commit cebf8c167a171f844e5bdefa7cd3ba4cc3409c4b Author: Dane Sabo Date: Thu Apr 16 16:24:11 2026 -0400 Initial umbrella repo: thesis + FRET pipeline + plant model with first controllers Folds three previously-separate pieces into one preliminary-example repo for the HAHACS thesis: - thesis/ (submodule) → gitea Thesis.git — the PhD proposal - fret-pipeline/ — FRET requirements to AIGER controller (was ~/Documents/fret_processing/; prior single-commit history abandoned per user decision) - plant-model/ — 10-state PKE + lumped T/H PWR model (was ~/Documents/PKE_Playground/; never version-controlled before) - presentations/2026DICE/ (submodule) → gitea 2026DICE.git - reachability/, hardware/ — empty placeholders for Thrust 3 and HIL - docs/architecture.md — how the discrete and continuous layers compose - claude_memory/ — session notes and scratch knowledge pattern Plant model refactored to thesis naming (x, plant, u, ref); pke_th_rhs now takes u as an explicit arg instead of reading rho_ext from the params struct. First two controllers built to the contract u = ctrl_(t, x, plant, ref): ctrl_null (baseline) and ctrl_operation (stabilizing, proportional on T_avg). Validated under a 100% -> 80% Q_sg step: ctrl_operation reduces steady-state T_avg drift ~47% vs. the unforced plant. Root CLAUDE.md emphasizes that CLAUDE.md files are living documents and that any knowledge not captured before a session ends is lost forever; claude_memory/ holds the session-level notes that haven't stabilized enough to graduate into a CLAUDE.md. Co-Authored-By: Claude Opus 4.7 (1M context) diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f11b9c1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,24 @@ +.DS_Store +__pycache__/ +*.pyc +.claude/ + +# LaTeX build artifacts (for anything built in-tree; thesis submodule handles its own) +*.aux +*.log +*.fls +*.fdb_latexmk +*.toc +*.bbl +*.blg +*.out +*.synctex.gz + +# MATLAB/Octave +*.asv +*.autosave +octave-workspace + +# editor scratch +*.swp +*~ diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..b1b46c4 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "thesis"] + path = thesis + url = ssh://git@gitea.danesabo.com:1738/danesabo/Thesis.git +[submodule "presentations/2026DICE"] + path = presentations/2026DICE + url = ssh://git@gitea.danesabo.com:1738/danesabo/2026DICE.git diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..68090fc --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,109 @@ +# CLAUDE.md + +Guidance for Claude Code (and any AI agent) working in this repository. + +## Living documentation — update these files + +**`CLAUDE.md` files are living.** This one and the ones in subdirectories. +When you learn something new about the system that a future agent would +benefit from, update the appropriate `CLAUDE.md` before the session ends. +**Context that exits a session uncaptured is lost forever** — treat this as +the single most important rule in this repo. + +**Where to write:** +- Stable, authoritative knowledge (architecture, conventions, interfaces, + design decisions) → the relevant `CLAUDE.md`. Root for cross-cutting; + subdirectory for layer-specific. +- Session-level findings, in-progress investigations, paths that didn't pan + out → `claude_memory/YYYY-MM-DD-topic.md`. See `claude_memory/README.md` + for the pattern. + +**When to write:** +- After a non-trivial debugging session (what broke, root cause, how you knew). +- After an architectural or structural decision (what we chose, what we + rejected, why). +- After discovering a non-obvious fact (subtle constraint, undocumented tool + behavior, counterintuitive data format). +- Before ending a session where you explored paths that didn't pan out — so + the next agent doesn't waste effort redoing them. + +Over time, session notes that stabilize get distilled up into the relevant +`CLAUDE.md`; the rest get archived or deleted. This is a discipline, not +automation — do the graduation explicitly when knowledge becomes authoritative. + +## What this is + +The preliminary example for the HAHACS thesis — a PWR startup controller +demonstrating the full pipeline from written operating procedures to verified +hybrid controller. This repo composes three layers of the same story: + +| Layer | Location | Role | Thesis mapping | +|---|---|---|---| +| Story | `thesis/` (submodule) | The PhD proposal: math, prose, claims | Motivates and defines the methodology | +| Discrete | `fret-pipeline/` | FRET requirements → LTL → ltlsynt → AIGER circuit → state machine | Implements Thrust 1 + 2 | +| Continuous | `plant-model/` | 10-state PKE + thermal-hydraulics PWR model (MATLAB/Octave) | Plant for Thrust 3 (reachability / barrier certs) | +| Verification | `reachability/` | Continuous-mode verification artifacts | Thrust 3 output — currently empty | +| Hardware | `hardware/` | Ovation HIL artifacts | Integration milestone — currently empty | +| Deliverables | `presentations/` | Conference papers and talks (submodules) | Dissemination | + +Running example: the `PWR_HYBRID_3` controller. The discrete automaton it +synthesizes is literally the state machine drawn in `thesis/3-research-approach/approach.tex` +Figure 1 (Cold Shutdown → Heatup → Power Operation, with SCRAM). + +## How changes flow + +1. **Requirement change.** Edit the FRET export (`fret-pipeline/pwr_hybrid_3.json`) + → run `fret-pipeline/scripts/fret_to_synth.py` → re-synthesize via + `synthesize.sh` → re-trace via `trace_aiger.py`. New `.svg` / `.dot` / + `.png` land in `fret-pipeline/diagrams/`. Copy the figure you want to cite + into `docs/figures/` so the thesis can pick it up. +2. **Plant change.** Edit `plant-model/pke_params.m` or dynamics in + `pke_th_rhs.m` → re-run `main.m` to verify behavior. Steady-state values + feed the `T_avg`, `P_crit` thresholds in the FRET requirements — if you + change them here, check the requirement predicates match. +3. **Verification work.** Continuous-mode verification (reachability, barrier + certificates) reads the guards from `fret-pipeline/specs/synthesis_config_v3.json` + and the dynamics from `plant-model/pke_th_rhs.m`. Results go in `reachability/`. +4. **Thesis edit.** `cd thesis && && git commit && git push origin main`, + then from the umbrella root: `git add thesis && git commit` to bump the + submodule pointer. + +## Where to look for what + +- Reactor physics, steady-state, ODE dynamics → `plant-model/` +- Controller synthesis, requirements, state machines → `fret-pipeline/` +- Research narrative, math, claims, citations → `thesis/` +- Shared figures (for the thesis or talks) → `docs/figures/` +- How the layers compose → `docs/architecture.md` + +## Submodule rituals + +- Fresh clone: `git clone && git submodule update --init --recursive` + (or `git clone --recurse-submodules `). Without this, `thesis/` and + `presentations/2026DICE/` are empty directories. +- Editing the thesis: `cd thesis && git checkout main` first — submodules + default to detached HEAD. Then edit, commit, push inside the submodule, + then `cd ..` and commit the new submodule pointer in the umbrella. +- Pulling upstream thesis changes: `cd thesis && git pull origin main`, then + commit the new pointer in the umbrella. + +## Conventions + +- FRET variables: `control_ = q_` for modes; everything else is + an environment input. See `fret-pipeline/README.md` for the full naming rule. +- Plant model units: internal SI (W, kg, °C); printed/plotted in °F. +- Continuous state vector: `y = [n; C1..C6; T_f; T_c; T_cold]`. Guards in + FRET should reference the algebraic outputs (`T_hot`, `T_avg`) or direct + states, not derived quantities. +- `Q_sg(t)` is the bounded disturbance — never treat `T_cold` as an input. + +## What's deliberately missing (so you don't go looking) + +- LTL-to-Stateflow translator — there's a known pain point in the thesis + workflow where AIGER circuits still need to become Stateflow. Not yet + automated. Current path: generate AIGER → eyeball the state machine + diagram → hand-translate to Stateflow. Roadmapped. +- Hardware bring-up (Ovation DCS) — scheduled for the integration thrust. + `hardware/` is a placeholder. +- Continuous-mode verification — `reachability/` is empty. Choice of tool + (CORA / Flow* / SpaceEx / JuliaReach) still pending. diff --git a/README.md b/README.md new file mode 100644 index 0000000..62bc8ee --- /dev/null +++ b/README.md @@ -0,0 +1,71 @@ +# pwr-hybrid-3-demo + +Preliminary example for the HAHACS thesis — a verified hybrid controller for +a small modular PWR startup. Composes three layers into one demonstrable +pipeline: + +- **Discrete layer** (`fret-pipeline/`): FRET natural-language requirements + → LTL → synthesized AIGER controller → state-machine diagram. +- **Continuous layer** (`plant-model/`): 10-state point kinetic equation + + thermal-hydraulics PWR model with bounded steam-generator heat removal as + the disturbance input. +- **Research context** (`thesis/`): the HAHACS PhD proposal that motivates + and formalizes the methodology. + +## Layout + +``` +pwr-hybrid-3-demo/ + CLAUDE.md AI-facing context and architecture map + docs/ + architecture.md How the discrete and continuous layers compose + figures/ Shared figures for thesis + talks + fret-pipeline/ FRET → ltlsynt → AIGER → state machine + plant-model/ PWR point kinetics + thermal-hydraulics + reachability/ Continuous-mode verification (TBD) + hardware/ Ovation HIL artifacts (TBD) + thesis/ [submodule] PhD proposal + presentations/ + 2026DICE/ [submodule] DICE 2026 abstract +``` + +## Quickstart + +Clone with submodules: + +```bash +git clone --recurse-submodules +cd pwr-hybrid-3-demo +``` + +Run the controller synthesis pipeline: + +```bash +cd fret-pipeline +python3 scripts/fret_to_synth.py pwr_hybrid_3.json specs/synthesis_config_v3.json +bash scripts/synthesize.sh specs/synthesis_config_v3.json circuits +python3 scripts/trace_aiger.py circuits/PWR_HYBRID_3_DRC.aag diagrams +dot -Tpng diagrams/PWR_HYBRID_3_DRC_states.dot -o diagrams/PWR_HYBRID_3_DRC_states.png +``` + +Run the plant model (MATLAB or GNU Octave in `plant-model/`): + +```matlab +main +``` + +## Prerequisites + +- Python 3.10+ +- [Spot](https://spot.lre.epita.fr/) for `ltlsynt` (`brew install spot`) +- [Graphviz](https://graphviz.org/) for `dot` (`brew install graphviz`) +- MATLAB or GNU Octave for the plant model +- LaTeX (via `latexmk`) for the thesis submodule + +## Further reading + +- `CLAUDE.md` — orientation for AI agents working in this repo +- `docs/architecture.md` — how the layers compose +- `thesis/CLAUDE.md` — the thesis project structure +- `fret-pipeline/README.md` — FRET naming conventions and pipeline details +- `plant-model/README.md` — scenario setup and model equations diff --git a/claude_memory/2026-04-16-controllers-roughout.md b/claude_memory/2026-04-16-controllers-roughout.md new file mode 100644 index 0000000..6c5c940 --- /dev/null +++ b/claude_memory/2026-04-16-controllers-roughout.md @@ -0,0 +1,112 @@ +# 2026-04-16 — controllers scaffold and ctrl_operation rough-out + +First continuous controller. Established the controller contract, refactored +the plant to thesis naming, and got a closed-loop sim running end-to-end +with a meaningful comparison against the unforced baseline. + +## Naming convention (locked in) + +Thesis-aligned. Applied to plant and controllers: + +- `t` — time +- `x` — continuous state vector `[n; C1..C6; T_f; T_c; T_cold]` +- `plant` — params struct (was `p`; renamed to avoid collision with `p_i` + predicates from the thesis) +- `u` — control input: external rod reactivity (scalar, `dk/k`) +- `ref` — reference/setpoint struct (e.g. `ref.T_avg`) +- `Q_sg` — bounded disturbance (SG heat removal, `W`), a function handle + of time + +Captured in `plant-model/CLAUDE.md` under "Naming convention" — any future +file in `plant-model/` or `controllers/` uses these names. + +## Controller contract + +```matlab +u = ctrl_(t, x, plant, ref) +``` + +Pure function. Returns scalar `u`. All four args required even if unused +(so `pke_solver` can swap controllers by function handle without branching). + +## Plant refactor + +Four files touched. Non-cosmetic changes: + +- `pke_th_rhs.m` now takes `u` as an **explicit argument** instead of + reading `p.rho_ext(t)` from the params struct. This decouples plant from + controller and matches the thesis's `f(x, u)` form. Old `rho_ext` field + on the params struct is gone. +- `pke_solver.m` signature changed: + `[t, X, U] = pke_solver(plant, Q_sg, ctrl_fn, ref, tspan)`. + Returns `U` (the control trajectory), reconstructed post-hoc by + re-evaluating `ctrl_fn` at each returned time step. +- `plot_pke_results.m` takes `(t, X, U, plant, Q_sg, title)` — reactivity + panel now shows `u`, feedback, and total separately rather than relying on + a `p.rho_ext` handle. +- `pke_initial_conditions.m` trivial rename `p → plant`, output `x0`. + +## ctrl_operation + +Proportional-only for now. `Kp = 1e-4 /K`, chosen to roughly double the +effective moderator coefficient (`alpha_c ≈ -1e-4 /K`). Not tuned for +precision — this is rough-out. PI upgrade would require augmenting state +with integral error; deferred until we actually need tighter tracking. + +**Validation run** (100% → 80% Q_sg step at t=30s, 600s horizon): + +| Metric | ctrl_null | ctrl_operation | +|---|---|---| +| Final T_avg drift from setpoint | +1.5 °F | +0.8 °F | +| Final `u` | 0 $ | -0.0068 $ | +| Final power | 800 MW ✓ | 800 MW ✓ | + +Sign polarity: T_avg > ref → e < 0 → u < 0 (rods in). Correct for a PWR. +Controller reduces steady-state offset by ~47%. Expected result — gain is +modest; the point is the plumbing works, not that the tuning is final. + +## What's deferred (on purpose) + +- **Integral action in ctrl_operation.** P-only for now. If we want to hit + `ref.T_avg` exactly (zero steady-state error), augment state with + `int_e` and upgrade to PI. +- **Gain config.** Gains hardcoded in the controller file. Fine for one + mode; once we tune 3–4 modes we should lift to a `ctrl_params.m` or + similar. +- **Mode dispatcher.** No `ctrl_dispatch.m` yet because there's only one + real controller. Will introduce when we add the second mode and need to + switch based on discrete state. +- **ctrl_heatup, ctrl_scram, ctrl_shutdown.** Next. Each is a separate + design problem with its own verification method (reachability, parametric + reach, trivial). +- **Invariants and `X_safe` regions.** User explicitly said: rough out + controllers first, then come back to invariants. Per the thesis, we're + not trying to verify the whole hybrid system at once — one mode's reach + set at a time. + +## Things worth remembering + +- `addpath('controllers')` is required in `main.m` — MATLAB won't find + `@ctrl_operation` otherwise. Putting controllers in a subfolder is + ergonomically clean but the path has to be set. +- `U` is reconstructed post-hoc in `pke_solver`. If a future controller + has hysteresis or switching behavior, this reconstruction may not match + the ODE's internal trajectory (the solver might have evaluated `ctrl_fn` + at interior points that don't appear in the returned `t`). For smooth + controllers (P, PI) this is fine; for event-driven / hybrid controllers + we'll need to log `u` during the solve instead. +- MATLAB `-batch` mode runs `main.m` cleanly without a display — figures + are created off-screen but the script completes. Good for CI or sanity + checks without opening the IDE. +- `T_avg` is literally `T_c` in the state vector (`x(9)`). Don't let the + two names confuse future debugging — `T_avg` is the nuclear-industry term, + `T_c` is the code variable, they're the same quantity. + +## Paths touched + +- Modified: `plant-model/pke_th_rhs.m`, `pke_solver.m`, + `pke_initial_conditions.m`, `plot_pke_results.m`, `main.m`, `README.md`, + `CLAUDE.md` +- Created: `plant-model/controllers/ctrl_null.m`, + `plant-model/controllers/ctrl_operation.m` +- Nothing outside `plant-model/` was touched this session. diff --git a/claude_memory/2026-04-16-repo-restructure.md b/claude_memory/2026-04-16-repo-restructure.md new file mode 100644 index 0000000..17cae0c --- /dev/null +++ b/claude_memory/2026-04-16-repo-restructure.md @@ -0,0 +1,94 @@ +# 2026-04-16 — repo restructure + +Folded three previously-separate pieces into this umbrella repo. Created the +initial layout, the root `CLAUDE.md`, `README.md`, `docs/architecture.md`, +and `fret-pipeline/CLAUDE.md`. + +## What we did + +- Created `~/Documents/pwr-hybrid-3-demo/` as the umbrella repo (`git init`, + `main` branch, not yet pushed to any remote). +- Copied `~/Documents/fret_processing/` → `fret-pipeline/` via `rsync` + excluding `.git`, `.DS_Store`, `.claude`, `__pycache__`. **Git history + abandoned by explicit user decision** — the old single-commit history did + not carry forward. +- Copied `~/Documents/PKE_Playground/` → `plant-model/` via `rsync`. Never + was a git repo; nothing to abandon. +- Added `thesis/` as a submodule pointing at + `ssh://git@gitea.danesabo.com:1738/danesabo/Thesis.git` (also has GitHub + mirror at `namelessfaceless/dissertation`). +- Added `presentations/2026DICE/` as a submodule pointing at + `ssh://git@gitea.danesabo.com:1738/danesabo/2026DICE.git`. +- Created empty placeholders: `reachability/`, `hardware/`, `docs/figures/`. + +## What we decided and why + +- **Monorepo with thesis as a submodule, not the reverse.** Code iterates + daily, thesis weekly. A slow parent with fast children is painful; a fast + parent pointing at a slow submodule matches the actual cadence. Also + preserves the thesis's independent git history for advisor/committee use. +- **Copy, not move.** Old `~/Documents/fret_processing/` and + `~/Documents/PKE_Playground/` still exist. User will delete them later; + this gives a safe rollback window. +- **Folder renames:** `fret_processing` → `fret-pipeline` (more accurate — + it's a pipeline, not a processing step), `PKE_Playground` → `plant-model` + (describes function not content). Both switched to hyphens for consistency. +- **No `git init` on `PKE_Playground` before the move** — user said to skip + it and fold in clean. +- **Used `git submodule add`, not `git subtree`.** Submodule pain + acknowledged (detached HEAD, two-step commits, `--recurse-submodules` on + clone) but accepted in exchange for preserving the thesis's independent + git life. Revisit if pain outweighs benefit. + +## Things that surprised us / are worth remembering + +- The thesis's Figure 1 (Cold Shutdown → Heatup → Power Operation + SCRAM) + and the `fret-pipeline/` running example `PWR_HYBRID_3` are the same + automaton. This is the integration point — the figure should eventually + be swapped from hand-drawn TikZ to `\includegraphics` of a generated + state-machine PNG. +- The plant model's state vector `[n; C1..C6; T_f; T_c; T_cold]` exposes + exactly the quantities the FRET predicates reference (`T_avg = T_c`, + `T_hot = 2*T_c - T_cold`). The two layers are already semantically + aligned; nobody wired them because they were in different folders. +- `Q_sg(t)` is the physical input, not `T_cold`. Cold leg temperature is a + dynamic state that *results from* SG heat removal. This matters for the + reachability/barrier-cert formulation where `Q_sg ∈ [Q_min, Q_max]` is + the bounded disturbance. +- `fret_to_synth.py` adds a mutual-exclusion LTL constraint because + decomposing `control_mode = q_X` into independent booleans lets the + synthesizer assert multiple modes simultaneously. **This is a synthesis + encoding artifact, not a missing FRET requirement.** Do not add it in + FRET. + +## Open items (for future sessions) + +- **`presentations/2026DICE/` submodule reflects gitea HEAD, not user's + local state.** The original `~/Documents/Writing/2026DICE/` had + uncommitted changes: `M DANE_SABO_ABSTRACT.pages` plus three untracked + PDFs (`DANE_SABO.pdf`, `DANE_SABO_ABSTRACT.pdf`, `DANE_SABO_ABSTRACT_V2.pdf`, + `DANE_SABO_ABSTRACT_V3.pdf`). If user wants these in the submodule, commit + from the original location, push to gitea, then from umbrella: + `cd presentations/2026DICE && git pull` and commit the new pointer. +- **Old folders not yet deleted.** `~/Documents/fret_processing/` and + `~/Documents/PKE_Playground/` still live at their old paths. Delete when + user confirms the umbrella is working. +- **No initial commit yet.** Everything is staged but uncommitted. User + wanted to review the four new docs before committing. +- **No remote yet.** Need to create `gitea.danesabo.com/danesabo/pwr-hybrid-3-demo` + and `git remote add origin` + push. +- **`fret-pipeline/README.md` still says `fret_processing/` in its directory + structure section.** Didn't update — it's a minor inconsistency but worth + fixing on the next pass. +- **No bridge between discrete and continuous layers yet.** The whole point + of the umbrella is to eventually wire them — `reachability/` is where + that work lands. Not started. + +## Paths touched + +- Created: `/Users/danesabo/Documents/pwr-hybrid-3-demo/` (entire tree) +- Untouched: `/Users/danesabo/Documents/fret_processing/`, + `/Users/danesabo/Documents/PKE_Playground/`, + `/Users/danesabo/Documents/Writing/Thesis/`, + `/Users/danesabo/Documents/Writing/2026DICE/` — all still present, + unchanged. diff --git a/claude_memory/2026-04-16-session-wrap.md b/claude_memory/2026-04-16-session-wrap.md new file mode 100644 index 0000000..373226a --- /dev/null +++ b/claude_memory/2026-04-16-session-wrap.md @@ -0,0 +1,53 @@ +# 2026-04-16 — session wrap, switching to nvim + +Short capstone note. The substantive work is captured in two earlier notes +from today: + +- `2026-04-16-repo-restructure.md` — umbrella repo created, submodules wired, + CLAUDE.md / README / architecture docs written, claude_memory/ pattern + established. +- `2026-04-16-controllers-roughout.md` — plant refactored to thesis naming, + controller contract locked, `ctrl_null` and `ctrl_operation` built, + validated live in MATLAB (ctrl_operation cuts T_avg drift by ~47% under + a 100%→80% Q_sg step). + +Both notes have the full paths-touched lists. + +## Last-minute adds + +- **MATLAB terminal invocation (from `plant-model/CLAUDE.md`):** + `matlab -nodesktop -nosplash -r "main"` — runs from the terminal, figures + open in their own windows, drops at `>>` prompt. Use `-batch "main"` for + headless CI-style checks (no figures shown), or `matlab -r "main" &` to + launch the full IDE backgrounded. +- **MATLAB version:** R2025b installed at + `/Applications/MATLAB_R2025b.app/bin/matlab`. Octave not installed. +- **One-time gotcha fixed at wrap:** my earlier Write of the thesis-aligned + `plant-model/CLAUDE.md` silently didn't persist (tool reported success + but the file held the pre-refactor content on re-Read). Rewrote it at + wrap time. If this recurs, verify with `Read` after any `Write` on an + existing file, not just trust the tool's success message. + +## Repo state at wrap + +- Initial commit made: see `git log --oneline` in + `~/Documents/pwr-hybrid-3-demo/`. +- Submodules at: `thesis/` @ gitea main tip, `presentations/2026DICE/` @ + gitea main tip (note: original `~/Documents/Writing/2026DICE/` still has + uncommitted local edits that were NOT pulled into the submodule — user + was warned earlier and deferred). +- Old folders `~/Documents/fret_processing/` and + `~/Documents/PKE_Playground/` still exist untouched. Delete whenever + user is confident the umbrella is right. +- No remote yet for the umbrella repo. Will need to create + `gitea.danesabo.com/danesabo/pwr-hybrid-3-demo` and `git remote add origin` + + push when user is ready. + +## What's on deck (for the next session, whichever agent) + +Per the controllers rough-out note: knock out `ctrl_shutdown` (one line), +`ctrl_scram` (a few lines + uncertainty later), then `ctrl_heatup` (the +interesting transitory one — ramp + temperature tracking). Invariants and +`X_safe` regions come after, explicitly deferred by the user. Do not try +to verify the whole hybrid system at once — pick one mode, discharge its +reach-set obligation, move on. diff --git a/claude_memory/README.md b/claude_memory/README.md new file mode 100644 index 0000000..c2114fd --- /dev/null +++ b/claude_memory/README.md @@ -0,0 +1,39 @@ +# claude_memory/ + +Session notes and scratch knowledge that hasn't (yet) earned a place in a +`CLAUDE.md`. **Anything that leaves a context window uncaptured is lost +forever** — this folder exists so session-level insight doesn't evaporate. + +## Purpose + +A Claude context window is finite. Anything an agent figures out in a session +that isn't written down is gone when the session ends. The curated +`CLAUDE.md` files hold stable, authoritative knowledge; this folder holds +everything else that's still worth remembering. + +## Pattern + +- One file per session with non-trivial insight. +- Filename: `YYYY-MM-DD-short-topic.md`. Date first so `ls` is chronological. +- Freeform. Rough edges encouraged. Don't polish — capture. +- At minimum, answer: *what did we do, what did we decide, what surprised + us, what's still open.* +- Cross-reference files you edited, alternatives you considered, dead-ends + you hit. + +## What graduates vs. what stays + +Three futures for a note in here: + +1. **Graduates up** into a `CLAUDE.md` (or `docs/architecture.md`, or a + code comment) when the knowledge stabilizes and becomes authoritative. + After graduating, consider deleting the note or leaving it as historical + context. +2. **Stays here** as historical context — useful for "why did we do X last + month?" or "what have we already tried?" +3. **Gets deleted** when it's no longer relevant (a fixed bug, an abandoned + approach, a stale investigation). + +The graduation step is a discipline, not automation. When you're finishing a +session and think "a future agent needs this to avoid re-discovering it," +ask: is this stable enough for a `CLAUDE.md`, or is it still forming? diff --git a/docs/architecture.md b/docs/architecture.md new file mode 100644 index 0000000..af1cc66 --- /dev/null +++ b/docs/architecture.md @@ -0,0 +1,94 @@ +# Architecture — how the layers compose + +This is the integration guide. Each subdirectory has its own docs for internal +detail; this file explains the interfaces between them. + +## The three layers of a hybrid controller + +The HAHACS methodology (see `thesis/3-research-approach/approach.tex`) splits +verification into two decoupled problems: + +1. **Discrete layer** — proves that mode switching is correct given guard + predicates on the continuous state. Handled by reactive synthesis of an + AIGER circuit from LTL specifications. Lives in `fret-pipeline/`. +2. **Continuous layer** — proves that each continuous controller (one per + discrete mode) satisfies its entry/exit/safety obligations. Handled by + reachability analysis (transitory modes) or barrier certificates + (stabilizing modes). Lives in `plant-model/` (dynamics) and `reachability/` + (verification, TBD). + +The interface between them is a small set of predicates over the continuous +state: the guards `G` that transition between modes, and the invariants `Inv` +that the continuous mode must maintain. + +## Interface: predicates bridging discrete and continuous + +FRET variables of the form `control_ = q_` define the discrete +state space. Everything else in the FRET export is treated as a boolean +environment input. Real plant quantities are continuous, so the boolean +environment inputs are *abstractions* of continuous predicates. + +For the PWR_HYBRID_3 example, representative predicates: + +| FRET input | Continuous predicate | Plant-model source | +|---|---|---| +| `t_avg_above_min` | `T_avg > T_min` (where `T_avg = T_c`) | `pke_th_rhs.m` state `T_c` | +| `t_max_exceeded` | `T_hot > T_max` (where `T_hot = 2*T_c - T_cold`) | algebraic output | +| `inv1_holds` | domain-specific safety invariant | combine from states | +| `manual_reset` | operator input | exogenous | + +The continuous controller is responsible for driving `T_avg`, `T_hot`, `n`, etc. +so the predicates hold (or don't hold) at the right times. The discrete +controller is responsible for choosing the correct mode given the predicate +truth values. + +## Data flow + +``` +Written procedure + | + v (manual encoding in FRET GUI) +FRET JSON export <---- fret-pipeline/pwr_hybrid_3.json + | + v (fret_to_synth.py) +Synthesis config JSON <---- fret-pipeline/specs/synthesis_config_v3.json + | (LTL + mode groups + mutex constraints + inputs/outputs) + | + v (synthesize.sh -> ltlsynt) +AIGER circuit <---- fret-pipeline/circuits/*.aag + | + v (trace_aiger.py) +State machine DOT/SVG/PNG <---- fret-pipeline/diagrams/* + | + v (eyeball / future automation) +Stateflow model <---- TBD; known pain point in workflow + + Continuous side, in parallel: + plant-model/main.m defines Q_sg(t) + plant-model/pke_solver.m runs ode15s + plant-model/plot_pke_results.m visualizes + reachability/ (empty) will verify each + continuous mode against the guards from + synthesis_config_v3.json +``` + +## Current integration state + +- Discrete synthesis: **works end-to-end.** `pwr_hybrid_3.json` synthesizes + to `PWR_HYBRID_3_DRC.aag` and traces to a state-machine diagram. +- Continuous simulation: **works end-to-end.** The PKE model runs + load-following transients driven by `Q_sg(t)`. +- Cross-layer check: **not yet wired.** Nothing currently proves that the + continuous dynamics in `plant-model/` satisfies the guards assumed by + `fret-pipeline/`. That is the next piece (`reachability/`). +- Thesis integration: **loose.** Thesis currently uses a hand-drawn TikZ + figure for the reactor automaton. Once the pipeline output stabilizes, + swap it for an `\includegraphics` of the generated `.png` from + `docs/figures/`. + +## Open questions tracked elsewhere + +The thesis CLAUDE.md enumerates open technical questions (numerical barriers, +timing verification, partial observability). When those get resolved in the +proposal, the implementation lands in this repo — usually as a new +subdirectory or as additions to an existing one. diff --git a/fret-pipeline/.archive/abstract_lpc.py b/fret-pipeline/.archive/abstract_lpc.py new file mode 100644 index 0000000..2634161 --- /dev/null +++ b/fret-pipeline/.archive/abstract_lpc.py @@ -0,0 +1,195 @@ +#!/usr/bin/env python3 +"""Abstract the LPC spec into boolean LTL for reactive synthesis. + +The LPC spec uses real-valued variables (kias/kgs) and enumerated modes. +This script creates a boolean abstraction suitable for ltlsynt. + +Speed regions (kias = kgs, so one variable): + A: speed <= 20 (hover zone) + B: 20 < speed <= 30 + C: 30 < speed <= 40 + D: 40 < speed <= 90 + E: 90 < speed <= 100 + F: speed > 100 + +Modes (lift_mode): + tb: thrust_borne + stb: semi_thrust_borne + swb: semi_wing_borne + wb: wing_borne + +The environment controls speed (within adjacency constraints). +The controller chooses the mode. +""" + +import json +from pathlib import Path + + +def build_lpc_spec(): + regions = ['a', 'b', 'c', 'd', 'e', 'f'] + modes = ['tb', 'stb', 'swb', 'wb'] + + # Helper: exactly one of a list is true + def exactly_one(vars): + # At least one + at_least = ' | '.join(vars) + # At most one (pairwise exclusion) + pairs = [] + for i in range(len(vars)): + for j in range(i + 1, len(vars)): + pairs.append(f'(!{vars[i]} | !{vars[j]})') + at_most = ' & '.join(pairs) + return f'({at_least}) & {at_most}' + + region_vars = [f'r_{r}' for r in regions] + mode_vars = [f'm_{m}' for m in modes] + + # === ENVIRONMENT ASSUMPTIONS === + assumptions = [] + + # Exactly one speed region (always) + assumptions.append(f'G({exactly_one(region_vars)})') + + # Initial speed: region F (kias = 120 > 100) + assumptions.append('r_f') + + # Speed adjacency: can only move to adjacent region per tick + # (from the derivative constraint: |delta kias| <= 10 per tick) + adjacency = { + 'r_a': ['r_a', 'r_b'], + 'r_b': ['r_a', 'r_b', 'r_c'], + 'r_c': ['r_b', 'r_c', 'r_d'], + 'r_d': ['r_c', 'r_d', 'r_e'], + 'r_e': ['r_d', 'r_e', 'r_f'], + 'r_f': ['r_e', 'r_f'], + } + for region, neighbors in adjacency.items(): + next_options = ' | '.join(f'X({n})' for n in neighbors) + assumptions.append(f'G({region} -> ({next_options}))') + + # hover_control_mode <=> speed <= 20 (region A) + # We absorb hover into r_a directly in the guarantees + + # === CONTROLLER GUARANTEES === + guarantees = [] + + # Exactly one mode (always) + guarantees.append(f'G({exactly_one(mode_vars)})') + + # Initial mode: wing_borne (since kias = 120 >= 90) + # LPC_INIT_LIFT_MODE: lift_mode = wb <=> kias >= 90, and kias = 120 + guarantees.append('m_wb') + + # === MODE TRANSITIONS (from FRET requirements) === + + # LPC_WB_STAY_ON_NEXT: While wb & kias > 90 -> next wb + # kias > 90 means region E or F + guarantees.append('G((m_wb & (r_e | r_f)) -> X(m_wb))') + + # LPC_WB_TO_SWB: Upon wb & kias <= 90 -> next swb + # kias <= 90 means region A-D + guarantees.append('G((m_wb & (r_a | r_b | r_c | r_d)) -> X(m_swb))') + + # LPC_SWB_STAY_ON_NEXT: While swb & kias <= 100 & kias > 30 -> next swb + # 30 < kias <= 100 means region D or E + guarantees.append('G((m_swb & (r_d | r_e)) -> X(m_swb))') + + # LPC_SWB_TO_WB: Upon swb & kias > 100 -> next wb + # kias > 100 means region F + guarantees.append('G((m_swb & r_f) -> X(m_wb))') + + # LPC_SWB_TO_STB: Upon swb & kias <= 30 -> next stb + # kias <= 30 means region A or B + guarantees.append('G((m_swb & (r_a | r_b)) -> X(m_stb))') + + # LPC_STB_STAY_ON_NEXT: While stb & kias <= 40 & (kgs > 20 | !hover) + # kias <= 40 means region A-C; kgs > 20 | !hover means NOT region A + # So: stb & (region B or C) -> next stb + guarantees.append('G((m_stb & (r_b | r_c)) -> X(m_stb))') + + # LPC_STB_TO_SWB: Upon stb & kias > 40 -> next swb + # kias > 40 means region D-F + guarantees.append('G((m_stb & (r_d | r_e | r_f)) -> X(m_swb))') + + # LPC_STB_TO_TB: Upon stb & hover & kgs <= 20 -> next tb + # hover & kgs <= 20 means region A + guarantees.append('G((m_stb & r_a) -> X(m_tb))') + + # LPC_TB_STAY_ON_NEXT: While tb & kgs <= 20 & hover -> next tb + # region A + guarantees.append('G((m_tb & r_a) -> X(m_tb))') + + # LPC_TB_TO_STB: Upon tb & (!hover | kgs > 20) -> next stb + # NOT region A + guarantees.append('G((m_tb & (r_b | r_c | r_d | r_e | r_f)) -> X(m_tb | m_stb))') + # Wait, the original says -> next stb. Let me fix: + # Actually: Upon tb & (!hover | kgs > 20) -> next stb + # !hover | kgs > 20 means NOT in region A + guarantees[-1] = 'G((m_tb & !r_a) -> X(m_stb))' + + # Note: we skip LPC_REACH_HOVER_06 and _12 (bounded temporal F[0,n]) + # ltlsynt doesn't support bounded-F natively + + # === BUILD FORMULA === + # assume-guarantee: assumptions -> guarantees + assume_str = ' & '.join(f'({a})' for a in assumptions) + guarantee_str = ' & '.join(f'({g})' for g in guarantees) + formula = f'({assume_str}) -> ({guarantee_str})' + + inputs = region_vars + outputs = mode_vars + + return { + '_comment': 'Boolean abstraction of LPC lift-mode controller. Assumes -> Guarantees form.', + 'spec_name': 'LPC_mini', + 'source_file': 'specs/LPC_mini_reqts_and_vars.json', + 'inputs': inputs, + 'outputs': outputs, + 'assumptions': assumptions, + 'guarantees': guarantees, + 'conjoined_ltl': formula, + 'abstraction_notes': { + 'speed_regions': { + 'r_a': 'speed <= 20 (hover zone)', + 'r_b': '20 < speed <= 30', + 'r_c': '30 < speed <= 40', + 'r_d': '40 < speed <= 90', + 'r_e': '90 < speed <= 100', + 'r_f': 'speed > 100', + }, + 'modes': { + 'm_tb': 'thrust_borne', + 'm_stb': 'semi_thrust_borne', + 'm_swb': 'semi_wing_borne', + 'm_wb': 'wing_borne', + }, + 'skipped_requirements': [ + 'LPC_REACH_HOVER_06 (bounded temporal F[0,6])', + 'LPC_REACH_HOVER_12 (bounded temporal F[0,12])', + 'LPC_KIAS_DERIVATIVE (absorbed into adjacency constraint)', + 'LPC_KIAS_KGS (absorbed - single speed variable)', + 'LPC_INIT_KIAS (absorbed into initial region)', + 'LPC_KIAS_0 (trivially satisfied)', + 'LPC_INIT_HOVER_MODE (absorbed - hover = region A)', + ], + }, + } + + +if __name__ == '__main__': + config = build_lpc_spec() + out = Path('specs/lpc_synthesis_config.json') + out.write_text(json.dumps(config, indent=2) + '\n') + + print(f'LPC Boolean Abstraction') + print(f'Inputs ({len(config["inputs"])}): {", ".join(config["inputs"])}') + print(f'Outputs ({len(config["outputs"])}): {", ".join(config["outputs"])}') + print(f'\nAssumptions ({len(config["assumptions"])}):') + for a in config['assumptions']: + print(f' {a}') + print(f'\nGuarantees ({len(config["guarantees"])}):') + for g in config['guarantees']: + print(f' {g}') + print(f'\nSkipped: {len(config["abstraction_notes"]["skipped_requirements"])} requirements') + print(f'Config written to: {out}') diff --git a/fret-pipeline/.archive/circuits/LPC_mini.aag b/fret-pipeline/.archive/circuits/LPC_mini.aag new file mode 100644 index 0000000..9442ec3 --- /dev/null +++ b/fret-pipeline/.archive/circuits/LPC_mini.aag @@ -0,0 +1,258 @@ +aag 243 6 4 4 233 +2 +4 +6 +8 +10 +12 +14 294 +16 327 +18 358 +20 486 +69 +137 +205 +240 +22 19 21 +24 17 22 +26 15 24 +28 12 26 +30 11 28 +32 16 22 +34 14 32 +36 13 34 +38 11 36 +40 8 38 +42 9 30 +44 41 43 +46 7 45 +48 13 26 +50 11 48 +52 9 50 +54 7 52 +56 2 54 +58 3 46 +60 57 59 +62 3 54 +64 4 62 +66 5 61 +68 65 67 +70 18 21 +72 16 70 +74 17 70 +76 14 74 +78 15 72 +80 77 79 +82 12 81 +84 14 70 +86 79 85 +88 13 87 +90 10 88 +92 11 82 +94 91 93 +96 13 84 +98 11 96 +100 8 98 +102 9 95 +104 101 103 +106 14 72 +108 13 106 +110 11 108 +112 9 110 +114 6 112 +116 7 105 +118 115 117 +120 3 119 +122 13 78 +124 11 122 +126 9 124 +128 7 126 +130 3 128 +132 4 130 +134 5 120 +136 133 135 +138 14 24 +140 15 32 +142 139 141 +144 12 143 +146 15 74 +148 139 147 +150 13 149 +152 10 150 +154 11 144 +156 153 155 +158 13 146 +160 11 158 +162 8 160 +164 9 157 +166 163 165 +168 9 160 +170 6 168 +172 7 167 +174 171 173 +176 13 140 +178 11 176 +180 9 178 +182 7 180 +184 2 182 +186 3 175 +188 185 187 +190 13 143 +192 11 190 +194 9 192 +196 7 194 +198 3 196 +200 4 198 +202 5 189 +204 201 203 +206 12 34 +208 10 36 +210 11 206 +212 209 211 +214 19 20 +216 17 214 +218 15 216 +220 13 218 +222 11 220 +224 8 222 +226 9 213 +228 225 227 +230 9 222 +232 6 230 +234 7 229 +236 233 235 +238 3 237 +240 5 238 +242 16 21 +244 25 243 +246 17 21 +248 14 246 +250 15 245 +252 249 251 +254 12 253 +256 14 21 +258 15 70 +260 257 259 +262 13 261 +264 10 262 +266 11 254 +268 265 267 +270 71 215 +272 17 271 +274 15 272 +276 85 275 +278 13 277 +280 11 278 +282 8 280 +284 9 269 +286 283 285 +288 7 287 +290 171 289 +292 3 291 +294 5 292 +296 153 211 +298 9 297 +300 283 299 +302 7 301 +304 171 303 +306 3 305 +308 15 242 +310 139 309 +312 13 311 +314 11 312 +316 9 314 +318 7 316 +320 3 318 +322 4 320 +324 5 306 +326 323 325 +328 75 243 +330 14 329 +332 79 331 +334 13 333 +336 10 334 +338 211 337 +340 275 331 +342 13 341 +344 11 342 +346 8 344 +348 9 339 +350 347 349 +352 7 351 +354 171 353 +356 3 355 +358 5 356 +360 3 5 +362 7 9 +364 11 12 +366 15 16 +368 360 362 +370 364 366 +372 368 370 +374 14 17 +376 364 374 +378 368 376 +380 22 360 +382 362 364 +384 380 382 +386 10 13 +388 14 360 +390 362 386 +392 388 390 +394 18 360 +396 390 394 +398 7 8 +400 11 13 +402 14 16 +404 360 398 +406 400 402 +408 404 406 +410 17 18 +412 400 410 +414 404 412 +416 20 360 +418 398 400 +420 416 418 +422 6 9 +424 15 410 +426 360 400 +428 422 424 +430 426 428 +432 2 5 +434 15 22 +436 362 400 +438 432 434 +440 436 438 +442 3 4 +444 362 366 +446 400 442 +448 444 446 +450 24 362 +452 446 450 +454 14 20 +456 16 20 +458 18 20 +460 373 379 +462 385 393 +464 397 409 +466 415 421 +468 431 441 +470 449 453 +472 455 457 +474 459 460 +476 462 464 +478 466 468 +480 470 472 +482 474 476 +484 478 480 +486 482 484 +i0 r_f +i1 r_e +i2 r_a +i3 r_b +i4 r_c +i5 r_d +o0 m_wb +o1 m_stb +o2 m_swb +o3 m_tb diff --git a/fret-pipeline/.archive/circuits/PWR_Hybrid_DRC.aag b/fret-pipeline/.archive/circuits/PWR_Hybrid_DRC.aag new file mode 100644 index 0000000..a72e9f6 --- /dev/null +++ b/fret-pipeline/.archive/circuits/PWR_Hybrid_DRC.aag @@ -0,0 +1,37 @@ +aag 22 4 2 5 16 +2 +4 +6 +8 +10 42 +12 45 +14 +18 +32 +0 +1 +14 11 13 +16 10 12 +18 15 17 +20 3 7 +22 13 20 +24 3 5 +26 9 13 +28 24 26 +30 11 23 +32 29 30 +34 14 20 +36 9 14 +38 24 36 +40 17 35 +42 39 40 +44 35 39 +i0 t_max_exceeded +i1 t_dot_exceeded +i2 startup +i3 t_power_min +o0 cold_shutdown +o1 scram +o2 heatup +o3 op_mode +o4 load_follow diff --git a/fret-pipeline/.archive/diagrams/DRC_state_machine.dot b/fret-pipeline/.archive/diagrams/DRC_state_machine.dot new file mode 100644 index 0000000..d36c99c --- /dev/null +++ b/fret-pipeline/.archive/diagrams/DRC_state_machine.dot @@ -0,0 +1,18 @@ +digraph DRC_Controller { + rankdir=LR; + node [shape=circle, style=filled, fontname="Helvetica"]; + edge [fontname="Helvetica", fontsize=10]; + + s00 [label="S(0,0)\nColdShut+Heatup+LoadFollow\nColdShut+LoadFollow", fillcolor=lightblue]; + s01 [label="S(0,1)\nSCRAM+Heatup+LoadFollow", fillcolor=lightgreen]; + s10 [label="S(1,0)\nSCRAM+LoadFollow", fillcolor=lightgreen]; + s11 [label="S(1,1)\nLoadFollow", fillcolor=gray90]; + + init [shape=point, width=0.2]; + init -> s00; + + s00 -> s01 [label="5/16", penwidth=1.0]; + s00 -> s10 [label="11/16", penwidth=2.0]; + s01 -> s10 [label="always", penwidth=2.0]; + s10 -> s10 [label="always", penwidth=2.0]; +} \ No newline at end of file diff --git a/fret-pipeline/.archive/diagrams/DRC_state_machine.png b/fret-pipeline/.archive/diagrams/DRC_state_machine.png new file mode 100644 index 0000000..c6651e8 Binary files /dev/null and b/fret-pipeline/.archive/diagrams/DRC_state_machine.png differ diff --git a/fret-pipeline/.archive/diagrams/DRC_state_machine.svg b/fret-pipeline/.archive/diagrams/DRC_state_machine.svg new file mode 100644 index 0000000..e31c2ed --- /dev/null +++ b/fret-pipeline/.archive/diagrams/DRC_state_machine.svg @@ -0,0 +1,81 @@ + + + + + + +DRC_Controller + + + +s00 + +S(0,0) +ColdShut+Heatup+LoadFollow +ColdShut+LoadFollow + + + +s01 + +S(0,1) +SCRAM+Heatup+LoadFollow + + + +s00->s01 + + +5/16 + + + +s10 + +S(1,0) +SCRAM+LoadFollow + + + +s00->s10 + + +11/16 + + + +s01->s10 + + +always + + + +s10->s10 + + +always + + + +s11 + +S(1,1) +LoadFollow + + + +init + + + + +init->s00 + + + + + diff --git a/fret-pipeline/.archive/diagrams/LPC_mini.png b/fret-pipeline/.archive/diagrams/LPC_mini.png new file mode 100644 index 0000000..361690d Binary files /dev/null and b/fret-pipeline/.archive/diagrams/LPC_mini.png differ diff --git a/fret-pipeline/.archive/diagrams/LPC_mini.svg b/fret-pipeline/.archive/diagrams/LPC_mini.svg new file mode 100644 index 0000000..ef7222d --- /dev/null +++ b/fret-pipeline/.archive/diagrams/LPC_mini.svg @@ -0,0 +1,4591 @@ + + + + + + +aiger + + + +n0 + +0 + + + +n1 + +r_f + + + +n28 + +& + + + +n1->n28 + + + + + +n29 + +& + + + +n1->n29 + + +~ + + + +n31 + +& + + + +n1->n31 + + +~ + + + +n60 + +& + + + +n1->n60 + + +~ + + + +n65 + +& + + + +n1->n65 + + +~ + + + +n92 + +& + + + +n1->n92 + + + + + +n93 + +& + + + +n1->n93 + + +~ + + + +n99 + +& + + + +n1->n99 + + +~ + + + +n119 + +& + + + +n1->n119 + + +~ + + + +n146 + +& + + + +n1->n146 + + +~ + + + +n153 + +& + + + +n1->n153 + + +~ + + + +n160 + +& + + + +n1->n160 + + +~ + + + +n178 + +& + + + +n1->n178 + + +~ + + + +n180 + +& + + + +n1->n180 + + +~ + + + +n216 + +& + + + +n1->n216 + + + + + +n221 + +& + + + +n1->n221 + + +~ + + + +n2 + +r_e + + + +n32 + +& + + + +n2->n32 + + + + + +n33 + +& + + + +n2->n33 + + +~ + + + +n66 + +& + + + +n2->n66 + + + + + +n67 + +& + + + +n2->n67 + + +~ + + + +n100 + +& + + + +n2->n100 + + + + + +n101 + +& + + + +n2->n101 + + +~ + + + +n120 + +& + + + +n2->n120 + + +~ + + + +n147 + +& + + + +n2->n147 + + +~ + + + +n161 + +& + + + +n2->n161 + + + + + +n162 + +& + + + +n2->n162 + + +~ + + + +n179 + +& + + + +n2->n179 + + +~ + + + +n2->n180 + + +~ + + + +n2->n216 + + +~ + + + +n2->n221 + + + + + +n3 + +r_a + + + +n23 + +& + + + +n3->n23 + + +~ + + + +n27 + +& + + + +n3->n27 + + +~ + + + +n57 + +& + + + +n3->n57 + + + + + +n58 + +& + + + +n3->n58 + + +~ + + + +n64 + +& + + + +n3->n64 + + +~ + + + +n85 + +& + + + +n3->n85 + + + + + +n86 + +& + + + +n3->n86 + + +~ + + + +n91 + +& + + + +n3->n91 + + +~ + + + +n98 + +& + + + +n3->n98 + + +~ + + + +n116 + +& + + + +n3->n116 + + + + + +n117 + +& + + + +n3->n117 + + +~ + + + +n144 + +& + + + +n3->n144 + + +~ + + + +n151 + +& + + + +n3->n151 + + +~ + + + +n159 + +& + + + +n3->n159 + + +~ + + + +n176 + +& + + + +n3->n176 + + +~ + + + +n181 + +& + + + +n3->n181 + + +~ + + + +n199 + +& + + + +n3->n199 + + +~ + + + +n211 + +& + + + +n3->n211 + + + + + +n4 + +r_b + + + +n20 + +& + + + +n4->n20 + + + + + +n21 + +& + + + +n4->n21 + + +~ + + + +n26 + +& + + + +n4->n26 + + +~ + + + +n50 + +& + + + +n4->n50 + + + + + +n51 + +& + + + +n4->n51 + + +~ + + + +n56 + +& + + + +n4->n56 + + +~ + + + +n63 + +& + + + +n4->n63 + + +~ + + + +n81 + +& + + + +n4->n81 + + + + + +n82 + +& + + + +n4->n82 + + +~ + + + +n84 + +& + + + +n4->n84 + + +~ + + + +n90 + +& + + + +n4->n90 + + +~ + + + +n97 + +& + + + +n4->n97 + + +~ + + + +n112 + +& + + + +n4->n112 + + + + + +n113 + +& + + + +n4->n113 + + +~ + + + +n115 + +& + + + +n4->n115 + + +~ + + + +n141 + +& + + + +n4->n141 + + + + + +n142 + +& + + + +n4->n142 + + +~ + + + +n149 + +& + + + +n4->n149 + + +~ + + + +n158 + +& + + + +n4->n158 + + +~ + + + +n173 + +& + + + +n4->n173 + + + + + +n174 + +& + + + +n4->n174 + + +~ + + + +n4->n181 + + +~ + + + +n4->n199 + + + + + +n4->n211 + + +~ + + + +n5 + +r_c + + + +n15 + +& + + + +n5->n15 + + +~ + + + +n19 + +& + + + +n5->n19 + + +~ + + + +n25 + +& + + + +n5->n25 + + +~ + + + +n45 + +& + + + +n5->n45 + + + + + +n46 + +& + + + +n5->n46 + + +~ + + + +n49 + +& + + + +n5->n49 + + +~ + + + +n55 + +& + + + +n5->n55 + + +~ + + + +n62 + +& + + + +n5->n62 + + +~ + + + +n76 + +& + + + +n5->n76 + + + + + +n77 + +& + + + +n5->n77 + + +~ + + + +n80 + +& + + + +n5->n80 + + +~ + + + +n89 + +& + + + +n5->n89 + + +~ + + + +n96 + +& + + + +n5->n96 + + +~ + + + +n104 + +& + + + +n5->n104 + + + + + +n105 + +& + + + +n5->n105 + + +~ + + + +n111 + +& + + + +n5->n111 + + +~ + + + +n132 + +& + + + +n5->n132 + + + + + +n133 + +& + + + +n5->n133 + + +~ + + + +n140 + +& + + + +n5->n140 + + +~ + + + +n157 + +& + + + +n5->n157 + + +~ + + + +n168 + +& + + + +n5->n168 + + + + + +n172 + +& + + + +n5->n172 + + +~ + + + +n182 + +& + + + +n5->n182 + + +~ + + + +n193 + +& + + + +n5->n193 + + + + + +n200 + +& + + + +n5->n200 + + +~ + + + +n6 + +r_d + + + +n14 + +& + + + +n6->n14 + + + + + +n18 + +& + + + +n6->n18 + + +~ + + + +n24 + +& + + + +n6->n24 + + +~ + + + +n41 + +& + + + +n6->n41 + + + + + +n44 + +& + + + +n6->n44 + + +~ + + + +n48 + +& + + + +n6->n48 + + +~ + + + +n54 + +& + + + +n6->n54 + + +~ + + + +n61 + +& + + + +n6->n61 + + +~ + + + +n72 + +& + + + +n6->n72 + + + + + +n75 + +& + + + +n6->n75 + + +~ + + + +n79 + +& + + + +n6->n79 + + +~ + + + +n88 + +& + + + +n6->n88 + + +~ + + + +n95 + +& + + + +n6->n95 + + +~ + + + +n103 + +& + + + +n6->n103 + + + + + +n110 + +& + + + +n6->n110 + + +~ + + + +n127 + +& + + + +n6->n127 + + + + + +n131 + +& + + + +n6->n131 + + +~ + + + +n139 + +& + + + +n6->n139 + + +~ + + + +n156 + +& + + + +n6->n156 + + +~ + + + +n167 + +& + + + +n6->n167 + + +~ + + + +n171 + +& + + + +n6->n171 + + +~ + + + +n6->n182 + + + + + +n6->n193 + + +~ + + + +n6->n200 + + +~ + + + +n7 + +L0 + + + +n13 + +& + + + +n7->n13 + + +~ + + + +n17 + +& + + + +n7->n17 + + + + + +n38 + +& + + + +n7->n38 + + + + + +n39 + +& + + + +n7->n39 + + +~ + + + +n42 + +& + + + +n7->n42 + + + + + +n53 + +& + + + +n7->n53 + + + + + +n69 + +& + + + +n7->n69 + + + + + +n70 + +& + + + +n7->n70 + + +~ + + + +n73 + +& + + + +n7->n73 + + +~ + + + +n109 + +& + + + +n7->n109 + + +~ + + + +n124 + +& + + + +n7->n124 + + + + + +n125 + +& + + + +n7->n125 + + +~ + + + +n128 + +& + + + +n7->n128 + + + + + +n129 + +& + + + +n7->n129 + + +~ + + + +n137 + +& + + + +n7->n137 + + +~ + + + +n154 + +& + + + +n7->n154 + + +~ + + + +n165 + +& + + + +n7->n165 + + + + + +n183 + +& + + + +n7->n183 + + +~ + + + +n187 + +& + + + +n7->n187 + + + + + +n194 + +& + + + +n7->n194 + + + + + +n201 + +& + + + +n7->n201 + + + + + +n212 + +& + + + +n7->n212 + + +~ + + + +n217 + +& + + + +n7->n217 + + +~ + + + +n227 + +& + + + +n7->n227 + + + + + +n8 + +L1 + + + +n12 + +& + + + +n8->n12 + + +~ + + + +n16 + +& + + + +n8->n16 + + + + + +n36 + +& + + + +n8->n36 + + + + + +n37 + +& + + + +n8->n37 + + +~ + + + +n108 + +& + + + +n8->n108 + + +~ + + + +n121 + +& + + + +n8->n121 + + + + + +n123 + +& + + + +n8->n123 + + +~ + + + +n136 + +& + + + +n8->n136 + + +~ + + + +n8->n183 + + + + + +n8->n187 + + +~ + + + +n8->n201 + + + + + +n205 + +& + + + +n8->n205 + + +~ + + + +n228 + +& + + + +n8->n228 + + + + + +n9 + +L2 + + + +n11 + +& + + + +n9->n11 + + +~ + + + +n35 + +& + + + +n9->n35 + + + + + +n107 + +& + + + +n9->n107 + + +~ + + + +n197 + +& + + + +n9->n197 + + + + + +n9->n205 + + + + + +n229 + +& + + + +n9->n229 + + + + + +n10 + +L3 + + + +n10->n11 + + +~ + + + +n10->n35 + + +~ + + + +n10->n107 + + + + + +n10->n121 + + +~ + + + +n10->n123 + + +~ + + + +n10->n128 + + +~ + + + +n208 + +& + + + +n10->n208 + + + + + +n10->n227 + + + + + +n10->n228 + + + + + +n10->n229 + + + + + +n11->n12 + + + + + +n11->n16 + + + + + +n190 + +& + + + +n11->n190 + + + + + +n11->n217 + + + + + +n12->n13 + + + + + +n12->n69 + + + + + +n122 + +& + + + +n12->n122 + + +~ + + + +n225 + +& + + + +n12->n225 + + + + + +n13->n14 + + + + + +n13->n24 + + + + + +n14->n15 + + + + + +n15->n21 + + + + + +n16->n17 + + + + + +n16->n70 + + + + + +n17->n18 + + + + + +n17->n103 + + + + + +n18->n19 + + + + + +n18->n104 + + + + + +n19->n20 + + + + + +n22 + +& + + + +n20->n22 + + +~ + + + +n21->n22 + + +~ + + + +n22->n23 + + +~ + + + +n23->n29 + + + + + +n24->n25 + + + + + +n25->n26 + + + + + +n26->n27 + + + + + +n27->n28 + + + + + +n27->n31 + + + + + +n30 + +& + + + +n28->n30 + + +~ + + + +n29->n30 + + +~ + + + +n30->n33 + + +~ + + + +n31->n32 + + + + + +n34 + +& + + + +n32->n34 + + +~ + + + +n33->n34 + + +~ + + + +out_0 + +m_wb + + + +n34->out_0 + + +~ + + + +n35->n36 + + + + + +n35->n37 + + + + + +n35->n42 + + + + + +n35->n129 + + + + + +n135 + +& + + + +n35->n135 + + +~ + + + +n36->n39 + + + + + +n36->n53 + + + + + +n37->n38 + + + + + +n37->n73 + + + + + +n164 + +& + + + +n37->n164 + + +~ + + + +n40 + +& + + + +n38->n40 + + +~ + + + +n39->n40 + + +~ + + + +n43 + +& + + + +n39->n43 + + +~ + + + +n39->n61 + + + + + +n166 + +& + + + +n39->n166 + + +~ + + + +n40->n41 + + +~ + + + +n41->n46 + + + + + +n42->n43 + + +~ + + + +n42->n48 + + + + + +n138 + +& + + + +n42->n138 + + +~ + + + +n43->n44 + + +~ + + + +n44->n45 + + + + + +n47 + +& + + + +n45->n47 + + +~ + + + +n46->n47 + + +~ + + + +n47->n51 + + +~ + + + +n48->n49 + + + + + +n49->n50 + + + + + +n52 + +& + + + +n50->n52 + + +~ + + + +n51->n52 + + +~ + + + +n52->n58 + + +~ + + + +n53->n54 + + + + + +n54->n55 + + + + + +n55->n56 + + + + + +n56->n57 + + + + + +n59 + +& + + + +n57->n59 + + +~ + + + +n58->n59 + + +~ + + + +n59->n60 + + +~ + + + +n60->n67 + + + + + +n61->n62 + + + + + +n62->n63 + + + + + +n63->n64 + + + + + +n64->n65 + + + + + +n65->n66 + + + + + +n68 + +& + + + +n66->n68 + + +~ + + + +n67->n68 + + +~ + + + +out_1 + +m_stb + + + +n68->out_1 + + +~ + + + +n71 + +& + + + +n69->n71 + + +~ + + + +n74 + +& + + + +n69->n74 + + +~ + + + +n155 + +& + + + +n69->n155 + + +~ + + + +n70->n71 + + +~ + + + +n70->n88 + + + + + +n71->n72 + + +~ + + + +n71->n95 + + +~ + + + +n72->n77 + + + + + +n73->n74 + + +~ + + + +n73->n79 + + + + + +n74->n75 + + +~ + + + +n75->n76 + + + + + +n78 + +& + + + +n76->n78 + + +~ + + + +n148 + +& + + + +n76->n148 + + +~ + + + +n77->n78 + + +~ + + + +n78->n82 + + +~ + + + +n79->n80 + + + + + +n80->n81 + + + + + +n80->n84 + + + + + +n83 + +& + + + +n81->n83 + + +~ + + + +n82->n83 + + +~ + + + +n83->n86 + + +~ + + + +n84->n85 + + + + + +n87 + +& + + + +n85->n87 + + +~ + + + +n145 + +& + + + +n85->n145 + + +~ + + + +n152 + +& + + + +n85->n152 + + +~ + + + +n177 + +& + + + +n85->n177 + + +~ + + + +n86->n87 + + +~ + + + +n87->n93 + + +~ + + + +n88->n89 + + + + + +n89->n90 + + + + + +n90->n91 + + + + + +n91->n92 + + + + + +n94 + +& + + + +n92->n94 + + +~ + + + +n93->n94 + + +~ + + + +n94->n101 + + +~ + + + +n95->n96 + + + + + +n96->n97 + + + + + +n97->n98 + + + + + +n98->n99 + + + + + +n99->n100 + + + + + +n102 + +& + + + +n100->n102 + + +~ + + + +n101->n102 + + +~ + + + +out_2 + +m_swb + + + +n102->out_2 + + +~ + + + +n103->n105 + + + + + +n106 + +& + + + +n104->n106 + + +~ + + + +n105->n106 + + +~ + + + +n105->n148 + + +~ + + + +n169 + +& + + + +n105->n169 + + +~ + + + +n106->n113 + + +~ + + + +n107->n108 + + + + + +n107->n135 + + +~ + + + +n108->n109 + + + + + +n109->n110 + + + + + +n110->n111 + + + + + +n111->n112 + + + + + +n111->n115 + + + + + +n114 + +& + + + +n112->n114 + + +~ + + + +n113->n114 + + +~ + + + +n114->n117 + + +~ + + + +n115->n116 + + + + + +n118 + +& + + + +n116->n118 + + +~ + + + +n117->n118 + + +~ + + + +n118->n119 + + +~ + + + +n119->n120 + + + + + +out_3 + +m_tb + + + +n120->out_3 + + + + + +n121->n122 + + +~ + + + +n121->n154 + + + + + +n121->n164 + + +~ + + + +n122->n125 + + +~ + + + +n123->n124 + + + + + +n126 + +& + + + +n124->n126 + + +~ + + + +n125->n126 + + +~ + + + +n126->n127 + + +~ + + + +n127->n133 + + + + + +n130 + +& + + + +n128->n130 + + +~ + + + +n129->n130 + + +~ + + + +n130->n131 + + +~ + + + +n131->n132 + + + + + +n134 + +& + + + +n132->n134 + + +~ + + + +n133->n134 + + +~ + + + +n134->n142 + + +~ + + + +n135->n136 + + +~ + + + +n136->n137 + + + + + +n137->n138 + + +~ + + + +n170 + +& + + + +n137->n170 + + +~ + + + +n138->n139 + + +~ + + + +n139->n140 + + + + + +n140->n141 + + + + + +n143 + +& + + + +n141->n143 + + +~ + + + +n150 + +& + + + +n141->n150 + + +~ + + + +n142->n143 + + +~ + + + +n143->n144 + + +~ + + + +n144->n145 + + +~ + + + +n145->n146 + + +~ + + + +n146->n147 + + + + + +n147->n7 + + + + + +n148->n149 + + +~ + + + +n149->n150 + + +~ + + + +n150->n151 + + +~ + + + +n151->n152 + + +~ + + + +n152->n153 + + +~ + + + +n153->n162 + + + + + +n154->n155 + + +~ + + + +n155->n156 + + +~ + + + +n156->n157 + + + + + +n157->n158 + + + + + +n158->n159 + + + + + +n159->n160 + + + + + +n160->n161 + + + + + +n163 + +& + + + +n161->n163 + + +~ + + + +n162->n163 + + +~ + + + +n163->n8 + + +~ + + + +n164->n165 + + +~ + + + +n165->n166 + + +~ + + + +n165->n170 + + +~ + + + +n166->n167 + + +~ + + + +n167->n168 + + + + + +n168->n169 + + +~ + + + +n169->n174 + + +~ + + + +n170->n171 + + +~ + + + +n171->n172 + + + + + +n172->n173 + + + + + +n175 + +& + + + +n173->n175 + + +~ + + + +n174->n175 + + +~ + + + +n175->n176 + + +~ + + + +n176->n177 + + +~ + + + +n177->n178 + + +~ + + + +n178->n179 + + + + + +n179->n9 + + + + + +n184 + +& + + + +n180->n184 + + + + + +n180->n190 + + + + + +n180->n194 + + + + + +n180->n197 + + + + + +n202 + +& + + + +n180->n202 + + + + + +n180->n208 + + + + + +n213 + +& + + + +n180->n213 + + + + + +n181->n184 + + + + + +n191 + +& + + + +n181->n191 + + + + + +n195 + +& + + + +n181->n195 + + + + + +n218 + +& + + + +n181->n218 + + + + + +n222 + +& + + + +n181->n222 + + + + + +n181->n225 + + + + + +n185 + +& + + + +n182->n185 + + + + + +n188 + +& + + + +n182->n188 + + + + + +n182->n191 + + + + + +n183->n185 + + + + + +n183->n222 + + + + + +n186 + +& + + + +n184->n186 + + + + + +n189 + +& + + + +n184->n189 + + + + + +n185->n186 + + + + + +n230 + +& + + + +n186->n230 + + +~ + + + +n187->n188 + + + + + +n188->n189 + + + + + +n189->n230 + + +~ + + + +n192 + +& + + + +n190->n192 + + + + + +n191->n192 + + + + + +n231 + +& + + + +n192->n231 + + +~ + + + +n193->n195 + + + + + +n196 + +& + + + +n194->n196 + + + + + +n195->n196 + + + + + +n198 + +& + + + +n195->n198 + + + + + +n196->n231 + + +~ + + + +n197->n198 + + + + + +n232 + +& + + + +n198->n232 + + +~ + + + +n199->n202 + + + + + +n209 + +& + + + +n199->n209 + + + + + +n203 + +& + + + +n200->n203 + + + + + +n206 + +& + + + +n200->n206 + + + + + +n200->n209 + + + + + +n200->n213 + + + + + +n200->n218 + + + + + +n223 + +& + + + +n200->n223 + + + + + +n201->n203 + + + + + +n204 + +& + + + +n202->n204 + + + + + +n207 + +& + + + +n202->n207 + + + + + +n203->n204 + + + + + +n204->n232 + + +~ + + + +n205->n206 + + + + + +n205->n212 + + + + + +n206->n207 + + + + + +n233 + +& + + + +n207->n233 + + +~ + + + +n210 + +& + + + +n208->n210 + + + + + +n209->n210 + + + + + +n210->n233 + + +~ + + + +n214 + +& + + + +n211->n214 + + + + + +n212->n214 + + + + + +n215 + +& + + + +n213->n215 + + + + + +n214->n215 + + + + + +n234 + +& + + + +n215->n234 + + +~ + + + +n219 + +& + + + +n216->n219 + + + + + +n217->n219 + + + + + +n220 + +& + + + +n218->n220 + + + + + +n219->n220 + + + + + +n220->n234 + + +~ + + + +n221->n223 + + + + + +n224 + +& + + + +n222->n224 + + + + + +n223->n224 + + + + + +n226 + +& + + + +n223->n226 + + + + + +n235 + +& + + + +n224->n235 + + +~ + + + +n225->n226 + + + + + +n226->n235 + + +~ + + + +n236 + +& + + + +n227->n236 + + +~ + + + +n228->n236 + + +~ + + + +n237 + +& + + + +n229->n237 + + +~ + + + +n230->n237 + + + + + +n238 + +& + + + +n231->n238 + + + + + +n232->n238 + + + + + +n239 + +& + + + +n233->n239 + + + + + +n234->n239 + + + + + +n240 + +& + + + +n235->n240 + + + + + +n236->n240 + + + + + +n241 + +& + + + +n237->n241 + + + + + +n238->n241 + + + + + +n242 + +& + + + +n239->n242 + + + + + +n240->n242 + + + + + +n243 + +& + + + +n241->n243 + + + + + +n242->n243 + + + + + +n243->n10 + + + + + diff --git a/fret-pipeline/.archive/diagrams/PWR_HYBRID_3_DRC_annotated.dot b/fret-pipeline/.archive/diagrams/PWR_HYBRID_3_DRC_annotated.dot new file mode 100644 index 0000000..8fff24e --- /dev/null +++ b/fret-pipeline/.archive/diagrams/PWR_HYBRID_3_DRC_annotated.dot @@ -0,0 +1,46 @@ +digraph DRC_Controller { + rankdir=LR; + splines=true; + nodesep=1.2; + ranksep=1.5; + node [shape=circle, style=filled, fontname="Helvetica", fontsize=14, width=1.5, fixedsize=false]; + edge [fontname="Helvetica", fontsize=11]; + + // States + shutdown [label="SHUTDOWN\n(0,0)", fillcolor="#B3D9FF"]; + heatup [label="HEATUP\n(1,0)", fillcolor="#FFFFB3"]; + operation [label="OPERATION\n(0,1)", fillcolor="#B3FFB3"]; + scram [label="SCRAM\n(1,1)", fillcolor="#FFB3B3"]; + + // Init + init [shape=point, width=0.25]; + init -> shutdown [penwidth=2.0]; + + // Transitions with guard conditions + // S001: shutdown stays when !t_avg_above_min + shutdown -> shutdown [label="!t_avg_above_min\n(S001)", color="#4477AA", penwidth=1.5]; + + // T001: shutdown -> heatup when t_avg_above_min + shutdown -> heatup [label="t_avg_above_min\n(T001)", color="#228B22", penwidth=2.0]; + + // S002: heatup stays when inv1_holds & !(t_in_range & p_above_crit) + heatup -> heatup [label="inv1 & !(t_range & p_crit)\n(S002)", color="#4477AA", penwidth=1.5]; + + // T002: heatup -> operation when inv1 & t_in_range & p_above_crit + heatup -> operation [label="inv1 & t_range & p_crit\n(T002)", color="#228B22", penwidth=2.0]; + + // T003: heatup -> scram when !inv1_holds + heatup -> scram [label="!inv1_holds\n(T003)", color="#CC0000", penwidth=2.0]; + + // S003: operation stays when inv2_holds + operation -> operation [label="inv2_holds\n(S003)", color="#4477AA", penwidth=1.5]; + + // T004: operation -> scram when !inv2_holds + operation -> scram [label="!inv2_holds\n(T004)", color="#CC0000", penwidth=2.0]; + + // S004: scram stays when !manual_reset + scram -> scram [label="!manual_reset\n(S004)", color="#4477AA", penwidth=1.5]; + + // T005: scram -> shutdown when manual_reset + scram -> shutdown [label="manual_reset\n(T005)", color="#228B22", penwidth=2.0]; +} diff --git a/fret-pipeline/.archive/diagrams/PWR_HYBRID_3_DRC_annotated.png b/fret-pipeline/.archive/diagrams/PWR_HYBRID_3_DRC_annotated.png new file mode 100644 index 0000000..31e2319 Binary files /dev/null and b/fret-pipeline/.archive/diagrams/PWR_HYBRID_3_DRC_annotated.png differ diff --git a/fret-pipeline/.archive/diagrams/PWR_HYBRID_3_DRC_annotated.svg b/fret-pipeline/.archive/diagrams/PWR_HYBRID_3_DRC_annotated.svg new file mode 100644 index 0000000..f87f1ad --- /dev/null +++ b/fret-pipeline/.archive/diagrams/PWR_HYBRID_3_DRC_annotated.svg @@ -0,0 +1,124 @@ + + + + + + +DRC_Controller + + + +shutdown + +SHUTDOWN +(0,0) + + + +shutdown->shutdown + + +!t_avg_above_min +(S001) + + + +heatup + +HEATUP +(1,0) + + + +shutdown->heatup + + +t_avg_above_min +(T001) + + + +heatup->heatup + + +inv1 & !(t_range & p_crit) +(S002) + + + +operation + +OPERATION +(0,1) + + + +heatup->operation + + +inv1 & t_range & p_crit +(T002) + + + +scram + +SCRAM +(1,1) + + + +heatup->scram + + +!inv1_holds +(T003) + + + +operation->operation + + +inv2_holds +(S003) + + + +operation->scram + + +!inv2_holds +(T004) + + + +scram->shutdown + + +manual_reset +(T005) + + + +scram->scram + + +!manual_reset +(S004) + + + +init + + + + +init->shutdown + + + + + diff --git a/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC.png b/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC.png new file mode 100644 index 0000000..f29ecb6 Binary files /dev/null and b/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC.png differ diff --git a/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC.svg b/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC.svg new file mode 100644 index 0000000..b3af373 --- /dev/null +++ b/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC.svg @@ -0,0 +1,437 @@ + + + + + + +aiger + + + +n0 + +0 + + + +out_3 + +op_mode + + + +n0->out_3 + + + + + +out_4 + +load_follow + + + +n0->out_4 + + +~ + + + +n1 + +t_max_exceeded + + + +n10 + +& + + + +n1->n10 + + +~ + + + +n12 + +& + + + +n1->n12 + + +~ + + + +n2 + +t_dot_exceeded + + + +n2->n12 + + +~ + + + +n3 + +startup + + + +n3->n10 + + +~ + + + +n4 + +t_power_min + + + +n13 + +& + + + +n4->n13 + + +~ + + + +n18 + +& + + + +n4->n18 + + +~ + + + +n5 + +L0 + + + +n7 + +& + + + +n5->n7 + + +~ + + + +n8 + +& + + + +n5->n8 + + + + + +n15 + +& + + + +n5->n15 + + +~ + + + +n6 + +L1 + + + +n6->n7 + + +~ + + + +n6->n8 + + + + + +n11 + +& + + + +n6->n11 + + +~ + + + +n6->n13 + + +~ + + + +n9 + +& + + + +n7->n9 + + +~ + + + +n17 + +& + + + +n7->n17 + + + + + +n7->n18 + + + + + +out_0 + +cold_shutdown + + + +n7->out_0 + + + + + +n8->n9 + + +~ + + + +n20 + +& + + + +n8->n20 + + +~ + + + +out_1 + +scram + + + +n9->out_1 + + + + + +n10->n11 + + + + + +n10->n17 + + + + + +n11->n15 + + +~ + + + +n14 + +& + + + +n12->n14 + + + + + +n19 + +& + + + +n12->n19 + + + + + +n13->n14 + + + + + +n16 + +& + + + +n14->n16 + + +~ + + + +n15->n16 + + + + + +out_2 + +heatup + + + +n16->out_2 + + + + + +n17->n20 + + +~ + + + +n22 + +& + + + +n17->n22 + + +~ + + + +n18->n19 + + + + + +n21 + +& + + + +n19->n21 + + +~ + + + +n19->n22 + + +~ + + + +n20->n21 + + + + + +n21->n5 + + + + + +n22->n6 + + +~ + + + diff --git a/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC_gate.png b/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC_gate.png new file mode 100644 index 0000000..f29ecb6 Binary files /dev/null and b/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC_gate.png differ diff --git a/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC_gate.svg b/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC_gate.svg new file mode 100644 index 0000000..b3af373 --- /dev/null +++ b/fret-pipeline/.archive/diagrams/PWR_Hybrid_DRC_gate.svg @@ -0,0 +1,437 @@ + + + + + + +aiger + + + +n0 + +0 + + + +out_3 + +op_mode + + + +n0->out_3 + + + + + +out_4 + +load_follow + + + +n0->out_4 + + +~ + + + +n1 + +t_max_exceeded + + + +n10 + +& + + + +n1->n10 + + +~ + + + +n12 + +& + + + +n1->n12 + + +~ + + + +n2 + +t_dot_exceeded + + + +n2->n12 + + +~ + + + +n3 + +startup + + + +n3->n10 + + +~ + + + +n4 + +t_power_min + + + +n13 + +& + + + +n4->n13 + + +~ + + + +n18 + +& + + + +n4->n18 + + +~ + + + +n5 + +L0 + + + +n7 + +& + + + +n5->n7 + + +~ + + + +n8 + +& + + + +n5->n8 + + + + + +n15 + +& + + + +n5->n15 + + +~ + + + +n6 + +L1 + + + +n6->n7 + + +~ + + + +n6->n8 + + + + + +n11 + +& + + + +n6->n11 + + +~ + + + +n6->n13 + + +~ + + + +n9 + +& + + + +n7->n9 + + +~ + + + +n17 + +& + + + +n7->n17 + + + + + +n7->n18 + + + + + +out_0 + +cold_shutdown + + + +n7->out_0 + + + + + +n8->n9 + + +~ + + + +n20 + +& + + + +n8->n20 + + +~ + + + +out_1 + +scram + + + +n9->out_1 + + + + + +n10->n11 + + + + + +n10->n17 + + + + + +n11->n15 + + +~ + + + +n14 + +& + + + +n12->n14 + + + + + +n19 + +& + + + +n12->n19 + + + + + +n13->n14 + + + + + +n16 + +& + + + +n14->n16 + + +~ + + + +n15->n16 + + + + + +out_2 + +heatup + + + +n16->out_2 + + + + + +n17->n20 + + +~ + + + +n22 + +& + + + +n17->n22 + + +~ + + + +n18->n19 + + + + + +n21 + +& + + + +n19->n21 + + +~ + + + +n19->n22 + + +~ + + + +n20->n21 + + + + + +n21->n5 + + + + + +n22->n6 + + +~ + + + diff --git a/fret-pipeline/.archive/fretRequirements.json b/fret-pipeline/.archive/fretRequirements.json new file mode 100644 index 0000000..571fb4f --- /dev/null +++ b/fret-pipeline/.archive/fretRequirements.json @@ -0,0 +1,842 @@ +[ + { + "reqid": "DRC_S004_SCRAM_STAY", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Whenever control_mode = q_scram & !manual_reset DRC shall at the next timepoint satisfy control_mode = q_scram", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "holding", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_scram", + "manual_reset" + ], + "qualifier_word": "whenever", + "pre_condition": "(control_mode = q_scram & ! manual_reset)", + "regular_condition": "(control_mode = q_scram & ! manual_reset)", + "conditionTextRange": [ + 0, + 46 + ], + "component_name": "DRC", + "componentTextRange": [ + 50, + 52 + ], + "timingTextRange": [ + 60, + 80 + ], + "post_condition": "(control_mode = q_scram)", + "responseTextRange": [ + 82, + 111 + ], + "diagramVariables": "CC = (control_mode = q_scram & ! manual_reset), Response = (control_mode = q_scram).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_scram & ! manual_reset) is true.
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_scram) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_scram & ! manual_reset) is true.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_scram) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_holding_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_unexp_ft": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_unexp_pctl": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_SMV_pt": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_SMV_ft": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_MLTL_ft": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_PRISM_pctl": "((control_mode = q_scram) & (! manual_reset))", + "post_condition_unexp_pt": "(control_mode = q_scram)", + "post_condition_unexp_ft": "(control_mode = q_scram)", + "post_condition_unexp_pctl": "(control_mode = q_scram)", + "post_condition_SMV_pt": "(control_mode = q_scram)", + "post_condition_SMV_ft": "(control_mode = q_scram)", + "post_condition_MLTL_ft": "(control_mode = q_scram)", + "post_condition_PRISM_pctl": "(control_mode = q_scram)", + "ft": "(LAST V (((control_mode = q_scram) & (! manual_reset)) -> (LAST | (X (control_mode = q_scram)))))", + "pt": "(H ((Y ((control_mode = q_scram) & (! manual_reset))) -> ((control_mode = q_scram) | (Z FALSE))))", + "pctl": "P>=1[(G (((control_mode = q_scram) & (! manual_reset)) => (P>=1[(LAST | (X (control_mode = q_scram)))])))]", + "ptExpanded": "(H ((Y ((control_mode = q_scram) & (! manual_reset))) -> ((control_mode = q_scram) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre(((control_mode = q_scram) and not (manual_reset))) => ((control_mode = q_scram) or ZtoPre(false))))", + "ftExpanded": "(LAST V (((control_mode = q_scram) & (! manual_reset)) -> (LAST | (X (control_mode = q_scram)))))", + "pctlExpanded": "P>=1[(G (((control_mode = q_scram) & (! manual_reset)) => (P>=1[(false | (X (control_mode = q_scram)))])))]", + "ftInfAUExpanded": "(G (((control_mode = q_scram) & (! manual_reset)) -> (X (control_mode = q_scram))))", + "mltlExpanded": "(G[0,M] (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_scram) & (! manual_reset))
p1: (control_mode = q_scram)", + "R2U2Code": "(((control_mode == q_scram) && (! manual_reset)) -> (F[1,1] (control_mode == q_scram)))", + "component": "DRC" + }, + "status": "", + "_id": "68403100-3463-11f1-b848-f314240f620d" + }, + { + "reqid": "DRC_T001_SHUTDOWN_TO_HEATUP", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Upon control_mode = q_shutdown & t_avg_above_min DRC shall at the next timepoint satisfy control_mode = q_heatup", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_shutdown", + "t_avg_above_min", + "q_heatup" + ], + "qualifier_word": "upon", + "pre_condition": "(control_mode = q_shutdown & t_avg_above_min)", + "regular_condition": "(control_mode = q_shutdown & t_avg_above_min)", + "conditionTextRange": [ + 0, + 47 + ], + "component_name": "DRC", + "componentTextRange": [ + 51, + 53 + ], + "timingTextRange": [ + 61, + 81 + ], + "post_condition": "(control_mode = q_heatup)", + "responseTextRange": [ + 83, + 113 + ], + "diagramVariables": "TC = (control_mode = q_shutdown & t_avg_above_min), Response = (control_mode = q_heatup).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_shutdown & t_avg_above_min) is true and any point in the interval where (control_mode = q_shutdown & t_avg_above_min) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_heatup) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_shutdown & t_avg_above_min) is true and any point in the interval where (control_mode = q_shutdown & t_avg_above_min) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_heatup) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_unexp_ft": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_unexp_pctl": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_SMV_pt": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_SMV_ft": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_MLTL_ft": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_PRISM_pctl": "((control_mode = q_shutdown) & t_avg_above_min)", + "post_condition_unexp_pt": "(control_mode = q_heatup)", + "post_condition_unexp_ft": "(control_mode = q_heatup)", + "post_condition_unexp_pctl": "(control_mode = q_heatup)", + "post_condition_SMV_pt": "(control_mode = q_heatup)", + "post_condition_SMV_ft": "(control_mode = q_heatup)", + "post_condition_MLTL_ft": "(control_mode = q_heatup)", + "post_condition_PRISM_pctl": "(control_mode = q_heatup)", + "ft": "((LAST V (((! ((control_mode = q_shutdown) & t_avg_above_min)) & ((! LAST) & (X ((control_mode = q_shutdown) & t_avg_above_min)))) -> (X (LAST | (X (control_mode = q_heatup)))))) & (((control_mode = q_shutdown) & t_avg_above_min) -> (LAST | (X (control_mode = q_heatup)))))", + "pt": "(H ((Y (((control_mode = q_shutdown) & t_avg_above_min) & (Z (! ((control_mode = q_shutdown) & t_avg_above_min))))) -> ((control_mode = q_heatup) | (Z FALSE))))", + "pctl": "P>=1[((G (((! ((control_mode = q_shutdown) & t_avg_above_min)) & (X ((control_mode = q_shutdown) & t_avg_above_min))) => (X (P>=1[(LAST | (X (control_mode = q_heatup)))])))) & (((control_mode = q_shutdown) & t_avg_above_min) => (P>=1[(LAST | (X (control_mode = q_heatup)))])))]", + "ptExpanded": "(H ((Y (((control_mode = q_shutdown) & t_avg_above_min) & (Z (! ((control_mode = q_shutdown) & t_avg_above_min))))) -> ((control_mode = q_heatup) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((control_mode = q_shutdown) and t_avg_above_min) and ZtoPre(not (((control_mode = q_shutdown) and t_avg_above_min))))) => ((control_mode = q_heatup) or ZtoPre(false))))", + "ftExpanded": "((LAST V (((! ((control_mode = q_shutdown) & t_avg_above_min)) & ((! LAST) & (X ((control_mode = q_shutdown) & t_avg_above_min)))) -> (X (LAST | (X (control_mode = q_heatup)))))) & (((control_mode = q_shutdown) & t_avg_above_min) -> (LAST | (X (control_mode = q_heatup)))))", + "pctlExpanded": "P>=1[((G (((! ((control_mode = q_shutdown) & t_avg_above_min)) & (X ((control_mode = q_shutdown) & t_avg_above_min))) => (X (P>=1[(false | (X (control_mode = q_heatup)))])))) & (((control_mode = q_shutdown) & t_avg_above_min) => (P>=1[(false | (X (control_mode = q_heatup)))])))]", + "ftInfAUExpanded": "((G (((! ((control_mode = q_shutdown) & t_avg_above_min)) & (X ((control_mode = q_shutdown) & t_avg_above_min))) -> (X (X (control_mode = q_heatup))))) & (((control_mode = q_shutdown) & t_avg_above_min) -> (X (control_mode = q_heatup))))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[2,2] p1))) & (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_shutdown) & t_avg_above_min)
p1: (control_mode = q_heatup)", + "R2U2Code": "((((! ((control_mode == q_shutdown) && t_avg_above_min)) && (F[1,1] ((control_mode == q_shutdown) && t_avg_above_min))) -> (F[2,2] (control_mode == q_heatup))) && (((TAU == 0) && ((control_mode == q_shutdown) && t_avg_above_min)) -> (F[1,1] (control_mode == q_heatup))))", + "component": "DRC" + }, + "status": "", + "_id": "68403101-3463-11f1-b848-f314240f620d" + }, + { + "reqid": "DRC_T002_HEATUP_TO_OPERATION", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Upon control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds DRC shall at the next timepoint satisfy control_mode = q_operation", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_heatup", + "t_avg_in_range", + "p_above_crit", + "inv1_holds", + "q_operation" + ], + "qualifier_word": "upon", + "pre_condition": "(control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds)", + "regular_condition": "(control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds)", + "conditionTextRange": [ + 0, + 72 + ], + "component_name": "DRC", + "componentTextRange": [ + 75, + 77 + ], + "timingTextRange": [ + 85, + 105 + ], + "post_condition": "(control_mode = q_operation)", + "responseTextRange": [ + 107, + 140 + ], + "diagramVariables": "TC = (control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds), Response = (control_mode = q_operation).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds) is true and any point in the interval where (control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_operation) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds) is true and any point in the interval where (control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_operation) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_unexp_ft": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_unexp_pctl": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_SMV_pt": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_SMV_ft": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_MLTL_ft": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_PRISM_pctl": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "post_condition_unexp_pt": "(control_mode = q_operation)", + "post_condition_unexp_ft": "(control_mode = q_operation)", + "post_condition_unexp_pctl": "(control_mode = q_operation)", + "post_condition_SMV_pt": "(control_mode = q_operation)", + "post_condition_SMV_ft": "(control_mode = q_operation)", + "post_condition_MLTL_ft": "(control_mode = q_operation)", + "post_condition_PRISM_pctl": "(control_mode = q_operation)", + "ft": "((LAST V (((! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)) & ((! LAST) & (X ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)))) -> (X (LAST | (X (control_mode = q_operation)))))) & (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) -> (LAST | (X (control_mode = q_operation)))))", + "pt": "(H ((Y (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) & (Z (! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds))))) -> ((control_mode = q_operation) | (Z FALSE))))", + "pctl": "P>=1[((G (((! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)) & (X ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds))) => (X (P>=1[(LAST | (X (control_mode = q_operation)))])))) & (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) => (P>=1[(LAST | (X (control_mode = q_operation)))])))]", + "ptExpanded": "(H ((Y (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) & (Z (! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds))))) -> ((control_mode = q_operation) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((((control_mode = q_heatup) and t_avg_in_range) and p_above_crit) and inv1_holds) and ZtoPre(not (((((control_mode = q_heatup) and t_avg_in_range) and p_above_crit) and inv1_holds))))) => ((control_mode = q_operation) or ZtoPre(false))))", + "ftExpanded": "((LAST V (((! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)) & ((! LAST) & (X ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)))) -> (X (LAST | (X (control_mode = q_operation)))))) & (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) -> (LAST | (X (control_mode = q_operation)))))", + "pctlExpanded": "P>=1[((G (((! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)) & (X ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds))) => (X (P>=1[(false | (X (control_mode = q_operation)))])))) & (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) => (P>=1[(false | (X (control_mode = q_operation)))])))]", + "ftInfAUExpanded": "((G (((! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)) & (X ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds))) -> (X (X (control_mode = q_operation))))) & (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) -> (X (control_mode = q_operation))))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[2,2] p1))) & (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)
p1: (control_mode = q_operation)", + "R2U2Code": "((((! ((((control_mode == q_heatup) && t_avg_in_range) && p_above_crit) && inv1_holds)) && (F[1,1] ((((control_mode == q_heatup) && t_avg_in_range) && p_above_crit) && inv1_holds))) -> (F[2,2] (control_mode == q_operation))) && (((TAU == 0) && ((((control_mode == q_heatup) && t_avg_in_range) && p_above_crit) && inv1_holds)) -> (F[1,1] (control_mode == q_operation))))", + "component": "DRC" + }, + "status": "", + "_id": "68403102-3463-11f1-b848-f314240f620d" + }, + { + "reqid": "DRC_A001_MODE_VALID", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "DRC shall always satisfy control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "probability": "null", + "timing": "always", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_shutdown", + "q_heatup", + "q_operation", + "q_scram" + ], + "component_name": "DRC", + "componentTextRange": [ + 0, + 2 + ], + "timingTextRange": [ + 10, + 15 + ], + "post_condition": "(control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram)", + "responseTextRange": [ + 17, + 129 + ], + "diagramVariables": "Response = (control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram) must hold at all time points between (and including) the trigger and the end of the interval.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram) must hold at all time points between (and including) the trigger and the end of the interval.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_always_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_unexp_ft": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_unexp_pctl": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_SMV_pt": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_SMV_ft": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_MLTL_ft": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_PRISM_pctl": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "ft": "(LAST V ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))", + "pt": "(H ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))", + "pctl": "(P>=1[(G ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))])", + "ptExpanded": "(H ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))", + "CoCoSpecCode": "H(((((control_mode = q_shutdown) or (control_mode = q_heatup)) or (control_mode = q_operation)) or (control_mode = q_scram)))", + "ftExpanded": "(LAST V ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))", + "pctlExpanded": "(P>=1[(G ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))])", + "ftInfAUExpanded": "(G ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))", + "mltlExpanded": "(G[0,M] p0)", + "WESTMapping": "p0: ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "R2U2Code": "((((control_mode == q_shutdown) || (control_mode == q_heatup)) || (control_mode == q_operation)) || (control_mode == q_scram))", + "component": "DRC" + }, + "status": "", + "_id": "68403103-3463-11f1-b848-f314240f620d" + }, + { + "reqid": "DRC_T003_HEATUP_TO_SCRAM", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Upon control_mode = q_heatup & !inv1_holds DRC shall at the next timepoint satisfy control_mode = q_scram", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_heatup", + "inv1_holds", + "q_scram" + ], + "qualifier_word": "upon", + "pre_condition": "(control_mode = q_heatup & ! inv1_holds)", + "regular_condition": "(control_mode = q_heatup & ! inv1_holds)", + "conditionTextRange": [ + 0, + 41 + ], + "component_name": "DRC", + "componentTextRange": [ + 45, + 47 + ], + "timingTextRange": [ + 55, + 75 + ], + "post_condition": "(control_mode = q_scram)", + "responseTextRange": [ + 77, + 106 + ], + "diagramVariables": "TC = (control_mode = q_heatup & ! inv1_holds), Response = (control_mode = q_scram).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_heatup & ! inv1_holds) is true and any point in the interval where (control_mode = q_heatup & ! inv1_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_scram) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_heatup & ! inv1_holds) is true and any point in the interval where (control_mode = q_heatup & ! inv1_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_scram) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_unexp_ft": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_unexp_pctl": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_SMV_pt": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_SMV_ft": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_MLTL_ft": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_PRISM_pctl": "((control_mode = q_heatup) & (! inv1_holds))", + "post_condition_unexp_pt": "(control_mode = q_scram)", + "post_condition_unexp_ft": "(control_mode = q_scram)", + "post_condition_unexp_pctl": "(control_mode = q_scram)", + "post_condition_SMV_pt": "(control_mode = q_scram)", + "post_condition_SMV_ft": "(control_mode = q_scram)", + "post_condition_MLTL_ft": "(control_mode = q_scram)", + "post_condition_PRISM_pctl": "(control_mode = q_scram)", + "ft": "((LAST V (((! ((control_mode = q_heatup) & (! inv1_holds))) & ((! LAST) & (X ((control_mode = q_heatup) & (! inv1_holds))))) -> (X (LAST | (X (control_mode = q_scram)))))) & (((control_mode = q_heatup) & (! inv1_holds)) -> (LAST | (X (control_mode = q_scram)))))", + "pt": "(H ((Y (((control_mode = q_heatup) & (! inv1_holds)) & (Z (! ((control_mode = q_heatup) & (! inv1_holds)))))) -> ((control_mode = q_scram) | (Z FALSE))))", + "pctl": "P>=1[((G (((! ((control_mode = q_heatup) & (! inv1_holds))) & (X ((control_mode = q_heatup) & (! inv1_holds)))) => (X (P>=1[(LAST | (X (control_mode = q_scram)))])))) & (((control_mode = q_heatup) & (! inv1_holds)) => (P>=1[(LAST | (X (control_mode = q_scram)))])))]", + "ptExpanded": "(H ((Y (((control_mode = q_heatup) & (! inv1_holds)) & (Z (! ((control_mode = q_heatup) & (! inv1_holds)))))) -> ((control_mode = q_scram) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((control_mode = q_heatup) and not (inv1_holds)) and ZtoPre(not (((control_mode = q_heatup) and not (inv1_holds)))))) => ((control_mode = q_scram) or ZtoPre(false))))", + "ftExpanded": "((LAST V (((! ((control_mode = q_heatup) & (! inv1_holds))) & ((! LAST) & (X ((control_mode = q_heatup) & (! inv1_holds))))) -> (X (LAST | (X (control_mode = q_scram)))))) & (((control_mode = q_heatup) & (! inv1_holds)) -> (LAST | (X (control_mode = q_scram)))))", + "pctlExpanded": "P>=1[((G (((! ((control_mode = q_heatup) & (! inv1_holds))) & (X ((control_mode = q_heatup) & (! inv1_holds)))) => (X (P>=1[(false | (X (control_mode = q_scram)))])))) & (((control_mode = q_heatup) & (! inv1_holds)) => (P>=1[(false | (X (control_mode = q_scram)))])))]", + "ftInfAUExpanded": "((G (((! ((control_mode = q_heatup) & (! inv1_holds))) & (X ((control_mode = q_heatup) & (! inv1_holds)))) -> (X (X (control_mode = q_scram))))) & (((control_mode = q_heatup) & (! inv1_holds)) -> (X (control_mode = q_scram))))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[2,2] p1))) & (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_heatup) & (! inv1_holds))
p1: (control_mode = q_scram)", + "R2U2Code": "((((! ((control_mode == q_heatup) && (! inv1_holds))) && (F[1,1] ((control_mode == q_heatup) && (! inv1_holds)))) -> (F[2,2] (control_mode == q_scram))) && (((TAU == 0) && ((control_mode == q_heatup) && (! inv1_holds))) -> (F[1,1] (control_mode == q_scram))))", + "component": "DRC" + }, + "status": "", + "_id": "68403104-3463-11f1-b848-f314240f620d" + }, + { + "reqid": "DRC_T004_OPERATION_TO_SCRAM", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Upon control_mode = q_operation & !inv2_holds DRC shall at the next timepoint satisfy control_mode = q_scram", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_operation", + "inv2_holds", + "q_scram" + ], + "qualifier_word": "upon", + "pre_condition": "(control_mode = q_operation & ! inv2_holds)", + "regular_condition": "(control_mode = q_operation & ! inv2_holds)", + "conditionTextRange": [ + 0, + 44 + ], + "component_name": "DRC", + "componentTextRange": [ + 48, + 50 + ], + "timingTextRange": [ + 58, + 78 + ], + "post_condition": "(control_mode = q_scram)", + "responseTextRange": [ + 80, + 109 + ], + "diagramVariables": "TC = (control_mode = q_operation & ! inv2_holds), Response = (control_mode = q_scram).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_operation & ! inv2_holds) is true and any point in the interval where (control_mode = q_operation & ! inv2_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_scram) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_operation & ! inv2_holds) is true and any point in the interval where (control_mode = q_operation & ! inv2_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_scram) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_unexp_ft": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_unexp_pctl": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_SMV_pt": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_SMV_ft": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_MLTL_ft": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_PRISM_pctl": "((control_mode = q_operation) & (! inv2_holds))", + "post_condition_unexp_pt": "(control_mode = q_scram)", + "post_condition_unexp_ft": "(control_mode = q_scram)", + "post_condition_unexp_pctl": "(control_mode = q_scram)", + "post_condition_SMV_pt": "(control_mode = q_scram)", + "post_condition_SMV_ft": "(control_mode = q_scram)", + "post_condition_MLTL_ft": "(control_mode = q_scram)", + "post_condition_PRISM_pctl": "(control_mode = q_scram)", + "ft": "((LAST V (((! ((control_mode = q_operation) & (! inv2_holds))) & ((! LAST) & (X ((control_mode = q_operation) & (! inv2_holds))))) -> (X (LAST | (X (control_mode = q_scram)))))) & (((control_mode = q_operation) & (! inv2_holds)) -> (LAST | (X (control_mode = q_scram)))))", + "pt": "(H ((Y (((control_mode = q_operation) & (! inv2_holds)) & (Z (! ((control_mode = q_operation) & (! inv2_holds)))))) -> ((control_mode = q_scram) | (Z FALSE))))", + "pctl": "P>=1[((G (((! ((control_mode = q_operation) & (! inv2_holds))) & (X ((control_mode = q_operation) & (! inv2_holds)))) => (X (P>=1[(LAST | (X (control_mode = q_scram)))])))) & (((control_mode = q_operation) & (! inv2_holds)) => (P>=1[(LAST | (X (control_mode = q_scram)))])))]", + "ptExpanded": "(H ((Y (((control_mode = q_operation) & (! inv2_holds)) & (Z (! ((control_mode = q_operation) & (! inv2_holds)))))) -> ((control_mode = q_scram) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((control_mode = q_operation) and not (inv2_holds)) and ZtoPre(not (((control_mode = q_operation) and not (inv2_holds)))))) => ((control_mode = q_scram) or ZtoPre(false))))", + "ftExpanded": "((LAST V (((! ((control_mode = q_operation) & (! inv2_holds))) & ((! LAST) & (X ((control_mode = q_operation) & (! inv2_holds))))) -> (X (LAST | (X (control_mode = q_scram)))))) & (((control_mode = q_operation) & (! inv2_holds)) -> (LAST | (X (control_mode = q_scram)))))", + "pctlExpanded": "P>=1[((G (((! ((control_mode = q_operation) & (! inv2_holds))) & (X ((control_mode = q_operation) & (! inv2_holds)))) => (X (P>=1[(false | (X (control_mode = q_scram)))])))) & (((control_mode = q_operation) & (! inv2_holds)) => (P>=1[(false | (X (control_mode = q_scram)))])))]", + "ftInfAUExpanded": "((G (((! ((control_mode = q_operation) & (! inv2_holds))) & (X ((control_mode = q_operation) & (! inv2_holds)))) -> (X (X (control_mode = q_scram))))) & (((control_mode = q_operation) & (! inv2_holds)) -> (X (control_mode = q_scram))))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[2,2] p1))) & (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_operation) & (! inv2_holds))
p1: (control_mode = q_scram)", + "R2U2Code": "((((! ((control_mode == q_operation) && (! inv2_holds))) && (F[1,1] ((control_mode == q_operation) && (! inv2_holds)))) -> (F[2,2] (control_mode == q_scram))) && (((TAU == 0) && ((control_mode == q_operation) && (! inv2_holds))) -> (F[1,1] (control_mode == q_scram))))", + "component": "DRC" + }, + "status": "", + "_id": "68403105-3463-11f1-b848-f314240f620d" + }, + { + "reqid": "DRC_T005_SCRAM_TO_SHUTDOWN", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Upon control_mode = q_scram & manual_reset DRC shall at the next timepoint satisfy control_mode = q_shutdown", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_scram", + "manual_reset", + "q_shutdown" + ], + "qualifier_word": "upon", + "pre_condition": "(control_mode = q_scram & manual_reset)", + "regular_condition": "(control_mode = q_scram & manual_reset)", + "conditionTextRange": [ + 0, + 41 + ], + "component_name": "DRC", + "componentTextRange": [ + 45, + 47 + ], + "timingTextRange": [ + 55, + 75 + ], + "post_condition": "(control_mode = q_shutdown)", + "responseTextRange": [ + 77, + 109 + ], + "diagramVariables": "TC = (control_mode = q_scram & manual_reset), Response = (control_mode = q_shutdown).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_scram & manual_reset) is true and any point in the interval where (control_mode = q_scram & manual_reset) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_shutdown) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_scram & manual_reset) is true and any point in the interval where (control_mode = q_scram & manual_reset) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_shutdown) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_scram) & manual_reset)", + "regular_condition_unexp_ft": "((control_mode = q_scram) & manual_reset)", + "regular_condition_unexp_pctl": "((control_mode = q_scram) & manual_reset)", + "regular_condition_SMV_pt": "((control_mode = q_scram) & manual_reset)", + "regular_condition_SMV_ft": "((control_mode = q_scram) & manual_reset)", + "regular_condition_MLTL_ft": "((control_mode = q_scram) & manual_reset)", + "regular_condition_PRISM_pctl": "((control_mode = q_scram) & manual_reset)", + "post_condition_unexp_pt": "(control_mode = q_shutdown)", + "post_condition_unexp_ft": "(control_mode = q_shutdown)", + "post_condition_unexp_pctl": "(control_mode = q_shutdown)", + "post_condition_SMV_pt": "(control_mode = q_shutdown)", + "post_condition_SMV_ft": "(control_mode = q_shutdown)", + "post_condition_MLTL_ft": "(control_mode = q_shutdown)", + "post_condition_PRISM_pctl": "(control_mode = q_shutdown)", + "ft": "((LAST V (((! ((control_mode = q_scram) & manual_reset)) & ((! LAST) & (X ((control_mode = q_scram) & manual_reset)))) -> (X (LAST | (X (control_mode = q_shutdown)))))) & (((control_mode = q_scram) & manual_reset) -> (LAST | (X (control_mode = q_shutdown)))))", + "pt": "(H ((Y (((control_mode = q_scram) & manual_reset) & (Z (! ((control_mode = q_scram) & manual_reset))))) -> ((control_mode = q_shutdown) | (Z FALSE))))", + "pctl": "P>=1[((G (((! ((control_mode = q_scram) & manual_reset)) & (X ((control_mode = q_scram) & manual_reset))) => (X (P>=1[(LAST | (X (control_mode = q_shutdown)))])))) & (((control_mode = q_scram) & manual_reset) => (P>=1[(LAST | (X (control_mode = q_shutdown)))])))]", + "ptExpanded": "(H ((Y (((control_mode = q_scram) & manual_reset) & (Z (! ((control_mode = q_scram) & manual_reset))))) -> ((control_mode = q_shutdown) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((control_mode = q_scram) and manual_reset) and ZtoPre(not (((control_mode = q_scram) and manual_reset))))) => ((control_mode = q_shutdown) or ZtoPre(false))))", + "ftExpanded": "((LAST V (((! ((control_mode = q_scram) & manual_reset)) & ((! LAST) & (X ((control_mode = q_scram) & manual_reset)))) -> (X (LAST | (X (control_mode = q_shutdown)))))) & (((control_mode = q_scram) & manual_reset) -> (LAST | (X (control_mode = q_shutdown)))))", + "pctlExpanded": "P>=1[((G (((! ((control_mode = q_scram) & manual_reset)) & (X ((control_mode = q_scram) & manual_reset))) => (X (P>=1[(false | (X (control_mode = q_shutdown)))])))) & (((control_mode = q_scram) & manual_reset) => (P>=1[(false | (X (control_mode = q_shutdown)))])))]", + "ftInfAUExpanded": "((G (((! ((control_mode = q_scram) & manual_reset)) & (X ((control_mode = q_scram) & manual_reset))) -> (X (X (control_mode = q_shutdown))))) & (((control_mode = q_scram) & manual_reset) -> (X (control_mode = q_shutdown))))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[2,2] p1))) & (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_scram) & manual_reset)
p1: (control_mode = q_shutdown)", + "R2U2Code": "((((! ((control_mode == q_scram) && manual_reset)) && (F[1,1] ((control_mode == q_scram) && manual_reset))) -> (F[2,2] (control_mode == q_shutdown))) && (((TAU == 0) && ((control_mode == q_scram) && manual_reset)) -> (F[1,1] (control_mode == q_shutdown))))", + "component": "DRC" + }, + "status": "", + "_id": "68403106-3463-11f1-b848-f314240f620d" + }, + { + "reqid": "DRC_S001_SHUTDOWN_STAY", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Whenever control_mode = q_shutdown & !t_avg_above_min DRC shall at the next timepoint satisfy control_mode = q_shutdown", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "holding", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_shutdown", + "t_avg_above_min" + ], + "qualifier_word": "whenever", + "pre_condition": "(control_mode = q_shutdown & ! t_avg_above_min)", + "regular_condition": "(control_mode = q_shutdown & ! t_avg_above_min)", + "conditionTextRange": [ + 0, + 52 + ], + "component_name": "DRC", + "componentTextRange": [ + 56, + 58 + ], + "timingTextRange": [ + 66, + 86 + ], + "post_condition": "(control_mode = q_shutdown)", + "responseTextRange": [ + 88, + 120 + ], + "diagramVariables": "CC = (control_mode = q_shutdown & ! t_avg_above_min), Response = (control_mode = q_shutdown).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_shutdown & ! t_avg_above_min) is true.
