diff --git a/.DS_Store b/.DS_Store
index 6c75e0b5..1e0fbd09 100644
Binary files a/.DS_Store and b/.DS_Store differ
diff --git a/.gitignore b/.gitignore
index e69de29b..51b4cfda 100644
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+local/
diff --git a/LICENSE.txt b/LICENSE.txt
index cd1efd53..e011632e 100644
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,6 +1,6 @@
MIT License
-Copyright (c) [2021] [Cesar Sanchez, Borzoo Bonakdarpour, Tzu-Han Hsu]
+Copyright (c) [2021] [César Sánchez, Borzoo Bonakdarpour, Tzu-Han Hsu]
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
diff --git a/Makefile b/Makefile
index 7a8f059c..2fdf741b 100644
--- a/Makefile
+++ b/Makefile
@@ -7,3 +7,7 @@ clean:
find . -name "*.quabs" -delete
find . -name "*.qcir" -delete
find . -name "*.cex" -delete
+ find . -name "*QS" -delete
+ find . -name "*.cex" -delete
+ find . -name "P.hq" -delete
+ find . -name "*.hoa" -delete
diff --git a/README.md b/README.md
index d8a7871e..2033f537 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,11 @@
-# Welcome to HyperQube!
-
-HyperQube is a home-grown tool of Bounded Model Checking for Hyperproperties.
+# Welcome to HyperQB!
+HyperQB is a home-grown tool of Bounded Model Checking for Hyperproperties.
Hyperproperty specifies and reasons about important requirements among multiple traces.
-We implement our algorithm for Bounded Model Checking for Hyperproperty as a tool, HyperQube.
+We implement our QBF-based algorithm for Bounded Model Checking for Hyperproperty as a tool, HyperQB.
-HyperQube includes several parts:
+HyperQB includes several parts:
- NuSMV model parsing and Boolean encoding of transition relation and specification,
- HyperLTL formula translation,
- QBF encoding of unfolding with bound k using specific semantics,
@@ -17,39 +16,43 @@ while the existing tool, QuAbs, is under AGPL license.
-## HOW TO USE
-To run HyperQube, install [docker](https://docs.docker.com/get-docker/) then execute ```hyperqube.sh``` with one of the following two scenarios:
-
- 1. BMC with single model:
- ```./hyperqube.sh ```
-
- 2. BMC with multi-model:
- ```./hyperqube.sh ```
-
-Note that is a natural number specifies the length of unrolling.
+## Get Started
+You can start using HyperQB in 2 simple steps:
+1. First install [docker](https://docs.docker.com/get-docker/).
+HyperQB will automatically pull the image and execute the scripts to avoid possible hassle of compiling dependencies!
+2. Next, clone the repository and step into the repo:
+- ```git clone https://github.com/TART-MSU/HyperQB.git```
+- ```cd HyperQB```
-To observe the tool outputs, all model checking results with counterexample will output as *_OUTPUT_formatted.cex. The parsed outputs have variables, time stamps, and values neatly presented.
-
+You are now ready to run HyperQB!:D
-## GET STARTED
-You can start using HyperQube in 2 simple steps:
-1. First make sure DOCKER is installed from: https://docs.docker.com/get-docker/ . HyperQube will automatically pull the image and execute the scripts to avoid possible hassle of compiling dependencies.
-2. Next, clone the repository and step into the repo:
-- ```git clone https://github.com/TART-MSU/HyperQube.git```
-- ```cd HyperQube```
-You are now ready to run HyperQube!
+## How to Use
+To run HyperQB, execute ```hyperqb.sh``` with the following inputs:
+- `` written in NuSMV format (as .smv files),
+- `` written in the grammar described in Sec. 4 (as a .hq file),
+- `` a natural number 0, specifying the unrolling bound,
+- `` the semantics, which can be -pes, -opt, -hpes or -hopt, and
+- `` to say performing classic BMC (i.e., negating the formula) or not, which can be -bughunt or -find (we use the former as default value).
+
+RUN HyperQB in the following format:
+ ```./hyperqube ```
-We provide two demo examples. To run, execute each of the followings:
-- (Example 1: bakery with symmetry:)
```./hyperqube.sh demo/bakery.smv demo/symmetry 10 pes -single```
-- (Example 2: SNARK with linearizability)
```./hyperqube.sh demo/SNARK_conc.smv demo/SNARK_seq.smv demo/linearizability 18 pes -multi```
+To observe the tool outputs (i.e., counterexample or witness)
+ See ```*_OUTPUT_formatted.cex``` for parsed outputs have variables, time stamps, and values neatly presented.
+
+Demo Examples:
+1. [demo 1: run bakery algorithm with symmetry property]
+```./hyperqb.sh demo/bakery.smv demo/bakery.smv demo/symmetry.hq 10 -pes```
+2. [dem0 2: run SNARK algorithm with linearizability propoerty]
+```./hyperqb.sh demo/SNARK_conc.smv demo/SNARK_seq.smv demo/lin.hq 18 -pes```
## Experiments
-(all models and formulas are in directory tacas21_cases)
+(all models and formulas are in directory cases_bmc)
Our evaluations include the following cases,
- Case #1.1-#1.4: Symmetry in the Bakery Algorithm
@@ -58,10 +61,26 @@ Our evaluations include the following cases,
- Case #4.1-#4.2: Fairness in Non-repudiation Protocols
- Case #5.1-#5.2: Privacy-Preserving Path Synthesis for Robots
- Case #6.1: Mutant Synthesis for Mutation Testing
+- Case #7.1: Co-termination of multiple programs
+- Case #6.1: Mutant Synthesis for Mutation Testing
+- Case #6.1: Mutant Synthesis for Mutation Testing
+- Case #6.1: Mutant Synthesis for Mutation Testing
+- Case #6.1: Mutant Synthesis for Mutation Testing
+- Case #7.1: Co-termination
+- Case #8.1: Deniability
+- Case #9.1 - #9.3: Intransitive Non-interference
+- Case #10.1 - #10.2: TINI and TSNI
+- Case #11.1: K-safety
-We also provide all the command lines needed for each experiment in the document *RUN.txt*
+## One-click Scripts
+We provide several convenient scripts for executing exeperiments.
+- run ```./run_demos.sh``` to run demo examples
+- run ```./run_tacas21.sh``` to run all experiments for TACAS21
+- run ```./run_cav23.sh``` to run all experiments for CAV23
+
+We also provide all the command lines needed for each experiment in the document *RUN.txt*
## People
@@ -69,3 +88,7 @@ Authors:
- [Tzu-Han Hsu](https://tzuhancs.github.io/), Michigan State University.
- [Borzoo Bonakdarpour](http://www.cse.msu.edu/~borzoo/), Michigan State University.
- [César Sánchez](https://software.imdea.org/~cesar/), IMDEA Software Institute.
+
+Publication:
+- [Bounded Model Checking for Hyperproperties (TACAS'21)](https://link.springer.com/content/pdf/10.1007/978-3-030-72016-2_6.pdf)
+
diff --git a/RUN.txt b/RUN.txt
index 596932a9..a500e31e 100644
--- a/RUN.txt
+++ b/RUN.txt
@@ -5,60 +5,60 @@ This file provide the command lines to run specific experiments we provided in t
Small demos in the tool paper:
-./hyperqube.sh demo/simple.smv demo/simple.hq 1 pes -single
-./hyperqube.sh demo/mini.smv demo/mini.hq 1 pes -single
+./hyperqb.sh demo/simple.smv demo/simple.hq 1 pes -single
+./hyperqb.sh demo/mini.smv demo/mini.hq 1 pes -single
[run bakery algorithm with symmetry property]
- ./hyperqube.sh demo/bakery.smv demo/symmetry.hq 10 pes -single
+ ./hyperqb.sh demo/bakery.smv demo/symmetry.hq 10 pes -single
[run SNARK algorithm with linearizability propoerty]
- ./hyperqube.sh demo/SNARK_conc.smv demo/SNARK_seq.smv demo/linearizability 18 pes -multi
+ ./hyperqb.sh demo/SNARK_conc.smv demo/SNARK_seq.smv demo/linearizability 18 pes -multi
Experiments in the tool paper:
[run simple_krip with simple_krip_formula]
- ./hyperqube.sh cases_bmc/simple_krip.smv cases_bmc/simple_krip_formula.hq 5 pes
+ ./hyperqb.sh cases_bmc/simple_krip.smv cases_bmc/simple_krip_formula.hq 5 pes
[BAKERY]
-- 1.1 BAKERY 3PROC SYM1 --
- ./hyperqube.sh cases_bmc/bakery_3procs.smv cases_bmc/bakery_formula_sym1_3proc.hq 10 pes
+ ./hyperqb.sh cases_bmc/bakery_3procs.smv cases_bmc/bakery_formula_sym1_3proc.hq 10 pes
-- 1.2 BAKERY 3PROC SYM2 --
- ./hyperqube.sh cases_bmc/bakery_3procs.smv cases_bmc/bakery_formula_sym2_3proc.hq 10 pes
+ ./hyperqb.sh cases_bmc/bakery_3procs.smv cases_bmc/bakery_formula_sym2_3proc.hq 10 pes
-- 1.3 BAKERY 5PROC SYM1 --
- ./hyperqube.sh cases_bmc/bakery_5procs.smv cases_bmc/bakery_formula_sym1_5proc.hq 10 pes
+ ./hyperqb.sh cases_bmc/bakery_5procs.smv cases_bmc/bakery_formula_sym1_5proc.hq 10 pes
-- 1.4 BAKERY 5PROC SYM2 --
- ./hyperqube.sh cases_bmc/bakery_5procs.smv cases_bmc/bakery_formula_sym2_5proc.hq 10 pes
+ ./hyperqb.sh cases_bmc/bakery_5procs.smv cases_bmc/bakery_formula_sym2_5proc.hq 10 pes
[SNARK]
-- 2.1 SNARK_BUG 1 --
- ./hyperqube.sh cases_bmc/snark1_M1_concurrent.smv cases_bmc/snark1_M2_sequential.smv cases_bmc/snark1_formula.hq 18 pes
+ ./hyperqb.sh cases_bmc/snark1_M1_concurrent.smv cases_bmc/snark1_M2_sequential.smv cases_bmc/snark1_formula.hq 18 pes
-- 2.2 SNARK_BUG 2 --
- ./hyperqube.sh cases_bmc/snark2_new_M1_concurrent.smv cases_bmc/snark2_new_M2_sequential.smv cases_bmc/snark2_formula.hq 30 pes
+ ./hyperqb.sh cases_bmc/snark2_new_M1_concurrent.smv cases_bmc/snark2_new_M2_sequential.smv cases_bmc/snark2_formula.hq 30 pes
[3-thread]
-- 3.1 3-thread incorrect --
- ./hyperqube.sh cases_bmc/NI_incorrect.smv cases_bmc/NI_formula.hq 50 hpes
+ ./hyperqb.sh cases_bmc/NI_incorrect.smv cases_bmc/NI_formula.hq 50 hpes
-- 3.2 3-thread correct --
- ./hyperqube.sh cases_bmc/NI_correct.smv cases_bmc/NI_formula.hq 50 hopt
+ ./hyperqb.sh cases_bmc/NI_correct.smv cases_bmc/NI_formula.hq 50 hopt
[Non-repudiation Protocol]
-- 4.1 NRP incorrect
- ./hyperqube.sh cases_bmc/NRP_incorrect.smv cases_bmc/NRP_formula.hq 15 hpes
+ ./hyperqb.sh cases_bmc/NRP_incorrect.smv cases_bmc/NRP_formula.hq 15 hpes
-- 4.2 NRP_correct --
- ./hyperqube.sh cases_bmc/NRP_correct.smv cases_bmc/NRP_formula.hq 15 hopt
+ ./hyperqb.sh cases_bmc/NRP_correct.smv cases_bmc/NRP_formula.hq 15 hopt
@@ -66,35 +66,35 @@ Experiments in the tool paper:
[Shortest Path]
-- Shortest Path 10x10 --
- ./hyperqube.sh cases_bmc/robotic_sp_100.smv cases_bmc/robotic_sp_formula.hq 20 hpes -find
+ ./hyperqb.sh cases_bmc/robotic_sp_100.smv cases_bmc/robotic_sp_formula.hq 20 hpes -find
-- Shortest Path 20x20 --
- ./hyperqube.sh cases_bmc/robotic_sp_400.smv cases_bmc/robotic_sp_formula.hq 40 hpes -find
+ ./hyperqb.sh cases_bmc/robotic_sp_400.smv cases_bmc/robotic_sp_formula.hq 40 hpes -find
-- Shortest Path 40x40 --
- ./hyperqube.sh cases_bmc/robotic_sp_1600.smv cases_bmc/robotic_sp_formula.hq 80 hpes -find
+ ./hyperqb.sh cases_bmc/robotic_sp_1600.smv cases_bmc/robotic_sp_formula.hq 80 hpes -find
-- Shortest Path 60x60 --
- ./hyperqube.sh cases_bmc/robotic_sp_3600.smv cases_bmc/robotic_sp_formula.hq 120 hpes -find
+ ./hyperqb.sh cases_bmc/robotic_sp_3600.smv cases_bmc/robotic_sp_formula.hq 120 hpes -find
[Initial State Robustness]
-- Robustness 10x10 --
- ./hyperqube.sh cases_bmc/robotic_robustness_100.smv cases_bmc/robotic_robustness_formula.hq 20 hpes -find
+ ./hyperqb.sh cases_bmc/robotic_robustness_100.smv cases_bmc/robotic_robustness_formula.hq 20 hpes -find
-- Robustness 20x20 --
- ./hyperqube.sh cases_bmc/robotic_robustness_400.smv cases_bmc/robotic_robustness_formula.hq 40 hpes -find
+ ./hyperqb.sh cases_bmc/robotic_robustness_400.smv cases_bmc/robotic_robustness_formula.hq 40 hpes -find
-- Robustness 40x40 --
- ./hyperqube.sh cases_bmc/robotic_robustness_1600.smv cases_bmc/robotic_robustness_formula.hq 80 hpes -find
+ ./hyperqb.sh cases_bmc/robotic_robustness_1600.smv cases_bmc/robotic_robustness_formula.hq 80 hpes -find
-- Robustness 60x60 --
- ./hyperqube.sh cases_bmc/robotic_robustness_3600.smv cases_bmc/robotic_robustness_formula.hq 120 hpes -find
+ ./hyperqb.sh cases_bmc/robotic_robustness_3600.smv cases_bmc/robotic_robustness_formula.hq 120 hpes -find
[Mutation Testing]
- ./hyperqube.sh cases_bmc/mutation_testing.smv cases_bmc/mutation_testing.hq 10 hpes -find
+ ./hyperqb.sh cases_bmc/mutation_testing.smv cases_bmc/mutation_testing.hq 10 hpes -find
diff --git a/cases_bmc/.DS_Store b/cases_bmc/.DS_Store
index 49cc29fe..34938882 100644
Binary files a/cases_bmc/.DS_Store and b/cases_bmc/.DS_Store differ
diff --git a/cases_bmc/bakery/bakery_3procs.smv b/cases_bmc/bakery/bakery_3procs.smv
deleted file mode 100644
index a5bb37b6..00000000
--- a/cases_bmc/bakery/bakery_3procs.smv
+++ /dev/null
@@ -1,206 +0,0 @@
---BAKERY ALGORITHM
-MODULE main
- VAR
- -- p1_status: 0..2; -- 0: non-critical, 1: waiting, 2: critical
- -- p2_status: 0..2; -- 0: non-critical, 1: waiting, 2: critical
- -- p3_status: 0..2; -- 0: non-critical, 1: waiting, 2: critical
-
- p1_ticket: 0..3; -- the ticket number of p1
- p2_ticket: 0..3; -- the ticket number of p2
- p3_ticket: 0..3; -- the ticket number of p2
-
- MAX_ticket: 0..3; -- let's say max ticket number is 3
-
- -- TOKEN: 1..3;
-
- p1_line: 0..4;
- p2_line: 0..4;
- p3_line: 0..4;
-
-
- --- (problmatic)
- -- proc1: process a_process(p1_ticket, p2_ticket, p1_status, p2_status, MAX_ticket);
- -- proc2: process a_process(p2_ticket, p1_ticket, p2_status, p1_status, MAX_ticket);
-
- -- FirstID: 1..2;
- -- SecondID: 1..2;
- -- proc1: process a_process(p1_ticket, p2_ticket, p1_status, p2_status, MAX_ticket, FirstID,TOKEN);
- -- proc2: process a_process(p2_ticket, p1_ticket, p2_status, p1_status, MAX_ticket, SecondID,TOKEN);
-
-
- ASSIGN
-
-
- -- case
- -- (TOKEN=1) : {2,3};
- -- (TOKEN=2) : {1,3};
- -- (TOKEN=3) : {1,2};
- -- esac;
- -- init(p1_status) := 0;
- -- init(p2_status) := 0;
- -- init(p3_status) := 0;
-
- init(p1_ticket) := 3; -- set to MAX
- init(p2_ticket) := 3; -- set to MAX
- init(p3_ticket) := 3; -- set to MAX
-
-
-
- init(p1_line) := 0;
- init(p2_line) := 0;
- init(p3_line) := 0;
- -- init(p3_line) := 1;
-
-
-
- -- init(TOKEN) := 1;
- -- next(TOKEN) :=
- -- case
- -- -- (p1_ticket > p2)
- -- (p1_line=3) : {1}; -- p1 has priority
- -- (p2_line=3) : {2};
- -- (p3_line=3) : {3};
- -- TRUE: {1,2,3};
- -- esac;
- init(MAX_ticket):= 0;
- next(MAX_ticket):=
- case
- (MAX_ticket=3): 0; --reset
- (p1_line=1 | p2_line=1 | p3_line=1): MAX_ticket+1;
- TRUE: MAX_ticket;
- esac;
-
- -- This assignment tells me which line I execute next
- next(p1_line) :=
- case
- -- (TOKEN!=1) : p1_line;
- (p1_line=0) : {0,1}; -- stay, or proceed
- -- (p1_line=2 & !(TOKEN=1)) : {2}; -- draw ticket
- (p1_line=1) : {2}; -- draw ticket
- (p1_line=2 & !p1-TOKEN) : {2}; -- check TOKEN
- (p1_line=2 & p1-TOKEN) : {3}; -- check TOKEN
- (p1_line=3) : {4}; -- stay in critical section, or leave
- (p1_line=4) : {0}; -- back to starting point
- TRUE: p1_line;
- esac;
-
- next(p1_ticket):=
- case
- (MAX_ticket=3): 0; --reset
- (p1_line=1): MAX_ticket+1;
- TRUE: p1_ticket;
- esac;
-
-
- next(p2_line) :=
- case
- (p2_line=0) : {0,1}; -- stay, or proceed
- (p2_line=1) : {2};
- (p2_line=2 & !p2-TOKEN): {2}; -- check TOKEN
- (p2_line=2 & p2-TOKEN): {3}; -- check TOKEN
- (p2_line=3) : {4}; -- stay in critical section, or leave
- (p2_line=4) : {0}; -- back to starting point
- TRUE: p2_line;
- esac;
-
- next(p2_ticket):=
- case
- (MAX_ticket=3): 0; --reset
- (p2_line=1): MAX_ticket+1;
- TRUE: p2_ticket;
- esac;
-
-
- next(p3_line) :=
- case
- (p3_line=0) : {0}; -- stay, or proceed
- (p3_line=1) : {2};
- (p3_line=2 & !p3-TOKEN) : 2 ; -- check TOKEN
- (p3_line=2 & p3-TOKEN) : 3 ; -- check TOKEN
- (p3_line=3) : {4}; -- stay in critical section, or leave
- (p3_line=4) : {0}; -- back to starting point
- TRUE: p3_line;
- esac;
-
-
- next(p3_ticket):=
- case
- (MAX_ticket=3): 0; --reset
- (p3_line=1): MAX_ticket+1;
- TRUE: p3_ticket;
- esac;
-
-
- DEFINE
- STARTED := (p1_line!=0 | p2_line!=0 | p3_line!=0);
- p1-TOKEN := STARTED & (p1_line=2) & ((p1_ticket <= p2_ticket) & (p1_ticket <= p3_ticket));
- p2-TOKEN := STARTED & (p2_line=2) & ((((p2_ticket <= p1_ticket) & (p2_ticket <= p3_ticket))) | !p1-TOKEN);
- p3-TOKEN := STARTED & (p3_line=2) & ((((p3_ticket <= p1_ticket) & (p3_ticket <= p2_ticket))) | !p1-TOKEN & !p2-TOKEN);
-
-
-
- -- DEFINE
- -- CRITICAL := (proc1.line=3);
- -- SYM_SELECTED :=
-
---
--- MODULE a_process(my_ticket, others_ticket, my_status, others_status, MAX_ticket, ProcID, TOKEN)
--- VAR
--- line: 1..5;
---
---
-
- -- ASSIGN
- -- init(line) := 1;
- -- -- This assignment tells me which line I execute next
- -- next(line) :=
- -- case
- -- (ProcID!=TOKEN) : line;
- -- (line=1) : {1,2}; -- stay, or proceed
- -- (line=2) : 3;
- -- (line=3) & (others_status=2 | (others_status=1 & ProcID=2)) : 3 ; -- if some smaller IDs are trying
- -- -- keep waiting
- -- (line=3) & !(others_status=2 | (others_status=1 & ProcID=2)) : 4 ; -- go to critical section
- -- (line=4) : {5}; -- stay in critical section, or leave
- -- (line=5) : 1; -- back to starting point
- -- esac;
- --
- -- next(my_status) :=
- -- case
- -- (line=1) : 0;
- -- (line=2) : 0;
- -- (line=3) : 1;
- -- (line=4) : 2;
- -- (line=5) : 0;
- -- TRUE : my_status; -- default case
- -- esac;
- --
- -- next(MAX_ticket):=
- -- case
- -- (MAX_ticket=3): 0; --reset
- -- (line=2): MAX_ticket+1;
- -- !(line=2): MAX_ticket;
- -- esac;
- --
- -- next(my_ticket):=
- -- case
- -- (MAX_ticket=3): 0; --reset
- -- (line=2): MAX_ticket+1;
- -- !(line=2): my_ticket;
- -- esac;
- --
- --
- -- next(others_ticket) := others_ticket; -- don't change it.
- -- next(others_status) := others_status; -- don't change it.
- --
- -- DEFINE
- -- -- CHOSED:= (TOKEN=ProcID);
- -- STAND_BY := line=1;
- -- DRAW_TICKET := line=2;
- -- ATTEMPT := line=3;
- -- CRITICAL_SECTION := line=4;
- -- FINISHED := line=5;
-
-
--- For TESTING only
--- LTLSPEC F(proc1.my_status=1)
diff --git a/cases_bmc/continuity/alignment.hq b/cases_bmc/cav_continuity/alignment.hq
similarity index 100%
rename from cases_bmc/continuity/alignment.hq
rename to cases_bmc/cav_continuity/alignment.hq
diff --git a/cases_bmc/continuity/alignment1.smv b/cases_bmc/cav_continuity/alignment1.smv
similarity index 100%
rename from cases_bmc/continuity/alignment1.smv
rename to cases_bmc/cav_continuity/alignment1.smv
diff --git a/cases_bmc/continuity/alignment2.smv b/cases_bmc/cav_continuity/alignment2.smv
similarity index 100%
rename from cases_bmc/continuity/alignment2.smv
rename to cases_bmc/cav_continuity/alignment2.smv
diff --git a/cases_bmc/continuity/sorting.smv b/cases_bmc/cav_continuity/sorting.smv
similarity index 100%
rename from cases_bmc/continuity/sorting.smv
rename to cases_bmc/cav_continuity/sorting.smv
diff --git a/cases_bmc/cav_coterm/coterm.hq b/cases_bmc/cav_coterm/coterm.hq
new file mode 100644
index 00000000..c9dbfbfd
--- /dev/null
+++ b/cases_bmc/cav_coterm/coterm.hq
@@ -0,0 +1,2 @@
+forall A. forall B.
+(F(halt[A]))<->(F(halt[B]))
diff --git a/cases_bmc/cav_coterm/coterm1.smv b/cases_bmc/cav_coterm/coterm1.smv
new file mode 100644
index 00000000..59626b48
--- /dev/null
+++ b/cases_bmc/cav_coterm/coterm1.smv
@@ -0,0 +1,43 @@
+MODULE main
+
+-- 0 while (x>0){
+-- 1 x = x - y
+-- 2 }
+
+ VAR
+ x:-5..100;
+ t: 0..1;
+ location: 0..2;
+
+ FROZENVAR
+ y: 0..5;
+
+ ASSIGN
+ init(location) := 1;
+ init(x) := 100;
+ init(t) := 0;
+ init(y) := 2;
+
+ next(location) :=
+ case
+ ((location = 1) & (x > 0)): 1;
+ ((location = 1) & (x <= 0)) : 2;
+ TRUE: location ;
+ esac;
+
+ next(x) :=
+ case
+ ((location = 1) & (x > 0)): x - y;
+ ((location = 1) & (x <= 0)) : x;
+ TRUE : x;
+ esac;
+
+ next(t) :=
+ case
+ (location = 1): 0;
+ (location = 2): 1;
+ TRUE : t;
+ esac;
+
+ DEFINE
+ halt := location = 2 ;
diff --git a/cases_bmc/cav_coterm/coterm2.smv b/cases_bmc/cav_coterm/coterm2.smv
new file mode 100644
index 00000000..eb3600bb
--- /dev/null
+++ b/cases_bmc/cav_coterm/coterm2.smv
@@ -0,0 +1,43 @@
+MODULE main
+
+-- 0 while (x>0){
+-- 1 x = x - (2 x y)
+-- 2 }
+
+ VAR
+ x:-10..100;
+ t: 0..1;
+ location: 0..2;
+
+ FROZENVAR
+ y: 0..5;
+
+ ASSIGN
+ init(location) := 1;
+ init(x) := 100;
+ init(t) := 0;
+ init(y) := 2;
+
+ next(location) :=
+ case
+ ((location = 1) & (x > 0)): 1;
+ ((location = 1) & (x <= 0)) : 2;
+ TRUE: location ;
+ esac;
+
+ next(x) :=
+ case
+ ((location = 1) & (x > 0)): (x - (2 * y));
+ ((location = 1) & (x <= 0)) : x;
+ TRUE : x;
+ esac;
+
+ next(t) :=
+ case
+ (location = 1): 0;
+ (location = 2): 1;
+ TRUE : t;
+ esac;
+
+ DEFINE
+ halt := location = 2 ;
diff --git a/cases_bmc/cav_deniability/den.hq b/cases_bmc/cav_deniability/den.hq
new file mode 100644
index 00000000..572eaca7
--- /dev/null
+++ b/cases_bmc/cav_deniability/den.hq
@@ -0,0 +1,3 @@
+forall A. exists B. exists C.
