Changes between Version 16 and Version 17 of ContractReduction
- Timestamp:
- 07/21/14 16:02:43 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
ContractReduction
v16 v17 77 77 Claim: for any process p, if AMPLE(s,p) contains a process with at least one enabled transition in s, 78 78 then it defines an ample set, i.e., from any execution departing from s, no transition dependent 79 on a transition from a proc in AMPLE(s,p) can occur without a transition from a proc in AMPLE(s,p) occurring first. 79 on a transition from a proc in AMPLE(s,p) can occur without a transition from a proc in 80 AMPLE(s,p) occurring first. 80 81 81 Proof: Let AMPLE=AMPLE(s,p). 82 === Proof of Claim === 83 84 Let AMPLE=AMPLE(s,p). 85 82 86 Let 83 87 … … 98 102 from a proc in A(s,S0,q0) occurring first. Hence for some i, t_i is from a proc in A(s,S0,q0), and therefore t_i is in AMPLE, 99 103 contradicting the ASSUMPTION. QED. 104 105 === Use of `$depends` === 106 107 In the case where S is a function call, the `$depends` clause in the function contract specifies the 108 set A(s,S,p) as follows: first the depends clause specifies a predicate d(s,q) where s is a state and 109 q is a proc. Then 110 111 A(s,S,p) = {p} U {q|d(s,q)} 112 113 100 114 101 115
