-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtemperature_sensor.smv
109 lines (77 loc) · 2.64 KB
/
temperature_sensor.smv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
MODULE main
VAR cpu_temperature: signed word[32];
sensor_temperature: signed word[32];
memory: array 0..2 of signed word[32];
oldest: {0, 1, 2};
state: {0,1,2,3,4,5};
sleep: signed word[1];
ASSIGN
init(memory[0]) := 0sd32_0;
init(memory[1]) := 0sd32_0;
init(memory[2]) := 0sd32_0;
init(oldest) := 0;
init(state) := 0;
init(sleep) := 0sd1_1;
init(cpu_temperature) := 0sd32_0;
init(sensor_temperature) := 0sd32_0;
next(state) :=
case state = 0: 1;
state = 1: 2;
state = 2: 3;
state = 3: 4;
state = 4: 5;
state = 5: 0;
TRUE: state;
esac;
next(cpu_temperature) :=
case state = 2 : sensor_temperature;
state = 4 : cpu_temperature + 0sd32_273;
TRUE: cpu_temperature;
esac;
next(sleep) :=
case state = 1: 0sd1_0;
state = 3: 0sd1_1;
TRUE: sleep;
esac;
next(oldest ) :=
case oldest = 2: 0;
oldest = 0: 1;
oldest = 1: 2;
TRUE: oldest;
esac;
next(memory[0]) :=
case state = 5 & oldest = 0 : cpu_temperature;
TRUE: memory[0];
esac;
next(memory[1]) :=
case state = 5 & oldest = 1 : cpu_temperature;
TRUE: memory[1];
esac;
next(memory[2]) :=
case state = 5 & oldest = 2 : cpu_temperature;
TRUE: memory[2];
esac;
-- Just after the ISR has terminated, the sensor is sleeping.
SPEC AX(state = 5 -> sleep = 0sd1_1);
-- When the sensor is not sleeping, then the ISR is executed.
SPEC AG (sleep = 0sd1_0 -> state != 0) -- state != 0) U (sleep = 0sd1_1)
-- If the ISR is not executed, then the sensor is sleeping.
SPEC AG (state = 0 -> sleep = 0sd1_1);
LTLSPEC (state = 0 | sleep = 0sd1_1) U (state != 0)
-- When the ISR is not executed, then the value of memory at the previous value of oldest is equal to cpu.temperature.
SPEC AG(state = 0 & oldest = 0 -> memory[2] = cpu_temperature);
SPEC AG(state = 0 & oldest = 1 -> memory[0] = cpu_temperature);
SPEC AG(state = 0 & oldest = 2 -> memory[1] = cpu_temperature);
-- Just after the ISR has terminated, then the value of memory at the previous value of oldest is equal to cpu.temperature.
SPEC AX(state = 5 & oldest = 0 -> memory[2] = cpu_temperature);
SPEC AX(state = 5 & oldest = 1 -> memory[0] = cpu_temperature);
SPEC AX(state = 5 & oldest = 2 -> memory[1] = cpu_temperature);
-- When ISR is not executed, then cpu.temperature >= 173.
SPEC AG(state = 0 -> cpu_temperature >= 0sd32_173);
-- When ISR has terminated, then cpu.temperature >= 173.
SPEC AX(state = 5 -> cpu_temperature >= 0sd32_173);
-- oldest is always in the set {0, 1, 2}.
SPEC AG(oldest in {0,1,2});
JUSTICE
(sensor_temperature >= -0sd32_100) &
(sensor_temperature <= 0sd32_100);