+G((*debits_amount[A]=debits_amount[B]*)/\(*debits_amount[A]=debits_amount[C]*)/\
+(*init_balance[B]=init_balance[C]*))
diff --git a/cases_bmc/deniability/electronic_wallet.smv b/cases_bmc/cav_deniability/electronic_wallet.smv
similarity index 92%
rename from cases_bmc/deniability/electronic_wallet.smv
rename to cases_bmc/cav_deniability/electronic_wallet.smv
index 81eea46f..d43a4ed4 100644
--- a/cases_bmc/deniability/electronic_wallet.smv
+++ b/cases_bmc/cav_deniability/electronic_wallet.smv
@@ -1,14 +1,14 @@
MODULE main
VAR
- init_balance: 0..10;
+ init_balance: 0..20;
debits_amount: 1..10;
PC: 1..6;
num_itr: 0..11;
halt: boolean;
ASSIGN
-- Initial Conditions
- init(init_balance):= 10;
- init(debits_amount) := 3..5;
+ init(init_balance):= 0..20;
+ init(debits_amount) := 1..10;
init(num_itr):= 0;
init(PC):= 1; -- but program counter starts at 1.
init(halt) := FALSE;
diff --git a/cases_bmc/cav_ksafety/arrayInsert.hq b/cases_bmc/cav_ksafety/arrayInsert.hq
new file mode 100644
index 00000000..980475f3
--- /dev/null
+++ b/cases_bmc/cav_ksafety/arrayInsert.hq
@@ -0,0 +1,2 @@
+forall A. forall B.
+G(*i[A] = i[B]*)
diff --git a/cases_bmc/cav_ksafety/arrayInsert.smv b/cases_bmc/cav_ksafety/arrayInsert.smv
new file mode 100644
index 00000000..d61f2624
--- /dev/null
+++ b/cases_bmc/cav_ksafety/arrayInsert.smv
@@ -0,0 +1,81 @@
+MODULE main
+ VAR
+ location: 1..7;
+ i: 0..5;
+ arr: array 0..5 of 0..10;
+
+ FROZENVAR
+ h: 0..10;
+
+ ASSIGN
+ init(location) := 1;
+ init(arr[0]) := 0;
+ init(arr[1]) := 2;
+ init(arr[2]) := 4;
+ init(arr[3]) := 6;
+ init(arr[4]) := 10;
+ --init(len) := 5;
+ init(i) := 0;
+ init(h) := {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10};
+
+ next(location) := case
+ (location = 1 & arr[i] < h): 2;
+ (location = 1): 3;
+ (location = 1 & arr[i] >= h): 3;
+ (location = 2): 3;
+ (location = 3): 4;
+ (location = 4): 5;
+ (location = 5 & i < 5): 6;
+ (location = 5 & i >= 5): 7;
+ (location = 6) : 5;
+ TRUE: location ;
+ esac;
+
+ next(i) := case
+ (location = 2 & i < 5) : i + 1;
+ (location = 6 & i < 5) : i + 1;
+ TRUE: i;
+ esac;
+
+ next(arr[0]) := case
+ (location = 3 & i = 0) : h;
+ (location = 3 & i >= 1) : arr[0];
+ TRUE: arr[0];
+ esac;
+
+ next(arr[1]) := case
+ (location = 3 & i = 0) : arr[0];
+ (location = 3 & i = 1) : h;
+ (location = 3 & i >= 2) : arr[1];
+ TRUE: arr[0];
+ esac;
+
+ next(arr[2]) := case
+ (location = 3 & i <= 1) : arr[1];
+ (location = 3 & i = 2) : h;
+ (location = 3 & i >= 3) : arr[2];
+ TRUE: arr[0];
+ esac;
+
+ next(arr[3]) := case
+ (location = 3 & i <= 2) : arr[2];
+ (location = 3 & i = 3) : h;
+ (location = 3 & i >= 4) : arr[3];
+ TRUE: arr[0];
+ esac;
+
+ next(arr[4]) := case
+ (location = 3 & i <= 3) : arr[3];
+ (location = 3 & i = 4) : h;
+ (location = 3 & i >= 5) : arr[4];
+ TRUE: arr[0];
+ esac;
+
+ next(arr[5]) := case
+ (location = 3 & i <= 4) : arr[4];
+ (location = 3 & i = 5) : h;
+ TRUE: arr[0];
+ esac;
+
+ DEFINE
+ halt := location = 7 ;
\ No newline at end of file
diff --git a/cases_bmc/cav_ksafety/doubleSquare.smv b/cases_bmc/cav_ksafety/doubleSquare.smv
new file mode 100644
index 00000000..6c855055
--- /dev/null
+++ b/cases_bmc/cav_ksafety/doubleSquare.smv
@@ -0,0 +1,57 @@
+MODULE main
+-- calculating 2^x
+-- doubleSquare(bool h, int x) {
+-- INIT: int z, y=0;
+-- 1 if (h)
+-- 2 { z = 2 * x; }
+-- 3 else { z = x; }
+-- 4 while (z>0)
+-- 5 { z - - ; y = y+x; }
+-- 6 if (!h) { y = 2 * y; }
+-- 7 return y;
+-- }
+ VAR
+ location: 1..7;
+ y: 0..50;
+ z: 0..20;
+
+ FROZENVAR
+ h: boolean;
+ x: 0..10;
+
+ ASSIGN
+ init(location) := 1 ;
+ init(h) := {TRUE, FALSE} ;
+ init(x) := 0..5;
+ init(y) := 0;
+ init(z) := 0;
+
+ next(location) := case
+ (location = 1 & !h): 3;
+ (location = 1 & h): 2;
+ (location = 3) : 4;
+ (location = 2) : 4;
+ (location = 4 & z > 0) : 5;
+ (location = 4 & z = 0) : 6;
+ (location = 5) : 4; -- jump back
+ (location = 6): 7;
+ TRUE: location ;
+ esac;
+
+ next(y) :=
+ case
+ (location = 5 & (y <= 50 - x) & z > 0) : y + x;
+ (location = 6 & !h & (y <= 25)): 2 * y;
+ TRUE: y;
+ esac;
+
+ next(z) :=
+ case
+ (h & location = 1) : 2 * x;
+ (!h & location = 1) : x;
+ (location = 5 & z > 0) : (z - 1);
+ TRUE: z;
+ esac;
+
+DEFINE
+ halt := location = 7 ;
diff --git a/cases_bmc/cav_ksafety/doubleSquare1.hq b/cases_bmc/cav_ksafety/doubleSquare1.hq
new file mode 100644
index 00000000..8a53e6c4
--- /dev/null
+++ b/cases_bmc/cav_ksafety/doubleSquare1.hq
@@ -0,0 +1,3 @@
+forall A. forall B.
+(F(halt[A]/\halt[B]))/\
+((F(*x[A] = x[B]*)) -> (G((halt[A]/\halt[B]) -> (*y[A] = y[B]*))))
diff --git a/cases_bmc/cav_ksafety/doubleSquare_tbd.hq b/cases_bmc/cav_ksafety/doubleSquare_tbd.hq
new file mode 100644
index 00000000..f8a49314
--- /dev/null
+++ b/cases_bmc/cav_ksafety/doubleSquare_tbd.hq
@@ -0,0 +1,2 @@
+forall A. exists B.
+G(!(h[A] <-> h[B]) /\ (*x[A] = x[B]*) /\ halt[A] /\ halt[B]) -> G(*y[A] = y[B]*)
\ No newline at end of file
diff --git a/cases_bmc/cav_shared_buffer/buffer.png b/cases_bmc/cav_shared_buffer/buffer.png
new file mode 100644
index 00000000..596c9cbb
Binary files /dev/null and b/cases_bmc/cav_shared_buffer/buffer.png differ
diff --git a/cases_bmc/cav_shared_buffer/classic_OD.hq b/cases_bmc/cav_shared_buffer/classic_OD.hq
new file mode 100644
index 00000000..1d7b1e76
--- /dev/null
+++ b/cases_bmc/cav_shared_buffer/classic_OD.hq
@@ -0,0 +1,4 @@
+forall A. forall B.
+G((*P2_unclass_in[A]=P2_unclass_in[B]*)
+->
+(*P2_unclass_out[A]=P2_unclass_out[B]*))
diff --git a/cases_bmc/cav_shared_buffer/intrans_GMNI.hq b/cases_bmc/cav_shared_buffer/intrans_GMNI.hq
new file mode 100644
index 00000000..42311d0d
--- /dev/null
+++ b/cases_bmc/cav_shared_buffer/intrans_GMNI.hq
@@ -0,0 +1,8 @@
+forall A. exists B.
+(G((!(*P1_sec_in[A]=P1_sec_in[B]*)))
+/\
+(G(((sec_read[A]<->sec_read[B]) /\
+ (sec_write[A]<->sec_write[B])/\
+ (unclass_read[A]<->unclass_read[B])/\
+ (unclass_write[A]<->unclass_write[B]))\/
+(*P2_unclass_out[A]=P2_unclass_out[B]*))))
diff --git a/cases_bmc/cav_shared_buffer/intrans_OD.hq b/cases_bmc/cav_shared_buffer/intrans_OD.hq
new file mode 100644
index 00000000..35426a21
--- /dev/null
+++ b/cases_bmc/cav_shared_buffer/intrans_OD.hq
@@ -0,0 +1,9 @@
+forall A. forall B.
+G(((*P2_unclass_in[A]=P2_unclass_in[B]*))
+->
+((no_conflict[A]/\no_conflict[B])->
+(((sec_read[A]<->sec_read[B]) /\
+ (sec_write[A]<->sec_write[B])/\
+ (unclass_read[A]<->unclass_read[B])/\
+ (unclass_write[A]<->unclass_write[B]))->
+(*P2_unclass_out[A]=P2_unclass_out[B]*))))
diff --git a/cases_bmc/cav_shared_buffer/scheduled_buffer.smv b/cases_bmc/cav_shared_buffer/scheduled_buffer.smv
new file mode 100644
index 00000000..eb4dde17
--- /dev/null
+++ b/cases_bmc/cav_shared_buffer/scheduled_buffer.smv
@@ -0,0 +1,79 @@
+MODULE main
+VAR
+ P1_sec_in: 0..3;
+ P2_unclass_in: 0..3;
+ P1_sec_out: 0..3;
+ P2_unclass_out: 0..3;
+
+ shared_buffer: 0..3;
+
+ sec_write: boolean;
+ sec_read: boolean;
+
+ unclass_write: boolean;
+ unclass_read: boolean;
+
+ PC: 1..3;
+ASSIGN
+ -- Initial Conditions
+ init(P1_sec_in):= 0..3;
+ init(P1_sec_out):= 0;
+ init(P2_unclass_in):= 0..3;
+ init(P2_unclass_out):= 0;
+ init(shared_buffer) := 0;
+ init(sec_write):= {TRUE, FALSE};
+ init(sec_read):= {FALSE};
+ init(unclass_write):= {TRUE, FALSE};
+ init(unclass_read):= {FALSE};
+ init(PC) := 1;
+
+ -- Transition Relations
+ next(P1_sec_in) := P1_sec_in;
+ next(P2_unclass_in) := P2_unclass_in;
+ next(sec_write) := sec_write;
+ next(unclass_write) := unclass_write;
+
+ --scheduled
+ next(sec_read) :=
+ case
+ (sec_write): TRUE;
+ (unclass_write): FALSE;
+ TRUE: sec_read;
+ esac;
+ next(unclass_read) :=
+ case
+ (unclass_write): TRUE;
+ (sec_write): FALSE;
+ TRUE: unclass_read;
+ esac;
+
+ next(shared_buffer) :=
+ case
+ ((PC=2) & (sec_write)): P1_sec_in;
+ ((PC=2) & (unclass_write)): P2_unclass_in;
+ TRUE: shared_buffer;
+ esac;
+
+ next(P1_sec_out) :=
+ case
+ ((PC=3) & (sec_read)) : shared_buffer;
+ TRUE: P1_sec_out;
+ esac;
+
+ next(P2_unclass_out) :=
+ case
+ ((PC=3) & (unclass_read)) : shared_buffer;
+ TRUE: P2_unclass_out;
+ esac;
+
+ next(PC) :=
+ case
+ (PC=1): 2;
+ (PC=2): 3;
+ (PC=3): 3;
+ TRUE: PC;
+ esac;
+
+DEFINE
+ halt := PC = 3 ;
+ no_conflict := !(sec_read & unclass_read);
diff --git a/cases_bmc/cav_shared_buffer/unscheduled_buffer.smv b/cases_bmc/cav_shared_buffer/unscheduled_buffer.smv
new file mode 100644
index 00000000..62ebdecf
--- /dev/null
+++ b/cases_bmc/cav_shared_buffer/unscheduled_buffer.smv
@@ -0,0 +1,68 @@
+MODULE main
+VAR
+ -- P1_Mode: 0..1; -- 0: secure, 1: unclassified
+ -- P2_Mode: 0..1; -- 0: secure, 1: unclassified
+ P1_sec_in: 0..3;
+ P2_unclass_in: 0..3;
+ P1_sec_out: 0..3;
+ P2_unclass_out: 0..3;
+
+ shared_buffer: 0..3;
+
+ sec_write: boolean;
+ sec_read: boolean;
+
+ unclass_write: boolean;
+ unclass_read: boolean;
+
+ PC: 1..3;
+ASSIGN
+ -- Initial Conditions
+ init(P1_sec_in):= 0..3;
+ init(P1_sec_out):= 0;
+ init(P2_unclass_in):= 0..3;
+ init(P2_unclass_out):= 0;
+ init(shared_buffer) := 0;
+ init(sec_write):= {TRUE, FALSE};
+ init(sec_read):= {TRUE, FALSE};
+ init(unclass_write):= {TRUE, FALSE};
+ init(unclass_read):= {TRUE, FALSE};
+ init(PC) := 1;
+
+ -- Transition Relations
+ next(P1_sec_in) := P1_sec_in;
+ next(P2_unclass_in) := P2_unclass_in;
+ next(sec_write) := sec_write;
+ next(sec_read) := sec_read;
+ next(unclass_write) := unclass_write;
+ next(unclass_read) := unclass_read;
+
+ next(shared_buffer) :=
+ case
+ ((PC=2) & (sec_write)): P1_sec_in;
+ ((PC=2) & (unclass_write)): P2_unclass_in;
+ TRUE: shared_buffer;
+ esac;
+
+ next(P1_sec_out) :=
+ case
+ ((PC=3) & (sec_read)) : shared_buffer;
+ TRUE: P1_sec_out;
+ esac;
+
+ next(P2_unclass_out) :=
+ case
+ ((PC=3) & (unclass_read)) : shared_buffer;
+ TRUE: P2_unclass_out;
+ esac;
+
+ next(PC) :=
+ case
+ (PC=1): 2;
+ (PC=2): 3;
+ (PC=3): 3;
+ TRUE: PC;
+ esac;
+
+DEFINE
+ halt := PC = 3 ;
diff --git a/cases_bmc/cav_tini/.DS_Store b/cases_bmc/cav_tini/.DS_Store
new file mode 100644
index 00000000..5008ddfc
Binary files /dev/null and b/cases_bmc/cav_tini/.DS_Store differ
diff --git a/cases_bmc/cav_tini/ni_example.smv b/cases_bmc/cav_tini/ni_example.smv
new file mode 100644
index 00000000..71e132e3
--- /dev/null
+++ b/cases_bmc/cav_tini/ni_example.smv
@@ -0,0 +1,56 @@
+MODULE main
+-- gniEx(bool high, int low) {
+-- 1 if (high)
+-- { int x = ndet_int ; // here we assign at the beginning
+-- 2 if (x >= low)
+-- 3 { return x; }
+-- 4 else { while (true) {} } }
+-- else {
+-- 5 int x = low;
+-- while ( ndet_bool ) {
+-- 6 x++; }
+-- return x;
+-- }
+
+ VAR
+ location: 1..7;
+ x: 0..10;
+ nondet: boolean;
+
+ FROZENVAR
+ high: boolean;
+ low: 0..5;
+
+ ASSIGN
+ init(location) := 1 ;
+ init(nondet) := {TRUE, FALSE};
+ init(x) := 0..10;
+ init(low) := {0, 1, 2, 3, 4, 5};
+ init(high) := {TRUE, FALSE};
+
+ next(location) := case
+ (location = 1 & high): 2;
+ (location = 1 & !high): 5;
+ (location = 2 & x >= low) : 3;
+ (location = 2 & x < low) : 4;
+ (location = 5 & !nondet) : 3;
+ (location = 5 & nondet) : 6;
+ (location = 6 & !nondet) : 3;
+ (location = 6 & nondet & x < 10) : 6;
+ (location = 6 & nondet & x = 10) : 7;
+ TRUE: location ;
+ esac;
+
+ next(x) := case
+ (location = 5): low;
+ (location = 6 & x < 10): x + 1;
+ TRUE: x;
+ esac;
+
+ next(nondet) := case
+ (location = 5 | location = 6): {TRUE, FALSE};
+ TRUE: nondet;
+ esac;
+
+DEFINE
+ halt := location = 3 ;
diff --git a/cases_bmc/cav_tini/tini.hq b/cases_bmc/cav_tini/tini.hq
new file mode 100644
index 00000000..d422615a
--- /dev/null
+++ b/cases_bmc/cav_tini/tini.hq
@@ -0,0 +1,3 @@
+forall A. exists B.
+F(halt[A]) ->
+G(~halt[B] \/ ((halt[B])->((~(high[A]<->high[B])) /\ (*x[A]=x[B]*))))
diff --git a/cases_bmc/cav_tsni/.DS_Store b/cases_bmc/cav_tsni/.DS_Store
new file mode 100644
index 00000000..5008ddfc
Binary files /dev/null and b/cases_bmc/cav_tsni/.DS_Store differ
diff --git a/cases_bmc/cav_tsni/ni_example.smv b/cases_bmc/cav_tsni/ni_example.smv
new file mode 100644
index 00000000..2497a5aa
--- /dev/null
+++ b/cases_bmc/cav_tsni/ni_example.smv
@@ -0,0 +1,56 @@
+MODULE main
+-- gniEx(bool high, int low) {
+-- 1 if (high)
+-- { int x = ndet_int ; // here we assign at the beginning
+-- 2 if (x >= low)
+-- 3 { return x; }
+-- 4 else { while (true) {} } }
+-- else {
+-- 5 int x = low;
+-- while ( ndet_bool ) {
+-- 6 x++; }
+-- return x;
+-- }
+
+ VAR
+ location: 1..7;
+ x: 0..10;
+ nondet: boolean;
+
+ FROZENVAR
+ high: boolean;
+ low: 0..5;
+
+ ASSIGN
+ init(location) := 1 ;
+ init(nondet) := {TRUE, FALSE};
+ init(x) := {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10};
+ init(low) := {0, 1, 2, 3, 4, 5};
+ init(high) := {TRUE, FALSE};
+
+ next(location) := case
+ (location = 1 & high): 2;
+ (location = 1 & !high): 5;
+ (location = 2 & x >= low) : 3;
+ (location = 2 & x < low) : 4;
+ (location = 5 & !nondet) : 3;
+ (location = 5 & nondet) : 6;
+ (location = 6 & !nondet) : 3;
+ (location = 6 & nondet & x < 10) : 6;
+ (location = 6 & nondet & x = 10) : 7;
+ TRUE: location ;
+ esac;
+
+ next(x) := case
+ (location = 5): low;
+ (location = 6 & x < 10): x + 1;
+ TRUE: x;
+ esac;
+
+ next(nondet) := case
+ (location = 5 | location = 6): {TRUE, FALSE};
+ TRUE: nondet;
+ esac;
+
+DEFINE
+ halt := location = 3 ;
diff --git a/cases_bmc/cav_tsni/tsni.hq b/cases_bmc/cav_tsni/tsni.hq
new file mode 100644
index 00000000..e7688061
--- /dev/null
+++ b/cases_bmc/cav_tsni/tsni.hq
@@ -0,0 +1,3 @@
+forall A. exists B.
+F(halt[A]) ->
+G(((halt[B])->((~(high[A]<->high[B])) /\ (*x[A]=x[B]*))))
diff --git a/cases_bmc/dummy.hq b/cases_bmc/dummy.hq
new file mode 100644
index 00000000..82a8505e
--- /dev/null
+++ b/cases_bmc/dummy.hq
@@ -0,0 +1 @@
+exists A. exists B. F(~halt[A])
diff --git a/cases_bmc/nrp/NRP_correct.smv b/cases_bmc/nrp/NRP_correct.smv
deleted file mode 100644
index ccd9183b..00000000
--- a/cases_bmc/nrp/NRP_correct.smv
+++ /dev/null
@@ -1,99 +0,0 @@
--- Non-repudiation Protocol
-
--- (1) skip until P->T: m ;
--- (2) skip until P->T: NRO ;
--- (3) T-.Q: m ;
--- (4) skip until Q->T: NRR;
--- (5) T->Q: NRO;
--- (6) T->P: NRR;
-
-
-MODULE main
- VAR
- sender_actions: 0..4; -- 0: skip;
- -- 1: send receiver msg;
- -- 2: send third-party msg:
- -- 3: send receiver NRO;
- -- 4: send send third-party NRO;
-
-
- receiver_actions: 0..2; -- 0: skip;
- -- 1: send sender NRR;
- -- 2: send third-party NRR:
-
-
- thirdparty_actions: 0..3; -- 0: skip;
- -- 1: send receiver msg
- -- 2: send sender NRO;
- -- 3: send receiver NRR:
-
-
- take_turns: 0..2; -- 0: sender, 1:receiver, 2:thridparty
-
- line: 1..7;
-
-
-
- ASSIGN
- init(sender_actions) := 0;
- init(receiver_actions) := 0;
- init(thirdparty_actions) := 0;
-
- init(take_turns) := 0;
- init(line) := 1;
-
-
- next(line) :=
- case
- (line=1 & !(sender_actions=2)) : {1}; -- skip
- (line=1 & sender_actions=2) : {2}; -- P->T NRO
- (line=2 & !(sender_actions=4)) : {2} ; -- skip
- (line=2 & (sender_actions=4)) : {3} ;-- P->T: NRO
- -- (line=3 & !(thirdparty_actions=1)) : {3} ;-- keep waiting
- -- (line=3 & (thirdparty_actions=1)) : {4}; -- T->Q m
- line=3 : {4} ;
- (line=4 & !(receiver_actions=2)) : {4}; -- skip
- (line=4 & (receiver_actions=2)) : {5} ;-- Q->T NRR
- -- (line=5 & !(take_turns=2)) : {6} ;-- wait
- -- (line=5 & (take_turns=2)) : {6} ;-- T->Q NRO
- -- (line=6 & !(take_turns=2)) : {7} ;-- wait
- -- (line=6 & (take_turns=2)) : {7} ;-- T->P NRR
- line=5 : {6} ;
- line=6 : {7} ;
- line=7 : {7} ;-- terminate
- esac;
-
- next(take_turns) :=
- case
- (line=3) : (take_turns);
- (line=6) : (take_turns);
- (line=7) : (take_turns);
- (take_turns=0) : 1;
- (take_turns=1) : 2;
- (take_turns=2) : 0;
- esac;
-
- next(sender_actions) :=
- case
- (take_turns=0) : {0,1,2,3,4};
- !(take_turns=0) : 0;
- esac;
-
- next(receiver_actions) :=
- case
- (take_turns=1) : {0,1,2};
- !(take_turns=1) : 0;
- esac;
-
- next(thirdparty_actions) :=
- case
- (line=3) : {1};
- (line=5) : {2};
- (line=6) : {3};
- (take_turns=2) : {0,1,2,3};
- !(take_turns=2) : 0;
- esac;
-
-
--- For TESTING only
--- LTLSPEC F(proc1.my_status=1)
diff --git a/cases_bmc/nrp/NRP_formula.hq b/cases_bmc/nrp/NRP_formula.hq
deleted file mode 100644
index f6ef7166..00000000
--- a/cases_bmc/nrp/NRP_formula.hq
+++ /dev/null
@@ -1,3 +0,0 @@
-exists A. forall B. (F*line[A]=3* /\ F*line[A]=5* /\ F*line[A]=6* ) /\
-( (G(*sender_actions[A]=sender_actions[B]*)) -> ((F(*line[B]=5*))<-> (F(*line[B]=6*))) ) /\
-( (G(*receiver_actions[A]=receiver_actions[B]*)) -> ((F(*line[B]=5*))<-> (F(*line[B]=6*))) )
diff --git a/cases_bmc/nrp/NRP_incorrect.smv b/cases_bmc/nrp/NRP_incorrect.smv
deleted file mode 100644
index 57b7d3e9..00000000
--- a/cases_bmc/nrp/NRP_incorrect.smv
+++ /dev/null
@@ -1,94 +0,0 @@
--- Non-repudiation Protocol
-
--- (1) skip until P->T: m ;
--- (2) skip until P->T: NRO ;
--- (3) T-.Q: m ;
--- (4) skip until Q->T: NRR;
--- (5) T->Q: NRO;
--- (6) T->P: NRR;
-
-
-MODULE main
- VAR
- sender_actions: 0..4; -- 0: skip;
- -- 1: send receiver msg;
- -- 2: send third-party msg:
- -- 3: send receiver NRO;
- -- 4: send send third-party NRO;
-
- receiver_actions: 0..2; -- 0: skip;
- -- 1: send sender NRR;
- -- 2: send third-party NRR:
-
-
- thirdparty_actions: 0..3; -- 0: skip;
- -- 1: send receiver msg
- -- 2: send sender NRO;
- -- 3: send receiver NRR:
-
-
- take_turns: 0..2; -- 0: sender, 1:receiver, 2:thridparty
-
- line: 1..7;
-
-
-
- ASSIGN
- init(sender_actions) := 0;
- init(receiver_actions) := 0;
- init(thirdparty_actions) := 0;
-
- init(take_turns) := 0;
- init(line) := 1;
-
-
- next(line) :=
- case
- (line=1 & !(sender_actions=2)) : {1}; -- skip
- (line=1 & sender_actions=2) : {2}; -- P->T NRO
- (line=2 & !(sender_actions=4)) : {2} ; -- skip
- (line=2 & (sender_actions=4)) : {3} ;-- P->T: NRO
- -- (line=3 & !(thirdparty_actions=1)) : {3} ;-- keep waiting
- -- (line=3 & (thirdparty_actions=1)) : {4}; -- T->Q m
- line=3 : {4} ;
- line=4 : {5} ;
- (line=5 & !(receiver_actions=2)) : {5}; -- skip
- (line=5 & (receiver_actions=2)) : {6} ;-- Q->T NRR
- line=6 : {7} ;
- line=7 : {7} ;-- terminate
- esac;
-
- next(take_turns) :=
- case
- (line=3) : (take_turns);
- (line=6) : (take_turns);
- (line=7) : (take_turns);
- (take_turns=0) : 1;
- (take_turns=1) : 2;
- (take_turns=2) : 0;
- esac;
-
- next(sender_actions) :=
- case
- (take_turns=0) : {0,1,2,3,4};
- !(take_turns=0) : 0;
- esac;
-
- next(receiver_actions) :=
- case
- (take_turns=1) : {0,1,2};
- !(take_turns=1) : 0;
- esac;
-
- next(thirdparty_actions) :=
- case
- (line=3) : {1};
- (line=4) : {2};
- (line=6) : {3};
- (take_turns=2) : {0,1,2,3};
- !(take_turns=2) : 0;
- esac;
-
-
--- For TESTING only
--- LTLSPEC F(proc1.my_status=1)
diff --git a/cases_bmc/shared_buffer/buffer.smv b/cases_bmc/shared_buffer/buffer.smv
deleted file mode 100644
index 94f50367..00000000
--- a/cases_bmc/shared_buffer/buffer.smv
+++ /dev/null
@@ -1,18 +0,0 @@
-MODULE main
- VAR
- Mode: 0..1; -- 0: secure, 1: unclassified
- PC: 1..3;
- ASSIGN
- -- Initial Conditions
- -- init(Mode): 0..1;
- init(PC): 1; -- but program counter starts at 1.
