTock/TickTock.tla: -------------------------------------------------------------------------------- 1 | --------------------------- MODULE TickTock ----------------------------- 2 | EXTENDS Integers, Sequences, TLC 3 | 4 | Put(s) == Append(s, "widget") 5 | Get(s) == Tail(s) 6 | 7 | (*************************************************************** 8 | --algorithm Alternate { 9 | variable b = 0, box = << >>; 10 | 11 | process (Producer = 0) { 12 | t0: while (TRUE) { 13 | await b = 0; 14 | box := Put(box); 15 | b := 1 16 | } 17 | } 18 | 19 | process (Consumer = 1) { 20 | t1: while (TRUE) { 21 | await b = 1; 22 | box := Get(box); 23 | b := 0 24 | } 25 | } 26 | } 27 | ***************************************************************) 28 | \* BEGIN TRANSLATION 29 | VARIABLES b, box 30 | 31 | vars == << b, box >> 32 | 33 | ProcSet == {0} \cup {1} 34 | 35 | Init == (* Global variables *) 36 | /\ b = 0 37 | /\ box = << >> 38 | 39 | Producer == /\ b = 0 40 | /\ box' = Put(box) 41 | /\ b' = 1 42 | 43 | Consumer == /\ b = 1 44 | /\ box' = Get(box) 45 | /\ b' = 0 46 | 47 | Next == Producer \/ Consumer 48 | 49 | Spec == Init /\ [][Next]_vars 50 | 51 | \* END TRANSLATION 52 | ======================================================================== 53 | -------------------------------------------------------------------------------- /HyperClock/HyperClock.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | \* Add statements after this line. 3 | -------------------------------------------------------------------------------- /HyperClock/HyperClock.old: -------------------------------------------------------------------------------- 1 | ----------------------------- MODULE HyperClock ----------------------------- 2 | EXTENDS Integers 3 | 4 | (* 5 | --algorithm Clock { 6 | variable b \in {0,1}; 7 | { 8 | while (TRUE) { 9 | b := (b+1) % 2; 10 | } 11 | } 12 | } 13 | *) 14 | \* BEGIN TRANSLATION 15 | VARIABLE b 16 | 17 | vars == << b >> 18 | 19 | Init == (* Global variables *) 20 | /\ b \in {0,1} 21 | 22 | Next == b' = (b+1) % 2 23 | 24 | Spec == Init /\ [][Next]_vars 25 | 26 | \* END TRANSLATION 27 | ============================================================================= 28 | 29 | -------------------------------------------------------------------------------- /HyperClock/HyperClock.tla: -------------------------------------------------------------------------------- 1 | ----------------------------- MODULE HyperClock ----------------------------- 2 | EXTENDS Integers 3 | 4 | (* 5 | --algorithm Clock { 6 | variable b \in {0,1}; 7 | { 8 | while (TRUE) { 9 | b := (b+1) % 2; 10 | } 11 | } 12 | } 13 | *) 14 | \* BEGIN TRANSLATION 15 | VARIABLE b 16 | 17 | vars == << b >> 18 | 19 | Init == (* Global variables *) 20 | /\ b \in {0,1} 21 | 22 | Next == b' = (b+1) % 2 23 | 24 | Spec == Init /\ [][Next]_vars 25 | 26 | \* END TRANSLATION 27 | ============================================================================= 28 | 29 | -------------------------------------------------------------------------------- /HyperDieHard/HyperDieHard.tla: -------------------------------------------------------------------------------- 1 | ----------------------------- MODULE HyperDieHard ----------------------------- 2 | EXTENDS Integers 3 | VARIABLE big, small 4 | 5 | TypeOK == /\ big \in 0..5 6 | /\ small \in 0..3 7 | 8 | 9 | Init == /\ big = 0 10 | /\ small = 0 11 | 12 | FillSmall == /\ small' = 3 13 | /\ big' = big 14 | 15 | FillBig == /\ small' = small 16 | /\ big' = 5 17 | 18 | EmptySmall == /\ small' = 0 19 | /\ big' = big 20 | 21 | 22 | EmptyBig == /\ small' = small 23 | /\ big' = 0 24 | 25 | Min(m, n) == IF m < n THEN m ELSE n 26 | 27 | SmallToBig == LET poured == Min(big+small, 5) - big 28 | IN /\ big' = big + poured 29 | /\ small' = small - poured 30 | 31 | 32 | BigToSmall == LET poured == Min(big+small, 3) - small 33 | IN /\ big' = big - poured 34 | /\ small' = small + poured 35 | 36 | 37 | Next == \/ FillSmall 38 | \/ FillBig 39 | \/ EmptySmall 40 | \/ EmptyBig 41 | \/ SmallToBig 42 | \/ BigToSmall 43 | 44 | 45 | ============================================================================= 46 | 47 | -------------------------------------------------------------------------------- /HyperDieHard/PCalDieHard.