VAR

  a[16] b[16] c[16]

ASSIGN

  init(b) := 
    case 
      oracle_b : 7;
      1 : 5;
    esac;
  
  next(b) := b;

  init(c) := 
    case 
      oracle_c : 4;
      1 : 3;
    esac;

  next(c) := c;

  init(a) := 0;

  next(a) := add(b,c);

-- SPEC AG a != 11
-- SPEC AG a != 10
SPEC AG a != 8
-- SPEC AG a != 9

-- with the following SPEC you can test if addition is really deterministic
-- SPEC AG(a = 0 | a = 11 | a = 10 | a = 8 | a = 9)