-
- -- Transition Relations
- next(Mode) := Mode;
- next(PC) :=
- case
- (PC=1): 2;
- (PC=2): 3;
- (PC=3): 3;
- TRUE: PC;
- esac;
diff --git a/cases_bmc/tacas_bakery/bakery_3procs.smv b/cases_bmc/tacas_bakery/bakery_3procs.smv
new file mode 100644
index 00000000..2bdb8451
--- /dev/null
+++ b/cases_bmc/tacas_bakery/bakery_3procs.smv
@@ -0,0 +1,97 @@
+--BAKERY ALGORITHM
+MODULE main
+ VAR
+ -- p1_status: 0..2; -- 0: non-critical, 1: waiting, 2: critical
+ -- p2_status: 0..2; -- 0: non-critical, 1: waiting, 2: critical
+ -- p3_status: 0..2; -- 0: non-critical, 1: waiting, 2: critical
+ p1_ticket: 0..3; -- the ticket number of p1
+ p2_ticket: 0..3; -- the ticket number of p2
+ p3_ticket: 0..3; -- the ticket number of p2
+ MAX_ticket: 0..3; -- let's say max ticket number is 3
+ -- TOKEN: 1..3;
+ p1_line: 0..4;
+ p2_line: 0..4;
+ p3_line: 0..4;
+
+ ASSIGN
+ init(p1_ticket) := 3; -- set to MAX
+ init(p2_ticket) := 3; -- set to MAX
+ init(p3_ticket) := 3; -- set to MAX
+
+ init(p1_line) := 0;
+ init(p2_line) := 0;
+ init(p3_line) := 0;
+
+ init(MAX_ticket):= 0;
+
+ next(MAX_ticket):=
+ case
+ (MAX_ticket=3): 0; --reset
+ (p1_line=1 | p2_line=1 | p3_line=1): MAX_ticket+1;
+ TRUE: MAX_ticket;
+ esac;
+
+ next(p1_line) :=
+ case
+ (p1_line=0) : {0,1}; -- stay, or proceed
+ (p1_line=1) : {2}; -- draw ticket
+ (p1_line=2 & !p1-TOKEN) : {2}; -- check TOKEN
+ (p1_line=2 & p1-TOKEN) : {3}; -- check TOKEN
+ (p1_line=3) : {4}; -- stay in critical section, or leave
+ (p1_line=4) : {0}; -- back to starting point
+ TRUE: p1_line;
+ esac;
+
+ next(p1_ticket):=
+ case
+ (MAX_ticket=3): 0; --reset
+ (p1_line=1): MAX_ticket+1;
+ TRUE: p1_ticket;
+ esac;
+
+
+ next(p2_line) :=
+ case
+ (p2_line=0) : {0,1}; -- stay, or proceed
+ (p2_line=1) : {2};
+ (p2_line=2 & !p2-TOKEN): {2}; -- check TOKEN
+ (p2_line=2 & p2-TOKEN): {3}; -- check TOKEN
+ (p2_line=3) : {4}; -- stay in critical section, or leave
+ (p2_line=4) : {0}; -- back to starting point
+ TRUE: p2_line;
+ esac;
+
+ next(p2_ticket):=
+ case
+ (MAX_ticket=3): 0; --reset
+ (p2_line=1): MAX_ticket+1;
+ TRUE: p2_ticket;
+ esac;
+
+
+ next(p3_line) :=
+ case
+ (p3_line=0) : {0}; -- stay, or proceed
+ (p3_line=1) : {2};
+ (p3_line=2 & !p3-TOKEN) : 2 ; -- check TOKEN
+ (p3_line=2 & p3-TOKEN) : 3 ; -- check TOKEN
+ (p3_line=3) : {4}; -- stay in critical section, or leave
+ (p3_line=4) : {0}; -- back to starting point
+ TRUE: p3_line;
+ esac;
+
+
+ next(p3_ticket):=
+ case
+ (MAX_ticket=3): 0; --reset
+ (p3_line=1): MAX_ticket+1;
+ TRUE: p3_ticket;
+ esac;
+
+
+ DEFINE
+ STARTED := (p1_line!=0 | p2_line!=0 | p3_line!=0);
+ SELECTING := (p1_line=3 | p2_line=3 | p3_line=3);
+ p1-TOKEN := STARTED & ((p1_line=2) | (p1_line=3)) & ((p1_ticket <= p2_ticket) & (p1_ticket <= p3_ticket));
+ p2-TOKEN := STARTED & ((p2_line=2) | (p2_line=3)) & ((((p2_ticket <= p1_ticket) & (p2_ticket <= p3_ticket))) | !p1-TOKEN);
+ p3-TOKEN := STARTED & ((p3_line=2) | (p3_line=3)) & ((((p3_ticket <= p1_ticket) & (p3_ticket <= p2_ticket))) | !p1-TOKEN & !p2-TOKEN);
diff --git a/cases_bmc/bakery/bakery_5procs.smv b/cases_bmc/tacas_bakery/bakery_5procs.smv
similarity index 100%
rename from cases_bmc/bakery/bakery_5procs.smv
rename to cases_bmc/tacas_bakery/bakery_5procs.smv
diff --git a/cases_bmc/bakery/bakery_formula_S1_3proc.hq b/cases_bmc/tacas_bakery/bakery_formula_S1_3proc.hq
similarity index 80%
rename from cases_bmc/bakery/bakery_formula_S1_3proc.hq
rename to cases_bmc/tacas_bakery/bakery_formula_S1_3proc.hq
index 06e2171b..de3c42b7 100644
--- a/cases_bmc/bakery/bakery_formula_S1_3proc.hq
+++ b/cases_bmc/tacas_bakery/bakery_formula_S1_3proc.hq
@@ -5,4 +5,4 @@ G((*p1_line[A]=0* <-> *p2_line[B]=0*)
/\ (*p2_line[A]=1* <-> *p1_line[B]=1*)
/\ (*p1_line[A]=4* <-> *p2_line[B]=4*)
/\ (*p2_line[A]=4* <-> *p1_line[B]=4*))/\
-F(~(*p1_line[A] = p2_line[B]*) \/ ~(*p2_line[A] = p1_line[B]*))
+F(~(*p1_line[A]=p2_line[B]*) \/ ~(*p2_line[A]=p1_line[B]*))
diff --git a/cases_bmc/bakery/bakery_formula_S2_3proc.hq b/cases_bmc/tacas_bakery/bakery_formula_S2_3proc.hq
similarity index 56%
rename from cases_bmc/bakery/bakery_formula_S2_3proc.hq
rename to cases_bmc/tacas_bakery/bakery_formula_S2_3proc.hq
index 72174607..70999c9d 100644
--- a/cases_bmc/bakery/bakery_formula_S2_3proc.hq
+++ b/cases_bmc/tacas_bakery/bakery_formula_S2_3proc.hq
@@ -1,10 +1,10 @@
-forall A. exists B.
+exists A. exists B.
G((*p1_line[A]=0* <-> *p2_line[B]=0*)
/\ (*p2_line[A]=0* <-> *p1_line[B]=0*)
/\ (*p1_line[A]=1* <-> *p2_line[B]=1*)
/\ (*p2_line[A]=1* <-> *p1_line[B]=1*)
-/\ (*p1_line[A]=3* <-> *p2_line[B]=3*)
-/\ (*p2_line[A]=3* <-> *p1_line[B]=3*)
/\ (*p1_line[A]=4* <-> *p2_line[B]=4*)
-/\ (*p2_line[A]=4* <-> *p1_line[B]=4*))/\
+/\ (*p2_line[A]=4* <-> *p1_line[B]=4*)
+/\ ((SELECTING[A]) -> (p1-TOKEN[A] \/ p2-TOKEN[A] \/ p3-TOKEN[A]))
+/\ ((SELECTING[B]) -> (p1-TOKEN[B] \/ p2-TOKEN[B] \/ p3-TOKEN[B])))/\
F(~(*p1_line[A] = p2_line[B]*) \/ ~(*p2_line[A] = p1_line[B]*))
diff --git a/cases_bmc/bakery/bakery_formula_S3_3proc.hq b/cases_bmc/tacas_bakery/bakery_formula_S3_3proc.hq
similarity index 71%
rename from cases_bmc/bakery/bakery_formula_S3_3proc.hq
rename to cases_bmc/tacas_bakery/bakery_formula_S3_3proc.hq
index 904da22d..7e44a5f4 100644
--- a/cases_bmc/bakery/bakery_formula_S3_3proc.hq
+++ b/cases_bmc/tacas_bakery/bakery_formula_S3_3proc.hq
@@ -1,12 +1,14 @@
-exists A. forall B.
+exists A. exists B.
G((p1-TOKEN[A] <-> p2-TOKEN[B])
/\(p2-TOKEN[A] <-> p1-TOKEN[B])
+/\(p1-TOKEN[A] <-> p3-TOKEN[B])
+/\(p3-TOKEN[A] <-> p1-TOKEN[B])
+/\(p2-TOKEN[A] <-> p3-TOKEN[B])
+/\(p3-TOKEN[A] <-> p2-TOKEN[B])
/\ (*p1_line[A]=0* <-> *p2_line[B]=0*)
/\ (*p2_line[A]=0* <-> *p1_line[B]=0*)
/\ (*p1_line[A]=1* <-> *p2_line[B]=1*)
/\ (*p2_line[A]=1* <-> *p1_line[B]=1*)
-/\ (*p1_line[A]=3* <-> *p2_line[B]=3*)
-/\ (*p2_line[A]=3* <-> *p1_line[B]=3*)
/\ (*p1_line[A]=4* <-> *p2_line[B]=4*)
/\ (*p2_line[A]=4* <-> *p1_line[B]=4*))/\
F(~(*p1_line[A] = p2_line[B]*) \/ ~(*p2_line[A] = p1_line[B]*))
diff --git a/cases_bmc/bakery/bakery_formula_sym1_3proc.hq b/cases_bmc/tacas_bakery/bakery_formula_sym1_3proc.hq
similarity index 100%
rename from cases_bmc/bakery/bakery_formula_sym1_3proc.hq
rename to cases_bmc/tacas_bakery/bakery_formula_sym1_3proc.hq
diff --git a/cases_bmc/bakery/bakery_formula_sym1_5proc.hq b/cases_bmc/tacas_bakery/bakery_formula_sym1_5proc.hq
similarity index 100%
rename from cases_bmc/bakery/bakery_formula_sym1_5proc.hq
rename to cases_bmc/tacas_bakery/bakery_formula_sym1_5proc.hq
diff --git a/cases_bmc/bakery/bakery_formula_sym2_3proc.hq b/cases_bmc/tacas_bakery/bakery_formula_sym2_3proc.hq
similarity index 100%
rename from cases_bmc/bakery/bakery_formula_sym2_3proc.hq
rename to cases_bmc/tacas_bakery/bakery_formula_sym2_3proc.hq
diff --git a/cases_bmc/bakery/bakery_formula_sym2_5proc.hq b/cases_bmc/tacas_bakery/bakery_formula_sym2_5proc.hq
similarity index 100%
rename from cases_bmc/bakery/bakery_formula_sym2_5proc.hq
rename to cases_bmc/tacas_bakery/bakery_formula_sym2_5proc.hq
diff --git a/cases_bmc/bakery/bakery_try.smv b/cases_bmc/tacas_bakery/bakery_try.smv
similarity index 100%
rename from cases_bmc/bakery/bakery_try.smv
rename to cases_bmc/tacas_bakery/bakery_try.smv
diff --git a/cases_bmc/multi_threaded/NI.smv b/cases_bmc/tacas_multi_threaded/NI.smv
similarity index 100%
rename from cases_bmc/multi_threaded/NI.smv
rename to cases_bmc/tacas_multi_threaded/NI.smv
diff --git a/cases_bmc/multi_threaded/NI_correct.smv b/cases_bmc/tacas_multi_threaded/NI_correct.smv
similarity index 100%
rename from cases_bmc/multi_threaded/NI_correct.smv
rename to cases_bmc/tacas_multi_threaded/NI_correct.smv
diff --git a/cases_bmc/multi_threaded/NI_formula.hq b/cases_bmc/tacas_multi_threaded/NI_formula.hq
similarity index 100%
rename from cases_bmc/multi_threaded/NI_formula.hq
rename to cases_bmc/tacas_multi_threaded/NI_formula.hq
diff --git a/cases_bmc/multi_threaded/NI_incorrect.smv b/cases_bmc/tacas_multi_threaded/NI_incorrect.smv
similarity index 100%
rename from cases_bmc/multi_threaded/NI_incorrect.smv
rename to cases_bmc/tacas_multi_threaded/NI_incorrect.smv
diff --git a/cases_bmc/mutation_testing/mutation_testing.hq b/cases_bmc/tacas_mutation_testing/mutation_testing.hq
similarity index 100%
rename from cases_bmc/mutation_testing/mutation_testing.hq
rename to cases_bmc/tacas_mutation_testing/mutation_testing.hq
diff --git a/cases_bmc/mutation_testing/mutation_testing.smv b/cases_bmc/tacas_mutation_testing/mutation_testing.smv
similarity index 100%
rename from cases_bmc/mutation_testing/mutation_testing.smv
rename to cases_bmc/tacas_mutation_testing/mutation_testing.smv
diff --git a/cases_bmc/tacas_nrp/NRP_correct.smv b/cases_bmc/tacas_nrp/NRP_correct.smv
new file mode 100644
index 00000000..d87d6e75
--- /dev/null
+++ b/cases_bmc/tacas_nrp/NRP_correct.smv
@@ -0,0 +1,78 @@
+-- NON-REPUDIATION PROTOCOL (correct)
+MODULE main
+ VAR
+ sender_act: 0..4; -- 0: skip;
+ -- 1: send receiver msg;
+ -- 2: send third-party msg:
+ -- 3: send receiver NRO;
+ -- 4: send send third-party NRO;
+
+ receiver_act: 0..2; -- 0: skip;
+ -- 1: send sender NRR;
+ -- 2: send third-party NRR:
+
+ thirdparty_act: 0..3; -- 0: skip;
+ -- 1: send receiver msg
+ -- 2: send sender NRO;
+ -- 3: send receiver NRR:
+
+ take_turns: 0..2; -- 0: sender, 1:receiver, 2:thridparty
+ line: 1..7;
+
+
+ ASSIGN
+ init(sender_act) := 0;
+ init(receiver_act) := 0;
+ init(thirdparty_act) := 0;
+ init(take_turns) := 0;
+ init(line) := 1;
+
+ -- (1) skip until P->T: m ;
+ -- (2) skip until P->T: NRO ;
+ -- (3) T->Q: m ;
+ -- (4) skip until Q->T: NRR;
+ -- (5) T->Q: NRO;
+ -- (6) T->P: NRR;
+ -- (7) TERMINATE;
+ next(line) :=
+ case
+ (line=1 & !(sender_act=2)) : {1}; -- skip
+ (line=1 & sender_act=2) : {2}; -- P->T: m
+ (line=2 & !(sender_act=4)) : {2} ; -- skip
+ (line=2 & (sender_act=4)) : {3} ; -- P->T: NRO
+ line=3 : {4} ;
+ (line=4 & !(receiver_act=2)) : {4}; -- skip
+ (line=4 & (receiver_act=2)) : {5} ; -- Q->T NRR
+ line=5 : {6} ;
+ line=6 : {7} ;
+ line=7 : {7} ; -- terminate
+ esac;
+
+ next(take_turns) :=
+ case
+ (take_turns=0) : 1;
+ (take_turns=1) : 2;
+ (take_turns=2) : 0;
+ TRUE: take_turns;
+ esac;
+
+ next(sender_act) :=
+ case
+ (take_turns=0) : {0,1,2,3,4};
+ !(take_turns=0) : 0;
+ esac;
+
+ next(receiver_act) :=
+ case
+ (take_turns=1) : {0,1,2};
+ !(take_turns=1) : 0;
+ esac;
+
+ next(thirdparty_act) :=
+ case
+ (line=3) : {1};
+ (line=5) : {2};
+ (line=6) : {3};
+ (take_turns=2) : {0,1,2,3};
+ !(take_turns=2) : 0;
+ esac;
diff --git a/cases_bmc/tacas_nrp/NRP_formula.hq b/cases_bmc/tacas_nrp/NRP_formula.hq
new file mode 100644
index 00000000..54dc7c67
--- /dev/null
+++ b/cases_bmc/tacas_nrp/NRP_formula.hq
@@ -0,0 +1,4 @@
+exists A. forall B.
+( F(*line[A]=3*) /\ F(*line[A]=5*) /\ F(*line[A]=6*)) /\
+( (G(*sender_act[A]=sender_act[B]*)) -> ((F(*line[B]=5*))<-> (F(*line[B]=6*))) ) /\
+( (G(*receiver_act[A]=receiver_act[B]*)) -> ((F(*line[B]=5*))<-> (F(*line[B]=6*))) )
diff --git a/cases_bmc/tacas_nrp/NRP_incorrect.smv b/cases_bmc/tacas_nrp/NRP_incorrect.smv
new file mode 100644
index 00000000..0ad300be
--- /dev/null
+++ b/cases_bmc/tacas_nrp/NRP_incorrect.smv
@@ -0,0 +1,79 @@
+-- NON-REPUDIATION PROTOCOL (incorrect)
+MODULE main
+ VAR
+ sender_act: 0..4; -- 0: skip;
+ -- 1: send receiver msg;
+ -- 2: send third-party msg:
+ -- 3: send receiver NRO;
+ -- 4: send send third-party NRO;
+
+ receiver_act: 0..2; -- 0: skip;
+ -- 1: send sender NRR;
+ -- 2: send third-party NRR:
+
+
+ thirdparty_act: 0..3; -- 0: skip;
+ -- 1: send receiver msg
+ -- 2: send sender NRO;
+ -- 3: send receiver NRR:
+
+
+ take_turns: 0..2; -- 0: sender, 1:receiver, 2:thridparty
+ line: 1..7;
+
+ ASSIGN
+ init(sender_act) := 0;
+ init(receiver_act) := 0;
+ init(thirdparty_act) := 0;
+ init(take_turns) := 0;
+ init(line) := 1;
+
+ -- (1) skip until P->T: m ;
+ -- (2) skip until P->T: NRO ;
+ -- (3) T->Q: m ;
+ -- (4) does not skip until Q->T: NRR here! (incorrect)
+ -- (5) T->Q: NRO; instead, skip until Q->T: NRR here!
