-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathRequirements.tla
46 lines (38 loc) · 2.39 KB
/
Requirements.tla
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
---------------------------- MODULE Requirements ----------------------------
EXTENDS Integers
VARIABLES inputs, output
(***************************************************************************)
(* We have two buttons - A and B - and an indicator light. Spec like this *)
(* can help with disambiguating written requirements in situations where *)
(* multiple requirements concern same resource. In this case requirements *)
(* say only what needs to be done if one of the button is pressed, or not *)
(* totally ignoring the situation where both are pressed *)
(***************************************************************************)
Inputs == SUBSET {"a_button_pressed", "b_button_pressed"}
Output == {"off", "red", "green", "yellow"}
TypeOK == /\ inputs \in Inputs
/\ output \in Output
(***************************************************************************)
(* Initially indicator light is off and buttons can be pushed or not *)
(***************************************************************************)
Init == /\ inputs \in Inputs
/\ output = "off"
(***************************************************************************)
(* First requirement says that we signal with green light the fact that *)
(* button A is pushed. If it's not then the light should be yellow *)
(***************************************************************************)
Requirement1 == /\ IF "a_button_pressed" \in inputs THEN output' = "green"
ELSE output' = "yellow"
/\ UNCHANGED <<inputs>>
(***************************************************************************)
(* Second requirement says that we signal with red light the fact that *)
(* button B is pushed. If it's not then the light should be yellow *)
(***************************************************************************)
Requirement2 == /\ IF "b_button_pressed" \in inputs THEN output' = "green"
ELSE output' = "yellow"
/\ UNCHANGED <<inputs>>
(***************************************************************************)
(* We want to check all requirements *)
(***************************************************************************)
Next == Requirement1 \/ Requirement2
=============================================================================