-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbigcasestudy.als
67 lines (54 loc) · 1.55 KB
/
bigcasestudy.als
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
abstract sig Event {
condition : set Event,
response : set Event
}
sig Mark {
executed : set Event,
toBeExecuted : set Event,
action : set Mark -> set Event
}
fact {
all m,m': Mark, e : Event |
(m -> m' -> e) in action <=>
(condition.e in m.executed and
m'.executed = m.executed + e and
m'.toBeExecuted = (m.toBeExecuted - e)
+ e.response)
}
------------------------- a particular instance -------------------------
one sig PrescribeMed, SignDoc, PrepMed, GiveMed, SecEffect, ThEffect, FourEffect extends Event {}
fact {
-- PrescibeMed has no condition events
no condition.PrescribeMed
-- PrescribeMed triggers GiveMed
PrescribeMed.response = GiveMed + PrepMed + SignDoc
-- PrescribeMed is the condition for SignDoc
condition.SignDoc = PrescribeMed
-- SignDoc triggers the PrepMed
no SignDoc.response
-- no condition for prepmed
no condition.PrepMed
-- PrepMed doens't trigger events
no PrepMed.response
-- To give medicine a signature must exist and it must be prepared
condition.GiveMed = SignDoc + PrepMed
-- GiveMed doens't trigger events
no GiveMed.response
SecEffect.response = PrescribeMed
condition.SecEffect = GiveMed
ThEffect.response = SecEffect
condition.ThEffect = SecEffect
FourEffect.response = ThEffect
condition.FourEffect = ThEffect
}
--run {}
assert noExecuted {
let transRun = ^(action.Event) |
all m,m' : Mark |
( no m.(executed+toBeExecuted) and
m' in m.transRun and
FourEffect in m'.executed and
no m'.toBeExecuted )
implies no m'.executed
}
check noExecuted for 12 Mark, 7 Event