+ -- (6) T->P: NRR;
+ -- (7) TERMINATE;
+ next(line) :=
+ case
+ (line=1 & !(sender_act=2)) : {1}; -- skip
+ (line=1 & sender_act=2) : {2}; -- P->T: m
+ (line=2 & !(sender_act=4)) : {2} ; -- skip
+ (line=2 & (sender_act=4)) : {3} ; -- P->T: NRO
+ line=3 : {4} ;
+ line=4 : {5} ;
+ (line=5 & !(receiver_act=2)) : {5}; -- skip
+ (line=5 & (receiver_act=2)) : {6} ; -- Q->T NRR
+ line=6 : {7} ;
+ line=7 : {7} ; -- terminate
+ esac;
+
+ next(take_turns) :=
+ case
+ (take_turns=0) : 1;
+ (take_turns=1) : 2;
+ (take_turns=2) : 0;
+ TRUE: take_turns;
+ esac;
+
+ next(sender_act) :=
+ case
+ (take_turns=0) : {0,1,2,3,4};
+ !(take_turns=0) : 0;
+ esac;
+
+ next(receiver_act) :=
+ case
+ (take_turns=1) : {0,1,2};
+ !(take_turns=1) : 0;
+ esac;
+
+ next(thirdparty_act) :=
+ case
+ (line=3) : {1};
+ (line=4) : {2};
+ (line=6) : {3};
+ (take_turns=2) : {0,1,2,3};
+ !(take_turns=2) : 0;
+ esac;
diff --git a/cases_bmc/robotic_planning/robotic.smv b/cases_bmc/tacas_robotic/robotic.smv
similarity index 100%
rename from cases_bmc/robotic_planning/robotic.smv
rename to cases_bmc/tacas_robotic/robotic.smv
diff --git a/cases_bmc/robotic_planning/robotic_help_rb.py b/cases_bmc/tacas_robotic/robotic_help_rb.py
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_help_rb.py
rename to cases_bmc/tacas_robotic/robotic_help_rb.py
diff --git a/cases_bmc/robotic_planning/robotic_help_sp.py b/cases_bmc/tacas_robotic/robotic_help_sp.py
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_help_sp.py
rename to cases_bmc/tacas_robotic/robotic_help_sp.py
diff --git a/cases_bmc/robotic_planning/robotic_robustness_100.smv b/cases_bmc/tacas_robotic/robotic_robustness_100.smv
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_robustness_100.smv
rename to cases_bmc/tacas_robotic/robotic_robustness_100.smv
diff --git a/cases_bmc/robotic_planning/robotic_robustness_1600.smv b/cases_bmc/tacas_robotic/robotic_robustness_1600.smv
similarity index 99%
rename from cases_bmc/robotic_planning/robotic_robustness_1600.smv
rename to cases_bmc/tacas_robotic/robotic_robustness_1600.smv
index 84ec1588..f46cc87b 100644
--- a/cases_bmc/robotic_planning/robotic_robustness_1600.smv
+++ b/cases_bmc/tacas_robotic/robotic_robustness_1600.smv
@@ -13,8 +13,11 @@
next(act):=
case
-- init
- (x_axis=0 & y_axis=0): {1,4};
-
+ --- the boundary of the whole environment
+ (x_axis=0): {1,4};
+ (x_axis=39): {2,3};
+ (y_axis=0): {1,4};
+ (y_axis=39): {2,3};
(x_axis=0 & ((y_axis=5) | (y_axis=6) | (y_axis=7) | (y_axis=8) | (y_axis=9) | (y_axis=10) | (y_axis=11) | (y_axis=12) | (y_axis=13) | (y_axis=14) | (y_axis=15) | (y_axis=16) | (y_axis=17) | (y_axis=18) | (y_axis=19) | (y_axis=20) | (y_axis=21) | (y_axis=22) | (y_axis=23) | (y_axis=24) | (y_axis=25) | (y_axis=26) | (y_axis=27) | (y_axis=28) | (y_axis=29) | (y_axis=30) | (y_axis=31) | (y_axis=32) | (y_axis=33) | (y_axis=34) | (y_axis=35) | (y_axis=36) | (y_axis=37) | (y_axis=38) | (y_axis=39)) ): act;
(x_axis=1 & ((y_axis=6) | (y_axis=7) | (y_axis=8) | (y_axis=9) | (y_axis=10) | (y_axis=11) | (y_axis=12) | (y_axis=13) | (y_axis=14) | (y_axis=15) | (y_axis=16) | (y_axis=17) | (y_axis=18) | (y_axis=19) | (y_axis=20) | (y_axis=21) | (y_axis=22) | (y_axis=23) | (y_axis=24) | (y_axis=25) | (y_axis=26) | (y_axis=27) | (y_axis=28) | (y_axis=29) | (y_axis=30) | (y_axis=31) | (y_axis=32) | (y_axis=33) | (y_axis=34) | (y_axis=35) | (y_axis=36) | (y_axis=37) | (y_axis=38) | (y_axis=39)) ): act;
@@ -170,13 +173,6 @@
-----4
-
- --- the boundary of the whole environment
- (x_axis=0): {1,4};
- (x_axis=39): {2,3};
- (y_axis=0): {1,4};
- (y_axis=39): {2,3};
-
-- else, move to all four directions
TRUE: {1,2,3,4};
esac;
@@ -267,9 +263,6 @@
(x_axis=38 & act=3) : 37 ;
(x_axis=38 & act=4) : 39 ;
(x_axis=39 & act=3) : 38 ;
-
-
-
TRUE: x_axis;
esac;
diff --git a/cases_bmc/robotic_planning/robotic_robustness_3600.smv b/cases_bmc/tacas_robotic/robotic_robustness_3600.smv
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_robustness_3600.smv
rename to cases_bmc/tacas_robotic/robotic_robustness_3600.smv
diff --git a/cases_bmc/robotic_planning/robotic_robustness_400.smv b/cases_bmc/tacas_robotic/robotic_robustness_400.smv
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_robustness_400.smv
rename to cases_bmc/tacas_robotic/robotic_robustness_400.smv
diff --git a/cases_bmc/robotic_planning/robotic_robustness_formula.hq b/cases_bmc/tacas_robotic/robotic_robustness_formula.hq
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_robustness_formula.hq
rename to cases_bmc/tacas_robotic/robotic_robustness_formula.hq
diff --git a/cases_bmc/robotic_planning/robotic_shortestpath.smv b/cases_bmc/tacas_robotic/robotic_shortestpath.smv
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_shortestpath.smv
rename to cases_bmc/tacas_robotic/robotic_shortestpath.smv
diff --git a/cases_bmc/robotic_planning/robotic_sp_100.smv b/cases_bmc/tacas_robotic/robotic_sp_100.smv
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_sp_100.smv
rename to cases_bmc/tacas_robotic/robotic_sp_100.smv
diff --git a/cases_bmc/robotic_planning/robotic_sp_1600.smv b/cases_bmc/tacas_robotic/robotic_sp_1600.smv
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_sp_1600.smv
rename to cases_bmc/tacas_robotic/robotic_sp_1600.smv
diff --git a/cases_bmc/robotic_planning/robotic_sp_3600.smv b/cases_bmc/tacas_robotic/robotic_sp_3600.smv
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_sp_3600.smv
rename to cases_bmc/tacas_robotic/robotic_sp_3600.smv
diff --git a/cases_bmc/robotic_planning/robotic_sp_400.smv b/cases_bmc/tacas_robotic/robotic_sp_400.smv
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_sp_400.smv
rename to cases_bmc/tacas_robotic/robotic_sp_400.smv
diff --git a/cases_bmc/robotic_planning/robotic_sp_formula.hq b/cases_bmc/tacas_robotic/robotic_sp_formula.hq
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_sp_formula.hq
rename to cases_bmc/tacas_robotic/robotic_sp_formula.hq
diff --git a/cases_bmc/robotic_planning/robotic_test.smv b/cases_bmc/tacas_robotic/robotic_test.smv
similarity index 100%
rename from cases_bmc/robotic_planning/robotic_test.smv
rename to cases_bmc/tacas_robotic/robotic_test.smv
diff --git a/cases_bmc/snark/snark1_M1_concurrent.smv b/cases_bmc/tacas_snark/snark1_M1_concurrent.smv
similarity index 100%
rename from cases_bmc/snark/snark1_M1_concurrent.smv
rename to cases_bmc/tacas_snark/snark1_M1_concurrent.smv
diff --git a/cases_bmc/snark/snark1_M2_sequential.smv b/cases_bmc/tacas_snark/snark1_M2_sequential.smv
similarity index 100%
rename from cases_bmc/snark/snark1_M2_sequential.smv
rename to cases_bmc/tacas_snark/snark1_M2_sequential.smv
diff --git a/cases_bmc/snark/snark1_formula.hq b/cases_bmc/tacas_snark/snark1_formula.hq
similarity index 100%
rename from cases_bmc/snark/snark1_formula.hq
rename to cases_bmc/tacas_snark/snark1_formula.hq
diff --git a/cases_bmc/snark/snark2_M1_concurrent.smv b/cases_bmc/tacas_snark/snark2_M1_concurrent.smv
similarity index 100%
rename from cases_bmc/snark/snark2_M1_concurrent.smv
rename to cases_bmc/tacas_snark/snark2_M1_concurrent.smv
diff --git a/cases_bmc/snark/snark2_M2_sequential.smv b/cases_bmc/tacas_snark/snark2_M2_sequential.smv
similarity index 100%
rename from cases_bmc/snark/snark2_M2_sequential.smv
rename to cases_bmc/tacas_snark/snark2_M2_sequential.smv
diff --git a/cases_bmc/snark/snark2_formula.hq b/cases_bmc/tacas_snark/snark2_formula.hq
similarity index 100%
rename from cases_bmc/snark/snark2_formula.hq
rename to cases_bmc/tacas_snark/snark2_formula.hq
diff --git a/cases_bmc/snark/snark2_new_M1_concurrent.smv b/cases_bmc/tacas_snark/snark2_new_M1_concurrent.smv
similarity index 100%
rename from cases_bmc/snark/snark2_new_M1_concurrent.smv
rename to cases_bmc/tacas_snark/snark2_new_M1_concurrent.smv
diff --git a/cases_bmc/snark/snark2_new_M2_sequential.smv b/cases_bmc/tacas_snark/snark2_new_M2_sequential.smv
similarity index 100%
rename from cases_bmc/snark/snark2_new_M2_sequential.smv
rename to cases_bmc/tacas_snark/snark2_new_M2_sequential.smv
diff --git a/cases_bmc/snark/snark2_with_collision_M1_concurrent.smv b/cases_bmc/tacas_snark/snark2_with_collision_M1_concurrent.smv
similarity index 100%
rename from cases_bmc/snark/snark2_with_collision_M1_concurrent.smv
rename to cases_bmc/tacas_snark/snark2_with_collision_M1_concurrent.smv
diff --git a/cases_bmc/snark/snark2_with_collision_M2_sequential.smv b/cases_bmc/tacas_snark/snark2_with_collision_M2_sequential.smv
similarity index 100%
rename from cases_bmc/snark/snark2_with_collision_M2_sequential.smv
rename to cases_bmc/tacas_snark/snark2_with_collision_M2_sequential.smv
diff --git a/cases_bmc/snark/snark2_withtoken_M1_concurrent.smv b/cases_bmc/tacas_snark/snark2_withtoken_M1_concurrent.smv
similarity index 100%
rename from cases_bmc/snark/snark2_withtoken_M1_concurrent.smv
rename to cases_bmc/tacas_snark/snark2_withtoken_M1_concurrent.smv
diff --git a/cases_bmc/snark/snark_notes.txt b/cases_bmc/tacas_snark/snark_notes.txt
similarity index 100%
rename from cases_bmc/snark/snark_notes.txt
rename to cases_bmc/tacas_snark/snark_notes.txt
diff --git a/cases_bmc/snark/snark_overflow.smv b/cases_bmc/tacas_snark/snark_overflow.smv
similarity index 100%
rename from cases_bmc/snark/snark_overflow.smv
rename to cases_bmc/tacas_snark/snark_overflow.smv
diff --git a/cases_compare/.DS_Store b/cases_compare/.DS_Store
new file mode 100644
index 00000000..1c915ecb
Binary files /dev/null and b/cases_compare/.DS_Store differ
diff --git a/cases_compare/NI_f1.hq b/cases_compare/NI_f1.hq
new file mode 100644
index 00000000..a2f3ab3d
--- /dev/null
+++ b/cases_compare/NI_f1.hq
@@ -0,0 +1,4 @@
+forall A. exists B.
+F~(*HIGH[A] = HIGH[B]*)
+/\
+G(*LOW[A] = LOW[B]*)
diff --git a/cases_compare/NI_f2.hq b/cases_compare/NI_f2.hq
new file mode 100644
index 00000000..95e94cde
--- /dev/null
+++ b/cases_compare/NI_f2.hq
@@ -0,0 +1,4 @@
+forall A. exists B.
+F!(*HIGH*_A = *HIGH*_B)
+&
+G(*LOW*_A = *LOW*_B)
diff --git a/cases_compare/NI_v1.smv b/cases_compare/NI_v1.smv
new file mode 100644
index 00000000..f8cfa67d
--- /dev/null
+++ b/cases_compare/NI_v1.smv
@@ -0,0 +1,31 @@
+MODULE main
+-- A simple program that violates non-interference
+--
+-- 1: LOW=false, HIGH={false, true}
+-- 2: if(HIGH):
+-- 3: LOW=true
+--
+
+VAR
+ HIGH: 0..1;
+ LOW: 0..1;
+ PC: 1..3;
+ASSIGN
+ -- Initial Conditions
+ init(HIGH):= {0, 1};
+ init(LOW):= {0};
+ init(PC):= 1; -- program counter starts at 1.
+
+ -- Transition Relations
+ next(HIGH) := HIGH;
+ next(LOW) :=
+ case
+ ((PC=2) & (HIGH=1)): 1;
+ TRUE: LOW;
+ esac;
+ next(PC) :=
+ case
+ (PC=3): 3;
+ TRUE: PC+1;
+ esac;
+DEFINE
diff --git a/cases_compare/NI_v2.smv b/cases_compare/NI_v2.smv
new file mode 100644
index 00000000..73fbd0d2
--- /dev/null
+++ b/cases_compare/NI_v2.smv
@@ -0,0 +1,30 @@
+MODULE main
+-- A simple program that violates non-interference
+--
+-- 1: LOW=0, HIGH={0....10}
+-- 2: if(HIGH>5):
+-- 3: LOW=HIGH
+--
+VAR
+ HIGH: 0..10;
+ LOW: 0..10;
+ PC: 1..3;
+ASSIGN
+ -- Initial Conditions
+ init(HIGH):= {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10};
+ init(LOW):= {0};
+ init(PC):= 1; -- program counter starts at 1.
+
+ -- Transition Relations
+ next(HIGH) := HIGH;
+ next(LOW) :=
+ case
+ ((PC=2) & (HIGH>5)): HIGH;
+ TRUE: LOW;
+ esac;
+ next(PC) :=
+ case
+ (PC=3): 3;
+ TRUE: PC+1;
+ esac;
+DEFINE
diff --git a/cases_compare/NI_v3.smv b/cases_compare/NI_v3.smv
new file mode 100644
index 00000000..0f390bac
--- /dev/null
+++ b/cases_compare/NI_v3.smv
@@ -0,0 +1,36 @@
+MODULE main
+-- A simple program that violates non-interference
+--
+-- 1: LOW=0, HIGH={0}
+-- 2: HIGH={0...10}
+-- 3: if(HIGH>5):
+-- 4: LOW=HIGH
+--
+VAR
+ HIGH: 0..10;
+ LOW: 0..10;
+ PC: 1..4;
+ASSIGN
+ -- Initial Conditions
+ init(HIGH):= {0};
+ init(LOW):= {0};
+ init(PC):= 1; -- program counter starts at 1.
+
+ -- Transition Relations
+ next(HIGH):=
+ case
+ (PC=2): {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10};
+ TRUE: HIGH;
+ esac;
+
+ next(LOW) :=
+ case
+ ((PC=3) & (HIGH>5)): HIGH;
+ TRUE: LOW;
+ esac;
+ next(PC) :=
+ case
+ (PC=4): 4;
+ TRUE: PC+1;
+ esac;
+DEFINE
diff --git a/cases_compare/adv_f1.hq b/cases_compare/adv_f1.hq
new file mode 100644
index 00000000..a784b717
--- /dev/null
+++ b/cases_compare/adv_f1.hq
@@ -0,0 +1,8 @@
+forall A. exists B.
+(G~(WALL[A]))
+->
+(
+ ((G~(WALL[B])) /\ (F(GOAL[B])))
+ /\
+ (G(~((*x-axis[A] = x-axis[B]*) /\ (*y-axis[A] = y-axis[B]*))))
+)
diff --git a/cases_compare/adv_f2.hq b/cases_compare/adv_f2.hq
new file mode 100644
index 00000000..88f99a11
--- /dev/null
+++ b/cases_compare/adv_f2.hq
@@ -0,0 +1,8 @@
+forall A. exists B.
+(G!(*WALL*_A))
+->
+(
+ ((G!(*WALL*_B)) & (F(*GOAL*_B)))
+ &
+ (G(!((*x-axis*_A = *x-axis*_B) & (*y-axis*_A = *y-axis*_B))))
+)
diff --git a/cases_compare/adv_v1.smv b/cases_compare/adv_v1.smv
new file mode 100644
index 00000000..ba1f41b8
--- /dev/null
+++ b/cases_compare/adv_v1.smv
@@ -0,0 +1,39 @@
+MODULE main
+VAR
+ x-axis: 0..2;
+ y-axis: 0..2;
+ action: 0..4;
+ASSIGN
+ -- Initial Conditions
+ init(x-axis):= 1;
+ init(y-axis):= 0;
+ init(action):= {0,1,2,3,4};
+
+ -- Transition Relations
+ next(x-axis) :=
+ case
+ (action=4): x-axis;
+ (action=0 | action=1): x-axis;
+ (action=2 & x-axis=0): x-axis;
+ (action=3 & x-axis=2): x-axis;
+ (action=2 & x-axis!=0): x-axis - 1; -- action2: move left
+ (action=3 & x-axis!=2): x-axis + 1; -- action3: move right
+ TRUE: x-axis;
+ esac;
+
+ next(y-axis) :=
+ case
+ (action=4): y-axis;
+ (action=2 | action=3): y-axis;
+ (action=0 & y-axis=0): y-axis;
+ (action=1 & y-axis=2): y-axis;
+ (action=0 & y-axis!=0): y-axis - 1; -- action 0: move down
+ (action=1 & y-axis!=2): y-axis + 1; -- action 1: move up
+ TRUE: y-axis;
+ esac;
+
+ next(action) := {0, 1, 2, 3};
+
+DEFINE
+ GOAL := (x-axis=1) & (y-axis=2);
+ WALL := (x-axis=2) & (y-axis=1);
diff --git a/cases_compare/adv_v2.smv b/cases_compare/adv_v2.smv
new file mode 100644
index 00000000..eb5d7b9b
--- /dev/null
+++ b/cases_compare/adv_v2.smv
@@ -0,0 +1,39 @@
+MODULE main
+VAR
+ x-axis: 0..3;
+ y-axis: 0..3;
+ action: 0..4;
+ASSIGN
+ -- Initial Conditions
+ init(x-axis):= 0;
+ init(y-axis):= 0;
+ init(action):= {0,1,2,3,4};
+
+ -- Transition Relations
+ next(x-axis) :=
+ case
+ (action=4): x-axis;
+ (action=0 | action=1): x-axis;
+ (action=2 & x-axis=0): x-axis;
+ (action=3 & x-axis=3): x-axis;
+ (action=2 & x-axis!=0): x-axis - 1; -- action2: move left
+ (action=3 & x-axis!=3): x-axis + 1; -- action3: move right
+ TRUE: x-axis;
+ esac;
+
+ next(y-axis) :=
+ case
+ (action=4): y-axis;
+ (action=2 | action=3): y-axis;
+ (action=0 & y-axis=0): y-axis;
+ (action=1 & y-axis=3): y-axis;
+ (action=0 & y-axis!=0): y-axis - 1; -- action 0: move down
+ (action=1 & y-axis!=2): y-axis + 1; -- action 1: move up
+ TRUE: y-axis;
+ esac;
+
+ next(action) := {0, 1, 2, 3}; -- for now don't allow noop
+
+DEFINE
+ GOAL := (x-axis=1) & (y-axis=2);
+ WALL := (x-axis=2) & (y-axis=1);
diff --git a/cases_compare/counting_f1.hq b/cases_compare/counting_f1.hq
new file mode 100644
index 00000000..e24a0445
--- /dev/null
+++ b/cases_compare/counting_f1.hq
@@ -0,0 +1,7 @@
+forall A. exists B. exists C.
+(F(GOALA[B])) /\ (F(GOALB[C]))
+ /\
+G(
+ (STARTED[B]/\STARTED[C])
+ ->
+ (~((*x-axis[B] = x-axis[C]*) /\ (*y-axis[B] = y-axis[C]*))))
diff --git a/cases_compare/counting_f2.hq b/cases_compare/counting_f2.hq
new file mode 100644
index 00000000..1c957d51
--- /dev/null
+++ b/cases_compare/counting_f2.hq
@@ -0,0 +1,7 @@
+forall A. exists B. exists C.
+(F(*GOALA*_B)) & (F(*GOALB*_C))
+&
+G(
+ (*STARTED*_B & *STARTED*_C)
+ ->
+ (!((*x-axis*_B = *x-axis*_C) & (*y-axis*_B = *y-axis*_C))))
diff --git a/cases_compare/counting_opt_v1.smv b/cases_compare/counting_opt_v1.smv
new file mode 100644
index 00000000..ba1f41b8
--- /dev/null
+++ b/cases_compare/counting_opt_v1.smv
@@ -0,0 +1,39 @@
+MODULE main
+VAR
+ x-axis: 0..2;
+ y-axis: 0..2;
+ action: 0..4;
+ASSIGN
+ -- Initial Conditions
+ init(x-axis):= 1;
+ init(y-axis):= 0;
+ init(action):= {0,1,2,3,4};
+
+ -- Transition Relations
+ next(x-axis) :=
+ case
+ (action=4): x-axis;
+ (action=0 | action=1): x-axis;
+ (action=2 & x-axis=0): x-axis;
+ (action=3 & x-axis=2): x-axis;
+ (action=2 & x-axis!=0): x-axis - 1; -- action2: move left
+ (action=3 & x-axis!=2): x-axis + 1; -- action3: move right
+ TRUE: x-axis;
+ esac;
+
+ next(y-axis) :=
+ case
+ (action=4): y-axis;
+ (action=2 | action=3): y-axis;
+ (action=0 & y-axis=0): y-axis;
+ (action=1 & y-axis=2): y-axis;
+ (action=0 & y-axis!=0): y-axis - 1; -- action 0: move down
+ (action=1 & y-axis!=2): y-axis + 1; -- action 1: move up
+ TRUE: y-axis;
+ esac;
+
+ next(action) := {0, 1, 2, 3};
+
+DEFINE
+ GOAL := (x-axis=1) & (y-axis=2);
+ WALL := (x-axis=2) & (y-axis=1);
diff --git a/cases_compare/counting_v1.smv b/cases_compare/counting_v1.smv
new file mode 100644
index 00000000..7916007b
--- /dev/null
+++ b/cases_compare/counting_v1.smv
@@ -0,0 +1,40 @@
+MODULE main
+VAR
+ x-axis: 0..5;
+ y-axis: 0..5;
+ action: 0..4;
+ASSIGN
+ -- Initial Conditions
+ init(x-axis):= 0;
+ init(y-axis):= 0;
+ init(action):= {0,1,2,3,4};
+
+ -- Transition Relations
+ next(x-axis) :=
+ case
+ (action=4): x-axis;
+ (action=0 | action=1): x-axis;
+ (action=2 & x-axis=0): x-axis;
+ (action=3 & x-axis=5): x-axis;
+ (action=2 & x-axis!=0): x-axis - 1; -- action2: move left
+ (action=3 & x-axis!=5): x-axis + 1; -- action3: move right
+ TRUE: x-axis;
+ esac;
+
+ next(y-axis) :=
+ case
+ (action=4): y-axis;
+ (action=2 | action=3): y-axis;
+ (action=0 & y-axis=0): y-axis;
+ (action=1 & y-axis=5): y-axis;
+ (action=0 & y-axis!=0): y-axis - 1; -- action 0: move down
+ (action=1 & y-axis!=5): y-axis + 1; -- action 1: move up
+ TRUE: y-axis;
+ esac;
+
+ next(action) := {0, 1, 2, 3};
+
+DEFINE
+ STARTED := !((x-axis=0) & (y-axis=0));
+ GOALA := (x-axis=0) & (y-axis=5);
+ GOALB := (x-axis=5) & (y-axis=0);
diff --git a/cases_compare/counting_v2.smv b/cases_compare/counting_v2.smv
new file mode 100644
index 00000000..45f42bca
--- /dev/null
+++ b/cases_compare/counting_v2.smv
@@ -0,0 +1,40 @@
+MODULE main
+VAR
+ x-axis: 0..7;
+ y-axis: 0..7;
+ action: 0..4;
+ASSIGN
+ -- Initial Conditions
+ init(x-axis):= 0;
+ init(y-axis):= 0;
+ init(action):= {0,1,2,3,4};
+
+ -- Transition Relations
+ next(x-axis) :=
+ case
+ (action=4): x-axis;
+ (action=0 | action=1): x-axis;
+ (action=2 & x-axis=0): x-axis;
+ (action=3 & x-axis=7): x-axis;
+ (action=2 & x-axis!=0): x-axis - 1; -- action2: move left
+ (action=3 & x-axis!=7): x-axis + 1; -- action3: move right
+ TRUE: x-axis;
+ esac;
+
+ next(y-axis) :=
+ case
+ (action=4): y-axis;
+ (action=2 | action=3): y-axis;
+ (action=0 & y-axis=0): y-axis;
+ (action=1 & y-axis=7): y-axis;
+ (action=0 & y-axis!=0): y-axis - 1; -- action 0: move down
+ (action=1 & y-axis!=7): y-axis + 1; -- action 1: move up
+ TRUE: y-axis;
+ esac;
+
+ next(action) := {0, 1, 2, 3};
+
+DEFINE
+ STARTED := !((x-axis=0) & (y-axis=0));
+ GOALA := (x-axis=0) & (y-axis=7);
+ GOALB := (x-axis=7) & (y-axis=0);
diff --git a/cases_compare/den.smv b/cases_compare/den.smv
new file mode 100644
index 00000000..300ba3c5
--- /dev/null
+++ b/cases_compare/den.smv
@@ -0,0 +1,52 @@
+MODULE main
+ VAR
+ init_balance: 0..20;
+ debits_amount: 1..10;
+ PC: 1..6;
+ num_itr: 0..11;
+ halt: boolean;
+ ASSIGN
+ -- Initial Conditions
+ init(init_balance):= {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20};
+ init(debits_amount) := {1,2,3,4,5,6,7,8,9,10};
+ init(num_itr):= 0;
+ init(PC):= 1; -- but program counter starts at 1.
+ init(halt) := FALSE;
+
+ -- Transition Relations
+ next(init_balance) :=
+ case
+ ((PC=3) & (init_balance - debits_amount > 0)): (init_balance - debits_amount);
+ TRUE: init_balance;
+ esac;
+
+ next(debits_amount) :=
+ case
+ TRUE: debits_amount;
+ esac;
+
+ next(num_itr) :=
+ case
+ (PC=4): num_itr;
+ TRUE: num_itr;
+ esac;
+
+ next(PC) :=
+ case
+ (PC=1): 2; -- num_itr = 0
+ ((PC=2) & (init_balance>debits_amount)): 3; -- while (init_balance >= debits amount)
+ ((PC=2) & (init_balance<=debits_amount)): 5;
+ (PC=3): 4; -- init_balance -= debits_amount
+ (PC=4): 2; -- num_itr += 1
+ (PC=5): 6; -- Return num_itr += 1
+ (PC=6): 6; -- (END)
+ TRUE: PC;
+ esac;
+
+ next(halt) :=
+ case
+ (PC=6): TRUE;
+ TRUE: halt;
+ esac;
+
+DEFINE
diff --git a/cases_compare/den.zip b/cases_compare/den.zip
new file mode 100644
index 00000000..c85aff63
Binary files /dev/null and b/cases_compare/den.zip differ
diff --git a/cases_compare/den_f1.hq b/cases_compare/den_f1.hq
new file mode 100644
index 00000000..b2115419
--- /dev/null
+++ b/cases_compare/den_f1.hq
@@ -0,0 +1,8 @@
+forall A. exists B. exists C.
+G(
+ (*debits_amount[A]=debits_amount[B]*)
+ /\
+ (*debits_amount[A]=debits_amount[C]*)
+ /\
+ ~(*init_balance[B]=init_balance[C]*)
+)
diff --git a/cases_compare/den_f2.hq b/cases_compare/den_f2.hq
new file mode 100644
index 00000000..ff4d7aef
--- /dev/null
+++ b/cases_compare/den_f2.hq
@@ -0,0 +1,8 @@
+forall A. exists B. exists C.
+G(
+ (*debits_amount*_A=*debits_amount*_B)
+ &
+ (*debits_amount*_A=*debits_amount*_C)
+ &
+ !(*init_balance*_B=*init_balance*_C)
+)
diff --git a/cases_compare/den_small.smv b/cases_compare/den_small.smv
new file mode 100644
index 00000000..16eef935
--- /dev/null
+++ b/cases_compare/den_small.smv
@@ -0,0 +1,52 @@
+MODULE main
+ VAR
+ init_balance: 0..10;
+ debits_amount: 1..5;
+ PC: 1..6;
+ num_itr: 0..11;
+ halt: boolean;
+ ASSIGN
+ -- Initial Conditions
+ init(init_balance):= {0,1,2,3,4,5,6,7,8,9,10};
+ init(debits_amount) := {1,2,3,4,5};
+ init(num_itr):= 0;
+ init(PC):= 1; -- but program counter starts at 1.
