// Token-passing on a chain
// using 3 states per process

constant N := 3;

variable x[N] < 3;

// Values are nondecreasing.
(future & closed)
  (forall i < (N-1) : x[i]<=x[i+1]);

// Process has token when it sees one of:
//   x[i-1]==1 && x[i]==2
//                x[i]==0 && x[i+1]==2
// The Top process also has the token when x[N-1]!=2.
//(future & closed)
//  (unique i < N : false
//   || i > 0    && x[i-1]==1 && x[i]==2
//   || i < N-1  && x[i]==0 && x[i+1]==2
//   || i == N-1 && x[i]!=2
//  );

// The protocol remains active.
future active shadow;

process Bot[i < 1]
{
  write: x[i];
  read:  x[i+1];

  (assume & closed) (x[i]!=2);

  action:
    ( x[i]!=1 && x[i+1]==2 --> x[i]:=1; )
    ( x[i]!=0 && x[i+1]!=2 --> x[i]:=0; )
    ;
}

process P[i <- map tid < N-2 : tid+1]
{
  read: x[i-1];
  write: x[i];
  read: x[i+1];

  action:
    ( x[i-1]==1 && x[i]!=1              --> x[i]:=1; )
    ( x[i-1]==0 && x[i]==1 && x[i+1]==1 --> x[i]:=0; )
    ( x[i-1]==0 && x[i]==0 && x[i+1]==2 --> x[i]:=2; )
    ;
}

process Top[i <- map tid < 1 : N-1]
{
  read: x[i-1];
  write: x[i];

  (assume & closed) (x[i]!=0);

  action:
    ( x[i-1]==1 && x[i]!=1 --> x[i]:=1; )
    ( x[i-1]!=1 && x[i]!=2 --> x[i]:=2; )
    ;
}