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_shutdown) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_shutdown & ! t_avg_above_min) is true.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_shutdown) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_holding_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_unexp_ft": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_unexp_pctl": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_SMV_pt": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_SMV_ft": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_MLTL_ft": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_PRISM_pctl": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "post_condition_unexp_pt": "(control_mode = q_shutdown)", + "post_condition_unexp_ft": "(control_mode = q_shutdown)", + "post_condition_unexp_pctl": "(control_mode = q_shutdown)", + "post_condition_SMV_pt": "(control_mode = q_shutdown)", + "post_condition_SMV_ft": "(control_mode = q_shutdown)", + "post_condition_MLTL_ft": "(control_mode = q_shutdown)", + "post_condition_PRISM_pctl": "(control_mode = q_shutdown)", + "ft": "(LAST V (((control_mode = q_shutdown) & (! t_avg_above_min)) -> (LAST | (X (control_mode = q_shutdown)))))", + "pt": "(H ((Y ((control_mode = q_shutdown) & (! t_avg_above_min))) -> ((control_mode = q_shutdown) | (Z FALSE))))", + "pctl": "P>=1[(G (((control_mode = q_shutdown) & (! t_avg_above_min)) => (P>=1[(LAST | (X (control_mode = q_shutdown)))])))]", + "ptExpanded": "(H ((Y ((control_mode = q_shutdown) & (! t_avg_above_min))) -> ((control_mode = q_shutdown) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre(((control_mode = q_shutdown) and not (t_avg_above_min))) => ((control_mode = q_shutdown) or ZtoPre(false))))", + "ftExpanded": "(LAST V (((control_mode = q_shutdown) & (! t_avg_above_min)) -> (LAST | (X (control_mode = q_shutdown)))))", + "pctlExpanded": "P>=1[(G (((control_mode = q_shutdown) & (! t_avg_above_min)) => (P>=1[(false | (X (control_mode = q_shutdown)))])))]", + "ftInfAUExpanded": "(G (((control_mode = q_shutdown) & (! t_avg_above_min)) -> (X (control_mode = q_shutdown))))", + "mltlExpanded": "(G[0,M] (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_shutdown) & (! t_avg_above_min))
p1: (control_mode = q_shutdown)", + "R2U2Code": "(((control_mode == q_shutdown) && (! t_avg_above_min)) -> (F[1,1] (control_mode == q_shutdown)))", + "component": "DRC" + }, + "status": "", + "_id": "68403107-3463-11f1-b848-f314240f620d" + }, + { + "reqid": "DRC_S002_HEATUP_STAY", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Whenever control_mode = q_heatup & inv1_holds & !(t_avg_in_range & p_above_crit) DRC shall at the next timepoint satisfy control_mode = q_heatup", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "holding", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_heatup", + "inv1_holds", + "t_avg_in_range", + "p_above_crit" + ], + "qualifier_word": "whenever", + "pre_condition": "(control_mode = q_heatup & inv1_holds & ! ( t_avg_in_range & p_above_crit ))", + "regular_condition": "(control_mode = q_heatup & inv1_holds & ! ( t_avg_in_range & p_above_crit ))", + "conditionTextRange": [ + 0, + 79 + ], + "component_name": "DRC", + "componentTextRange": [ + 83, + 85 + ], + "timingTextRange": [ + 93, + 113 + ], + "post_condition": "(control_mode = q_heatup)", + "responseTextRange": [ + 115, + 145 + ], + "diagramVariables": "CC = (control_mode = q_heatup & inv1_holds & ! ( t_avg_in_range & p_above_crit )), Response = (control_mode = q_heatup).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_heatup & inv1_holds & ! ( t_avg_in_range & p_above_crit )) is true.
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_heatup) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_heatup & inv1_holds & ! ( t_avg_in_range & p_above_crit )) is true.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_heatup) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_holding_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_unexp_ft": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_unexp_pctl": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_SMV_pt": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_SMV_ft": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_MLTL_ft": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_PRISM_pctl": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "post_condition_unexp_pt": "(control_mode = q_heatup)", + "post_condition_unexp_ft": "(control_mode = q_heatup)", + "post_condition_unexp_pctl": "(control_mode = q_heatup)", + "post_condition_SMV_pt": "(control_mode = q_heatup)", + "post_condition_SMV_ft": "(control_mode = q_heatup)", + "post_condition_MLTL_ft": "(control_mode = q_heatup)", + "post_condition_PRISM_pctl": "(control_mode = q_heatup)", + "ft": "(LAST V ((((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit))) -> (LAST | (X (control_mode = q_heatup)))))", + "pt": "(H ((Y (((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))) -> ((control_mode = q_heatup) | (Z FALSE))))", + "pctl": "P>=1[(G ((((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit))) => (P>=1[(LAST | (X (control_mode = q_heatup)))])))]", + "ptExpanded": "(H ((Y (((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))) -> ((control_mode = q_heatup) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((control_mode = q_heatup) and inv1_holds) and not ((t_avg_in_range and p_above_crit)))) => ((control_mode = q_heatup) or ZtoPre(false))))", + "ftExpanded": "(LAST V ((((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit))) -> (LAST | (X (control_mode = q_heatup)))))", + "pctlExpanded": "P>=1[(G ((((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit))) => (P>=1[(false | (X (control_mode = q_heatup)))])))]", + "ftInfAUExpanded": "(G ((((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit))) -> (X (control_mode = q_heatup))))", + "mltlExpanded": "(G[0,M] (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: (((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))
p1: (control_mode = q_heatup)", + "R2U2Code": "((((control_mode == q_heatup) && inv1_holds) && (! (t_avg_in_range && p_above_crit))) -> (F[1,1] (control_mode == q_heatup)))", + "component": "DRC" + }, + "status": "", + "_id": "68403108-3463-11f1-b848-f314240f620d" + }, + { + "reqid": "DRC_S003_OPERATION_STAY", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Whenever control_mode = q_operation & inv2_holds DRC shall at the next timepoint satisfy control_mode = q_operation ", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "holding", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_operation", + "inv2_holds" + ], + "qualifier_word": "whenever", + "pre_condition": "(control_mode = q_operation & inv2_holds)", + "regular_condition": "(control_mode = q_operation & inv2_holds)", + "conditionTextRange": [ + 0, + 47 + ], + "component_name": "DRC", + "componentTextRange": [ + 50, + 52 + ], + "timingTextRange": [ + 60, + 80 + ], + "post_condition": "(control_mode = q_operation)", + "responseTextRange": [ + 82, + 115 + ], + "diagramVariables": "CC = (control_mode = q_operation & inv2_holds), Response = (control_mode = q_operation).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_operation & inv2_holds) is true.
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_operation) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_operation & inv2_holds) is true.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_operation) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_holding_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_unexp_ft": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_unexp_pctl": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_SMV_pt": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_SMV_ft": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_MLTL_ft": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_PRISM_pctl": "((control_mode = q_operation) & inv2_holds)", + "post_condition_unexp_pt": "(control_mode = q_operation)", + "post_condition_unexp_ft": "(control_mode = q_operation)", + "post_condition_unexp_pctl": "(control_mode = q_operation)", + "post_condition_SMV_pt": "(control_mode = q_operation)", + "post_condition_SMV_ft": "(control_mode = q_operation)", + "post_condition_MLTL_ft": "(control_mode = q_operation)", + "post_condition_PRISM_pctl": "(control_mode = q_operation)", + "ft": "(LAST V (((control_mode = q_operation) & inv2_holds) -> (LAST | (X (control_mode = q_operation)))))", + "pt": "(H ((Y ((control_mode = q_operation) & inv2_holds)) -> ((control_mode = q_operation) | (Z FALSE))))", + "pctl": "P>=1[(G (((control_mode = q_operation) & inv2_holds) => (P>=1[(LAST | (X (control_mode = q_operation)))])))]", + "ptExpanded": "(H ((Y ((control_mode = q_operation) & inv2_holds)) -> ((control_mode = q_operation) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre(((control_mode = q_operation) and inv2_holds)) => ((control_mode = q_operation) or ZtoPre(false))))", + "ftExpanded": "(LAST V (((control_mode = q_operation) & inv2_holds) -> (LAST | (X (control_mode = q_operation)))))", + "pctlExpanded": "P>=1[(G (((control_mode = q_operation) & inv2_holds) => (P>=1[(false | (X (control_mode = q_operation)))])))]", + "ftInfAUExpanded": "(G (((control_mode = q_operation) & inv2_holds) -> (X (control_mode = q_operation))))", + "mltlExpanded": "(G[0,M] (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_operation) & inv2_holds)
p1: (control_mode = q_operation)", + "R2U2Code": "(((control_mode == q_operation) && inv2_holds) -> (F[1,1] (control_mode == q_operation)))", + "component": "DRC" + }, + "status": "", + "_id": "68403109-3463-11f1-b848-f314240f620d" + }, + { + "reqid": "DRC_I001_INIT_SHUTDOWN", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "DRC shall immediately satisfy control_mode = q_shutdown", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "probability": "null", + "timing": "immediately", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_shutdown" + ], + "component_name": "DRC", + "componentTextRange": [ + 0, + 2 + ], + "timingTextRange": [ + 10, + 20 + ], + "post_condition": "(control_mode = q_shutdown)", + "responseTextRange": [ + 22, + 54 + ], + "diagramVariables": "Response = (control_mode = q_shutdown).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, if trigger holds then (control_mode = q_shutdown) also holds at the same time point.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, if trigger holds then (control_mode = q_shutdown) also holds at the same time point.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_immediately_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "(control_mode = q_shutdown)", + "post_condition_unexp_ft": "(control_mode = q_shutdown)", + "post_condition_unexp_pctl": "(control_mode = q_shutdown)", + "post_condition_SMV_pt": "(control_mode = q_shutdown)", + "post_condition_SMV_ft": "(control_mode = q_shutdown)", + "post_condition_MLTL_ft": "(control_mode = q_shutdown)", + "post_condition_PRISM_pctl": "(control_mode = q_shutdown)", + "ft": "(control_mode = q_shutdown)", + "pt": "(H ((Z FALSE) -> (control_mode = q_shutdown)))", + "pctl": "(P>=1[(control_mode = q_shutdown)])", + "ptExpanded": "(H ((Z FALSE) -> (control_mode = q_shutdown)))", + "CoCoSpecCode": "H((ZtoPre(false) => (control_mode = q_shutdown)))", + "ftExpanded": "(control_mode = q_shutdown)", + "pctlExpanded": "(P>=1[(control_mode = q_shutdown)])", + "ftInfAUExpanded": "(control_mode = q_shutdown)", + "mltlExpanded": "p0", + "WESTMapping": "p0: (control_mode = q_shutdown)", + "R2U2Code": "((TAU == 0) -> (control_mode == q_shutdown))", + "component": "DRC" + }, + "status": "", + "_id": "6840310a-3463-11f1-b848-f314240f620d" + } +] \ No newline at end of file diff --git a/fret-pipeline/.archive/ltl/.gitkeep b/fret-pipeline/.archive/ltl/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/fret-pipeline/.archive/parse_fret_json.py b/fret-pipeline/.archive/parse_fret_json.py new file mode 100755 index 0000000..4242fab --- /dev/null +++ b/fret-pipeline/.archive/parse_fret_json.py @@ -0,0 +1,154 @@ +#!/usr/bin/env python3 +"""Parse FRET JSON export and prepare config for Strix synthesis. + +Reads the fretRequirementsVariables.json exported from FRET and produces +a synthesis config with LTL formulas and input/output variable roles. + +Usage: python3 scripts/parse_fret_json.py specs/fretRequirementsVariables.json [-o config.json] +""" + +import argparse +import json +import re +import sys +from pathlib import Path + +# LTL operators that must stay as-is (Spot parses lowercase for these) +LTL_OPERATORS = {'G', 'F', 'X', 'U', 'R', 'V', 'W', 'M', 'H', 'O', 'Y', 'Z', 'S', 'T'} + + +def lowercase_ltl(formula: str, var_names: set[str]) -> str: + """Lowercase variable names in an LTL formula, preserving operators.""" + def replace_token(match): + token = match.group(0) + if token in LTL_OPERATORS: + return token + if token in var_names or token.lower() in {v.lower() for v in var_names}: + return token.lower() + return token + + return re.sub(r'\b[A-Za-z_]\w*\b', replace_token, formula) + + +def main(): + parser = argparse.ArgumentParser(description='Parse FRET JSON export for synthesis') + parser.add_argument('json_file', type=Path, help='FRET JSON export file') + parser.add_argument('-o', '--output', type=Path, default=None, + help='Output config file (default: /synthesis_config.json)') + parser.add_argument('--ltl-field', default='ftInfAUExpanded', + help='Which LTL field to use (default: ftInfAUExpanded)') + parser.add_argument('--fallback-field', default='ft', + help='Fallback LTL field if primary is missing (default: ft)') + parser.add_argument('--liveness', type=Path, default=None, + help='Path to liveness constraints file (one LTL formula per line)') + args = parser.parse_args() + + data = json.loads(args.json_file.read_text()) + requirements = data.get('requirements', []) + variables = data.get('variables', []) + + if not requirements: + print('Error: no requirements found in JSON', file=sys.stderr) + sys.exit(1) + + # Extract variable I/O roles + # Collect original names for lowercasing LTL formulas + all_var_names = {v['variable_name'] for v in variables} + inputs = [] + outputs = [] + var_info = {} + for v in variables: + name = v['variable_name'] + id_type = v.get('idType', 'Unknown') + var_info[name] = id_type + if id_type == 'Input': + inputs.append(name.lower()) + elif id_type == 'Output': + outputs.append(name.lower()) + else: + print(f'Warning: variable {name} has type "{id_type}", defaulting to input', + file=sys.stderr) + inputs.append(name.lower()) + + # Extract LTL formulas (lowercase variable names for Spot compatibility) + ltl_entries = [] + for req in requirements: + sem = req.get('semantics', {}) + ltl_raw = sem.get(args.ltl_field) or sem.get(args.fallback_field) + ltl = lowercase_ltl(ltl_raw, all_var_names) if ltl_raw else None + + entry = { + 'req_id': req['reqid'], + 'fulltext': req['fulltext'], + 'project': req.get('project', ''), + 'component': sem.get('component', ''), + 'ltl': ltl, + 'ltl_original': ltl_raw, + 'variables': sem.get('variables', []), + } + + if not ltl: + entry['error'] = f'No LTL found in fields {args.ltl_field} or {args.fallback_field}' + + ltl_entries.append(entry) + + # Determine spec name from project/component + projects = {req.get('project', '') for req in requirements} + components = {req.get('semantics', {}).get('component', '') for req in requirements} + spec_name = f'{"-".join(sorted(projects))}_{"-".join(sorted(components))}'.strip('_-') + if not spec_name: + spec_name = args.json_file.stem + + # Load liveness constraints if provided + liveness = [] + if args.liveness and args.liveness.exists(): + for line in args.liveness.read_text().strip().split('\n'): + line = line.strip() + if line and not line.startswith('#'): + liveness.append(lowercase_ltl(line, all_var_names)) + + # Build conjoined formula + all_ltl = [e['ltl'] for e in ltl_entries if e.get('ltl')] + all_ltl.extend(liveness) + conjoined = ' & '.join(f'({f})' for f in all_ltl) if all_ltl else None + + config = { + '_comment': 'Generated from FRET JSON export. Ready for ltlsynt synthesis.', + 'spec_name': spec_name, + 'source_file': str(args.json_file), + 'inputs': sorted(inputs), + 'outputs': sorted(outputs), + 'requirements': ltl_entries, + 'liveness_constraints': liveness, + 'conjoined_ltl': conjoined, + } + + output_path = args.output or (args.json_file.parent / 'synthesis_config.json') + output_path.write_text(json.dumps(config, indent=2) + '\n') + + # Summary + print(f'Parsed {len(requirements)} requirements from FRET JSON') + print(f'LTL field: {args.ltl_field} (fallback: {args.fallback_field})') + print() + print(f'Inputs ({len(inputs)}): {", ".join(sorted(inputs))}') + print(f'Outputs ({len(outputs)}): {", ".join(sorted(outputs))}') + print() + + for e in ltl_entries: + status = 'ok' if e.get('ltl') else 'MISSING' + print(f' [{status}] {e["req_id"]}: {e["fulltext"][:80]}') + + errors = [e for e in ltl_entries if not e.get('ltl')] + if errors: + print(f'\n{len(errors)} requirements missing LTL formulas') + + if liveness: + print(f'\nLiveness constraints ({len(liveness)}):') + for l in liveness: + print(f' + {l}') + + print(f'\nConfig written to: {output_path}') + + +if __name__ == '__main__': + main() diff --git a/fret-pipeline/.archive/parse_smv.py b/fret-pipeline/.archive/parse_smv.py new file mode 100644 index 0000000..ad3174d --- /dev/null +++ b/fret-pipeline/.archive/parse_smv.py @@ -0,0 +1,284 @@ +#!/usr/bin/env python3 +"""Parse FRET SMV exports and extract requirements, variables, and LTL formulas. + +Reads .smv files from a directory (e.g., specs/DRC/) and produces a JSON +config file with extracted requirements and inferred input/output roles. +The user can review and adjust the config before synthesis. +""" + +import argparse +import json +import re +import sys +from pathlib import Path + + +def parse_smv_file(path: Path) -> dict: + """Parse a single FRET-exported SMV file.""" + text = path.read_text() + + # Extract variables + var_section = re.search(r'VAR\s*(.*?)\s*DEFINE', text, re.DOTALL) + variables = [] + if var_section: + for match in re.finditer(r'(\w+)\s*:\s*boolean', var_section.group(1)): + variables.append(match.group(1)) + + # Extract requirement text and LTLSPEC formulas + req_texts = set() + specs = [] + for match in re.finditer( + r'--\s*Req text:\s*(.*?)\n\s*LTLSPEC\s+NAME\s+([\w-]+)\s*:=\s*(.*?)\s*;', + text + ): + req_text = match.group(1).strip() + spec_name = match.group(2) + formula = match.group(3).strip() + req_texts.add(req_text) + specs.append({ + 'name': spec_name, + 'formula': formula, + }) + + # Extract requirement ID from filename + req_id_match = re.search(r'(\w+-\d+)', path.stem) + req_id = req_id_match.group(1) if req_id_match else path.stem + + return { + 'file': path.name, + 'req_id': req_id, + 'req_texts': sorted(req_texts), + 'variables': variables, + 'ltlspecs': specs, + } + + +# FRETish pattern → LTL conversion +FRETISH_PATTERNS = [ + # "shall initially satisfy P" + (r'shall initially satisfy (.+)', + lambda m: m.group(1).strip()), + + # "While S If C shall immediately satisfy P" + (r'[Ww]hile (.+?) [Ii]f (.+?) \w+ shall immediately satisfy (.+)', + lambda m: f'G((({m.group(1)}) & ({m.group(2)})) -> X({m.group(3).strip()}))'), + + # "While S If C shall at the next timepoint satisfy P" + (r'[Ww]hile (.+?) [Ii]f (.+?) \w+ shall at the next timepoint satisfy (.+)', + lambda m: f'G((({m.group(1)}) & ({m.group(2)})) -> X({m.group(3).strip()}))'), + + # "While S If C shall always satisfy P" + (r'[Ww]hile (.+?) [Ii]f (.+?) \w+ shall always satisfy (.+)', + lambda m: f'G((({m.group(1)}) & ({m.group(2)})) -> ({m.group(3).strip()}))'), + + # "If C shall immediately satisfy P" + (r'[Ii]f (.+?) \w+ shall immediately satisfy (.+)', + lambda m: f'G(({m.group(1)}) -> X({m.group(2).strip()}))'), + + # "if C shall at the next timepoint satisfy P" + (r'[Ii]f (.+?) \w+ shall at the next timepoint satisfy (.+)', + lambda m: f'G(({m.group(1)}) -> X({m.group(2).strip()}))'), + + # "When C shall always satisfy P" + (r'[Ww]hen (.+?) \w+ shall always satisfy (.+)', + lambda m: f'G(({m.group(1)}) -> X(G({m.group(2).strip()})))'), + + # "While C shall always satisfy P" + (r'[Ww]hile (.+?) \w+ shall always satisfy (.+)', + lambda m: f'G(({m.group(1)}) -> ({m.group(2).strip()}))'), + + # "shall always satisfy P" (no condition) + (r'shall always satisfy (.+)', + lambda m: f'G({m.group(1).strip()})'), +] + + +def fretish_to_ltl(text: str) -> tuple[str | None, str | None, str | None]: + """Convert FRETish requirement text to LTL. + + Returns (ltl_formula, condition_var, satisfaction_expr) or (None, None, None). + """ + for pattern, converter in FRETISH_PATTERNS: + match = re.search(pattern, text) + if match: + ltl = converter(match) + # Extract condition variable (if any) + cond_match = re.search(r'(?:[Ii]f|[Ww]hen|[Ww]hile)\s+(!?\w+)', text) + cond_var = cond_match.group(1) if cond_match else None + # Extract satisfaction expression + sat_match = re.search(r'satisfy\s+(.+)', text) + sat_expr = sat_match.group(1).strip() if sat_match else None + return ltl, cond_var, sat_expr + return None, None, None + + +def extract_variables_from_expr(expr: str) -> set[str]: + """Extract variable names from an LTL/boolean expression.""" + # Remove LTL operators and punctuation + cleaned = re.sub(r'\b(G|F|X|U|R|W)\b', ' ', expr) + cleaned = re.sub(r'[()!&|>\-]', ' ', cleaned) + return {w for w in cleaned.split() if w and not w.startswith('!')} + + +def infer_io_roles(requirements: list[dict]) -> dict[str, dict]: + """Infer input/output roles from FRETish patterns. + + Returns {var_name: {'role': 'input'|'output'|'conflict', 'reasons': [...]}}. + """ + var_roles: dict[str, dict] = {} + + for req in requirements: + for text in req['req_texts']: + _, cond_var, sat_expr = fretish_to_ltl(text) + + # Condition variables → likely inputs + # Also extract from "While X" scope conditions + cond_vars = set() + if cond_var: + cond_vars.update(extract_variables_from_expr(cond_var)) + scope_match = re.search(r'[Ww]hile\s+(.+?)\s+(?:[Ii]f|shall)', text) + if scope_match: + cond_vars.update(extract_variables_from_expr(scope_match.group(1))) + trigger_match = re.search(r'[Ii]f\s+(.+?)\s+\w+\s+shall', text) + if trigger_match: + cond_vars.update(extract_variables_from_expr(trigger_match.group(1))) + + for cv in cond_vars: + if cv not in var_roles: + var_roles[cv] = {'input_reasons': [], 'output_reasons': []} + var_roles[cv]['input_reasons'].append( + f'{req["req_id"]}: condition in "{text}"' + ) + + # Variables in satisfaction expression → likely output + if sat_expr: + for var in extract_variables_from_expr(sat_expr): + if var not in var_roles: + var_roles[var] = {'input_reasons': [], 'output_reasons': []} + var_roles[var]['output_reasons'].append( + f'{req["req_id"]}: satisfaction in "{text}"' + ) + + # Classify + result = {} + for var, info in var_roles.items(): + has_input = bool(info['input_reasons']) + has_output = bool(info['output_reasons']) + if has_input and has_output: + role = 'conflict' + elif has_input: + role = 'input' + else: + role = 'output' + result[var] = { + 'role': role, + 'input_reasons': info['input_reasons'], + 'output_reasons': info['output_reasons'], + } + + return result + + +def main(): + parser = argparse.ArgumentParser(description='Parse FRET SMV exports') + parser.add_argument('spec_dir', type=Path, help='Directory containing .smv files') + parser.add_argument('-o', '--output', type=Path, default=None, + help='Output JSON config file (default: /config.json)') + args = parser.parse_args() + + if not args.spec_dir.is_dir(): + print(f'Error: {args.spec_dir} is not a directory', file=sys.stderr) + sys.exit(1) + + smv_files = sorted(args.spec_dir.glob('*.smv')) + if not smv_files: + print(f'Error: no .smv files found in {args.spec_dir}', file=sys.stderr) + sys.exit(1) + + # Parse all SMV files + requirements = [parse_smv_file(f) for f in smv_files] + + # Convert FRETish to LTL + ltl_formulas = [] + for req in requirements: + for text in req['req_texts']: + ltl, _, _ = fretish_to_ltl(text) + if ltl: + ltl_formulas.append({ + 'req_id': req['req_id'], + 'fretish': text, + 'ltl': ltl, + }) + else: + ltl_formulas.append({ + 'req_id': req['req_id'], + 'fretish': text, + 'ltl': None, + 'error': 'Could not convert FRETish to LTL — manual entry needed', + }) + + # Infer I/O roles + io_roles = infer_io_roles(requirements) + + # Collect all variables + all_vars = set() + for req in requirements: + all_vars.update(req['variables']) + + # Add any variables found in formulas but not in VAR sections + for entry in ltl_formulas: + if entry['ltl']: + all_vars.update(extract_variables_from_expr(entry['ltl'])) + + # Build config + config = { + '_comment': 'Generated by parse_smv.py. Review and edit variable roles before synthesis.', + 'spec_name': args.spec_dir.name, + 'variables': {}, + 'requirements': ltl_formulas, + } + + for var in sorted(all_vars): + role_info = io_roles.get(var, {'role': 'unknown', 'input_reasons': [], 'output_reasons': []}) + config['variables'][var] = { + 'role': role_info['role'], + 'input_reasons': role_info['input_reasons'], + 'output_reasons': role_info['output_reasons'], + } + + # Output + output_path = args.output or (args.spec_dir / 'config.json') + output_path.write_text(json.dumps(config, indent=2) + '\n') + + # Summary + print(f'Parsed {len(smv_files)} SMV files') + print(f'Found {len(ltl_formulas)} requirements') + print(f'Found {len(all_vars)} variables:') + for var in sorted(all_vars): + role = io_roles.get(var, {}).get('role', 'unknown') + marker = ' ⚠ CONFLICT' if role == 'conflict' else '' + print(f' {var}: {role}{marker}') + + unconverted = [e for e in ltl_formulas if e['ltl'] is None] + if unconverted: + print(f'\n⚠ {len(unconverted)} requirements could not be auto-converted:') + for e in unconverted: + print(f' {e["req_id"]}: {e["fretish"]}') + + conflicts = [v for v, info in io_roles.items() if info['role'] == 'conflict'] + if conflicts: + print(f'\n⚠ {len(conflicts)} variables have conflicting roles (appear as both input and output):') + for v in conflicts: + print(f' {v}') + for r in io_roles[v]['input_reasons']: + print(f' INPUT: {r}') + for r in io_roles[v]['output_reasons']: + print(f' OUTPUT: {r}') + print('\nPlease resolve conflicts in the config file before synthesis.') + + print(f'\nConfig written to: {output_path}') + print('Review the config, resolve any conflicts, then run synthesize.py') + + +if __name__ == '__main__': + main() diff --git a/fret-pipeline/.archive/specs/DRC.zip b/fret-pipeline/.archive/specs/DRC.zip new file mode 100644 index 0000000..015e8fe Binary files /dev/null and b/fret-pipeline/.archive/specs/DRC.zip differ diff --git a/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0000.smv b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0000.smv new file mode 100644 index 0000000..52fb1d6 --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0000.smv @@ -0,0 +1,19 @@ +-- DRCSpec +MODULE main + VAR + + + Cold_Shutdown: boolean; + SCRAM: boolean; + + + DEFINE + + + + -- Req text: DRC shall initially satisfy (Cold_Shutdown & !SCRAM) + LTLSPEC NAME PWR-0000_Cold_Shutdown_0 := (! (Cold_Shutdown & (! SCRAM))); + + -- Req text: DRC shall initially satisfy (Cold_Shutdown & !SCRAM) + LTLSPEC NAME PWR-0000_SCRAM_0 := (! (Cold_Shutdown & (! SCRAM))); + \ No newline at end of file diff --git a/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0100.smv b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0100.smv new file mode 100644 index 0000000..81689cc --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0100.smv @@ -0,0 +1,28 @@ +-- DRCSpec +MODULE main + VAR + + + OP_MODE: boolean; + SCRAM: boolean; + + + DEFINE + + + + -- Req text: If SCRAM DRC shall immediately satisfy !OP_MODE + LTLSPEC NAME PWR-0100_SCRAM_0 := (! ((G ((SCRAM | (X (! SCRAM))) | (X (! OP_MODE)))) & ((! SCRAM) & (! (! OP_MODE))))); + + -- Req text: If SCRAM DRC shall immediately satisfy !OP_MODE + LTLSPEC NAME PWR-0100_SCRAM_1 := (! (((G ((SCRAM | (X (! SCRAM))) | (X (! OP_MODE)))) & (F (((! SCRAM) & (X (! SCRAM))) & (! (X (! OP_MODE)))))) & ((! SCRAM) | (! OP_MODE)))); + + -- Req text: If SCRAM DRC shall immediately satisfy !OP_MODE + LTLSPEC NAME PWR-0100_SCRAM_2 := (! (((G ((SCRAM | (X (! SCRAM))) | (X (! OP_MODE)))) & (F ((SCRAM & (! (X (! SCRAM)))) & (! (X (! OP_MODE)))))) & ((! SCRAM) | (! OP_MODE)))); + + -- Req text: If SCRAM DRC shall immediately satisfy !OP_MODE + LTLSPEC NAME PWR-0100_OP_MODE_0 := (! ((G ((SCRAM | (X (! SCRAM))) | (X (! OP_MODE)))) & ((! (! SCRAM)) & (! OP_MODE)))); + + -- Req text: If SCRAM DRC shall immediately satisfy !OP_MODE + LTLSPEC NAME PWR-0100_OP_MODE_1 := (! (((G ((SCRAM | (X (! SCRAM))) | (X (! OP_MODE)))) & (F ((! (SCRAM | (X (! SCRAM)))) & (X (! OP_MODE))))) & ((! SCRAM) | (! OP_MODE)))); + \ No newline at end of file diff --git a/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0102.smv b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0102.smv new file mode 100644 index 0000000..648953f --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0102.smv @@ -0,0 +1,27 @@ +-- DRCSpec +MODULE main + VAR + + + SCRAM: boolean; + + + DEFINE + + + + -- Req text: If SCRAM DRC shall always satisfy SCRAM + LTLSPEC NAME PWR-0102_SCRAM_0 := (! ((G ((SCRAM | (X (! SCRAM))) | (X (G SCRAM)))) & ((! (! SCRAM)) & ((G SCRAM) & (F SCRAM))))); + + -- Req text: If SCRAM DRC shall always satisfy SCRAM + LTLSPEC NAME PWR-0102_SCRAM_1 := (! ((G ((SCRAM | (X (! SCRAM))) | (X (G SCRAM)))) & ((! SCRAM) & (! (G SCRAM))))); + + -- Req text: If SCRAM DRC shall always satisfy SCRAM + LTLSPEC NAME PWR-0102_SCRAM_2 := (! (((G ((SCRAM | (X (! SCRAM))) | (X (G SCRAM)))) & (F ((! (SCRAM | (X (! SCRAM)))) & (X ((G SCRAM) & (F SCRAM)))))) & ((! SCRAM) | (G SCRAM)))); + + -- Req text: If SCRAM DRC shall always satisfy SCRAM + LTLSPEC NAME PWR-0102_SCRAM_3 := (! (((G ((SCRAM | (X (! SCRAM))) | (X (G SCRAM)))) & (F (((! SCRAM) & (X (! SCRAM))) & (! (X (G SCRAM)))))) & ((! SCRAM) | (G SCRAM)))); + + -- Req text: If SCRAM DRC shall always satisfy SCRAM + LTLSPEC NAME PWR-0102_SCRAM_4 := (! (((G ((SCRAM | (X (! SCRAM))) | (X (G SCRAM)))) & (F ((SCRAM & (! (X (! SCRAM)))) & (! (X (G SCRAM)))))) & ((! SCRAM) | (G SCRAM)))); + \ No newline at end of file diff --git a/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0200.smv b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0200.smv new file mode 100644 index 0000000..2224e6a --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0200.smv @@ -0,0 +1,23 @@ +-- DRCSpec +MODULE main + VAR + + + Heatup: boolean; + Load_Follow: boolean; + OP_MODE: boolean; + + + DEFINE + + + + -- Req text: While OP_MODE DRC shall always satisfy Heatup | Load_Follow + LTLSPEC NAME PWR-0200_OP_MODE_0 := (! ((G ((! OP_MODE) | (Heatup | Load_Follow))) & (F ((! OP_MODE) & (! (Heatup | Load_Follow)))))); + + -- Req text: While OP_MODE DRC shall always satisfy Heatup | Load_Follow + LTLSPEC NAME PWR-0200_Heatup_0 := (! ((G ((! OP_MODE) | (Heatup | Load_Follow))) & (F ((! (! OP_MODE)) & (Heatup & (! Load_Follow)))))); + + -- Req text: While OP_MODE DRC shall always satisfy Heatup | Load_Follow + LTLSPEC NAME PWR-0200_Load_Follow_0 := (! ((G ((! OP_MODE) | (Heatup | Load_Follow))) & (F ((! (! OP_MODE)) & ((! Heatup) & Load_Follow))))); + \ No newline at end of file diff --git a/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0201.smv b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0201.smv new file mode 100644 index 0000000..6eeb64c --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0201.smv @@ -0,0 +1,49 @@ +-- DRCSpec +MODULE main + VAR + + + Cold_Shutdown: boolean; + Heatup: boolean; + Load_Follow: boolean; + OP_MODE: boolean; + SCRAM: boolean; + + + DEFINE + + + + -- Req text: When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown) + LTLSPEC NAME PWR-0201_OP_MODE_0 := (! ((G ((OP_MODE | (X (! OP_MODE))) | (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))) & ((! OP_MODE) & (! (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))))))); + + -- Req text: When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown) + LTLSPEC NAME PWR-0201_OP_MODE_1 := (! (((G ((OP_MODE | (X (! OP_MODE))) | (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))) & (F (((! OP_MODE) & (X (! OP_MODE))) & (! (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))))) & ((! OP_MODE) | (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))); + + -- Req text: When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown) + LTLSPEC NAME PWR-0201_OP_MODE_2 := (! (((G ((OP_MODE | (X (! OP_MODE))) | (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))) & (F ((OP_MODE & (! (X (! OP_MODE)))) & (! (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))))) & ((! OP_MODE) | (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))); + + -- Req text: When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown) + LTLSPEC NAME PWR-0201_Heatup_0 := (! ((G ((OP_MODE | (X (! OP_MODE))) | (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))) & ((! (! OP_MODE)) & ((G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))) & (F ((Heatup & (! Load_Follow)) & ((! SCRAM) & (! Cold_Shutdown)))))))); + + -- Req text: When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown) + LTLSPEC NAME PWR-0201_Heatup_1 := (! (((G ((OP_MODE | (X (! OP_MODE))) | (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))) & (F ((! (OP_MODE | (X (! OP_MODE)))) & (X ((G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))) & (F ((Heatup & (! Load_Follow)) & ((! SCRAM) & (! Cold_Shutdown))))))))) & ((! OP_MODE) | (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))); + + -- Req text: When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown) + LTLSPEC NAME PWR-0201_Load_Follow_0 := (! ((G ((OP_MODE | (X (! OP_MODE))) | (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))) & ((! (! OP_MODE)) & ((G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))) & (F (((! Heatup) & Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))))))); + + -- Req text: When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown) + LTLSPEC NAME PWR-0201_Load_Follow_1 := (! (((G ((OP_MODE | (X (! OP_MODE))) | (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))) & (F ((! (OP_MODE | (X (! OP_MODE)))) & (X ((G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))) & (F (((! Heatup) & Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))))) & ((! OP_MODE) | (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))); + + -- Req text: When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown) + LTLSPEC NAME PWR-0201_SCRAM_0 := (! ((G ((OP_MODE | (X (! OP_MODE))) | (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))) & ((! (! OP_MODE)) & ((G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))) & (F ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))))))); + + -- Req text: When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown) + LTLSPEC NAME PWR-0201_SCRAM_1 := (! (((G ((OP_MODE | (X (! OP_MODE))) | (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))) & (F ((! (OP_MODE | (X (! OP_MODE)))) & (X ((G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))) & (F ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))))) & ((! OP_MODE) | (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))); + + -- Req text: When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown) + LTLSPEC NAME PWR-0201_Cold_Shutdown_0 := (! ((G ((OP_MODE | (X (! OP_MODE))) | (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))) & ((! (! OP_MODE)) & ((G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))) & (F ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))))))); + + -- Req text: When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown) + LTLSPEC NAME PWR-0201_Cold_Shutdown_1 := (! (((G ((OP_MODE | (X (! OP_MODE))) | (X (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))) & (F ((! (OP_MODE | (X (! OP_MODE)))) & (X ((G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown)))) & (F ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))))) & ((! OP_MODE) | (G ((Heatup | Load_Follow) & ((! SCRAM) & (! Cold_Shutdown))))))); + \ No newline at end of file diff --git a/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0202.smv b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0202.smv new file mode 100644 index 0000000..3de9bbc --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-0202.smv @@ -0,0 +1,23 @@ +-- DRCSpec +MODULE main + VAR + + + Heatup: boolean; + Load_Follow: boolean; + OP_MODE: boolean; + + + DEFINE + + + + -- Req text: While !OP_MODE DRC shall always satisfy (Heatup | Load_Follow) + LTLSPEC NAME PWR-0202_OP_MODE_0 := (! ((G (OP_MODE | (Heatup | Load_Follow))) & (F (OP_MODE & (! (Heatup | Load_Follow)))))); + + -- Req text: While !OP_MODE DRC shall always satisfy (Heatup | Load_Follow) + LTLSPEC NAME PWR-0202_Heatup_0 := (! ((G (OP_MODE | (Heatup | Load_Follow))) & (F ((! OP_MODE) & (Heatup & (! Load_Follow)))))); + + -- Req text: While !OP_MODE DRC shall always satisfy (Heatup | Load_Follow) + LTLSPEC NAME PWR-0202_Load_Follow_0 := (! ((G (OP_MODE | (Heatup | Load_Follow))) & (F ((! OP_MODE) & ((! Heatup) & Load_Follow))))); + \ No newline at end of file diff --git a/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-2001.smv b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-2001.smv new file mode 100644 index 0000000..00e3bc7 --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-2001.smv @@ -0,0 +1,145 @@ +-- DRCSpec +MODULE main + VAR + + STARTUP:boolean; + + Cold_Shutdown: boolean; + Heatup: boolean; + OP_MODE: boolean; + SCRAM: boolean; + + + DEFINE + + + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_0 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! Cold_Shutdown) | (! STARTUP))) & (((! SCRAM) & (X SCRAM)) & (! (X (OP_MODE & Heatup))))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_1 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! Cold_Shutdown) | (! STARTUP))) & (((! SCRAM) & (X SCRAM)) & (! (X (OP_MODE & Heatup))))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_2 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & ((! SCRAM) & (X (! SCRAM))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_3 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM & (! (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_4 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X (((! SCRAM) & (X SCRAM)) & (! (X (OP_MODE & Heatup))))) & (SCRAM | (X (! SCRAM))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_5 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X (((! SCRAM) & (X SCRAM)) & (! (X (OP_MODE & Heatup))))) & (SCRAM | (X (! SCRAM))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_6 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((! (Cold_Shutdown & STARTUP)) & ((! (X ((! Cold_Shutdown) | (! STARTUP)))) & ((! SCRAM) & (X SCRAM)))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_7 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((! (Cold_Shutdown & STARTUP)) & ((! (X ((! Cold_Shutdown) | (! STARTUP)))) & ((! SCRAM) & (X SCRAM)))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_8 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((((! SCRAM) & (X SCRAM)) -> ((! SCRAM) & (X SCRAM))) U (! (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_9 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((((! SCRAM) & (X SCRAM)) -> ((! SCRAM) & (X SCRAM))) U (! (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_10 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (SCRAM & (! ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_11 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! Cold_Shutdown) | (! STARTUP))) & (((! SCRAM) & (X SCRAM)) & (! (X (OP_MODE & Heatup)))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_12 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! Cold_Shutdown) | (! STARTUP))) & (((! SCRAM) & (X SCRAM)) & (! (X (OP_MODE & Heatup)))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_13 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & ((! SCRAM) & (X (! SCRAM))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_14 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM & (! (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_15 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X (((! SCRAM) & (X SCRAM)) & (! (X (OP_MODE & Heatup))))) & (SCRAM | (X (! SCRAM))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_16 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X (((! SCRAM) & (X SCRAM)) & (! (X (OP_MODE & Heatup))))) & (SCRAM | (X (! SCRAM))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_17 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((! (Cold_Shutdown & STARTUP)) & ((! (X ((! Cold_Shutdown) | (! STARTUP)))) & ((! SCRAM) & (X SCRAM)))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_18 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((! (Cold_Shutdown & STARTUP)) & ((! (X ((! Cold_Shutdown) | (! STARTUP)))) & ((! SCRAM) & (X SCRAM)))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_19 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((((! SCRAM) & (X SCRAM)) -> ((! SCRAM) & (X SCRAM))) U (! (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_20 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((((! SCRAM) & (X SCRAM)) -> ((! SCRAM) & (X SCRAM))) U (! (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_21 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F (((! (! SCRAM)) & (X SCRAM)) & (! (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_SCRAM_22 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F (((! SCRAM) & (! (X SCRAM))) & (! (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_Cold_Shutdown_0 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) & (! (! STARTUP))) & (! (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_Cold_Shutdown_1 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((! (Cold_Shutdown & STARTUP)) & ((X ((! Cold_Shutdown) & (! (! STARTUP)))) & (! ((! SCRAM) & (X SCRAM))))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_Cold_Shutdown_2 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((Cold_Shutdown & STARTUP) & (! ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_Cold_Shutdown_3 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) & (! (! STARTUP))) & (! (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_Cold_Shutdown_4 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((! (Cold_Shutdown & STARTUP)) & ((X ((! Cold_Shutdown) & (! (! STARTUP)))) & (! ((! SCRAM) & (X SCRAM))))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_Cold_Shutdown_5 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((Cold_Shutdown & STARTUP) & (! ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_STARTUP_0 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! (! Cold_Shutdown)) & (! STARTUP)) & (! (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_STARTUP_1 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((! (Cold_Shutdown & STARTUP)) & ((X ((! (! Cold_Shutdown)) & (! STARTUP))) & (! ((! SCRAM) & (X SCRAM))))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_STARTUP_2 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((Cold_Shutdown & STARTUP) & (! ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_STARTUP_3 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! (! Cold_Shutdown)) & (! STARTUP)) & (! (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_STARTUP_4 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((! (Cold_Shutdown & STARTUP)) & ((X ((! (! Cold_Shutdown)) & (! STARTUP))) & (! ((! SCRAM) & (X SCRAM))))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_STARTUP_5 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U (((Cold_Shutdown & STARTUP) & (! ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & (! ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_OP_MODE_0 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! Cold_Shutdown) | (! STARTUP))) & ((! ((! SCRAM) & (X SCRAM))) & (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_OP_MODE_1 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X ((! ((! SCRAM) & (X SCRAM))) & (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_OP_MODE_2 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! Cold_Shutdown) | (! STARTUP))) & ((! ((! SCRAM) & (X SCRAM))) & (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_OP_MODE_3 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X ((! ((! SCRAM) & (X SCRAM))) & (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_Heatup_0 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! Cold_Shutdown) | (! STARTUP))) & ((! ((! SCRAM) & (X SCRAM))) & (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_Heatup_1 := (! ((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) & (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X ((! ((! SCRAM) & (X SCRAM))) & (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_Heatup_2 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! Cold_Shutdown) | (! STARTUP))) & ((! ((! SCRAM) & (X SCRAM))) & (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + + -- Req text: While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup + LTLSPEC NAME PWR-2001_Heatup_3 := (! (((G (((! SCRAM) | (X SCRAM)) | (X ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & (F ((! ((! SCRAM) | (X SCRAM))) & (X (((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & ((! ((! SCRAM) & (X SCRAM))) U ((! ((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM))))) & ((X ((! ((! SCRAM) & (X SCRAM))) & (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM))))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup))))))))) & (SCRAM | ((((! SCRAM) & (X SCRAM)) V (((Cold_Shutdown & STARTUP) | ((X ((! Cold_Shutdown) | (! STARTUP))) | ((! SCRAM) & (X SCRAM)))) | ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (SCRAM | (X (! SCRAM)))))) & (((! Cold_Shutdown) | (! STARTUP)) | (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))); + \ No newline at end of file diff --git a/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-3001.smv b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-3001.smv new file mode 100644 index 0000000..172b17e --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-3001.smv @@ -0,0 +1,113 @@ +-- DRCSpec +MODULE main + VAR + + t_dot_exceeded:boolean; + + Heatup: boolean; + SCRAM: boolean; + + + DEFINE + + + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_0 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (! t_dot_exceeded)) & ((Heatup & (X (! Heatup))) & (! (X SCRAM)))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_1 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (! t_dot_exceeded)) & ((Heatup & (X (! Heatup))) & (! (X SCRAM)))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_2 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! (! Heatup)) & (X Heatup)))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_3 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) & (! (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_4 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) & (! (X SCRAM)))) & ((! Heatup) | (X Heatup)))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_5 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) & (! (X SCRAM)))) & ((! Heatup) | (X Heatup)))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_6 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_dot_exceeded) & ((! (X (! t_dot_exceeded))) & (Heatup & (X (! Heatup))))) & (! ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_7 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_dot_exceeded) & ((! (X (! t_dot_exceeded))) & (Heatup & (X (! Heatup))))) & (! ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_8 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & (((Heatup & (X (! Heatup))) -> (Heatup & (X (! Heatup)))) U (! ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_9 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & (((Heatup & (X (! Heatup))) -> (Heatup & (X (! Heatup)))) U (! ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_10 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! Heatup) & (! (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_11 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (! t_dot_exceeded)) & ((Heatup & (X (! Heatup))) & (! (X SCRAM))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_12 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (! t_dot_exceeded)) & ((Heatup & (X (! Heatup))) & (! (X SCRAM))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_13 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! (! Heatup)) & (X Heatup)))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_14 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) & (! (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_15 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) & (! (X SCRAM)))) & ((! Heatup) | (X Heatup)))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_16 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) & (! (X SCRAM)))) & ((! Heatup) | (X Heatup)))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_17 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_dot_exceeded) & ((! (X (! t_dot_exceeded))) & (Heatup & (X (! Heatup))))) & (! ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_18 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_dot_exceeded) & ((! (X (! t_dot_exceeded))) & (Heatup & (X (! Heatup))))) & (! ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_19 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & (((Heatup & (X (! Heatup))) -> (Heatup & (X (! Heatup)))) U (! ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_20 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & (((Heatup & (X (! Heatup))) -> (Heatup & (X (! Heatup)))) U (! ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_21 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F (((! Heatup) & (X (! Heatup))) & (! (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_Heatup_22 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((Heatup & (! (X (! Heatup)))) & (! (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_t_dot_exceeded_0 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) & (! ((Heatup & (X (! Heatup))) | (X SCRAM)))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_t_dot_exceeded_1 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_dot_exceeded) & ((X (! t_dot_exceeded)) & (! (Heatup & (X (! Heatup)))))) & (! ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_t_dot_exceeded_2 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((t_dot_exceeded & (! ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & (! ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_t_dot_exceeded_3 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) & (! ((Heatup & (X (! Heatup))) | (X SCRAM))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_t_dot_exceeded_4 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_dot_exceeded) & ((X (! t_dot_exceeded)) & (! (Heatup & (X (! Heatup)))))) & (! ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_t_dot_exceeded_5 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((t_dot_exceeded & (! ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & (! ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_SCRAM_0 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (! t_dot_exceeded)) & ((! (Heatup & (X (! Heatup)))) & (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_SCRAM_1 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & ((X ((! (Heatup & (X (! Heatup)))) & (X SCRAM))) & ((! Heatup) | (X Heatup)))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_SCRAM_2 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (! t_dot_exceeded)) & ((! (Heatup & (X (! Heatup)))) & (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + + -- Req text: While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3001_SCRAM_3 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup)))))) & ((X ((! (Heatup & (X (! Heatup)))) & (X SCRAM))) & ((! Heatup) | (X Heatup)))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM)))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_dot_exceeded | ((X (! t_dot_exceeded)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & ((! Heatup) | (X Heatup))))) & ((! t_dot_exceeded) | ((Heatup & (X (! Heatup))) | (X SCRAM))))))); + \ No newline at end of file diff --git a/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-3002.smv b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-3002.smv new file mode 100644 index 0000000..762ecb1 --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-3002.smv @@ -0,0 +1,28 @@ +-- DRCSpec +MODULE main + VAR + + t_max_exceeded:boolean; + + SCRAM: boolean; + + + DEFINE + + + + -- Req text: if t_max_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3002_t_max_exceeded_0 := (! ((G ((t_max_exceeded | (X (! t_max_exceeded))) | (X (X SCRAM)))) & ((! t_max_exceeded) & (! (X SCRAM))))); + + -- Req text: if t_max_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3002_t_max_exceeded_1 := (! (((G ((t_max_exceeded | (X (! t_max_exceeded))) | (X (X SCRAM)))) & (F (((! t_max_exceeded) & (X (! t_max_exceeded))) & (! (X (X SCRAM)))))) & ((! t_max_exceeded) | (X SCRAM)))); + + -- Req text: if t_max_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3002_t_max_exceeded_2 := (! (((G ((t_max_exceeded | (X (! t_max_exceeded))) | (X (X SCRAM)))) & (F ((t_max_exceeded & (! (X (! t_max_exceeded)))) & (! (X (X SCRAM)))))) & ((! t_max_exceeded) | (X SCRAM)))); + + -- Req text: if t_max_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3002_SCRAM_0 := (! ((G ((t_max_exceeded | (X (! t_max_exceeded))) | (X (X SCRAM)))) & ((! (! t_max_exceeded)) & (X SCRAM)))); + + -- Req text: if t_max_exceeded DRC shall at the next timepoint satisfy SCRAM + LTLSPEC NAME PWR-3002_SCRAM_1 := (! (((G ((t_max_exceeded | (X (! t_max_exceeded))) | (X (X SCRAM)))) & (F ((! (t_max_exceeded | (X (! t_max_exceeded)))) & (X (X SCRAM))))) & ((! t_max_exceeded) | (X SCRAM)))); + \ No newline at end of file diff --git a/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-3003.smv b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-3003.smv new file mode 100644 index 0000000..30921c6 --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC/DRCSpec_PWR-3003.smv @@ -0,0 +1,125 @@ +-- DRCSpec +MODULE main + VAR + + t_power_min:boolean; + + Heatup: boolean; + Load_Follow: boolean; + + + DEFINE + + + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_0 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (! t_power_min)) & ((! (Heatup & (X (! Heatup)))) & (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_1 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (! t_power_min)) & ((Heatup & (X (! Heatup))) & (! (X (Load_Follow & (! Heatup)))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_2 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (! t_power_min)) & ((Heatup & (X (! Heatup))) & (! (X (Load_Follow & (! Heatup)))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_3 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! (! Heatup)) & (X Heatup)))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_4 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) & (! (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_5 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((! (Heatup & (X (! Heatup)))) & (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup)))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_6 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) & (! (X (Load_Follow & (! Heatup)))))) & ((! Heatup) | (X Heatup)))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_7 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) & (! (X (Load_Follow & (! Heatup)))))) & ((! Heatup) | (X Heatup)))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_8 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_power_min) & ((! (X (! t_power_min))) & (Heatup & (X (! Heatup))))) & (! ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_9 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_power_min) & ((! (X (! t_power_min))) & (Heatup & (X (! Heatup))))) & (! ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_10 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & (((Heatup & (X (! Heatup))) -> (Heatup & (X (! Heatup)))) U (! ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_11 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & (((Heatup & (X (! Heatup))) -> (Heatup & (X (! Heatup)))) U (! ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_12 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! Heatup) & (! (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_13 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (! t_power_min)) & ((! (Heatup & (X (! Heatup)))) & (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_14 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (! t_power_min)) & ((Heatup & (X (! Heatup))) & (! (X (Load_Follow & (! Heatup))))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_15 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (! t_power_min)) & ((Heatup & (X (! Heatup))) & (! (X (Load_Follow & (! Heatup))))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_16 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! (! Heatup)) & (X Heatup)))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_17 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) & (! (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_18 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((! (Heatup & (X (! Heatup)))) & (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup)))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_19 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) & (! (X (Load_Follow & (! Heatup)))))) & ((! Heatup) | (X Heatup)))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_20 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((Heatup & (X (! Heatup))) & (! (X (Load_Follow & (! Heatup)))))) & ((! Heatup) | (X Heatup)))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_21 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_power_min) & ((! (X (! t_power_min))) & (Heatup & (X (! Heatup))))) & (! ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_22 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_power_min) & ((! (X (! t_power_min))) & (Heatup & (X (! Heatup))))) & (! ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_23 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & (((Heatup & (X (! Heatup))) -> (Heatup & (X (! Heatup)))) U (! ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_24 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & (((Heatup & (X (! Heatup))) -> (Heatup & (X (! Heatup)))) U (! ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_25 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F (((! Heatup) & (X (! Heatup))) & (! (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Heatup_26 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((Heatup & (! (X (! Heatup)))) & (! (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_t_power_min_0 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) & (! ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_t_power_min_1 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_power_min) & ((X (! t_power_min)) & (! (Heatup & (X (! Heatup)))))) & (! ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_t_power_min_2 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((t_power_min & (! ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & (! ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_t_power_min_3 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) & (! ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_t_power_min_4 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U (((! t_power_min) & ((X (! t_power_min)) & (! (Heatup & (X (! Heatup)))))) & (! ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_t_power_min_5 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((t_power_min & (! ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & (! ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Load_Follow_0 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (! t_power_min)) & ((! (Heatup & (X (! Heatup)))) & (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Load_Follow_1 := (! ((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & ((! (! Heatup)) & ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((! (Heatup & (X (! Heatup)))) & (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup)))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Load_Follow_2 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (! t_power_min)) & ((! (Heatup & (X (! Heatup)))) & (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + + -- Req text: While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup) + LTLSPEC NAME PWR-3003_Load_Follow_3 := (! (((G ((Heatup | (X (! Heatup))) | (X (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (F ((! (Heatup | (X (! Heatup)))) & (X ((((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! (Heatup & (X (! Heatup)))) U ((! (t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup)))))) & ((X ((! (Heatup & (X (! Heatup)))) & (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup)))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup)))))))))) & ((! Heatup) | (((Heatup & (X (! Heatup))) V ((t_power_min | ((X (! t_power_min)) | (Heatup & (X (! Heatup))))) | ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & ((! Heatup) | (X Heatup))))) & ((! t_power_min) | ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))); + \ No newline at end of file diff --git a/fret-pipeline/.archive/specs/DRC/config.json b/fret-pipeline/.archive/specs/DRC/config.json new file mode 100644 index 0000000..36b0e1d --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC/config.json @@ -0,0 +1,147 @@ +{ + "_comment": "Generated by parse_smv.py. Review and edit variable roles before synthesis.", + "spec_name": "DRC", + "variables": { + "Cold_Shutdown": { + "role": "conflict", + "input_reasons": [ + "DRCSpec_PWR-2001: condition in \"While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup\"" + ], + "output_reasons": [ + "DRCSpec_PWR-0000: satisfaction in \"DRC shall initially satisfy (Cold_Shutdown & !SCRAM)\"", + "DRCSpec_PWR-0201: satisfaction in \"When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown)\"" + ] + }, + "Heatup": { + "role": "conflict", + "input_reasons": [ + "DRCSpec_PWR-3001: condition in \"While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM\"", + "DRCSpec_PWR-3003: condition in \"While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup)\"" + ], + "output_reasons": [ + "DRCSpec_PWR-0200: satisfaction in \"While OP_MODE DRC shall always satisfy Heatup | Load_Follow\"", + "DRCSpec_PWR-0201: satisfaction in \"When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown)\"", + "DRCSpec_PWR-0202: satisfaction in \"While !OP_MODE DRC shall always satisfy (Heatup | Load_Follow)\"", + "DRCSpec_PWR-2001: satisfaction in \"While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup\"", + "DRCSpec_PWR-3003: satisfaction in \"While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup)\"" + ] + }, + "Load_Follow": { + "role": "output", + "input_reasons": [], + "output_reasons": [ + "DRCSpec_PWR-0200: satisfaction in \"While OP_MODE DRC shall always satisfy Heatup | Load_Follow\"", + "DRCSpec_PWR-0201: satisfaction in \"When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown)\"", + "DRCSpec_PWR-0202: satisfaction in \"While !OP_MODE DRC shall always satisfy (Heatup | Load_Follow)\"", + "DRCSpec_PWR-3003: satisfaction in \"While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup)\"" + ] + }, + "OP_MODE": { + "role": "conflict", + "input_reasons": [ + "DRCSpec_PWR-0200: condition in \"While OP_MODE DRC shall always satisfy Heatup | Load_Follow\"", + "DRCSpec_PWR-0201: condition in \"When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown)\"", + "DRCSpec_PWR-0202: condition in \"While !OP_MODE DRC shall always satisfy (Heatup | Load_Follow)\"" + ], + "output_reasons": [ + "DRCSpec_PWR-0100: satisfaction in \"If SCRAM DRC shall immediately satisfy !OP_MODE\"", + "DRCSpec_PWR-2001: satisfaction in \"While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup\"" + ] + }, + "SCRAM": { + "role": "conflict", + "input_reasons": [ + "DRCSpec_PWR-0100: condition in \"If SCRAM DRC shall immediately satisfy !OP_MODE\"", + "DRCSpec_PWR-0102: condition in \"If SCRAM DRC shall always satisfy SCRAM\"", + "DRCSpec_PWR-2001: condition in \"While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup\"" + ], + "output_reasons": [ + "DRCSpec_PWR-0000: satisfaction in \"DRC shall initially satisfy (Cold_Shutdown & !SCRAM)\"", + "DRCSpec_PWR-0102: satisfaction in \"If SCRAM DRC shall always satisfy SCRAM\"", + "DRCSpec_PWR-0201: satisfaction in \"When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown)\"", + "DRCSpec_PWR-3001: satisfaction in \"While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM\"", + "DRCSpec_PWR-3002: satisfaction in \"if t_max_exceeded DRC shall at the next timepoint satisfy SCRAM\"" + ] + }, + "STARTUP": { + "role": "input", + "input_reasons": [ + "DRCSpec_PWR-2001: condition in \"While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup\"" + ], + "output_reasons": [] + }, + "t_dot_exceeded": { + "role": "input", + "input_reasons": [ + "DRCSpec_PWR-3001: condition in \"While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM\"" + ], + "output_reasons": [] + }, + "t_max_exceeded": { + "role": "input", + "input_reasons": [ + "DRCSpec_PWR-3002: condition in \"if t_max_exceeded DRC shall at the next timepoint satisfy SCRAM\"" + ], + "output_reasons": [] + }, + "t_power_min": { + "role": "input", + "input_reasons": [ + "DRCSpec_PWR-3003: condition in \"While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup)\"" + ], + "output_reasons": [] + } + }, + "requirements": [ + { + "req_id": "DRCSpec_PWR-0000", + "fretish": "DRC shall initially satisfy (Cold_Shutdown & !SCRAM)", + "ltl": "(Cold_Shutdown & !SCRAM)" + }, + { + "req_id": "DRCSpec_PWR-0100", + "fretish": "If SCRAM DRC shall immediately satisfy !OP_MODE", + "ltl": "G((SCRAM) -> X(!OP_MODE))" + }, + { + "req_id": "DRCSpec_PWR-0102", + "fretish": "If SCRAM DRC shall always satisfy SCRAM", + "ltl": "G(SCRAM)" + }, + { + "req_id": "DRCSpec_PWR-0200", + "fretish": "While OP_MODE DRC shall always satisfy Heatup | Load_Follow", + "ltl": "G((OP_MODE) -> (Heatup | Load_Follow))" + }, + { + "req_id": "DRCSpec_PWR-0201", + "fretish": "When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown)", + "ltl": "G((OP_MODE) -> X(G((Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown))))" + }, + { + "req_id": "DRCSpec_PWR-0202", + "fretish": "While !OP_MODE DRC shall always satisfy (Heatup | Load_Follow)", + "ltl": "G((!OP_MODE) -> ((Heatup | Load_Follow)))" + }, + { + "req_id": "DRCSpec_PWR-2001", + "fretish": "While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup", + "ltl": "G(((!SCRAM) & (Cold_Shutdown & STARTUP)) -> X(OP_MODE & Heatup))" + }, + { + "req_id": "DRCSpec_PWR-3001", + "fretish": "While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM", + "ltl": "G(((Heatup) & (t_dot_exceeded)) -> X(SCRAM))" + }, + { + "req_id": "DRCSpec_PWR-3002", + "fretish": "if t_max_exceeded DRC shall at the next timepoint satisfy SCRAM", + "ltl": "G((t_max_exceeded) -> X(SCRAM))" + }, + { + "req_id": "DRCSpec_PWR-3003", + "fretish": "While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup)", + "ltl": "G(((Heatup) & (t_power_min)) -> X((Load_Follow & !Heatup)))" + } + ] +} diff --git a/fret-pipeline/.archive/specs/DRC_redesign.md b/fret-pipeline/.archive/specs/DRC_redesign.md new file mode 100644 index 0000000..3717fd9 --- /dev/null +++ b/fret-pipeline/.archive/specs/DRC_redesign.md @@ -0,0 +1,143 @@ +# DRC Spec Redesign -- Matching Figure 1 Hybrid Automaton + +## Naming Convention + +**Format: `DRC_XNNN_name`** where X is a category letter: + +| Prefix | Category | Purpose | +|--------|----------|---------| +| `DRC_A___` | Architecture | Mode validity, structural constraints | +| `DRC_I___` | Initialization | Initial conditions | +| `DRC_S___` | Stay | Self-loop / remain-in-mode | +| `DRC_T___` | Transition | Mode-to-mode edges | + +## Variable Mapping + +### Outputs +| Variable | Type | Description | +|----------|------|-------------| +| `control_mode` | integer | Current discrete state (0-3) | + +### Internal (enum constants) +| Variable | Type | Assignment | Description | +|----------|------|------------|-------------| +| `q_shutdown` | integer | 0 | Cold Shutdown mode | +| `q_heatup` | integer | 1 | Heatup mode | +| `q_operation` | integer | 2 | Power Operation mode | +| `q_scram` | integer | 3 | SCRAM mode | + +### Inputs (boolean predicates over continuous state) +| Variable | Type | Description | Maps to | +|----------|------|-------------|---------| +| `t_avg_above_min` | boolean | T_avg > T_min | Guard: Shutdown -> Heatup | +| `t_avg_in_range` | boolean | T_avg in [T_op +/- delta] | Guard: Heatup -> Operation | +| `p_above_crit` | boolean | P > P_crit | Guard: Heatup -> Operation | +| `inv1_holds` | boolean | Invariant 1 OK | Safety: Heatup | +| `inv2_holds` | boolean | Invariant 2 OK | Safety: Operation | +| `manual_reset` | boolean | Operator reset command | Guard: SCRAM -> Shutdown | + +## FRETish Requirements + +### Architecture +``` +DRC_A001_MODE_VALID: + DRC shall always satisfy + control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram +``` + +### Initialization +``` +DRC_I001_INIT_SHUTDOWN: + DRC shall immediately satisfy control_mode = q_shutdown +``` + +### Stay Conditions (self-loops) +``` +DRC_S001_SHUTDOWN_STAY: + Whenever control_mode = q_shutdown & !t_avg_above_min + DRC shall at the next timepoint satisfy control_mode = q_shutdown + +DRC_S002_HEATUP_STAY: + Whenever control_mode = q_heatup & inv1_holds & !(t_avg_in_range & p_above_crit) + DRC shall at the next timepoint satisfy control_mode = q_heatup + +DRC_S003_OPERATION_STAY: + Whenever control_mode = q_operation & inv2_holds + DRC shall at the next timepoint satisfy control_mode = q_operation + +DRC_S004_SCRAM_STAY: + Whenever control_mode = q_scram & !manual_reset + DRC shall at the next timepoint satisfy control_mode = q_scram +``` + +### Transitions (edges in Figure 1) +``` +DRC_T001_SHUTDOWN_TO_HEATUP: + Upon control_mode = q_shutdown & t_avg_above_min + DRC shall at the next timepoint satisfy control_mode = q_heatup + +DRC_T002_HEATUP_TO_OPERATION: + Upon control_mode = q_heatup & t_avg_in_range & p_above_crit + DRC shall at the next timepoint satisfy control_mode = q_operation + +DRC_T003_HEATUP_TO_SCRAM: + Upon control_mode = q_heatup & !inv1_holds + DRC shall at the next timepoint satisfy control_mode = q_scram + +DRC_T004_OPERATION_TO_SCRAM: + Upon control_mode = q_operation & !inv2_holds + DRC shall at the next timepoint satisfy control_mode = q_scram + +DRC_T005_SCRAM_TO_SHUTDOWN: + Upon control_mode = q_scram & manual_reset + DRC shall at the next timepoint satisfy control_mode = q_shutdown +``` + +## Transition Priority Note + +DRC_S002 and DRC_T003 overlap when `control_mode = q_heatup & !inv1_holds & +!(t_avg_in_range & p_above_crit)`. Both fire -- S002 says stay in heatup, +T003 says go to scram. T003 should win (safety takes priority). To resolve: + +**Option A:** Strengthen S002 to include inv1_holds (already done above). +When inv1 fails, S002 doesn't fire, only T003 does. + +**Option B:** Add explicit priority requirement: +``` +DRC_A002_SCRAM_PRIORITY: + Whenever control_mode = q_heatup & !inv1_holds + DRC shall at the next timepoint satisfy control_mode = q_scram +``` + +Similarly, DRC_S003 and DRC_T004: when `control_mode = q_operation & !inv2_holds`, +S003 doesn't fire (requires inv2_holds), only T004 fires. This is already +correct in the spec above. + +## Key Differences from Original DRC Spec + +1. **Single integer mode variable** instead of 5 independent boolean outputs + - Mutual exclusivity is automatic + - No vacuous satisfaction of scoped requirements + +2. **Guard conditions as boolean inputs** instead of output variables + - `t_avg_above_min` replaces continuous T_avg comparison + - These are computed by the tactical (continuous) layer + +3. **Complete transition coverage** -- every mode has explicit stay + transition rules + - Original spec had no "stay" requirements, allowing trivial mode avoidance + +4. **SCRAM is recoverable** (via manual_reset) instead of permanent latch + - Matches Figure 1 which shows SCRAM -> Cold Shutdown recovery + - Original PWR-0102 "If SCRAM always SCRAM" made op_mode unreachable + +5. **Invariant violations as inputs** -- the environment reports invariant status + - Original spec had sensor triggers (t_dot_exceeded) as inputs, which is the + same concept but more directly connected to the automaton structure + +## Boolean Abstraction for Synthesis + +For ltlsynt, this translates directly: +- Inputs (6): t_avg_above_min, t_avg_in_range, p_above_crit, inv1_holds, inv2_holds, manual_reset +- Outputs (4): in_shutdown, in_heatup, in_operation, in_scram (with exclusivity) +- Environment assumptions: physical constraints on input combinations +- Guarantees: mode transitions from FRET requirements above diff --git a/fret-pipeline/.archive/specs/LPC_mini_reqts_and_vars.json b/fret-pipeline/.archive/specs/LPC_mini_reqts_and_vars.json new file mode 100644 index 0000000..70e3b32 --- /dev/null +++ b/fret-pipeline/.archive/specs/LPC_mini_reqts_and_vars.json @@ -0,0 +1,1565 @@ +{ + "requirements": [ + { + "reqid": "LPC_TB_STAY_ON_NEXT", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "Whenever lift_mode = thrust_borne & kgs <= 20.0 & hover_control_mode the vehicle shall at the next timepoint satisfy lift_mode = thrust_borne", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "noTrigger", + "timing": "next", + "response": "satisfaction", + "variables": [ + "lift_mode", + "thrust_borne", + "kgs", + "hover_control_mode" + ], + "qualifier_word": "whenever", + "pre_condition": "(lift_mode = thrust_borne & kgs <= 20.0 & hover_control_mode)", + "regular_condition": "(lift_mode = thrust_borne & kgs <= 20.0 & hover_control_mode)", + "conditionTextRange": [ + 0, + 67 + ], + "component_name": "vehicle", + "componentTextRange": [ + 69, + 79 + ], + "timingTextRange": [ + 87, + 107 + ], + "post_condition": "(lift_mode = thrust_borne)", + "responseTextRange": [ + 109, + 140 + ], + "diagramVariables": "CC = (lift_mode = thrust_borne & kgs <= 20.0 & hover_control_mode), Response = (lift_mode = thrust_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: every point in the interval where (lift_mode = thrust_borne & kgs <= 20.0 & hover_control_mode) is true.\nREQUIRES: for every trigger, RES must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_noTrigger_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "(((lift_mode = thrust_borne) & (kgs <= 20.0)) & hover_control_mode)", + "regular_condition_unexp_ft": "(((lift_mode = thrust_borne) & (kgs <= 20.0)) & hover_control_mode)", + "regular_condition_SMV_pt": "(((lift_mode = thrust_borne) & (kgs <= 20.0)) & hover_control_mode)", + "regular_condition_SMV_ft": "(((lift_mode = thrust_borne) & (kgs <= 20.0)) & hover_control_mode)", + "post_condition_unexp_pt": "(lift_mode = thrust_borne)", + "post_condition_unexp_ft": "(lift_mode = thrust_borne)", + "post_condition_SMV_pt": "(lift_mode = thrust_borne)", + "post_condition_SMV_ft": "(lift_mode = thrust_borne)", + "ft_fetched": "(LAST V ($regular_condition_unexp_ft$ -> (LAST | (X $post_condition_unexp_ft$))))", + "ft": "(LAST V ((((lift_mode = thrust_borne) & (kgs <= 20.0)) & hover_control_mode) -> (LAST | (X (lift_mode = thrust_borne)))))", + "pt_fetched": "(H ((Y $regular_condition_unexp_pt$) -> ($post_condition_unexp_pt$ | FTP)))", + "pt": "(H ((Y (((lift_mode = thrust_borne) & (kgs <= 20.0)) & hover_control_mode)) -> ((lift_mode = thrust_borne) | FTP)))", + "ptExpanded_fetched": "(H ((Y $regular_condition_SMV_pt$) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptExpanded": "(H ((Y (((lift_mode = thrust_borne) & (kgs <= 20.0)) & hover_control_mode)) -> ((lift_mode = thrust_borne) | (! (Y TRUE)))))", + "CoCoSpecCode": "H((YtoPre((((lift_mode = thrust_borne) and (kgs <= 20.0)) and hover_control_mode)) => ((lift_mode = thrust_borne) or not (YtoPre(true)))))", + "ftExpanded_fetched": "(LAST V ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftExpandedUnoptimized": "(LAST V ((((lift_mode = thrust_borne) & (kgs <= 20.0)) & hover_control_mode) -> (LAST | (X (lift_mode = thrust_borne)))))", + "ftExpanded": "(LAST V ((((lift_mode = thrust_borne) & (kgs <= 20.0)) & hover_control_mode) -> (LAST | (X (lift_mode = thrust_borne)))))", + "ftInfAUExpanded_fetched": "(G ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfAUExpanded": "(G ((((lift_mode = thrust_borne) & (kgs <= 20.0)) & hover_control_mode) -> (X (lift_mode = thrust_borne))))", + "component": "vehicle" + }, + "_id": "LPC_TB_STAY_ON_NEXT" + }, + { + "reqid": "LPC_STB_STAY_ON_NEXT", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "Whenever lift_mode = semi_thrust_borne & kias <= 40.0 & (kgs > 20.0 | !hover_control_mode) the vehicle shall at the next timepoint satisfy lift_mode = semi_thrust_borne", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "noTrigger", + "timing": "next", + "response": "satisfaction", + "variables": [ + "lift_mode", + "semi_thrust_borne", + "kias", + "kgs", + "hover_control_mode" + ], + "qualifier_word": "whenever", + "pre_condition": "(lift_mode = semi_thrust_borne & kias <= 40.0 & ( kgs > 20.0 | ! hover_control_mode ))", + "regular_condition": "(lift_mode = semi_thrust_borne & kias <= 40.0 & ( kgs > 20.0 | ! hover_control_mode ))", + "conditionTextRange": [ + 0, + 89 + ], + "component_name": "vehicle", + "componentTextRange": [ + 91, + 101 + ], + "timingTextRange": [ + 109, + 129 + ], + "post_condition": "(lift_mode = semi_thrust_borne)", + "responseTextRange": [ + 131, + 167 + ], + "diagramVariables": "CC = (lift_mode = semi_thrust_borne & kias <= 40.0 & ( kgs > 20.0 | ! hover_control_mode )), Response = (lift_mode = semi_thrust_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: every point in the interval where (lift_mode = semi_thrust_borne & kias <= 40.0 & ( kgs > 20.0 | ! hover_control_mode )) is true.\nREQUIRES: for every trigger, RES must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_noTrigger_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "(((lift_mode = semi_thrust_borne) & (kias <= 40.0)) & ((kgs > 20.0) | (! hover_control_mode)))", + "regular_condition_unexp_ft": "(((lift_mode = semi_thrust_borne) & (kias <= 40.0)) & ((kgs > 20.0) | (! hover_control_mode)))", + "regular_condition_SMV_pt": "(((lift_mode = semi_thrust_borne) & (kias <= 40.0)) & ((kgs > 20.0) | (! hover_control_mode)))", + "regular_condition_SMV_ft": "(((lift_mode = semi_thrust_borne) & (kias <= 40.0)) & ((kgs > 20.0) | (! hover_control_mode)))", + "post_condition_unexp_pt": "(lift_mode = semi_thrust_borne)", + "post_condition_unexp_ft": "(lift_mode = semi_thrust_borne)", + "post_condition_SMV_pt": "(lift_mode = semi_thrust_borne)", + "post_condition_SMV_ft": "(lift_mode = semi_thrust_borne)", + "ft_fetched": "(LAST V ($regular_condition_unexp_ft$ -> (LAST | (X $post_condition_unexp_ft$))))", + "ft": "(LAST V ((((lift_mode = semi_thrust_borne) & (kias <= 40.0)) & ((kgs > 20.0) | (! hover_control_mode))) -> (LAST | (X (lift_mode = semi_thrust_borne)))))", + "pt_fetched": "(H ((Y $regular_condition_unexp_pt$) -> ($post_condition_unexp_pt$ | FTP)))", + "pt": "(H ((Y (((lift_mode = semi_thrust_borne) & (kias <= 40.0)) & ((kgs > 20.0) | (! hover_control_mode)))) -> ((lift_mode = semi_thrust_borne) | FTP)))", + "ptExpanded_fetched": "(H ((Y $regular_condition_SMV_pt$) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptExpanded": "(H ((Y (((lift_mode = semi_thrust_borne) & (kias <= 40.0)) & ((kgs > 20.0) | (! hover_control_mode)))) -> ((lift_mode = semi_thrust_borne) | (! (Y TRUE)))))", + "CoCoSpecCode": "H((YtoPre((((lift_mode = semi_thrust_borne) and (kias <= 40.0)) and ((kgs > 20.0) or not (hover_control_mode)))) => ((lift_mode = semi_thrust_borne) or not (YtoPre(true)))))", + "ftExpanded_fetched": "(LAST V ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftExpandedUnoptimized": "(LAST V ((((lift_mode = semi_thrust_borne) & (kias <= 40.0)) & ((kgs > 20.0) | (! hover_control_mode))) -> (LAST | (X (lift_mode = semi_thrust_borne)))))", + "ftExpanded": "(LAST V ((((lift_mode = semi_thrust_borne) & (kias <= 40.0)) & ((kgs > 20.0) | (! hover_control_mode))) -> (LAST | (X (lift_mode = semi_thrust_borne)))))", + "ftInfAUExpanded_fetched": "(G ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfAUExpanded": "(G ((((lift_mode = semi_thrust_borne) & (kias <= 40.0)) & ((kgs > 20.0) | (! hover_control_mode))) -> (X (lift_mode = semi_thrust_borne))))", + "component": "vehicle" + }, + "_id": "LPC_STB_STAY_ON_NEXT" + }, + { + "reqid": "LPC_REACH_HOVER_12", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "The vehicle shall within 12 ticks satisfy lift_mode = thrust_borne", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "timing": "within", + "response": "satisfaction", + "variables": [ + "lift_mode", + "thrust_borne" + ], + "component_name": "vehicle", + "componentTextRange": [ + 0, + 10 + ], + "duration": "12", + "timingTextRange": [ + 18, + 32 + ], + "post_condition": "(lift_mode = thrust_borne)", + "responseTextRange": [ + 34, + 65 + ], + "diagramVariables": " n = 12, Response = (lift_mode = thrust_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval.\nREQUIRES: for every trigger, RES must hold at some point with distance <= 12 from the trigger (i.e., at trigger, trigger+1, ..., or trigger+12). If the interval ends sooner than trigger+12, then RES need not hold.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_within_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "(lift_mode = thrust_borne)", + "post_condition_unexp_ft": "(lift_mode = thrust_borne)", + "post_condition_SMV_pt": "(lift_mode = thrust_borne)", + "post_condition_SMV_ft": "(lift_mode = thrust_borne)", + "post_condition_coco_smv": "(lift_mode = thrust_borne)", + "post_condition_coco": "(lift_mode = thrust_borne)", + "ft_fetched": "((F[<=$duration$] $post_condition_unexp_ft$) | (F[<$duration$] LAST))", + "ft": "((F[<=12] (lift_mode = thrust_borne)) | (F[<12] LAST))", + "pt_fetched": "(H ((H (! $post_condition_unexp_pt$)) -> (O[<$duration$] FTP)))", + "pt": "(H ((H (! (lift_mode = thrust_borne))) -> (O[<12] FTP)))", + "ptExpanded_fetched": "(H ((H (! $post_condition_SMV_pt$)) -> (O[<$duration$] (! (Y TRUE)))))", + "ptExpanded": "(H ((H (! (lift_mode = thrust_borne))) -> (O[0,11] (! (Y TRUE)))))", + "ptFinBtwExpanded_fetched": "(H ((H (! $post_condition_SMV_pt$)) -> (O[<$duration$] (! (Y TRUE)))))", + "ptFinBtwExpanded": "(H ((H (! (lift_mode = thrust_borne))) -> (O[0,11] (! (Y TRUE)))))", + "ftExpanded_fetched": "((F[<=$duration$] $post_condition_SMV_ft$) | (F[<$duration$] LAST))", + "ftExpanded": "((F[0,12] (lift_mode = thrust_borne)) | (F[0,11] LAST))", + "ftInfAUExpanded_fetched": "(F[<=$duration$] $post_condition_SMV_ft$)", + "ftInfAUExpanded": "(F[0,12] (lift_mode = thrust_borne))", + "ftInfBtwExpanded_fetched": "(F[<=$duration$] $post_condition_SMV_ft$)", + "ftInfBtwExpanded": "(F[0,12] (lift_mode = thrust_borne))", + "ftFinBtwExpanded_fetched": "((F[<=$duration$] $post_condition_SMV_ft$) | (F[<$duration$] LAST))", + "ftFinBtwExpanded": "((F[0,12] (lift_mode = thrust_borne)) | (F[0,11] LAST))", + "CoCoSpecCode_fetched": "(H((H( not $post_condition_coco$)) => (OT($duration$-1,0,FTP))))", + "CoCoSpecCode": "(H((H( not (lift_mode = thrust_borne))) => (OT(12-1,0,FTP))))", + "component": "vehicle" + }, + "_id": "LPC_REACH_HOVER_12" + }, + { + "reqid": "LPC_SWB_TO_STB", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "Upon lift_mode = semi_wing_borne & kias <= 30.0 the vehicle shall at the next timepoint satisfy lift_mode = semi_thrust_borne", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "timing": "next", + "response": "satisfaction", + "variables": [ + "lift_mode", + "semi_wing_borne", + "kias", + "semi_thrust_borne" + ], + "qualifier_word": "upon", + "pre_condition": "(lift_mode = semi_wing_borne & kias <= 30.0)", + "regular_condition": "(lift_mode = semi_wing_borne & kias <= 30.0)", + "conditionTextRange": [ + 0, + 46 + ], + "component_name": "vehicle", + "componentTextRange": [ + 48, + 58 + ], + "timingTextRange": [ + 66, + 87 + ], + "post_condition": "(lift_mode = semi_thrust_borne)", + "responseTextRange": [ + 89, + 125 + ], + "diagramVariables": "TC = (lift_mode = semi_wing_borne & kias <= 30.0), Response = (lift_mode = semi_thrust_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval if (lift_mode = semi_wing_borne & kias <= 30.0) is true and any point in the interval where (lift_mode = semi_wing_borne & kias <= 30.0) becomes true (from false).