1 |
b8dc00eb
|
bourbouh
|
|
2 |
|
|
node PosEdge (X: bool) returns (Y: bool);
|
3 |
|
|
let
|
4 |
|
|
Y = false -> X or not pre(X);
|
5 |
|
|
tel
|
6 |
|
|
node Edge (X: bool) returns (Y: bool);
|
7 |
|
|
let
|
8 |
|
|
Y = false -> (X and not pre(X) or not X and pre(X));
|
9 |
|
|
tel
|
10 |
|
|
node AtLeastOnceSince(X, Y: bool) returns (XsinceY: bool);
|
11 |
|
|
let
|
12 |
|
|
XsinceY = if Y then X else (true -> X or pre(XsinceY));
|
13 |
|
|
tel
|
14 |
|
|
node MoreThanOneSec(X: bool) returns (Y: bool);
|
15 |
|
|
let
|
16 |
|
|
Y = false -> pre(X) and X;
|
17 |
|
|
tel
|
18 |
|
|
node MoreThanTwoSec(X: bool) returns (Y: bool);
|
19 |
|
|
let
|
20 |
|
|
Y = false -> pre(false -> pre(X) and X) and X;
|
21 |
|
|
tel
|
22 |
|
|
node one_button (ccseti, ccsetd, ccr: bool) returns (ob: bool);
|
23 |
|
|
let
|
24 |
|
|
ob = ccseti and not ccsetd and not ccr or
|
25 |
|
|
not ccseti and ccsetd and not ccr or
|
26 |
|
|
not ccseti and not ccsetd and ccr;
|
27 |
|
|
tel
|
28 |
|
|
node prev_no_button (ccseti, ccsetd, ccr: bool)
|
29 |
|
|
returns (pnb: bool);
|
30 |
|
|
let
|
31 |
|
|
pnb = true -> pre(not ccseti and not ccsetd and not ccr);
|
32 |
|
|
tel
|
33 |
|
|
node one_button_accept (ccseti, ccsetd, ccr, ccont, cca: bool)
|
34 |
|
|
returns (oba: bool);
|
35 |
|
|
var
|
36 |
|
|
ob, pnb: bool;
|
37 |
|
|
let
|
38 |
|
|
pnb = prev_no_button(ccseti, ccsetd, ccr);
|
39 |
|
|
ob = one_button(ccseti, ccsetd, ccr);
|
40 |
|
|
oba = if pnb and ob then
|
41 |
|
|
if not ccr then true
|
42 |
|
|
else AtLeastOnceSince(cca, PosEdge(ccont))
|
43 |
|
|
else false;
|
44 |
|
|
tel
|
45 |
|
|
node cc_allowed (ccont, igsw, bpa, cccanc, battok, gearok,
|
46 |
|
|
qfok, sdok, accok: bool; vs: int)
|
47 |
|
|
returns (ccall: bool);
|
48 |
|
|
let
|
49 |
|
|
ccall = ccont and not bpa and battok and gearok and
|
50 |
|
|
qfok and MoreThanOneSec(sdok) and 35 <= vs and
|
51 |
|
|
vs <= 200 and MoreThanTwoSec(accok) and not cccanc;
|
52 |
|
|
tel
|
53 |
|
|
node main (igsw, ccd, cconoff, bpa, cccanc, battok, gearok,
|
54 |
|
|
qfok, sdok, accok, ccseti, ccsetd, ccr: bool; vs: int)
|
55 |
|
|
returns (ccont, cca: bool);
|
56 |
|
|
var
|
57 |
|
|
ccall: bool;
|
58 |
|
|
let
|
59 |
|
|
ccont = false -> if Edge(igsw) or ccd or
|
60 |
|
|
pre(ccont) and PosEdge(cconoff) then false
|
61 |
|
|
else if pre(not ccont) and
|
62 |
|
|
PosEdge(cconoff) then true
|
63 |
|
|
else pre(ccont);
|
64 |
|
|
ccall = cc_allowed(ccont, igsw, bpa, cccanc, battok,
|
65 |
|
|
gearok, qfok, sdok, accok, vs);
|
66 |
|
|
cca = false ->
|
67 |
|
|
if one_button_accept(ccseti, ccsetd, ccr, ccont,
|
68 |
|
|
pre(cca))
|
69 |
|
|
and ccall then true else if not ccall then false
|
70 |
|
|
else pre(cca);
|
71 |
|
|
tel
|
72 |
|
|
node top (igsw, ccd, cconoff, bpa, cccanc, battok, gearok,
|
73 |
|
|
qfok, sdok, accok, ccseti, ccsetd, ccr: bool; vs: int)
|
74 |
|
|
returns (OK : bool);
|
75 |
2d37a1e1
|
ploc
|
--@ contract guarantees OK;
|
76 |
b8dc00eb
|
bourbouh
|
var
|
77 |
|
|
ccont, cca: bool;
|
78 |
|
|
env : bool;
|
79 |
|
|
let
|
80 |
|
|
(ccont, cca) = main(igsw, ccd, cconoff, bpa, cccanc, battok,
|
81 |
|
|
gearok, qfok, sdok, accok, ccseti, ccsetd,
|
82 |
|
|
ccr, vs);
|
83 |
|
|
env = not igsw -> true;
|
84 |
|
|
OK = if PosEdge(cca) then PosEdge(ccseti) or
|
85 |
|
|
PosEdge(ccsetd) or PosEdge(ccr) else true;
|
86 |
|
|
--%MAIN;
|
87 |
|
|
--%PROPERTY OK=true;
|
88 |
|
|
tel
|