Solution Idea

Introduce variable counter and maintain invariant:

      InitC,R(pc, counter ...)
      always ActionC,R(pc, counter, ...)
   always InvariantC,R(pc, counter, ...)
Stronger specification.

Chosen appropriately, invariant implies safety property:

InvariantC,R(pc, counter, ...) :<=>
      counter >= 0
      R =
         counter +
         number i in [1,C]: pci = resource
Counter is non-negative.
Counter complements number of processes operating on resource.

Must check whether clients maintains invariant.

Author: Wolfgang Schreiner
Last Modification: April 22, 1999

