18649 - Behavioral Requirements II
Distributed Controller Requirements
18649 Spring 2010
Group 7 - Justin Ray/justinr2
Introduction
This document describes the complex sensor, actuator, and environmental
objects in the system.
Table of Contents
1. Customer[p] (environmental object)
Replication:
N customers per system; N is unlimited.
Instantiation:
Zero customers at initialization.
Customers arrive at the soda machine one at a time.
Assumptions:
Customers that drink diet sodas weigh 150 pounds each.
Customers that
drink regular soda weigh 200 pounds each.
Input Interface:
- ButtonLight[s]
- CatchBinContents
Output Interface:
- Button[s]
- CoinIn
- CoinReturn
Constraints:
- 1.1: Customer can only press one button at a time (including the
coin
return).
High-Level Behaviors:
- 1.2: The customer will peform a random sequence of button press
and
coin insert operatons, culminating in pressing either the coin return
button or a the correct condtions for a soda to be released.
- 1.2.1: The time between these operations shall be
1000
msec to 5000 msec (stochastic).
- 1.3: After initiating a soda release, the customer will wait a
fixed amount of time between 5,000 ms and 8,000 ms (stochastic) before
trying to collect the soda.
- 1.3: After pressing the coin release button or obtaining a soda,
the
customer will wait a fixed amount of time between 500ms and 1000 ms
(stochastic) before leaving the machine.
- 1.3.1: During that time, the customer will collect any coins
returned
- 1.4: The customer will be satisfied with their transaction
IFF:
- 1.4.1: The number of coins they received from the machine
plus
the value of the soda they received is greater than or equal to the the
number of coins they put in to the machine AND
- 1.4.2: The soda delivered by the soda machine is
corresponds to
the last lit button the customer pressed.
Note: Implementation of the Customer is provided in the simulator
and the
details are beyond the scope of this document. The Customer
behaviors (and implementation) are inherently event-triggered, so you
should not base your design on the Customer object.
2. ButtonControl[s]
Replication:
- There is one button controller per Button/ButtonLight pair on
the soda machine (=8).
Instantiation:
- ButtonControl[s] commands Button_Light[s] to False at
initialization.
Assumptions:
- Only one Button[s] is sent as True at a time to VendControl.
- Each ButtonControl[s] has a physical interface to exactly one
Button[s] and ButtonLight[s].
Input Interface:
- Button[s](v)
- mEmpty[s](v)
- mVend[s](v) �
- mCoinCount(n)
Output Interface:
- ButtonLight[s](v)
- mButton[s](v)
Constants
- FlashLimit (integer): determines the rate that the light
flashes during vend. An appropriate value shall be chosen using
the controller period and the required flash period.
State:
- IsEmpty (True, False); initialized to False; indicates when
selection has no soda cans left.
- ButtonState (True, False); initialized to False; indicates
whether the button has been pressed.
- FlashCounter: used to keep track of time while flashing the
light druing Vend
- CoinCount: State variable used to keep track of coin count.
Constraints:
Event-Triggered Behaviors:
- ER2.1. If mEmpty[s] is received as v, then IsEmpty shall be
set to v.
- ER2.2. If mEmpty[s] is received True, then
- ER2.2a. ButtonLight[s](v) shall be commanded to False.
- ER2.2b. mButton[s] shall be set to False.
- ER2.3. If mEmpty[s] is received False and ButtonState
←
False, then
- ER2.3a. ButtonLight[s](v) shall be commanded to True.
- ER2.3b. mButton[s] shall be set to False.
- ER 2.4. If Button[s] is received True and IsEmpty is False
and CoinCount is equal to SODA_COST,
then
- ER2.4a. ButtonState should be set to True.
- ER2.4b. ButtonLight[s] should be commanded to blink with
a
period of 1s.
- ER2.4c. mButton[s] should be set to True.
- ER 2.5. If mVend[s] is received True and IsEmpty is False,
ButtonLight shall be commanded to True.
- ER 2.6. If mVend[s] is received True and IsEmpty is True,
ButtonLight shall be commanded to False.
- ER 2.7. If mVend[s] is received True, then
- ER 2.7a mButton[s] shall be set to False.