+ init(halt) := FALSE;
+
+ -- Transition Relations
+ next(init_balance) :=
+ case
+ ((PC=3) & (init_balance - debits_amount > 0)): (init_balance - debits_amount);
+ TRUE: init_balance;
+ esac;
+
+ next(debits_amount) :=
+ case
+ TRUE: debits_amount;
+ esac;
+
+ next(num_itr) :=
+ case
+ (PC=4): num_itr;
+ TRUE: num_itr;
+ esac;
+
+ next(PC) :=
+ case
+ (PC=1): 2; -- num_itr = 0
+ ((PC=2) & (init_balance>debits_amount)): 3; -- while (init_balance >= debits amount)
+ ((PC=2) & (init_balance<=debits_amount)): 5;
+ (PC=3): 4; -- init_balance -= debits_amount
+ (PC=4): 2; -- num_itr += 1
+ (PC=5): 6; -- Return num_itr += 1
+ (PC=6): 6; -- (END)
+ TRUE: PC;
+ esac;
+
+ next(halt) :=
+ case
+ (PC=6): TRUE;
+ TRUE: halt;
+ esac;
+
+DEFINE
diff --git a/cases_compare/mapsynth2.zip b/cases_compare/mapsynth2.zip
new file mode 100644
index 00000000..6f6b8cfa
Binary files /dev/null and b/cases_compare/mapsynth2.zip differ
diff --git a/cases_compare/msynth2_MA.smv b/cases_compare/msynth2_MA.smv
new file mode 100644
index 00000000..bcaa15ae
--- /dev/null
+++ b/cases_compare/msynth2_MA.smv
@@ -0,0 +1,45 @@
+MODULE main
+
+VAR
+ secret: 0..1;
+ Alice_Bob_sec: boolean;
+ Bob_Eve_pub: boolean;
+ Bob_sec: boolean;
+ Eve_secisnotempty: boolean;
+ STATE: 0..6;
+
+ASSIGN
+ -- Initial Conditions
+ init(secret) := {0,1};
+ init(Alice_Bob_sec):= FALSE;
+ init(Bob_Eve_pub):= FALSE;
+ init(Bob_sec):= FALSE;
+ init(Eve_secisnotempty):= FALSE;
+ init(STATE):= 0;
+
+ -- Transition Relations
+ next(secret) := secret;
+
+ next(Alice_Bob_sec) := {TRUE, FALSE};
+ next(Bob_Eve_pub) := {TRUE, FALSE};
+ next(Bob_sec):= {TRUE, FALSE};
+ next(Eve_secisnotempty) := {TRUE, FALSE};
+
+ next(STATE) :=
+ case
+ (STATE=0) : {1, 2};
+ (STATE=1) : {3, 4};
+ (STATE=2) : {2, 1};
+ (STATE=3) : {3, 4};
+ (STATE=4) : {5, 6};
+ TRUE: STATE;
+ esac;
+
+DEFINE
+ VALID := ((STATE=0) -> (!Alice_Bob_sec& !Bob_Eve_pub & !Bob_sec & !Eve_secisnotempty))
+ & ((STATE=1) -> (Alice_Bob_sec & !Bob_Eve_pub & !Bob_sec & !Eve_secisnotempty))
+ & ((STATE=2) -> (!Alice_Bob_sec & Bob_Eve_pub & !Bob_sec & !Eve_secisnotempty))
+ & ((STATE=3) -> (Alice_Bob_sec & !Bob_Eve_pub & Bob_sec & !Eve_secisnotempty))
+ & ((STATE=4) -> (!Alice_Bob_sec & Bob_Eve_pub & Bob_sec & !Eve_secisnotempty))
+ & ((STATE=5) -> (!Alice_Bob_sec & Bob_Eve_pub & Bob_sec & !Eve_secisnotempty & (secret=0)))
+ & ((STATE=6) -> (!Alice_Bob_sec & Bob_Eve_pub & Bob_sec & Eve_secisnotempty & (secret=1)));
diff --git a/cases_compare/msynth2_MB.smv b/cases_compare/msynth2_MB.smv
new file mode 100644
index 00000000..e9869816
--- /dev/null
+++ b/cases_compare/msynth2_MB.smv
@@ -0,0 +1,38 @@
+MODULE main
+
+VAR
+ S_R_sec: boolean;
+ S_R_pub: boolean;
+ R_pub: boolean;
+ R_sec: boolean;
+ STATE: 0..3;
+
+ASSIGN
+ -- Initial Conditions
+ init(S_R_sec):= FALSE;
+ init(S_R_pub):= FALSE;
+ init(R_pub):= FALSE;
+ init(R_sec):= FALSE;
+ init(STATE):= 0;
+
+ -- Transition Relations
+ next(S_R_sec) := {TRUE, FALSE};
+ next(S_R_pub) := {TRUE, FALSE};
+ next(R_pub) := {TRUE, FALSE};
+ next(R_sec) := {TRUE, FALSE};
+
+
+ next(STATE) :=
+ case
+ (STATE=0) : {1, 2};
+ (STATE=1) : {1, 3};
+ (STATE=2) : {2};
+ (STATE=3) : {3};
+ TRUE: STATE;
+ esac;
+
+DEFINE
+ VALID := ((STATE=0) -> (!S_R_sec & !S_R_pub & !R_pub & !R_sec ))
+ & ((STATE=1) -> (!S_R_sec & S_R_pub & R_pub & !R_sec ))
+ & ((STATE=2) -> ( S_R_sec & !S_R_pub & !R_pub & R_sec ))
+ & ((STATE=3) -> ( S_R_sec & !S_R_pub & R_pub & R_sec ));
diff --git a/cases_compare/msynth2_MM.smv b/cases_compare/msynth2_MM.smv
new file mode 100644
index 00000000..3b110be4
--- /dev/null
+++ b/cases_compare/msynth2_MM.smv
@@ -0,0 +1,35 @@
+MODULE main
+
+VAR
+ ABs_SRs: boolean;
+ ABs_SRp: boolean;
+ BEp_SRs: boolean;
+ BEp_SRp: boolean;
+ Bs_Rp: boolean;
+ Bs_Rs: boolean;
+ Es_Rp: boolean;
+ Es_Rs: boolean;
+
+
+ASSIGN
+ -- Initial Conditions is arbitrary in mapping synth
+ init(ABs_SRs) := {TRUE, FALSE};
+ init(ABs_SRp) := {TRUE, FALSE};
+ init(BEp_SRs) := {TRUE, FALSE};
+ init(BEp_SRp) := {TRUE, FALSE};
+ init(Bs_Rp) := {TRUE, FALSE};
+ init(Bs_Rs) := {TRUE, FALSE};
+ init(Es_Rp) := {TRUE, FALSE};
+ init(Es_Rs) := {TRUE, FALSE};
+
+ -- Transition Relations
+ next(ABs_SRs) := ABs_SRs;
+ next(ABs_SRp) := ABs_SRp;
+ next(BEp_SRs) := BEp_SRs;
+ next(BEp_SRp) := BEp_SRp;
+ next(Bs_Rp) := Bs_Rp;
+ next(Bs_Rs) := Bs_Rs;
+ next(Es_Rp) := Es_Rp;
+ next(Es_Rs) := Es_Rs;
+
+DEFINE
diff --git a/cases_compare/msynth2_f1.hq b/cases_compare/msynth2_f1.hq
new file mode 100644
index 00000000..b36864c1
--- /dev/null
+++ b/cases_compare/msynth2_f1.hq
@@ -0,0 +1,27 @@
+exists A. forall B. forall C. exists D. exists E.
+(G (
+ ((ABs_SRs[A]) -> ((Alice_Bob_sec[B]) -> (S_R_sec[C]))) /\
+ ((ABs_SRp[A]) -> ((Alice_Bob_sec[B]) -> (S_R_pub[C]))) /\
+ ((BEp_SRs[A]) -> ((Bob_Eve_pub[B]) -> (S_R_sec[C]))) /\
+ ((BEp_SRp[A]) -> ((Bob_Eve_pub[B]) -> (S_R_pub[C]))) /\
+ ((Bs_Rp[A]) -> ((Bob_sec[B]) -> (R_pub[C]))) /\
+ ((Bs_Rs[A]) -> ((Bob_sec[B]) -> (R_sec[C]))) /\
+ ((Es_Rp[A]) -> ((Eve_secisnotempty[B]) -> (R_pub[C]))) /\
+ ((Es_Rs[A]) -> ((Eve_secisnotempty[B]) -> (R_sec[C])))
+)
+->
+(
+ G (
+ ((ABs_SRs[A]) -> ((Alice_Bob_sec[D]) -> (S_R_sec[E]))) /\
+ ((ABs_SRp[A]) -> ((Alice_Bob_sec[D]) -> (S_R_pub[E]))) /\
+ ((BEp_SRs[A]) -> ((Bob_Eve_pub[D]) -> (S_R_sec[E]))) /\
+ ((BEp_SRp[A]) -> ((Bob_Eve_pub[D]) -> (S_R_pub[E]))) /\
+ ((Bs_Rp[A]) -> ((Bob_sec[D]) -> (R_pub[E]))) /\
+ ((Bs_Rs[A]) -> ((Bob_sec[D]) -> (R_sec[E]))) /\
+ ((Es_Rp[A]) -> ((Eve_secisnotempty[D]) -> (R_pub[E]))) /\
+ ((Es_Rs[A]) -> ((Eve_secisnotempty[D]) -> (R_sec[E])))
+ )
+ /\
+ G ( ~(*secret[B] = secret[D]*) /\ (Eve_secisnotempty[B] <-> Eve_secisnotempty[D]))
+)
+)
diff --git a/cases_compare/msynth2_f2.hq b/cases_compare/msynth2_f2.hq
new file mode 100644
index 00000000..a986718b
--- /dev/null
+++ b/cases_compare/msynth2_f2.hq
@@ -0,0 +1,27 @@
+exists A. forall B. forall C. exists D. exists E.
+(G (
+ ((*ABs_SRs*_A) -> ((*Alice_Bob_sec*_B) -> (*S_R_sec*_C))) &
+ ((*ABs_SRp*_A) -> ((*Alice_Bob_sec*_B) -> (*S_R_pub*_C))) &
+ ((*BEp_SRs*_A) -> ((*Bob_Eve_pub*_B) -> (*S_R_sec*_C))) &
+ ((*BEp_SRp*_A) -> ((*Bob_Eve_pub*_B) -> (*S_R_pub*_C))) &
+ ((*Bs_Rp*_A) -> ((*Bob_sec*_B) -> (*R_pub*_C))) &
+ ((*Bs_Rs*_A) -> ((*Bob_sec*_B) -> (*R_sec*_C))) &
+ ((*Es_Rp*_A) -> ((*Eve_secisnotempty*_B) -> (*R_pub*_C))) &
+ ((*Es_Rs*_A) -> ((*Eve_secisnotempty*_B) -> (*R_sec*_C)))
+)
+->
+(
+ G (
+ ((*ABs_SRs*_A) -> ((*Alice_Bob_sec*_D) -> (*S_R_sec*_E))) &
+ ((*ABs_SRp*_A) -> ((*Alice_Bob_sec*_D) -> (*S_R_pub*_E))) &
+ ((*BEp_SRs*_A) -> ((*Bob_Eve_pub*_D) -> (*S_R_sec*_E))) &
+ ((*BEp_SRp*_A) -> ((*Bob_Eve_pub*_D) -> (*S_R_pub*_E))) &
+ ((*Bs_Rp*_A) -> ((*Bob_sec*_D) -> (*R_pub*_E))) &
+ ((*Bs_Rs*_A) -> ((*Bob_sec*_D) -> (*R_sec*_E))) &
+ ((*Es_Rp*_A) -> ((*Eve_secisnotempty*_D) -> (*R_pub*_E))) &
+ ((*Es_Rs*_A) -> ((*Eve_secisnotempty*_D) -> (*R_sec*_E)))
+ )
+ &
+ G ( !(*secret*_B = *secret*_D) & (*Eve_secisnotempty*_B = *Eve_secisnotempty*_D))
+)
+)
diff --git a/cases_compare/msynth_MA.smv b/cases_compare/msynth_MA.smv
new file mode 100644
index 00000000..dc6c4f54
--- /dev/null
+++ b/cases_compare/msynth_MA.smv
@@ -0,0 +1,38 @@
+MODULE main
+
+VAR
+ atom_p: boolean;
+ atom_q: boolean;
+ PC: 0..3;
+
+ASSIGN
+ -- Initial Conditions
+ init(atom_p):= FALSE;
+ init(atom_q):= FALSE;
+ init(PC) := 0;
+
+ -- Transition Relations
+ next(atom_p) :=
+ case
+ (PC=0): {TRUE, FALSE};
+ (PC=1): {TRUE, FALSE};
+ (PC=2): FALSE;
+ TRUE: atom_p;
+ esac;
+
+ next(atom_q) :=
+ case
+ (PC=0): {TRUE, FALSE};
+ (PC=1): {TRUE, FALSE};
+ (PC=2): FALSE;
+ TRUE: atom_q;
+ esac;
+
+ next(PC) :=
+ case
+ (PC=3): 3;
+ TRUE: PC+1;
+ esac;
+
+DEFINE
+ FAIL := (atom_p & atom_q);
diff --git a/cases_compare/msynth_MB.smv b/cases_compare/msynth_MB.smv
new file mode 100644
index 00000000..6374393e
--- /dev/null
+++ b/cases_compare/msynth_MB.smv
@@ -0,0 +1,39 @@
+MODULE main
+
+VAR
+ atom_r: boolean;
+ atom_s: boolean;
+ PC: 0..3;
+
+ASSIGN
+ -- Initial Conditions
+ init(atom_r):= FALSE;
+ init(atom_s):= FALSE;
+ init(PC) := 0;
+
+ -- Transition Relations
+ next(atom_r) :=
+ case
+ (PC=0): {TRUE, FALSE};
+ (PC=1): FALSE;
+ (PC=2): FALSE;
+ TRUE: atom_r;
+ esac;
+
+ next(atom_s) :=
+ case
+ (PC=0): {TRUE, FALSE};
+ (PC=1): TRUE;
+ (PC=2): FALSE;
+ TRUE: atom_s;
+ esac;
+
+ next(PC) :=
+ case
+ (PC=3): 3;
+ TRUE: PC+1;
+ esac;
+
+
+DEFINE
+ FAIL := (atom_r & atom_s);
diff --git a/cases_compare/msynth_MM.smv b/cases_compare/msynth_MM.smv
new file mode 100644
index 00000000..08f8b9fb
--- /dev/null
+++ b/cases_compare/msynth_MM.smv
@@ -0,0 +1,22 @@
+MODULE main
+
+VAR
+ pr: boolean;
+ ps: boolean;
+ qr: boolean;
+ qs: boolean;
+
+ASSIGN
+ -- Initial Conditions is arbitrary in mapping synth
+ init(pr) := {TRUE, FALSE};
+ init(ps) := {TRUE, FALSE};
+ init(qr) := {TRUE, FALSE};
+ init(qs) := {TRUE, FALSE};
+
+ -- Transition Relations
+ next(pr) := pr;
+ next(ps) := ps;
+ next(qr) := qr;
+ next(qs) := qs;
+
+DEFINE
diff --git a/cases_compare/msynth_f1.hq b/cases_compare/msynth_f1.hq
new file mode 100644
index 00000000..1eaccc68
--- /dev/null
+++ b/cases_compare/msynth_f1.hq
@@ -0,0 +1,22 @@
+exists A. forall B. forall C. exists D. exists E.
+G ((pr[A]/\~ps[A] /\ ~qr[A]/\qs[A]) \/ (~pr[A]/\ps[A] /\ qr[A]/\~qs[A]))
+/\
+(G (
+ ((pr[A]) -> ((atom_p[B]) -> (atom_r[C]))) /\
+ ((ps[A]) -> ((atom_p[B]) -> (atom_s[C]))) /\
+ ((qr[A]) -> ((atom_q[B]) -> (atom_r[C]))) /\
+ ((qs[A]) -> ((atom_q[B]) -> (atom_s[C]))) /\
+ (~FAIL[B] /\ ~FAIL[C])
+)
+->
+(
+ G ( ((pr[A]) -> ((atom_p[D]) -> (atom_r[E]))) /\
+ ((ps[A]) -> ((atom_p[D]) -> (atom_s[E]))) /\
+ ((qr[A]) -> ((atom_q[D]) -> (atom_r[E]))) /\
+ ((qs[A]) -> ((atom_q[D]) -> (atom_s[E]))) /\
+ (~FAIL[D] /\ ~FAIL[E])
+ )
+ /\
+ G ((atom_p[B]) -> (~atom_p[D]))
+)
+)
diff --git a/cases_compare/msynth_f2.hq b/cases_compare/msynth_f2.hq
new file mode 100644
index 00000000..759e163c
--- /dev/null
+++ b/cases_compare/msynth_f2.hq
@@ -0,0 +1,22 @@
+exists A. forall B. forall C. exists D. exists E.
+G ((*pr*_A & !*ps*_A & !*qr*_A & *qs*_A) | (!*pr*_A & *ps*_A & *qr*_A & !*qs*_A))
+&
+(G (
+ ((*pr*_A) -> ((*atom_p*_B) -> (*atom_r*_C))) &
+ ((*ps*_A) -> ((*atom_p*_B) -> (*atom_s*_C))) &
+ ((*qr*_A) -> ((*atom_q*_B) -> (*atom_r*_C))) &
+ ((*qs*_A) -> ((*atom_q*_B) -> (*atom_s*_C))) &
+ (!*FAIL*_B & !*FAIL*_C)
+)
+->
+(
+ G ( ((*pr*_A) -> ((*atom_p*_D) -> (*atom_r*_E))) &
+ ((*ps*_A) -> ((*atom_p*_D) -> (*atom_s*_E))) &
+ ((*qr*_A) -> ((*atom_q*_D) -> (*atom_r*_E))) &
+ ((*qs*_A) -> ((*atom_q*_D) -> (*atom_s*_E))) &
+ (!*FAIL*_D & !*FAIL*_E)
+ )
+ &
+ G ((*atom_p*_B) -> (!*atom_p*_D))
+)
+)
diff --git a/cases_compare/team.smv b/cases_compare/team.smv
new file mode 100644
index 00000000..e8e0746e
--- /dev/null
+++ b/cases_compare/team.smv
@@ -0,0 +1,40 @@
+MODULE main
+VAR
+ x-axis: 0..3;
+ y-axis: 0..3;
+ action: 0..4;
+ASSIGN
+ -- Initial Conditions
+ init(x-axis):= 0;
+ init(y-axis):= 0;
+ init(action):= {0,1,2,3,4};
+
+ -- Transition Relations
+ next(x-axis) :=
+ case
+ (action=4): x-axis;
+ (action=0 | action=1): x-axis;
+ (action=2 & x-axis=0): x-axis;
+ (action=3 & x-axis=3): x-axis;
+ (action=2 & x-axis!=0): x-axis - 1; -- action2: move left
+ (action=3 & x-axis!=3): x-axis + 1; -- action3: move right
+ TRUE: x-axis;
+ esac;
+
+ next(y-axis) :=
+ case
+ (action=4): y-axis;
+ (action=2 | action=3): y-axis;
+ (action=0 & y-axis=0): y-axis;
+ (action=1 & y-axis=3): y-axis;
+ (action=0 & y-axis!=0): y-axis - 1; -- action 0: move down
+ (action=1 & y-axis!=3): y-axis + 1; -- action 1: move up
+ TRUE: y-axis;
+ esac;
+
+ next(action) := {0, 1, 2, 3};
+
+DEFINE
+ STARTED := !((x-axis=0) & (y-axis=0));
+ GOALA := (x-axis=0) & (y-axis=3);
+ GOALB := (x-axis=3) & (y-axis=0);
diff --git a/cases_compare/team_f1.hq b/cases_compare/team_f1.hq
new file mode 100644
index 00000000..15546137
--- /dev/null
+++ b/cases_compare/team_f1.hq
@@ -0,0 +1,2 @@
+exists A. exists B. forall C.
+G(GOALA[A] <-> GOALA[C]) \/ G(GOALB[B] <-> GOALB[C])
diff --git a/cases_compare/team_f2.hq b/cases_compare/team_f2.hq
new file mode 100644
index 00000000..0871166c
--- /dev/null
+++ b/cases_compare/team_f2.hq
@@ -0,0 +1,2 @@
+exists A. exists B. forall C.
+G(*GOALA*_A <-> *GOALA*_C) | G(*GOALB*_B <-> *GOALB*_C)
diff --git a/demo/.DS_Store b/demo/.DS_Store
index 5008ddfc..272b8b7e 100644
Binary files a/demo/.DS_Store and b/demo/.DS_Store differ
diff --git a/demo/cav_running_exp.hq b/demo/cav_running_exp.hq
new file mode 100644
index 00000000..12ac7559
--- /dev/null
+++ b/demo/cav_running_exp.hq
@@ -0,0 +1,2 @@
+forall A. forall B. exists C.
+X(high[A] <-> high[C]) /\ G(low[B]<->low[C])
diff --git a/demo/cav_running_exp.smv b/demo/cav_running_exp.smv
new file mode 100644
index 00000000..6af2bb0a
--- /dev/null
+++ b/demo/cav_running_exp.smv
@@ -0,0 +1,45 @@
+MODULE main
+ VAR
+ low: boolean;
+ high: boolean;
+ halt: boolean;
+ PC: 1..3;
+ ASSIGN
+ -- Initial Conditions
+ init(low) := FALSE;
+ init(high):= FALSE;
+ init(halt):= FALSE;
+ init(PC):=1;
+ -- Transition Relations
+ next(low) :=
+ case
+ (PC=2 & high): TRUE;
+ TRUE: low;
+ esac;
+
+ next(high) :=
+ case
+ (PC=1): {TRUE, FALSE};
+ TRUE: high;
+ esac;
+
+ next(halt) :=
+ case
+ (PC=3): TRUE;
+ TRUE: halt;
+ esac;
+
+ next(PC) :=
+ case
+ (PC<3): PC+1;
+ TRUE: PC;
+ esac;
+
+DEFINE
+ s0 := (!low & !high & !halt & (PC=1));
+ s1 := (!low & high & !halt & (PC=2));
+ s2 := ( low & high & !halt & (PC=3));
+ s3 := (!low & !high & !halt & (PC=2));
+ s4 := (!low & !high & halt & (PC=3));
+ s5 := (!low & !high & halt & (PC=4));
+ s6 := (!low & !high & halt & (PC=4));
diff --git a/demo/linearizability.hq b/demo/lin.hq
similarity index 100%
rename from demo/linearizability.hq
rename to demo/lin.hq
diff --git a/demo/mini.hq b/demo/mini.hq
index 76d5fb14..44eb5121 100644
--- a/demo/mini.hq
+++ b/demo/mini.hq
@@ -1 +1 @@
-exists A. exists B. F(~a[A] \/ ~a[B])
+exists A. exists B. G(a[A] <-> a[B])
diff --git a/demo/mini.smv b/demo/mini.smv
index 1082c029..3704454a 100644
--- a/demo/mini.smv
+++ b/demo/mini.smv
@@ -1,7 +1,7 @@
MODULE main
VAR
a: boolean;
- PC: 1..3;
+ PC: 1..2;
ASSIGN
-- Initial Conditions
init(a):= FALSE;
@@ -11,15 +11,13 @@ MODULE main
next(a) :=
case
(PC=1): {FALSE};
- (PC=2): {FALSE};
- (PC=3): {TRUE, FALSE};
+ (PC=2): {TRUE, FALSE};
TRUE: a;
esac;
next(PC) :=
case
(PC=1): 2;
- (PC=2): 3;
- (PC=3): 3;
+ (PC=2): 2;
TRUE: PC;
esac;
diff --git a/demo/mini_try.hq b/demo/mini_try.hq
new file mode 100644
index 00000000..5c03f4e6
--- /dev/null
+++ b/demo/mini_try.hq
@@ -0,0 +1,2 @@
+exists A. exists B. exists C. forall D.
+F((a[A] <-> a[B]) /\\ (a[C] <-> a[D]))
diff --git a/demo/simple.hq b/demo/simple.hq
index 7198db97..edf7c129 100644
--- a/demo/simple.hq
+++ b/demo/simple.hq
@@ -1 +1 @@
-exists A. exists B. F(~halt[A]/\~halt[B])
+exists A. exists B. G(~halt[A])
diff --git a/demo/simple.smv b/demo/simple.smv
index 561b4103..3822a1e5 100644
--- a/demo/simple.smv
+++ b/demo/simple.smv
@@ -1,9 +1,16 @@
+
+-- 1 high := {true, false}
+-- 2 low := false
+-- 3 if (high):
+-- 4 low := true;
+-- 5 halt
MODULE main
VAR
high: boolean;
low: boolean;
- PC: 1..6;
+ PC: 1..5;
halt: boolean;
+ test: 1..10;
ASSIGN
-- Initial Conditions, here are dummy values.
init(high):= FALSE;
@@ -30,11 +37,11 @@ MODULE main
(PC=3 & high): 4; -- the if-the-else on line 3
(PC=3 & !high): 5; -- the if-the-else on line 3
(PC=4): 5;
- (PC=5): 6;
+ (PC=5): 5;
TRUE: PC;
esac;
next(halt) :=
case
- (PC=6): TRUE;
+ (PC=5): TRUE;
TRUE: halt;
esac;
diff --git a/demo/symmetry.hq b/demo/symmetry.hq
index 512118e7..fc0dab2d 100644
--- a/demo/symmetry.hq
+++ b/demo/symmetry.hq
@@ -1,5 +1,5 @@
forall A. exists B.
-(G(((p1-TOKEN[A] <-> p2-TOKEN[B])
+G(((p1-TOKEN[A] <-> p2-TOKEN[B])
/\(p2-TOKEN[A] <-> p1-TOKEN[B])
/\(*p1_line[A] = p2_line[B]*)
/\(*p2_line[A] = p1_line[B]*))
@@ -10,4 +10,4 @@ forall A. exists B.