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | \* Add statements after this line. 3 | -------------------------------------------------------------------------------- /HyperDieHard/PCalDieHard.old: -------------------------------------------------------------------------------- 1 | ----------------------------- MODULE PCalDieHard ----------------------------- 2 | EXTENDS Integers, TLC 3 | 4 | Min(m, n) == IF m < n THEN m ELSE n 5 | 6 | (* 7 | --algorithm DieHard { 8 | variables big = 0, small = 0; 9 | 10 | { 11 | while (TRUE) { 12 | assert big \in 0..5; 13 | assert small \in 0..3; 14 | 15 | either big := 5 \* fill the big jug 16 | or small := 3 \* fill the small jug 17 | or big := 0 \* empty the big jug 18 | or small := 0 \* empty the small jug 19 | or \* pour from small to big 20 | with (poured = Min(big + small, 5) - big) { 21 | big := big + poured ; 22 | small := small - poured; 23 | } 24 | or \* pour from big to small 25 | with (poured = Min(big + small, 3) - small) { 26 | big := big - poured ; 27 | small := small + poured; 28 | } 29 | } 30 | } 31 | } 32 | *) 33 | \* BEGIN TRANSLATION 34 | VARIABLES big, small 35 | 36 | vars == << big, small >> 37 | 38 | Init == (* Global variables *) 39 | /\ big = 0 40 | /\ small = 0 41 | 42 | Next == /\ Assert(big \in 0..5, "Failure of assertion at line 12, column 7.") 43 | /\ Assert(small \in 0..3, 44 | "Failure of assertion at line 13, column 7.") 45 | /\ \/ /\ big' = 5 46 | /\ small' = small 47 | \/ /\ small' = 3 48 | /\ big' = big 49 | \/ /\ big' = 0 50 | /\ small' = small 51 | \/ /\ small' = 0 52 | /\ big' = big 53 | \/ /\ LET poured == Min(big + small, 5) - big IN 54 | /\ big' = big + poured 55 | /\ small' = small - poured 56 | \/ /\ LET poured == Min(big + small, 3) - small IN 57 | /\ big' = big - poured 58 | /\ small' = small + poured 59 | 60 | Spec == Init /\ [][Next]_vars 61 | 62 | \* END TRANSLATION 63 | ============================================================================= 64 | -------------------------------------------------------------------------------- /HyperDieHard/PCalDieHard.tla: -------------------------------------------------------------------------------- 1 | ----------------------------- MODULE PCalDieHard ----------------------------- 2 | EXTENDS Integers, TLC 3 | 4 | Min(m, n) == IF m < n THEN m ELSE n 5 | 6 | (* 7 | --algorithm DieHard { 8 | variables big = 0, small = 0; 9 | 10 | { 11 | while (TRUE) { 12 | assert big \in 0..5; 13 | assert small \in 0..3; 14 | 15 | either big := 5 \* fill the big jug 16 | or small := 3 \* fill the small jug 17 | or big := 0 \* empty the big jug 18 | or small := 0 \* empty the small jug 19 | or \* pour from small to big 20 | with (poured = Min(big + small, 5) - big) { 21 | big := big + poured ; 22 | small := small - poured; 23 | } 24 | or \* pour from big to small 25 | with (poured = Min(big + small, 3) - small) { 26 | big := big - poured ; 27 | small := small + poured; 28 | } 29 | } 30 | } 31 | } 32 | *) 33 | \* BEGIN TRANSLATION 34 | VARIABLES big, small 35 | 36 | vars == << big, small >> 37 | 38 | Init == (* Global variables *) 39 | /\ big = 0 40 | /\ small = 0 41 | 42 | Next == /\ Assert(big \in 0..5, "Failure of assertion at line 12, column 7.") 43 | /\ Assert(small \in 0..3, 44 | "Failure of assertion at line 13, column 7.") 