- ER 2.7b ButtonState shall be set to False.
- ER 2.8. If mCoinCount is received as n, then CoinCount
shall be set to n.
- ER 2.9. If mCoinCount[s] is received equal to SODA_COST and
IsEmpty is False and ButtonState is equal to True,
then
- ER2.9a. ButtonState should be set to True.
- ER2.9b. ButtonLight[s] should be commanded to blink with
a
period of 1s.
- ER2.9c. mButton[s] should be set to True.
Time-Triggered Behaviors:
- R2.1. mButtonState[s] shall be set to the current value of
ButtonState.
- R2.2. If ButtonState is equal to False AND mEmpty[s] is
equal to True, then
ButtonLight[s] shall be commanded to False.
- R2.3. If ButtonState is equal to False AND mEmpty[s] is
equal to False, then
ButtonLight[s] shall be commanded to True.
- R2.4. If Button[s] is equal to True AND mEmpty[s] is equal to
False and
mCoinCount is equal to SODA_COST and mVend is equal to False, then
- R2.4a. ButtonState shall be set to True.
- R2.4b. ButtonLight[s] shall be commanded to blink with a
period of 1s.
- R2.5. If mVend[s] is equal to True then ButtonState shall
be set to
False.
Time-Triggered Statechart:
Transition #
|
Guard
|
T2.1
|
mButton[s] ← True AND
mEmpty[s] ← False AND mVend ← False AND mCoinCount ← SODA_COST |
| T2.2 |
mVend ← True AND
mEmpty[s] ← False
|
| T2.3. |
mVend ← True AND
mEmpty[s] ← True |
| T2.4. |
FlashCounter > FlashLimit
|
| T2.5. |
FlashCounterLimt ← 0
|
| T2.6. |
mEmpty ← True
|
| T2.7. |
mEmpty ← False |
Requirements-to-Statecharts Traceability
|
Requirements
|
States
|
R2.1
|
R2.2
|
R2.3
|
R2.4a
|
R2.4b
|
R2.5
|
S2.1 IDLE
|
x
|
|
x
|
|
|
x
|
S2.2 EMPTY
|
x
|
x
|
|
|
|
x
|
S2.3 VEND
|
x
|
|
|
x
|
x
|
|
S2.4 FLASH_OFF
|
x
|
|
|
x
|
x
|
|
S2.5 FLASH_ON
|
x
|
|
|
x
|
x
|
|
Transitions
|
|
|
|
|
|
|
T2.1
|
|
|
|
x
|
x
|
x
|
T2.2
|
|
|
x
|
|
|
|
T2.3
|
|
x
|
|
|
|
|
T2.4
|
|
|
|
|
x
|
|
T2.5
|
|
|
|
|
x
|
|
T2.6
|
|
x
|
|
|
|
|
T2.7
|
|
|
x
|
|
|
|
3. CoinControl
Instantiation:
- CoinOutControl sets CoinOut(v) to False at initialization.
- CoinCount is set to 0 at initialization.
Assumptions:
- A CoinIn event always precedes a CoinOut event.
Input Interface:
- CoinIn(v)
- mVend(v)
- mVendMotor(v)
- mCoinReturn(v)
Output Interface:
State:
- CoinCount (integer; values of 0..1); initialized to
0. The current value is always sent in mCoinCount(n).
- CoinReceived (True, False); initailized fo False. Indicates
whether a coin has been received (used for edge detection).
- CoinOutTimer: used to keep track of time for CoinOut pulses
Constraints:
- C3.1. CoinControl shall retain no more than SODACOST coins
per vend cycle.
Event-Triggered Behaviors:
- ER3.2. If CoinIn is received as True and CoinCount is less
than SODACOST, then CoinCount shall be incremented.
- ER3.3. If CoinIn is received as True and CoinCount is equal to
SODACOST, then CoinOut(v) shall be pulsed to return a coin.
- ER3.4. If mVend is received as True, then CoinCount shall be set
to 0.
- ER3.5. If mCoinReturn is received True and CoinCount is greater
than
0, then
- ER3.5a. CoinOut(v) shall be pulsed (with pulses at least 150ms
in duration) CoinCount times to return
all coins.
