Docstoc

Modelling a Lift Control System

Document Sample
Modelling a Lift Control System Powered By Docstoc
					                     Modelling a Lift Control System
                                    Ken Robinson
                                   January 29, 2009

CONTEXT Lift ctx
SETS
       DIRECTION
       STATUS
CONSTANTS
       MAXFLOOR
       FLOOR
       MAXLIFT
       LIFT
       UP
       DOWN
       STOPPED
       MOVING
       CHANGE
AXIOMS
       axm1 :    M AXF LOOR ∈ N1
       axm2 :    F LOOR = 0 .. M AXF LOOR
       axm3 :    M AXLIF T ∈ N1
       axm4 :    LIF T = 1 .. M AXLIF T
       axm5 :    DIRECT ION = {U P, DOW N }
       axm6 :    U P = DOW N
       axm7 :    ST AT U S = {ST OP P ED, M OV IN G}
       axm8 :    ST OP P ED = M OV IN G
       axm9 :    CHAN GE ∈ DIRECT ION          DIRECT ION
       axm10 :    CHAN GE = {U P → DOW N, DOW N → U P }
THEOREMS
       thm1 :    F LOOR = ∅
END


                                           1
MACHINE BasicLift
   The machine models the basic lift movements.
     The behaviour is all non-deterministic: there is no attempt to express any sort of lift control
     or scheduling.
     A discpline of lift direction is established: level 0: direction is UP level MAXFLOOR:
     direction is DOWN other floors: either direction is valid
     There are no doors.
     There are no buttons

SEES Lift ctx

VARIABLES

      liftposition
      liftstatus
      liftdirection

INVARIANTS

      inv1 :       lif tposition ∈ LIF T → F LOOR
      inv2 :       lif tstatus ∈ LIF T → ST AT U S
      inv3 :       lif tdirection ∈ LIF T → DIRECT ION
                   ∀l·l ∈ LIF T ∧ lif tposition(l) = 0
      inv4 :       ⇒
                   lif tdirection(l) = U P
                   ∀l·l ∈ LIF T ∧ lif tposition(l) = M AXF LOOR
      inv5 :       ⇒
                   lif tdirection(l) = DOW N
THEOREMS
                   ∀l·l ∈ LIF T ∧ lif tdirection(l) = DOW N
      thm1 :       ⇒
                   lif tposition(l) = 0
                   ∀l·l ∈ LIF T ∧ lif tdirection(l) = U P
      thm2 :       ⇒
                   lif tposition(l) = M AXF LOOR
                   ∀l·l ∈ LIF T ∧ lif tdirection(l) = U P
      thm3 :       ⇒
                   lif tposition(l) + 1 ≤ M AXF LOOR
EVENTS

Initialisation

     begin




                                                   2
                      lif tposition, lif tdirection, lif tstatus : |
                      lif tposition ∈ LIF T → F LOOR
                       ∧ lif tdirection ∈ LIF T → DIRECT ION
                       ∧ lif tstatus ∈ LIF T → ST AT U S
                       ∧ (∀l·l ∈ LIF T ∧ lif tposition (l) = 0
            act1 :
                      ⇒
                      lif tdirection (l) = U P )
                       ∧ (∀m·m ∈ LIF T ∧ lif tposition (m) = M AXF LOOR
                      ⇒
                      lif tdirection (m) = DOW N )
               There seems to be a bug in Rodin. The two quantifications, in l and m, are
               interfering. See PO Initialisation FIS!! Also, if the quantification over m is replaced
               by quantification over l, which of course is legal, a syntax error is diagnosed!
     end
Event StopLift =
    Models a lift arriving at a floor and stopping
     any
            lift
     where
            grd1 :    lif t ∈ LIF T
            grd2 :    lif tstatus(lif t) = M OV IN G
     then
            act1 :    lif tstatus(lif t) := ST OP P ED
     end
Event StartLift =
    Models the starting of a STOPPED lift, maintaining of previous direction
     any
            lift
     where
            grd1 :    lif t ∈ LIF T
            grd2 :    lif tstatus(lif t) = ST OP P ED
     then
            act1 :    lif tstatus(lif t) := M OV IN G
     end
Event ChangeDir =
    Models the changing of direction of a STOPPED lift
     any
            lift
     where
            grd1 :    lif t ∈ LIF T
            grd2 :    lif tstatus(lif t) = ST OP P ED


