Language Definition for the Mucke 0.2 Modelchecker
( Fri May 10 12:09:36 GMT 1996 )

Type System

In general the syntax is similiar to C++ (or IDL) without any access specifiers (public, private or protected) and without inheritance. There is no `typedef' directive. But in addition there is a range type like in Ada.

Basic Types
Enumeration Types
Range Types
Compound Types
Example

Basic Types

The only basic type that is currently implemented is the type `bool'. It consists of the two constants `true' and `false'. It also can be seen as a predefined enum type with the definition:

  enum bool { false, true };

This means you can use `0' and `1' instead of `true' or respectfully `false' too.

Enumeration Types

Enumeration Types are defined with the following syntax:

  'enum' <IDENT> '{'  ( <IDENT> ',' )* <IDENT> '};'

An example of an enum type is the pseudo definition of the `bool' type. Enumeration Types can be used like Range Types. This means if you have a variable e of type E which is the following Enumeration Type

  enum E { one, two, three, four, five };

then the predicates e=four and e=3 are equivalent. E can be seen as a Range Type R

  enum R { 0..4 };

This means the first value (actually `first' in our example) can also be accessed as the number 0 and the last value of an Enumeration Type E can be accessed as

|

E|-1

For details about the encoding of Enumeration Types see the section about Range Types.

Range Types

Range Types are a (finite) interval of the Natural Numbers including zero. The syntax of the definition of a Range Type is similiar to that of an enum type:

  'enum' <IDENT> '{' <NUMBER> '..' <NUMBER> '};'

The two numbers represent the borders of the closed interval. That means that the first number (

min

) should be less than the second (

max

) and greater or equal to zero. The elements of the type are the numbers

min, min + 1, ... , max

When the boolean representation is used then a range type of size $n = max - min + 1$ will use $ld(n)$ bits to encode a variable of that type. A Number $n$ is represented as the standard boolean encoding of $n - min$ . The order of the bits is that the most significant bit comes first (this is interesting if the boolean representation has to order variables f.e. if it uses BDD libraries).

Arrays

Arrays of a fixed size are supported. The general syntax of a definition of an array is

  <IDENT> '[' <NUMBER> ']'

Because we have no `typedef' Arrays can only be defined at three places:

as part of a Compound Type
as type of a predicate paramater
as type of variable bound by a quantifier

Array elements can be accessed with the standard syntax and as this syntax is similiar to C++ the valid indices start at 0. If a has been declared as T a[3] then exactly the following terms are valid

  a[0]   a[1]   a[2]

As a future extension (Tue May 7 09:30:22 GMT 1996) we plan to allow the usage of an arbitrary Enumeration or Range Type in the definition of an array. This will enable the user to use variable indices for arrays.

Compound Types

Compound Types can be used to denote the cartesian product of already defined types (no recursion here):

  'class' <IDENT> '{' <COMPOUNDS> '};'

  <COMPOUNDS> ::= ( <COMPOUND> ';' )* <COMPOUND>

  <COMPOUND> ::= <IDENT> ( <CMPPAR> ',' )* <CMPPAR>
  <CMPPAR> ::= <IDENT> ( '[' <NUMBER> ']' )?

If T is an arbitrary already defined type then the definition

  class A { T a; bool b[4], c; T d; };

ist equivalent to the definition

  class A { T a; bool b[4]; bool c; T d; };

and defines a type with four components accessed by the symbols a, b, c and d. If x is defined as A x then the following terms are all valid

  x.a   x.b  x.b[3]   x.c   x.d

Example

the following mucke code will define the basic types used in the verification of the simple alternating bit telecomunication protocol.

We use an enum type to represent the valid values of the control part of the sender state:

  enum ControlStateOfSender {
    send, wait_for_ack
  };

The sender has to store the data, in case it has to be retransmitted:

  enum Data { 0..3 }; 		// two bit data

The alternating bit is of type `bool' so that the type for the state of the sender looks like:

  class StateOfSender {
    bool alternating_bit;
    Data data;
    ControlStateOfSender state;
  };

We could have defined Data also as

  class Data { bool bits[2]; };

and with the declaration StateOfSender s the following terms are valid

  s.state=send   s.data.bits[0]

Also we could define

  class TwoSenderState { StateOfSender states[2]; };

and use

  t.states[1].alternating_bit

to access the alternating bit of the state of the second sender with the declaration TwoSenderState t.

Last Change

Armin Biere
ILKD
Universität Karlsruhe
D-76128 Karlsruhe
Email: armin@ira.uka.de