Home Explore Help
Register Sign In
strlst
/
uni
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ef3f551774
Branches Tags
uni
/
fmi
/
fmi23block4
/
ex3.a.smv

ex3.a.smv 2.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 
  1. MODULE passenger(on_boat)
    2. 

  2.   VAR
    3. 

  3.     crossed : boolean;
    4. 

  4.   ASSIGN
    5. 

  5.     init(crossed) := FALSE;
    6. 

  6.     next(crossed) := on_boat ? !crossed : crossed;
    7. 

  7. 

  8. MODULE main
    9. 

  9.   VAR
    10. 

  10.     -- selected passenger encodes which of the passengers will be crossed next
    11. 

  11.     -- selection happens as the boat returns, we could see this as the ferryman deciding what to do next while rowing back
    12. 

  12.     selected_passenger : {w, g, c, none};
    13. 

  13. 

  14.     -- boat crossed encodes the boat is currently at the origin (not crossed) or at the destination (crossed)
    15. 

  15.     boat_crossed : boolean;
    16. 

  16. 

  17.     -- these three passengers each have their own internal crossed variable (with the same meaning)
    18. 

  18.     -- they internally check whether they are on the boat and if so, their crossing value toggles
    19. 

  19.     wolf : passenger(selected_passenger = w);
    20. 

  20.     goat : passenger(selected_passenger = g);
    21. 

  21.     cabbage : passenger(selected_passenger = c);
    22. 

  22.   ASSIGN
    23. 

  23.     init(boat_crossed) := FALSE;
    24. 

  24. 

  25.     -- the boat always toggles its crossing, representing the back and forth control flow of the boat
    26. 

  26.     next(boat_crossed) := !boat_crossed;
    27. 

  27. 

  28.     -- this statement essentially encodes a set of follow-up states
    29. 

  29.     -- the only passengers which can be selected for crossing are those who have the same crossing value as the next boat crossing value
    30. 

  30.     -- in essence, due to this statement, the boat cannot take a passenger from the origin to the destination while at the desination or vice-versa
    31. 

  31.     next(selected_passenger) := {
    32. 

  32.       next(boat_crossed) = wolf.crossed ? w : selected_passenger,
    33. 

  33.       next(boat_crossed) = goat.crossed ? g : selected_passenger,
    34. 

  34.       next(boat_crossed) = cabbage.crossed ? c : selected_passenger,
    35. 

  35.       selected_passenger, none
    36. 

  36.     };
    37. 

  37.   DEFINE
    38. 

  38.     -- this is a simple definition for the goat being eaten by the wolf, looking at the crossed values of the boat, the wolf and the goat
    39. 

  39.     wolf_eats_goat := wolf.crossed = goat.crossed &
    40. 

  40.                       wolf.crossed != boat_crossed;
    41. 

  41.     -- same but for the cabbage being eaten by the goat
    42. 

  42.     goat_eats_cabbage := goat.crossed = cabbage.crossed &
    43. 

  43.                          goat.crossed != boat_crossed;
    44. 

  44.     -- this is a simple definition for all passengers being crossed, which is really the end state of our puzzle
    45. 

  45.     all_crossed := wolf.crossed &
    46. 

  46.                    goat.crossed &
    47. 

  47.                    cabbage.crossed;
    48. 

  48. 

  49.   -- this spec is explained in detail in the trace provided in `ex3.a.out`
    50. 

  50.   LTLSPEC !(
    51. 

  51.     G (!wolf_eats_goat & !goat_eats_cabbage) &
    52. 

  52.     F all_crossed
    53. 

  53.   )
    54. 

  54.