45 | /\ \/ /\ big' = 5 46 | /\ small' = small 47 | \/ /\ small' = 3 48 | /\ big' = big 49 | \/ /\ big' = 0 50 | /\ small' = small 51 | \/ /\ small' = 0 52 | /\ big' = big 53 | \/ /\ LET poured == Min(big + small, 5) - big IN 54 | /\ big' = big + poured 55 | /\ small' = small - poured 56 | \/ /\ LET poured == Min(big + small, 3) - small IN 57 | /\ big' = big - poured 58 | /\ small' = small + poured 59 | 60 | Spec == Init /\ [][Next]_vars 61 | 62 | \* END TRANSLATION 63 | ============================================================================= 64 | -------------------------------------------------------------------------------- /HyperEuclid/HyperEuclid.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | \* Add statements after this line. 3 | -------------------------------------------------------------------------------- /HyperEuclid/HyperEuclid.old: -------------------------------------------------------------------------------- 1 | --------------------------- MODULE HyperEuclid ----------------------------- 2 | EXTENDS Integers, GCD, TLC 3 | CONSTANTS M, N 4 | 5 | ASSUME /\ M \in Nat \ {0} 6 | /\ N \in Nat \ {0} 7 | 8 | (*************************************************************************** 9 | --fair algorithm HyperEuclid { 10 | variables x \in 1..M, y \in 1..N, 11 | x0 = x, y0 = y; 12 | { 13 | while (x # y) { 14 | if (x < y) { 15 | y := y - x; 16 | } else { 17 | x := x - y; 18 | } 19 | }; 20 | assert (x = y) /\ (x = GCD(x0,y0)); 21 | } 22 | } 23 | 24 | ***************************************************************************) 25 | \* BEGIN TRANSLATION 26 | VARIABLES x, y, x0, y0, pc 27 | 28 | vars == << x, y, x0, y0, pc >> 29 | 30 | Init == (* Global variables *) 31 | /\ x \in 1..M 32 | /\ y \in 1..N 33 | /\ x0 = x 34 | /\ y0 = y 35 | /\ pc = "Lbl_1" 36 | 37 | Lbl_1 == /\ pc = "Lbl_1" 38 | /\ IF x # y 39 | THEN /\ IF x < y 40 | THEN /\ y' = y - x 41 | /\ x' = x 42 | ELSE /\ x' = x - y 43 | /\ y' = y 44 | /\ pc' = "Lbl_1" 45 | ELSE /\ Assert((x = y) /\ (x = GCD(x0,y0)), 46 | "Failure of assertion at line 20, column 5.") 47 | /\ pc' = "Done" 48 | /\ UNCHANGED << x, y >> 49 | /\ UNCHANGED << x0, y0 >> 50 | 51 | Next == Lbl_1 52 | \/ (* Disjunct to prevent deadlock on termination *) 53 | (pc = "Done" /\ UNCHANGED vars) 54 | 55 | Spec == /\ Init /\ [][Next]_vars 56 | /\ WF_vars(Next) 57 | 58 | Termination == <>(pc = "Done") 59 | 60 | \* END TRANSLATION 61 | 62 | ---------------------------------------------------------------------------- 63 | 64 | PartialCorrectness == (pc = "Done") => (x = y) /\ (x = GCD(M,N)) 65 | 66 | ============================================================================ 67 | -------------------------------------------------------------------------------- /HyperEuclid/HyperEuclid.tla: -------------------------------------------------------------------------------- 1 | --------------------------- MODULE HyperEuclid ----------------------------- 2 | EXTENDS Integers, GCD, TLC 3 | CONSTANTS M, N 4 | 5 | ASSUME /\ M \in Nat \ {0} 6 | /\ N \in Nat \ {0} 7 | 8 | (*************************************************************************** 9 | --fair algorithm HyperEuclid { 10 | variables x \in 1..M, y \in 1..N, 11 | x0 = x, y0 = y; 12 | { 13 | while (x # y) { 14 | if (x < y) { 15 | y := y - x; 16 | } else { 17 | x := x - y; 18 | } 19 | }; 20 | assert (x = y) /\ (x = GCD(x0,y0)); 21 | } 22 | } 23 | 24 | ***************************************************************************) 25 | \* BEGIN TRANSLATION 26 | VARIABLES x, y, x0, y0, pc 27 | 28 | vars == << x, y, x0, y0, pc >> 29 | 30 | Init == (* Global variables *) 31 | /\ x \in 1..M 32 | /\ y \in 1..N 33 | /\ x0 = x 34 | /\ y0 = y 35 | /\ pc = "Lbl_1" 36 | 37 | Lbl_1 == /\ pc = "Lbl_1" 38 | /\ IF x # y 39 | THEN /\ IF x < y 40 | THEN /\ y' = y - x 41 | /\ x' = x 42 | ELSE /\ x' = x - y 43 | /\ y' = y 44 | /\ pc' = "Lbl_1" 45 | ELSE /\ Assert((x = y) /\ (x = GCD(x0,y0)), 46 | "Failure of assertion at line 20, column 5.") 