Project

General

Profile

Download (3.29 KB) Statistics
| Branch: | Tag: | Revision:
1
-------------------------
2
-- Auxiliary operators --
3
-------------------------
4
node Even (N: int) returns (B: bool) ;
5
let
6
  B = (N mod 2 = 0) ; 
7
tel
8

    
9
node ToInt (X: bool) returns (N: int) ;
10
let
11
  N = if X then 1 else 0 ;
12
tel
13

    
14
node Count (X: bool) returns (N: int) ;
15
let
16
  N = ToInt(X) -> ToInt(X) + pre N ;  
17
tel
18

    
19
node Sofar ( X : bool ) returns ( Y : bool ) ;
20
let
21
 Y = X -> (X and (pre Y)) ;
22
tel
23

    
24
node Since ( X, Y : bool ) returns ( Z : bool ) ;
25
let
26
  Z =  X or (Y and (false -> pre Z)) ;
27
tel
28

    
29

    
30
node SinceIncl ( X, Y : bool ) returns ( Z : bool ) ;
31
let
32
  Z =  Y and (X or (false -> pre Z)) ;
33
tel
34

    
35
node Increased (N: int) returns (B: bool) ;
36
let
37
  B = true -> N > pre N ;
38
tel
39

    
40
node Stable (N: int) returns (B: bool) ;
41
let
42
  B = true -> N = pre N ;
43
tel
44

    
45
-------------------------------
46
-- Stopwatch high-level spec --
47
-------------------------------
48

    
49

    
50
(*@
51
contract stopwatchSpec ( toggle, reset : bool ) returns ( time : int ) ;
52
let
53
  -- the watch is activated initially if the toggle button is pressed
54
  -- afterwards, it is activated iff 
55
  --   it was activated before and the toggle button is unpressed or
56
  --   it was not activated before and the toggle button is pressed 
57
  var on: bool = toggle ->    (pre on and not toggle) 
58
                           or (not pre on and toggle) ;
59
  
60
  -- we can assume that the two buttons are never pressed together
61
  assume not (toggle and reset) ; 
62
  
63
  -- the elapsed time starts at 1 or 0 depending 
64
  -- on whether the watch is activated or not
65
  guarantee (on => time = 1) -> true ;
66
  guarantee (not on => time = 0) -> true ;
67
  -- the elapsed time is always non-negative
68
  guarantee time >= 0 ;
69
  
70
  -- if there is no reset now and there was an even number of counts since the last reset
71
  -- then the current elapsed time is the same as the previous one
72
  guarantee not reset and Since(reset, Even(Count(toggle))) 
73
            => Stable(time) ;
74
  -- if there is no reset now and there was an odd number of counts since the last reset
75
  -- then the current elapsed time is greater than previous one
76
  guarantee not reset and Since(reset, not Even(Count(toggle))) 
77
            => Increased(time) ;
78

    
79

    
80
--  guarantee true -> not Even(Count(toggle)) and Count(reset) = 0 => time > pre time ;
81

    
82
  
83
  -- the watch is in resetting mode if the reset button is pressed
84
  -- while in that mode, the elapsed time is 0
85
  mode resetting ( 
86
    require reset ; 
87
    ensure time = 0 ; 
88
  ) ;
89

    
90
  -- the watch is in running mode if is activated and 
91
  -- the reset button is unpressed.
92
  -- while in that mode, the elapsed time increases by 1
93
  mode running ( 
94
    require on ; 
95
    require not reset ; 
96
    ensure true -> time = pre time + 1 ; 
97
  ) ;
98

    
99
  -- the watch is in stopped mode if is not activated and 
100
  -- the reset button is unpressed
101
  -- while in that mode, the elapsed time remains the same
102
  mode stopped ( 
103
    require not reset ; 
104
    require not on ; 
105
    ensure true -> time = pre time ; 
106
  ) ;
107
tel
108
*)
109

    
110
------------------------------
111
-- Stopwatch low-level spec --
112
------------------------------
113

    
114
node stopwatch ( toggle, reset : bool ) returns ( count : int );
115
(*@contract import stopwatchSpec(toggle, reset ) returns (count) ; *)
116
  var running : bool;
117
let
118
  running = (false -> pre running) <> toggle ;
119
  count =
120
    if reset then 0
121
    else if running then 1 -> pre count + 1
122
    else 0 -> pre count ;
123
tel
124

    
125

    
126

    
127

    
128

    
(5-5/14)