-
Notifications
You must be signed in to change notification settings - Fork 0
Universality Property Pattern
Marc Carwehl edited this page Dec 16, 2021
·
4 revisions
- Pattern in the original catalog
- Structured English Specification:
[Scope], it is always the case that P [holds] [Time].
- Universality of a state can be viewed as absence of its negation.
- Pattern Intent: This pattern describes a portion of a system's execution which contains only states that have a desired property [within a given timebound]. Thus, P is a state or a state formula. The latter refers to conditions of global system variables (e.g.,
x > 5
). Here, we consider the case that P is a state.
A[] P
with A[] not ERROR
A[] Q_held_once == 1 imply P
A[] INIT imply not Q
A[] SCOPEOPEN imply P
A[] not ERROR
We may skip the ERROR
state:
A[] INIT imply not Q
A[] SCOPEOPEN imply P
A[] INIT imply not Q //as warning
A[] not ERROR
with
A[] INIT imply not Q //as warning
A[] not ERROR
with
A[] INIT imply not Q //as warning
A[] SCOPEOPEN imply (P and not R)
A[] not ERROR
A[] ((gc >= t1 and gc <= t2) imply P)
where gc
is a global clock, t1
is the lower and t2
the upper time bound. Thus, when the time constrained is satisfied, P
must hold.
with A[] not ERROR
Comments:
- The observer assures that
P
must hold at the beginning of the time window, that is, att1
. - We consider the case when
R
is reached beforet1
as an error.
with
A[] INIT imply not Q (as warning)
A[] (SCOPEOPEN and c == t1) imply P
A[] not ERROR
with
A[] INIT imply not Q //as warning
A[] (SCOPEOPEN and c>=t1 and c<=t2) imply P
with
A[] INIT imply not Q //as warning
A[] SCOPEOPEN imply not R // needed or already covered by the observer
A[] not ERROR
with
A[] INIT imply not Q
A[] (SCOPEOPEN and c == t1) imply P
A[] not ERROR
A[] INIT imply not Q
A[] INTERVALOPEN imply P
Specification Pattern Catalogue for UPPAAL
Evaluation