\nREQUIRES: for every trigger, RES must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((lift_mode = semi_wing_borne) & (kias <= 30.0))", + "regular_condition_unexp_ft": "((lift_mode = semi_wing_borne) & (kias <= 30.0))", + "regular_condition_SMV_pt": "((lift_mode = semi_wing_borne) & (kias <= 30.0))", + "regular_condition_SMV_ft": "((lift_mode = semi_wing_borne) & (kias <= 30.0))", + "regular_condition_coco_smv": "((lift_mode = semi_wing_borne) & (kias <= 30.0))", + "regular_condition_coco": "((lift_mode = semi_wing_borne) and (kias <= 30.0))", + "post_condition_unexp_pt": "(lift_mode = semi_thrust_borne)", + "post_condition_unexp_ft": "(lift_mode = semi_thrust_borne)", + "post_condition_SMV_pt": "(lift_mode = semi_thrust_borne)", + "post_condition_SMV_ft": "(lift_mode = semi_thrust_borne)", + "post_condition_coco_smv": "(lift_mode = semi_thrust_borne)", + "post_condition_coco": "(lift_mode = semi_thrust_borne)", + "ft_fetched": "((LAST V (((! $regular_condition_unexp_ft$) & ((! LAST) & (X $regular_condition_unexp_ft$))) -> (X (LAST | (X $post_condition_unexp_ft$))))) & ($regular_condition_unexp_ft$ -> (LAST | (X $post_condition_unexp_ft$))))", + "ft": "((LAST V (((! ((lift_mode = semi_wing_borne) & (kias <= 30.0))) & ((! LAST) & (X ((lift_mode = semi_wing_borne) & (kias <= 30.0))))) -> (X (LAST | (X (lift_mode = semi_thrust_borne)))))) & (((lift_mode = semi_wing_borne) & (kias <= 30.0)) -> (LAST | (X (lift_mode = semi_thrust_borne)))))", + "pt_fetched": "(H ((Y ($regular_condition_unexp_pt$ & ((Y (! $regular_condition_unexp_pt$)) | FTP))) -> ($post_condition_unexp_pt$ | FTP)))", + "pt": "(H ((Y (((lift_mode = semi_wing_borne) & (kias <= 30.0)) & ((Y (! ((lift_mode = semi_wing_borne) & (kias <= 30.0)))) | FTP))) -> ((lift_mode = semi_thrust_borne) | FTP)))", + "ptExpanded_fetched": "(H ((Y ($regular_condition_SMV_pt$ & ((Y (! $regular_condition_SMV_pt$)) | (! (Y TRUE))))) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptExpanded": "(H ((Y (((lift_mode = semi_wing_borne) & (kias <= 30.0)) & ((Y (! ((lift_mode = semi_wing_borne) & (kias <= 30.0)))) | (! (Y TRUE))))) -> ((lift_mode = semi_thrust_borne) | (! (Y TRUE)))))", + "ptFinBtwExpanded_fetched": "(H ((Y ($regular_condition_SMV_pt$ & ((Y (! $regular_condition_SMV_pt$)) | (! (Y TRUE))))) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptFinBtwExpanded": "(H ((Y (((lift_mode = semi_wing_borne) & (kias <= 30.0)) & ((Y (! ((lift_mode = semi_wing_borne) & (kias <= 30.0)))) | (! (Y TRUE))))) -> ((lift_mode = semi_thrust_borne) | (! (Y TRUE)))))", + "ftExpanded_fetched": "((LAST V (((! $regular_condition_SMV_ft$) & ((! LAST) & (X $regular_condition_SMV_ft$))) -> (X (LAST | (X $post_condition_SMV_ft$))))) & ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftExpanded": "((LAST V (((! ((lift_mode = semi_wing_borne) & (kias <= 30.0))) & ((! LAST) & (X ((lift_mode = semi_wing_borne) & (kias <= 30.0))))) -> (X (LAST | (X (lift_mode = semi_thrust_borne)))))) & (((lift_mode = semi_wing_borne) & (kias <= 30.0)) -> (LAST | (X (lift_mode = semi_thrust_borne)))))", + "ftInfAUExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfAUExpanded": "((G (((! ((lift_mode = semi_wing_borne) & (kias <= 30.0))) & (X ((lift_mode = semi_wing_borne) & (kias <= 30.0)))) -> (X (X (lift_mode = semi_thrust_borne))))) & (((lift_mode = semi_wing_borne) & (kias <= 30.0)) -> (X (lift_mode = semi_thrust_borne))))", + "ftInfBtwExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfBtwExpanded": "((G (((! ((lift_mode = semi_wing_borne) & (kias <= 30.0))) & (X ((lift_mode = semi_wing_borne) & (kias <= 30.0)))) -> (X (X (lift_mode = semi_thrust_borne))))) & (((lift_mode = semi_wing_borne) & (kias <= 30.0)) -> (X (lift_mode = semi_thrust_borne))))", + "ftFinBtwExpanded_fetched": "((LAST V (((! $regular_condition_SMV_ft$) & ((! LAST) & (X $regular_condition_SMV_ft$))) -> (X (LAST | (X $post_condition_SMV_ft$))))) & ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftFinBtwExpanded": "((LAST V (((! ((lift_mode = semi_wing_borne) & (kias <= 30.0))) & ((! LAST) & (X ((lift_mode = semi_wing_borne) & (kias <= 30.0))))) -> (X (LAST | (X (lift_mode = semi_thrust_borne)))))) & (((lift_mode = semi_wing_borne) & (kias <= 30.0)) -> (LAST | (X (lift_mode = semi_thrust_borne)))))", + "CoCoSpecCode_fetched": "(H((YtoPre($regular_condition_coco$ and ((YtoPre( not $regular_condition_coco$)) or FTP))) => ($post_condition_coco$ or FTP)))", + "CoCoSpecCode": "(H((YtoPre(((lift_mode = semi_wing_borne) and (kias <= 30.0)) and ((YtoPre( not ((lift_mode = semi_wing_borne) and (kias <= 30.0)))) or FTP))) => ((lift_mode = semi_thrust_borne) or FTP)))", + "component": "vehicle" + }, + "_id": "LPC_SWB_TO_STB" + }, + { + "reqid": "LPC_STB_TO_SWB", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "Upon lift_mode = semi_thrust_borne & kias > 40.0 the vehicle shall at the next timepoint satisfy lift_mode = semi_wing_borne", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "timing": "next", + "response": "satisfaction", + "variables": [ + "lift_mode", + "semi_thrust_borne", + "kias", + "semi_wing_borne" + ], + "qualifier_word": "upon", + "pre_condition": "(lift_mode = semi_thrust_borne & kias > 40.0)", + "regular_condition": "(lift_mode = semi_thrust_borne & kias > 40.0)", + "conditionTextRange": [ + 0, + 47 + ], + "component_name": "vehicle", + "componentTextRange": [ + 49, + 59 + ], + "timingTextRange": [ + 67, + 87 + ], + "post_condition": "(lift_mode = semi_wing_borne)", + "responseTextRange": [ + 89, + 123 + ], + "diagramVariables": "TC = (lift_mode = semi_thrust_borne & kias > 40.0), Response = (lift_mode = semi_wing_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval if (lift_mode = semi_thrust_borne & kias > 40.0) is true and any point in the interval where (lift_mode = semi_thrust_borne & kias > 40.0) becomes true (from false).\nREQUIRES: for every trigger, RES must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((lift_mode = semi_thrust_borne) & (kias > 40.0))", + "regular_condition_unexp_ft": "((lift_mode = semi_thrust_borne) & (kias > 40.0))", + "regular_condition_SMV_pt": "((lift_mode = semi_thrust_borne) & (kias > 40.0))", + "regular_condition_SMV_ft": "((lift_mode = semi_thrust_borne) & (kias > 40.0))", + "regular_condition_coco_smv": "((lift_mode = semi_thrust_borne) & (kias > 40.0))", + "regular_condition_coco": "((lift_mode = semi_thrust_borne) and (kias > 40.0))", + "post_condition_unexp_pt": "(lift_mode = semi_wing_borne)", + "post_condition_unexp_ft": "(lift_mode = semi_wing_borne)", + "post_condition_SMV_pt": "(lift_mode = semi_wing_borne)", + "post_condition_SMV_ft": "(lift_mode = semi_wing_borne)", + "post_condition_coco_smv": "(lift_mode = semi_wing_borne)", + "post_condition_coco": "(lift_mode = semi_wing_borne)", + "ft_fetched": "((LAST V (((! $regular_condition_unexp_ft$) & ((! LAST) & (X $regular_condition_unexp_ft$))) -> (X (LAST | (X $post_condition_unexp_ft$))))) & ($regular_condition_unexp_ft$ -> (LAST | (X $post_condition_unexp_ft$))))", + "ft": "((LAST V (((! ((lift_mode = semi_thrust_borne) & (kias > 40.0))) & ((! LAST) & (X ((lift_mode = semi_thrust_borne) & (kias > 40.0))))) -> (X (LAST | (X (lift_mode = semi_wing_borne)))))) & (((lift_mode = semi_thrust_borne) & (kias > 40.0)) -> (LAST | (X (lift_mode = semi_wing_borne)))))", + "pt_fetched": "(H ((Y ($regular_condition_unexp_pt$ & ((Y (! $regular_condition_unexp_pt$)) | FTP))) -> ($post_condition_unexp_pt$ | FTP)))", + "pt": "(H ((Y (((lift_mode = semi_thrust_borne) & (kias > 40.0)) & ((Y (! ((lift_mode = semi_thrust_borne) & (kias > 40.0)))) | FTP))) -> ((lift_mode = semi_wing_borne) | FTP)))", + "ptExpanded_fetched": "(H ((Y ($regular_condition_SMV_pt$ & ((Y (! $regular_condition_SMV_pt$)) | (! (Y TRUE))))) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptExpanded": "(H ((Y (((lift_mode = semi_thrust_borne) & (kias > 40.0)) & ((Y (! ((lift_mode = semi_thrust_borne) & (kias > 40.0)))) | (! (Y TRUE))))) -> ((lift_mode = semi_wing_borne) | (! (Y TRUE)))))", + "ftExpanded_fetched": "((LAST V (((! $regular_condition_SMV_ft$) & ((! LAST) & (X $regular_condition_SMV_ft$))) -> (X (LAST | (X $post_condition_SMV_ft$))))) & ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftExpanded": "((LAST V (((! ((lift_mode = semi_thrust_borne) & (kias > 40.0))) & ((! LAST) & (X ((lift_mode = semi_thrust_borne) & (kias > 40.0))))) -> (X (LAST | (X (lift_mode = semi_wing_borne)))))) & (((lift_mode = semi_thrust_borne) & (kias > 40.0)) -> (LAST | (X (lift_mode = semi_wing_borne)))))", + "ftInfAUExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfAUExpanded": "((G (((! ((lift_mode = semi_thrust_borne) & (kias > 40.0))) & (X ((lift_mode = semi_thrust_borne) & (kias > 40.0)))) -> (X (X (lift_mode = semi_wing_borne))))) & (((lift_mode = semi_thrust_borne) & (kias > 40.0)) -> (X (lift_mode = semi_wing_borne))))", + "ftInfBtwExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfBtwExpanded": "((G (((! ((lift_mode = semi_thrust_borne) & (kias > 40.0))) & (X ((lift_mode = semi_thrust_borne) & (kias > 40.0)))) -> (X (X (lift_mode = semi_wing_borne))))) & (((lift_mode = semi_thrust_borne) & (kias > 40.0)) -> (X (lift_mode = semi_wing_borne))))", + "CoCoSpecCode_fetched": "(H((YtoPre($regular_condition_coco$ and ((YtoPre( not $regular_condition_coco$)) or FTP))) => ($post_condition_coco$ or FTP)))", + "CoCoSpecCode": "(H((YtoPre(((lift_mode = semi_thrust_borne) and (kias > 40.0)) and ((YtoPre( not ((lift_mode = semi_thrust_borne) and (kias > 40.0)))) or FTP))) => ((lift_mode = semi_wing_borne) or FTP)))", + "component": "vehicle" + }, + "_id": "LPC_STB_TO_SWB" + }, + { + "reqid": "LPC_STB_TO_TB", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "Upon lift_mode = semi_thrust_borne & hover_control_mode & kgs <= 20.0 the vehicle shall at the next timepoint satisfy lift_mode = thrust_borne", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "timing": "next", + "response": "satisfaction", + "variables": [ + "lift_mode", + "semi_thrust_borne", + "hover_control_mode", + "kgs", + "thrust_borne" + ], + "qualifier_word": "upon", + "pre_condition": "(lift_mode = semi_thrust_borne & hover_control_mode & kgs <= 20.0)", + "regular_condition": "(lift_mode = semi_thrust_borne & hover_control_mode & kgs <= 20.0)", + "conditionTextRange": [ + 0, + 68 + ], + "component_name": "vehicle", + "componentTextRange": [ + 70, + 80 + ], + "timingTextRange": [ + 88, + 108 + ], + "post_condition": "(lift_mode = thrust_borne)", + "responseTextRange": [ + 110, + 141 + ], + "diagramVariables": "TC = (lift_mode = semi_thrust_borne & hover_control_mode & kgs <= 20.0), Response = (lift_mode = thrust_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval if (lift_mode = semi_thrust_borne & hover_control_mode & kgs <= 20.0) is true and any point in the interval where (lift_mode = semi_thrust_borne & hover_control_mode & kgs <= 20.0) becomes true (from false).\nREQUIRES: for every trigger, RES must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "(((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0))", + "regular_condition_unexp_ft": "(((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0))", + "regular_condition_SMV_pt": "(((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0))", + "regular_condition_SMV_ft": "(((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0))", + "regular_condition_coco_smv": "(((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0))", + "regular_condition_coco": "(((lift_mode = semi_thrust_borne) and hover_control_mode) and (kgs <= 20.0))", + "post_condition_unexp_pt": "(lift_mode = thrust_borne)", + "post_condition_unexp_ft": "(lift_mode = thrust_borne)", + "post_condition_SMV_pt": "(lift_mode = thrust_borne)", + "post_condition_SMV_ft": "(lift_mode = thrust_borne)", + "post_condition_coco_smv": "(lift_mode = thrust_borne)", + "post_condition_coco": "(lift_mode = thrust_borne)", + "ft_fetched": "((LAST V (((! $regular_condition_unexp_ft$) & ((! LAST) & (X $regular_condition_unexp_ft$))) -> (X (LAST | (X $post_condition_unexp_ft$))))) & ($regular_condition_unexp_ft$ -> (LAST | (X $post_condition_unexp_ft$))))", + "ft": "((LAST V (((! (((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0))) & ((! LAST) & (X (((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0))))) -> (X (LAST | (X (lift_mode = thrust_borne)))))) & ((((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0)) -> (LAST | (X (lift_mode = thrust_borne)))))", + "pt_fetched": "(H ((Y ($regular_condition_unexp_pt$ & ((Y (! $regular_condition_unexp_pt$)) | FTP))) -> ($post_condition_unexp_pt$ | FTP)))", + "pt": "(H ((Y ((((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0)) & ((Y (! (((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0)))) | FTP))) -> ((lift_mode = thrust_borne) | FTP)))", + "ptExpanded_fetched": "(H ((Y ($regular_condition_SMV_pt$ & ((Y (! $regular_condition_SMV_pt$)) | (! (Y TRUE))))) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptExpanded": "(H ((Y ((((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0)) & ((Y (! (((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0)))) | (! (Y TRUE))))) -> ((lift_mode = thrust_borne) | (! (Y TRUE)))))", + "ftExpanded_fetched": "((LAST V (((! $regular_condition_SMV_ft$) & ((! LAST) & (X $regular_condition_SMV_ft$))) -> (X (LAST | (X $post_condition_SMV_ft$))))) & ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftExpanded": "((LAST V (((! (((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0))) & ((! LAST) & (X (((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0))))) -> (X (LAST | (X (lift_mode = thrust_borne)))))) & ((((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0)) -> (LAST | (X (lift_mode = thrust_borne)))))", + "ftInfAUExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfAUExpanded": "((G (((! (((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0))) & (X (((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0)))) -> (X (X (lift_mode = thrust_borne))))) & ((((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0)) -> (X (lift_mode = thrust_borne))))", + "ftInfBtwExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfBtwExpanded": "((G (((! (((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0))) & (X (((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0)))) -> (X (X (lift_mode = thrust_borne))))) & ((((lift_mode = semi_thrust_borne) & hover_control_mode) & (kgs <= 20.0)) -> (X (lift_mode = thrust_borne))))", + "CoCoSpecCode_fetched": "(H((YtoPre($regular_condition_coco$ and ((YtoPre( not $regular_condition_coco$)) or FTP))) => ($post_condition_coco$ or FTP)))", + "CoCoSpecCode": "(H((YtoPre((((lift_mode = semi_thrust_borne) and hover_control_mode) and (kgs <= 20.0)) and ((YtoPre( not (((lift_mode = semi_thrust_borne) and hover_control_mode) and (kgs <= 20.0)))) or FTP))) => ((lift_mode = thrust_borne) or FTP)))", + "component": "vehicle" + }, + "_id": "LPC_STB_TO_TB" + }, + { + "reqid": "LPC_SWB_TO_WB", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "Upon lift_mode = semi_wing_borne & kias > 100.0 the vehicle shall at the next timepoint satisfy lift_mode = wing_borne", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "timing": "next", + "response": "satisfaction", + "variables": [ + "lift_mode", + "semi_wing_borne", + "kias", + "wing_borne" + ], + "qualifier_word": "upon", + "pre_condition": "(lift_mode = semi_wing_borne & kias > 100.0)", + "regular_condition": "(lift_mode = semi_wing_borne & kias > 100.0)", + "conditionTextRange": [ + 0, + 46 + ], + "component_name": "vehicle", + "componentTextRange": [ + 48, + 58 + ], + "timingTextRange": [ + 66, + 86 + ], + "post_condition": "(lift_mode = wing_borne)", + "responseTextRange": [ + 88, + 117 + ], + "diagramVariables": "TC = (lift_mode = semi_wing_borne & kias > 100.0), Response = (lift_mode = wing_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval if (lift_mode = semi_wing_borne & kias > 100.0) is true and any point in the interval where (lift_mode = semi_wing_borne & kias > 100.0) becomes true (from false).\nREQUIRES: for every trigger, RES must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((lift_mode = semi_wing_borne) & (kias > 100.0))", + "regular_condition_unexp_ft": "((lift_mode = semi_wing_borne) & (kias > 100.0))", + "regular_condition_SMV_pt": "((lift_mode = semi_wing_borne) & (kias > 100.0))", + "regular_condition_SMV_ft": "((lift_mode = semi_wing_borne) & (kias > 100.0))", + "regular_condition_coco_smv": "((lift_mode = semi_wing_borne) & (kias > 100.0))", + "regular_condition_coco": "((lift_mode = semi_wing_borne) and (kias > 100.0))", + "post_condition_unexp_pt": "(lift_mode = wing_borne)", + "post_condition_unexp_ft": "(lift_mode = wing_borne)", + "post_condition_SMV_pt": "(lift_mode = wing_borne)", + "post_condition_SMV_ft": "(lift_mode = wing_borne)", + "post_condition_coco_smv": "(lift_mode = wing_borne)", + "post_condition_coco": "(lift_mode = wing_borne)", + "ft_fetched": "((LAST V (((! $regular_condition_unexp_ft$) & ((! LAST) & (X $regular_condition_unexp_ft$))) -> (X (LAST | (X $post_condition_unexp_ft$))))) & ($regular_condition_unexp_ft$ -> (LAST | (X $post_condition_unexp_ft$))))", + "ft": "((LAST V (((! ((lift_mode = semi_wing_borne) & (kias > 100.0))) & ((! LAST) & (X ((lift_mode = semi_wing_borne) & (kias > 100.0))))) -> (X (LAST | (X (lift_mode = wing_borne)))))) & (((lift_mode = semi_wing_borne) & (kias > 100.0)) -> (LAST | (X (lift_mode = wing_borne)))))", + "pt_fetched": "(H ((Y ($regular_condition_unexp_pt$ & ((Y (! $regular_condition_unexp_pt$)) | FTP))) -> ($post_condition_unexp_pt$ | FTP)))", + "pt": "(H ((Y (((lift_mode = semi_wing_borne) & (kias > 100.0)) & ((Y (! ((lift_mode = semi_wing_borne) & (kias > 100.0)))) | FTP))) -> ((lift_mode = wing_borne) | FTP)))", + "ptExpanded_fetched": "(H ((Y ($regular_condition_SMV_pt$ & ((Y (! $regular_condition_SMV_pt$)) | (! (Y TRUE))))) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptExpanded": "(H ((Y (((lift_mode = semi_wing_borne) & (kias > 100.0)) & ((Y (! ((lift_mode = semi_wing_borne) & (kias > 100.0)))) | (! (Y TRUE))))) -> ((lift_mode = wing_borne) | (! (Y TRUE)))))", + "ftExpanded_fetched": "((LAST V (((! $regular_condition_SMV_ft$) & ((! LAST) & (X $regular_condition_SMV_ft$))) -> (X (LAST | (X $post_condition_SMV_ft$))))) & ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftExpanded": "((LAST V (((! ((lift_mode = semi_wing_borne) & (kias > 100.0))) & ((! LAST) & (X ((lift_mode = semi_wing_borne) & (kias > 100.0))))) -> (X (LAST | (X (lift_mode = wing_borne)))))) & (((lift_mode = semi_wing_borne) & (kias > 100.0)) -> (LAST | (X (lift_mode = wing_borne)))))", + "ftInfAUExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfAUExpanded": "((G (((! ((lift_mode = semi_wing_borne) & (kias > 100.0))) & (X ((lift_mode = semi_wing_borne) & (kias > 100.0)))) -> (X (X (lift_mode = wing_borne))))) & (((lift_mode = semi_wing_borne) & (kias > 100.0)) -> (X (lift_mode = wing_borne))))", + "ftInfBtwExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfBtwExpanded": "((G (((! ((lift_mode = semi_wing_borne) & (kias > 100.0))) & (X ((lift_mode = semi_wing_borne) & (kias > 100.0)))) -> (X (X (lift_mode = wing_borne))))) & (((lift_mode = semi_wing_borne) & (kias > 100.0)) -> (X (lift_mode = wing_borne))))", + "CoCoSpecCode_fetched": "(H((YtoPre($regular_condition_coco$ and ((YtoPre( not $regular_condition_coco$)) or FTP))) => ($post_condition_coco$ or FTP)))", + "CoCoSpecCode": "(H((YtoPre(((lift_mode = semi_wing_borne) and (kias > 100.0)) and ((YtoPre( not ((lift_mode = semi_wing_borne) and (kias > 100.0)))) or FTP))) => ((lift_mode = wing_borne) or FTP)))", + "component": "vehicle" + }, + "_id": "LPC_SWB_TO_WB" + }, + { + "reqid": "LPC_TB_TO_STB", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "Upon lift_mode = thrust_borne & (!hover_control_mode | kgs > 20.0) the vehicle shall at the next timepoint satisfy lift_mode = semi_thrust_borne", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "timing": "next", + "response": "satisfaction", + "variables": [ + "lift_mode", + "thrust_borne", + "hover_control_mode", + "kgs", + "semi_thrust_borne" + ], + "qualifier_word": "upon", + "pre_condition": "(lift_mode = thrust_borne & ( ! hover_control_mode | kgs > 20.0 ))", + "regular_condition": "(lift_mode = thrust_borne & ( ! hover_control_mode | kgs > 20.0 ))", + "conditionTextRange": [ + 0, + 66 + ], + "component_name": "vehicle", + "componentTextRange": [ + 68, + 78 + ], + "timingTextRange": [ + 86, + 106 + ], + "post_condition": "(lift_mode = semi_thrust_borne)", + "responseTextRange": [ + 108, + 144 + ], + "diagramVariables": "TC = (lift_mode = thrust_borne & ( ! hover_control_mode | kgs > 20.0 )), Response = (lift_mode = semi_thrust_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval if (lift_mode = thrust_borne & ( ! hover_control_mode | kgs > 20.0 )) is true and any point in the interval where (lift_mode = thrust_borne & ( ! hover_control_mode | kgs > 20.0 )) becomes true (from false).\nREQUIRES: for every trigger, RES must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0)))", + "regular_condition_unexp_ft": "((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0)))", + "regular_condition_SMV_pt": "((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0)))", + "regular_condition_SMV_ft": "((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0)))", + "regular_condition_coco_smv": "((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0)))", + "regular_condition_coco": "((lift_mode = thrust_borne) and (( not hover_control_mode) or (kgs > 20.0)))", + "post_condition_unexp_pt": "(lift_mode = semi_thrust_borne)", + "post_condition_unexp_ft": "(lift_mode = semi_thrust_borne)", + "post_condition_SMV_pt": "(lift_mode = semi_thrust_borne)", + "post_condition_SMV_ft": "(lift_mode = semi_thrust_borne)", + "post_condition_coco_smv": "(lift_mode = semi_thrust_borne)", + "post_condition_coco": "(lift_mode = semi_thrust_borne)", + "ft_fetched": "((LAST V (((! $regular_condition_unexp_ft$) & ((! LAST) & (X $regular_condition_unexp_ft$))) -> (X (LAST | (X $post_condition_unexp_ft$))))) & ($regular_condition_unexp_ft$ -> (LAST | (X $post_condition_unexp_ft$))))", + "ft": "((LAST V (((! ((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0)))) & ((! LAST) & (X ((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0)))))) -> (X (LAST | (X (lift_mode = semi_thrust_borne)))))) & (((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0))) -> (LAST | (X (lift_mode = semi_thrust_borne)))))", + "pt_fetched": "(H ((Y ($regular_condition_unexp_pt$ & ((Y (! $regular_condition_unexp_pt$)) | FTP))) -> ($post_condition_unexp_pt$ | FTP)))", + "pt": "(H ((Y (((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0))) & ((Y (! ((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0))))) | FTP))) -> ((lift_mode = semi_thrust_borne) | FTP)))", + "ptExpanded_fetched": "(H ((Y ($regular_condition_SMV_pt$ & ((Y (! $regular_condition_SMV_pt$)) | (! (Y TRUE))))) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptExpanded": "(H ((Y (((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0))) & ((Y (! ((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0))))) | (! (Y TRUE))))) -> ((lift_mode = semi_thrust_borne) | (! (Y TRUE)))))", + "ftExpanded_fetched": "((LAST V (((! $regular_condition_SMV_ft$) & ((! LAST) & (X $regular_condition_SMV_ft$))) -> (X (LAST | (X $post_condition_SMV_ft$))))) & ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftExpanded": "((LAST V (((! ((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0)))) & ((! LAST) & (X ((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0)))))) -> (X (LAST | (X (lift_mode = semi_thrust_borne)))))) & (((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0))) -> (LAST | (X (lift_mode = semi_thrust_borne)))))", + "ftInfAUExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfAUExpanded": "((G (((! ((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0)))) & (X ((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0))))) -> (X (X (lift_mode = semi_thrust_borne))))) & (((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0))) -> (X (lift_mode = semi_thrust_borne))))", + "ftInfBtwExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfBtwExpanded": "((G (((! ((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0)))) & (X ((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0))))) -> (X (X (lift_mode = semi_thrust_borne))))) & (((lift_mode = thrust_borne) & ((! hover_control_mode) | (kgs > 20.0))) -> (X (lift_mode = semi_thrust_borne))))", + "CoCoSpecCode_fetched": "(H((YtoPre($regular_condition_coco$ and ((YtoPre( not $regular_condition_coco$)) or FTP))) => ($post_condition_coco$ or FTP)))", + "CoCoSpecCode": "(H((YtoPre(((lift_mode = thrust_borne) and (( not hover_control_mode) or (kgs > 20.0))) and ((YtoPre( not ((lift_mode = thrust_borne) and (( not hover_control_mode) or (kgs > 20.0))))) or FTP))) => ((lift_mode = semi_thrust_borne) or FTP)))", + "component": "vehicle" + }, + "_id": "LPC_TB_TO_STB" + }, + { + "reqid": "LPC_INIT_LIFT_MODE", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "The vehicle shall immediately satisfy lift_mode = wing_borne <=> kias >= 90.0", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "timing": "immediately", + "response": "satisfaction", + "variables": [ + "lift_mode", + "wing_borne", + "kias" + ], + "component_name": "vehicle", + "componentTextRange": [ + 0, + 10 + ], + "timingTextRange": [ + 18, + 28 + ], + "post_condition": "(lift_mode = wing_borne <=> kias >= 90.0)", + "responseTextRange": [ + 30, + 76 + ], + "diagramVariables": "Response = (lift_mode = wing_borne <=> kias >= 90.0).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval.\nREQUIRES: for every trigger, if trigger holds then RES also holds at the same time point.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_immediately_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "((lift_mode = wing_borne) <-> (kias >= 90.0))", + "post_condition_unexp_ft": "((lift_mode = wing_borne) <-> (kias >= 90.0))", + "post_condition_SMV_pt": "((lift_mode = wing_borne) <-> (kias >= 90.0))", + "post_condition_SMV_ft": "((lift_mode = wing_borne) <-> (kias >= 90.0))", + "post_condition_coco_smv": "((lift_mode = wing_borne) <-> (kias >= 90.0))", + "post_condition_coco": "((lift_mode = wing_borne) = (kias >= 90.0))", + "ft_fetched": "$post_condition_unexp_ft$", + "ft": "((lift_mode = wing_borne) <-> (kias >= 90.0))", + "pt_fetched": "(H (FTP -> $post_condition_unexp_pt$))", + "pt": "(H (FTP -> ((lift_mode = wing_borne) <-> (kias >= 90.0))))", + "ptExpanded_fetched": "(H ((! (Y TRUE)) -> $post_condition_SMV_pt$))", + "ptExpanded": "(H ((! (Y TRUE)) -> ((lift_mode = wing_borne) <-> (kias >= 90.0))))", + "ftExpanded_fetched": "$post_condition_SMV_ft$", + "ftExpanded": "((lift_mode = wing_borne) <-> (kias >= 90.0))", + "ftInfAUExpanded_fetched": "$post_condition_SMV_ft$", + "ftInfAUExpanded": "((lift_mode = wing_borne) <-> (kias >= 90.0))", + "ftInfBtwExpanded_fetched": "$post_condition_SMV_ft$", + "ftInfBtwExpanded": "((lift_mode = wing_borne) <-> (kias >= 90.0))", + "CoCoSpecCode_fetched": "(H(FTP => $post_condition_coco$))", + "CoCoSpecCode": "(H(FTP => ((lift_mode = wing_borne) = (kias >= 90.0))))", + "component": "vehicle" + }, + "_id": "LPC_INIT_LIFT_MODE" + }, + { + "reqid": "LPC_LIFT_MODE", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "The vehicle shall always satisfy lift_mode = thrust_borne | lift_mode = semi_thrust_borne | lift_mode = semi_wing_borne | lift_mode = wing_borne", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "timing": "always", + "response": "satisfaction", + "variables": [ + "lift_mode", + "thrust_borne", + "semi_thrust_borne", + "semi_wing_borne", + "wing_borne" + ], + "component_name": "vehicle", + "componentTextRange": [ + 0, + 10 + ], + "timingTextRange": [ + 18, + 23 + ], + "post_condition": "(lift_mode = thrust_borne | lift_mode = semi_thrust_borne | lift_mode = semi_wing_borne | lift_mode = wing_borne)", + "responseTextRange": [ + 25, + 143 + ], + "diagramVariables": "Response = (lift_mode = thrust_borne | lift_mode = semi_thrust_borne | lift_mode = semi_wing_borne | lift_mode = wing_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval.\nREQUIRES: for every trigger, RES must hold at all time points between (and including) the trigger and the end of the interval.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_always_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "((((lift_mode = thrust_borne) | (lift_mode = semi_thrust_borne)) | (lift_mode = semi_wing_borne)) | (lift_mode = wing_borne))", + "post_condition_unexp_ft": "((((lift_mode = thrust_borne) | (lift_mode = semi_thrust_borne)) | (lift_mode = semi_wing_borne)) | (lift_mode = wing_borne))", + "post_condition_SMV_pt": "((((lift_mode = thrust_borne) | (lift_mode = semi_thrust_borne)) | (lift_mode = semi_wing_borne)) | (lift_mode = wing_borne))", + "post_condition_SMV_ft": "((((lift_mode = thrust_borne) | (lift_mode = semi_thrust_borne)) | (lift_mode = semi_wing_borne)) | (lift_mode = wing_borne))", + "post_condition_coco_smv": "((((lift_mode = thrust_borne) | (lift_mode = semi_thrust_borne)) | (lift_mode = semi_wing_borne)) | (lift_mode = wing_borne))", + "post_condition_coco": "((((lift_mode = thrust_borne) or (lift_mode = semi_thrust_borne)) or (lift_mode = semi_wing_borne)) or (lift_mode = wing_borne))", + "ft_fetched": "(LAST V $post_condition_unexp_ft$)", + "ft": "(LAST V ((((lift_mode = thrust_borne) | (lift_mode = semi_thrust_borne)) | (lift_mode = semi_wing_borne)) | (lift_mode = wing_borne)))", + "pt_fetched": "(H $post_condition_unexp_pt$)", + "pt": "(H ((((lift_mode = thrust_borne) | (lift_mode = semi_thrust_borne)) | (lift_mode = semi_wing_borne)) | (lift_mode = wing_borne)))", + "ptExpanded_fetched": "(H $post_condition_SMV_pt$)", + "ptExpanded": "(H ((((lift_mode = thrust_borne) | (lift_mode = semi_thrust_borne)) | (lift_mode = semi_wing_borne)) | (lift_mode = wing_borne)))", + "ftExpanded_fetched": "(LAST V $post_condition_SMV_ft$)", + "ftExpanded": "(LAST V ((((lift_mode = thrust_borne) | (lift_mode = semi_thrust_borne)) | (lift_mode = semi_wing_borne)) | (lift_mode = wing_borne)))", + "ftInfAUExpanded_fetched": "(G $post_condition_SMV_ft$)", + "ftInfAUExpanded": "(G ((((lift_mode = thrust_borne) | (lift_mode = semi_thrust_borne)) | (lift_mode = semi_wing_borne)) | (lift_mode = wing_borne)))", + "ftInfBtwExpanded_fetched": "(G $post_condition_SMV_ft$)", + "ftInfBtwExpanded": "(G ((((lift_mode = thrust_borne) | (lift_mode = semi_thrust_borne)) | (lift_mode = semi_wing_borne)) | (lift_mode = wing_borne)))", + "CoCoSpecCode_fetched": "(H($post_condition_coco$))", + "CoCoSpecCode": "(H(((((lift_mode = thrust_borne) or (lift_mode = semi_thrust_borne)) or (lift_mode = semi_wing_borne)) or (lift_mode = wing_borne))))", + "component": "vehicle" + }, + "_id": "LPC_LIFT_MODE" + }, + { + "reqid": "LPC_INIT_KIAS", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "The vehicle shall immediately satisfy kias = 120.0", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "timing": "immediately", + "response": "satisfaction", + "variables": [ + "kias" + ], + "component_name": "vehicle", + "componentTextRange": [ + 0, + 10 + ], + "timingTextRange": [ + 18, + 28 + ], + "post_condition": "(kias = 120.0)", + "responseTextRange": [ + 30, + 49 + ], + "diagramVariables": "Response = (kias = 120.0).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval.\nREQUIRES: for every trigger, if trigger holds then RES also holds at the same time point.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_immediately_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "(kias = 120.0)", + "post_condition_unexp_ft": "(kias = 120.0)", + "post_condition_SMV_pt": "(kias = 120.0)", + "post_condition_SMV_ft": "(kias = 120.0)", + "post_condition_coco_smv": "(kias = 120.0)", + "post_condition_coco": "(kias = 120.0)", + "ft_fetched": "$post_condition_unexp_ft$", + "ft": "(kias = 120.0)", + "pt_fetched": "(H (FTP -> $post_condition_unexp_pt$))", + "pt": "(H (FTP -> (kias = 120.0)))", + "ptExpanded_fetched": "(H ((! (Y TRUE)) -> $post_condition_SMV_pt$))", + "ptExpanded": "(H ((! (Y TRUE)) -> (kias = 120.0)))", + "ftExpanded_fetched": "$post_condition_SMV_ft$", + "ftExpanded": "(kias = 120.0)", + "ftInfAUExpanded_fetched": "$post_condition_SMV_ft$", + "ftInfAUExpanded": "(kias = 120.0)", + "ftInfBtwExpanded_fetched": "$post_condition_SMV_ft$", + "ftInfBtwExpanded": "(kias = 120.0)", + "CoCoSpecCode_fetched": "(H(FTP => $post_condition_coco$))", + "CoCoSpecCode": "(H(FTP => (kias = 120.0)))", + "component": "vehicle" + }, + "_id": "LPC_INIT_KIAS" + }, + { + "reqid": "LPC_KIAS_KGS", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "The vehicle shall always satisfy kias = kgs", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "timing": "always", + "response": "satisfaction", + "variables": [ + "kias", + "kgs" + ], + "component_name": "vehicle", + "componentTextRange": [ + 0, + 10 + ], + "timingTextRange": [ + 18, + 23 + ], + "post_condition": "(kias = kgs)", + "responseTextRange": [ + 25, + 42 + ], + "diagramVariables": "Response = (kias = kgs).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval.\nREQUIRES: for every trigger, RES must hold at all time points between (and including) the trigger and the end of the interval.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_always_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "(kias = kgs)", + "post_condition_unexp_ft": "(kias = kgs)", + "post_condition_SMV_pt": "(kias = kgs)", + "post_condition_SMV_ft": "(kias = kgs)", + "post_condition_coco_smv": "(kias = kgs)", + "post_condition_coco": "(kias = kgs)", + "ft_fetched": "(LAST V $post_condition_unexp_ft$)", + "ft": "(LAST V (kias = kgs))", + "pt_fetched": "(H $post_condition_unexp_pt$)", + "pt": "(H (kias = kgs))", + "ptExpanded_fetched": "(H $post_condition_SMV_pt$)", + "ptExpanded": "(H (kias = kgs))", + "ftExpanded_fetched": "(LAST V $post_condition_SMV_ft$)", + "ftExpanded": "(LAST V (kias = kgs))", + "ftInfAUExpanded_fetched": "(G $post_condition_SMV_ft$)", + "ftInfAUExpanded": "(G (kias = kgs))", + "ftInfBtwExpanded_fetched": "(G $post_condition_SMV_ft$)", + "ftInfBtwExpanded": "(G (kias = kgs))", + "CoCoSpecCode_fetched": "(H($post_condition_coco$))", + "CoCoSpecCode": "(H((kias = kgs)))", + "component": "vehicle" + }, + "_id": "LPC_KIAS_KGS" + }, + { + "reqid": "LPC_KIAS_DERIVATIVE", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "The vehicle shall always satisfy FTP | absReal(preReal(0.0, kias) - kias) <= 10.0", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "timing": "always", + "response": "satisfaction", + "variables": [ + "kias" + ], + "component_name": "vehicle", + "componentTextRange": [ + 0, + 10 + ], + "timingTextRange": [ + 18, + 23 + ], + "post_condition": "(FTP | absReal ( preReal ( 0.0 , kias ) - kias ) <= 10.0)", + "responseTextRange": [ + 25, + 80 + ], + "diagramVariables": "Response = (FTP | absReal ( preReal ( 0.0 , kias ) - kias ) <= 10.0).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval.\nREQUIRES: for every trigger, RES must hold at all time points between (and including) the trigger and the end of the interval.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_always_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "((! (Y TRUE)) | (absReal((preReal(0.0,kias) - kias)) <= 10.0))", + "post_condition_unexp_ft": "(FTP | (absReal((preReal(0.0,kias) - kias)) <= 10.0))", + "post_condition_SMV_pt": "((! (Y TRUE)) | (absReal((preReal(0.0,kias) - kias)) <= 10.0))", + "post_condition_SMV_ft": "(FTP | (absReal((preReal(0.0,kias) - kias)) <= 10.0))", + "post_condition_coco_smv": "((! (Y TRUE)) | (absReal((preReal(0.0,kias) - kias)) <= 10.0))", + "post_condition_coco": "(( not (YtoPre( true ))) or (absReal ( ( preReal ( 0.0 , kias ) - kias ) ) <= 10.0))", + "ft_fetched": "(LAST V $post_condition_unexp_ft$)", + "ft": "(LAST V (FTP | (absReal((preReal(0.0,kias) - kias)) <= 10.0)))", + "pt_fetched": "(H $post_condition_unexp_pt$)", + "pt": "(H ((! (Y TRUE)) | (absReal((preReal(0.0,kias) - kias)) <= 10.0)))", + "ptExpanded_fetched": "(H $post_condition_SMV_pt$)", + "ptExpanded": "(H ((! (Y TRUE)) | (absReal((preReal(0.0,kias) - kias)) <= 10.0)))", + "ftExpanded_fetched": "(LAST V $post_condition_SMV_ft$)", + "ftExpanded": "(LAST V (FTP | (absReal((preReal(0.0,kias) - kias)) <= 10.0)))", + "ftInfAUExpanded_fetched": "(G $post_condition_SMV_ft$)", + "ftInfAUExpanded": "(G (FTP | (absReal((preReal(0.0,kias) - kias)) <= 10.0)))", + "ftInfBtwExpanded_fetched": "(G $post_condition_SMV_ft$)", + "ftInfBtwExpanded": "(G (FTP | (absReal((preReal(0.0,kias) - kias)) <= 10.0)))", + "CoCoSpecCode_fetched": "(H($post_condition_coco$))", + "CoCoSpecCode": "(H((( not (YtoPre( true ))) or (absReal ( ( preReal ( 0.0 , kias ) - kias ) ) <= 10.0))))", + "component": "vehicle" + }, + "_id": "LPC_KIAS_DERIVATIVE" + }, + { + "reqid": "LPC_WB_TO_SWB", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "Upon lift_mode = wing_borne & kias <= 90.0 the vehicle shall at the next timepoint satisfy lift_mode = semi_wing_borne", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "timing": "next", + "response": "satisfaction", + "variables": [ + "lift_mode", + "wing_borne", + "kias", + "semi_wing_borne" + ], + "qualifier_word": "upon", + "pre_condition": "(lift_mode = wing_borne & kias <= 90.0)", + "regular_condition": "(lift_mode = wing_borne & kias <= 90.0)", + "conditionTextRange": [ + 0, + 42 + ], + "component_name": "vehicle", + "componentTextRange": [ + 44, + 54 + ], + "timingTextRange": [ + 62, + 82 + ], + "post_condition": "(lift_mode = semi_wing_borne)", + "responseTextRange": [ + 84, + 118 + ], + "diagramVariables": "TC = (lift_mode = wing_borne & kias <= 90.0), Response = (lift_mode = semi_wing_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval if (lift_mode = wing_borne & kias <= 90.0) is true and any point in the interval where (lift_mode = wing_borne & kias <= 90.0) becomes true (from false).\nREQUIRES: for every trigger, RES must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((lift_mode = wing_borne) & (kias <= 90.0))", + "regular_condition_unexp_ft": "((lift_mode = wing_borne) & (kias <= 90.0))", + "regular_condition_SMV_pt": "((lift_mode = wing_borne) & (kias <= 90.0))", + "regular_condition_SMV_ft": "((lift_mode = wing_borne) & (kias <= 90.0))", + "regular_condition_coco_smv": "((lift_mode = wing_borne) & (kias <= 90.0))", + "regular_condition_coco": "((lift_mode = wing_borne) and (kias <= 90.0))", + "post_condition_unexp_pt": "(lift_mode = semi_wing_borne)", + "post_condition_unexp_ft": "(lift_mode = semi_wing_borne)", + "post_condition_SMV_pt": "(lift_mode = semi_wing_borne)", + "post_condition_SMV_ft": "(lift_mode = semi_wing_borne)", + "post_condition_coco_smv": "(lift_mode = semi_wing_borne)", + "post_condition_coco": "(lift_mode = semi_wing_borne)", + "ft_fetched": "((LAST V (((! $regular_condition_unexp_ft$) & ((! LAST) & (X $regular_condition_unexp_ft$))) -> (X (LAST | (X $post_condition_unexp_ft$))))) & ($regular_condition_unexp_ft$ -> (LAST | (X $post_condition_unexp_ft$))))", + "ft": "((LAST V (((! ((lift_mode = wing_borne) & (kias <= 90.0))) & ((! LAST) & (X ((lift_mode = wing_borne) & (kias <= 90.0))))) -> (X (LAST | (X (lift_mode = semi_wing_borne)))))) & (((lift_mode = wing_borne) & (kias <= 90.0)) -> (LAST | (X (lift_mode = semi_wing_borne)))))", + "pt_fetched": "(H ((Y ($regular_condition_unexp_pt$ & ((Y (! $regular_condition_unexp_pt$)) | FTP))) -> ($post_condition_unexp_pt$ | FTP)))", + "pt": "(H ((Y (((lift_mode = wing_borne) & (kias <= 90.0)) & ((Y (! ((lift_mode = wing_borne) & (kias <= 90.0)))) | FTP))) -> ((lift_mode = semi_wing_borne) | FTP)))", + "ptExpanded_fetched": "(H ((Y ($regular_condition_SMV_pt$ & ((Y (! $regular_condition_SMV_pt$)) | (! (Y TRUE))))) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptExpanded": "(H ((Y (((lift_mode = wing_borne) & (kias <= 90.0)) & ((Y (! ((lift_mode = wing_borne) & (kias <= 90.0)))) | (! (Y TRUE))))) -> ((lift_mode = semi_wing_borne) | (! (Y TRUE)))))", + "ptFinBtwExpanded_fetched": "(H ((Y ($regular_condition_SMV_pt$ & ((Y (! $regular_condition_SMV_pt$)) | (! (Y TRUE))))) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptFinBtwExpanded": "(H ((Y (((lift_mode = wing_borne) & (kias <= 90.0)) & ((Y (! ((lift_mode = wing_borne) & (kias <= 90.0)))) | (! (Y TRUE))))) -> ((lift_mode = semi_wing_borne) | (! (Y TRUE)))))", + "ftExpanded_fetched": "((LAST V (((! $regular_condition_SMV_ft$) & ((! LAST) & (X $regular_condition_SMV_ft$))) -> (X (LAST | (X $post_condition_SMV_ft$))))) & ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftExpanded": "((LAST V (((! ((lift_mode = wing_borne) & (kias <= 90.0))) & ((! LAST) & (X ((lift_mode = wing_borne) & (kias <= 90.0))))) -> (X (LAST | (X (lift_mode = semi_wing_borne)))))) & (((lift_mode = wing_borne) & (kias <= 90.0)) -> (LAST | (X (lift_mode = semi_wing_borne)))))", + "ftInfAUExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfAUExpanded": "((G (((! ((lift_mode = wing_borne) & (kias <= 90.0))) & (X ((lift_mode = wing_borne) & (kias <= 90.0)))) -> (X (X (lift_mode = semi_wing_borne))))) & (((lift_mode = wing_borne) & (kias <= 90.0)) -> (X (lift_mode = semi_wing_borne))))", + "ftInfBtwExpanded_fetched": "((G (((! $regular_condition_SMV_ft$) & (X $regular_condition_SMV_ft$)) -> (X (X $post_condition_SMV_ft$)))) & ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfBtwExpanded": "((G (((! ((lift_mode = wing_borne) & (kias <= 90.0))) & (X ((lift_mode = wing_borne) & (kias <= 90.0)))) -> (X (X (lift_mode = semi_wing_borne))))) & (((lift_mode = wing_borne) & (kias <= 90.0)) -> (X (lift_mode = semi_wing_borne))))", + "ftFinBtwExpanded_fetched": "((LAST V (((! $regular_condition_SMV_ft$) & ((! LAST) & (X $regular_condition_SMV_ft$))) -> (X (LAST | (X $post_condition_SMV_ft$))))) & ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftFinBtwExpanded": "((LAST V (((! ((lift_mode = wing_borne) & (kias <= 90.0))) & ((! LAST) & (X ((lift_mode = wing_borne) & (kias <= 90.0))))) -> (X (LAST | (X (lift_mode = semi_wing_borne)))))) & (((lift_mode = wing_borne) & (kias <= 90.0)) -> (LAST | (X (lift_mode = semi_wing_borne)))))", + "CoCoSpecCode_fetched": "(H((YtoPre($regular_condition_coco$ and ((YtoPre( not $regular_condition_coco$)) or FTP))) => ($post_condition_coco$ or FTP)))", + "CoCoSpecCode": "(H((YtoPre(((lift_mode = wing_borne) and (kias <= 90.0)) and ((YtoPre( not ((lift_mode = wing_borne) and (kias <= 90.0)))) or FTP))) => ((lift_mode = semi_wing_borne) or FTP)))", + "component": "vehicle" + }, + "_id": "LPC_WB_TO_SWB" + }, + { + "reqid": "LPC_REACH_HOVER_06", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "The vehicle shall within 6 ticks satisfy lift_mode = thrust_borne", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "timing": "within", + "response": "satisfaction", + "variables": [ + "lift_mode", + "thrust_borne" + ], + "component_name": "vehicle", + "componentTextRange": [ + 0, + 10 + ], + "duration": "6", + "timingTextRange": [ + 18, + 31 + ], + "post_condition": "(lift_mode = thrust_borne)", + "responseTextRange": [ + 33, + 64 + ], + "diagramVariables": " n = 6, Response = (lift_mode = thrust_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval.\nREQUIRES: for every trigger, RES must hold at some point with distance <= 6 from the trigger (i.e., at trigger, trigger+1, ..., or trigger+6). If the interval ends sooner than trigger+6, then RES need not hold.