Project

General

Profile

Download (5.26 KB) Statistics
| Branch: | Tag: | Revision:
1
--Historically
2
node H(X:bool) returns (Y:bool);
3
let
4
    Y = X -> (X and (pre Y));
5
tel
6

    
7
--Y since inclusive X
8
node SI(X,Y: bool) returns (Z:bool);
9
let
10
Z = Y and (X or (false -> pre Z));
11
tel
12

    
13
--Y since X
14
node S(X,Y: bool) returns (Z:bool);
15
let
16
Z = X or (Y and (false -> pre Z));
17
tel
18

    
19
--Once
20
node O(X:bool) returns (Y:bool);
21
let
22
 Y = X or (false -> pre Y);
23
tel
24

    
25
node First( X : bool ) returns ( Y : bool );
26
let
27
  Y = X -> pre Y;
28
tel
29

    
30
--Timed Once: less than or equal to N
31
node OTlore(const N: int; X: bool; ) returns (Y: bool);
32
    var C:int;
33
let
34
    C = if X then 0
35
        else (-1 -> pre C + (if pre C <0 then 0 else 1));
36

    
37
    Y = First(X)
38
        ->
39
        (if pre C < 0  then false
40
         else C <= N
41
        );
42
tel
43

    
44
-- Timed Historically: less than or equal to N
45
node HTlore(const N: int; X: bool) returns (Y: bool);
46
let
47
  Y = not OTlore(N, not X);
48
tel
49

    
50
-- Timed Since: less than or equal to N
51
node STlore(const N: int; X: bool; Y: bool; )  returns (Z: bool);
52
let
53
  Z = S(X, Y) and OTlore(N, X);
54
tel
55

    
56
-- Timed Since Inclusive: less than or equal to N
57
node SITlore(const N: int; X: bool; Y: bool; )  returns (Z: bool);
58
let
59
  Z = SI(X,Y) and OTlore(N, X);
60
tel
61

    
62
(*@
63
contract FSMSpec(apfail:bool; limits:bool; standby:bool; supported:bool; ) returns (pullup: bool; );
64

    
65
--Block Path: fsm_12B
66

    
67
let
68

    
69
var FTP:bool = true -> false;
70

    
71
--guarantee "FSM001" S( (((limits and not standby and not apfail and supported) => (pullup)) and FTP), ((limits and not standby and not apfail and supported) => (pullup)) );
72
guarantee "FSM001V2" limits and not standby and not apfail and supported => pullup;
73

    
74
tel
75
*)
76

    
77

    
78
(*@ contract FSM_AutopilotSpec(apfail:bool; good:bool; prevState:real; standby:bool; supported:bool; ) returns (pullup:bool; state_1:real; );
79

    
80
--Block Path: fsm_12B/FiniteStateMachine/Manager
81

    
82
let
83
var FTP:bool = true -> false;
84

    
85

    
86

    
87
--valid
88
guarantee "FSM002" S( (((standby and prevState = 0.0) => (state_1 = 3.0)) and FTP), ((standby and prevState = 0.0) => (state_1 = 3.0)) );
89

    
90

    
91
--guarantee "FSM003" S( (((prevState = 0.0 and good and supported) => (state_1 = 1.0)) and FTP), ((prevState = 0.0 and good and supported) => (state_1 = 1.0)) );
92
--the reuirement is not correct as they didn't clearly mentionned the pilot is not in control (not standby).
93
-- the correct version should be 
94
-- "3.	The autopilot shall change states from TRANSITION to NOMINAL when the pilot is not in control and the system is supported and sensor data is good.
95
guarantee "FSM003V2" prevState = 0.0 and not standby and good and supported => state_1 = 1.0;
96

    
97

    
98
--guarantee "FSM008" S( (((prevState = 3.0 and not standby) => (state_1 = 0.0)) and FTP), ((prevState = 3.0 and not standby) => (state_1 = 0.0)) );
99
-- the requirement is not correct, they forgot to mention "a failure does not occur (not apfail)" 
100
guarantee "FSM008V2" prevState = 3.0 and not standby and not apfail => state_1 = 0.0;
101

    
102
--valid
103
guarantee "FSM009" S( (((prevState = 3.0 and apfail) => (state_1 = 2.0)) and FTP), ((prevState = 3.0 and apfail) => (state_1 = 2.0)) );
104

    
105

    
106
--valid
107
guarantee "FSM005" S( (((prevState = 1.0 and standby) => (state_1 = 3.0)) and FTP), ((prevState = 1.0 and standby) => (state_1 = 3.0)) );
108

    
109
--guarantee "FSM007" S( (((pullup and supported and good) => (state_1 = 0.0)) and FTP), ((pullup and supported and good) => (state_1 = 0.0)) );
110
-- the formalization is not correct. In the table in definition of pullup: "True when the autopilot is in the MANEUVER state"
111
-- the requirement is also not correct as it did not mentioned "not standby".
112
guarantee "FSM007V2" prevState = 2.0 and supported and good and not standby => (state_1 = 0.0) ;
113

    
114

    
115
--guarantee "FSM004" S( (((not good and prevState = 1.0) => (state_1 = 2.0)) and FTP), ((not good and prevState = 1.0) => (state_1 = 2.0)) );
116
-- the requirement is also not correct as it did not mentioned "not standby".
117
guarantee "FSM004V2" not good and prevState = 1.0 and not standby => state_1 = 2.0;
118

    
119
--valid
120
guarantee "FSM006" S( (((prevState = 2.0 and standby and good) => (state_1 = 3.0)) and FTP), ((prevState = 2.0 and standby and good) => (state_1 = 3.0)) );
121

    
122

    
123

    
124

    
125

    
126
tel
127
*)
128

    
129
(*@contract FSM_SensorSpec(MODE:bool; limits:bool; prevSensState:real; request:bool; ) returns (sensState: real; );
130

    
131
--Block Path: fsm_12B/FiniteStateMachine/Sen
132

    
133
let
134
var FTP:bool = true -> false;
135

    
136

    
137
--guarantee "FSM011" S( (((prevSensState = 0.0 and not request) => (sensState = 1.0)) and FTP), ((prevSensState = 0.0 and not request) => (sensState = 1.0)) );
138
-- This requirement is not correct as they did not mention "when limits are not exceeded" which is implicitly implicated from  "FSM010" requirement. 
139
-- To rewrtie it: "11.	The sensor shall change states from NOMINAL to TRANSITION when the autopilot is not requesting support and limits are not exceeded."
140
guarantee "FSM011V2" (prevSensState = 0.0 and not request and not limits) => (sensState = 1.0);
141

    
142

    
143
--valid
144
guarantee "FSM012" S( (((prevSensState = 2.0 and not request and not limits) => (sensState = 1.0)) and FTP), ((prevSensState = 2.0 and not request and not limits) => (sensState = 1.0)) );
145

    
146

    
147
--valid
148
guarantee "FSM010" S( (((prevSensState = 0.0 and limits) => (sensState = 2.0)) and FTP), ((prevSensState = 0.0 and limits) => (sensState = 2.0)) );
149

    
150

    
151
--valid
152
guarantee "FSM013" S( (((prevSensState = 1.0 and request and MODE) => (sensState = 0.0)) and FTP), ((prevSensState = 1.0 and request and MODE) => (sensState = 0.0)) );
153

    
154

    
155
tel
156
*)
(4-4/14)