/\ ((p2-TOKEN[A] <-> p3-TOKEN[B])
/\(p3-TOKEN[A] <-> p2-TOKEN[B])
/\(*p2_line[A] = p3_line[B]*)
-/\(*p3_line[A] = p2_line[B]*))))
+/\(*p3_line[A] = p2_line[B]*)))
diff --git a/demo/test.hq b/demo/test.hq
new file mode 100644
index 00000000..a0114f97
--- /dev/null
+++ b/demo/test.hq
@@ -0,0 +1,2 @@
+forall A. exists B.
+G((p1-TOKEN[A]<->p2-TOKEN[B])/\(p1-TOKEN[A]<->p2-TOKEN[B]))
diff --git a/demo/tiny.smv b/demo/tiny.smv
new file mode 100644
index 00000000..a45cbc1e
--- /dev/null
+++ b/demo/tiny.smv
@@ -0,0 +1,18 @@
+MODULE main
+ VAR
+ a: boolean;
+ b: boolean;
+ ASSIGN
+ -- Initial Conditions
+ init(a):= FALSE;
+ init(b):= TRUE;
+
+ -- Transition Relations
+ next(a) :=
+ case
+ TRUE: a;
+ esac;
+ next(b) :=
+ case
+ TRUE: b;
+ esac;
diff --git a/dummy.hq b/dummy.hq
deleted file mode 100644
index 13171020..00000000
--- a/dummy.hq
+++ /dev/null
@@ -1 +0,0 @@
-exists A. forall B. F(~halt[A])
diff --git a/exec/genqbf_v5 b/exec/genqbf_v5
new file mode 100755
index 00000000..b7b7d017
Binary files /dev/null and b/exec/genqbf_v5 differ
diff --git a/exec/multi_model_parser.py b/exec/model_parser.py
similarity index 50%
rename from exec/multi_model_parser.py
rename to exec/model_parser.py
index 85605a8a..1899ff33 100644
--- a/exec/multi_model_parser.py
+++ b/exec/model_parser.py
@@ -38,12 +38,11 @@
# little helpe methods #
#########################
-
## Logical operators ##
NOT = "~"
AND = "/\\"
OR = "\\/"
-IMPLIES = " -> "
+IMPLIES = "->"
IFF = "<->"
NEXT = "'"
@@ -201,7 +200,8 @@ def conjunct_trans(list):
return output + list[len(list)-1]
def trans(pre, post):
- return "(("+pre+")"+IMPLIES+"("+post+"))"
+ # return "(("+pre+")"+IMPLIES+"("+post+"))"
+ return "(~("+pre+")"+OR+"("+post+"))"
@@ -226,7 +226,8 @@ def binary_eq(var_l, var_r, num_bits):
left = var_l[0] + "_"+str(i) +"_"+var_l[1]
right = var_r[0] + "_"+str(i) +"_"+var_r[1]
# print(left + " <-> " + right)
- result.append("("+left + IFF + right+")")
+ # result.append("("+left + IFF + right+")")
+ result.append("((~"+left + OR + right+")/\\(~" + right + OR + left + "))");
return conjunct(result)
def binary_assign(var, num, bitblasting_dict):
@@ -264,9 +265,9 @@ def main_parse(smv_file_name, bitblasting_dict, parsed_madel_file_I_name, parsed
# print("FSM Model info:")
# print("\n============ Parse M1 ============")
state_variables = list(enc.stateVars)
- print("All state variables: ", state_variables)
+ # print("all state variables: ", state_variables)
num_states = fsm.count_states(fsm.reachable_states)
- # print("Total number of reachable states: ", num_states)
+ # print("total number of reachable states: ", num_states)
# inputs = list(enc.inputsVars)
# print("input variables", inputs)
# atomics = list(enc.definedVars)
@@ -358,11 +359,11 @@ def main_parse(smv_file_name, bitblasting_dict, parsed_madel_file_I_name, parsed
# print(fsm.pick_all_states(fsm.reachable_states))
R_bool = open(parsed_madel_file_R_name, "w")
for state in fsm.pick_all_states(fsm.reachable_states):
+ if (counter!=0):
+ R_bool.write(AND + "\n")
+
transitions = []
curr = state.get_str_values()
- # print('from')
- # print(curr)
- # print('to')
post_list = [] # list of all next states
for post_state in fsm.pick_all_states(fsm.post(state)):
post = post_state.get_str_values()
@@ -372,13 +373,15 @@ def main_parse(smv_file_name, bitblasting_dict, parsed_madel_file_I_name, parsed
R_bool.write(trans(getDictAP(curr, bitblasting_dict), disjunct(post_list)))
counter = counter+1
# R_bool.write(conjunct_trans(transitions))
- R_bool.write(AND + "\n")
+
+ # R_bool.write("TRUE"); ##DUMMY
+ # R_bool.replace(AND + "\n" + TRUE, "")
+
## write to R_bool file
# R_bool = open("test_R.bool", "w")
- R_bool.write("TRUE"); ##DUMMY
# R_bool.write(conjunct_trans(all_transitions))
- print("Total number of transtitions: " + str(counter) + "\n")
+ print("total number of states: " + str(counter))
R_bool.close()
@@ -394,7 +397,7 @@ def main_formula(fomula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, tra
for line in Lines:
if ("#" not in line):
text += line
- print("user input formula: "+text)
+ # print("user input formula: "+text)
## detect the optional flag
@@ -410,7 +413,7 @@ def main_formula(fomula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, tra
# get all tid after all the quantifiers
tid_list = re.findall("[a-z, A-Z]\.", text)
# fornow, genQBF suppots two quantifiers, subsitute all [...] into _...
- characters = ["_A", "_B"]
+ characters = ["_A", "_B", "_C", "_D", "_E", "_F", "_G", "_H", "_I", "_J", "_K", "_L", "_M", "_N", "_O", "_P", "_Q", "_R", "_S", "_T", "_U", "_V", "_W", "_X", "_Y", "_Z"]
for i in range(len(tid_list)):
tid = tid_list[i].replace(".","")
text = re.sub("\["+tid+"\]", characters[i], text)
@@ -419,10 +422,21 @@ def main_formula(fomula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, tra
## make '!' as "~" for genqbf
text = text.replace("!","~")
+ iff_ops = re.findall("\(.*?<->.*?\)", text)
+ for op in iff_ops:
+ convert_iff = ""
+ op = op.replace("(", "")
+ op = op.replace(")", "")
+ op = op.replace(" ", "")
+ vars = op.split("<->")
+ # print(op)
+ convert_iff = "((~" + vars[0] + OR + vars[1] + ")/\\" + "(~" + vars[1] + OR + vars[0] + "))";
+ # print(convert_iff)
+ text = text.replace(op, convert_iff)
+ # print(text)
-
-
+ ## parse arith
arith_ops = re.findall("\*.*?\*", text)
for op in arith_ops:
blasted = ""
@@ -437,8 +451,6 @@ def main_formula(fomula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, tra
var_l = str(vars[0]).rsplit('_', 1)
var_r = str(vars[1]).rsplit('_', 1)
- # print(var_l)
- # print(var_r)
if (var_l[0].isdigit() and var_r[0].isdigit()):
print("[ error! arithmetic operation is not correctly constructed. ]")
@@ -481,30 +493,51 @@ def main_formula(fomula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, tra
# read quantifier selection, store in QS.hq
- QUANTIFIER_1 = text.split(" ", 0)
- Quants=""
- if (re.findall("exists.*?exists.*?", text)):
- Quants="QS=EE"
- if(To_Negate_formula):
- Quants="QS=AA"
- elif (re.findall("forall.*?forall.*?", text)):
- Quants="QS=AA"
- if(To_Negate_formula):
- Quants="QS=EE"
- elif (re.findall("exists.*?forall.*?", text)):
- Quants="QS=EA"
- if(To_Negate_formula):
- Quants="QS=AE"
- elif (re.findall("forall.*?exists.*?", text)):
- Quants="QS=AE"
- if(To_Negate_formula):
- Quants="QS=EA"
- else:
- print("[ error: invald format of quantifiers and path variables. ]")
- print("correct format {exists, forall} {var1_name}. {exists, forall} {var2_name}. ")
+ Quants="QS="
-
- QS = open("QS.bool", "w")
+ for char in text:
+ if (char == 'f'):
+ # print("forall")
+ if(To_Negate_formula):
+ Quants+="E"
+ else:
+ Quants+="A"
+ elif(char == 'e'):
+ # print("exists")
+ if(To_Negate_formula):
+ Quants+="A"
+ else:
+ Quants+="E"
+ elif(char == '('):
+ break;
+
+ # THH: update, arbitrary quantifiers
+ # QUANTIFIER_1 = text.split(" ", 0)
+ # Quants=""
+ # if (re.findall("exists.*?exists.*?", text)):
+ # Quants="QS=EE"
+ # if(To_Negate_formula):
+ # Quants="QS=AA"
+ # elif (re.findall("forall.*?forall.*?", text)):
+ # Quants="QS=AA"
+ # if(To_Negate_formula):
+ # Quants="QS=EE"
+ # elif (re.findall("exists.*?forall.*?", text)):
+ # Quants="QS=EA"
+ # if(To_Negate_formula):
+ # Quants="QS=AE"
+ # elif (re.findall("forall.*?exists.*?", text)):
+ # Quants="QS=AE"
+ # if(To_Negate_formula):
+ # Quants="QS=EA"
+ # # elif (re.findall("f"))
+ # else:
+ # print("????")
+ # print("[ error: invald format of quantifiers and path variables. ]")
+ # print("correct format {exists, forall} {var1_name}. {exists, forall} {var2_name}. ")
+
+
+ QS = open(QS_file_name, "w")
QS.write(Quants)
QS.close()
# clea up quantifiers
@@ -522,11 +555,15 @@ def main_formula(fomula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, tra
text= "~("+ text + ")"
### finally
- print("parsed formula: " + text)
+ # print("user input formula: "+text)
+ # print("parsed formula: " + text)
# def gen_P():
## write to R_bool file
P_bool = open(translated_formula_file_name , "w")
+ text = text.replace(' ', '').replace('\t', '').replace('\n', '')
+
+
P_bool.write(text)
P_bool.close()
# gen_P()
@@ -537,11 +574,10 @@ def main_formula(fomula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, tra
-
#########################
# Get Arguments #
#########################
-# print('???????????????')
+
M1_smv_file_name = sys.argv[1]
M1_parsed_madel_file_I_name = sys.argv[2]
M1_parsed_madel_file_R_name = sys.argv[3]
@@ -552,18 +588,19 @@ def main_formula(fomula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, tra
fomula_file_name = sys.argv[7]
translated_formula_file_name = sys.argv[8]
+QS_file_name = sys.argv[9]
FLAG = ""
-if(len(sys.argv)==10):
- FLAG = sys.argv[9]
+if(len(sys.argv)==11):
+ FLAG = sys.argv[10]
To_Negate_formula=(FLAG=="" or FLAG=="-bughunt")
-#########################
-# Main Driver #
-#########################
-print("\n============ Translate NuSMV Model(s) ============")
+#################
+# Main #
+#################
+print("\ntranslating SMV model(s)...")
pynusmv.init.init_nusmv()
M1_bitblasting_dict = {}
main_parse(M1_smv_file_name, M1_bitblasting_dict, M1_parsed_madel_file_I_name, M1_parsed_madel_file_R_name)
@@ -574,479 +611,5 @@ def main_formula(fomula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, tra
main_parse(M2_smv_file_name, M2_bitblasting_dict, M2_parsed_madel_file_I_name, M2_parsed_madel_file_R_name)
-print("\n============ Translate HyperLTL Formula ============")
+print("\ntranslating HyperLTL formula...")
main_formula(fomula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, translated_formula_file_name)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-#
-# print("\n============ Read SMV Model M1 ============")
-# #########################
-# # Model Initialization #
-# #########################
-# pynusmv.init.init_nusmv()
-# pynusmv.glob.load_from_file(M1_smv_file_name)
-# pynusmv.glob.compute_model()
-# fsm = pynusmv.glob.prop_database().master.bddFsm
-# enc = fsm.bddEnc
-#
-# print("\n[ success! SMV model M1 accepted. ]")
-#
-# # ### DEBUG
-# # print("====================================")
-# # print("FSM Model info:")
-# # print("\n============ Parse M1 ============")
-# state_variables = list(enc.stateVars)
-# print("All state variables: ", state_variables)
-# num_states = fsm.count_states(fsm.reachable_states)
-# print("Total number of reachable states: ", num_states)
-# # inputs = list(enc.inputsVars)
-# # print("input variables", inputs)
-# # atomics = list(enc.definedVars)
-# # print("atomic propositions", atomics)
-#
-#
-# ############################
-# # bit-blasting dictionary #
-# ############################
-# M1_bitblasting_dict = {}
-# # build bitblasting_dict
-# smv_file = open(M1_smv_file_name, 'r')
-# lines = smv_file.readlines()
-# for line in lines:
-# # print(line)
-# if(re.findall("\.\.", line)):
-# # line = line.split("--") #remove comments
-# line = line.split("--", 1)[0].replace("\t","") #remove tail comments
-# # print(line.isspace())
-# line = line.strip()
-# if (line): # if it's not empty
-# key = re.findall(".*:", line)[0].replace(":","")
-# num = re.findall("[\d]*;", line)[0].replace(";","")
-# # print(line)
-# # print(key)
-# # print(num)
-# value = int(num).bit_length()
-# # bitblasting_dict[key] = value
-# for var in state_variables:
-# if(key.replace(" ", "") in var):
-# M1_bitblasting_dict[var] = value
-# # TODO: new data type: unsigned word
-# elif(re.findall("unsigned word", line)):
-# line = line.split("--", 1)[0].replace("\t","") #remove comments
-# # print(line)
-# if (line): # if it's not empty
-# key = re.split("unsigned", line)[0].replace(":","")
-# num_bits = re.split("word", line)[1].replace("[","").replace("]","")
-# # print(key)
-# # print(num_bits)
-# for var in state_variables:
-# if(key.replace(" ", "") in var):
-# M1_bitblasting_dict[var] = int(num_bits.replace("\n","").replace(";",""))
-#
-# print("Dictionary for bit-blasting variables in M1 (number of bits needed for each): ")
-# print(M1_bitblasting_dict)
-#
-#
-#
-#
-# ###################################
-# # Initial Condition Construction #
-# ###################################
-# def gen_I():
-# init_states = []
-# for state in fsm.pick_all_states(fsm.init):
-# init_conditions = []
-# dictionary = state.get_str_values()
-# for ap in dictionary:
-# value = dictionary[ap]
-# # print(value)
-# if(isBoolean(value)):
-# init_conditions.append(assignBool(ap, dictionary,))
-# elif(isNumber(value)):
-# init_conditions.append(assignBin(ap, dictionary, M1_bitblasting_dict))
-# # TODO: new data type: unsigned word
-# elif("0ud" in value):
-# dictionary[ap] = re.split("_", value)[1]
-# init_conditions.append(assignBin(ap, dictionary, M1_bitblasting_dict))
-# else:
-# init_conditions.append(assignVal(ap, dictionary, M1_bitblasting_dict))
-# init_states.append(conjunct(init_conditions))
-# ## write to I_bool file
-# I_bool = open(M1_parsed_madel_file_I_name, "w")
-# I_bool.write(disjunct(init_states))
-# I_bool.close()
-#
-#
-# #####################################
-# # Transition Relation Construction #
-# #####################################
-#
-# ### try to fix oveflow issue
-# def gen_R():
-# counter = 0;
-# all_transitions = []
-# R_bool = open(M1_parsed_madel_file_R_name, "w")
-# for state in fsm.pick_all_states(fsm.reachable_states):
-# transitions = []
-# curr = state.get_str_values()
-# # print('from')
-# # print(curr)
-# # print('to')
-# post_list = [] # list of all next states
-# for post_state in fsm.pick_all_states(fsm.post(state)):
-# post = post_state.get_str_values()
-# # print(post)
-# post_list.append(getNextDictAP(post, M1_bitblasting_dict))
-# transitions.append(trans(getDictAP(curr, M1_bitblasting_dict), disjunct(post_list)))
-# R_bool.write(trans(getDictAP(curr, M1_bitblasting_dict), disjunct(post_list)))
-# counter = counter+1
-# # R_bool.write(conjunct_trans(transitions))
-# R_bool.write(AND + "\n")
-#
-# ## write to R_bool file
-# # R_bool = open("test_R.bool", "w")
-# R_bool.write("TRUE"); ##DUMMY
-# # R_bool.write(conjunct_trans(all_transitions))
-# print("Total number of transtitions: " + str(counter) + "\n")
-# R_bool.close()
-#
-# ## DEBUG
-# # print("\n--------------------")
-# # print("transition relations")
-# # print("--------------------")
-# # print(conjunct_trans(all_transitions))
-#
-# ### for DEBUG
-# # print("initial state")
-# # print(fsm.count_states(fsm.init))
-# # for state in fsm.pick_all_states(fsm.init):
-# # print(state.get_str_values())
-# #
-# # print("all reachable state")
-# # print(fsm.count_states(fsm.reachable_states))
-# # for state in fsm.pick_all_states(fsm.reachable_states):
-# # print(state.get_str_values())
-# #
-# # print("pre-post condition")
-# # for state in fsm.pick_all_states(fsm.reachable_states):
-# # print("post conditions of ", state.get_str_values() )
-# # for post_cond in fsm.pick_all_states(fsm.post(state)):
-# # print(post_cond.get_str_values())
-#
-#
-#
-#
-# # generating files for genQBF
-# gen_I()
-# gen_R()
-# print("\n[ success! SMV model M1 parsed into Boolean Expressions: " + M1_parsed_madel_file_I_name + M1_parsed_madel_file_R_name+"]")
-#
-#
-#
-#
-#
-#
-# print("\n============ Read SMV Model M2 ============")
-# #########################
-# # Model Initialization #
-# #########################
-# # RESET PUNUSMV and init it again.
-# pynusmv.init.deinit_nusmv()
-# pynusmv.init.init_nusmv()
-# pynusmv.glob.load_from_file(M2_smv_file_name)
-# pynusmv.glob.compute_model()
-# fsm = pynusmv.glob.prop_database().master.bddFsm
-# enc = fsm.bddEnc
-#
-# print("\n[ success! SMV model M2 accepted. ]")
-#
-# ## print("FSM Model info:")
-# print("\n============ Parse M2 ============")
-# state_variables = list(enc.stateVars)
-# print("All state variables: ", state_variables)
-# num_states = fsm.count_states(fsm.reachable_states)
-# print("Total number of reachable states: ", num_states)
-# # inputs = list(enc.inputsVars)
-# # print("input variables", inputs)
-# # atomics = list(enc.definedVars)
-# # print("atomic propositions", atomics)
-#
-#
-# ############################
-# # bit-blasting dictionary #
-# ############################
-# M2_bitblasting_dict = {}
-# # build bitblasting_dict
-# smv_file = open(M2_smv_file_name, 'r')
-# lines = smv_file.readlines()
-# for line in lines:
-# # print(line)
-# if(re.findall("\.\.", line)):
-# line = line.split("--", 1)[0].replace("\t","") #remove comments
-# # print(line)
-# line = line.strip()
-# if (line): # if it's not empty
-# key = re.findall(".*:", line)[0].replace(":","")
-# num = re.findall("[\d]*;", line)[0].replace(";","")
-# # print(line)
-# # print(key)
-# # print(num)
-# value = int(num).bit_length()
-#
-# # bitblasting_dict[key] = value
-# for var in state_variables:
-# if(key.replace(" ", "") in var):
-# M2_bitblasting_dict[var] = value
-# # TODO: new data type: unsigned word
-# elif(re.findall("unsigned word", line)):
-# line = line.split("--", 1)[0].replace("\t","") #remove comments
-# # print(line)
-# if (line): # if it's not empty
-# key = re.split("unsigned", line)[0].replace(":","")
-# num_bits = re.split("word", line)[1].replace("[","").replace("]","")
-# # print(key)
-# # print(num_bits)
-# for var in state_variables:
-# if(key.replace(" ", "") in var):
-# M2_bitblasting_dict[var] = int(num_bits.replace("\n","").replace(";",""))
-#
-# print("Dictionary for bit-blasting variables in M1 (number of bits needed for each): ")
-# print(M2_bitblasting_dict)
-#
-#
-#
-#
-# ###################################
-# # Initial Condition Construction #
-# ###################################
-# def gen_I():
-# init_states = []
-# for state in fsm.pick_all_states(fsm.init):
-# init_conditions = []
-# dictionary = state.get_str_values()
-# for ap in dictionary:
-# value = dictionary[ap]
-# # print(value)
-# if(isBoolean(value)):
-# init_conditions.append(assignBool(ap, dictionary,))
-# elif(isNumber(value)):
-# init_conditions.append(assignBin(ap, dictionary, M2_bitblasting_dict))
-# # TODO: new data type: unsigned word
-# elif("0ud" in value):
-# dictionary[ap] = re.split("_", value)[1]
-# init_conditions.append(assignBin(ap, dictionary, M2_bitblasting_dict))
-# else:
-# init_conditions.append(assignVal(ap, dictionary, M2_bitblasting_dict))
-# init_states.append(conjunct(init_conditions))
-# ## write to I_bool file
-# I_bool = open(M2_parsed_madel_file_I_name, "w")
-# I_bool.write(disjunct(init_states))
-# I_bool.close()
-#
-#
-# #####################################
-# # Transition Relation Construction #
-# #####################################
-#
-# ### try to fix oveflow issue
-# def gen_R():
-# counter = 0;
-# all_transitions = []
-# R_bool = open(M2_parsed_madel_file_R_name, "w")
-# for state in fsm.pick_all_states(fsm.reachable_states):
-# transitions = []
-# curr = state.get_str_values()
-# # print('from')
-# # print(curr)
-# # print('to')
-# post_list = [] # list of all next states
-# for post_state in fsm.pick_all_states(fsm.post(state)):
-# post = post_state.get_str_values()
-# # print(post)
-# post_list.append(getNextDictAP(post, M2_bitblasting_dict))
-# transitions.append(trans(getDictAP(curr, M2_bitblasting_dict), disjunct(post_list)))
-# R_bool.write(trans(getDictAP(curr, M2_bitblasting_dict), disjunct(post_list)))
-# counter=counter+1
-# # R_bool.write(conjunct_trans(transitions))
-# R_bool.write(AND + "\n")
-#
-# ## write to R_bool file
-# # R_bool = open("test_R.bool", "w")
-# R_bool.write("TRUE"); ##DUMMY
-# # R_bool.write(conjunct_trans(all_transitions))
-# print("Total number of transtitions: " + str(counter) + "\n")
-# R_bool.close()
-#
-# ## DEBUG
-# # print("\n--------------------")
-# # print("transition relations")
-# # print("--------------------")
-# # print(conjunct_trans(all_transitions))
-#
-#
-#
-#
-#
-#
-#
-#
-#
-#
-#
-#
-# ### for DEBUG
-# # print("initial state")
-# # print(fsm.count_states(fsm.init))
-# # for state in fsm.pick_all_states(fsm.init):
-# # print(state.get_str_values())
-# #
-# # print("all reachable state")
-# # print(fsm.count_states(fsm.reachable_states))
-# # for state in fsm.pick_all_states(fsm.reachable_states):
-# # print(state.get_str_values())
-# #
-# # print("pre-post condition")
-# # for state in fsm.pick_all_states(fsm.reachable_states):
-# # print("post conditions of ", state.get_str_values() )
-# # for post_cond in fsm.pick_all_states(fsm.post(state)):
-# # print(post_cond.get_str_values())
-#
-#
-#
-#
-# # generating files for genQBF
-# gen_I()
-# gen_R()
-# print("\n[ success! SMV model M2 parsed into Boolean Expressions: " + M2_parsed_madel_file_I_name + M2_parsed_madel_file_R_name+"]")
-#
-#
-#
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-# --------------------------------------------------------
-
-###############
-# (Not using) #
-###############
-# def remove_spaces(s):
-# return s.replace("\n","")
-#
-# def format_str(s):
-# return ((s.replace(".", "_")).replace("!","~")).replace("&","/\\").replace("|","\/")
-#
-# def format_next_str(s):
-# return "(" + format_str(s).replace("next","").replace("(","").replace(")","") + "')"
-#
-# def format_post(post):
-# post_lst = post.split()
-# for i in range(len(post_lst)):
-# if("next" in post_lst[i]):
-# post_lst[i] = format_next_str(post_lst[i])
-# return format_str(' '.join(str(x) for x in post_lst))
-#
-# def format_trans(tr):
-# if (tr is ''):
-# return ""
-# if (":" not in tr):
-# return format_next_str(tr)
-# tr = tr.split(":")
-# pre = format_str(tr[0])
-# post = format_post(tr[1])
-# return trans(pre, post)
-
-
-
-
-### TBD: have grammars like MCHyper or EAHyper?