- ER3.5b. CoinCount shall be decremented until it reaches 0.
- ER3.6. mCoinCount shall always be set to current value of
CoinCount.
Time-Triggered Behaviors:
- R3.1. If CoinIn is equal to True AND CoinReceived
← False; then
- R3.1a. CoinRecieved shall be set to True.
- R3.1b. CoinCount shall be incremented.
- R3.2. If (CoinCount > SODACOST), then
- R3.2a. CoinOut shall be pulsed to return a coin.
- R3.2b. CoinCount shall be decremented.
- R3.3. If mVend is equal to True, CoinCount shall be set to
0.
- R3.4. If mCoinReturn is equal to True and CoinCount is greater
than 0, then
- R3.4a. CoinOut shall be pulsed (with pulses at least 150ms in
duration) to return all coins.
- R3.4b. CoinCount shall be decremented to zero.
- R3.5. mCoinCount shall be set to the current value of CoinCount.
- R3.6. If CoinIn is equal to False and CoinReceived ← True;
then CoinReceived shall be set to false.
Time-Triggered Statechart:
Transition #
|
Guard
|
T3.1
|
CoinIn ← True
|
| T3.2 |
Unconditional Transition
|
| T3.3. |
CoinIn ← False
|
| T3.4. |
CoinCount > SODACOST
|
| T3.5. |
Unconditional Transition
|
T3.6.
|
mCoinReturn← True AND CoinCount
> 0
|
T3.7.
|
Unconditional Transition
|
T3.8.
|
CoinCount ← 0
|
T3.9.
|
CoinCount > 0
|
T3.10.
|
mVend ← True
|
T3.11.
|
mVend ← False
|
T3.12
|
Unconditional Transition |
T3.13
|
Unconditional Transition |
Requirements-to-Statecharts Traceability
|
Requirements
|
|
States
|
R3.1a
|
R3.1b
|
R3.2a
|
R3.2b
|
R3.3
|
R3.4a
|
R3.4b
|
R3.5
|
R3.6
|
S3.1 IDLE
|
|
|
|
|
|
|
|
x
|
|
S3.2 COIN_IN_1
|
x
|
x
|
|
|
|
|
|
x
|
|
S3.3 COIN_IN_2
|
x
|
x
|
|
|
|
|
|
x
|
x
|
S3.4 OVERPAY
|
|
|
x
|
x
|
|
|
|
x
|
|
S3.5 RETURN_1
|
|
|
|
|
|
x
|
x
|
x
|
|
S3.6 RETURN_2
|
|
|
|
|
|
x
|
x
|
x
|
|
S3.7 VEND
|
|
|
|
|
x
|
|
|
x
|
|
S3.8 OVERPAY_STRETCH
|
|
|
x
|
x
|
|
|
|
x
|
|
S3.9 RETURN_STRETCH
|
|
|
|
|
|
x
|
x
|
x
|
|
Transitions
|
|
|
|
|
|
|
|
|
|
T3.1
|
x
|
x
|
|
|
|
|
|
|
|
T3.2
|
x
|
x
|
|
|
|
|
|
|
|
T3.3
|
|
|
|
|
|
|
|
|
x
|
T3.4
|
|
|
x
|
x
|
|
|
|
|
|
T3.5
|
|
|
x
|
x
|
|
|
|
|
|
T3.6
|
|
|
|
|
|
x
|
x
|
|
|
T3.7
|
|
|
|
|
|
x
|
x
|
|
|
T3.8
|
|
|
|
|
|
x
|
x
|
|
|
T3.9
|
|
|
|
|
|
x
|
x
|
|
|
T3.10
|
|
|
|
|
x
|
|
|
|
|
T3.11
|
|
|
|
|
x
|
|
|
|
|
T3.12
|
|
|
x
|
x
|
|
|
|
|
|
T3.13
|
|
|
|
|
|
x
|
x
|
|
|
4. VendControl
Instantiation:
- VendControl sets all Vend[s] to False at initialization.
Assumptions:
- Only one Button[s] sensor indicates True at a time.