                                                 3
            grd3 :   lif tposition(lif t) = 0
            grd4 :   lif tposition(lif t) = M AXF LOOR
     then
            act1 :   lif tdirection(lif t) := CHAN GE(lif tdirection(lif t))
     end
Event MoveUp =
    Models a lift moving up to the next floor
     any
          lift
     where
          grd1   :   lif t ∈ LIF T
          grd2   :   lif tstatus(lif t) = M OV IN G
          grd3   :   lif tdirection(lif t) = U P
     then
          act1   :   lif tposition(lif t) := lif tposition(lif t) + 1
                     lif tdirection : |lif tdirection ∈ LIF T → DIRECT ION
                      ∧ (lif tposition(lif t) + 1 = M AXF LOOR
                     ⇒
            act2 :   lif tdirection = lif tdirection − {lif t → DOW N })
                      ∧ (lif tposition(lif t) + 1 = M AXF LOOR
                     ⇒
                     lif tdirection = lif tdirection)
     end
Event MoveDown =
    Models a lift moving down to the next floor
     any
          lift
     where
          grd1   :   lif t ∈ LIF T
          grd2   :   lif tstatus(lif t) = M OV IN G
          grd3   :   lif tdirection(lif t) = DOW N
     then
          act1   :   lif tposition(lif t) := lif tposition(lif t) − 1
                     lif tdirection : |lif tdirection ∈ LIF T → DIRECT ION
                      ∧ (lif tposition(lif t) = 1
                     ⇒
            act2 :   lif tdirection = lif tdirection − {lif t → U P })
                      ∧ (lif tposition(lif t) = 1
                     ⇒
                     lif tdirection = lif tdirection)
     end
END


                                               4
CONTEXT Doors ctx

SETS

       DOORS

CONSTANTS

       OPEN
       CLOSED

AXIOMS

       axm1 :   DOORS = {OP EN, CLOSED}
       axm2 :   OP EN = CLOSED

END




                                    5
MACHINE LiftPlusDoors
   This refinement adds lift doors
     Lift doors must always be closed when the lift is moving
REFINES BasicLift
SEES Lift ctx, Doors ctx
VARIABLES
      liftposition
      liftstatus
      liftdirection
      liftdoorstatus
INVARIANTS
      inv1 :       lif tdoorstatus ∈ LIF T → DOORS
                   ∀l·l ∈ LIF T ∧ lif tstatus(l) = M OV IN G
      inv2 :       ⇒
                   lif tdoorstatus(l) = CLOSED
EVENTS
Initialisation
      extended
     begin
            act2 :     lif tdoorstatus := LIF T × {CLOSED}
     end
Event OpenLiftDoor =
     any
            lift
     where
            grd1 :     lif t ∈ LIF T
            grd2 :     lif tstatus(lif t) = ST OP P ED
            grd3 :     lif tdoorstatus(lif t) = CLOSED
     then
            act1 :     lif tdoorstatus(lif t) := OP EN
     end
Event CloseLiftdoor =
     any
            lift
     where
            grd1 :     lif t ∈ LIF T


                                                 6
            grd2 :   lif tstatus(lif t) = ST OP P ED
     then
            act1 :   lif tdoorstatus(lif t) := CLOSED
     end
Event StopLift =
    Models a lift arriving at a floor and stopping
extends StopLift
     begin
          skip
     end
Event StartLift =
    Models the starting of a STOPPED lift, maintaining of previous direction
extends StartLift
     when
          grd3 :     lif tdoorstatus(lif t) = CLOSED
     then
          skip
     end
Event ChangeDir =
    Models the changing of direction of a STOPPED lift
extends ChangeDir
     begin
          skip
     end
Event MoveUp =
    Models a lift moving up to the next floor
extends MoveUp
     begin
          skip
     end
Event MoveDown =
    Models a lift moving down to the next floor
extends MoveDown
     begin
          skip
     end
END


                                               7
MACHINE LiftPlusFloorDoors
   This refinement adds floor doors
     Floor doors may be OPEN only on the floor where a lift is stopped
     The floor door opens AFTER the lift door opens
     The floor door closes BEFORE the lift door closes
     This ensures that floor door OPEN implies lift door OPEN
     And if a lift is MOViNG then the floor door for that lift is CLOSED on all floors

REFINES LiftPlusDoors

SEES Lift ctx, Doors ctx

VARIABLES

      liftposition
      liftstatus
      liftdirection
      liftdoorstatus
      floordoorstatus

INVARIANTS

      inv1 :       f loordoorstatus ∈ LIF T → (F LOOR → DOORS)
               ∀l·l ∈ LIF T ∧ lif tdoorstatus(l) = CLOSED
      inv2 :   ⇒
               f loordoorstatus(l)(lif tposition(l)) = CLOSED
          The floor door opens AFTER the lift door opens
                ∀l, f ·l ∈ LIF T ∧ f ∈ F LOOR \ {lif tposition(l)}
      inv3 :    ⇒
                f loordoorstatus(l)(f ) = CLOSED
          Floor doors may be OPEN only on the floor where a lift is stopped

THEOREMS
                  ∀l, f ·l ∈ LIF T ∧ f ∈ F LOOR ∧ lif tstatus(l) = M OV IN G
      thm1 :      ⇒
                  f loordoorstatus(l)(f ) = CLOSED
         If a lift is MOVING then the floor door for that lift is CLOSED on all floors
                  ∀l·l ∈ LIF T ∧ f loordoorstatus(l)(lif tposition(l)) = OP EN
      thm2 : ⇒
                  lif tdoorstatus(l) = OP EN
         Floor door OPEN implies lift door OPEN

