Several processes simultaneously editing the same file would not be desirable. When concurrent processes share a resource (such as a file on a disk or a database entry), it may be necessary to ensure that they do not have access to it at the same time. Let us now look at a larger example of verification using LTL, having to do with mutual exclusion. ģ.3 Model checking: systems, tools, properties 3.3.1 Example: mutual exclusion Suppose s i ¬φ since n is minimal, we know s i ¬ψ, so by ( ) there is some j < i < n with s j ψ, contradicting the minimality of n. Since s 0 F ψ, we have a minimal n as before. Let n be the smallest number such that s n ψ such a number has to exist since s 0 φ U ψ then, for each k 0, if s i ¬φ ¬ψ, then there is some j 0 with s i ¬φ ¬ψ i > n, so we can take j = n and have s j ψ.Ĭonversely, suppose s 0 ¬( ¬ψ U ( ¬φ ¬ψ)) F ψ holds we prove s 0 φ U ψ. in any model.įirst, suppose s 0 φ U ψ holds. Theorem 3.10 The equivalence φ U ψ ≡ ¬( ¬ψ U ( ¬φ ¬ψ)) F ψ holds for all LTL formulas φ and ψ. We finally state and prove a useful equivalence about U. In this case, these sets are adequate for the fragment without X, and no strict subset is.
Think3 modeling verification#