Skip to content
Snippets Groups Projects
Commit 3362a9e5 authored by Nils Fitinghoff's avatar Nils Fitinghoff
Browse files

reorder to match paper

parent 1197c0bb
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 9 additions and 9 deletions
examples/eq_paper.rs
+ 9
9
View file @ 3362a9e5
...@@ -52,15 +52,7 @@ fn main() { ...@@ -52,15 +52,7 @@ fn main() {
STATE_H[i] = STATE; STATE_H[i] = STATE;
CNTR_H[i] = TIMEOUT_CNTR; CNTR_H[i] = TIMEOUT_CNTR;
// invariants // (1) !a | !b -> !S8000
// (1) S8000 -> a & b
// ensures that Enable implies that both a and b are true
// this is the main safety condition
if STATE == S8000 {
kassert!(DATA[i].a & DATA[i].b);
}
// (2) !a | !b -> !S8000
// ensures that if any input is false we cannot enter the Enable state // ensures that if any input is false we cannot enter the Enable state
// this can also be seen as a safty condition // this can also be seen as a safty condition
// (can it be derived from the first condition, but we keep is as // (can it be derived from the first condition, but we keep is as
...@@ -71,6 +63,14 @@ fn main() { ...@@ -71,6 +63,14 @@ fn main() {
kassert!(!(STATE == S8000)); kassert!(!(STATE == S8000));
} }
// invariants
// (2) S8000 -> a & b
// ensures that Enable implies that both a and b are true
// this is the main safety condition
if STATE == S8000 {
kassert!(DATA[i].a & DATA[i].b);
}
// S8001 -> !a & !b // S8001 -> !a & !b
// we can only stay or enter the Init state unless either (or both) inputs are false // we can only stay or enter the Init state unless either (or both) inputs are false
if STATE == S8001 { if STATE == S8001 {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment