CSC 2124 S : Automated Verification

Assignment 3

Due: Tues. March 20, classtime

You are to specify and verify two abstract data types for a 20 floor elevator. First, write axioms for the data types and run LSL to check them for consistency and generate proof obligations for LP. Then run LP to prove that your spec is correct.

Elevator Door Datatype

One data type specifies the behaviour of the elevator door. There are operations for creating an initial Door (which is closed), for changing the states of the Door (i.e., opening and closing the door), and for querying the current state of the Door. The syntax and informal semantics of the data type operations follow:

NewDoor: -> Door
/* creates a new, closed Door */
Open: Door -> Door
/* opens the door */
Close: Door -> Door
/* closes the door */
NOP: Door -> Door
/* no operation - the door stays in the same state */
IsOpen: Door -> Boolean
/* true if the door is currently open */

Elevator Datatype

The second abstract data type defines the behaviour of the elevator Car. There are operations for creating an initial elevator Car (which resides on the first floor), for changing the states of the Car (i.e., moving up and down the elevator shaft), and for querying the current state of the Car. The elevator cannot move below the first floor and cannot move above the 20th floor. The syntax and informal semantics of the data type operations follow:

NewElev: -> Elev
/* creates a new elevator car (on its own elevator shaft) on the first floor */
MoveUp: Elev -> Elev
/* moves the elevator up a floor */
MoveDown: Elev -> Elev
/* moves the elevator down a floor */
ExpressUp: Elev -> Elev
/* moves the elevator directly to the top floor */
ExpressDown: Elev -> Elev
/* moves the elevator directly to the bottom floor */
NOP: Elev -> Elev
/* no operation - the elevator stays on the same floor */
Floor: Elev -> Natural
/* returns the elevator's current floor */

You are to write axioms for the above abstract data types. You may use existing Larch specifications for Boolean and Natural number data types. You are to use the Larch Prover to verify the following properties

1. IsOpen(NOP(Open(d))) == true
2. IsOpen(NOP(Close(d))) == false
3. Close(d) == NewDoor
4. Floor(MoveUp(e)) == (20 | (Floor(e) + 1))
5. Floor(MoveDown(e)) == (0 | (Floor(e) - 1))
6. Floor(ExpressUp(e)) == 20
7. Floor(ExpressDown(e)) == 1
8. (1 <= Floor(e)) & (Floor(e) <= 20)

where d is an arbitrary Door and e is an arbitrary Elevator.

Presentation

You may work in groups of 1, 2, or 3, though the optimal group size is 2. You must complete the project before class time on March 20 because we will discuss the assignment in class. Bring to class (to hand in) one hardcopy of your group's Larch specifications and verifications. Please indicate on your assignment the members of your group.

If you are interested in presenting your specification, please let me know. Everyone who is registered for this course has to present at least one assignment. If you are registered but have not presented anything yet, this is your chance. Even if you have presented one of your previous assignments, I would still like to hear from you. I am looking for two presenters, one for the Door Datatype (with verification of its properties), the other for the Elevator Datatype (with verification of its properties).