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_within_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "(lift_mode = thrust_borne)", + "post_condition_unexp_ft": "(lift_mode = thrust_borne)", + "post_condition_SMV_pt": "(lift_mode = thrust_borne)", + "post_condition_SMV_ft": "(lift_mode = thrust_borne)", + "post_condition_coco_smv": "(lift_mode = thrust_borne)", + "post_condition_coco": "(lift_mode = thrust_borne)", + "ft_fetched": "((F[<=$duration$] $post_condition_unexp_ft$) | (F[<$duration$] LAST))", + "ft": "((F[<=6] (lift_mode = thrust_borne)) | (F[<6] LAST))", + "pt_fetched": "(H ((H (! $post_condition_unexp_pt$)) -> (O[<$duration$] FTP)))", + "pt": "(H ((H (! (lift_mode = thrust_borne))) -> (O[<6] FTP)))", + "ptExpanded_fetched": "(H ((H (! $post_condition_SMV_pt$)) -> (O[<$duration$] (! (Y TRUE)))))", + "ptExpanded": "(H ((H (! (lift_mode = thrust_borne))) -> (O[0,5] (! (Y TRUE)))))", + "ptFinBtwExpanded_fetched": "(H ((H (! $post_condition_SMV_pt$)) -> (O[<$duration$] (! (Y TRUE)))))", + "ptFinBtwExpanded": "(H ((H (! (lift_mode = thrust_borne))) -> (O[0,5] (! (Y TRUE)))))", + "ftExpanded_fetched": "((F[<=$duration$] $post_condition_SMV_ft$) | (F[<$duration$] LAST))", + "ftExpanded": "((F[0,6] (lift_mode = thrust_borne)) | (F[0,5] LAST))", + "ftInfAUExpanded_fetched": "(F[<=$duration$] $post_condition_SMV_ft$)", + "ftInfAUExpanded": "(F[0,6] (lift_mode = thrust_borne))", + "ftInfBtwExpanded_fetched": "(F[<=$duration$] $post_condition_SMV_ft$)", + "ftInfBtwExpanded": "(F[0,6] (lift_mode = thrust_borne))", + "ftFinBtwExpanded_fetched": "((F[<=$duration$] $post_condition_SMV_ft$) | (F[<$duration$] LAST))", + "ftFinBtwExpanded": "((F[0,6] (lift_mode = thrust_borne)) | (F[0,5] LAST))", + "CoCoSpecCode_fetched": "(H((H( not $post_condition_coco$)) => (OT($duration$-1,0,FTP))))", + "CoCoSpecCode": "(H((H( not (lift_mode = thrust_borne))) => (OT(6-1,0,FTP))))", + "component": "vehicle" + }, + "_id": "LPC_REACH_HOVER_06" + }, + { + "reqid": "LPC_INIT_HOVER_MODE", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "The vehicle shall immediately satisfy hover_control_mode <=> kgs < 20.0", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "timing": "immediately", + "response": "satisfaction", + "variables": [ + "hover_control_mode", + "kgs" + ], + "component_name": "vehicle", + "componentTextRange": [ + 0, + 10 + ], + "timingTextRange": [ + 18, + 28 + ], + "post_condition": "(hover_control_mode <=> kgs < 20.0)", + "responseTextRange": [ + 30, + 70 + ], + "diagramVariables": "Response = (hover_control_mode <=> kgs < 20.0).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval.\nREQUIRES: for every trigger, if trigger holds then RES also holds at the same time point.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_immediately_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "(hover_control_mode <-> (kgs < 20.0))", + "post_condition_unexp_ft": "(hover_control_mode <-> (kgs < 20.0))", + "post_condition_SMV_pt": "(hover_control_mode <-> (kgs < 20.0))", + "post_condition_SMV_ft": "(hover_control_mode <-> (kgs < 20.0))", + "post_condition_coco_smv": "(hover_control_mode <-> (kgs < 20.0))", + "post_condition_coco": "(hover_control_mode = (kgs < 20.0))", + "ft_fetched": "$post_condition_unexp_ft$", + "ft": "(hover_control_mode <-> (kgs < 20.0))", + "pt_fetched": "(H (FTP -> $post_condition_unexp_pt$))", + "pt": "(H (FTP -> (hover_control_mode <-> (kgs < 20.0))))", + "ptExpanded_fetched": "(H ((! (Y TRUE)) -> $post_condition_SMV_pt$))", + "ptExpanded": "(H ((! (Y TRUE)) -> (hover_control_mode <-> (kgs < 20.0))))", + "ftExpanded_fetched": "$post_condition_SMV_ft$", + "ftExpanded": "(hover_control_mode <-> (kgs < 20.0))", + "ftInfAUExpanded_fetched": "$post_condition_SMV_ft$", + "ftInfAUExpanded": "(hover_control_mode <-> (kgs < 20.0))", + "ftInfBtwExpanded_fetched": "$post_condition_SMV_ft$", + "ftInfBtwExpanded": "(hover_control_mode <-> (kgs < 20.0))", + "CoCoSpecCode_fetched": "(H(FTP => $post_condition_coco$))", + "CoCoSpecCode": "(H(FTP => (hover_control_mode = (kgs < 20.0))))", + "component": "vehicle" + }, + "_id": "LPC_INIT_HOVER_MODE" + }, + { + "reqid": "LPC_KIAS_0", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "The vehicle shall always satisfy kias >= 0.0", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "timing": "always", + "response": "satisfaction", + "variables": [ + "kias" + ], + "component_name": "vehicle", + "componentTextRange": [ + 0, + 10 + ], + "timingTextRange": [ + 18, + 23 + ], + "post_condition": "(kias >= 0.0)", + "responseTextRange": [ + 25, + 43 + ], + "diagramVariables": "Response = (kias >= 0.0).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: first point in the interval.\nREQUIRES: for every trigger, RES must hold at all time points between (and including) the trigger and the end of the interval.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_always_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_coco": "BAD_COCO", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "(kias >= 0.0)", + "post_condition_unexp_ft": "(kias >= 0.0)", + "post_condition_SMV_pt": "(kias >= 0.0)", + "post_condition_SMV_ft": "(kias >= 0.0)", + "post_condition_coco_smv": "(kias >= 0.0)", + "post_condition_coco": "(kias >= 0.0)", + "ft_fetched": "(LAST V $post_condition_unexp_ft$)", + "ft": "(LAST V (kias >= 0.0))", + "pt_fetched": "(H $post_condition_unexp_pt$)", + "pt": "(H (kias >= 0.0))", + "ptExpanded_fetched": "(H $post_condition_SMV_pt$)", + "ptExpanded": "(H (kias >= 0.0))", + "ptFinBtwExpanded_fetched": "(H $post_condition_SMV_pt$)", + "ptFinBtwExpanded": "(H (kias >= 0.0))", + "ftExpanded_fetched": "(LAST V $post_condition_SMV_ft$)", + "ftExpanded": "(LAST V (kias >= 0.0))", + "ftInfAUExpanded_fetched": "(G $post_condition_SMV_ft$)", + "ftInfAUExpanded": "(G (kias >= 0.0))", + "ftInfBtwExpanded_fetched": "(G $post_condition_SMV_ft$)", + "ftInfBtwExpanded": "(G (kias >= 0.0))", + "ftFinBtwExpanded_fetched": "(LAST V $post_condition_SMV_ft$)", + "ftFinBtwExpanded": "(LAST V (kias >= 0.0))", + "CoCoSpecCode_fetched": "(H($post_condition_coco$))", + "CoCoSpecCode": "(H((kias >= 0.0)))", + "component": "vehicle" + }, + "_id": "LPC_KIAS_0" + }, + { + "reqid": "LPC_SWB_STAY_ON_NEXT", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "Whenever lift_mode = semi_wing_borne & kias <= 100.0 & kias > 30.0 the vehicle shall at the next timepoint satisfy lift_mode = semi_wing_borne", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "noTrigger", + "timing": "next", + "response": "satisfaction", + "variables": [ + "lift_mode", + "semi_wing_borne", + "kias" + ], + "qualifier_word": "whenever", + "pre_condition": "(lift_mode = semi_wing_borne & kias <= 100.0 & kias > 30.0)", + "regular_condition": "(lift_mode = semi_wing_borne & kias <= 100.0 & kias > 30.0)", + "conditionTextRange": [ + 0, + 65 + ], + "component_name": "vehicle", + "componentTextRange": [ + 67, + 77 + ], + "timingTextRange": [ + 85, + 105 + ], + "post_condition": "(lift_mode = semi_wing_borne)", + "responseTextRange": [ + 107, + 141 + ], + "diagramVariables": "CC = (lift_mode = semi_wing_borne & kias <= 100.0 & kias > 30.0), Response = (lift_mode = semi_wing_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: every point in the interval where (lift_mode = semi_wing_borne & kias <= 100.0 & kias > 30.0) is true.\nREQUIRES: for every trigger, RES must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_noTrigger_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "(((lift_mode = semi_wing_borne) & (kias <= 100.0)) & (kias > 30.0))", + "regular_condition_unexp_ft": "(((lift_mode = semi_wing_borne) & (kias <= 100.0)) & (kias > 30.0))", + "regular_condition_SMV_pt": "(((lift_mode = semi_wing_borne) & (kias <= 100.0)) & (kias > 30.0))", + "regular_condition_SMV_ft": "(((lift_mode = semi_wing_borne) & (kias <= 100.0)) & (kias > 30.0))", + "post_condition_unexp_pt": "(lift_mode = semi_wing_borne)", + "post_condition_unexp_ft": "(lift_mode = semi_wing_borne)", + "post_condition_SMV_pt": "(lift_mode = semi_wing_borne)", + "post_condition_SMV_ft": "(lift_mode = semi_wing_borne)", + "ft_fetched": "(LAST V ($regular_condition_unexp_ft$ -> (LAST | (X $post_condition_unexp_ft$))))", + "ft": "(LAST V ((((lift_mode = semi_wing_borne) & (kias <= 100.0)) & (kias > 30.0)) -> (LAST | (X (lift_mode = semi_wing_borne)))))", + "pt_fetched": "(H ((Y $regular_condition_unexp_pt$) -> ($post_condition_unexp_pt$ | FTP)))", + "pt": "(H ((Y (((lift_mode = semi_wing_borne) & (kias <= 100.0)) & (kias > 30.0))) -> ((lift_mode = semi_wing_borne) | FTP)))", + "ptExpanded_fetched": "(H ((Y $regular_condition_SMV_pt$) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptExpanded": "(H ((Y (((lift_mode = semi_wing_borne) & (kias <= 100.0)) & (kias > 30.0))) -> ((lift_mode = semi_wing_borne) | (! (Y TRUE)))))", + "CoCoSpecCode": "H((YtoPre((((lift_mode = semi_wing_borne) and (kias <= 100.0)) and (kias > 30.0))) => ((lift_mode = semi_wing_borne) or not (YtoPre(true)))))", + "ftExpanded_fetched": "(LAST V ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftExpandedUnoptimized": "(LAST V ((((lift_mode = semi_wing_borne) & (kias <= 100.0)) & (kias > 30.0)) -> (LAST | (X (lift_mode = semi_wing_borne)))))", + "ftExpanded": "(LAST V ((((lift_mode = semi_wing_borne) & (kias <= 100.0)) & (kias > 30.0)) -> (LAST | (X (lift_mode = semi_wing_borne)))))", + "ftInfAUExpanded_fetched": "(G ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfAUExpanded": "(G ((((lift_mode = semi_wing_borne) & (kias <= 100.0)) & (kias > 30.0)) -> (X (lift_mode = semi_wing_borne))))", + "component": "vehicle" + }, + "_id": "LPC_SWB_STAY_ON_NEXT" + }, + { + "reqid": "LPC_WB_STAY_ON_NEXT", + "parent_reqid": "", + "project": "LPC_mini", + "rationale": "", + "comments": "", + "fulltext": "Whenever lift_mode = wing_borne & kias > 90.0 the vehicle shall at the next timepoint satisfy lift_mode = wing_borne", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "noTrigger", + "timing": "next", + "response": "satisfaction", + "variables": [ + "lift_mode", + "wing_borne", + "kias" + ], + "qualifier_word": "whenever", + "pre_condition": "(lift_mode = wing_borne & kias > 90.0)", + "regular_condition": "(lift_mode = wing_borne & kias > 90.0)", + "conditionTextRange": [ + 0, + 45 + ], + "component_name": "vehicle", + "componentTextRange": [ + 47, + 57 + ], + "timingTextRange": [ + 65, + 85 + ], + "post_condition": "(lift_mode = wing_borne)", + "responseTextRange": [ + 87, + 116 + ], + "diagramVariables": "CC = (lift_mode = wing_borne & kias > 90.0), Response = (lift_mode = wing_borne).", + "description": "ENFORCED: in the interval defined by the entire execution.\nTRIGGER: every point in the interval where (lift_mode = wing_borne & kias > 90.0) is true.\nREQUIRES: for every trigger, RES must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_noTrigger_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((lift_mode = wing_borne) & (kias > 90.0))", + "regular_condition_unexp_ft": "((lift_mode = wing_borne) & (kias > 90.0))", + "regular_condition_SMV_pt": "((lift_mode = wing_borne) & (kias > 90.0))", + "regular_condition_SMV_ft": "((lift_mode = wing_borne) & (kias > 90.0))", + "post_condition_unexp_pt": "(lift_mode = wing_borne)", + "post_condition_unexp_ft": "(lift_mode = wing_borne)", + "post_condition_SMV_pt": "(lift_mode = wing_borne)", + "post_condition_SMV_ft": "(lift_mode = wing_borne)", + "ft_fetched": "(LAST V ($regular_condition_unexp_ft$ -> (LAST | (X $post_condition_unexp_ft$))))", + "ft": "(LAST V (((lift_mode = wing_borne) & (kias > 90.0)) -> (LAST | (X (lift_mode = wing_borne)))))", + "pt_fetched": "(H ((Y $regular_condition_unexp_pt$) -> ($post_condition_unexp_pt$ | FTP)))", + "pt": "(H ((Y ((lift_mode = wing_borne) & (kias > 90.0))) -> ((lift_mode = wing_borne) | FTP)))", + "ptExpanded_fetched": "(H ((Y $regular_condition_SMV_pt$) -> ($post_condition_SMV_pt$ | (! (Y TRUE)))))", + "ptExpanded": "(H ((Y ((lift_mode = wing_borne) & (kias > 90.0))) -> ((lift_mode = wing_borne) | (! (Y TRUE)))))", + "CoCoSpecCode": "H((YtoPre(((lift_mode = wing_borne) and (kias > 90.0))) => ((lift_mode = wing_borne) or not (YtoPre(true)))))", + "ftExpanded_fetched": "(LAST V ($regular_condition_SMV_ft$ -> (LAST | (X $post_condition_SMV_ft$))))", + "ftExpandedUnoptimized": "(LAST V (((lift_mode = wing_borne) & (kias > 90.0)) -> (LAST | (X (lift_mode = wing_borne)))))", + "ftExpanded": "(LAST V (((lift_mode = wing_borne) & (kias > 90.0)) -> (LAST | (X (lift_mode = wing_borne)))))", + "ftInfAUExpanded_fetched": "(G ($regular_condition_SMV_ft$ -> (X $post_condition_SMV_ft$)))", + "ftInfAUExpanded": "(G (((lift_mode = wing_borne) & (kias > 90.0)) -> (X (lift_mode = wing_borne))))", + "component": "vehicle" + }, + "_id": "LPC_WB_STAY_ON_NEXT" + } + ], + "variables": [ + { + "project": "LPC_mini", + "component_name": "vehicle", + "variable_name": "hover_control_mode", + "reqs": [ + "LPC_TB_STAY_ON_NEXT", + "LPC_STB_STAY_ON_NEXT", + "LPC_STB_TO_TB", + "LPC_TB_TO_STB", + "LPC_INIT_HOVER_MODE" + ], + "dataType": "boolean", + "idType": "Output", + "moduleName": "", + "description": "", + "assignment": "", + "copilotAssignment": "", + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modelComponent": "", + "completed": true, + "_id": "LPC_minivehiclehover_control_mode" + }, + { + "project": "LPC_mini", + "component_name": "vehicle", + "variable_name": "kgs", + "reqs": [ + "LPC_TB_STAY_ON_NEXT", + "LPC_STB_STAY_ON_NEXT", + "LPC_STB_TO_TB", + "LPC_TB_TO_STB", + "LPC_KIAS_KGS", + "LPC_INIT_HOVER_MODE" + ], + "dataType": "double", + "idType": "Output", + "moduleName": "", + "description": "", + "assignment": "", + "copilotAssignment": "", + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modelComponent": "", + "completed": true, + "_id": "LPC_minivehiclekgs" + }, + { + "project": "LPC_mini", + "component_name": "vehicle", + "variable_name": "kias", + "reqs": [ + "LPC_STB_STAY_ON_NEXT", + "LPC_SWB_TO_STB", + "LPC_STB_TO_SWB", + "LPC_SWB_TO_WB", + "LPC_INIT_LIFT_MODE", + "LPC_INIT_KIAS", + "LPC_KIAS_KGS", + "LPC_KIAS_DERIVATIVE", + "LPC_WB_TO_SWB", + "LPC_KIAS_0", + "LPC_SWB_STAY_ON_NEXT", + "LPC_WB_STAY_ON_NEXT" + ], + "dataType": "double", + "idType": "Output", + "moduleName": "", + "description": "", + "assignment": "", + "copilotAssignment": "", + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modelComponent": "", + "completed": true, + "_id": "LPC_minivehiclekias" + }, + { + "project": "LPC_mini", + "component_name": "vehicle", + "variable_name": "lift_mode", + "reqs": [ + "LPC_TB_STAY_ON_NEXT", + "LPC_STB_STAY_ON_NEXT", + "LPC_REACH_HOVER_12", + "LPC_SWB_TO_STB", + "LPC_STB_TO_SWB", + "LPC_STB_TO_TB", + "LPC_SWB_TO_WB", + "LPC_TB_TO_STB", + "LPC_INIT_LIFT_MODE", + "LPC_LIFT_MODE", + "LPC_WB_TO_SWB", + "LPC_REACH_HOVER_06", + "LPC_SWB_STAY_ON_NEXT", + "LPC_WB_STAY_ON_NEXT" + ], + "dataType": "integer", + "idType": "Output", + "moduleName": "", + "description": "", + "assignment": "", + "copilotAssignment": "", + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modelComponent": "", + "completed": true, + "_id": "LPC_minivehiclelift_mode" + }, + { + "project": "LPC_mini", + "component_name": "vehicle", + "variable_name": "semi_thrust_borne", + "reqs": [ + "LPC_STB_STAY_ON_NEXT", + "LPC_SWB_TO_STB", + "LPC_STB_TO_SWB", + "LPC_STB_TO_TB", + "LPC_TB_TO_STB", + "LPC_LIFT_MODE" + ], + "dataType": "integer", + "idType": "Internal", + "moduleName": "", + "description": "1", + "assignment": "1", + "copilotAssignment": "", + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modelComponent": "", + "completed": true, + "_id": "LPC_minivehiclesemi_thrust_borne" + }, + { + "project": "LPC_mini", + "component_name": "vehicle", + "variable_name": "semi_wing_borne", + "reqs": [ + "LPC_SWB_TO_STB", + "LPC_STB_TO_SWB", + "LPC_SWB_TO_WB", + "LPC_LIFT_MODE", + "LPC_WB_TO_SWB", + "LPC_SWB_STAY_ON_NEXT" + ], + "dataType": "integer", + "idType": "Internal", + "moduleName": "", + "description": "2", + "assignment": "2", + "copilotAssignment": "", + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modelComponent": "", + "completed": true, + "_id": "LPC_minivehiclesemi_wing_borne" + }, + { + "project": "LPC_mini", + "component_name": "vehicle", + "variable_name": "thrust_borne", + "reqs": [ + "LPC_TB_STAY_ON_NEXT", + "LPC_REACH_HOVER_12", + "LPC_STB_TO_TB", + "LPC_TB_TO_STB", + "LPC_LIFT_MODE", + "LPC_REACH_HOVER_06" + ], + "dataType": "integer", + "idType": "Internal", + "moduleName": "", + "description": "0", + "assignment": "0", + "copilotAssignment": "", + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modelComponent": "", + "completed": true, + "_id": "LPC_minivehiclethrust_borne" + }, + { + "project": "LPC_mini", + "component_name": "vehicle", + "variable_name": "wing_borne", + "reqs": [ + "LPC_SWB_TO_WB", + "LPC_INIT_LIFT_MODE", + "LPC_LIFT_MODE", + "LPC_WB_TO_SWB", + "LPC_WB_STAY_ON_NEXT" + ], + "dataType": "integer", + "idType": "Internal", + "moduleName": "", + "description": "3", + "assignment": "3", + "copilotAssignment": "", + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modelComponent": "", + "completed": true, + "_id": "LPC_minivehiclewing_borne" + } + ] +} diff --git a/fret-pipeline/.archive/specs/fretRequirementsVariables.json b/fret-pipeline/.archive/specs/fretRequirementsVariables.json new file mode 100644 index 0000000..55fcd2d --- /dev/null +++ b/fret-pipeline/.archive/specs/fretRequirementsVariables.json @@ -0,0 +1,1036 @@ +{ + "requirements": [ + { + "reqid": "PWR-0100", + "parent_reqid": "PWR-0000", + "project": "PWR_Hybrid", + "rationale": "", + "comments": "", + "fulltext": "If SCRAM DRC shall immediately satisfy !OP_MODE", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "immediately", + "response": "satisfaction", + "variables": [ + "SCRAM", + "OP_MODE" + ], + "qualifier_word": "if", + "pre_condition": "(SCRAM)", + "regular_condition": "(SCRAM)", + "conditionTextRange": [ + 0, + 7 + ], + "component_name": "DRC", + "componentTextRange": [ + 9, + 11 + ], + "timingTextRange": [ + 19, + 29 + ], + "post_condition": "(! OP_MODE)", + "responseTextRange": [ + 31, + 46 + ], + "diagramVariables": "TC = (SCRAM), Response = (! OP_MODE).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (SCRAM) is true and any point in the interval where (SCRAM) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, if trigger holds then (! OP_MODE) also holds at the same time point.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (SCRAM) is true and any point in the interval where (SCRAM) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, if trigger holds then (! OP_MODE) also holds at the same time point.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_immediately_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "SCRAM", + "regular_condition_unexp_ft": "SCRAM", + "regular_condition_unexp_pctl": "SCRAM", + "regular_condition_SMV_pt": "SCRAM", + "regular_condition_SMV_ft": "SCRAM", + "regular_condition_MLTL_ft": "SCRAM", + "regular_condition_PRISM_pctl": "SCRAM", + "post_condition_unexp_pt": "(! OP_MODE)", + "post_condition_unexp_ft": "(! OP_MODE)", + "post_condition_unexp_pctl": "(! OP_MODE)", + "post_condition_SMV_pt": "(! OP_MODE)", + "post_condition_SMV_ft": "(! OP_MODE)", + "post_condition_MLTL_ft": "(! OP_MODE)", + "post_condition_PRISM_pctl": "(! OP_MODE)", + "ft": "((LAST V (((! SCRAM) & ((! LAST) & (X SCRAM))) -> (X (! OP_MODE)))) & (SCRAM -> (! OP_MODE)))", + "pt": "(H ((SCRAM & (Z (! SCRAM))) -> (! OP_MODE)))", + "pctl": "P>=1[((G (((! SCRAM) & (X SCRAM)) => (X (P>=1[(! OP_MODE)])))) & (SCRAM => (P>=1[(! OP_MODE)])))]", + "ptExpanded": "(H ((SCRAM & (Z (! SCRAM))) -> (! OP_MODE)))", + "CoCoSpecCode": "H(((SCRAM and ZtoPre(not (SCRAM))) => not (OP_MODE)))", + "ftExpanded": "((LAST V (((! SCRAM) & ((! LAST) & (X SCRAM))) -> (X (! OP_MODE)))) & (SCRAM -> (! OP_MODE)))", + "pctlExpanded": "P>=1[((G (((! SCRAM) & (X SCRAM)) => (X (P>=1[(! OP_MODE)])))) & (SCRAM => (P>=1[(! OP_MODE)])))]", + "ftInfAUExpanded": "((G (((! SCRAM) & (X SCRAM)) -> (X (! OP_MODE)))) & (SCRAM -> (! OP_MODE)))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[1,1] p1))) & (p0 -> p1))", + "WESTMapping": "p0: SCRAM
p1: (! OP_MODE)", + "R2U2Code": "((((! SCRAM) && (F[1,1] SCRAM)) -> (F[1,1] (! OP_MODE))) && (((TAU == 0) && SCRAM) -> (! OP_MODE)))", + "component": "DRC" + }, + "_id": "1af49c60-2f9f-11f1-bda7-b107d916a2e5" + }, + { + "reqid": "PWR-0202", + "parent_reqid": "PWR-0201", + "project": "PWR_Hybrid", + "rationale": "this is the opposite of PWR-1001. If not in op mode, never be in heatup, load following.", + "comments": "", + "fulltext": "While !OP_MODE DRC shall always satisfy (Heatup | Load_Follow)", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "in" + }, + "condition": "null", + "probability": "null", + "timing": "always", + "response": "satisfaction", + "variables": [ + "OP_MODE", + "Heatup", + "Load_Follow" + ], + "scope_mode": "(! OP_MODE)", + "scopeTextRange": [ + 0, + 13 + ], + "component_name": "DRC", + "componentTextRange": [ + 15, + 17 + ], + "timingTextRange": [ + 25, + 30 + ], + "post_condition": "(( Heatup | Load_Follow ))", + "responseTextRange": [ + 32, + 61 + ], + "diagramVariables": "M = (! OP_MODE), Response = (( Heatup | Load_Follow )).", + "description": "SCOPE: in every interval where (! OP_MODE) holds.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, (( Heatup | Load_Follow )) must hold at all time points between (and including) the trigger and the end of the interval.", + "probabilistic_description": "SCOPE: in every interval where (! OP_MODE) holds.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (( Heatup | Load_Follow )) must hold at all time points between (and including) the trigger and the end of the interval.", + "diagram": "_media/user-interface/examples/svgDiagrams/in_null_always_satisfaction.svg", + "scope_mode_pt": "(! OP_MODE)", + "scope_mode_ft": "(! OP_MODE)", + "scope_mode_pctl": "(! OP_MODE)", + "post_condition_unexp_pt": "(Heatup | Load_Follow)", + "post_condition_unexp_ft": "(Heatup | Load_Follow)", + "post_condition_unexp_pctl": "(Heatup | Load_Follow)", + "post_condition_SMV_pt": "(Heatup | Load_Follow)", + "post_condition_SMV_ft": "(Heatup | Load_Follow)", + "post_condition_MLTL_ft": "(Heatup | Load_Follow)", + "post_condition_PRISM_pctl": "(Heatup | Load_Follow)", + "ft": "(LAST V ((! OP_MODE) -> (Heatup | Load_Follow)))", + "pt": "(H ((! OP_MODE) -> (Heatup | Load_Follow)))", + "pctl": "P>=1[((G ((! (Fin_(! OP_MODE) & (! LAST))) | (X (P>=1[(Lin_(! OP_MODE) R (Heatup | Load_Follow))])))) & ((! OP_MODE) => (Lin_(! OP_MODE) | (P>=1[(Lin_(! OP_MODE) R (Heatup | Load_Follow))]))))]", + "ptExpanded": "(H ((! OP_MODE) -> (Heatup | Load_Follow)))", + "CoCoSpecCode": "H((not (OP_MODE) => (Heatup or Load_Follow)))", + "ftExpanded": "(LAST V ((! OP_MODE) -> (Heatup | Load_Follow)))", + "pctlExpanded": "P>=1[((G ((! (((! (! OP_MODE)) & (X (! OP_MODE))) & (! false))) | (X (P>=1[(((! OP_MODE) & (X (! (! OP_MODE)))) R (Heatup | Load_Follow))])))) & ((! OP_MODE) => (((! OP_MODE) & (X (! (! OP_MODE)))) | (P>=1[(((! OP_MODE) & (X (! (! OP_MODE)))) R (Heatup | Load_Follow))]))))]", + "ftInfAUExpanded": "(G ((! OP_MODE) -> (Heatup | Load_Follow)))", + "mltlExpanded": "(G[0,M] (p0 -> p1))", + "WESTMapping": "p0: (! OP_MODE)
p1: (Heatup | Load_Follow)", + "R2U2Code": "((! OP_MODE) -> (Heatup || Load_Follow))", + "component": "DRC" + }, + "_id": "29bfe300-31e1-11f1-820b-8f6ab14cd565" + }, + { + "reqid": "PWR-0201", + "parent_reqid": "", + "project": "PWR_Hybrid", + "rationale": "When in operating mode, the DRC shall always be in heatup or load following mode, but not both at once. The DRC will also not be in cold shutdown or SCRAM.", + "comments": "", + "fulltext": "When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown)", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "always", + "response": "satisfaction", + "variables": [ + "OP_MODE", + "Heatup", + "Load_Follow", + "SCRAM", + "Cold_Shutdown" + ], + "qualifier_word": "when", + "pre_condition": "(OP_MODE)", + "regular_condition": "(OP_MODE)", + "conditionTextRange": [ + 0, + 11 + ], + "component_name": "DRC", + "componentTextRange": [ + 13, + 15 + ], + "timingTextRange": [ + 23, + 28 + ], + "post_condition": "(( Heatup | Load_Follow ) & ! ( ! Heatup & ! Load_Follow ) & ! ( SCRAM | Cold_Shutdown ))", + "responseTextRange": [ + 30, + 114 + ], + "diagramVariables": "TC = (OP_MODE), Response = (( Heatup | Load_Follow ) & ! ( ! Heatup & ! Load_Follow ) & ! ( SCRAM | Cold_Shutdown )).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (OP_MODE) is true and any point in the interval where (OP_MODE) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (( Heatup | Load_Follow ) & ! ( ! Heatup & ! Load_Follow ) & ! ( SCRAM | Cold_Shutdown )) must hold at all time points between (and including) the trigger and the end of the interval.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (OP_MODE) is true and any point in the interval where (OP_MODE) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (( Heatup | Load_Follow ) & ! ( ! Heatup & ! Load_Follow ) & ! ( SCRAM | Cold_Shutdown )) must hold at all time points between (and including) the trigger and the end of the interval.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_always_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "OP_MODE", + "regular_condition_unexp_ft": "OP_MODE", + "regular_condition_unexp_pctl": "OP_MODE", + "regular_condition_SMV_pt": "OP_MODE", + "regular_condition_SMV_ft": "OP_MODE", + "regular_condition_MLTL_ft": "OP_MODE", + "regular_condition_PRISM_pctl": "OP_MODE", + "post_condition_unexp_pt": "(((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown)))", + "post_condition_unexp_ft": "(((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown)))", + "post_condition_unexp_pctl": "(((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown)))", + "post_condition_SMV_pt": "(((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown)))", + "post_condition_SMV_ft": "(((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown)))", + "post_condition_MLTL_ft": "(((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown)))", + "post_condition_PRISM_pctl": "(((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown)))", + "ft": "((LAST V (((! OP_MODE) & ((! LAST) & (X OP_MODE))) -> (X (LAST V (((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown))))))) & (OP_MODE -> (LAST V (((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown))))))", + "pt": "(H ((H (! OP_MODE)) | (((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown)))))", + "pctl": "P>=1[((G (((! OP_MODE) & (X OP_MODE)) => (X (P>=1[(G (((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown))))])))) & (OP_MODE => (P>=1[(G (((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown))))])))]", + "ptExpanded": "(H ((H (! OP_MODE)) | ((Heatup | Load_Follow) & (! (SCRAM | Cold_Shutdown)))))", + "CoCoSpecCode": "H((H(not (OP_MODE)) or ((Heatup or Load_Follow) and not ((SCRAM or Cold_Shutdown)))))", + "ftExpanded": "((LAST V (((! OP_MODE) & ((! LAST) & (X OP_MODE))) -> (X (LAST V ((Heatup | Load_Follow) & (! (SCRAM | Cold_Shutdown))))))) & (OP_MODE -> (LAST V ((Heatup | Load_Follow) & (! (SCRAM | Cold_Shutdown))))))", + "pctlExpanded": "P>=1[((G (((! OP_MODE) & (X OP_MODE)) => (X (P>=1[(G (((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown))))])))) & (OP_MODE => (P>=1[(G (((Heatup | Load_Follow) & (! ((! Heatup) & (! Load_Follow)))) & (! (SCRAM | Cold_Shutdown))))])))]", + "ftInfAUExpanded": "((G (((! OP_MODE) & (X OP_MODE)) -> (X (G ((Heatup | Load_Follow) & (! (SCRAM | Cold_Shutdown))))))) & (OP_MODE -> (G ((Heatup | Load_Follow) & (! (SCRAM | Cold_Shutdown))))))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (G[1,M] p1))) & (p0 -> (G[0,M] p1)))", + "WESTMapping": "p0: OP_MODE
p1: ((Heatup | Load_Follow) & (! (SCRAM | Cold_Shutdown)))", + "R2U2Code": "((((! OP_MODE) && (F[1,1] OP_MODE)) -> (G[1,M] ((Heatup || Load_Follow) && (! (SCRAM || Cold_Shutdown))))) && (((TAU == 0) && OP_MODE) -> (G[0,M] ((Heatup || Load_Follow) && (! (SCRAM || Cold_Shutdown))))))", + "component": "DRC" + }, + "_id": "3a0697b0-2f91-11f1-bda7-b107d916a2e5" + }, + { + "reqid": "PWR-0200", + "parent_reqid": "", + "project": "PWR_Hybrid", + "rationale": "", + "comments": "", + "fulltext": "While OP_MODE DRC shall always satisfy Heatup | Load_Follow", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "in" + }, + "condition": "null", + "probability": "null", + "timing": "always", + "response": "satisfaction", + "variables": [ + "OP_MODE", + "Heatup", + "Load_Follow" + ], + "scope_mode": "(OP_MODE)", + "scopeTextRange": [ + 0, + 12 + ], + "component_name": "DRC", + "componentTextRange": [ + 14, + 16 + ], + "timingTextRange": [ + 24, + 29 + ], + "post_condition": "(Heatup | Load_Follow)", + "responseTextRange": [ + 31, + 58 + ], + "diagramVariables": "M = (OP_MODE), Response = (Heatup | Load_Follow).", + "description": "SCOPE: in every interval where (OP_MODE) holds.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, (Heatup | Load_Follow) must hold at all time points between (and including) the trigger and the end of the interval.", + "probabilistic_description": "SCOPE: in every interval where (OP_MODE) holds.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (Heatup | Load_Follow) must hold at all time points between (and including) the trigger and the end of the interval.", + "diagram": "_media/user-interface/examples/svgDiagrams/in_null_always_satisfaction.svg", + "scope_mode_pt": "OP_MODE", + "scope_mode_ft": "OP_MODE", + "scope_mode_pctl": "OP_MODE", + "post_condition_unexp_pt": "(Heatup | Load_Follow)", + "post_condition_unexp_ft": "(Heatup | Load_Follow)", + "post_condition_unexp_pctl": "(Heatup | Load_Follow)", + "post_condition_SMV_pt": "(Heatup | Load_Follow)", + "post_condition_SMV_ft": "(Heatup | Load_Follow)", + "post_condition_MLTL_ft": "(Heatup | Load_Follow)", + "post_condition_PRISM_pctl": "(Heatup | Load_Follow)", + "ft": "(LAST V (OP_MODE -> (Heatup | Load_Follow)))", + "pt": "(H (OP_MODE -> (Heatup | Load_Follow)))", + "pctl": "P>=1[((G ((! (Fin_OP_MODE & (! LAST))) | (X (P>=1[(Lin_OP_MODE R (Heatup | Load_Follow))])))) & (OP_MODE => (Lin_OP_MODE | (P>=1[(Lin_OP_MODE R (Heatup | Load_Follow))]))))]", + "ptExpanded": "(H (OP_MODE -> (Heatup | Load_Follow)))", + "CoCoSpecCode": "H((OP_MODE => (Heatup or Load_Follow)))", + "ftExpanded": "(LAST V (OP_MODE -> (Heatup | Load_Follow)))", + "pctlExpanded": "P>=1[((G ((! (((! OP_MODE) & (X OP_MODE)) & (! false))) | (X (P>=1[((OP_MODE & (X (! OP_MODE))) R (Heatup | Load_Follow))])))) & (OP_MODE => ((OP_MODE & (X (! OP_MODE))) | (P>=1[((OP_MODE & (X (! OP_MODE))) R (Heatup | Load_Follow))]))))]", + "ftInfAUExpanded": "(G (OP_MODE -> (Heatup | Load_Follow)))", + "mltlExpanded": "(G[0,M] (p0 -> p1))", + "WESTMapping": "p0: OP_MODE
p1: (Heatup | Load_Follow)", + "R2U2Code": "(OP_MODE -> (Heatup || Load_Follow))", + "component": "DRC" + }, + "_id": "50de1300-2fa0-11f1-b1b5-5117d78e7f0f" + }, + { + "reqid": "PWR-3002", + "parent_reqid": "", + "project": "PWR_Hybrid", + "rationale": "The reactor will never be in heatup mode longer than a predetermined maximum heatup duration, or else it will trigger a scram.", + "comments": "", + "fulltext": "if t_max_exceeded DRC shall at the next timepoint satisfy SCRAM", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "t_max_exceeded", + "SCRAM" + ], + "qualifier_word": "if", + "pre_condition": "(t_max_exceeded)", + "regular_condition": "(t_max_exceeded)", + "conditionTextRange": [ + 0, + 16 + ], + "component_name": "DRC", + "componentTextRange": [ + 18, + 20 + ], + "timingTextRange": [ + 28, + 48 + ], + "post_condition": "(SCRAM)", + "responseTextRange": [ + 50, + 62 + ], + "diagramVariables": "TC = (t_max_exceeded), Response = (SCRAM).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (t_max_exceeded) is true and any point in the interval where (t_max_exceeded) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (SCRAM) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (t_max_exceeded) is true and any point in the interval where (t_max_exceeded) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (SCRAM) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "t_max_exceeded", + "regular_condition_unexp_ft": "t_max_exceeded", + "regular_condition_unexp_pctl": "t_max_exceeded", + "regular_condition_SMV_pt": "t_max_exceeded", + "regular_condition_SMV_ft": "t_max_exceeded", + "regular_condition_MLTL_ft": "t_max_exceeded", + "regular_condition_PRISM_pctl": "t_max_exceeded", + "post_condition_unexp_pt": "SCRAM", + "post_condition_unexp_ft": "SCRAM", + "post_condition_unexp_pctl": "SCRAM", + "post_condition_SMV_pt": "SCRAM", + "post_condition_SMV_ft": "SCRAM", + "post_condition_MLTL_ft": "SCRAM", + "post_condition_PRISM_pctl": "SCRAM", + "ft": "((LAST V (((! t_max_exceeded) & ((! LAST) & (X t_max_exceeded))) -> (X (LAST | (X SCRAM))))) & (t_max_exceeded -> (LAST | (X SCRAM))))", + "pt": "(H ((Y (t_max_exceeded & (Z (! t_max_exceeded)))) -> (SCRAM | (Z FALSE))))", + "pctl": "P>=1[((G (((! t_max_exceeded) & (X t_max_exceeded)) => (X (P>=1[(LAST | (X SCRAM))])))) & (t_max_exceeded => (P>=1[(LAST | (X SCRAM))])))]", + "ptExpanded": "(H ((Y (t_max_exceeded & (Z (! t_max_exceeded)))) -> (SCRAM | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((t_max_exceeded and ZtoPre(not (t_max_exceeded)))) => (SCRAM or ZtoPre(false))))", + "ftExpanded": "((LAST V (((! t_max_exceeded) & ((! LAST) & (X t_max_exceeded))) -> (X (LAST | (X SCRAM))))) & (t_max_exceeded -> (LAST | (X SCRAM))))", + "pctlExpanded": "P>=1[((G (((! t_max_exceeded) & (X t_max_exceeded)) => (X (P>=1[(false | (X SCRAM))])))) & (t_max_exceeded => (P>=1[(false | (X SCRAM))])))]", + "ftInfAUExpanded": "((G (((! t_max_exceeded) & (X t_max_exceeded)) -> (X (X SCRAM)))) & (t_max_exceeded -> (X SCRAM)))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[2,2] p1))) & (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: t_max_exceeded
p1: SCRAM", + "R2U2Code": "((((! t_max_exceeded) && (F[1,1] t_max_exceeded)) -> (F[2,2] SCRAM)) && (((TAU == 0) && t_max_exceeded) -> (F[1,1] SCRAM)))", + "component": "DRC" + }, + "_id": "96d7c900-2f96-11f1-bda7-b107d916a2e5" + }, + { + "reqid": "PWR-3001", + "parent_reqid": "", + "project": "PWR_Hybrid", + "rationale": "While in heatup mode, the reactor will trip if the rate of average temperature change is above a certain threshold. ", + "comments": "", + "fulltext": "While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "in" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "Heatup", + "t_dot_exceeded", + "SCRAM" + ], + "scope_mode": "(Heatup)", + "scopeTextRange": [ + 0, + 11 + ], + "qualifier_word": "if", + "pre_condition": "(t_dot_exceeded)", + "regular_condition": "(t_dot_exceeded)", + "conditionTextRange": [ + 13, + 29 + ], + "component_name": "DRC", + "componentTextRange": [ + 31, + 33 + ], + "timingTextRange": [ + 41, + 61 + ], + "post_condition": "(SCRAM)", + "responseTextRange": [ + 63, + 75 + ], + "diagramVariables": "M = (Heatup), TC = (t_dot_exceeded), Response = (SCRAM).", + "description": "SCOPE: in every interval where (Heatup) holds.
TRIGGER: first point in the interval if (t_dot_exceeded) is true and any point in the interval where (t_dot_exceeded) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (SCRAM) must hold at the next time step.", + "probabilistic_description": "SCOPE: in every interval where (Heatup) holds.
TRIGGER: first point in the interval if (t_dot_exceeded) is true and any point in the interval where (t_dot_exceeded) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (SCRAM) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/in_regular_next_satisfaction.svg", + "scope_mode_pt": "Heatup", + "scope_mode_ft": "Heatup", + "scope_mode_pctl": "Heatup", + "regular_condition_unexp_pt": "t_dot_exceeded", + "regular_condition_unexp_ft": "t_dot_exceeded", + "regular_condition_unexp_pctl": "t_dot_exceeded", + "regular_condition_SMV_pt": "t_dot_exceeded", + "regular_condition_SMV_ft": "t_dot_exceeded", + "regular_condition_MLTL_ft": "t_dot_exceeded", + "regular_condition_PRISM_pctl": "t_dot_exceeded", + "post_condition_unexp_pt": "SCRAM", + "post_condition_unexp_ft": "SCRAM", + "post_condition_unexp_pctl": "SCRAM", + "post_condition_SMV_pt": "SCRAM", + "post_condition_SMV_ft": "SCRAM", + "post_condition_MLTL_ft": "SCRAM", + "post_condition_PRISM_pctl": "SCRAM", + "ft": "((LAST V ((! (Fin_Heatup & (! LAST))) | (X (((Lin_Heatup | LAST) V (((! t_dot_exceeded) & ((! LAST) & ((X t_dot_exceeded) & (! (Lin_Heatup | LAST))))) -> ((X ((Lin_Heatup | LAST) | (X SCRAM))) & (! (Lin_Heatup | LAST))))) & (t_dot_exceeded -> ((Lin_Heatup | LAST) | (X SCRAM))))))) & (Heatup -> (((Lin_Heatup | LAST) V (((! t_dot_exceeded) & ((! LAST) & ((X t_dot_exceeded) & (! (Lin_Heatup | LAST))))) -> ((X ((Lin_Heatup | LAST) | (X SCRAM))) & (! (Lin_Heatup | LAST))))) & (t_dot_exceeded -> ((Lin_Heatup | LAST) | (X SCRAM))))))", + "pt": "((H (Lin_Heatup -> (Y (((Y (t_dot_exceeded & ((Y (! t_dot_exceeded)) | Fin_Heatup))) -> (SCRAM | Fin_Heatup)) S (((Y (t_dot_exceeded & ((Y (! t_dot_exceeded)) | Fin_Heatup))) -> (SCRAM | Fin_Heatup)) & Fin_Heatup))))) & (((! Lin_Heatup) S ((! Lin_Heatup) & Fin_Heatup)) -> (((Y (t_dot_exceeded & ((Y (! t_dot_exceeded)) | Fin_Heatup))) -> (SCRAM | Fin_Heatup)) S (((Y (t_dot_exceeded & ((Y (! t_dot_exceeded)) | Fin_Heatup))) -> (SCRAM | Fin_Heatup)) & Fin_Heatup))))", + "pctl": "P>=1[((G ((! (Fin_Heatup & (! LAST))) | (X ((Lin_Heatup R (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! Lin_Heatup))) => ((X (P>=1[(Lin_Heatup | ((X SCRAM) & (! Lin_Heatup)))])) & (! Lin_Heatup)))) & (t_dot_exceeded => (P>=1[(Lin_Heatup | ((X SCRAM) & (! Lin_Heatup)))])))))) & (Heatup => (Lin_Heatup | ((Lin_Heatup R (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! Lin_Heatup))) => ((X (P>=1[(Lin_Heatup | ((X SCRAM) & (! Lin_Heatup)))])) & (! Lin_Heatup)))) & (t_dot_exceeded => (P>=1[(Lin_Heatup | ((X SCRAM) & (! Lin_Heatup)))]))))))]", + "ptExpanded": "((H (((! Heatup) & (Y Heatup)) -> (Y (((Y (t_dot_exceeded & ((Y (! t_dot_exceeded)) | (Heatup & (Z (! Heatup)))))) -> (SCRAM | (Heatup & (Z (! Heatup))))) S (((Y (t_dot_exceeded & ((Y (! t_dot_exceeded)) | (Heatup & (Z (! Heatup)))))) -> (SCRAM | (Heatup & (Z (! Heatup))))) & (Heatup & (Z (! Heatup)))))))) & (((! ((! Heatup) & (Y Heatup))) S ((! ((! Heatup) & (Y Heatup))) & (Heatup & (Z (! Heatup))))) -> (((Y (t_dot_exceeded & ((Y (! t_dot_exceeded)) | (Heatup & (Z (! Heatup)))))) -> (SCRAM | (Heatup & (Z (! Heatup))))) S (((Y (t_dot_exceeded & ((Y (! t_dot_exceeded)) | (Heatup & (Z (! Heatup)))))) -> (SCRAM | (Heatup & (Z (! Heatup))))) & (Heatup & (Z (! Heatup)))))))", + "CoCoSpecCode": "(H(((not (Heatup) and YtoPre(Heatup)) => YtoPre(SI((Heatup and ZtoPre(not (Heatup))),(YtoPre((t_dot_exceeded and (YtoPre(not (t_dot_exceeded)) or (Heatup and ZtoPre(not (Heatup)))))) => (SCRAM or (Heatup and ZtoPre(not (Heatup))))))))) and (SI((Heatup and ZtoPre(not (Heatup))),not ((not (Heatup) and YtoPre(Heatup)))) => SI((Heatup and ZtoPre(not (Heatup))),(YtoPre((t_dot_exceeded and (YtoPre(not (t_dot_exceeded)) or (Heatup and ZtoPre(not (Heatup)))))) => (SCRAM or (Heatup and ZtoPre(not (Heatup))))))))", + "ftExpanded": "((LAST V ((! ((((! Heatup) & (! LAST)) & (X Heatup)) & (! LAST))) | (X (((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) V (((! t_dot_exceeded) & ((! LAST) & ((X t_dot_exceeded) & (! (((Heatup & (! LAST)) & (X (! Heatup))) | LAST))))) -> ((X ((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) | (X SCRAM))) & (! (((Heatup & (! LAST)) & (X (! Heatup))) | LAST))))) & (t_dot_exceeded -> ((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) | (X SCRAM))))))) & (Heatup -> (((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) V (((! t_dot_exceeded) & ((! LAST) & ((X t_dot_exceeded) & (! (((Heatup & (! LAST)) & (X (! Heatup))) | LAST))))) -> ((X ((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) | (X SCRAM))) & (! (((Heatup & (! LAST)) & (X (! Heatup))) | LAST))))) & (t_dot_exceeded -> ((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) | (X SCRAM))))))", + "pctlExpanded": "P>=1[((G ((! (((! Heatup) & (X Heatup)) & (! false))) | (X (((Heatup & (X (! Heatup))) R (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! (Heatup & (X (! Heatup)))))) => ((X (P>=1[((Heatup & (X (! Heatup))) | ((X SCRAM) & (! (Heatup & (X (! Heatup))))))])) & (! (Heatup & (X (! Heatup))))))) & (t_dot_exceeded => (P>=1[((Heatup & (X (! Heatup))) | ((X SCRAM) & (! (Heatup & (X (! Heatup))))))])))))) & (Heatup => ((Heatup & (X (! Heatup))) | (((Heatup & (X (! Heatup))) R (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! (Heatup & (X (! Heatup)))))) => ((X (P>=1[((Heatup & (X (! Heatup))) | ((X SCRAM) & (! (Heatup & (X (! Heatup))))))])) & (! (Heatup & (X (! Heatup))))))) & (t_dot_exceeded => (P>=1[((Heatup & (X (! Heatup))) | ((X SCRAM) & (! (Heatup & (X (! Heatup))))))]))))))]", + "ftInfAUExpanded": "((G ((! ((! Heatup) & (X Heatup))) | (X (((Heatup & (X (! Heatup))) V (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! (Heatup & (X (! Heatup)))))) -> ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & (! (Heatup & (X (! Heatup))))))) & (t_dot_exceeded -> ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (Heatup -> (((Heatup & (X (! Heatup))) V (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! (Heatup & (X (! Heatup)))))) -> ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & (! (Heatup & (X (! Heatup))))))) & (t_dot_exceeded -> ((Heatup & (X (! Heatup))) | (X SCRAM))))))", + "mltlExpanded": "((G[0,M] (((p0 & ((! p1) & ((F[1,1] p1) & (F[1,1] p0)))) -> ((F[2,2] (! p0)) | (F[2,2] p2))) & (((! p0) & (F[1,1] p0)) -> (F[1,1] (p1 -> ((F[1,1] (! p0)) | (F[1,1] p2))))))) & ((p0 & p1) -> ((F[1,1] (! p0)) | (F[1,1] p2))))", + "WESTMapping": "p0: Heatup
p1: t_dot_exceeded
p2: SCRAM", + "R2U2Code": "((((Heatup && ((! t_dot_exceeded) && ((F[1,1] t_dot_exceeded) && (F[1,1] Heatup)))) -> ((F[2,2] (! Heatup)) || (F[2,2] SCRAM))) && (((! Heatup) && (F[1,1] Heatup)) -> (F[1,1] (t_dot_exceeded -> ((F[1,1] (! Heatup)) || (F[1,1] SCRAM)))))) && (((TAU == 0) && (Heatup && t_dot_exceeded)) -> ((F[1,1] (! Heatup)) || (F[1,1] SCRAM))))", + "component": "DRC" + }, + "_id": "a6665110-2f92-11f1-bda7-b107d916a2e5" + }, + { + "reqid": "PWR-2001", + "parent_reqid": "", + "project": "PWR_Hybrid", + "rationale": "When the reactor is in cold shutdown, it will only enter op mode (and heatup), when the STARTUP command is initiated. ", + "comments": "", + "fulltext": "While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "in" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "SCRAM", + "Cold_Shutdown", + "STARTUP", + "OP_MODE", + "Heatup" + ], + "scope_mode": "(! SCRAM)", + "scopeTextRange": [ + 0, + 11 + ], + "qualifier_word": "if", + "pre_condition": "(Cold_Shutdown & STARTUP)", + "regular_condition": "(Cold_Shutdown & STARTUP)", + "conditionTextRange": [ + 13, + 38 + ], + "component_name": "DRC", + "componentTextRange": [ + 40, + 42 + ], + "timingTextRange": [ + 50, + 70 + ], + "post_condition": "(OP_MODE & Heatup)", + "responseTextRange": [ + 72, + 95 + ], + "diagramVariables": "M = (! SCRAM), TC = (Cold_Shutdown & STARTUP), Response = (OP_MODE & Heatup).", + "description": "SCOPE: in every interval where (! SCRAM) holds.
