示例#1
0
        public void R12Bis()
        {
            var model = new Model(new InitializeOne());

            model.Faults.SuppressActivations();

            var modelchecker = new LtsMin();

            //System is in normal mode.
            var normalMode = G(!model.DigitalPart.AnomalyComposition());
            //Handle has been moved and in the next state, the handle is in up position and stays up and normal mode.
            var handleUp = normalMode && model.DigitalPart.ComputingModules.Any(module => module.HandleHasMoved) && X(G(model.Cockpit.PilotHandle.Position == HandlePosition.Up));
            //Check that premise does in fact occur
            var result = modelchecker.Check(model, G(!handleUp));

            Assert.IsFalse(result.FormulaHolds);
            //NormalMode and HandleUp imply that eventually the gears are locked up and the doors locked in closed position.
            result = modelchecker.Check(model, G(handleUp.Implies(F(model.DigitalPart.ComputingModules.All(module => module.GearsRetracted) && model.DigitalPart.ComputingModules.All(module => module.DoorsClosed)))));

            Assert.IsTrue(result.FormulaHolds);
        }
示例#2
0
        public void R22()
        {
            var model = new Model(new InitializeOne());

            model.Faults.SuppressActivations();

            var modelchecker = new LtsMin();

            //System is in normal mode.
            var normalMode = G(!model.DigitalPart.AnomalyComposition());
            //Handle stays in the up position and normal mode.
            var handleIsUp = normalMode && F(G(model.Cockpit.PilotHandle.Position == HandlePosition.Up));
            //Check that premise does in fact occur
            var result = modelchecker.Check(model, G(!handleIsUp));

            Assert.IsFalse(result.FormulaHolds);
            //NormalMode and HandleIsUp imply that the outgoing sequence is not observed.
            result = modelchecker.Check(model, G(handleIsUp.Implies(model.DigitalPart.ComputingModules.All(module => module.NotOutgoing))));

            Assert.IsTrue(result.FormulaHolds);
        }
示例#3
0
        public void R42()
        {
            var model = new Model(new InitializeOne());

            model.Faults.SuppressActivations();

            var modelchecker = new LtsMin();

            //System is in normal mode.
            var normalMode = G(!model.DigitalPart.AnomalyComposition());
            // Normal mode implies that gears outgoing and retraction electro-valves are not stimulated simultanously.
            var result = modelchecker.Check(model, G(normalMode.Implies(model.DigitalPart.ComputingModules.All(module => !(module.ExtendEV && module.RetractEV)))));

            Assert.IsTrue(result.FormulaHolds);
        }
示例#4
0
        public void R51()
        {
            var model = new Model(new InitializeOne());

            model.Faults.SuppressActivations();

            var modelchecker = new LtsMin();

            //System is in normal mode.
            var normalMode = G(!model.DigitalPart.AnomalyComposition());
            //Stimulation of the maneuvering electro-valves.
            var stimulation = model.DigitalPart.ComputingModules.All(module => module.OpenEV || module.CloseEV || module.ExtendEV || module.RetractEV);
            //If stimulations is to be true in the next step, then the general electro-valve has to be stimulated.
            var result = modelchecker.Check(model, G(normalMode.Implies(X(stimulation).Implies(model.DigitalPart.ComputingModules.All(module => module.GeneralEV)))));

            Assert.IsTrue(result.FormulaHolds);
        }
示例#5
0
        public void R32()
        {
            var model = new Model(new InitializeOne());

            model.Faults.SuppressActivations();

            var modelchecker = new LtsMin();

            //System is in normal mode.
            var normalMode = G(!model.DigitalPart.AnomalyComposition());
            //Stimulation of the door opening or closure electro-valves.
            var stimulation = model.DigitalPart.ComputingModules.All(module => module.OpenEV || module.CloseEV);
            //If stimulations is to be true in the next step, then gears have to be locked down or up.
            var result = modelchecker.Check(model, G(normalMode.Implies(X(stimulation).Implies(model.DigitalPart.ComputingModules.All(module => module.GearsExtended || module.GearsRetracted)))));

            Assert.IsTrue(result.FormulaHolds);
        }
示例#6
0
        public void R31()
        {
            var model = new Model(new InitializeOne());

            model.Faults.SuppressActivations();

            var modelchecker = new LtsMin();

            //System is in normal mode.
            var normalMode = G(!model.DigitalPart.AnomalyComposition());
            //Stimulation of the gear extension or retraction electro-valves.
            var stimulation = model.DigitalPart.ComputingModules.All(module => module.RetractEV || module.ExtendEV);
            //If stimulations is to be true in the next step, then doors have to be open.
            var result = modelchecker.Check(model, G(normalMode.Implies(X(stimulation).Implies(model.DigitalPart.ComputingModules.All(module => module.DoorsOpen)))));

            Assert.IsTrue(result.FormulaHolds);
        }
 public override InvariantAnalysisResult Check(CoupledExecutableModelCreator <SafetySharpRuntimeModel> createModel, Formula formula)
 {
     return(_modelChecker.Check(createModel, formula));
 }