CSC 2108: Automated Verification

Assignment 4

Due: Wednesday, December 15, classtime

You are to specify and verify two abstract data types for a 20 floor elevator. First, write axioms for the data types and run LSL to check them for consistency and generate proof obligations for LP. Then run LP to prove that your spec is correct.   Use "Ups and Downs of Formal Methods" to help you with your model.  The exercise is mostly to use LP to verify simple systems.


Elevator Door Datatype

One data type specifies the behaviour of the elevator door. There are operations for creating an initial Door (which is closed), for changing the states of the Door (i.e., opening and closing the door), and for querying the current state of the Door. The syntax and informal semantics of the data type operations follow:

NewDoor: -> Door
/* creates a new, closed Door */
Open: Door -> Door
/* opens the door */
Close: Door -> Door
/* closes the door */
NOP: Door -> Door
/* no operation - the door stays in the same state */
IsOpen: Door -> Boolean
/* true if the door is currently open */


Elevator Datatype

The second abstract data type defines the behaviour of the elevator Car. There are operations for creating an initial elevator Car (which resides on the first floor), for changing the states of the Car (i.e., moving up and down the elevator shaft), and for querying the current state of the Car. The elevator cannot move below the first floor and cannot move above the 20th floor. The syntax and informal semantics of the data type operations follow:

NewElev: -> Elev
/* creates a new elevator car (on its own elevator shaft) on the first floor */
MoveUp: Elev -> Elev
/* moves the elevator up a floor */
MoveDown: Elev -> Elev
/* moves the elevator down a floor */
ExpressUp: Elev -> Elev
/* moves the elevator directly to the top floor */
ExpressDown: Elev -> Elev
/* moves the elevator directly to the bottom floor */
NOP: Elev -> Elev
/* no operation - the elevator stays on the same floor */
Floor: Elev -> Natural
/* returns the elevator's current floor */

You are to write axioms for the above abstract data types. You may use existing Larch specifications for Boolean and Natural number data types. You are to use the Larch Prover to verify the following properties:

where d is an arbitrary Door and e is an arbitrary Elevator.  In addition, define and prove two more properties of your elevator.


Additional questions


Presentation

You may work by yourself or in groups of 2. Warning: It will take you much longer to complete the assignment if you work on your own.  E-mail me a copy of your group's Larch specification and structure of the proofs you conducted.  Bring to class (to hand in) one hardcopy of your group's Larch specification and verification.  Please also include a session with the theorem-prover. I would like to have some group present their specification of the elevators on December 15. If you are interested in presenting, please let me know.   I am looking for two presenters, one for the Door datatype (with verification of its properties), the other for the Elevator datatype (with verification of its properties).

People who are not taking the course for credit are still required to participate in the assignment. The goal of this course is to gain practical experience with specification and verification tools, and you can achieve this goal only by doing the assignments.

If you discover any typos or other problems with the assignment, please bring them to my attention.

Final note:  If you are having problems with the assignment, PLEASE SEE ME!


Marsha Chechik