// Synthesized 3-bit token ring. constant N := 3; direct variable t[N] < 2; puppet variable e[N] < 2; puppet variable ready[N] < 2; // Make the invariant exactly this, no smoothing over puppet variables is allowed. (future & shadow) // One process has the token. (unique i < N : i == 0 && t[i-1] == t[i] || i != 0 && t[i-1] != t[i] ); process Bot[i < 1] { read: e[i-1], t[i-1]; write: e[i], t[i], ready[i]; // Enforce this behavior within the invariant: shadow action:( t[i-1] == t[i] --> t[i] := 1 - t[i-1]; ); // Use these actions: puppet action: ( e[i-1]==1 && t[i-1]==0 && e[i]==1 && t[i]==0 && ready[i]==0 --> e[i]:=0; t[i]:=0; ready[i]:=0; ) ( e[i-1]==1 && t[i-1]==0 && e[i]==1 && t[i]==0 && ready[i]==1 --> e[i]:=0; t[i]:=0; ready[i]:=1; ) ( e[i-1]==0 && t[i-1]==0 && e[i]==0 && t[i]==0 && ready[i]==1 --> e[i]:=1; t[i]:=0; ready[i]:=0; ) ( e[i-1]==0 && t[i-1]==0 && e[i]==0 && t[i]==0 && ready[i]==0 --> e[i]:=0; t[i]:=1; ready[i]:=1; ) ( e[i-1]==1 && t[i-1]==1 && e[i]==0 && t[i]==0 && ready[i]==1 --> e[i]:=1; t[i]:=0; ready[i]:=0; ) ( e[i-1]==1 && t[i-1]==1 && e[i]==0 && t[i]==0 && ready[i]==0 --> e[i]:=1; t[i]:=0; ready[i]:=1; ) ( e[i-1]==1 && t[i-1]==1 && e[i]==1 && t[i]==1 && ready[i]==1 --> e[i]:=0; t[i]:=1; ready[i]:=1; ) ( e[i-1]==1 && t[i-1]==1 && e[i]==1 && t[i]==1 && ready[i]==0 --> e[i]:=0; t[i]:=1; ready[i]:=1; ) ( e[i-1]==1 && t[i-1]==0 && e[i]==0 && t[i]==1 && ready[i]==1 --> e[i]:=1; t[i]:=1; ready[i]:=1; ) ( e[i-1]==1 && t[i-1]==0 && e[i]==0 && t[i]==1 && ready[i]==0 --> e[i]:=1; t[i]:=1; ready[i]:=0; ) ( e[i-1]==0 && t[i-1]==0 && e[i]==1 && t[i]==1 && ready[i]==1 --> e[i]:=0; t[i]:=1; ready[i]:=1; ) ( e[i-1]==0 && t[i-1]==0 && e[i]==1 && t[i]==1 && ready[i]==0 --> e[i]:=0; t[i]:=1; ready[i]:=1; ) ( e[i-1]==0 && t[i-1]==1 && e[i]==0 && t[i]==1 && ready[i]==1 --> e[i]:=0; t[i]:=0; ready[i]:=1; ) ( e[i-1]==0 && t[i-1]==1 && e[i]==0 && t[i]==1 && ready[i]==0 --> e[i]:=1; t[i]:=1; ready[i]:=1; ) ; } process P[i <- map tid < N-1 : tid+1] { read: e[i-1], t[i-1]; write: e[i], t[i], ready[i]; // Enforce this behavior within the invariant: shadow action:( t[i-1] != t[i] --> t[i] := t[i-1]; ); // Use these actions: puppet action: ( e[i-1]==1 && t[i-1]==1 && e[i]==1 && t[i]==1 && ready[i]==1 --> e[i]:=1; t[i]:=1; ready[i]:=0; ) ( e[i-1]==1 && t[i-1]==1 && e[i]==0 && t[i]==1 && ready[i]==1 --> e[i]:=1; t[i]:=1; ready[i]:=0; ) ( e[i-1]==1 && t[i-1]==1 && e[i]==0 && t[i]==1 && ready[i]==0 --> e[i]:=1; t[i]:=1; ready[i]:=0; ) ( e[i-1]==1 && t[i-1]==1 && e[i]==1 && t[i]==0 && ready[i]==0 --> e[i]:=0; t[i]:=0; ready[i]:=0; ) ( e[i-1]==0 && t[i-1]==1 && e[i]==1 && t[i]==1 && ready[i]==0 --> e[i]:=0; t[i]:=1; ready[i]:=0; ) ( e[i-1]==0 && t[i-1]==1 && e[i]==1 && t[i]==1 && ready[i]==1 --> e[i]:=0; t[i]:=1; ready[i]:=0; ) ( e[i-1]==0 && t[i-1]==1 && e[i]==0 && t[i]==0 && ready[i]==1 --> e[i]:=1; t[i]:=0; ready[i]:=0; ) ( e[i-1]==1 && t[i-1]==0 && e[i]==0 && t[i]==0 && ready[i]==0 --> e[i]:=1; t[i]:=0; ready[i]:=0; ) ( e[i-1]==1 && t[i-1]==0 && e[i]==0 && t[i]==0 && ready[i]==1 --> e[i]:=1; t[i]:=0; ready[i]:=1; ) ( e[i-1]==1 && t[i-1]==1 && e[i]==1 && t[i]==0 && ready[i]==1 --> e[i]:=0; t[i]:=0; ready[i]:=1; ) ( e[i-1]==0 && t[i-1]==0 && e[i]==1 && t[i]==0 && ready[i]==1 --> e[i]:=0; t[i]:=0; ready[i]:=1; ) ( e[i-1]==0 && t[i-1]==0 && e[i]==1 && t[i]==0 && ready[i]==0 --> e[i]:=0; t[i]:=0; ready[i]:=0; ) ( e[i-1]==0 && t[i-1]==1 && e[i]==0 && t[i]==0 && ready[i]==0 --> e[i]:=0; t[i]:=1; ready[i]:=0; ) ( e[i-1]==0 && t[i-1]==0 && e[i]==0 && t[i]==1 && ready[i]==0 --> e[i]:=0; t[i]:=0; ready[i]:=1; ) ( e[i-1]==0 && t[i-1]==0 && e[i]==0 && t[i]==1 && ready[i]==1 --> e[i]:=0; t[i]:=0; ready[i]:=0; ) ( e[i-1]==1 && t[i-1]==0 && e[i]==1 && t[i]==1 && ready[i]==0 --> e[i]:=1; t[i]:=0; ready[i]:=0; ) ( e[i-1]==1 && t[i-1]==0 && e[i]==1 && t[i]==1 && ready[i]==1 --> e[i]:=1; t[i]:=0; ready[i]:=0; ) ( e[i-1]==1 && t[i-1]==0 && e[i]==0 && t[i]==1 && ready[i]==1 --> e[i]:=1; t[i]:=0; ready[i]:=0; ) ( e[i-1]==1 && t[i-1]==0 && e[i]==0 && t[i]==1 && ready[i]==0 --> e[i]:=1; t[i]:=0; ready[i]:=1; ) ( e[i-1]==0 && t[i-1]==0 && e[i]==1 && t[i]==1 && ready[i]==0 --> e[i]:=1; t[i]:=1; ready[i]:=1; ) ; }