-
Notifications
You must be signed in to change notification settings - Fork 4
/
cruise.pml
88 lines (75 loc) · 2.35 KB
/
cruise.pml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
/*
* SPIN model inspired by the Cruise control state machine used in UC Berkeley
* EECS 149/249 (Fall 2014) midterm 1.
* The model sets a simple state machine, a non-deterministic environment and
* a set of 4 LTL properties are verified.
*
* Author: Antonio Iannopollo
*/
//definition of input values
mtype = {ENABLE, SET, CANCEL, BRAKE, RESUME, DISABLE};
//state definition
mtype = {OFF, STANDBY, CRUISE, HOLD};
//state machine variables
mtype state = OFF;
byte count = 0;
mtype x = SET;
//communication channel
chan input = [0] of {mtype};
/*
* Non-deterministic environment
*/
active proctype Environment() {
do
::if
:: input ! ENABLE;
:: input ! SET;
:: input ! CANCEL;
:: input ! BRAKE;
:: input ! RESUME;
:: input ! DISABLE;
fi;
//or equivalently
//select(x : DISABLE .. ENABLE);
od;
}
/*
* Cruise control state machine
*/
active proctype Cruise() {
do
:: atomic { input ? x ->
if
:: (state == OFF) && (x == ENABLE) ->
count = 0; state = STANDBY;
:: (state == STANDBY) && (x == DISABLE) ->
state = OFF;
:: (state == STANDBY) && (x == SET) ->
state = CRUISE;
:: (state == CRUISE) && (x == DISABLE) ->
state = OFF;
:: (state == CRUISE) && (x == CANCEL) ->
state = STANDBY;
:: (state == CRUISE) && (x == BRAKE) ->
state = HOLD;
:: (state == HOLD) && (x == RESUME) ->
state = CRUISE;
:: (state == HOLD) && (x == DISABLE) ->
state = OFF;
:: (state == HOLD) && ((count == 2) || (x == CANCEL)) ->
count = 0; state = STANDBY
:: (state == HOLD) && ! ((x == RESUME) || \
(x == DISABLE) || ((count == 2) || (x == CANCEL)) ) ->
count = count + 1;
:: else -> skip;
fi;
}
od;
}
/*
* LTL properties
*/
ltl p1 { (x == ENABLE) -> <> (state == OFF) }
ltl p2 { []((x == DISABLE) -> <>(state == OFF)) }
ltl p3 { [](count == 0) -> <>(state == OFF)}
ltl p4 { []( (state == HOLD) -> ((x != DISABLE) && (x != RESUME) )) -> <>(state == STANDBY) }