CSC 2108 : Automated Verification
Assignment 3
Due: November 22, classtime
You are to specify and verify the behavior of a 2-floor elevator system
(Part 1 of Assignment 1)
using the Concurrency Workbench (CW). You should create a CCS specification that
describes the behavior of the system in terms of two parallel agents. One
agent accepts requests from the environment and forwards them to the second
agent. The second agent services requests (i.e., moves the elevator
up and down, opens and closes doors, etc.). Below is the requirements
specification of the system.
- Input
- There are two inputs to the system. One input is a request
for the elevator to ``go'' to floor 1 and open (and close) its doors. The
second input is a request for the elevator to ``go'' to floor 2 and open
(and close) its doors. You may assume that the environment contains an input
interface that transforms user requests (i.e., button presses) into single
requests (i.e., latched requests) that are input to the system.
- Output
- The output of the system should be the observable actions of the
elevator. At the least, the set visible actions should indicate that the elevator
does indeed move up and down and that the elevator opens and closes its doors.
- Required Behavior (1)
- Use the CW model checker to prove the properties
of the elevator controller, e.g. that all requests
received from the environment are eventually serviced, that the elevator
does not move when its doors are open, etc.
Use properties of Assignment 1. You may want to use macros,
available on CDF at /local/share/cwb/examples/ccs/tl.macros.cwb.
- Required Behavior (2)
- Create a CCS specification that describes the
set of action-sequences you expect your elevator system to perform; this
specification should only consist of one agent. Use the CW to verify that your
elevator specification and this specification of action-sequences are
observationally equivalent.
Presentation
Please turn in your models, properties you were able to verify,
sequences of required behavior and results of all verification.
You may want to use Unix command script to capture output of
CWB during the interactive session. Make sure that your models
are adequately commented and contain names of members of your group.
Also, make sure that you insert English comments explaining the meaning
of your properties. Finally, answer the following questions:
- How does CWB rate in comparison with SMV and SPIN? Is the language
more or less intuitive than that of SMV and SPIN?
- Is verification faster?
- Did you find Mu-Calculus more expressive in the case of the simple
elevator controller than CTL and/or LTL? If so, give the property and explain
what problems you would encounter with CTL and LTL, trying to express it.
- Include other comments rating your experience with CWB. What, in
your opinion, CWB is BAD for?
Please send me a copy of your CWB model and properties.