b8dc00eb | bourbouh
2 | node PosEdge (X: bool) returns (Y: bool); |
3 | let |
4 | Y = false -> X or not pre(X); |
5 | tel |
6 | node Edge (X: bool) returns (Y: bool); |
7 | let |
8 | Y = false -> (X or not pre(X) or not X and pre(X)); |
9 | tel |
10 | node AtLeastOnceSince(X, Y: bool) returns (XsinceY: bool); |
11 | let |
12 | XsinceY = if Y then X else (true -> X or pre(XsinceY)); |
13 | tel |
14 | node MoreThanOneSec(X: bool) returns (Y: bool); |
15 | let |
16 | Y = false -> pre(X) and X; |
17 | tel |
18 | node MoreThanTwoSec(X: bool) returns (Y: bool); |
19 | let |
20 | Y = false -> pre(false -> pre(X) and X) and X; |
21 | tel |
22 | node one_button (ccseti, ccsetd, ccr: bool) returns (ob: bool); |
23 | let |
24 | ob = ccseti and not ccsetd and not ccr or |
25 | not ccseti and ccsetd and not ccr or |
26 | not ccseti and not ccsetd and ccr; |
27 | tel |
28 | node prev_no_button (ccseti, ccsetd, ccr: bool) |
29 | returns (pnb: bool); |
30 | let |
31 | pnb = true -> pre(not ccseti and not ccsetd and not ccr); |
32 | tel |
33 | node one_button_accept (ccseti, ccsetd, ccr, ccont, cca: bool) |
34 | returns (oba: bool); |
35 | var |
36 | ob, pnb: bool; |
37 | let |
38 | pnb = prev_no_button(ccseti, ccsetd, ccr); |
39 | ob = one_button(ccseti, ccsetd, ccr); |
40 | oba = if pnb and ob then |
41 | if not ccr then true |
42 | else AtLeastOnceSince(cca, PosEdge(ccont)) |
43 | else false; |
44 | tel |
45 | node cc_allowed (ccont, igsw, bpa, cccanc, battok, gearok, |
46 | qfok, sdok, accok: bool; vs: int) |
47 | returns (ccall: bool); |
48 | let |
49 | ccall = ccont and not bpa and battok and gearok and |
50 | qfok and MoreThanOneSec(sdok) and 35 <= vs and |
51 | vs <= 200 and MoreThanTwoSec(accok) and not cccanc; |
52 | tel |
53 | node main (igsw, ccd, cconoff, bpa, cccanc, battok, gearok, |
54 | qfok, sdok, accok, ccseti, ccsetd, ccr: bool; vs: int) |
55 | returns (ccont, cca: bool); |
56 | var |
57 | ccall: bool; |
58 | let |
59 | ccont = false -> if Edge(igsw) or ccd or |
60 | pre(ccont) and PosEdge(cconoff) then false |
61 | else if pre(not ccont) and |
62 | PosEdge(cconoff) then true |
63 | else pre(ccont); |
64 | ccall = cc_allowed(ccont, igsw, bpa, cccanc, battok, |
65 | gearok, qfok, sdok, accok, vs); |
66 | cca = false -> |
67 | if one_button_accept(ccseti, ccsetd, ccr, ccont, |
68 | pre(cca)) |
69 | and ccall then true else if not ccall then false |
70 | else pre(cca); |
71 | tel |
72 | node top (igsw, ccd, cconoff, bpa, cccanc, battok, gearok, |
73 | qfok, sdok, accok, ccseti, ccsetd, ccr: bool; vs: int) |
74 | returns (OK: bool); |
--@ contract guarantees OK;

var

77 | p1, p2, p3, p4: bool; |
78 | ccont, cca: bool; |
79 | env : bool; |
80 | let |
81 | env = not igsw -> true; |
82 | p1 = if PosEdge(cca) then PosEdge(ccseti) or |
83 | PosEdge(ccsetd) or PosEdge(ccr) else true; |
84 | p2 = if not cc_allowed(ccont, igsw, bpa, cccanc, battok, |
85 | gearok, qfok, sdok, accok, vs) |
86 | then not cca |
87 | else true; |
88 | p3 = if PosEdge(ccont) then not Edge(igsw) and |
89 | not ccd and PosEdge(cconoff) else true; |
90 | p4 = if Edge(igsw) then not cca |
91 | else true; |
92 | (ccont, cca) = main(igsw, ccd, cconoff, bpa, cccanc, battok, |
93 | gearok, qfok, sdok, accok, ccseti, ccsetd, |
94 | ccr, vs); |
95 | --%MAIN; |
96 | OK = p1 and p2 and p3 and p4; |
97 | --%PROPERTY OK=true; |
98 | tel |