CSC 2108F : Automated Verification

Assignment 2

Due: Friday November 19, classtime

This assignment consists of three parts:

Part 1.  LTL properties of Assignment 1 controller.

Rewrite the following properties in LTL:

Note that the above list may be incomplete. If you can think of other properties vital to the correct behavior of the controller,  please add them to this list.

You may want to use nuSMV to check these properties on your model.


Part 2. Controlling Elevators.

You are to specify and verify the behavior of a controller for an elevator system for an appartment building. The system consists of two elevators that service 4 floors of the building. Each floor has a request button that a user presses to get the elevator to come to that floor and open its doors. Inside the elevator, there is one request button for each of the 4 floors; passengers press these buttons to get the elevator to go to a particular floor and open its doors. Each elevator takes one "time unit" to go between floors n and n-1. If there are no requests to service, each elevator stays at a floor with its doors open. As passengers press buttons, the controller schedules elevators to service the requests, trying to minimize the waiting time. If a button is pressed on a floor (as opposed to inside the elevator), only one elevator will be scheduled to service it. Each elevator has a "passenger present" detector and a "door open" button. When someone steps into the elevator, the doors should close and remain closed unless the "door open" button is pressed. However, a user should not be able to keep the doors open indefinitely if the elevator has other requests to service. As passengers leave the elevator, the "passenger present" detector is reset.

You will specify the behavior of your elevator system using Promela. Make sure you model the environment correctly. The following properties need to be re-written as LTL formulae and/or using Promela's assert statements:

Note that some of the properties can only be expressed in LTL. Identify which ones.

Think of and add at least two more LTL properties (not equivalent to the ones presented above) that are vital to the correct operation of your elevator system.

Using the SPIN model checker, verify that your specification satisfies all of these properties.


Part III. General questions.

Please answer the following questions:

Presentation You may work by yourself or in groups of 2. Warning: It will take you much longer to complete the assignment if you work on your own.

E-mail me a copy of your group's Promela specification, including all of the LTL formulae and asserts you were able to verify. Bring to class (to hand in) one hardcopy of your group's Promela specification. Please indicate on your assignment the members of your group, the account in which your group's assignment resides, and the name of the file(s) containing your assignment.

I would like to have some group present their specification of the elevators on November 15. If you are interested in presenting, please let me know.

People who are not taking the course for credit are still required to participate in the assignment. The goal of this course is to gain practical experience with specification and verification tools, and you can achieve this goal only by doing the assignments.

Finally, if you discover any typos or other problems with the assignment, please bring them to my attention.

Final note:  If you are having problems with the assignment, PLEASE SEE ME!



chechik@cs.toronto.edu