TRIGGER: first point in the interval if (Cold_Shutdown & STARTUP) is true and any point in the interval where (Cold_Shutdown & STARTUP) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (OP_MODE & Heatup) must hold at the next time step.", + "probabilistic_description": "SCOPE: in every interval where (! SCRAM) holds.
TRIGGER: first point in the interval if (Cold_Shutdown & STARTUP) is true and any point in the interval where (Cold_Shutdown & STARTUP) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (OP_MODE & Heatup) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/in_regular_next_satisfaction.svg", + "scope_mode_pt": "(! SCRAM)", + "scope_mode_ft": "(! SCRAM)", + "scope_mode_pctl": "(! SCRAM)", + "regular_condition_unexp_pt": "(Cold_Shutdown & STARTUP)", + "regular_condition_unexp_ft": "(Cold_Shutdown & STARTUP)", + "regular_condition_unexp_pctl": "(Cold_Shutdown & STARTUP)", + "regular_condition_SMV_pt": "(Cold_Shutdown & STARTUP)", + "regular_condition_SMV_ft": "(Cold_Shutdown & STARTUP)", + "regular_condition_MLTL_ft": "(Cold_Shutdown & STARTUP)", + "regular_condition_PRISM_pctl": "(Cold_Shutdown & STARTUP)", + "post_condition_unexp_pt": "(OP_MODE & Heatup)", + "post_condition_unexp_ft": "(OP_MODE & Heatup)", + "post_condition_unexp_pctl": "(OP_MODE & Heatup)", + "post_condition_SMV_pt": "(OP_MODE & Heatup)", + "post_condition_SMV_ft": "(OP_MODE & Heatup)", + "post_condition_MLTL_ft": "(OP_MODE & Heatup)", + "post_condition_PRISM_pctl": "(OP_MODE & Heatup)", + "ft": "((LAST V ((! (Fin_(! SCRAM) & (! LAST))) | (X (((Lin_(! SCRAM) | LAST) V (((! (Cold_Shutdown & STARTUP)) & ((! LAST) & ((X (Cold_Shutdown & STARTUP)) & (! (Lin_(! SCRAM) | LAST))))) -> ((X ((Lin_(! SCRAM) | LAST) | (X (OP_MODE & Heatup)))) & (! (Lin_(! SCRAM) | LAST))))) & ((Cold_Shutdown & STARTUP) -> ((Lin_(! SCRAM) | LAST) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) -> (((Lin_(! SCRAM) | LAST) V (((! (Cold_Shutdown & STARTUP)) & ((! LAST) & ((X (Cold_Shutdown & STARTUP)) & (! (Lin_(! SCRAM) | LAST))))) -> ((X ((Lin_(! SCRAM) | LAST) | (X (OP_MODE & Heatup)))) & (! (Lin_(! SCRAM) | LAST))))) & ((Cold_Shutdown & STARTUP) -> ((Lin_(! SCRAM) | LAST) | (X (OP_MODE & Heatup)))))))", + "pt": "((H (Lin_(! SCRAM) -> (Y (((Y ((Cold_Shutdown & STARTUP) & ((Y (! (Cold_Shutdown & STARTUP))) | Fin_(! SCRAM)))) -> ((OP_MODE & Heatup) | Fin_(! SCRAM))) S (((Y ((Cold_Shutdown & STARTUP) & ((Y (! (Cold_Shutdown & STARTUP))) | Fin_(! SCRAM)))) -> ((OP_MODE & Heatup) | Fin_(! SCRAM))) & Fin_(! SCRAM)))))) & (((! Lin_(! SCRAM)) S ((! Lin_(! SCRAM)) & Fin_(! SCRAM))) -> (((Y ((Cold_Shutdown & STARTUP) & ((Y (! (Cold_Shutdown & STARTUP))) | Fin_(! SCRAM)))) -> ((OP_MODE & Heatup) | Fin_(! SCRAM))) S (((Y ((Cold_Shutdown & STARTUP) & ((Y (! (Cold_Shutdown & STARTUP))) | Fin_(! SCRAM)))) -> ((OP_MODE & Heatup) | Fin_(! SCRAM))) & Fin_(! SCRAM)))))", + "pctl": "P>=1[((G ((! (Fin_(! SCRAM) & (! LAST))) | (X ((Lin_(! SCRAM) R (((! (Cold_Shutdown & STARTUP)) & ((X (Cold_Shutdown & STARTUP)) & (! Lin_(! SCRAM)))) => ((X (P>=1[(Lin_(! SCRAM) | ((X (OP_MODE & Heatup)) & (! Lin_(! SCRAM))))])) & (! Lin_(! SCRAM))))) & ((Cold_Shutdown & STARTUP) => (P>=1[(Lin_(! SCRAM) | ((X (OP_MODE & Heatup)) & (! Lin_(! SCRAM))))])))))) & ((! SCRAM) => (Lin_(! SCRAM) | ((Lin_(! SCRAM) R (((! (Cold_Shutdown & STARTUP)) & ((X (Cold_Shutdown & STARTUP)) & (! Lin_(! SCRAM)))) => ((X (P>=1[(Lin_(! SCRAM) | ((X (OP_MODE & Heatup)) & (! Lin_(! SCRAM))))])) & (! Lin_(! SCRAM))))) & ((Cold_Shutdown & STARTUP) => (P>=1[(Lin_(! SCRAM) | ((X (OP_MODE & Heatup)) & (! Lin_(! SCRAM))))]))))))]", + "ptExpanded": "((H ((SCRAM & (Y (! SCRAM))) -> (Y (((Y ((Cold_Shutdown & STARTUP) & ((Y (! (Cold_Shutdown & STARTUP))) | ((! SCRAM) & (Z SCRAM))))) -> ((OP_MODE & Heatup) | ((! SCRAM) & (Z SCRAM)))) S (((Y ((Cold_Shutdown & STARTUP) & ((Y (! (Cold_Shutdown & STARTUP))) | ((! SCRAM) & (Z SCRAM))))) -> ((OP_MODE & Heatup) | ((! SCRAM) & (Z SCRAM)))) & ((! SCRAM) & (Z SCRAM))))))) & (((! (SCRAM & (Y (! SCRAM)))) S ((! (SCRAM & (Y (! SCRAM)))) & ((! SCRAM) & (Z SCRAM)))) -> (((Y ((Cold_Shutdown & STARTUP) & ((Y (! (Cold_Shutdown & STARTUP))) | ((! SCRAM) & (Z SCRAM))))) -> ((OP_MODE & Heatup) | ((! SCRAM) & (Z SCRAM)))) S (((Y ((Cold_Shutdown & STARTUP) & ((Y (! (Cold_Shutdown & STARTUP))) | ((! SCRAM) & (Z SCRAM))))) -> ((OP_MODE & Heatup) | ((! SCRAM) & (Z SCRAM)))) & ((! SCRAM) & (Z SCRAM))))))", + "CoCoSpecCode": "(H(((SCRAM and YtoPre(not (SCRAM))) => YtoPre(SI((not (SCRAM) and ZtoPre(SCRAM)),(YtoPre(((Cold_Shutdown and STARTUP) and (YtoPre(not ((Cold_Shutdown and STARTUP))) or (not (SCRAM) and ZtoPre(SCRAM))))) => ((OP_MODE and Heatup) or (not (SCRAM) and ZtoPre(SCRAM)))))))) and (SI((not (SCRAM) and ZtoPre(SCRAM)),not ((SCRAM and YtoPre(not (SCRAM))))) => SI((not (SCRAM) and ZtoPre(SCRAM)),(YtoPre(((Cold_Shutdown and STARTUP) and (YtoPre(not ((Cold_Shutdown and STARTUP))) or (not (SCRAM) and ZtoPre(SCRAM))))) => ((OP_MODE and Heatup) or (not (SCRAM) and ZtoPre(SCRAM)))))))", + "ftExpanded": "((LAST V ((! (((SCRAM & (! LAST)) & (X (! SCRAM))) & (! LAST))) | (X ((((((! SCRAM) & (! LAST)) & (X SCRAM)) | LAST) V (((! (Cold_Shutdown & STARTUP)) & ((! LAST) & ((X (Cold_Shutdown & STARTUP)) & (! ((((! SCRAM) & (! LAST)) & (X SCRAM)) | LAST))))) -> ((X (((((! SCRAM) & (! LAST)) & (X SCRAM)) | LAST) | (X (OP_MODE & Heatup)))) & (! ((((! SCRAM) & (! LAST)) & (X SCRAM)) | LAST))))) & ((Cold_Shutdown & STARTUP) -> (((((! SCRAM) & (! LAST)) & (X SCRAM)) | LAST) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) -> ((((((! SCRAM) & (! LAST)) & (X SCRAM)) | LAST) V (((! (Cold_Shutdown & STARTUP)) & ((! LAST) & ((X (Cold_Shutdown & STARTUP)) & (! ((((! SCRAM) & (! LAST)) & (X SCRAM)) | LAST))))) -> ((X (((((! SCRAM) & (! LAST)) & (X SCRAM)) | LAST) | (X (OP_MODE & Heatup)))) & (! ((((! SCRAM) & (! LAST)) & (X SCRAM)) | LAST))))) & ((Cold_Shutdown & STARTUP) -> (((((! SCRAM) & (! LAST)) & (X SCRAM)) | LAST) | (X (OP_MODE & Heatup)))))))", + "pctlExpanded": "P>=1[((G ((! (((! (! SCRAM)) & (X (! SCRAM))) & (! false))) | (X ((((! SCRAM) & (X (! (! SCRAM)))) R (((! (Cold_Shutdown & STARTUP)) & ((X (Cold_Shutdown & STARTUP)) & (! ((! SCRAM) & (X (! (! SCRAM))))))) => ((X (P>=1[(((! SCRAM) & (X (! (! SCRAM)))) | ((X (OP_MODE & Heatup)) & (! ((! SCRAM) & (X (! (! SCRAM)))))))])) & (! ((! SCRAM) & (X (! (! SCRAM)))))))) & ((Cold_Shutdown & STARTUP) => (P>=1[(((! SCRAM) & (X (! (! SCRAM)))) | ((X (OP_MODE & Heatup)) & (! ((! SCRAM) & (X (! (! SCRAM)))))))])))))) & ((! SCRAM) => (((! SCRAM) & (X (! (! SCRAM)))) | ((((! SCRAM) & (X (! (! SCRAM)))) R (((! (Cold_Shutdown & STARTUP)) & ((X (Cold_Shutdown & STARTUP)) & (! ((! SCRAM) & (X (! (! SCRAM))))))) => ((X (P>=1[(((! SCRAM) & (X (! (! SCRAM)))) | ((X (OP_MODE & Heatup)) & (! ((! SCRAM) & (X (! (! SCRAM)))))))])) & (! ((! SCRAM) & (X (! (! SCRAM)))))))) & ((Cold_Shutdown & STARTUP) => (P>=1[(((! SCRAM) & (X (! (! SCRAM)))) | ((X (OP_MODE & Heatup)) & (! ((! SCRAM) & (X (! (! SCRAM)))))))]))))))]", + "ftInfAUExpanded": "((G ((! (SCRAM & (X (! SCRAM)))) | (X ((((! SCRAM) & (X SCRAM)) V (((! (Cold_Shutdown & STARTUP)) & ((X (Cold_Shutdown & STARTUP)) & (! ((! SCRAM) & (X SCRAM))))) -> ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (! ((! SCRAM) & (X SCRAM)))))) & ((Cold_Shutdown & STARTUP) -> (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) -> ((((! SCRAM) & (X SCRAM)) V (((! (Cold_Shutdown & STARTUP)) & ((X (Cold_Shutdown & STARTUP)) & (! ((! SCRAM) & (X SCRAM))))) -> ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (! ((! SCRAM) & (X SCRAM)))))) & ((Cold_Shutdown & STARTUP) -> (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))", + "mltlExpanded": "((G[0,M] (((p0 & ((! p1) & ((F[1,1] p1) & (F[1,1] p0)))) -> ((F[2,2] (! p0)) | (F[2,2] p2))) & (((! p0) & (F[1,1] p0)) -> (F[1,1] (p1 -> ((F[1,1] (! p0)) | (F[1,1] p2))))))) & ((p0 & p1) -> ((F[1,1] (! p0)) | (F[1,1] p2))))", + "WESTMapping": "p0: (! SCRAM)
p1: (Cold_Shutdown & STARTUP)
p2: (OP_MODE & Heatup)", + "R2U2Code": "(((((! SCRAM) && ((! (Cold_Shutdown && STARTUP)) && ((F[1,1] (Cold_Shutdown && STARTUP)) && (F[1,1] (! SCRAM))))) -> ((F[2,2] SCRAM) || (F[2,2] (OP_MODE && Heatup)))) && ((SCRAM && (F[1,1] (! SCRAM))) -> (F[1,1] ((Cold_Shutdown && STARTUP) -> ((F[1,1] SCRAM) || (F[1,1] (OP_MODE && Heatup))))))) && (((TAU == 0) && ((! SCRAM) && (Cold_Shutdown && STARTUP))) -> ((F[1,1] SCRAM) || (F[1,1] (OP_MODE && Heatup)))))", + "component": "DRC" + }, + "_id": "bfa3ea30-2f91-11f1-bda7-b107d916a2e5" + }, + { + "reqid": "PWR-3003", + "parent_reqid": "", + "project": "PWR_Hybrid", + "rationale": "While in heatup mode, when the reactor reaches the minimum operating temperature, it will transition into load following mode.", + "comments": "", + "fulltext": "While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup)", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "in" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "Heatup", + "t_power_min", + "Load_Follow" + ], + "scope_mode": "(Heatup)", + "scopeTextRange": [ + 0, + 11 + ], + "qualifier_word": "if", + "pre_condition": "(t_power_min)", + "regular_condition": "(t_power_min)", + "conditionTextRange": [ + 13, + 26 + ], + "component_name": "DRC", + "componentTextRange": [ + 28, + 30 + ], + "timingTextRange": [ + 38, + 58 + ], + "post_condition": "(( Load_Follow & ! Heatup ))", + "responseTextRange": [ + 60, + 90 + ], + "diagramVariables": "M = (Heatup), TC = (t_power_min), Response = (( Load_Follow & ! Heatup )).", + "description": "SCOPE: in every interval where (Heatup) holds.
TRIGGER: first point in the interval if (t_power_min) is true and any point in the interval where (t_power_min) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (( Load_Follow & ! Heatup )) must hold at the next time step.", + "probabilistic_description": "SCOPE: in every interval where (Heatup) holds.
TRIGGER: first point in the interval if (t_power_min) is true and any point in the interval where (t_power_min) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (( Load_Follow & ! Heatup )) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/in_regular_next_satisfaction.svg", + "scope_mode_pt": "Heatup", + "scope_mode_ft": "Heatup", + "scope_mode_pctl": "Heatup", + "regular_condition_unexp_pt": "t_power_min", + "regular_condition_unexp_ft": "t_power_min", + "regular_condition_unexp_pctl": "t_power_min", + "regular_condition_SMV_pt": "t_power_min", + "regular_condition_SMV_ft": "t_power_min", + "regular_condition_MLTL_ft": "t_power_min", + "regular_condition_PRISM_pctl": "t_power_min", + "post_condition_unexp_pt": "(Load_Follow & (! Heatup))", + "post_condition_unexp_ft": "(Load_Follow & (! Heatup))", + "post_condition_unexp_pctl": "(Load_Follow & (! Heatup))", + "post_condition_SMV_pt": "(Load_Follow & (! Heatup))", + "post_condition_SMV_ft": "(Load_Follow & (! Heatup))", + "post_condition_MLTL_ft": "(Load_Follow & (! Heatup))", + "post_condition_PRISM_pctl": "(Load_Follow & (! Heatup))", + "ft": "((LAST V ((! (Fin_Heatup & (! LAST))) | (X (((Lin_Heatup | LAST) V (((! t_power_min) & ((! LAST) & ((X t_power_min) & (! (Lin_Heatup | LAST))))) -> ((X ((Lin_Heatup | LAST) | (X (Load_Follow & (! Heatup))))) & (! (Lin_Heatup | LAST))))) & (t_power_min -> ((Lin_Heatup | LAST) | (X (Load_Follow & (! Heatup))))))))) & (Heatup -> (((Lin_Heatup | LAST) V (((! t_power_min) & ((! LAST) & ((X t_power_min) & (! (Lin_Heatup | LAST))))) -> ((X ((Lin_Heatup | LAST) | (X (Load_Follow & (! Heatup))))) & (! (Lin_Heatup | LAST))))) & (t_power_min -> ((Lin_Heatup | LAST) | (X (Load_Follow & (! Heatup))))))))", + "pt": "((H (Lin_Heatup -> (Y (((Y (t_power_min & ((Y (! t_power_min)) | Fin_Heatup))) -> ((Load_Follow & (! Heatup)) | Fin_Heatup)) S (((Y (t_power_min & ((Y (! t_power_min)) | Fin_Heatup))) -> ((Load_Follow & (! Heatup)) | Fin_Heatup)) & Fin_Heatup))))) & (((! Lin_Heatup) S ((! Lin_Heatup) & Fin_Heatup)) -> (((Y (t_power_min & ((Y (! t_power_min)) | Fin_Heatup))) -> ((Load_Follow & (! Heatup)) | Fin_Heatup)) S (((Y (t_power_min & ((Y (! t_power_min)) | Fin_Heatup))) -> ((Load_Follow & (! Heatup)) | Fin_Heatup)) & Fin_Heatup))))", + "pctl": "P>=1[((G ((! (Fin_Heatup & (! LAST))) | (X ((Lin_Heatup R (((! t_power_min) & ((X t_power_min) & (! Lin_Heatup))) => ((X (P>=1[(Lin_Heatup | ((X (Load_Follow & (! Heatup))) & (! Lin_Heatup)))])) & (! Lin_Heatup)))) & (t_power_min => (P>=1[(Lin_Heatup | ((X (Load_Follow & (! Heatup))) & (! Lin_Heatup)))])))))) & (Heatup => (Lin_Heatup | ((Lin_Heatup R (((! t_power_min) & ((X t_power_min) & (! Lin_Heatup))) => ((X (P>=1[(Lin_Heatup | ((X (Load_Follow & (! Heatup))) & (! Lin_Heatup)))])) & (! Lin_Heatup)))) & (t_power_min => (P>=1[(Lin_Heatup | ((X (Load_Follow & (! Heatup))) & (! Lin_Heatup)))]))))))]", + "ptExpanded": "((H (((! Heatup) & (Y Heatup)) -> (Y (((Y (t_power_min & ((Y (! t_power_min)) | (Heatup & (Z (! Heatup)))))) -> ((Load_Follow & (! Heatup)) | (Heatup & (Z (! Heatup))))) S (((Y (t_power_min & ((Y (! t_power_min)) | (Heatup & (Z (! Heatup)))))) -> ((Load_Follow & (! Heatup)) | (Heatup & (Z (! Heatup))))) & (Heatup & (Z (! Heatup)))))))) & (((! ((! Heatup) & (Y Heatup))) S ((! ((! Heatup) & (Y Heatup))) & (Heatup & (Z (! Heatup))))) -> (((Y (t_power_min & ((Y (! t_power_min)) | (Heatup & (Z (! Heatup)))))) -> ((Load_Follow & (! Heatup)) | (Heatup & (Z (! Heatup))))) S (((Y (t_power_min & ((Y (! t_power_min)) | (Heatup & (Z (! Heatup)))))) -> ((Load_Follow & (! Heatup)) | (Heatup & (Z (! Heatup))))) & (Heatup & (Z (! Heatup)))))))", + "CoCoSpecCode": "(H(((not (Heatup) and YtoPre(Heatup)) => YtoPre(SI((Heatup and ZtoPre(not (Heatup))),(YtoPre((t_power_min and (YtoPre(not (t_power_min)) or (Heatup and ZtoPre(not (Heatup)))))) => ((Load_Follow and not (Heatup)) or (Heatup and ZtoPre(not (Heatup))))))))) and (SI((Heatup and ZtoPre(not (Heatup))),not ((not (Heatup) and YtoPre(Heatup)))) => SI((Heatup and ZtoPre(not (Heatup))),(YtoPre((t_power_min and (YtoPre(not (t_power_min)) or (Heatup and ZtoPre(not (Heatup)))))) => ((Load_Follow and not (Heatup)) or (Heatup and ZtoPre(not (Heatup))))))))", + "ftExpanded": "((LAST V ((! ((((! Heatup) & (! LAST)) & (X Heatup)) & (! LAST))) | (X (((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) V (((! t_power_min) & ((! LAST) & ((X t_power_min) & (! (((Heatup & (! LAST)) & (X (! Heatup))) | LAST))))) -> ((X ((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) | (X (Load_Follow & (! Heatup))))) & (! (((Heatup & (! LAST)) & (X (! Heatup))) | LAST))))) & (t_power_min -> ((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) | (X (Load_Follow & (! Heatup))))))))) & (Heatup -> (((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) V (((! t_power_min) & ((! LAST) & ((X t_power_min) & (! (((Heatup & (! LAST)) & (X (! Heatup))) | LAST))))) -> ((X ((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) | (X (Load_Follow & (! Heatup))))) & (! (((Heatup & (! LAST)) & (X (! Heatup))) | LAST))))) & (t_power_min -> ((((Heatup & (! LAST)) & (X (! Heatup))) | LAST) | (X (Load_Follow & (! Heatup))))))))", + "pctlExpanded": "P>=1[((G ((! (((! Heatup) & (X Heatup)) & (! false))) | (X (((Heatup & (X (! Heatup))) R (((! t_power_min) & ((X t_power_min) & (! (Heatup & (X (! Heatup)))))) => ((X (P>=1[((Heatup & (X (! Heatup))) | ((X (Load_Follow & (! Heatup))) & (! (Heatup & (X (! Heatup))))))])) & (! (Heatup & (X (! Heatup))))))) & (t_power_min => (P>=1[((Heatup & (X (! Heatup))) | ((X (Load_Follow & (! Heatup))) & (! (Heatup & (X (! Heatup))))))])))))) & (Heatup => ((Heatup & (X (! Heatup))) | (((Heatup & (X (! Heatup))) R (((! t_power_min) & ((X t_power_min) & (! (Heatup & (X (! Heatup)))))) => ((X (P>=1[((Heatup & (X (! Heatup))) | ((X (Load_Follow & (! Heatup))) & (! (Heatup & (X (! Heatup))))))])) & (! (Heatup & (X (! Heatup))))))) & (t_power_min => (P>=1[((Heatup & (X (! Heatup))) | ((X (Load_Follow & (! Heatup))) & (! (Heatup & (X (! Heatup))))))]))))))]", + "ftInfAUExpanded": "((G ((! ((! Heatup) & (X Heatup))) | (X (((Heatup & (X (! Heatup))) V (((! t_power_min) & ((X t_power_min) & (! (Heatup & (X (! Heatup)))))) -> ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & (! (Heatup & (X (! Heatup))))))) & (t_power_min -> ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (Heatup -> (((Heatup & (X (! Heatup))) V (((! t_power_min) & ((X t_power_min) & (! (Heatup & (X (! Heatup)))))) -> ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & (! (Heatup & (X (! Heatup))))))) & (t_power_min -> ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))", + "mltlExpanded": "((G[0,M] (((p0 & ((! p1) & ((F[1,1] p1) & (F[1,1] p0)))) -> ((F[2,2] (! p0)) | (F[2,2] p2))) & (((! p0) & (F[1,1] p0)) -> (F[1,1] (p1 -> ((F[1,1] (! p0)) | (F[1,1] p2))))))) & ((p0 & p1) -> ((F[1,1] (! p0)) | (F[1,1] p2))))", + "WESTMapping": "p0: Heatup
p1: t_power_min
p2: (Load_Follow & (! Heatup))", + "R2U2Code": "((((Heatup && ((! t_power_min) && ((F[1,1] t_power_min) && (F[1,1] Heatup)))) -> ((F[2,2] (! Heatup)) || (F[2,2] (Load_Follow && (! Heatup))))) && (((! Heatup) && (F[1,1] Heatup)) -> (F[1,1] (t_power_min -> ((F[1,1] (! Heatup)) || (F[1,1] (Load_Follow && (! Heatup)))))))) && (((TAU == 0) && (Heatup && t_power_min)) -> ((F[1,1] (! Heatup)) || (F[1,1] (Load_Follow && (! Heatup))))))", + "component": "DRC" + }, + "_id": "c48fdfd0-2f92-11f1-bda7-b107d916a2e5" + }, + { + "reqid": "PWR-0000", + "parent_reqid": "", + "project": "PWR_Hybrid", + "rationale": "", + "comments": "", + "fulltext": "DRC shall initially satisfy (Cold_Shutdown & !SCRAM)", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "probability": "null", + "timing": "immediately", + "response": "satisfaction", + "variables": [ + "Cold_Shutdown", + "SCRAM" + ], + "component_name": "DRC", + "componentTextRange": [ + 0, + 2 + ], + "timingTextRange": [ + 10, + 18 + ], + "post_condition": "(( Cold_Shutdown & ! SCRAM ))", + "responseTextRange": [ + 20, + 51 + ], + "diagramVariables": "Response = (( Cold_Shutdown & ! SCRAM )).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, if trigger holds then (( Cold_Shutdown & ! SCRAM )) also holds at the same time point.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, if trigger holds then (( Cold_Shutdown & ! SCRAM )) also holds at the same time point.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_immediately_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "(Cold_Shutdown & (! SCRAM))", + "post_condition_unexp_ft": "(Cold_Shutdown & (! SCRAM))", + "post_condition_unexp_pctl": "(Cold_Shutdown & (! SCRAM))", + "post_condition_SMV_pt": "(Cold_Shutdown & (! SCRAM))", + "post_condition_SMV_ft": "(Cold_Shutdown & (! SCRAM))", + "post_condition_MLTL_ft": "(Cold_Shutdown & (! SCRAM))", + "post_condition_PRISM_pctl": "(Cold_Shutdown & (! SCRAM))", + "ft": "(Cold_Shutdown & (! SCRAM))", + "pt": "(H ((Z FALSE) -> (Cold_Shutdown & (! SCRAM))))", + "pctl": "(P>=1[(Cold_Shutdown & (! SCRAM))])", + "ptExpanded": "(H ((Z FALSE) -> (Cold_Shutdown & (! SCRAM))))", + "CoCoSpecCode": "H((ZtoPre(false) => (Cold_Shutdown and not (SCRAM))))", + "ftExpanded": "(Cold_Shutdown & (! SCRAM))", + "pctlExpanded": "(P>=1[(Cold_Shutdown & (! SCRAM))])", + "ftInfAUExpanded": "(Cold_Shutdown & (! SCRAM))", + "mltlExpanded": "p0", + "WESTMapping": "p0: (Cold_Shutdown & (! SCRAM))", + "R2U2Code": "((TAU == 0) -> (Cold_Shutdown && (! SCRAM)))", + "component": "DRC" + }, + "_id": "e4805020-2ec7-11f1-bda7-b107d916a2e5" + }, + { + "reqid": "PWR-0102", + "parent_reqid": "", + "project": "PWR_Hybrid", + "rationale": "If scram is triggered, scram will always be triggered for the rest of time.", + "comments": "", + "fulltext": "If SCRAM DRC shall always satisfy SCRAM", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "always", + "response": "satisfaction", + "variables": [ + "SCRAM" + ], + "qualifier_word": "if", + "pre_condition": "(SCRAM)", + "regular_condition": "(SCRAM)", + "conditionTextRange": [ + 0, + 7 + ], + "component_name": "DRC", + "componentTextRange": [ + 9, + 11 + ], + "timingTextRange": [ + 19, + 24 + ], + "post_condition": "(SCRAM)", + "responseTextRange": [ + 26, + 38 + ], + "diagramVariables": "TC = (SCRAM), Response = (SCRAM).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (SCRAM) is true and any point in the interval where (SCRAM) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (SCRAM) must hold at all time points between (and including) the trigger and the end of the interval.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (SCRAM) is true and any point in the interval where (SCRAM) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (SCRAM) must hold at all time points between (and including) the trigger and the end of the interval.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_always_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "SCRAM", + "regular_condition_unexp_ft": "SCRAM", + "regular_condition_unexp_pctl": "SCRAM", + "regular_condition_SMV_pt": "SCRAM", + "regular_condition_SMV_ft": "SCRAM", + "regular_condition_MLTL_ft": "SCRAM", + "regular_condition_PRISM_pctl": "SCRAM", + "post_condition_unexp_pt": "SCRAM", + "post_condition_unexp_ft": "SCRAM", + "post_condition_unexp_pctl": "SCRAM", + "post_condition_SMV_pt": "SCRAM", + "post_condition_SMV_ft": "SCRAM", + "post_condition_MLTL_ft": "SCRAM", + "post_condition_PRISM_pctl": "SCRAM", + "ft": "((LAST V (((! SCRAM) & ((! LAST) & (X SCRAM))) -> (X (LAST V SCRAM)))) & (SCRAM -> (LAST V SCRAM)))", + "pt": "(H ((H (! SCRAM)) | SCRAM))", + "pctl": "P>=1[((G (((! SCRAM) & (X SCRAM)) => (X (P>=1[(G SCRAM)])))) & (SCRAM => (P>=1[(G SCRAM)])))]", + "ptExpanded": "(H ((H (! SCRAM)) | SCRAM))", + "CoCoSpecCode": "H((H(not (SCRAM)) or SCRAM))", + "ftExpanded": "((LAST V (((! SCRAM) & ((! LAST) & (X SCRAM))) -> (X (LAST V SCRAM)))) & (SCRAM -> (LAST V SCRAM)))", + "pctlExpanded": "P>=1[((G (((! SCRAM) & (X SCRAM)) => (X (P>=1[(G SCRAM)])))) & (SCRAM => (P>=1[(G SCRAM)])))]", + "ftInfAUExpanded": "((G (((! SCRAM) & (X SCRAM)) -> (X (G SCRAM)))) & (SCRAM -> (G SCRAM)))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (G[1,M] p0))) & (p0 -> (G[0,M] p0)))", + "WESTMapping": "p0: SCRAM", + "R2U2Code": "((((! SCRAM) && (F[1,1] SCRAM)) -> (G[1,M] SCRAM)) && (((TAU == 0) && SCRAM) -> (G[0,M] SCRAM)))", + "component": "DRC" + }, + "_id": "e9c0c9f0-31df-11f1-820b-8f6ab14cd565" + } + ], + "variables": [ + { + "project": "PWR_Hybrid", + "component_name": "DRC", + "variable_name": "Cold_Shutdown", + "reqs": [ + "3a0697b0-2f91-11f1-bda7-b107d916a2e5", + "bfa3ea30-2f91-11f1-bda7-b107d916a2e5", + "e4805020-2ec7-11f1-bda7-b107d916a2e5" + ], + "dataType": "boolean", + "idType": "Output", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HybridDRCCold_Shutdown" + }, + { + "project": "PWR_Hybrid", + "component_name": "DRC", + "variable_name": "Heatup", + "reqs": [ + "3a0697b0-2f91-11f1-bda7-b107d916a2e5", + "50de1300-2fa0-11f1-b1b5-5117d78e7f0f", + "a6665110-2f92-11f1-bda7-b107d916a2e5", + "bfa3ea30-2f91-11f1-bda7-b107d916a2e5", + "c48fdfd0-2f92-11f1-bda7-b107d916a2e5", + "29bfe300-31e1-11f1-820b-8f6ab14cd565" + ], + "dataType": "boolean", + "idType": "Output", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HybridDRCHeatup" + }, + { + "project": "PWR_Hybrid", + "component_name": "DRC", + "variable_name": "Load_Follow", + "reqs": [ + "3a0697b0-2f91-11f1-bda7-b107d916a2e5", + "50de1300-2fa0-11f1-b1b5-5117d78e7f0f", + "c48fdfd0-2f92-11f1-bda7-b107d916a2e5", + "29bfe300-31e1-11f1-820b-8f6ab14cd565" + ], + "dataType": "boolean", + "idType": "Output", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HybridDRCLoad_Follow" + }, + { + "project": "PWR_Hybrid", + "component_name": "DRC", + "variable_name": "OP_MODE", + "reqs": [ + "1af49c60-2f9f-11f1-bda7-b107d916a2e5", + "3a0697b0-2f91-11f1-bda7-b107d916a2e5", + "50de1300-2fa0-11f1-b1b5-5117d78e7f0f", + "bfa3ea30-2f91-11f1-bda7-b107d916a2e5", + "29bfe300-31e1-11f1-820b-8f6ab14cd565" + ], + "dataType": "boolean", + "idType": "Output", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HybridDRCOP_MODE" + }, + { + "project": "PWR_Hybrid", + "component_name": "DRC", + "variable_name": "SCRAM", + "reqs": [ + "1af49c60-2f9f-11f1-bda7-b107d916a2e5", + "3a0697b0-2f91-11f1-bda7-b107d916a2e5", + "96d7c900-2f96-11f1-bda7-b107d916a2e5", + "a6665110-2f92-11f1-bda7-b107d916a2e5", + "bfa3ea30-2f91-11f1-bda7-b107d916a2e5", + "e4805020-2ec7-11f1-bda7-b107d916a2e5", + "e9c0c9f0-31df-11f1-820b-8f6ab14cd565" + ], + "dataType": "boolean", + "idType": "Output", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HybridDRCSCRAM" + }, + { + "project": "PWR_Hybrid", + "component_name": "DRC", + "variable_name": "STARTUP", + "reqs": [ + "bfa3ea30-2f91-11f1-bda7-b107d916a2e5" + ], + "dataType": "boolean", + "idType": "Input", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HybridDRCSTARTUP" + }, + { + "project": "PWR_Hybrid", + "component_name": "DRC", + "variable_name": "t_dot_exceeded", + "reqs": [ + "a6665110-2f92-11f1-bda7-b107d916a2e5" + ], + "dataType": "boolean", + "idType": "Input", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HybridDRCt_dot_exceeded" + }, + { + "project": "PWR_Hybrid", + "component_name": "DRC", + "variable_name": "t_max_exceeded", + "reqs": [ + "96d7c900-2f96-11f1-bda7-b107d916a2e5" + ], + "dataType": "boolean", + "idType": "Input", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HybridDRCt_max_exceeded" + }, + { + "project": "PWR_Hybrid", + "component_name": "DRC", + "variable_name": "t_power_min", + "reqs": [ + "c48fdfd0-2f92-11f1-bda7-b107d916a2e5" + ], + "dataType": "boolean", + "idType": "Input", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HybridDRCt_power_min" + } + ] +} \ No newline at end of file diff --git a/fret-pipeline/.archive/specs/liveness.txt b/fret-pipeline/.archive/specs/liveness.txt new file mode 100644 index 0000000..7c1e1ca --- /dev/null +++ b/fret-pipeline/.archive/specs/liveness.txt @@ -0,0 +1,11 @@ +# Liveness constraints for DRC synthesis +# +# F(heatup): prevent trivially never entering heatup +# The environment can always force a scram during heatup (by asserting +# t_dot_exceeded), which permanently prevents op_mode. This is a latent +# conflict in the FRET requirements -- another FRET limitation finding. +# +# For now, we only require heatup to demonstrate that the scoped +# requirements activate meaningfully. + +F(heatup) diff --git a/fret-pipeline/.archive/specs/lpc_synthesis_config.json b/fret-pipeline/.archive/specs/lpc_synthesis_config.json new file mode 100644 index 0000000..6cb46ef --- /dev/null +++ b/fret-pipeline/.archive/specs/lpc_synthesis_config.json @@ -0,0 +1,69 @@ +{ + "_comment": "Boolean abstraction of LPC lift-mode controller. Assumes -> Guarantees form.", + "spec_name": "LPC_mini", + "source_file": "specs/LPC_mini_reqts_and_vars.json", + "inputs": [ + "r_a", + "r_b", + "r_c", + "r_d", + "r_e", + "r_f" + ], + "outputs": [ + "m_tb", + "m_stb", + "m_swb", + "m_wb" + ], + "assumptions": [ + "G((r_a | r_b | r_c | r_d | r_e | r_f) & (!r_a | !r_b) & (!r_a | !r_c) & (!r_a | !r_d) & (!r_a | !r_e) & (!r_a | !r_f) & (!r_b | !r_c) & (!r_b | !r_d) & (!r_b | !r_e) & (!r_b | !r_f) & (!r_c | !r_d) & (!r_c | !r_e) & (!r_c | !r_f) & (!r_d | !r_e) & (!r_d | !r_f) & (!r_e | !r_f))", + "r_f", + "G(r_a -> (X(r_a) | X(r_b)))", + "G(r_b -> (X(r_a) | X(r_b) | X(r_c)))", + "G(r_c -> (X(r_b) | X(r_c) | X(r_d)))", + "G(r_d -> (X(r_c) | X(r_d) | X(r_e)))", + "G(r_e -> (X(r_d) | X(r_e) | X(r_f)))", + "G(r_f -> (X(r_e) | X(r_f)))" + ], + "guarantees": [ + "G((m_tb | m_stb | m_swb | m_wb) & (!m_tb | !m_stb) & (!m_tb | !m_swb) & (!m_tb | !m_wb) & (!m_stb | !m_swb) & (!m_stb | !m_wb) & (!m_swb | !m_wb))", + "m_wb", + "G((m_wb & (r_e | r_f)) -> X(m_wb))", + "G((m_wb & (r_a | r_b | r_c | r_d)) -> X(m_swb))", + "G((m_swb & (r_d | r_e)) -> X(m_swb))", + "G((m_swb & r_f) -> X(m_wb))", + "G((m_swb & (r_a | r_b)) -> X(m_stb))", + "G((m_stb & (r_b | r_c)) -> X(m_stb))", + "G((m_stb & (r_d | r_e | r_f)) -> X(m_swb))", + "G((m_stb & r_a) -> X(m_tb))", + "G((m_tb & r_a) -> X(m_tb))", + "G((m_tb & !r_a) -> X(m_stb))" + ], + "conjoined_ltl": "((G((r_a | r_b | r_c | r_d | r_e | r_f) & (!r_a | !r_b) & (!r_a | !r_c) & (!r_a | !r_d) & (!r_a | !r_e) & (!r_a | !r_f) & (!r_b | !r_c) & (!r_b | !r_d) & (!r_b | !r_e) & (!r_b | !r_f) & (!r_c | !r_d) & (!r_c | !r_e) & (!r_c | !r_f) & (!r_d | !r_e) & (!r_d | !r_f) & (!r_e | !r_f))) & (r_f) & (G(r_a -> (X(r_a) | X(r_b)))) & (G(r_b -> (X(r_a) | X(r_b) | X(r_c)))) & (G(r_c -> (X(r_b) | X(r_c) | X(r_d)))) & (G(r_d -> (X(r_c) | X(r_d) | X(r_e)))) & (G(r_e -> (X(r_d) | X(r_e) | X(r_f)))) & (G(r_f -> (X(r_e) | X(r_f))))) -> ((G((m_tb | m_stb | m_swb | m_wb) & (!m_tb | !m_stb) & (!m_tb | !m_swb) & (!m_tb | !m_wb) & (!m_stb | !m_swb) & (!m_stb | !m_wb) & (!m_swb | !m_wb))) & (m_wb) & (G((m_wb & (r_e | r_f)) -> X(m_wb))) & (G((m_wb & (r_a | r_b | r_c | r_d)) -> X(m_swb))) & (G((m_swb & (r_d | r_e)) -> X(m_swb))) & (G((m_swb & r_f) -> X(m_wb))) & (G((m_swb & (r_a | r_b)) -> X(m_stb))) & (G((m_stb & (r_b | r_c)) -> X(m_stb))) & (G((m_stb & (r_d | r_e | r_f)) -> X(m_swb))) & (G((m_stb & r_a) -> X(m_tb))) & (G((m_tb & r_a) -> X(m_tb))) & (G((m_tb & !r_a) -> X(m_stb))))", + "abstraction_notes": { + "speed_regions": { + "r_a": "speed <= 20 (hover zone)", + "r_b": "20 < speed <= 30", + "r_c": "30 < speed <= 40", + "r_d": "40 < speed <= 90", + "r_e": "90 < speed <= 100", + "r_f": "speed > 100" + }, + "modes": { + "m_tb": "thrust_borne", + "m_stb": "semi_thrust_borne", + "m_swb": "semi_wing_borne", + "m_wb": "wing_borne" + }, + "skipped_requirements": [ + "LPC_REACH_HOVER_06 (bounded temporal F[0,6])", + "LPC_REACH_HOVER_12 (bounded temporal F[0,12])", + "LPC_KIAS_DERIVATIVE (absorbed into adjacency constraint)", + "LPC_KIAS_KGS (absorbed - single speed variable)", + "LPC_INIT_KIAS (absorbed into initial region)", + "LPC_KIAS_0 (trivially satisfied)", + "LPC_INIT_HOVER_MODE (absorbed - hover = region A)" + ] + } +} diff --git a/fret-pipeline/.archive/specs/synthesis_config.json b/fret-pipeline/.archive/specs/synthesis_config.json new file mode 100644 index 0000000..c1dda62 --- /dev/null +++ b/fret-pipeline/.archive/specs/synthesis_config.json @@ -0,0 +1,153 @@ +{ + "_comment": "Generated from FRET JSON export. Ready for ltlsynt synthesis.", + "spec_name": "PWR_Hybrid_DRC", + "source_file": "specs/fretRequirementsVariables.json", + "inputs": [ + "startup", + "t_dot_exceeded", + "t_max_exceeded", + "t_power_min" + ], + "outputs": [ + "cold_shutdown", + "heatup", + "load_follow", + "op_mode", + "scram" + ], + "requirements": [ + { + "req_id": "PWR-0100", + "fulltext": "If SCRAM DRC shall immediately satisfy !OP_MODE", + "project": "PWR_Hybrid", + "component": "DRC", + "ltl": "((G (((! scram) & (X scram)) -> (X (! op_mode)))) & (scram -> (! op_mode)))", + "ltl_original": "((G (((! SCRAM) & (X SCRAM)) -> (X (! OP_MODE)))) & (SCRAM -> (! OP_MODE)))", + "variables": [ + "SCRAM", + "OP_MODE" + ] + }, + { + "req_id": "PWR-0202", + "fulltext": "While !OP_MODE DRC shall always satisfy (Heatup | Load_Follow)", + "project": "PWR_Hybrid", + "component": "DRC", + "ltl": "(G ((! op_mode) -> (heatup | load_follow)))", + "ltl_original": "(G ((! OP_MODE) -> (Heatup | Load_Follow)))", + "variables": [ + "OP_MODE", + "Heatup", + "Load_Follow" + ] + }, + { + "req_id": "PWR-0201", + "fulltext": "When OP_MODE DRC shall always satisfy (Heatup | Load_Follow) & !(!Heatup & !Load_Follow) & !(SCRAM | Cold_Shutdown)", + "project": "PWR_Hybrid", + "component": "DRC", + "ltl": "((G (((! op_mode) & (X op_mode)) -> (X (G ((heatup | load_follow) & (! (scram | cold_shutdown))))))) & (op_mode -> (G ((heatup | load_follow) & (! (scram | cold_shutdown))))))", + "ltl_original": "((G (((! OP_MODE) & (X OP_MODE)) -> (X (G ((Heatup | Load_Follow) & (! (SCRAM | Cold_Shutdown))))))) & (OP_MODE -> (G ((Heatup | Load_Follow) & (! (SCRAM | Cold_Shutdown))))))", + "variables": [ + "OP_MODE", + "Heatup", + "Load_Follow", + "SCRAM", + "Cold_Shutdown" + ] + }, + { + "req_id": "PWR-0200", + "fulltext": "While OP_MODE DRC shall always satisfy Heatup | Load_Follow", + "project": "PWR_Hybrid", + "component": "DRC", + "ltl": "(G (op_mode -> (heatup | load_follow)))", + "ltl_original": "(G (OP_MODE -> (Heatup | Load_Follow)))", + "variables": [ + "OP_MODE", + "Heatup", + "Load_Follow" + ] + }, + { + "req_id": "PWR-3002", + "fulltext": "if t_max_exceeded DRC shall at the next timepoint satisfy SCRAM", + "project": "PWR_Hybrid", + "component": "DRC", + "ltl": "((G (((! t_max_exceeded) & (X t_max_exceeded)) -> (X (X scram)))) & (t_max_exceeded -> (X scram)))", + "ltl_original": "((G (((! t_max_exceeded) & (X t_max_exceeded)) -> (X (X SCRAM)))) & (t_max_exceeded -> (X SCRAM)))", + "variables": [ + "t_max_exceeded", + "SCRAM" + ] + }, + { + "req_id": "PWR-3001", + "fulltext": "While Heatup if t_dot_exceeded DRC shall at the next timepoint satisfy SCRAM", + "project": "PWR_Hybrid", + "component": "DRC", + "ltl": "((G ((! ((! heatup) & (X heatup))) | (X (((heatup & (X (! heatup))) V (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! (heatup & (X (! heatup)))))) -> ((X ((heatup & (X (! heatup))) | (X scram))) & (! (heatup & (X (! heatup))))))) & (t_dot_exceeded -> ((heatup & (X (! heatup))) | (X scram))))))) & (heatup -> (((heatup & (X (! heatup))) V (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! (heatup & (X (! heatup)))))) -> ((X ((heatup & (X (! heatup))) | (X scram))) & (! (heatup & (X (! heatup))))))) & (t_dot_exceeded -> ((heatup & (X (! heatup))) | (X scram))))))", + "ltl_original": "((G ((! ((! Heatup) & (X Heatup))) | (X (((Heatup & (X (! Heatup))) V (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! (Heatup & (X (! Heatup)))))) -> ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & (! (Heatup & (X (! Heatup))))))) & (t_dot_exceeded -> ((Heatup & (X (! Heatup))) | (X SCRAM))))))) & (Heatup -> (((Heatup & (X (! Heatup))) V (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! (Heatup & (X (! Heatup)))))) -> ((X ((Heatup & (X (! Heatup))) | (X SCRAM))) & (! (Heatup & (X (! Heatup))))))) & (t_dot_exceeded -> ((Heatup & (X (! Heatup))) | (X SCRAM))))))", + "variables": [ + "Heatup", + "t_dot_exceeded", + "SCRAM" + ] + }, + { + "req_id": "PWR-2001", + "fulltext": "While !SCRAM If Cold_Shutdown & STARTUP DRC shall at the next timepoint satisfy OP_MODE & Heatup", + "project": "PWR_Hybrid", + "component": "DRC", + "ltl": "((G ((! (scram & (X (! scram)))) | (X ((((! scram) & (X scram)) V (((! (cold_shutdown & startup)) & ((X (cold_shutdown & startup)) & (! ((! scram) & (X scram))))) -> ((X (((! scram) & (X scram)) | (X (op_mode & heatup)))) & (! ((! scram) & (X scram)))))) & ((cold_shutdown & startup) -> (((! scram) & (X scram)) | (X (op_mode & heatup)))))))) & ((! scram) -> ((((! scram) & (X scram)) V (((! (cold_shutdown & startup)) & ((X (cold_shutdown & startup)) & (! ((! scram) & (X scram))))) -> ((X (((! scram) & (X scram)) | (X (op_mode & heatup)))) & (! ((! scram) & (X scram)))))) & ((cold_shutdown & startup) -> (((! scram) & (X scram)) | (X (op_mode & heatup)))))))", + "ltl_original": "((G ((! (SCRAM & (X (! SCRAM)))) | (X ((((! SCRAM) & (X SCRAM)) V (((! (Cold_Shutdown & STARTUP)) & ((X (Cold_Shutdown & STARTUP)) & (! ((! SCRAM) & (X SCRAM))))) -> ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (! ((! SCRAM) & (X SCRAM)))))) & ((Cold_Shutdown & STARTUP) -> (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))) & ((! SCRAM) -> ((((! SCRAM) & (X SCRAM)) V (((! (Cold_Shutdown & STARTUP)) & ((X (Cold_Shutdown & STARTUP)) & (! ((! SCRAM) & (X SCRAM))))) -> ((X (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))) & (! ((! SCRAM) & (X SCRAM)))))) & ((Cold_Shutdown & STARTUP) -> (((! SCRAM) & (X SCRAM)) | (X (OP_MODE & Heatup)))))))", + "variables": [ + "SCRAM", + "Cold_Shutdown", + "STARTUP", + "OP_MODE", + "Heatup" + ] + }, + { + "req_id": "PWR-3003", + "fulltext": "While Heatup if t_power_min DRC shall at the next timepoint satisfy (Load_Follow & !Heatup)", + "project": "PWR_Hybrid", + "component": "DRC", + "ltl": "((G ((! ((! heatup) & (X heatup))) | (X (((heatup & (X (! heatup))) V (((! t_power_min) & ((X t_power_min) & (! (heatup & (X (! heatup)))))) -> ((X ((heatup & (X (! heatup))) | (X (load_follow & (! heatup))))) & (! (heatup & (X (! heatup))))))) & (t_power_min -> ((heatup & (X (! heatup))) | (X (load_follow & (! heatup))))))))) & (heatup -> (((heatup & (X (! heatup))) V (((! t_power_min) & ((X t_power_min) & (! (heatup & (X (! heatup)))))) -> ((X ((heatup & (X (! heatup))) | (X (load_follow & (! heatup))))) & (! (heatup & (X (! heatup))))))) & (t_power_min -> ((heatup & (X (! heatup))) | (X (load_follow & (! heatup))))))))", + "ltl_original": "((G ((! ((! Heatup) & (X Heatup))) | (X (((Heatup & (X (! Heatup))) V (((! t_power_min) & ((X t_power_min) & (! (Heatup & (X (! Heatup)))))) -> ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & (! (Heatup & (X (! Heatup))))))) & (t_power_min -> ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))) & (Heatup -> (((Heatup & (X (! Heatup))) V (((! t_power_min) & ((X t_power_min) & (! (Heatup & (X (! Heatup)))))) -> ((X ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))) & (! (Heatup & (X (! Heatup))))))) & (t_power_min -> ((Heatup & (X (! Heatup))) | (X (Load_Follow & (! Heatup))))))))", + "variables": [ + "Heatup", + "t_power_min", + "Load_Follow" + ] + }, + { + "req_id": "PWR-0000", + "fulltext": "DRC shall initially satisfy (Cold_Shutdown & !SCRAM)", + "project": "PWR_Hybrid", + "component": "DRC", + "ltl": "(cold_shutdown & (! scram))", + "ltl_original": "(Cold_Shutdown & (! SCRAM))", + "variables": [ + "Cold_Shutdown", + "SCRAM" + ] + }, + { + "req_id": "PWR-0102", + "fulltext": "If SCRAM DRC shall always satisfy SCRAM", + "project": "PWR_Hybrid", + "component": "DRC", + "ltl": "((G (((! scram) & (X scram)) -> (X (G scram)))) & (scram -> (G scram)))", + "ltl_original": "((G (((! SCRAM) & (X SCRAM)) -> (X (G SCRAM)))) & (SCRAM -> (G SCRAM)))", + "variables": [ + "SCRAM" + ] + } + ], + "liveness_constraints": [ + "F(heatup)" + ], + "conjoined_ltl": "(((G (((! scram) & (X scram)) -> (X (! op_mode)))) & (scram -> (! op_mode)))) & ((G ((! op_mode) -> (heatup | load_follow)))) & (((G (((! op_mode) & (X op_mode)) -> (X (G ((heatup | load_follow) & (! (scram | cold_shutdown))))))) & (op_mode -> (G ((heatup | load_follow) & (! (scram | cold_shutdown))))))) & ((G (op_mode -> (heatup | load_follow)))) & (((G (((! t_max_exceeded) & (X t_max_exceeded)) -> (X (X scram)))) & (t_max_exceeded -> (X scram)))) & (((G ((! ((! heatup) & (X heatup))) | (X (((heatup & (X (! heatup))) V (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! (heatup & (X (! heatup)))))) -> ((X ((heatup & (X (! heatup))) | (X scram))) & (! (heatup & (X (! heatup))))))) & (t_dot_exceeded -> ((heatup & (X (! heatup))) | (X scram))))))) & (heatup -> (((heatup & (X (! heatup))) V (((! t_dot_exceeded) & ((X t_dot_exceeded) & (! (heatup & (X (! heatup)))))) -> ((X ((heatup & (X (! heatup))) | (X scram))) & (! (heatup & (X (! heatup))))))) & (t_dot_exceeded -> ((heatup & (X (! heatup))) | (X scram))))))) & (((G ((! (scram & (X (! scram)))) | (X ((((! scram) & (X scram)) V (((! (cold_shutdown & startup)) & ((X (cold_shutdown & startup)) & (! ((! scram) & (X scram))))) -> ((X (((! scram) & (X scram)) | (X (op_mode & heatup)))) & (! ((! scram) & (X scram)))))) & ((cold_shutdown & startup) -> (((! scram) & (X scram)) | (X (op_mode & heatup)))))))) & ((! scram) -> ((((! scram) & (X scram)) V (((! (cold_shutdown & startup)) & ((X (cold_shutdown & startup)) & (! ((! scram) & (X scram))))) -> ((X (((! scram) & (X scram)) | (X (op_mode & heatup)))) & (! ((! scram) & (X scram)))))) & ((cold_shutdown & startup) -> (((! scram) & (X scram)) | (X (op_mode & heatup)))))))) & (((G ((! ((! heatup) & (X heatup))) | (X (((heatup & (X (! heatup))) V (((! t_power_min) & ((X t_power_min) & (! (heatup & (X (! heatup)))))) -> ((X ((heatup & (X (! heatup))) | (X (load_follow & (! heatup))))) & (! (heatup & (X (! heatup))))))) & (t_power_min -> ((heatup & (X (! heatup))) | (X (load_follow & (! heatup))))))))) & (heatup -> (((heatup & (X (! heatup))) V (((! t_power_min) & ((X t_power_min) & (! (heatup & (X (! heatup)))))) -> ((X ((heatup & (X (! heatup))) | (X (load_follow & (! heatup))))) & (! (heatup & (X (! heatup))))))) & (t_power_min -> ((heatup & (X (! heatup))) | (X (load_follow & (! heatup))))))))) & ((cold_shutdown & (! scram))) & (((G (((! scram) & (X scram)) -> (X (G scram)))) & (scram -> (G scram)))) & (F(heatup))" +} diff --git a/fret-pipeline/.gitignore b/fret-pipeline/.gitignore new file mode 100644 index 0000000..702683c --- /dev/null +++ b/fret-pipeline/.gitignore @@ -0,0 +1,4 @@ +.DS_Store +__pycache__/ +*.pyc +.claude/ diff --git a/fret-pipeline/CLAUDE.md b/fret-pipeline/CLAUDE.md new file mode 100644 index 0000000..40c8940 --- /dev/null +++ b/fret-pipeline/CLAUDE.md @@ -0,0 +1,99 @@ +# CLAUDE.md + +Guidance for Claude Code (claude.ai/code) working in this subdirectory. + +## What this is + +A deterministic pipeline that converts FRET natural-language requirements into +a reactive controller and a state-machine diagram. Implements Thrust 1 + 2 of +the HAHACS methodology (`../thesis/3-research-approach/approach.tex`). + +The pipeline is four stages: + +``` +FRET JSON --> fret_to_synth.py --> synthesis config JSON +synthesis config --> synthesize.sh --> AIGER circuit (.aag) +AIGER circuit --> trace_aiger.py --> DOT + PNG + SVG state machine +AIGER circuit --> aag2dot.py --> gate-level circuit diagram +``` + +## Running + +```bash +python3 scripts/fret_to_synth.py pwr_hybrid_3.json specs/synthesis_config_v3.json +bash scripts/synthesize.sh specs/synthesis_config_v3.json circuits +python3 scripts/trace_aiger.py circuits/PWR_HYBRID_3_DRC.aag diagrams +dot -Tpng diagrams/PWR_HYBRID_3_DRC_states.dot -o diagrams/PWR_HYBRID_3_DRC_states.png +``` + +All scripts are pure Python 3 stdlib + bash. External binaries required: +- `ltlsynt` (Spot) — `brew install spot` +- `dot` (Graphviz) — `brew install graphviz` + +## Architecture + +**`scripts/fret_to_synth.py`** — Auto-discovers mode groups by regex-scanning +LTL formulas for `(control_X = q_Y)` patterns. Decomposes multi-valued mode +variables into independent booleans and generates mutual-exclusion constraints +so the synthesizer can't assert two modes simultaneously. Classifies every +other variable as an environment input. See `docs/fret_to_synth.md`. + +**`scripts/synthesize.sh`** — Thin wrapper around `ltlsynt` that reads the +synthesis config, extracts inputs/outputs/formula, and calls ltlsynt with +AIGER output. Strips the `REALIZABLE` header line from the output. See +`docs/synthesize.md`. + +**`scripts/trace_aiger.py`** — Exhaustive circuit evaluation: enumerates all +reachable latch states, extracts guard conditions on transitions via boolean +function simplification, emits DOT. See `docs/trace_aiger.md`. + +**`scripts/aag2dot.py`** — Gate-level diagram of the AIGER circuit (wires, +AND gates, latches). Useful for debugging unexpectedly large circuits. See +`docs/aag2dot.md`. + +## Key design decisions + +- **Mode decomposition with mutex constraint.