-# def gen_P():
-# print("\n-------------")
-# print("property")
-# print("-------------")
-#
-# propDB = pynusmv.glob.prop_database()
-# print(propDB.get_prop_at_index(0).expr)
-# ltl_string = str(propDB.get_prop_at_index(0).expr)
-#
-# spec = Node.from_ptr(parse_ltl_spec(ltl_string))
-# #1
-# prop_wff = Wff(parse_ltl_spec(ltl_string)).to_boolean_wff()
-# print("NNF LTL formula:" )
-# # print(prop_wff.to_negation_normal_form())
-# prop_str = str(prop_wff.to_negation_normal_form())
-# print(format_str(prop_str))
-# P_bool = open("test_P.bool", "w")
-# P_bool.write(format_str(prop_str))
-# # print(model_sus(format_str(prop_str), "_A"))
-# #2: negation
-# # prop_wff2 = bmcutils.make_negated_nnf_boolean_wff(spec)
-# # print("Negatedformula:" )
-# # print(prop_wff2)
-# P_bool.close()
diff --git a/exec/parser.py b/exec/parser.py
new file mode 100755
index 00000000..99e62338
--- /dev/null
+++ b/exec/parser.py
@@ -0,0 +1,612 @@
+import sys
+import pynusmv
+import string
+import re
+import os.path
+import os
+from os import path
+from pynusmv.model import *
+from pynusmv.fsm import BddTrans
+from pynusmv.fsm import BddEnc
+from pynusmv.fsm import BddFsm
+from pynusmv.fsm import SymbTable
+from pynusmv import prop
+from pynusmv.mc import check_ctl_spec
+from pynusmv.mc import check_ltl_spec
+from pynusmv.bmc import *
+from pynusmv import node
+from pynusmv import glob
+from pynusmv.glob import *
+from pynusmv.bmc import glob as bmcGlob
+from pynusmv.node import *
+from pynusmv.parser import parse_ltl_spec
+from pynusmv.bmc.utils import DumpType , BmcModel
+from pynusmv.be.expression import Be
+from pynusmv.bmc.glob import go_bmc, bmc_exit, master_be_fsm, BmcSupport
+from pynusmv.bmc.invarspec import *
+from pynusmv.utils import StdioFile
+from pynusmv.wff import Wff
+from pynusmv.be.encoder import BeEnc
+from pynusmv.be.fsm import BeFsm
+from pynusmv.prop import PropDb
+from pynusmv.bmc import utils as bmcutils
+from pynusmv.be.manager import BeManager
+from pynusmv.sexp.fsm import *
+
+
+
+#########################
+# little helpe methods #
+#########################
+
+## Logical operators ##
+NOT = "~"
+AND = "/\\"
+OR = "\\/"
+IMPLIES = "->"
+IFF = "<->"
+NEXT = "'"
+
+
+
+#################
+# remove stuff #
+#################
+
+## TBD: can we have the name includes dot in genQBF? ##
+def remove_dot(s):
+ s = s.replace(".", "-")
+ return s
+########################################################
+
+############################
+# Check type of variables #
+############################
+
+## value is boolean ##
+def isBoolean(key):
+ return ((key == 'TRUE') or (key == 'FALSE'))
+
+## if values is digits ##
+def isNumber(key):
+ return key.isdigit()
+
+
+###################################
+# Initial Condition Construction #
+###################################
+
+## assign a boolean value to a variable key ##
+def assignBool(key, dict):
+ var_name = remove_dot(key)
+ if (dict[key] == 'TRUE'):
+ return var_name
+ else:
+ return NOT+var_name
+
+## assign a digit value to a variable key ##
+def assignBin(key, dict, bitblasting_dict):
+ bits = []
+ var_name = remove_dot(key)
+
+ # num_bits = bitblasting_dict[key]
+ num_bits = bitblasting_dict[key]
+ binary = format(int(dict[key]), '0'+str(num_bits)+'b').replace("0b", "")
+ counter = num_bits-1
+ for b in binary:
+ if (b == '1'):
+ bits.append(var_name+"_"+str(counter))
+ else:
+ bits.append(NOT+var_name+"_"+str(counter))
+ counter-=1
+ return conjunct(bits)
+
+## assign a bool variable value to a variable key ##
+def assignVal(key, dict):
+ var_name = remove_dot(key)
+ return var_name+IFF+dict[key]
+
+
+
+#####################################
+# Transition Relation Construction #
+#####################################
+
+
+# print out all atomic propositions in dict
+## All AP values in the current state ##
+def getDictAP(dict, bitblasting_dict):
+ all_ap = []
+ for ap in dict:
+ value = dict[ap]
+ if(isBoolean(value)):
+ all_ap.append(assignBool(ap, dict))
+ elif(isNumber(value)):
+ all_ap.append(assignBin(ap, dict, bitblasting_dict))
+ else:
+ name = remove_dot(ap)
+ all_ap.append(name+IFF+dict[ap])
+ return conjunct(all_ap)
+
+## All AP values in the post state ##
+def getNextDictAP(dict, bitblasting_dict):
+ all_ap = []
+ for ap in dict:
+ value = dict[ap]
+ if(isBoolean(value)):
+ all_ap.append(assignNextBool(ap, dict))
+ elif(isNumber(value)):
+ all_ap.append(assignNextBin(ap, dict, bitblasting_dict))
+ else:
+ all_ap.append(assignNextVal(ap, dict))
+ return conjunct(all_ap)
+
+## All AP values in the post state ##
+def assignNextBin(key, dict, bitblasting_dict):
+ bits = []
+ name = remove_dot(key)
+ num_bits = bitblasting_dict[key]
+ binary = format(int(dict[key]),'0'+str(num_bits)+'b').replace("0b", "")
+ counter = num_bits-1
+ for b in binary:
+ if (b == '1'):
+ bits.append(name+"_"+str(counter)+NEXT)
+ else:
+ bits.append(NOT+name+"_"+str(counter)+NEXT)
+ counter-=1
+ return conjunct(bits)
+
+def assignNextBool(key, dict):
+ var_name = remove_dot(key)
+ if (dict[key] == 'TRUE'):
+ return var_name+NEXT
+ else:
+ return NOT+var_name+NEXT
+
+def assignNextVal(key, dict):
+ var_name = remove_dot(key)
+ return var_name+NEXT+IFF+dict[key]+NEXT
+
+
+####################################
+# Logical Expression Construction #
+####################################
+## conjunct of all element in a list ##
+def conjunct(list):
+ if(len(list) == 1):
+ return list[0]
+ output = ""
+ for i in range(len(list)-1):
+ output += list[i] + AND
+ return "(" + output + list[len(list)-1] + ")"
+
+## disjunct of all element in a list ##
+def disjunct(list):
+ if(len(list) == 1):
+ return list[0]
+ output = ""
+ for i in range(len(list)-1):
+ output += list[i] + OR
+ return "(" + output + list[len(list)-1] + ")"
+
+def conjunct_trans(list):
+ output = ""
+ for i in range(len(list)-1):
+ output += list[i] + AND + "\n"
+ return output + list[len(list)-1]
+
+def trans(pre, post):
+ # return "(("+pre+")"+IMPLIES+"("+post+"))"
+ return "(~("+pre+")"+OR+"("+post+"))"
+
+
+
+###############################
+# HLTL Property Construction #
+###############################
+### TODO
+def model_sus(str, sus):
+ # str = re.sub('\d', '\d', str)
+ # for ele in str:
+ # if ele.isdigit():
+ # str = str.replace(ele, ele+sus)
+ return str
+
+# bin_eq: two variables matches each bit
+def binary_eq(var_l, var_r, num_bits):
+ # num_bits = bitblasting_dict[var_l[0]]
+ result = []
+ for i in range(num_bits):
+ left = var_l[0] + "_"+str(i) +var_l[1]
+ right = var_r[0] + "_"+str(i) +var_r[1]
+ # print(left + " <-> " + right)
+ # result.append("("+left + IFF + right+")")
+ result.append("((~"+left + OR + right+")/\\(~" + right + OR + left + "))");
+ return conjunct(result)
+
+def binary_assign(var, num, bitblasting_dict):
+ num_bits = bitblasting_dict[var[0]]
+ binary = format(num, '0'+str(num_bits)+'b').replace("0b", "")
+ result = []
+ counter = num_bits-1
+ for b in binary:
+ if (b == '1'):
+ result.append(var[0] + "_"+str(counter) +var[1])
+ else:
+ result.append(NOT+var[0] + "_"+str(counter) +var[1])
+ counter-=1
+ return conjunct(result)
+
+##################
+# Error message #
+##################
+def error_exit(msg):
+ print("\n(!) HyperQB error: ", msg)
+ sys.exit()
+
+
+
+#########################
+# Parse Model #
+#########################
+def main_model_parse(smv_file_name, bitblasting_dict, parsed_madel_file_I_name, parsed_madel_file_R_name, PARSE_INDEX):
+ # pynusmv.init.init_nusmv()
+ pynusmv.glob.load_from_file(smv_file_name)
+ pynusmv.glob.compute_model()
+ fsm = pynusmv.glob.prop_database().master.bddFsm
+ enc = fsm.bddEnc
+ # ### DEBUG
+ # print("====================================")
+ # print("FSM Model info:")
+ # print("\n============ Parse M1 ============")
+ # state_variables = list(enc.stateVars)
+ # print("all state variables: ", state_variables)
+ # num_states = fsm.count_states(fsm.reachable_states)
+ # print("total number of reachable states: ", num_states)
+ # inputs = list(enc.inputsVars)
+ # print("input variables", inputs)
+ # atomics = list(enc.definedVars)
+ # print("atomic propositions", atomics)
+
+ state_variables = list(enc.stateVars)
+ num_states = fsm.count_states(fsm.reachable_states)
+ ############################
+ # bit-blasting dictionary #
+ ############################
+ # bitblasting_dict = {}
+ # build bitblasting_dict
+ smv_file = open(smv_file_name, 'r')
+ lines = smv_file.readlines()
+ for line in lines:
+ # print(line)
+ if(re.findall("\.\.", line)):
+ # line = line.split("--") #remove comments
+ line = line.split("--", 1)[0].replace("\t","") #remove tail comments
+ # print(line.isspace())
+ line = line.strip()
+ if (line): # if it's not empty
+ key = re.findall(".*:", line)[0].replace(":","")
+ num = re.findall("[\d]*;", line)[0].replace(";","")
+ # print(line)
+ # print(key)
+ # print(num)
+ value = int(num).bit_length()
+ # bitblasting_dict[key] = value
+ for var in state_variables:
+ if(key.replace(" ", "") in var):
+ bitblasting_dict[var] = value
+ # TODO: new data type: unsigned word
+ elif(re.findall("unsigned word", line)):
+ line = line.split("--", 1)[0].replace("\t","") #remove comments
+ # print(line)
+ if (line): # if it's not empty
+ key = re.split("unsigned", line)[0].replace(":","")
+ num_bits = re.split("word", line)[1].replace("[","").replace("]","")
+ # print(key)
+ # print(num_bits)
+ for var in state_variables:
+ if(key.replace(" ", "") in var):
+ M1_bitblasting_dict[var] = int(num_bits.replace("\n","").replace(";",""))
+
+ # print("Dictionary for bit-blasting: ")
+ # print(bitblasting_dict)
+
+
+
+
+ ###################################
+ # Initial Condition Construction #
+ ###################################
+ # def gen_I():
+ init_states = []
+ # print(fsm.pick_all_states(fsm.init))
+ for state in fsm.pick_all_states(fsm.init):
+ init_conditions = []
+ dictionary = state.get_str_values()
+ # print(dictionary)
+ for ap in dictionary:
+ value = dictionary[ap]
+ # print(value)
+ if(isBoolean(value)):
+ init_conditions.append(assignBool(ap, dictionary,))
+ elif(isNumber(value)):
+ init_conditions.append(assignBin(ap, dictionary, bitblasting_dict))
+ # TODO: new data type: unsigned word
+ elif("0ud" in value):
+ dictionary[ap] = re.split("_", value)[1]
+ init_conditions.append(assignBin(ap, dictionary, bitblasting_dict))
+ else:
+ init_conditions.append(assignVal(ap, dictionary, bitblasting_dict))
+ init_states.append(conjunct(init_conditions))
+ ## write to I_bool file
+ I_bool = open(parsed_madel_file_I_name, "w")
+ I_bool.write(disjunct(init_states))
+ I_bool.close()
+
+
+ #####################################
+ # Transition Relation Construction #
+ #####################################
+ ### try to fix oveflow issue
+ # def gen_R():
+ counter = 0;
+ all_transitions = []
+ # print(fsm.pick_all_states(fsm.reachable_states))
+ R_bool = open(parsed_madel_file_R_name, "w")
+ for state in fsm.pick_all_states(fsm.reachable_states):
+ if (counter!=0):
+ R_bool.write(AND + "\n")
+
+ transitions = []
+ curr = state.get_str_values()
+ post_list = [] # list of all next states
+ for post_state in fsm.pick_all_states(fsm.post(state)):
+ post = post_state.get_str_values()
+ # print(post)
+ post_list.append(getNextDictAP(post, bitblasting_dict))
+ transitions.append(trans(getDictAP(curr, bitblasting_dict), disjunct(post_list)))
+ R_bool.write(trans(getDictAP(curr, bitblasting_dict), disjunct(post_list)))
+ counter = counter+1
+ # R_bool.write(conjunct_trans(transitions))
+
+ # R_bool.write("TRUE"); ##DUMMY
+ # R_bool.replace(AND + "\n" + TRUE, "")
+
+ ## write to R_bool file
+ # R_bool = open("test_R.bool", "w")
+ # R_bool.write(conjunct_trans(all_transitions))
+ # print(str(counter), ", ")
+ global SUCCESS_OUT
+ SUCCESS_OUT += "|M" + str(PARSE_INDEX) + "|=" + str(counter) + " "
+ R_bool.close()
+
+
+
+##################################
+# HyperLTL Formula Construction #
+##################################
+def main_formula_construct(formula_file_name, dictionaries, translated_formula_file_name, QS_file_name, To_Negate_formula):
+ text = ""
+ file = open(formula_file_name, 'r')
+ Lines = file.readlines()
+ for line in Lines:
+ if ("#" not in line):
+ text += line
+ # print(formula_file_name)
+
+ ### read quantifier selection, store in QS.hq
+ Quants=""
+ for char in text:
+ if (char == 'f'):
+ # print("forall")
+ if(To_Negate_formula):
+ Quants+="E"
+ else:
+ Quants+="A"
+ elif(char == 'e'):
+ # print("exists")
+ if(To_Negate_formula):
+ Quants+="A"
+ else:
+ Quants+="E"
+ elif(char == '('):
+ break;
+ global PARSE_INDEX
+ # error check if num of models and quants conform
+ if (len(Quants) != (PARSE_INDEX)):
+ # print(len(Quants))
+ # print((PARSE_INDEX))
+ error_exit("number of models and number of quantifiers must match.")
+ Quants="QS="+Quants
+ # print(Quants)
+ QS = open(QS_file_name, "w")
+ QS.write(Quants)
+ QS.close()
+
+
+
+
+ # get all tid after all the quantifiers, subsitute all [...] into _...
+ tid_list = re.findall("[a-z, A-Z]\.", text)
+ Mindex = ["_A", "_B", "_C", "_D", "_E", "_F", "_G", "_H", "_I", "_J", "_K", "_L", "_M", "_N", "_O", "_P", "_Q", "_R", "_S", "_T", "_U", "_V", "_W", "_X", "_Y", "_Z"]
+ for i in range(len(tid_list)):
+ tid = tid_list[i].replace(".","")
+ text = re.sub("\["+tid+"\]", Mindex[i], text)
+
+ ## make '!' as "~" for genqbf
+ text = text.replace("!","~")
+
+ ## parse iff operations
+ iff_ops = re.findall("\(.*?<->.*?\)", text)
+ for op in iff_ops:
+ convert_iff = ""
+ op = op.replace("(", "")
+ op = op.replace(")", "")
+ op = op.replace(" ", "")
+ vars = op.split("<->")
+ # print(op)
+ convert_iff = "((~" + vars[0] + OR + vars[1] + ")/\\" + "(~" + vars[1] + OR + vars[0] + "))";
+ # print(convert_iff)
+ text = text.replace(op, convert_iff)
+ # print(text)
+
+ text = text.replace(" ","")
+
+ ## parse arithmetic operations
+ arith_ops = re.findall("\*.*?\*", text)
+
+
+ for op in arith_ops:
+ op = op.replace(" ", "")
+ op = op.replace("*", "")
+ if("!="in op):
+ vars = op.split("!=")
+ else:
+ vars = op.split("=")
+ var_l = str(vars[0]).rsplit('_', 1)
+ var_r = str(vars[1]).rsplit('_', 1)
+
+ blasted = ""
+ if (var_l[0].isdigit() and var_r[0].isdigit()):
+ error_exit("arithmetic operation is not correctly constructed.")
+
+ # case 1: (num)=(var)
+ elif (var_l[0].isdigit()):
+ try:
+ var_r[1] = "_"+var_r[1]
+ blasted = binary_assign(var_r, int(var_l[0]), DICTIONARIES[int(Mindex.index(var_r[1]))])
+ except KeyError as ke:
+ error_exit("incorrect arithmetic assignment. please check:" + str(ke))
+
+ # case 2: (var)=(num)
+ elif (var_r[0].isdigit()):
+ try:
+ var_l[1] = "_"+var_l[1]
+ blasted = binary_assign(var_l, int(var_r[0]), DICTIONARIES[int(Mindex.index(var_l[1]))])
+ except KeyError as ke:
+ error_exit("incorrect arithmetic assignment. please check:" + str(ke))
+
+ # case 3: (var)=(var)
+ else:
+ try:
+ var_r[1] = "_"+var_r[1]
+ var_l[1] = "_"+var_l[1]
+ dict_l=DICTIONARIES[int(Mindex.index(var_l[1]))]
+ num_bits_left=dict_l[var_l[0]]
+ dict_r=DICTIONARIES[int(Mindex.index(var_r[1]))]
+ num_bits_right=dict_r[var_r[0]]
+ except KeyError as ke:
+ # print('Key Not Found in Employee Dictionary:', ke)
+ error_exit("incorrect arithmetic assignment. please check:"+ str(ke))
+
+
+ if(num_bits_left != num_bits_right):
+ error_exit("arithmetic operation requires two variables with same number of bits in binary representations.")
+ else:
+ if("!="in op):
+ blasted = "~"+binary_eq(var_l, var_r, num_bits_left)
+ else:
+ blasted = binary_eq(var_l, var_r, num_bits_left)
+
+ text = text.replace(op, blasted)
+
+
+
+
+ # clea up quantifiers
+ text = text.replace("forall","")
+ text = text.replace("exists","")
+ text = re.sub("[a-z, A-Z]\.", "", text)
+ # clean up arith operations
+ text = text.replace("*","")
+ text = remove_dot(text)
+ # text = text.replace(" ","")
+
+ if(To_Negate_formula):
+ text= "~("+ text + ")"
+
+ ### finally, write to P file
+ P_bool = open(translated_formula_file_name , "w")
+ text = text.replace(' ', '').replace('\t', '').replace('\n', '')
+ P_bool.write(text)
+ P_bool.close()
+
+
+
+
+#################
+# Main #
+#################
+ARGS=(sys.argv)
+# print("ARGS: ", ARGS)
+OUTPUT_LOCATION=ARGS[1]
+PARSE_INDEX=0
+DICTIONARIES = []
+SUCCESS_OUT=""
+smv_file_name=""
+
+# get the mode first
+FLAG=""
+if ("-find" in ARGS):
+ FLAG="-find"
+else:
+ FLAG="-bughunt"
+
+# print("\nparsing models... ")
+for i in range(0, len(ARGS)):
+ # print(ARGS[i])
+ if (".smv" in str(ARGS[i])):
+ PARSE_INDEX = PARSE_INDEX + 1
+ parsed_madel_file_I_name = OUTPUT_LOCATION + '/I_'+ str(PARSE_INDEX)+'.bool'
+ parsed_madel_file_R_name = OUTPUT_LOCATION + '/R_'+ str(PARSE_INDEX)+'.bool'
+
+ ### if model is repeating
+ if (smv_file_name == ARGS[i]):
+ prev_I = OUTPUT_LOCATION + '/I_'+ str(PARSE_INDEX-1)+'.bool'
+ prev_R = OUTPUT_LOCATION + '/R_'+ str(PARSE_INDEX-1)+'.bool'
+ os.system("cp" + " " + prev_I + " " + parsed_madel_file_I_name)
+ os.system("cp" + " " + prev_R + " " + parsed_madel_file_R_name)
+ DICTIONARIES.append(bitblasting_dict)
+ else:
+ ### start a new parsing
+ smv_file_name = ARGS[i]
+ pynusmv.init.init_nusmv()
+ bitblasting_dict = {}
+ main_model_parse(smv_file_name, bitblasting_dict, parsed_madel_file_I_name, parsed_madel_file_R_name, PARSE_INDEX)
+ DICTIONARIES.append(bitblasting_dict)
+ pynusmv.init.deinit_nusmv() # release pynusmv instance for next parsing
+
+
+ elif ((".hq" in str(ARGS[i])) and (str(ARGS[i]) != "P.hq")):
+ # print("\nparsing HyperLTL formula... ")
+ formula_file_name = ARGS[i]
+ translated_formula_file_name = OUTPUT_LOCATION + '/P.hq'
+ QS_file_name = OUTPUT_LOCATION + '/QS'
+ # print(DICTIONARIES)
+ # FLAG = sys.argv[4]
+ To_Negate_formula=(FLAG=="-bughunt")
+ # print("\ntranslating HyperLTL formula...")
+ # main_formula_construct(formula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, translated_formula_file_name)
+ # global DICTIONARIES
+ main_formula_construct(formula_file_name, DICTIONARIES, translated_formula_file_name, QS_file_name, To_Negate_formula)
+ break
+
+print(SUCCESS_OUT) # parsing successfully completed. return.
+
+
+
+
+
+# print("\ntranslating SMV model(s)...")
+# pynusmv.init.init_nusmv()
+# M1_bitblasting_dict = {}
+# main_model_parse(M1_smv_file_name, M1_bitblasting_dict, M1_parsed_madel_file_I_name, M1_parsed_madel_file_R_name)
+# # RESET PUNUSMV and init it again.
+# pynusmv.init.deinit_nusmv()
+# pynusmv.init.init_nusmv()
+# M2_bitblasting_dict = {}
+# main_model_parse(M2_smv_file_name, M2_bitblasting_dict, M2_parsed_madel_file_I_name, M2_parsed_madel_file_R_name)
+
+
+# print("\ntranslating HyperLTL formula...")
+# main_formula_construct(formula_file_name, M1_bitblasting_dict, M2_bitblasting_dict, translated_formula_file_name)
diff --git a/hyperqb.sh b/hyperqb.sh
new file mode 100755
index 00000000..64902231
--- /dev/null
+++ b/hyperqb.sh
@@ -0,0 +1,209 @@
+#!/bin/bash
+TIMEFORMAT="%Rs"
+### Parameters
+# SINGLE_PARSER=exec/single_model_parser.py
+MULTI_PARSER=exec/model_parser.py
+ARBITRARY_PARSER=exec/parser.py
+
+# HyperQB parameters
+# GENQBF=exec/genqbf
+# GENQBF=src/cplusplus/genqbf
+QUABS=exec/quabs
+MAP=exec/util_mapvars
+PARSE_BOOL=exec/util_parsebools
+
+ERROR="(!) HyperQB error"
+
+### setup output folder
+# \THH_TODO: put this back before submission.
+# DATE=`date +"%Y-%m-%d@%T"`
+DATE="today"
+
+OUTFOLDER="build_"${DATE}"/"
+rm -f -R "build_today/"
+mkdir ${OUTFOLDER}
+
+QCIR_OUT=${OUTFOLDER}HQ.qcir
+QUABS_OUT=${OUTFOLDER}HQ.quabs
+MAP_OUT1=${OUTFOLDER}_byName.cex
+MAP_OUT2=${OUTFOLDER}_byTime.cex
+PARSE_OUT=${OUTFOLDER}_formatted.cex
+I=${OUTFOLDER}I_1.bool
+R=${OUTFOLDER}R_1.bool
+J=${OUTFOLDER}I_2.bool
+S=${OUTFOLDER}R_2.bool
+Q=${OUTFOLDER}I_3.bool
+W=${OUTFOLDER}R_3.bool
+P=${OUTFOLDER}P.hq
+QSFILE=${OUTFOLDER}QS
+FORMULA=""
+
+
+# output files
+# \THH_TODO: add this before submission
+while getopts "proj:" arg; do
+ case $arg in
+ n) PROJ=$OPTARG;;
+ esac
+done
+
+
+
+## updated Jan.28:merge parse and bmc
+echo ""
+echo "------( HyperQB START! )------"
+## get current location and arguments
+PWD=$(pwd)
+ALLARG=$@
+
+
+### fetch model(s) and HP formula
+HQFILE='.hq'
+COUNTER=1
+declare -a MODELS
+for var in "$@"
+do
+ if [[ "${var}" =~ ^[0-9]+$ ]]; then
+ k=${var}
+ break
+ elif [ ! -f "$var" ]; then
+ echo "error: the file $var does not exist" # check the file is there
+ exit 1
+ fi
+
+ if [[ "${var}" =~ .*"$HQFILE".* ]]; then
+ FORMULA=${var}
+ else
+ MODELS[${COUNTER}]=${var}
+ fi
+ let COUNTER++
+done
+
+
+### Check which is used (-bughunt or -find) ###
+if echo $* | grep -e "-find" -q
+then
+ FLAG="-find"
+elif echo $* | grep -e "-bughunt" -q
+then
+ FLAG="-bughunt"
+else
+ echo "*mode is not specified, default to (-bughunt)"
+ FLAG="-bughunt"
+fi
+
+
+### check which bunded semantics is used ###
+if echo $* | grep -e "-pes" -q
+then
+ SEM="PES"
+ # echo "pessimistic semantics (-pes)"
+elif echo $* | grep -e "-opt" -q
+then
+ SEM="OPT"
+ # echo "optimistic semantics (-opt)"
+elif echo $* | grep -e "-hpes" -q
+then
+ SEM="TER_PES"
+ # echo "halting-pessimistic semantics (-hpes)"
+elif echo $* | grep -e "-hopt" -q
+then
+ SEM="TER_OPT"
+ # echo "halting-optimistic semantics (-opt)"
+else
+ echo "(!) HyperQB error: incorrect semantic input."
+ echo " please use { -pes | -opt | -hpes | -hopt } semantics of the unrolling from one of the follows:"
+ echo " (pessimistic / optimistic / halting-pessimistic / halting-optimistic)"
+ exit 1
+fi
+
+
+### parse the NuSMV models and the given formula ###
+
+printf "NuSMV models and HyperLTL formula parsing..."
