NUM_CLIENTS = 2
NUM_DB_STATES = 10
NUM_CLIENT_COUNTS = 10
CLIENTS = {0..NUM_CLIENTS-1}
TIMES = {0..NUM_DB_STATES-1}
COUNT = {0..NUM_CLIENT_COUNTS-1}

channel input:CLIENTS
channel save:CLIENTS
channel render:CLIENTS.TIMES.COUNT
channel up:CLIENTS.TIMES.COUNT
channel down:CLIENTS.TIMES.COUNT.TIMES
channel bufdown:CLIENTS.TIMES.COUNT.TIMES
channel saved:CLIENTS.TIMES
channel bufsaved:CLIENTS.TIMES

next_t(t) = (t + 1) % NUM_DB_STATES
next_count(count) = (count + 1) % NUM_CLIENT_COUNTS

CLIENT(i, t, count) = 
   input!i
   -> render!i!t!next_count(count)
   -> up!i!t!next_count(count)
   -> CLIENT'(i, t, next_count(count))
[] CLIENT'(i, t, count)

CLIENT'(i, t, count) = bufdown!i?client_t?client_count?server_t
   -> if t == client_t and count == client_count -- No changes on our side since
     then 
       render!i!server_t!0
       -> CLIENT(i, server_t, 0) -- We are now in sync with server at time server_t
     else  -- We had changes since so we are out of sync
       render!i!server_t!1
       -> up!i!server_t!1
       -> CLIENT(i, server_t, 1)

DOWNBUF(i) = down!i?client_t?client_count?server_t -> DOWNBUF'(i, client_t, client_count, server_t)
DOWNBUF'(i, client_t, client_count, server_t) = 
  down!i?client_t'?client_count'?server_t' -> DOWNBUF'(i, client_t', client_count', server_t')
  [] bufdown!i!client_t!client_count!server_t -> DOWNBUF(i)

SERVER(i, client_t, count) = 
   up!i?server_t?client_count
   -> save!i
   -> saved!i?new_server_t
   -> down!i!server_t!client_count!new_server_t
   -> SERVER(i, new_server_t, 0)
[] bufsaved?j?new_server_t
   -> if new_server_t == client_t
      then SERVER(i, client_t, count)
      else down!i!client_t!count!new_server_t
        -> SERVER(i, new_server_t, 0)

SAVEDBUF(i) = saved?j?t -> SAVEDBUF'(i, j, t)
SAVEDBUF'(i, j, t) = saved?j'?new_t -> SAVEDBUF'(i, j', new_t)
   [] bufsaved!j!t -> SAVEDBUF(i)

DB(t) = save?i
   -> saved!i!next_t(t)
   -> DB(next_t(t))

CONN(i, t0) = (CLIENT(i, t0, 0) [|{| bufdown.i |}|] DOWNBUF(i)) [|{| up.i, down.i |}|] (SERVER(i, t0, 0) [|{| bufsaved |}|] SAVEDBUF(i))
SYSTEM = (CONN(0,0) [|{| save.0, saved |}|] DB(0)) [|{| save.1, saved |}|] CONN(1,0)

assert SYSTEM :[deadlock free [F]]
assert SYSTEM :[divergence-free]