/* Elevator template model for Assignment 2 of 2IX20 - Software Specification.

1. /*
2. Elevator template model for Assignment 2 of 2IX20 - Software Specification.
3. Set up for one elevator and two floors.
4. */
5.  
6. // LTL formulas to be verified
7. //ltl p1 { []<> (floor_request_made[1]==true) } /* this property does not hold, as a request for floor 1 can be indefinitely postponed. */
8. //ltl p2 { []<> (cabin_door_is_open==true) } /* this property should hold, but does not yet; at any moment during an execution, the opening of the cabin door will happen at some later point. */
9.  
10. // the number of floors
11. #define N 2
12.  
13. // IDs of req_button processes
14. #define reqid _pid-4
15.  
16. // type for direction of elevator
17. mtype { down, up, none };
18.  
19. // asynchronous channel to handle passenger requests
20. chan request = [N] of { byte };
21. // status of requests per floor
22. bool floor_request_made[N];
23.  
24. // status of floor doors of the shaft of the single elevator
25. bool floor_door_is_open[N];
26.  
27. // status and synchronous channels for elevator cabin and engine
28. byte current_floor;
29. bool cabin_door_is_open;
30. chan update_cabin_door = [0] of { bool };
31. chan cabin_door_updated = [0] of { bool };
32. chan move = [0] of { bool };
33. chan floor_reached = [0] of { bool };
34.  
35. // synchronous channels for communication between request handler and main control
36. chan go = [0] of { byte };
37. chan served = [0] of { bool };
38.  
39. // cabin door process
40. active proctype cabin_door() {
41. do
42. :: update_cabin_door?true -> floor_door_is_open[current_floor] = true; cabin_door_is_open = true; cabin_door_updated!true;
43. :: update_cabin_door?false -> cabin_door_is_open = false; floor_door_is_open[current_floor] = false; cabin_door_updated!false;
44. od;
45. }
46.  
47. // process combining the elevator engine and sensors
48. active proctype elevator_engine() {
49. do
50. :: move?true ->
51. do
52. :: move?false -> break;
53. :: floor_reached!true;
54. od;
55. od;
56. }
57.  
58. // DUMMY main control process. Remodel it to control the doors and the engine!
59. active proctype main_control() {
60. byte dest;
61. do
62. :: go?dest ->
63. move!true;
64. do
65. :: floor_reached?true ->
66. move!false;
67. break;
68. od;
69. current_floor = dest;
70.  
71. // an example assertion.
72. assert(0 <= current_floor && current_floor < N);
73.  
74. update_cabin_door!true; // open the cabin door
75. do
76. :: cabin_door_updated?true ->
77. update_cabin_door!false; // close the cabin door
78. :: cabin_door_updated?false ->
79. floor_request_made[dest] = false;
80. served!true;
81. break;
82. od;
83. od;
84. }
85.  
86. // request handler process. Remodel this process to serve M elevators!
87. active proctype req_handler() {
88. byte dest;
89. do
90. :: request?dest -> go!dest; served?true;
91. od;
92. }
93.  
94. // request button associated to a floor i to request an elevator
95. active [N] proctype req_button() {
96. do
97. :: !floor_request_made[reqid] ->
98. atomic {
99. request!reqid;
100. floor_request_made[reqid] = true;
101. }
102. od;
103. }