+# RUN PARSER on Docker
+# echo "(using docker for parsing, parsing could become slower)"
+# TIME_PARSE=$(docker run --platform linux/amd64 -v ${PWD}:/mnt tzuhanmsu/hyperqube:latest /bin/bash -c "cd mnt/; TIMEFORMAT="%Rs"; time python3 ${ARBITRARY_PARSER} ${OUTFOLDER} ${MODELS[@]} ${FORMULA} ${P} ${QSFILE} ${FLAG}; ")
+
+# RUN PARSER locally, if the setup on your local machine is successful
+TIME_PARSE=$(time python3 ${ARBITRARY_PARSER} ${OUTFOLDER} ${MODELS[@]} ${FORMULA} ${P} ${QSFILE} ${FLAG})
+
+
+# if any error happens in parsing, exit HyperQB
+if [[ "${TIME_PARSE}" == *"$ERROR"* ]]; then
+ echo ${TIME_PARSE}
+ exit 1
+fi
+
+### check what is the quantifier selection
+if [ ! -f "${QSFILE}" ]; then
+ echo "(!) HyperQB error: no ${QSFILE} exists."
+ echo "please check the formula see if the quantifers are corretly specified. "
+ exit 1
+fi
+source "${QSFILE}" # instantiate QS
+
+
+
+
+printf "BMC unrolling with genqbf..................."
+QCIR_OUT=${OUTFOLDER}HQ.qcir
+n=${#QS}
+if [ ${n} -eq 2 ]
+then
+ GENQBF=exec/genqbf # classic 1 quants
+ TIME_GENQBF=$(time ${GENQBF} -I ${I} -R ${R} -J ${J} -S ${S} -P ${P} -k ${k} -F ${QS} -f qcir -o ${QCIR_OUT} -sem ${SEM} -n --fast)
+else
+ lst_NEW_QUANTS="AAE EAA EEA AEA EEE AEE AAAE EAAE AAAE AAEE EAAEE AAAEEE" #special cases we investigate
+
+ if [[ $lst_NEW_QUANTS =~ (^|[[:space:]])${QS}($|[[:space:]]) ]]; then
+ GENQBF=exec/genqbf_v5 # updated genqbf
+ TIME_GENQBF=$(time ${GENQBF} -I ${I} -R ${R} -J ${J} -S ${S} -Q ${Q} -W ${W} -Z ${J} -X ${S} -C ${Q} -V ${W} -P ${P} -k ${k} -F ${QS} -f qcir -o ${QCIR_OUT} -sem ${SEM} -n)
+ else
+ ALL_I_R=$(find ${OUTFOLDER}*.bool )
+ GENQBF=src/cplusplus/genqbf # with arbitrary quantifiers
+ # TIME_GENQBF=$(time ${GENQBF} ${k} ${SEM} ${QS} ${ALL_I_R} ${FORMULA})
+ time ${GENQBF} ${k} ${SEM} ${QS} ${ALL_I_R} ${P}
+ fi
+fi
+
+
+if [ ! -s ${QCIR_OUT} ]; then
+ echo "(!) HyperQB error: .qcir file is empty. check if errors are reported."
+ exit 1
+fi
+printf "QBF solving with QuAbS......................"
+# time ${QUABS} --partial-assignment ${QCIR_OUT} 2>&1 | tee ${QUABS_OUT}
+TIME_QUABS=$(time ${QUABS} --partial-assignment ${QCIR_OUT} > ${QUABS_OUT})
+OUTCOME=$(grep "r " ${QUABS_OUT})
+
+
+
+echo "--------------- Summary of HyperQB ---------------"
+echo "| Models: " ${MODELS[*]}
+echo "| Formula: " ${FORMULA}
+echo "| Quantifiers:" ${QS}
+echo "| QBF solving:" ${OUTCOME}
+echo "| Semantics: " ${SEM}
+echo "| #states: " ${TIME_PARSE}
+echo "| Bound k: " ${k}
+echo "| Mode: " ${FLAG}
+echo "----------------------------------------------------"
+echo "------(END HyperQB)------"
+
+echo ""
+echo ""
+
+
+
+
+# ## TODO: update these two scripts using python
+# echo "(Get Nice-formatted Output if witness/counterexample is found)"
+# if [ ! -f "$QCIR_OUT" ]; then
+# echo "$QCIR_OUT does not exists"
+# exit 1
+# echo "no QCIR output"
+# fi
+# echo "parsing into readable format..."
+# ${MAP} ${QCIR_OUT} ${QUABS_OUT} ${MAP_OUT1} ${MAP_OUT2}
+# ${PARSE_BOOL} ${MAP_OUT2} ${PARSE_OUT}
diff --git a/hyperqube.sh b/hyperqube.sh
deleted file mode 100755
index 0f1fb1a6..00000000
--- a/hyperqube.sh
+++ /dev/null
@@ -1,188 +0,0 @@
-#!/bin/sh
-
-### Parameters
-SINGLE_PARSER=exec/single_model_parser.py
-MULTI_PARSER=exec/multi_model_parser.py
-# HyperQube subTools
-GENQBF=exec/genqbf
-QUABS=exec/quabs
-MAP=exec/util_mapvars
-PARSE_BOOL=exec/util_parsebools
-# output files
-QCIR_OUT=HQ.qcir
-QUABS_OUT=HQ.quabs
-MAP_OUT1=OUTPUT_byName.cex
-MAP_OUT2=OUTPUT_byTime.cex
-PARSE_OUT=OUTPUT_formatted.cex
-
-
-## updated Jan.28:merge parse and bmc
-echo "\n------( HyperQube START! )------\n"
-## get current location
-PWD=$(pwd)
-## get all arguments
-ALLARG=$@
-# echo ${ALLARG}
-
-## execute python scripts on docker
-# docker run -v ${PWD}:/mnt tzuhanmsu/hyperqube:latest /bin/bash -c "cd mnt/; ./parse.sh ${ALLARG}; "
-
-## clean up previous generated
-echo "(clean up previous generated files..)\n"
-find . -name "*.bool" -delete
-find . -name "*.cex" -delete
-find . -name "*.quabs" -delete
-find . -name "*.qcir" -delete
-find . -name "*.cex" -delete
-# make clean
-
-# if wrong number of arguments
-if [ "$#" -ne 4 ] && [ "$#" -ne 5 ] && [ "$#" -ne 6 ] && [ "$#" -ne 7 ]; then
- echo "HyperQube error: wrong number of arguments of HyperQube: \n"
- echo "- Simgle-model BMC: $0 {model}.smv {formula}.hq"
- echo "- Multi-model BMC: $0 {model_1}.smv {model_2}.smv {formula}.hq \n"
- echo "\n------(END HyperQube)------\n"
- exit 1
-fi
-
-
-
-if echo $* | grep -e "-find" -q
-then
- echo "[ Running with find witness mode ]"
- FLAG="-find"
-elif echo $* | grep -e "-bughunt" -q
-then
- echo "[ Running with bug hunting mode ]"
- FLAG="-bughunt"
-else
- echo FLAG=""
-fi
-
-I=I.bool
-R=R.bool
-J=I.bool
-S=R.bool
-P=P.bool
-
-if echo $* | grep -e "-single" -q
-then
- echo "[ Running with single model mode ]"
- MODE=single
- echo "perform single model BMC"
- NUSMVFILE=$1
- FORMULA=$2
- k=$3
- SEMANTICS=$4
- if [ ! -f "$NUSMVFILE" ]; then
- echo "error: $NUSMVFILE does not exist"
- exit 1
- fi
- if [ ! -f "$FORMULA" ]; then
- echo "error: $FORMULA does not exist"
- exit 1
- fi
- ### using local python build
- # python3 ${SINGLE_PARSER} ${NUSMVFILE} ${FORMULA} ${I} ${R} ${P} ${FLAG}
- ### using docker
- docker run -v ${PWD}:/mnt tzuhanmsu/hyperqube:latest /bin/bash -c "cd mnt/; python3 ${SINGLE_PARSER} ${NUSMVFILE} ${FORMULA} ${I} ${R} ${P} ${FLAG}; "
-elif echo $* | grep -e "-multi" -q
-then
- echo "[ Running with multi model mode ]"
- MODE=multi
- M1_NUSMVFILE=$1
- M2_NUSMVFILE=$2
- FORMULA=$3
- k=$4
- SEMANTICS=$5
- if [ ! -f "$M1_NUSMVFILE" ]; then
- echo "error: $M1_NUSMVFILE does not exist"
- exit 1
- fi
- if [ ! -f "$M2_NUSMVFILE" ]; then
- echo "error: $M2_NUSMVFILE does not exist"
- exit 1
- fi
- if [ ! -f "$FORMULA" ]; then
- echo "error: $FORMULA does not exist"
- exit 1
- fi
- ### using local python build
- # python3 ${MULTI_PARSER} ${M1_NUSMVFILE} ${I} ${R} ${M2_NUSMVFILE} ${J} ${S} ${FORMULA} ${P} ${FLAG}
- ### using docker
- docker run -v ${PWD}:/mnt tzuhanmsu/hyperqube:latest /bin/bash -c "cd mnt/; python3 ${MULTI_PARSER} ${M1_NUSMVFILE} ${I} ${R} ${M2_NUSMVFILE} ${J} ${S} ${FORMULA} ${P} ${FLAG}; "
-else
- echo "HyperQube error: please specify mode: -single | -multi \n"
- exit 1
-fi
-
-
-## run BMC
-## updated Jan.28
-if echo $* | grep -e "-pes" -q
-then
- SEM="PES"
-elif echo $* | grep -e "-opt" -q
-then
- SEM="OPT"
-elif echo $* | grep -e "-hpes" -q
-then
- SEM="TER_PES"
-elif echo $* | grep -e "-hopt" -q
-then
- SEM="TER_OPT"
-else
- echo "HyperQube error: incorrect semantic input. "
- echo " use { -pes | -opt | -hpes | -hopt } semantics of the unrolling from one of the follows:"
- echo " (pessimistic / optimistic / halting-pessimistic / halting-optimistic)"
- exit 1
-fi
-
-
-if [ ! -f "QS.bool" ]; then
- exit 1
-fi
-source QS.bool
-
-echo "\n--------------- Summary of Model Checking Info ---------------"
-echo "| Quantifiers:" ${QS}
-echo "| Bound k: " ${k}
-echo "| Semantics: " ${SEMANTICS}
-if [ "$MODE" = "single" ]; then
- echo "| Model: " ${NUSMVFILE}
-elif [ "$MODE" = "multi" ]; then
- echo "| Models: " ${M1_NUSMVFILE} ", " ${M2_NUSMVFILE}
-fi
-echo "| HyperLTL formula: " ${FORMULA}
-echo "-------------------------------------------------------------- \n\n"
-
-echo "\n============ Unrolling with genQBF + Solving with QuAbS ============"
-echo "generating QBF BMC..."
-${GENQBF} -I ${I} -R ${R} -J ${J} -S ${S} -P ${P} -k ${k} -F ${QS} -f qcir -o ${QCIR_OUT} -sem ${SEM} -n --fast
-
-echo "solving QBF..."
-${QUABS} --partial-assignment ${QCIR_OUT} 2>&1 | tee ${QUABS_OUT}
-# ${QUABS} --statistics --preprocessing 0 --partial-assignment ${QCIR_OUT} 2>&1 | tee ${QUABS_OUT}
-
-
-echo "\n============ Get Nice-formatted Output if Output is avaialbe ============"
-
-if [ ! -f "$QCIR_OUT" ]; then
- echo "$QCIR_OUT not exists"
- exit 1
-fi
-
-echo "parsing into readable format..."
-# # echo "---Counterexample Mapping---"
-# javac ${MAP}.java
-# java ${MAP}.java ${QCIR_OUT} ${QUABS_OUT} ${MAP_OUT1} ${MAP_OUT2}
-${MAP} ${QCIR_OUT} ${QUABS_OUT} ${MAP_OUT1} ${MAP_OUT2}
-
-# javac ${PARSE_BOOL}.java
-# java ${PARSE_BOOL}.java ${MAP_OUT2} ${PARSE_OUT}
-${PARSE_BOOL} ${MAP_OUT2} ${PARSE_OUT}
-# echo "(under condtruction...)"
-# python3 ${PARSE_OUTPUT} ${MAP_OUT2} ${PARSE_OUT} ${k}
-# #by time
-
-echo "\n------(END HyperQube)------\n"
diff --git a/run_all.sh b/run_all.sh
deleted file mode 100755
index 2852683e..00000000
--- a/run_all.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/sh
-
-# This script runs experiments we provided in the tool paper.
-# * Requirements *
-# Before running, please make sure Docker is installed: (https://docs.docker.com/get-docker/)
-
-# HyperQube Tool Parameters
-HYPERQUBE=./hyperqube.sh
-PES='-pes' # default value
-OPT='-opt'
-SINGLE='-single'
-MULTI='-multi'
-BUGHUNT="-bughunt" # default value
-FIND="-find"
-
-# M1 Mac use:
-# --platform linux/amd64
-
-# [DEMO 1: run bakery algorithm with symmetry property]
-# ${HYPERQUBE} demo/bakery.smv demo/symmetry.hq 10 ${PES} ${SINGLE} ${BUGHUNT}
-${HYPERQUBE} demo/bakery.smv demo/bakery.smv demo/symmetry.hq 10 ${PES} ${MULTI} ${BUGHUNT}
-
-# [DEMO 2: run SNARK1 with linearizabilty property]
-# ${HYPERQUBE} demo/snark_conc.smv demo/snark_seq.smv demo/linearizability.hq 10 ${PES} ${MULTI} ${BUGHUNT}
-
-
-# [Deniability]
-# CASEFOLDER=cases_bmc/deniability/
-# ${HYPERQUBE} ${CASEFOLDER}electronic_wallet.smv dummy.hq 15 ${PES} ${SINGLE} ${FIND}
diff --git a/run_cases.sh b/run_cases.sh
new file mode 100755
index 00000000..80023663
--- /dev/null
+++ b/run_cases.sh
@@ -0,0 +1,90 @@
+#!/bin/sh
+#####################################################################################################
+# This script runs ALL experiments (0.1-11.1) we provided in Table 3 of our tool paper submission #
+#####################################################################################################
+
+### HyperQB Tool Parameters
+HyperQB=./hyperqb.sh
+PES='-pes' # default value
+OPT='-opt'
+HPES='-hpes'
+HOPT='-hopt'
+# SINGLE='-single'
+# MULTI='-multi'
+BUGHUNT="-bughunt" # default value
+FIND="-find"
+
+### Requirements:
+### 1. Before running, please make sure Docker is installed: (https://docs.docker.com/get-docker/)
+### 2. Apple Chop Macs might need to use: --platform linux/amd64
+
+##################################################
+# All Experiments in CAV23 tool paper submission #
+##################################################
+### (1) Previous cases in TACAS21 submission:
+
+### [0.1-0.3 BAKERY]
+# ${HyperQB} cases_bmc/tacas_bakery/bakery_3procs.smv cases_bmc/tacas_bakery/bakery_3procs.smv cases_bmc/tacas_bakery/bakery_formula_S1_3proc.hq 7 ${PES} ${FIND}
+# ${HyperQB} cases_bmc/tacas_bakery/bakery_3procs.smv cases_bmc/tacas_bakery/bakery_3procs.smv cases_bmc/tacas_bakery/bakery_formula_S2_3proc.hq 12 ${PES} ${FIND}
+# ${HyperQB} cases_bmc/tacas_bakery/bakery_3procs.smv cases_bmc/tacas_bakery/bakery_3procs.smv cases_bmc/tacas_bakery/bakery_formula_S3_3proc.hq 20 ${OPT} ${FIND}
+### [1.1-1.4 BAKERY]
+# ${HyperQB} cases_bmc/tacas_bakery/bakery_3procs.smv cases_bmc/tacas_bakery/bakery_3procs.smv cases_bmc/tacas_bakery/bakery_formula_sym1_3proc.hq 10 ${PES} ${BUGHUNT}
+# ${HyperQB} cases_bmc/tacas_bakery/bakery_3procs.smv cases_bmc/tacas_bakery/bakery_3procs.smv cases_bmc/tacas_bakery/bakery_formula_sym2_3proc.hq 10 ${PES} ${BUGHUNT}
+# ${HyperQB} cases_bmc/tacas_bakery/bakery_5procs.smv cases_bmc/tacas_bakery/bakery_5procs.smv cases_bmc/tacas_bakery/bakery_formula_sym1_5proc.hq 10 ${PES} ${BUGHUNT}
+# ${HyperQB} cases_bmc/tacas_bakery/bakery_5procs.smv cases_bmc/tacas_bakery/bakery_5procs.smv cases_bmc/tacas_bakery/bakery_formula_sym2_5proc.hq 10 ${PES} ${BUGHUNT}
+
+### [2.1-2.2 SNARK 2.1-2.2]
+# ${HyperQB} cases_bmc/tacas_snark/snark1_M1_concurrent.smv cases_bmc/tacas_snark/snark1_M2_sequential.smv cases_bmc/tacas_snark/snark1_formula.hq 18 ${PES} ${FIND}
+# ${HyperQB} cases_bmc/tacas_snark/snark2_new_M1_concurrent.smv cases_bmc/tacas_snark/snark2_new_M2_sequential.smv cases_bmc/tacas_snark/snark2_formula.hq 30 ${PES} ${FIND}
+
+### [3.1-3.2 3-Thread]
+# ${HyperQB} cases_bmc/tacas_multi_threaded/NI_incorrect.smv cases_bmc/tacas_multi_threaded/NI_incorrect.smv cases_bmc/tacas_multi_threaded/NI_formula.hq 57 ${HPES} ${BUGHUNT}
+# ${HyperQB} cases_bmc/tacas_multi_threaded/NI_correct.smv cases_bmc/tacas_multi_threaded/NI_correct.smv cases_bmc/tacas_multi_threaded/NI_formula.hq 57 ${HOPT} ${BUGHUNT}
+
+### [4.1-4.2 Non-repudiation Protocol]
+# ${HyperQB} cases_bmc/tacas_nrp/NRP_incorrect.smv cases_bmc/tacas_nrp/NRP_incorrect.smv cases_bmc/tacas_nrp/NRP_formula.hq 15 ${HPES} ${BUGHUNT}
+# ${HyperQB} cases_bmc/tacas_nrp/NRP_correct.smv cases_bmc/tacas_nrp/NRP_correct.smv cases_bmc/tacas_nrp/NRP_formula.hq 15 ${HOPT} ${BUGHUNT}
+
+### -------------------------Table 5-----------------------------------
+### [5.1 Robotic planning: Shortest Path]
+# ${HyperQB} cases_bmc/tacas_robotic/robotic_sp_100.smv cases_bmc/tacas_robotic/robotic_sp_100.smv cases_bmc/tacas_robotic/robotic_sp_formula.hq 20 ${PES} ${FIND}
+# ${HyperQB} cases_bmc/tacas_robotic/robotic_sp_400.smv cases_bmc/tacas_robotic/robotic_sp_400.smv cases_bmc/tacas_robotic/robotic_sp_formula.hq 40 ${PES} ${FIND}
+# ${HyperQB} cases_bmc/tacas_robotic/robotic_sp_1600.smv cases_bmc/tacas_robotic/robotic_sp_1600.smv cases_bmc/tacas_robotic/robotic_sp_formula.hq 80 ${PES} ${FIND}
+# ${HyperQB} cases_bmc/tacas_robotic/robotic_sp_3600.smv cases_bmc/tacas_robotic/robotic_sp_3600.smv cases_bmc/tacas_robotic/robotic_sp_formula.hq 120 ${PES} ${FIND}
+
+### [5.2 Robotic planning: Initial State Robustness]
+# ${HyperQB} cases_bmc/tacas_robotic/robotic_robustness_100.smv cases_bmc/tacas_robotic/robotic_robustness_100.smv cases_bmc/tacas_robotic/robotic_robustness_formula.hq 20 ${PES} ${FIND}
+# ${HyperQB} cases_bmc/tacas_robotic/robotic_robustness_400.smv cases_bmc/tacas_robotic/robotic_robustness_400.smv cases_bmc/tacas_robotic/robotic_robustness_formula.hq 40 ${PES} ${FIND}
+# ${HyperQB} cases_bmc/tacas_robotic/robotic_robustness_1600.smv cases_bmc/tacas_robotic/robotic_robustness_1600.smv cases_bmc/tacas_robotic/robotic_robustness_formula.hq 80 ${PES} ${FIND}
+# ${HyperQB} cases_bmc/tacas_robotic/robotic_robustness_3600.smv cases_bmc/tacas_robotic/robotic_robustness_3600.smv cases_bmc/tacas_robotic/robotic_robustness_formula.hq 120 ${PES} ${FIND}
+
+### --------------------------Table 5----------------------------------
+
+### [6.1 Mutation Testing]
+# ${HyperQB} cases_bmc/tacas_mutation_testing/mutation_testing.smv cases_bmc/tacas_mutation_testing/mutation_testing.smv cases_bmc/tacas_mutation_testing/mutation_testing.hq 10 ${HOPT} ${FIND}
+
+
+### (2) New cases in CAV23 submission compare to TACAS21 submission:
+
+### [7.1 Coterm]
+# ${HyperQB} cases_bmc/cav_coterm/coterm1.smv cases_bmc/cav_coterm/coterm2.smv cases_bmc/cav_coterm/coterm.hq 102 ${OPT} ${BUGHUNT}
+
+### [8.1 Deniability]
+# ${HyperQB} cases_bmc/cav_deniability/electronic_wallet.smv cases_bmc/cav_deniability/electronic_wallet.smv cases_bmc/cav_deniability/electronic_wallet.smv cases_bmc/cav_deniability/den.hq 20 ${OPT} ${BUGHUNT}
+
+### [9.1 - 9.3 Intransitive]
+### first, it violates classic_OD (PES, SAT)
+# ${HyperQB} cases_bmc/cav_shared_buffer/unscheduled_buffer.smv cases_bmc/cav_shared_buffer/unscheduled_buffer.smv cases_bmc/cav_shared_buffer/classic_OD.hq 10 ${PES} ${BUGHUNT}
+### however, with scheduler involves, it satisfies intransitive_OD (OPT, UNSAT)
+# ${HyperQB} cases_bmc/cav_shared_buffer/scheduled_buffer.smv cases_bmc/cav_shared_buffer/scheduled_buffer.smv cases_bmc/cav_shared_buffer/intrans_OD.hq 10 ${OPT} ${BUGHUNT}
+### next, it violates
+### same, the scheduler guarantees GMNI
+# ${HyperQB} cases_bmc/cav_shared_buffer/scheduled_buffer.smv cases_bmc/cav_shared_buffer/scheduled_buffer.smv cases_bmc/cav_shared_buffer/intrans_GMNI.hq 10 ${PES} ${BUGHUNT}
+
+### [10.1 - 10.2 TINI and TSNI]
+# ${HyperQB} cases_bmc/cav_tini/ni_example.smv cases_bmc/cav_tini/ni_example.smv cases_bmc/cav_tini/tini.hq 10 ${OPT} ${BUGHUNT}
+# ${HyperQB} cases_bmc/cav_tsni/ni_example.smv cases_bmc/cav_tsni/ni_example.smv cases_bmc/cav_tsni/tsni.hq 10 ${OPT} ${BUGHUNT}
+
+### [11.1 K-safety]
+### doubleSquare
+# ${HyperQB} cases_bmc/cav_ksafety/doubleSquare.smv cases_bmc/cav_ksafety/doubleSquare.smv cases_bmc/cav_ksafety/doubleSquare1.hq 64 ${PES} ${BUGHUNT}
diff --git a/run_demos.sh b/run_demos.sh
new file mode 100755
index 00000000..e0c2f155
--- /dev/null
+++ b/run_demos.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+#####################################################################################################
+# This script runs ALL experiments (0.1-11.1) we provided in Table 3 of our tool paper submission #
+#####################################################################################################
+
+### Requirements:
+### 1. Before running, please make sure Docker is installed: (https://docs.docker.com/get-docker/)
+### 2. Apple Chop Macs might need to use: --platform linux/amd64
+
+### DEMOS, see README for detailed explination
+
+### [demo 1: run bakery algorithm with symmetry property]
+# ./hyperqb.sh demo/bakery.smv demo/bakery.smv demo/symmetry.hq 10 -pes
+### [dem0 2: run SNARK algorithm with linearizability propoerty]
+# ./hyperqb.sh demo/SNARK_conc.smv demo/SNARK_seq.smv demo/lin.hq 18 -pes
+### [demo 3: run simple_krip with simple_krip_formula]
+./hyperqb.sh demo/mini.smv demo/mini.smv demo/mini.hq 3 -pes -find
+# ./hyperqb.sh demo/mini.smv demo/mini.smv demo/mini.smv demo/mini.smv demo/mini_try.hq 10 -pes -find
+# ./hyperqb.sh demo/mini.smv demo/mini.smv demo/mini.smv demo/mini.hq 3 -pes
diff --git a/src/.DS_Store b/src/.DS_Store
index 770b1484..e94c27d0 100644
Binary files a/src/.DS_Store and b/src/.DS_Store differ
diff --git a/src/cplusplus/.DS_Store b/src/cplusplus/.DS_Store
new file mode 100644
index 00000000..1938eb82
Binary files /dev/null and b/src/cplusplus/.DS_Store differ
diff --git a/src/cplusplus/build.sh b/src/cplusplus/build.sh
new file mode 100755
index 00000000..cca5da4a
--- /dev/null
+++ b/src/cplusplus/build.sh
@@ -0,0 +1,5 @@
+CC=g++
+TARGET=genqbf
+SRC=genqbf.cpp
+
+g++ -std=c++17 -o ${TARGET} ${SRC}
diff --git a/src/cplusplus/genqbf b/src/cplusplus/genqbf
new file mode 100755
index 00000000..3feb6bf7
Binary files /dev/null and b/src/cplusplus/genqbf differ
diff --git a/src/cplusplus/genqbf.cpp b/src/cplusplus/genqbf.cpp
new file mode 100755
index 00000000..e4447b07
--- /dev/null
+++ b/src/cplusplus/genqbf.cpp
@@ -0,0 +1,790 @@
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include