47 | /\ pc' = "Done" 48 | /\ UNCHANGED << x, y >> 49 | /\ UNCHANGED << x0, y0 >> 50 | 51 | Next == Lbl_1 52 | \/ (* Disjunct to prevent deadlock on termination *) 53 | (pc = "Done" /\ UNCHANGED vars) 54 | 55 | Spec == /\ Init /\ [][Next]_vars 56 | /\ WF_vars(Next) 57 | 58 | Termination == <>(pc = "Done") 59 | 60 | \* END TRANSLATION 61 | 62 | ---------------------------------------------------------------------------- 63 | 64 | PartialCorrectness == (pc = "Done") => (x = y) /\ (x = GCD(M,N)) 65 | 66 | ============================================================================ 67 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | 3 | These are examples of algorithms written in PlusCal, the algorithm language for Leslie 4 | Lamport's TLA+ algorithm specification system. 5 | 6 | These have been created in the TLA+ Toolbox, so most of the files are supporting files 7 | for running in the Toolbox and using the TLC algorithm verification checker. 8 | 9 | The important (non-auto-generated) files for review are those that end in `.tla`, such 10 | as `Euclid/Euclid.tla` and `HourClock/HourClock.tla`. 11 | 12 | I've written the part above the line `\* BEGIN TRANSLATION` and the PlusCal code falls 13 | between the `(*` and `*)` comment markers, starting with the `--algorithm XXX` indicator. 14 | -------------------------------------------------------------------------------- /TE4/TE4.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* Add statements after this line. 4 | -------------------------------------------------------------------------------- /TE4/TE4.play: -------------------------------------------------------------------------------- 1 | -------------------------- MODULE TE4 --------------------------- 2 | EXTENDS Integers, Sequences, TLC 3 | CONSTANT Msg 4 | 5 | (******************************************************) 6 | (* Translation Engine 4 Algorithm Abstraction *) 7 | (******************************************************) 8 | 9 | Remove(i, seq) == [j \in 1..(Len(seq)-1) |-> IF j < i THEN seq[j] ELSE seq[j+1]] 10 | 11 | (* 12 | --algorithm TE4 { 13 | variables 14 | msgid = 0, 15 | source = <<>>, \* starting source of messages 16 | sentUnacked = <<>>, ackChan = <<>>, sentAcked = <<>>, 17 | ringBuffer = <<>>, 18 | receivedUnacked = <<>>, 19 | sink = <<>>; \* final desitination 20 | 21 | macro SendOne(from, to) { 22 | chan := Append(chan, m); 23 | } 24 | 25 | (* 26 | macro CopyAll(from, to) { 27 | 28 | } 29 | *) 30 | 31 | process (JMSSource = "jmsSource") { 32 | js1: while (TRUE) { 33 | either with (msg \in Msg) { 34 | uid := uid + 1; 35 | source := Append(source, ); 36 | } or { 37 | await Len(source) > 0; 38 | inmsg := Head(source); 39 | source := Tail(source); 40 | sentUnacked := Append(sentUnacked, inmsg); 41 | }; 42 | } 43 | }; \* end process JMSSource 44 | } 45 | *) 46 | \* BEGIN TRANSLATION 47 | 48 | \* END TRANSLATION 49 | 50 | ================================================================= 51 | -------------------------------------------------------------------------------- /TE42/TE42.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* Add statements after this line. 4 | -------------------------------------------------------------------------------- /TE42/TE42.old: -------------------------------------------------------------------------------- 1 | ------------------------------- MODULE TE42 -------------------------------- 2 | EXTENDS Integers, Sequences, TLC 3 | CONSTANTS RingBufSz 4 | ASSUME RingBufSz \in Int 5 | 6 | (******************************************************) 7 | (* Translation Engine 4 Algorithm Abstraction *) 8 | (* with no batching *) 9 | (******************************************************) 10 | 11 | (*************************************************************************** 12 | --algorithm TE42 { 13 | variables 14 | source = << >>, \* starting source of messages 15 | sentUnacked = << >>, \* msgs sent from JMS -> Inbounder, but unacked 16 | ackChan = << >>, \* acks from Outbounder -> JMS, ack vals == uid 17 | sentAcked = << >>, \* msgs sent from JMS -> Inbounder and acked by Outbounder 18 | ringBuffer = << >>, \* RingBuffer is modeled as a simple FIFO 19 | sink = << >>; \* final sink of messages 20 | 21 | 22 | \* transfer one entry on `from` seq to both `to1` and `to2` seqs 23 | macro DuplexTransferOne(from, to1, to2) { 24 | to1 := Append(to1, Head(from)); 25 | to2 := Append(to2, Head(from)); 26 | from := Tail(from); 27 | } 28 | 29 | macro TransferOne(from, to) { 30 | to := Append(to, Head(from)); 31 | from := Tail(from); 32 | } 33 | 34 | \* macro PeekLast(seq, val) { 35 | \* val := seq[Len(seq)] 36 | \* } 37 | 38 | (*--------------------*) 39 | (*---- JMS Source ----*) 40 | (*--------------------*) 41 | process (JMSSource = "jmsSource") \* TODO: there can be multiples of these 42 | variables uid = 1, inmsg, ack, lastAcked; 43 | { 44 | js1: while (TRUE) { 45 | either { 46 | (* Receive good data messages *) 47 | source := Append(source, uid); 48 | uid := uid + 1; 49 | 50 | } or { 51 | await Len(ackChan) > 0; 52 | ack := Head(ackChan); 53 | ackChan := Tail(ackChan); 54 | inmsg := Head(sentUnacked); 55 | assert ack = inmsg; 56 | 57 | if (Len(sentAcked) > 0) { 58 | lastAcked := sentAcked[Len(sentAcked)]; 59 | print <>; 60 | assert lastAcked # ack; 61 | }; 62 | \* <<<<10, 11, 12, 13>>, "ackChan|sentAcked", <<1, 2, 3, 4, 5, 6, 7, 8, 9>>>> 63 | 64 | TransferOne(sentUnacked, sentAcked); 65 | }; 66 | }; 67 | }; 68 | 69 | (*-------------------*) 70 | (*---- Inbounder ----*) 71 | (*-------------------*) 72 | process (Inbounder = "inbounder") 73 | { 74 | ib1: while (TRUE) { 75 | await (Len(source) > 0 /\ (Len(ringBuffer) < RingBufSz)); 76 | DuplexTransferOne(source, sentUnacked, ringBuffer); 77 | }; 78 | } 79 | 80 | 81 | (*--------------------*) 82 | (*---- Outbounder ----*) 83 | (*--------------------*) 84 | process (Outbounder = "outbounder") 85 | variables event = -1; 86 | { 87 | ob1: while (TRUE) { 88 | await Len(ringBuffer) > 0; 89 | event := Head(ringBuffer); 90 | TransferOne(ringBuffer, sink); 91 | ackChan := Append(ackChan, event); 92 | assert \A i \in 1..Len(sink) : (sink[i] = i); 93 | 94 | if (Len(ringBuffer) > 8) { 95 | print <>; 96 | }; 97 | }; 98 | } 99 | } 100 | 101 | ***************************************************************************) 102 | \* BEGIN TRANSLATION 103 | CONSTANT defaultInitValue 104 | VARIABLES source, sentUnacked, ackChan, sentAcked, ringBuffer, sink, uid, 105 | inmsg, ack, lastAcked, event 106 | 107 | vars == << source, sentUnacked, ackChan, sentAcked, ringBuffer, sink, uid, 108 | inmsg, ack, lastAcked, event >> 109 | 110 | ProcSet == {"jmsSource"} \cup {"inbounder"} \cup {"outbounder"} 111 | 112 | Init == (* Global variables *) 113 | /\ source = << >> 114 | /\ sentUnacked = << >> 115 | /\ ackChan = << >> 116 | /\ sentAcked = << >> 117 | /\ ringBuffer = << >> 118 | /\ sink = << >> 119 | (* Process JMSSource *) 120 | /\ uid = 1 121 | /\ inmsg = defaultInitValue 122 | /\ ack = defaultInitValue 123 | /\ lastAcked = defaultInitValue 124 | (* Process Outbounder *) 125 | /\ event = -1 126 | 127 | JMSSource == /\ \/ /\ source' = Append(source, uid) 128 | /\ uid' = uid + 1 129 | /\ UNCHANGED <> 130 | \/ /\ Len(ackChan) > 0 131 | /\ ack' = Head(ackChan) 132 | /\ ackChan' = Tail(ackChan) 133 | /\ inmsg' = Head(sentUnacked) 134 | /\ Assert(ack' = inmsg', 135 | "Failure of assertion at line 55, column 13.") 