EVENTS
Initialisation

     begin




                                              8
                     lif tposition, lif tdirection, lif tstatus : |
                     lif tposition ∈ LIF T → F LOOR
                      ∧ lif tdirection ∈ LIF T → DIRECT ION
                      ∧ lif tstatus ∈ LIF T → ST AT U S
                      ∧ (∀l·l ∈ LIF T ∧ lif tposition (l) = 0
           act1 :
                     ⇒
                     lif tdirection (l) = U P )
                      ∧ (∀m·m ∈ LIF T ∧ lif tposition (m) = M AXF LOOR
                     ⇒
                     lif tdirection (m) = DOW N )
              There seems to be a bug in Rodin. The two quantifications, in l and m, are
              interfering. See PO Initialisation FIS!! Also, if the quantification over m is replaced
              by quantification over l, which of course is legal, a syntax error is diagnosed!
           act2 : lif tdoorstatus := LIF T × {CLOSED}
           act3 : f loordoorstatus := LIF T × {F LOOR × {CLOSED}}
    end

Event OpenFloorDoor =

    any
           lift
           floor
    where
           grd1 :    lif t ∈ LIF T
           grd2 :    f loor = lif tposition(lif t)
           grd3 :    lif tdoorstatus(lif t) = OP EN
    then
           act1 :    f loordoorstatus(lif t) := f loordoorstatus(lif t) − {f loor → OP EN }
    end

Event CloseFloorDoor =

    any
           lift
           floor
    where
           grd1 :    lif t ∈ LIF T
           grd2 :    f loor = lif tposition(lif t)
           grd3 :    f loordoorstatus(lif t)(f loor) = OP EN
    then
           act1 :    f loordoorstatus(lif t) := f loordoorstatus(lif t) − {f loor → CLOSED}
    end

Event OpenLiftDoor =

extends OpenLiftDoor


                                                9
     begin
            skip
     end

Event CloseLiftdoor =

extends CloseLiftdoor

     when
            grd3 :   f loordoorstatus(lif t)(lif tposition(lif t)) = CLOSED
     then
            skip
     end

Event StopLift =
    Models a lift arriving at a floor and stopping

extends StopLift

     begin
            skip
     end

Event StartLift =
    Models the starting of a STOPPED lift, maintaining of previous direction

extends StartLift

     begin
            skip
     end

Event ChangeDir =
    Models the changing of direction of a STOPPED lift

extends ChangeDir

     begin
            skip
     end

Event MoveUp =
    Models a lift moving up to the next floor

extends MoveUp

     begin
            skip
     end



                                               10
Event MoveDown =
    Models a lift moving down to the next floor

extends MoveDown

     begin
           skip
     end

END




                                           11
MACHINE LiftWithButtons
REFINES LiftPlusFloorDoors
SEES Lift ctx, Doors ctx
VARIABLES
      liftposition
      liftstatus
      liftdirection
      liftdoorstatus
      floordoorstatus
      extrequests
      intrequests
INVARIANTS
      inv1 :       extrequests ∈ F LOOR → P(DIRECT ION )
      inv2 :       intrequests ∈ LIF T → P(F LOOR)
EVENTS
Initialisation
      extended
     begin
            act4 :     extrequests := F LOOR × {∅}
            act5 :     intrequests := LIF T × {∅}
     end
Event ChooseDirection =
     any
            floor
            dir
     where
            grd2 :     f loor ∈ F LOOR
            grd1 :     dir ∈ DIRECT ION
     then
            act1 :     extrequests(f loor) := extrequests(f loor) ∪ {dir}
     end
Event ChooseFloor =
    Models internal choice of floor in lift
     any
            lift
            floor


                                                12
     where
            grd2 :   lif t ∈ LIF T
            grd1 :   f loor ∈ F LOOR
     then
            act1 :   intrequests(lif t) := intrequests(lif t) ∪ {f loor}
     end

Event StopLift =
    Models a lift arriving at a floor and stopping

extends StopLift

     begin
            skip
     end

Event StartLift =
    Models the starting of a STOPPED lift, maintaining of previous direction

extends StartLift

     begin
            skip
     end

Event ChangeDir =
    Models the changing of direction of a STOPPED lift

extends ChangeDir

     begin
            skip
     end

Event OpenFloorDoor =

extends OpenFloorDoor

     begin
            skip
     end

Event CloseFloorDoor =

extends CloseFloorDoor

     begin
            skip
     end



                                                13
Event MoveUp =
    Models a lift moving up to the next floor

extends MoveUp

     begin
           skip
     end

Event MoveDown =
    Models a lift moving down to the next floor

extends MoveDown

     begin
           skip
     end

Event OpenLiftDoor =

extends OpenLiftDoor

     begin
           skip
     end

Event CloseLiftdoor =

extends CloseLiftdoor

     begin
           skip
     end

END




                                               14

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:7
posted:4/20/2010
language:English
pages:14
Description: Modelling a Lift Control System