- The race condition between a Vend[s](True) event and a
Coin_out(True)
event never occurs.
Input Interface:
- mVendPosition[s](v)
- mButton[s](v)
- mCoinCount(n)
- mVendMotor(d)
Output Interface:
Constants:
- VendCounterLimit: (integer): determines the amount of
time the Vend sigal is sent. An
appropriate value shall be chosen using the controller period and the
required vend period.
State:
- CoinCount(integer) initialized to 0; indicates how many
coins are present
- WhichButton (integer 0..8); initialized to 0; indicates
which
button
is pressed. 0 represents NONE.
- WhichPosition (integer 0..8); initialized to 0; indicates
which
position sensor is true. 0 represents NONE.
- VendMotorValue(d); indicates the current setting of the VendMotor.
- VendCounter: used to track the progress of time while
vending
Constraints:
- C4.1 Vend shall only be activated if mVendMotor is STOP.
Event-Triggered Behaviors:
- ER4.3. If mButton[s] is received True, WhichButton shall be
set to s.
- ER4.4. If mCoinCount is recieved as v, CoinCount shall be
set to v.
- ER4.5. If mVendPosition[s] is received True, WhichPosition
shall be set to s.
- ER4.6. If mVendMotor(d) is recieved, VendMotorValue shall
be set to d.
- ER4.7. If mButton[WhichPosition] is recieved True AND
CoinCount is equal to SODACOST AND VendMotorValue is equal to
STOP, then
- ER 4.7a. Vend shall be set to true for at least 500ms.
- ER 4.7b. mVend(v) shall be set to True for at least 500ms.
- ER4.8. If mVendPosition[WhichButton] is recieved True AND
CoinCount is equal to SODACOST AND VendMotorValue is equal to STOP, then
- ER 4.8a. Vend shall be set to true for at least 500ms.
- ER 4.8b. mVend(v) shall be set to True for at least 500ms.
- ER4.9. If mCoinCount(n) is received as SODACOST AND
WhichButton is equal to WhichPosition AND VendMotorValue is equal to
STOP, then
- ER 4.9a. Vend shall be set to true for at least 500ms.
- ER 4.9b. mVend(v) shall be set to True for at least 500ms.
- ER4.10. If mVendMotor is received as true AND WhichButton
is equal to WhichPosition AND CoinCount is equal to SODACOST, then
- ER 4.10a. Vend shall be set to true for at least 500ms.
- ER 4.10b. mVend(v) shall be set to True for at least
500ms.
Time-Triggered Behaviors:
- R4.3. if mButton[s] is equal to True AND mCoinCount is
equal to SODACOST AND
mVendPosition[s] is equal to True AND mVendMotor is equal to STOP,
then
- R4.3a. Vend shall be set to true for at least 500ms.
- R 4.3b. mVend(v) shall be set to True for at least 500ms.
Time-Triggered Statechart:
Transition #
|
Guard
|
T4.1
|
mButton[s] ← TRUE
AND
mCointCount← SODACOST AND
mVendPosition[s] ← True AND
mVendMotor ← STOP
|
| T4.2 |
VendCounter >=
VendCounterLimit;
|
Requirements-to-Statecharts Traceability
|
Requirements
|
States
|
R4.3a
|
R4.3b
|
S4.1 IDLE
|
x
|
x
|
S4.2 VEND
|
x
|
x
|
Transitions
|
|
|
T4.1
|
x
|
x
|
T4.2
|
x
|
x
|
5. VendPositionControl
Instantiation:
- VendControl sets all Vend[s] to False at initialization.
Assumptions:
- Only one Button[s] sensor indicates True at a time.
Input Interface:
- mVendPosition[s](v)
- mButton[s](v)
- mVend(v)
- mCoinCount(n)
Output Interface:
- VendMotor(d)
- mVendMotor(d)
State:
- CoinCount(integer) initialized to 0; indicates how many
coins are present
- WhichButton (integer 0..8); initialized to 0; indicates
which
button
is pressed
- WhichPosition (integer 0..8); initialized to 0; indicates
which position sensor is true
- VendValue (boolean) initialized to false; indicates the state of
the Vend actuator.
