// Modest model for the IEEE 1394 FireWire Root Contention Protocol
action done;

const int RED = 10; // reduction factor
const int rc_fast_min = (int) (760 / RED);
const int rc_fast_max = (int) (850 / RED);
const int rc_slow_min = (int) (1590 / RED);
const int rc_slow_max = (int) (1670 / RED);
const int delay = (int) (360 / RED);

// Properties
// Probabilistic reachability
// "with probability 1, eventually both stations send their packet correctly"
//property P_1 = P(<> did(done)) >= 1.0;

// Probabilistic time-bounded reachability
// "the minimum/maximum probability of both stations
// correctly delivering their packets by the deadline D"
const int D;
//property D_max = Pmax(<> did(done) && time <= D);
property D_min = Pmin(<> did(done) && time <= D);

// Expected reachability
// "the minimum/maximum expected time until both stations correctly deliver their packets"
//property E_min = Tmin(did(done));
//property E_max = Tmax(did(done));


clock c;

process I_1() {

process FAST_FAST() {
invariant(c<=rc_fast_max)
alt { :: when(c>=rc_fast_min-delay) done :: when(c>=rc_fast_min) {= c=0 =}; urgent I_1() }
}

process SLOW_SLOW() {
invariant(c<=rc_slow_max)
alt { :: when(c>=rc_slow_min-delay) done :: when(c>=rc_slow_min) {= c=0 =}; urgent I_1() }
}

process FAST_SLOW() {
invariant(c<=rc_slow_max)
when(c>=rc_slow_min-delay) done
}

process SLOW_FAST() {
invariant(c<=rc_slow_max)
when(c>=rc_slow_min-delay) done
}

invariant(c<=delay)
alt {
  :: urgent palt { :1: invariant(c<=delay) {= c=0 =}; urgent palt { :1: FAST_FAST() :1: FAST_SLOW() }
                   :1: invariant(c<=delay) {= c=0 =}; urgent palt { :1: SLOW_FAST() :1: SLOW_SLOW() }
     }
  :: urgent palt { :1: invariant(c<=delay) {= c=0 =}; urgent palt { :1: FAST_FAST() :1: SLOW_FAST() }
                   :1: invariant(c<=delay) {= c=0 =}; urgent palt { :1: FAST_SLOW() :1: SLOW_SLOW() }
     }
}
}

I_1()
