Example for Project 1, Part A

Initial Conditions

• A passenger in the front hallway makes a front hall call when the elevator is at another floor.
• No front door reversal ocurs when the passenger enters.
• The car isn't overweight after the passenger gets on.
• The passenger pushes a front car call button after entering.

Step 1: Scenario

• S1.1. The elevator arrives at the passenger's floor with the front doors shut.
• S1.2. The front doors open.
• S1.3. The passenger gets in.
• S1.4. The front doors close when the passenger pushes a front car call button.

Step 2: Write requirements using precise words

• R-FDC1. When the elevator arrives at the passenger's floor, both front doors shall be commanded to open.
• R-FDC2. The front doors shall remain open while the passenger boards.
• R-FDC3. The front doors should be commanded to close when a front car call button is pushed.

Step 3: Write requirements using consistent terms

• R-FDC1. When mAtFloor[f,b] and mHallCall[f,b,d] are true for the same f and mDriveSpeed is Stop, mDoorMotor[b,*] shall be commanded to Open.
• R-FDC2. When mDoorOpen[b,r] is true, mDoorMotor[b,*] shall not be commanded to Close for at least 5 seconds.
• R-FDC3. If any mCarCall[f,b] is true, mDoorMotor[b,*] should be commanded to Close.

Step 4: Number requirements

Hey, they're already numbered! How about that.

Step 5: Write test cases

• R-FDC1. When mAtFloor[f,b] and mHallCall[f,b,d] are true for the same f and mDriveSpeed is Stop, mDoorMotor[b,r] shall be commanded to Open.

• Test: Set mAtFloor[f,b] and mHallCall[f, d] to true for some f. Observe both mDoorMotor[b,r] being commanded to Open.

• R-FDC2. When mDoorOpen[b,r] is true, mDoorMotor[b,r] shall not be commanded to Close for at least 5 seconds.

• Test: Run the test for R-FDC1. Observe that both mDoorMotor[b,r] are commanded to something other than Close for at least 5 seconds.

• R-FDC3. If any mCarCall[f,b] is true, mDoorMotor[b,r] should be commanded to Close.

• Test: In a situation that would not conflict with R-FDC2 where the elevator doors are open (all DoorOpen[b,*] are true), and all mCarCall[f,b] are false, set a mCarCall[f,b] to true. Observe that mDoorMotor[b,r] is commanded to Close.

Step 6: Traceability

• R-FDC1. When mAtFloor[f,b] and mHallCall[f,b,d] are true for the same f, both mDoorMotor[b,r] shall be commanded to Open.

• R-T1: Passengers are able to board.
• R-T3: Passengers are able to board
• R-S1: The mDoorMotor[b,r] are only commanded to Open if mAtFloor[f,b] is true.
• R-S2: The mDoorMotor[b,r] are only commanded to Open if mHallCall[f,b,d] is true for the mAtFloor[f,b] which is also true.
• R-S3: All mDoorReversal[b,r] are false for this scenario (Initial conditions). This requirement doesn't command the door to close.
• R-S4: CarWeight is less than MaxCarCapacity for this scenario (Initial conditions). This requirement doesn't command the door to close.

• R-FDC2. After being commanded to Open, both mDoorMotor[b,r] shall not be commanded to Close for at least 5 seconds.

• R-T1: This allows passengers to board the elevator so they may use the elevator.
• R-T3: By placing a limit on the time the door is open, performance may be improved.
• R-Sl: This requirement doesn't command the door to open.
• R-S2: This requirement doesn't command the door to open.
• R-S3: All mDoorReversal[b,r] are false for this scenario (Initial Conditions). This requirement doesn't command the door to close.
• R-S4: CarWeight is less than MaxCarCapacity for this scenario (Initial Conditions). This requirement doesn't command the door to close.

• R-FDC3. Both mDoorMotor[b,r] should be commanded to Close if a mCarCall[f,b] is true.

• R-T1: Closes the doors once a passenger is inside, so the elevator may move.
• R-T3: Helps performance as the doors will close when someone picks a floor instead of waiting a fixed time.
• R-Sl: This requirement doesn't command the door to open.
• R-S2: This requirement doesn't command the door to open.
• R-S3: All mDoorReversal[b,r] are false for this scenario (Initial Conditions). BUT for the final requirements, a mDoorReversal[b,r] true should take precedence over this requirement.
• R-S4: CarWeight is less than MaxCarCapacity for this scenario (Initial Conditions). BUT the door would have to reopen/remain open if the CarWeight was greater than MaxCarCapacity; that would take precedence over this requirement.

Step 7: Process audit (the checklist)

Step 1: Is there a scenario? Yes
Step 2: Do the requirements use only shall and should, or the words from lecture on 9/4? Yes
Step 3: Do the requirements use the terms given in the Interface section to describe sensors, actuators and controllers on the elevator? Yes
Step 4: Are the requirements numbered? Yes
Step 5: Is there a test given for each of the requirements? Yes
Step 6: Traceability - Does *each* requirement either support or not contradict *each* of the high-level requirements? Yes
Name: Xavier Q. Student (xqid@andrew.cmu.edu)