136 | /\ IF Len(sentAcked) > 0 137 | THEN /\ lastAcked' = seq[Len(seq)] 138 | /\ PrintT(<>) 139 | /\ Assert(lastAcked' # ack', 140 | "Failure of assertion at line 60, column 15.") 141 | ELSE /\ TRUE 142 | /\ UNCHANGED lastAcked 143 | /\ sentAcked' = Append(sentAcked, Head(sentUnacked)) 144 | /\ sentUnacked' = Tail(sentUnacked) 145 | /\ UNCHANGED <> 146 | /\ UNCHANGED << ringBuffer, sink, event >> 147 | 148 | Inbounder == /\ (Len(source) > 0 /\ (Len(ringBuffer) < RingBufSz)) 149 | /\ sentUnacked' = Append(sentUnacked, Head(source)) 150 | /\ ringBuffer' = Append(ringBuffer, Head(source)) 151 | /\ source' = Tail(source) 152 | /\ UNCHANGED << ackChan, sentAcked, sink, uid, inmsg, ack, 153 | lastAcked, event >> 154 | 155 | Outbounder == /\ Len(ringBuffer) > 0 156 | /\ event' = Head(ringBuffer) 157 | /\ sink' = Append(sink, Head(ringBuffer)) 158 | /\ ringBuffer' = Tail(ringBuffer) 159 | /\ ackChan' = Append(ackChan, event') 160 | /\ Assert(\A i \in 1..Len(sink') : (sink'[i] = i), 161 | "Failure of assertion at line 92, column 11.") 162 | /\ IF Len(ringBuffer') > 8 163 | THEN /\ PrintT(<>) 164 | ELSE /\ TRUE 165 | /\ UNCHANGED << source, sentUnacked, sentAcked, uid, inmsg, ack, 166 | lastAcked >> 167 | 168 | Next == JMSSource \/ Inbounder \/ Outbounder 169 | 170 | Spec == Init /\ [][Next]_vars 171 | 172 | \* END TRANSLATION 173 | 174 | ============================================================================ 175 | -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.cfg: -------------------------------------------------------------------------------- 1 | SPECIFICATION Spec 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* Add statements after this line. 4 | -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.toolbox/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | TwoPhaseCommit 4 | 5 | 6 | 7 | 8 | 9 | toolbox.builder.TLAParserBuilder 10 | 11 | 12 | 13 | 14 | toolbox.builder.PCalAlgorithmSearchingBuilder 15 | 16 | 17 | 18 | 19 | 20 | toolbox.natures.TLANature 21 | 22 | 23 | 24 | TwoPhaseCommit.tla 25 | 1 26 | /home/midpeter444/lang/tlaplus/pluscal/TwoPhaseCommit/TwoPhaseCommit.tla 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.toolbox/.settings/org.lamport.tla.toolbox.prefs: -------------------------------------------------------------------------------- 1 | #Sat Apr 04 18:20:12 EDT 2015 2 | ProjectRootFile=/home/midpeter444/lang/tlaplus/pluscal/TwoPhaseCommit/TwoPhaseCommit.tla 3 | ProjectToolboxDirSize=4 4 | eclipse.preferences.version=1 5 | -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.toolbox/TPC_Model_2/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* SPECIFICATION definition 4 | SPECIFICATION 5 | spec_142819613583643000 6 | \* Generated on Sat Apr 04 21:08:55 EDT 2015 -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.toolbox/TPC_Model_2/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS TwoPhaseCommit, TLC 3 | 4 | \* SPECIFICATION definition @modelBehaviorSpec:0 5 | spec_142819613583643000 == 6 | Spec 7 | ---- 8 | ============================================================================= 9 | \* Modification History 10 | \* Created Sat Apr 04 21:08:55 EDT 2015 by midpeter444 11 | -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.toolbox/TPC_Model_2/TwoPhaseCommit.tla: -------------------------------------------------------------------------------- 1 | --------------------- MODULE TwoPhaseCommit ---------------------- 2 | EXTENDS Naturals, TLC 3 | (* 4 | --algorithm TwoPhaseCommit { 5 | variables 6 | managers = {"bob", "chuck", "dave"}; 7 | restaurant_stage = [mgr \in managers |-> "start"]; 8 | 9 | macro SetAll(state, kmgrs) { 10 | while (kmgrs # {}) { 11 | with (km \in kmgrs) { 12 | restaurant_stage[km] := state; 13 | kmgrs := kmgrs \ {km}; 14 | }; 15 | }; 16 | } 17 | 18 | process (Restaurant \in managers) 19 | { 20 | c0: await restaurant_stage[self] = "propose"; 21 | 22 | either { 23 | restaurant_stage[self] := "accept"; 24 | } or { 25 | restaurant_stage[self] := "refuse"; 26 | }; 27 | 28 | c1: await (restaurant_stage[self] = "commit") \/ 29 | (restaurant_stage[self] = "abort"); 30 | 31 | if (restaurant_stage[self] = "commit") { 32 | restaurant_stage[self] := "committed"; 33 | } else { 34 | restaurant_stage[self] := "aborted"; 35 | }; 36 | }; \* end Restaurant process block 37 | 38 | process (Controller = "alice") 39 | variables rstMgrs, aborted = FALSE; 40 | { 41 | n0: rstMgrs := managers; 42 | n1: SetAll("propose", rstMgrs); 43 | n2: rstMgrs := managers; \* reassign, since SetAll modified the original rstMgrs set 44 | n3: while (rstMgrs # {}) { 45 | with (r \in rstMgrs) { 46 | await (restaurant_stage[r] = "accept") \/ (restaurant_stage[r] = "refuse"); 47 | if (restaurant_stage[r] = "refuse") { 48 | aborted := TRUE; 49 | }; 50 | rstMgrs := rstMgrs \ {r}; 51 | }; 52 | }; 53 | rstMgrs := managers; 54 | if (aborted = TRUE) { 55 | n4: SetAll("abort", rstMgrs); 56 | } else { 57 | n5: SetAll("commit", rstMgrs); 58 | }; 59 | } \* end Controller process block 60 | 61 | } \* end algorithm 62 | *) 63 | \* BEGIN TRANSLATION 64 | CONSTANT defaultInitValue 65 | VARIABLES managers, restaurant_stage, pc, rstMgrs, aborted 66 | 67 | vars == << managers, restaurant_stage, pc, rstMgrs, aborted >> 68 | 69 | ProcSet == (managers) \cup {"alice"} 70 | 71 | Init == (* Global variables *) 72 | /\ managers = {"bob", "chuck", "dave"} 73 | /\ restaurant_stage = [mgr \in managers |-> "start"] 74 | (* Process Controller *) 75 | /\ rstMgrs = defaultInitValue 76 | /\ aborted = FALSE 77 | /\ pc = [self \in ProcSet |-> CASE self \in managers -> "c0" 78 | [] self = "alice" -> "n0"] 79 | 80 | c0(self) == /\ pc[self] = "c0" 81 | /\ restaurant_stage[self] = "propose" 82 | /\ \/ /\ restaurant_stage' = [restaurant_stage EXCEPT ![self] = "accept"] 83 | \/ /\ restaurant_stage' = [restaurant_stage EXCEPT ![self] = "refuse"] 84 | /\ pc' = [pc EXCEPT ![self] = "c1"] 85 | /\ UNCHANGED << managers, rstMgrs, aborted >> 86 | 87 | c1(self) == /\ pc[self] = "c1" 88 | /\ (restaurant_stage[self] = "commit") \/ 89 | (restaurant_stage[self] = "abort") 90 | /\ IF restaurant_stage[self] = "commit" 91 | THEN /\ restaurant_stage' = [restaurant_stage EXCEPT ![self] = "committed"] 92 | ELSE /\ restaurant_stage' = [restaurant_stage EXCEPT ![self] = "aborted"] 93 | /\ pc' = [pc EXCEPT ![self] = "Done"] 94 | /\ UNCHANGED << managers, rstMgrs, aborted >> 95 | 96 | Restaurant(self) == c0(self) \/ c1(self) 97 | 98 | n0 == /\ pc["alice"] = "n0" 99 | /\ rstMgrs' = managers 100 | /\ pc' = [pc EXCEPT !["alice"] = "n1"] 101 | /\ UNCHANGED << managers, restaurant_stage, aborted >> 102 | 103 | n1 == /\ pc["alice"] = "n1" 104 | /\ IF rstMgrs # {} 105 | THEN /\ \E km \in rstMgrs: 106 | /\ restaurant_stage' = [restaurant_stage EXCEPT ![km] = "propose"] 107 | /\ rstMgrs' = rstMgrs \ {km} 108 | /\ pc' = [pc EXCEPT !["alice"] = "n1"] 109 | ELSE /\ pc' = [pc EXCEPT !["alice"] = "n2"] 110 | /\ UNCHANGED << restaurant_stage, rstMgrs >> 111 | /\ UNCHANGED << managers, aborted >> 112 | 113 | n2 == /\ pc["alice"] = "n2" 114 | /\ rstMgrs' = managers 115 | /\ pc' = [pc EXCEPT !["alice"] = "n3"] 116 | /\ UNCHANGED << managers, restaurant_stage, aborted >> 117 | 118 | n3 == /\ pc["alice"] = "n3" 119 | /\ IF rstMgrs # {} 120 | THEN /\ \E r \in rstMgrs: 121 | /\ (restaurant_stage[r] = "accept") \/ (restaurant_stage[r] = "refuse") 122 | /\ IF restaurant_stage[r] = "refuse" 123 | THEN /\ aborted' = TRUE 124 | ELSE /\ TRUE 125 | /\ UNCHANGED aborted 126 | /\ rstMgrs' = rstMgrs \ {r} 127 | /\ pc' = [pc EXCEPT !["alice"] = "n3"] 128 | ELSE /\ rstMgrs' = managers 129 | /\ IF aborted = TRUE 130 | THEN /\ pc' = [pc EXCEPT !