/*
A toy phone example from our POPL paper
*/


[Ph, Num]

Switch = [
   Called: Ph <-> Num
   const Net: Num -> Ph
   Conns: Ph <-> Ph
|
   Conns = Called ; Net
]

Join  (p: Ph; n: Num) =  [
   Switch
| 
   p  in  dom (Called)
   not (n in ran Called)
/* a fix:
   ran ({n} <: Net) & ran Conns = {}
*/
   Called' = Called U {p -> n}
]

invB =  [Switch | dom Conns & ran Conns  = {}]
invC = [Switch | fun (Conns~)]

InvB_preserved (p: Ph; n: Num)  :: (Join(p,n) and invB) =>invB'
InvC_preserved (p: Ph; n: Num)  :: (Join(p,n) and invC) =>invC'