- AppropriateDirection: a computed value that indicates the correct
direction of travel based on the current position (determined by
WhichPosition) and the desired position (determined by WhichButton)
Constraints:
- C5.1 The VendMotor shall only be activated when mVend is False.
- C5.2 The VendMotor shall be commanded to STOP when it reaches the
terminal positions.
Event-Triggered Behaviors:
- ER5.3. If mButton[s] is received True, WhichButton shall be
set to s.
- ER5.4. If mCoinCount is recieved as v, CoinCount shall be
set to v.
- ER5.5. If mVendPosition[s] is received True, WhichPosition
shall be set to s.
- ER5.6. If mVend(v) is received, VendValue is set to v.
- ER5.7. If mVendPosition[WhichButton] is received False AND
CoinCount is equal to SODACOST AND VendValue is equal to FALSE then,
- ER5.7a. VendMotor shall be commanded to
AppropriateDirection.
- ER5.7b. mVendMotor shall be set to AppropriateDirection.
- ER5.8. If mButton[s] is received True AND s is not equal to
WhichPosition AND CoinCount is equal to SODACOST AND VendValue is equal
to FALSE then,
- ER5.8a. VendMotor shall be commanded to
AppropriateDirection.
- ER5.8b. mVendMotor shall be set to AppropriateDirection.
- ER5.9. If mCoinCount is received equal to SODACOST AND
WhichButton is not equal to WhichPosition AND AND VendValue is equal to
FALSE then,
- ER5.9a. VendMotor shall be commanded to
AppropriateDirection.
- ER5.9b. mVendMotor shall be set to AppropriateDirection.
- ER5.10. If mVendValue is received False AND WhichButton is
not equal to WhichPosition AND CoinCount is equal to SODACOST then,
- ER5.10a. VendMotor shall be commanded to
AppropriateDirection.
- ER5.10b. mVendMotor shall be set to AppropriateDirection.
- ER5.12. If mVendPosition[1] is received True then,
- ER5.12a. VendMotor shall be commanded to STOP.
- ER5.12b. mVendMotor shall be set to STOP.
- ER5.13. If mVendPosition[8] is received True then,
- ER5.13a. VendMotor shall be commanded to STOP.
- ER5.13b. mVendMotor shall be set to STOP.
- ER5.14. If mVendPosition[WhichButton] is received True then,
- ER5.14a. VendMotor shall be commanded to STOP.
- ER5.14b. mVendMotor shall be set to STOP.
Time-Triggered Behaviors:
- R5.3. If mButton[s] is equal to True AND mCoinCount is
equal to SODACOST AND
mVendPosition[s] is equal to False AND mVend is equal to False, then
VendMotor shall be
commanded to AppropriateDirection.
- R5.4. If mButton[s] is equal to True AND mVendPosition[s]
is equal to True,
then VendMotor shall be commanded to STOP.
- R5.5. If (mVendPosition[s] is equal to 1 AND VendMotor is
commanded to LEFT) OR (mVendPosition[s]
is equal to 8 and VendMotor is commanded to RIGHT),
then VendMotor shall be commanded to STOP.
- R5.6. mVendMotor shall always be set to the current value
of VendMotor.
Time-Triggered Statechart:
Transition #
|
Guard
|
T5.1
|
mButton[s] ← TRUE
AND
mCointCount ← SODACOST AND
mVendPosition[s] ← False AND
mVend ← FALSE
|
| T5.2 |
(mVendButton[s] ← TRUE
AND
mVendPosition[s] ← TRUE)
OR
(mVendPositon[1] ← TRUE AND VendMotor ← LEFT)
OR
(mVendPosition[8] ← TRUE AND VendMotor ← RIGHT)
|
Requirements-to-Statecharts Traceability
|
Requirements
|
States
|
R5.3
|
R5.4
|
R5.5
|
R5.6
|
S5.1 IDLE
|
|
x
|
x
|
x
|
S5.2 MOVE
|
x
|
|
|
x
|
Transitions
|
|
|
|
|
T5.1
|
x
|
|
|
|
T5.2
|
|
x
|
x
|
|