15 req :: nat set (*for each floor, whether the lift is requested*) |
17 req :: nat set (*for each floor, whether the lift is requested*) |
16 up :: bool (*current direction of movement*) |
18 up :: bool (*current direction of movement*) |
17 move :: bool (*whether moving takes precedence over opening*) |
19 move :: bool (*whether moving takes precedence over opening*) |
18 |
20 |
19 consts |
21 consts |
20 min, max :: nat (*least and greatest floors*) |
22 min, max :: nat (*least and greatest floors*) |
21 |
23 |
22 rules |
24 rules |
23 min_le_max "min <= max" |
25 min_le_max "min <= max" |
24 |
26 |
|
27 (** Linear arithmetic: justified by a separate call to arith_oracle_tac **) |
|
28 arith1 "m < fl ==> n - Suc fl < fl - m + (n - m)" |
|
29 arith2 "[| Suc fl < n; m < n |] ==> n - Suc fl < fl - m + (n - m)" |
|
30 |
25 |
31 |
26 constdefs |
32 constdefs |
27 |
33 |
28 (** Abbreviations: the "always" part **) |
34 (** Abbreviations: the "always" part **) |
29 |
35 |
50 |
56 |
51 moving :: state set |
57 moving :: state set |
52 "moving == {s. ~ stop s & ~ open s}" |
58 "moving == {s. ~ stop s & ~ open s}" |
53 |
59 |
54 stopped :: state set |
60 stopped :: state set |
55 "stopped == {s. stop s & ~ open s & move s}" |
61 "stopped == {s. stop s & ~ open s & ~ move s}" |
56 |
62 |
57 opened :: state set |
63 opened :: state set |
58 "opened == {s. stop s & open s & move s}" |
64 "opened == {s. stop s & open s & move s}" |
59 |
65 |
60 closed :: state set |
66 closed :: state set (*but this is the same as ready!!*) |
61 "closed == {s. stop s & ~ open s & move s}" |
67 "closed == {s. stop s & ~ open s & move s}" |
62 |
68 |
63 atFloor :: nat => state set |
69 atFloor :: nat => state set |
64 "atFloor n == {s. floor s = n}" |
70 "atFloor n == {s. floor s = n}" |
|
71 |
|
72 Req :: nat => state set |
|
73 "Req n == {s. n : req s}" |
65 |
74 |
66 |
75 |
67 |
76 |
68 (** The program **) |
77 (** The program **) |
69 |
78 |
123 |
132 |
124 open_move :: state set |
133 open_move :: state set |
125 "open_move == {s. open s --> move s}" |
134 "open_move == {s. open s --> move s}" |
126 |
135 |
127 stop_floor :: state set |
136 stop_floor :: state set |
128 "stop_floor == {s. open s & ~ move s --> floor s : req s}" |
137 "stop_floor == {s. stop s & ~ move s --> floor s : req s}" |
129 |
138 |
130 moving_up :: state set |
139 moving_up :: state set |
131 "moving_up == {s. ~ stop s & up s --> |
140 "moving_up == {s. ~ stop s & up s --> |
132 (EX f. floor s <= f & f <= max & f : req s)}" |
141 (EX f. floor s <= f & f <= max & f : req s)}" |
133 |
142 |
134 moving_down :: state set |
143 moving_down :: state set |
135 "moving_down == {s. ~ stop s & ~ up s --> |
144 "moving_down == {s. ~ stop s & ~ up s --> |
136 (EX f. min <= f & f <= floor s & f : req s)}" |
145 (EX f. min <= f & f <= floor s & f : req s)}" |
137 |
146 |
138 (*intersection of all invariants: NECESSARY??*) |
147 metric :: [nat,state] => nat |
139 valid :: state set |
148 "metric n s == if up s & floor s < n then n - floor s |
140 "valid == bounded Int open_stop Int open_move" |
149 else if ~ up s & n < floor s then floor s - n |
|
150 else if up s & n < floor s then (max - floor s) + (max-n) |
|
151 else if ~ up s & floor s < n then (floor s - min) + (n-min) |
|
152 else 0" |
|
153 |
|
154 locale floor = |
|
155 fixes |
|
156 n :: nat |
|
157 assumes |
|
158 min_le_n "min <= n" |
|
159 n_le_max "n <= max" |
|
160 defines |
141 |
161 |
142 end |
162 end |