["alice"] = "n4"] 131 | ELSE /\ pc' = [pc EXCEPT !["alice"] = "n5"] 132 | /\ UNCHANGED aborted 133 | /\ UNCHANGED << managers, restaurant_stage >> 134 | 135 | n4 == /\ pc["alice"] = "n4" 136 | /\ IF rstMgrs # {} 137 | THEN /\ \E km \in rstMgrs: 138 | /\ restaurant_stage' = [restaurant_stage EXCEPT ![km] = "abort"] 139 | /\ rstMgrs' = rstMgrs \ {km} 140 | /\ pc' = [pc EXCEPT !["alice"] = "n4"] 141 | ELSE /\ pc' = [pc EXCEPT !["alice"] = "Done"] 142 | /\ UNCHANGED << restaurant_stage, rstMgrs >> 143 | /\ UNCHANGED << managers, aborted >> 144 | 145 | n5 == /\ pc["alice"] = "n5" 146 | /\ IF rstMgrs # {} 147 | THEN /\ \E km \in rstMgrs: 148 | /\ restaurant_stage' = [restaurant_stage EXCEPT ![km] = "commit"] 149 | /\ rstMgrs' = rstMgrs \ {km} 150 | /\ pc' = [pc EXCEPT !["alice"] = "n5"] 151 | ELSE /\ pc' = [pc EXCEPT !["alice"] = "Done"] 152 | /\ UNCHANGED << restaurant_stage, rstMgrs >> 153 | /\ UNCHANGED << managers, aborted >> 154 | 155 | Controller == n0 \/ n1 \/ n2 \/ n3 \/ n4 \/ n5 156 | 157 | Next == Controller 158 | \/ (\E self \in managers: Restaurant(self)) 159 | \/ (* Disjunct to prevent deadlock on termination *) 160 | ((\A self \in ProcSet: pc[self] = "Done") /\ UNCHANGED vars) 161 | 162 | Spec == Init /\ [][Next]_vars 163 | 164 | Termination == <>(\A self \in ProcSet: pc[self] = "Done") 165 | 166 | \* END TRANSLATION 167 | 168 | StateOK == /\ (\A i \in managers: restaurant_stage[i] \in {"start", "propose", "accept", "commit", "abort", "committed", "aborted", "refuse"}) 169 | 170 | Committed == /\ \/ <>(\A i \in managers: restaurant_stage[i] = "committed") 171 | \/ <>(\A i \in managers: restaurant_stage[i] = "aborted") 172 | 173 | ================================================================== 174 | -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.toolbox/TPC_Model_3/MC.cfg: -------------------------------------------------------------------------------- 1 | \* CONSTANT declarations 2 | CONSTANT defaultInitValue = defaultInitValue 3 | \* SPECIFICATION definition 4 | SPECIFICATION 5 | spec_142823483070151000 6 | \* Generated on Sun Apr 05 07:53:50 EDT 2015 -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.toolbox/TPC_Model_3/MC.tla: -------------------------------------------------------------------------------- 1 | ---- MODULE MC ---- 2 | EXTENDS TwoPhaseCommit, TLC 3 | 4 | \* SPECIFICATION definition @modelBehaviorSpec:0 5 | spec_142823483070151000 == 6 | Spec 7 | ---- 8 | ============================================================================= 9 | \* Modification History 10 | \* Created Sun Apr 05 07:53:50 EDT 2015 by midpeter444 11 | -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.toolbox/TwoPhaseCommit.tla.pmap: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/quux00/PlusCal-Examples/1369a5c0531e20d476c501ca03a79c08ecf7c868/TwoPhaseCommit/TwoPhaseCommit.toolbox/TwoPhaseCommit.tla.pmap -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.toolbox/TwoPhaseCommit___TPC_Model_1.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.toolbox/TwoPhaseCommit___TPC_Model_2.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /TwoPhaseCommit/TwoPhaseCommit.toolbox/TwoPhaseCommit___TPC_Model_3.launch: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /library/GCD/GCD.tla: -------------------------------------------------------------------------------- 1 | -------------------------- MODULE GCD --------------------------- 2 | EXTENDS Integers 3 | 4 | Divides(p, n) == \E q \in Int : n = q * p 5 | 6 | DivisorsOf(n) == {p \in Int: Divides(p, n)} 7 | 8 | SetMax(S) == CHOOSE i \in S : \A j \in S : i >= j 9 | 10 | GCD(m, n) == SetMax(DivisorsOf(m) \cap DivisorsOf(n)) 11 | 12 | ================================================================= --------------------------------------------------------------------------------