|
1 Receiver = List + IOA + Action + Multiset + "Lemmas" + |
|
2 |
|
3 types |
|
4 |
|
5 'm receiver_state |
|
6 = "'m list * bool multiset * 'm packet multiset * bool * bool" |
|
7 (* messages #replies #received header mode *) |
|
8 |
|
9 consts |
|
10 |
|
11 receiver_asig :: "'m action signature" |
|
12 receiver_trans:: "('m action, 'm receiver_state)transition set" |
|
13 receiver_ioa :: "('m action, 'm receiver_state)ioa" |
|
14 rq :: "'m receiver_state => 'm list" |
|
15 rsent :: "'m receiver_state => bool multiset" |
|
16 rrcvd :: "'m receiver_state => 'm packet multiset" |
|
17 rbit :: "'m receiver_state => bool" |
|
18 rsending :: "'m receiver_state => bool" |
|
19 |
|
20 rules |
|
21 |
|
22 rq_def "rq == fst" |
|
23 rsent_def "rsent == fst o snd" |
|
24 rrcvd_def "rrcvd == fst o snd o snd" |
|
25 rbit_def "rbit == fst o snd o snd o snd" |
|
26 rsending_def "rsending == snd o snd o snd o snd" |
|
27 |
|
28 receiver_asig_def "receiver_asig == \ |
|
29 \ <UN pkt. {R_pkt(pkt)}, \ |
|
30 \ (UN m. {R_msg(m)}) Un (UN b. {S_ack(b)}), \ |
|
31 \ insert(C_m_r, UN m. {C_r_r(m)})>" |
|
32 |
|
33 receiver_trans_def "receiver_trans == \ |
|
34 \ {tr. let s = fst(tr); \ |
|
35 \ t = snd(snd(tr)) \ |
|
36 \ in \ |
|
37 \ case fst(snd(tr)) \ |
|
38 \ of \ |
|
39 \ S_msg(m) => False | \ |
|
40 \ R_msg(m) => rq(s) = (m # rq(t)) & \ |
|
41 \ rsent(t)=rsent(s) & \ |
|
42 \ rrcvd(t)=rrcvd(s) & \ |
|
43 \ rbit(t)=rbit(s) & \ |
|
44 \ rsending(t)=rsending(s) | \ |
|
45 \ S_pkt(pkt) => False | \ |
|
46 \ R_pkt(pkt) => rq(t) = rq(s) & \ |
|
47 \ rsent(t) = rsent(s) & \ |
|
48 \ rrcvd(t) = addm(rrcvd(s),pkt) & \ |
|
49 \ rbit(t) = rbit(s) & \ |
|
50 \ rsending(t) = rsending(s) | \ |
|
51 \ S_ack(b) => b = rbit(s) & \ |
|
52 \ rq(t) = rq(s) & \ |
|
53 \ rsent(t) = addm(rsent(s),rbit(s)) & \ |
|
54 \ rrcvd(t) = rrcvd(s) & \ |
|
55 \ rbit(t)=rbit(s) & \ |
|
56 \ rsending(s) & \ |
|
57 \ rsending(t) | \ |
|
58 \R_ack(b) => False | \ |
|
59 \ C_m_s => False | \ |
|
60 \ C_m_r => count(rsent(s),~rbit(s)) < countm(rrcvd(s),%y.hdr(y)=rbit(s)) & \ |
|
61 \ rq(t) = rq(s) & \ |
|
62 \ rsent(t)=rsent(s) & \ |
|
63 \ rrcvd(t)=rrcvd(s) & \ |
|
64 \ rbit(t)=rbit(s) & \ |
|
65 \ rsending(s) & \ |
|
66 \ ~rsending(t) | \ |
|
67 \ C_r_s => False | \ |
|
68 \ C_r_r(m) => count(rsent(s),rbit(s)) <= countm(rrcvd(s),%y.hdr(y)=rbit(s)) & \ |
|
69 \ count(rsent(s),~rbit(s)) < count(rrcvd(s),<rbit(s),m>) & \ |
|
70 \ rq(t) = rq(s)@[m] & \ |
|
71 \ rsent(t)=rsent(s) & \ |
|
72 \ rrcvd(t)=rrcvd(s) & \ |
|
73 \ rbit(t) = (~rbit(s)) & \ |
|
74 \ ~rsending(s) & \ |
|
75 \ rsending(t)}" |
|
76 |
|
77 |
|
78 receiver_ioa_def "receiver_ioa == \ |
|
79 \ <receiver_asig, {<[],{|},{|},False,False>}, receiver_trans>" |
|
80 |
|
81 end |