** FRET's `control_mode = q_X` + is a single integer variable that inherently holds one value. ltlsynt works + over independent booleans. So we decompose into `in_mode_shutdown`, + `in_mode_heatup`, etc., and add a "G(exactly one active)" constraint. The + mutex is a *synthesis encoding artifact*, not a missing FRET requirement. +- **Prefer `ftInfAUExpanded` over `ft`.** FRET emits multiple LTL forms; we + use the expanded infinite-horizon form because ltlsynt works over infinite + traces. The `ft` form can contain LAST operators that bias toward finite + traces. +- **Regex-based mode discovery.** Fully automatic — no hardcoded variable + lists. Add a new mode in FRET and re-export; the script picks it up. +- **Strict sanity check.** If any `control_` or `q_` token survives the + boolean encoding, the script errors out rather than producing silent bugs. + +## FRET naming conventions + +Enforced by `fret_to_synth.py`. See `README.md` for the full rules. + +- Mode variables: `control_` with values `q_`. + Decomposed to `in__`. +- Environment inputs: anything else. Assumed boolean; continuous quantities + should be abstracted to predicates at the FRET level + (e.g., `t_avg_above_min`). + +## Extending + +- **New requirement.** Add it in FRET, re-export JSON, re-run the pipeline. + No code changes needed as long as the new variables follow the naming rule. +- **New mode group.** Same as above — `fret_to_synth.py` auto-discovers. +- **Unrealizable spec.** Use FRET's realizability checking first to isolate + the conflicting requirement. `synthesize.sh` will print `UNREALIZABLE` if + the full spec is inconsistent. +- **Output format.** Current targets are DOT and AIGER. Translating AIGER to + Stateflow is the next planned extension (see parent `CLAUDE.md` — this is + flagged as the known pain point in the thesis workflow). + +## Conventions in this subtree + +- Scripts are self-contained and take explicit I/O paths as args — no global + config file, no env vars. +- Generated artifacts live in `circuits/`, `diagrams/`, and `specs/`. Treat + them as derived; regenerate rather than hand-edit. +- `pwr_hybrid_3.json` is the source of truth. Never hand-edit the generated + `synthesis_config_v3.json`. diff --git a/fret-pipeline/README.md b/fret-pipeline/README.md new file mode 100644 index 0000000..a6cd1d1 --- /dev/null +++ b/fret-pipeline/README.md @@ -0,0 +1,110 @@ +# FRET-to-Synthesis Pipeline + +A deterministic pipeline for converting FRET natural-language requirements into +synthesized reactive controllers, with automatic state machine visualization. + +``` +pwr_hybrid_3.json FRET export (source of truth) + | + v +scripts/fret_to_synth.py Auto-discover modes, encode as booleans + | + v +specs/synthesis_config_v3.json ltlsynt-ready config + | + v +scripts/synthesize.sh Run ltlsynt (reactive synthesis) + | + v +circuits/*.aag Synthesized controller (AIGER circuit) + | + v +scripts/trace_aiger.py Exhaustive eval, guard extraction, DOT + | + v +diagrams/*_states.dot/png/svg State machine with guard conditions +``` + +## Quick Start + +```bash +# 1. Convert FRET export to synthesis config +python3 scripts/fret_to_synth.py pwr_hybrid_3.json specs/synthesis_config_v3.json + +# 2. Synthesize the controller +bash scripts/synthesize.sh specs/synthesis_config_v3.json circuits + +# 3. Trace and visualize +python3 scripts/trace_aiger.py circuits/PWR_HYBRID_3_DRC.aag diagrams +dot -Tpng diagrams/PWR_HYBRID_3_DRC_states.dot -o diagrams/PWR_HYBRID_3_DRC_states.png +``` + +## Prerequisites + +- **Python 3.10+** (no external packages required) +- **[Spot](https://spot.lre.epita.fr/)** for `ltlsynt` (`brew install spot`) +- **[Graphviz](https://graphviz.org/)** for `dot` (`brew install graphviz`) + +## FRET Naming Conventions + +The pipeline auto-discovers mode variables and environment inputs from your FRET +export. To make this work, follow these naming rules in FRET: + +### Mode variables: `control_* = q_*` + +Any variable whose name starts with `control_` is treated as a discrete mode +variable. Its values must start with `q_`. Examples: + +``` +control_mode = q_shutdown (a reactor operating mode) +control_pump = q_running (a pump state) +control_valve = q_open (a valve position) +``` + +The script discovers these by regex-scanning the LTL formulas. Multiple control +groups are supported -- each gets its own set of boolean outputs and its own +mutual exclusion constraint. + +### Everything else is an environment input + +Variables that don't match `control_*` or `q_*` are classified as environment +inputs (uncontrollable). These are typically continuous predicates abstracted +to booleans: + +``` +t_avg_above_min (temperature predicate) +inv1_holds (safety invariant) +manual_reset (operator action) +``` + +### Mutual exclusion encoding + +FRET uses a single integer variable (`control_mode`) that inherently can only +hold one value at a time. But ltlsynt works with independent boolean +propositions. When we decompose `control_mode` into separate booleans +(`in_mode_shutdown`, `in_mode_heatup`, etc.), we lose the single-valued +constraint -- the synthesizer could assert multiple modes simultaneously. + +The mutual exclusion constraint is added automatically by `fret_to_synth.py` +to restore this invariant. **It is a synthesis encoding artifact, NOT a missing +FRET requirement.** You do not need to write it in FRET. + +## Directory Structure + +``` +fret_processing/ + pwr_hybrid_3.json FRET JSON export + specs/ + synthesis_config_v3.json Generated synthesis config + circuits/ + PWR_HYBRID_3_DRC.aag Synthesized AIGER circuit + diagrams/ + *_states.dot/png/svg State machine diagrams + scripts/ + fret_to_synth.py FRET-to-ltlsynt converter + synthesize.sh ltlsynt wrapper + trace_aiger.py Circuit tracer + visualizer + aag2dot.py Gate-level circuit diagram + visualize.sh Visualization wrapper + .archive/ Old/superseded files +``` diff --git a/fret-pipeline/circuits/.gitkeep b/fret-pipeline/circuits/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/fret-pipeline/circuits/PWR_HYBRID_3_DRC.aag b/fret-pipeline/circuits/PWR_HYBRID_3_DRC.aag new file mode 100644 index 0000000..94f5d84 --- /dev/null +++ b/fret-pipeline/circuits/PWR_HYBRID_3_DRC.aag @@ -0,0 +1,42 @@ +aag 27 6 2 4 19 +2 +4 +6 +8 +10 +12 +14 42 +16 55 +18 +20 +22 +24 +18 15 17 +20 14 17 +22 15 16 +24 14 16 +26 4 6 +28 8 20 +30 26 28 +32 12 24 +34 3 18 +36 10 22 +38 31 33 +40 35 37 +42 38 40 +44 5 20 +46 6 28 +48 13 16 +50 23 45 +52 47 49 +54 50 52 +i0 t_avg_above_min +i1 inv1_holds +i2 p_above_crit +i3 t_avg_in_range +i4 inv2_holds +i5 manual_reset +o0 in_mode_shutdown +o1 in_mode_heatup +o2 in_mode_operation +o3 in_mode_scram diff --git a/fret-pipeline/diagrams/.gitkeep b/fret-pipeline/diagrams/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/fret-pipeline/diagrams/PWR_HYBRID_3_DRC_states.dot b/fret-pipeline/diagrams/PWR_HYBRID_3_DRC_states.dot new file mode 100644 index 0000000..1c2de39 --- /dev/null +++ b/fret-pipeline/diagrams/PWR_HYBRID_3_DRC_states.dot @@ -0,0 +1,24 @@ +digraph Controller { + rankdir=LR; + bgcolor="white"; + node [shape=Mrecord, style="filled,rounded", fontname="Helvetica-Bold", fontsize=12, penwidth=1.5]; + edge [fontname="Helvetica", fontsize=9]; + + s00 [label="MODE_SHUTDOWN", fillcolor="#A8D8EA"]; + s01 [label="MODE_OPERATION", fillcolor="#77DD77"]; + s10 [label="MODE_HEATUP", fillcolor="#FFFACD"]; + s11 [label="MODE_SCRAM", fillcolor="#FF6B6B"]; + + init [shape=point, width=0.25, color="black"]; + init -> s00 [penwidth=2.0]; + + s00 -> s00 [label="!t_avg_above_min", penwidth=1.2, color="#4A90D9", fontcolor="#4A90D9", style="bold"]; + s00 -> s10 [label="t_avg_above_min", penwidth=1.2, color="#228B22", fontcolor="#228B22"]; + s01 -> s01 [label="inv2_holds", penwidth=1.2, color="#4A90D9", fontcolor="#4A90D9", style="bold"]; + s01 -> s11 [label="!inv2_holds", penwidth=1.2, color="#CC0000", fontcolor="#CC0000", style="bold"]; + s10 -> s01 [label="inv1_holds & p_above_crit & t_avg_in_range", penwidth=1.2, color="#228B22", fontcolor="#228B22"]; + s10 -> s10 [label="(inv1_holds & !t_avg_in_range) | (inv1_holds & !p_above_crit)", penwidth=1.2, color="#4A90D9", fontcolor="#4A90D9", style="bold"]; + s10 -> s11 [label="!inv1_holds", penwidth=1.2, color="#CC0000", fontcolor="#CC0000", style="bold"]; + s11 -> s00 [label="manual_reset", penwidth=1.2, color="#228B22", fontcolor="#228B22"]; + s11 -> s11 [label="!manual_reset", penwidth=1.2, color="#4A90D9", fontcolor="#4A90D9", style="bold"]; +} \ No newline at end of file diff --git a/fret-pipeline/diagrams/PWR_HYBRID_3_DRC_states.png b/fret-pipeline/diagrams/PWR_HYBRID_3_DRC_states.png new file mode 100644 index 0000000..d4423f7 Binary files /dev/null and b/fret-pipeline/diagrams/PWR_HYBRID_3_DRC_states.png differ diff --git a/fret-pipeline/diagrams/PWR_HYBRID_3_DRC_states.svg b/fret-pipeline/diagrams/PWR_HYBRID_3_DRC_states.svg new file mode 100644 index 0000000..2d2d233 --- /dev/null +++ b/fret-pipeline/diagrams/PWR_HYBRID_3_DRC_states.svg @@ -0,0 +1,111 @@ + + + + + + +Controller + + + +s00 + +MODE_SHUTDOWN + + + +s00->s00 + + +!t_avg_above_min + + + +s10 + +MODE_HEATUP + + + +s00->s10 + + +t_avg_above_min + + + +s01 + +MODE_OPERATION + + + +s01->s01 + + +inv2_holds + + + +s11 + +MODE_SCRAM + + + +s01->s11 + + +!inv2_holds + + + +s10->s01 + + +inv1_holds & p_above_crit & t_avg_in_range + + + +s10->s10 + + +(inv1_holds & !t_avg_in_range) | (inv1_holds & !p_above_crit) + + + +s10->s11 + + +!inv1_holds + + + +s11->s00 + + +manual_reset + + + +s11->s11 + + +!manual_reset + + + +init + + + + +init->s00 + + + + + diff --git a/fret-pipeline/docs/aag2dot.md b/fret-pipeline/docs/aag2dot.md new file mode 100644 index 0000000..e327f18 --- /dev/null +++ b/fret-pipeline/docs/aag2dot.md @@ -0,0 +1,63 @@ +# aag2dot.py -- Gate-Level Circuit Diagram + +## Purpose + +Converts an ASCII AIGER (`.aag`) file into a Graphviz DOT representation +showing the raw gate-level circuit topology. Unlike `trace_aiger.py` which +shows the behavioral state machine, this shows the actual hardware structure: +AND gates, latches, and wiring. + +## Usage + +```bash +python3 scripts/aag2dot.py circuits/SPEC.aag | dot -Tsvg -o diagrams/SPEC_gates.svg +``` + +## How It Works + +### `parse_aag(text)` + +Same AIGER parsing logic as `trace_aiger.py` (see that documentation for +format details). Returns a dictionary of inputs, latches, outputs, and AND +gates. + +### `lit_node(lit)` + +Maps an AIGER literal to a Graphviz node ID and negation flag: + +- Literal `14` -> `("n7", False)` -- variable 7, positive +- Literal `15` -> `("n7", True)` -- variable 7, negated + +### `to_dot(aag)` + +Generates the DOT string with: + +- **Input nodes** (light blue boxes): environment signals +- **Latch nodes** (yellow rounded boxes): state registers +- **AND gate nodes** (white circles): combinational logic +- **Output nodes** (green boxes): controller outputs +- **Solid edges**: positive connections +- **Dashed red edges** with `~` label: negated connections +- **Feedback edges** (constraint=false): latch next-state wiring, drawn + backward to show the feedback loop + +## When to Use + +The gate-level view is useful for: + +- Verifying the circuit structure matches expectations +- Understanding how the synthesizer encoded the state transitions +- Debugging unexpected behavior by tracing signals through gates +- Presentations where you want to show "this is real hardware" + +For understanding the controller's behavior (which mode transitions to +which, under what conditions), use `trace_aiger.py` instead. + +## Future Improvements + +- **Signal propagation highlighting**: Color-code paths from a specific + input to the outputs it affects. +- **Latch grouping**: Visually group latches and their feedback logic + into subclusters. +- **Gate count summary**: Print statistics (number of each gate type, + circuit depth, fan-in/fan-out). diff --git a/fret-pipeline/docs/fret_to_synth.md b/fret-pipeline/docs/fret_to_synth.md new file mode 100644 index 0000000..e8ba52c --- /dev/null +++ b/fret-pipeline/docs/fret_to_synth.md @@ -0,0 +1,135 @@ +# fret_to_synth.py -- FRET Export to Synthesis Config + +## Purpose + +Converts a FRET JSON export into a synthesis configuration file that +`ltlsynt` (from the Spot library) can consume. Handles the critical encoding +step: FRET's multi-valued mode variables become independent boolean +propositions with automatically generated mutual exclusion constraints. + +## Usage + +```bash +python3 scripts/fret_to_synth.py [output.json] +``` + +If `output.json` is omitted, writes to `specs/synthesis_config_v3.json`. + +## How It Works + +### Step 1: Mode Discovery (`discover_modes`) + +Regex-scans all `ftInfAUExpanded` (and fallback `ft`) LTL formulas in the +FRET export for patterns matching: + +``` +(control_GROUPNAME = q_VALUENAME) +``` + +Returns a dictionary of mode groups: + +```python +{ + "control_mode": ["q_heatup", "q_operation", "q_scram", "q_shutdown"], + "control_pump": ["q_off", "q_running"], # if present +} +``` + +This is fully automatic -- no hardcoded variable lists. Adding a new mode in +FRET and re-exporting is all that's needed. + +### Step 2: Boolean Encoding (`build_mode_map`) + +For each mode group, creates boolean proposition names: + +``` +control_mode = q_shutdown --> in_mode_shutdown +control_mode = q_heatup --> in_mode_heatup +control_pump = q_off --> in_pump_off +``` + +The naming rule is: `in_{group_suffix}_{value_suffix}`, where the group +suffix strips `control_` and the value suffix strips `q_`. + +Returns a string replacement map used by `encode_ltl` to transform the +FRET LTL formulas. + +### Step 3: Variable Classification (`classify_variables`) + +Every variable in the FRET semantics is classified: + +- **Mode variables** (`control_*`, `q_*`): handled by boolean encoding, excluded + from explicit input/output lists. +- **Everything else**: classified as an environment input. These are typically + continuous-domain predicates that have been abstracted to boolean + (e.g., `t_avg_above_min`, `inv1_holds`). + +### Step 4: LTL Encoding (`encode_ltl`) + +Simple string replacement of `(control_X = q_Y)` with the corresponding +boolean name. A sanity check ensures no `control_` or `q_` references survive +the transformation -- if a mode value appears in the LTL but wasn't discovered +in Step 1, the script raises an error rather than producing a silent bug. + +### Step 5: Mutual Exclusion (`mutual_exclusion_ltl`) + +For each mode group, generates an "exactly one active" LTL constraint: + +``` +G( (a & !b & !c & !d) | (!a & b & !c & !d) | (!a & !b & c & !d) | (!a & !b & !c & d) ) +``` + +This is conjoined with the requirement formulas in the final output. + +**Why this is needed:** FRET's `control_mode = q_X` is a single integer +variable -- it inherently holds one value. After decomposition into independent +booleans, the synthesizer could assert `in_mode_heatup = true` AND +`in_mode_scram = true` simultaneously and still satisfy every requirement. +The mutual exclusion constraint prevents this. It is a synthesis encoding +artifact, not a gap in the FRET specifications. + +### Step 6: LTL Formula Selection + +The script prefers `ftInfAUExpanded` from FRET's semantics object. This is +the future-time LTL formula with: +- Infinite-horizon semantics (no LAST boundary terms) +- Expanded AU (always-until) operators + +Fallback is `ft` (the raw future-time formula, which may contain LAST +operators). The `ftInfAUExpanded` form produces cleaner synthesis results +because ltlsynt works over infinite traces. + +## Output Format + +The generated JSON contains: + +| Field | Description | +|---|---| +| `spec_name` | `{PROJECT}_{COMPONENT}` from the FRET export | +| `mode_groups` | Discovered control groups, their values, and boolean names | +| `inputs` | Environment (uncontrollable) variables | +| `outputs` | System (controllable) boolean mode propositions | +| `requirements` | Each FRET requirement with original and encoded LTL | +| `structural_constraints` | Auto-generated mutual exclusion constraints | +| `conjoined_ltl` | All formulas AND'd together, ready for ltlsynt | + +## Future Improvements + +- **Multi-valued non-mode variables**: Currently assumes all non-mode variables + are boolean. If FRET exports integer-valued environment variables (e.g., + `power_level = 3`), the encoding would need range-based boolean decomposition. + +- **Environment assumptions**: No mechanism yet for adding assumptions about the + environment (e.g., "t_max_exceeded cannot persist forever"). These would need + to be separated from guarantees in the ltlsynt call (`--ins` assumptions vs. + `--outs` guarantees). This is important for liveness properties. + +- **Liveness constraints**: The old synthesis config had a manual `F(heatup)` + liveness constraint. Currently there is no automatic detection of which + requirements imply liveness vs. safety. A future version could parse FRET's + timing semantics to classify these. + +- **Partial observability**: All environment variables are currently assumed + fully observable. Real reactor instrumentation has sensor noise and delays. + Extending the pipeline to handle partial observability would require + belief-state synthesis. diff --git a/fret-pipeline/docs/synthesize.md b/fret-pipeline/docs/synthesize.md new file mode 100644 index 0000000..41fd35b --- /dev/null +++ b/fret-pipeline/docs/synthesize.md @@ -0,0 +1,123 @@ +# synthesize.sh -- ltlsynt Reactive Synthesis Wrapper + +## Purpose + +Reads a synthesis configuration JSON and invokes `ltlsynt` (from the Spot +library) to produce a reactive controller as an AIGER circuit. This is the +step where temporal logic specifications become a concrete implementation. + +## Usage + +```bash +bash scripts/synthesize.sh [output_dir] +``` + +- `synthesis_config.json`: output of `fret_to_synth.py` +- `output_dir`: where to write the `.aag` file (default: `circuits/`) + +## How It Works + +### Parameter Extraction + +A small inline Python script reads the JSON config and extracts: + +- `INPUTS`: comma-separated list of environment variables (uncontrollable) +- `OUTPUTS`: comma-separated list of system variables (controllable) +- `LTL_FORMULA`: the conjoined LTL specification +- `SPEC_NAME`: used for the output filename + +### The ltlsynt Call + +```bash +ltlsynt -f "$LTL_FORMULA" \ + --ins="$INPUTS" \ + --outs="$OUTPUTS" \ + --aiger=both+ud+dc \ + --simplify=bwoa-sat +``` + +**Flags explained:** + +| Flag | Meaning | +|---|---| +| `-f` | LTL formula (the specification) | +| `--ins` | Input (environment/uncontrollable) propositions | +| `--outs` | Output (system/controllable) propositions | +| `--aiger=both+ud+dc` | Output as ASCII AIGER with both latches and gates, using unit delays and don't-cares for optimization | +| `--simplify=bwoa-sat` | Best simplification: bounded width with SAT-based optimization. Produces the smallest circuit | + +### The Two-Player Game + +Reactive synthesis frames controller design as a two-player game: + +- **Player 1 (Environment)**: controls the `--ins` variables. Assumed to be + adversarial -- the synthesizer must find a strategy that wins against ALL + possible environment behaviors, including worst-case. + +- **Player 2 (Controller)**: controls the `--outs` variables. The synthesizer + searches for a strategy (a Mealy machine) such that no matter what Player 1 + does, the LTL specification is satisfied. + +**Why adversarial?** Because we need a controller that works in ALL operating +conditions, not just typical ones. If the environment CAN violate a safety +invariant, the synthesizer assumes it WILL, and the controller must handle it. + +This is why the old PWR_Hybrid specs produced a degenerate controller: the +environment could force `t_max_exceeded` every step, triggering irrecoverable +SCRAM. The only winning strategy was to SCRAM immediately. The new specs +have proper guard conditions that give the controller legal responses to every +environment move. + +### Realizability + +ltlsynt outputs one of two results: + +- **REALIZABLE**: A winning strategy exists. The AIGER circuit is printed + after the `REALIZABLE` line. The script strips this line and writes the + circuit to `{output_dir}/{spec_name}.aag`. + +- **UNREALIZABLE**: No controller can satisfy the specification against all + possible environment behaviors. This means the specs have a fundamental + conflict. Use FRET's realizability checking and counterexample traces to + diagnose which requirements conflict. + +### Output: AIGER Format + +The `.aag` (ASCII AIGER) file is a text-based hardware description: + +``` +aag M I L O A Header: Max-var, Inputs, Latches, Outputs, ANDs + One per line, even numbers (2, 4, 6, ...) + current_lit next_lit (state registers) + Which literals are outputs + lhs rhs0 rhs1 (lhs = rhs0 AND rhs1) + i0 name, o0 name, etc. +``` + +**Literal encoding:** Variable `n` has literal `2n` (positive) and `2n+1` +(negated). Literal `0` = constant FALSE, literal `1` = constant TRUE. +XOR-ing a literal with 1 flips its polarity. + +**Latches** are 1-bit registers that initialize to 0. With `L` latches, +the controller has up to `2^L` internal states. The circuit is a Mealy +machine: outputs depend on both current state (latches) and current inputs. + +## Future Improvements + +- **Environment assumptions**: ltlsynt supports `--from-ltlf` for finite + traces and can separate assumptions from guarantees. Adding support for + environment assumptions (e.g., fairness constraints like "the environment + won't hold t_max_exceeded forever") would expand the class of realizable + specifications. + +- **Decomposed synthesis**: For large specs, monolithic synthesis can be + expensive. Compositional synthesis (synthesizing each mode's controller + separately and composing them) could improve scalability. + +- **Alternative output formats**: The AIGER circuit could be translated to + Verilog, VHDL, or Simulink/Stateflow for integration with existing + control system toolchains. + +- **Timeout handling**: Currently no timeout on the ltlsynt call. Very + complex specifications can take hours. Adding a configurable timeout + with a clear error message would improve usability. diff --git a/fret-pipeline/docs/trace_aiger.md b/fret-pipeline/docs/trace_aiger.md new file mode 100644 index 0000000..c5ee5d6 --- /dev/null +++ b/fret-pipeline/docs/trace_aiger.md @@ -0,0 +1,190 @@ +# trace_aiger.py -- Circuit Tracer and State Machine Visualizer + +## Purpose + +Takes a synthesized AIGER circuit and produces a complete state machine +analysis: full transition tables, reachability analysis, and a Graphviz DOT +diagram with human-readable guard condition labels. Every label is derived +from exhaustive circuit evaluation -- no manual annotation, no probabilistic +inference. + +## Usage + +```bash +python3 scripts/trace_aiger.py [output_dir] +dot -Tpng diagrams/SPEC_states.dot -o diagrams/SPEC_states.png +``` + +The script is generic -- it works with any `.aag` file, not just the PWR +reactor controller. + +## How It Works + +### Phase 1: Parse (`parse_aag`) + +Reads the ASCII AIGER file and extracts: + +- **Input literals**: the environment signals (even numbers) +- **Latch pairs**: `(current_literal, next_state_literal)` for each state bit +- **Output literals**: which computed values are controller outputs +- **AND gates**: the combinational logic `(lhs, rhs0, rhs1)` +- **Symbol table**: human-readable names for inputs/outputs + +Returns a dictionary that `eval_circuit` can simulate. + +### Phase 2: Simulate (`eval_circuit`) + +Evaluates the circuit for one clock cycle given specific latch values (current +state) and input values (environment signals). + +**How it works:** + +1. Initialize a literal-value table with constant 0/1 +2. Set input literals and their negations: `val[lit] = v; val[lit ^ 1] = 1 - v` +3. Set latch literals the same way +4. Evaluate AND gates in order: `val[lhs] = val[rhs0] & val[rhs1]` +5. Read output values and next-state latch values from the table + +The `^ 1` trick exploits AIGER's literal encoding: even literals are positive, +odd literals are negated. XOR-ing with 1 flips between positive and negative. +This means we never need explicit negation logic -- every gate's inputs are +already in the table, whether positive or negated. + +**Critical assumption:** AND gates are listed in topological order in the AIGER +file, so evaluating them sequentially guarantees all inputs are computed before +they're needed. This is a property of the AIGER format specification. + +### Phase 3: Enumerate + +For every combination of latch state and input values: + +- `2^L` latch states (L = number of latches) +- `2^I` input combinations (I = number of inputs) +- Total: `2^(L+I)` evaluations + +For the PWR reactor: 2 latches, 6 inputs = 256 evaluations. Trivial. + +For each evaluation, records: +- Which outputs are active (determines the "mode") +- What the next latch state is (determines the transition) + +Results are stored in: +- `transitions[src_state][dst_state]` = set of input tuples +- `state_modes[state]` = set of mode labels + +### Phase 4: Reachability Analysis + +Starting from the initial state (all latches = 0), performs a breadth-first +search through the transition graph to identify which states are actually +reachable during operation. Unreachable states are grayed out in the diagram. + +### Phase 5: Guard Extraction (`extract_guard`) + +This is the core algorithm that makes the diagram human-readable. Given a set +of input combinations that all produce the same transition, it finds a minimal +boolean expression describing exactly that set. + +**Simple case -- single conjunction:** + +For each input variable, check if it's fixed (always 0 or always 1) or +don't-care (both 0 and 1 appear) across all combos. If the fixed variables +alone perfectly predict the combo count (`2^(don't-cares) == combo count`), +the guard is a single AND of the fixed variables. + +Example: the shutdown-to-heatup edge has 32 combos. In all 32, +`t_avg_above_min = 1`. The other 5 inputs vary freely: `2^5 = 32`. So the +guard is simply `t_avg_above_min`. + +**Complex case -- cube covering:** + +When a single conjunction can't explain the combo set, the algorithm uses +greedy cube covering: + +1. Pick a sample combo from the uncovered set +2. Start with all variables fixed to the sample's values (a point cube) +3. Try relaxing each variable (making it don't-care), one at a time +4. Accept the relaxation only if the expanded cube is a strict subset of the + edge's combos (`trial_set <= combo_set`) -- this prevents the cube from + "leaking" into other transitions +5. Repeat relaxation until no more variables can be freed +6. Record this cube, remove its combos from the uncovered set, go to step 1 +7. OR all the cubes together + +**What is a "cube"?** A conjunction where some variables are fixed and the +rest are don't-care. Example: `inv1_holds & !t_avg_in_range` fixes 2 of 6 +variables, so it covers `2^4 = 16` input combinations. The term comes from +digital logic (Karnaugh maps), where a cube is a rectangular group of cells. + +**Correctness guarantee:** The subset check `trial_set <= combo_set` on line +176 ensures that every cube covers ONLY combos belonging to this edge. The +check tests set containment, not size -- even one foreign combo causes +rejection. The union of all cubes exactly equals the original combo set. + +**Optimality caveat:** The greedy algorithm does not guarantee a minimal +number of cubes. The order in which variables are relaxed can affect the +result. For guaranteed minimality, a Quine-McCluskey or Espresso algorithm +would be needed. In practice, with 6 inputs, the greedy result is typically +optimal or off by at most one cube. + +### Phase 6: DOT Generation + +Produces a Graphviz DOT file with: + +- **State nodes** labeled with human-readable mode names (stripping `in_` + prefix, uppercasing) +- **Edge labels** showing the extracted guard conditions +- **Color coding:** + - State fill: blue (initial), yellow (transitory), green (operation), + red (scram/emergency), gray (unreachable) + - Edge color: blue (self-loop/stay), green (normal transition), + red (scram transition) + - Edge width: thicker for edges with more input combinations + +Color assignment uses keyword heuristics on the output variable names +(e.g., "scram" in the name -> red). This is cosmetic and does not affect +correctness. + +## Scaling Considerations + +The exhaustive enumeration approach has complexity `O(2^(L+I) * A)` where +`A` is the number of AND gates. This is perfectly tractable for small +controllers: + +| Latches | Inputs | Evaluations | Feasible? | +|---|---|---|---| +| 2 | 6 | 256 | Instant | +| 3 | 8 | 2,048 | Instant | +| 4 | 10 | 16,384 | < 1 second | +| 5 | 12 | 131,072 | ~ seconds | +| 8 | 16 | 16M | ~ minutes | +| 10 | 20 | 1B | Impractical | + +For controllers with more than ~12 latches, a symbolic (BDD-based) analysis +would be needed instead of exhaustive enumeration. + +## Future Improvements + +- **Symbolic analysis**: Replace exhaustive enumeration with BDD-based + reachability for large controllers. Libraries like `dd` (Python) or + direct use of Spot's automata operations could handle this. + +- **Guard minimization**: Replace the greedy cube-covering algorithm with + Espresso or Quine-McCluskey for guaranteed minimal expressions. The Python + `pyeda` library provides `espresso_exprs()` for this. + +- **Trace simulation**: Add a mode that simulates specific input sequences + step-by-step, showing the controller's response. Useful for validating + against specific scenarios (e.g., "what happens if t_avg_above_min is + asserted, then inv1_holds drops?"). + +- **Cross-reference with FRET requirements**: Annotate each edge with which + FRET requirement(s) it satisfies. This would provide traceability from the + synthesized controller back to the natural-language specifications. + +- **Multi-output modes**: Currently assumes each state has exactly one active + output (mode). If the controller has overlapping outputs, the labeling + would need to handle composite states. + +- **Interactive HTML output**: Generate an interactive diagram (e.g., using + D3.js or vis.js) instead of static SVG, allowing users to click states + and see the full transition table for that state. diff --git a/fret-pipeline/docs/visualize.md b/fret-pipeline/docs/visualize.md new file mode 100644 index 0000000..75888f9 --- /dev/null +++ b/fret-pipeline/docs/visualize.md @@ -0,0 +1,43 @@ +# visualize.sh -- AIGER Visualization Wrapper + +## Purpose + +Convenience wrapper that renders an AIGER circuit as SVG/PNG using either +`aigtodot` + Graphviz or Yosys. Handles tool detection and output directory +creation. + +## Usage + +```bash +bash scripts/visualize.sh [output_dir] [dot|yosys] +``` + +- `circuit.aag`: the AIGER file to visualize +- `output_dir`: where to write images (default: `diagrams/`) +- Method: `dot` (default) or `yosys` + +## Methods + +### `dot` (default) + +Requires `aigtodot` (from the [AIGER tools](https://github.com/arminbiere/aiger)) +and `graphviz`. Produces a gate-level schematic. + +Note: if `aigtodot` is not installed, use `aag2dot.py` instead: + +```bash +python3 scripts/aag2dot.py circuits/SPEC.aag | dot -Tpng -o diagrams/SPEC.png +``` + +### `yosys` + +Requires [Yosys](https://github.com/YosysHQ/yosys) and `graphviz`. Produces +a higher-level schematic with recognized logic patterns (muxes, registers, etc.) +drawn as compound symbols rather than individual gates. + +## Future Improvements + +- **Auto-detect available tools**: Fall back gracefully between aigtodot, + aag2dot.py, and yosys depending on what's installed. +- **State machine mode**: Add an option to invoke `trace_aiger.py` and render + the behavioral state machine instead of the gate-level view. diff --git a/fret-pipeline/pwr_hybrid_3.json b/fret-pipeline/pwr_hybrid_3.json new file mode 100644 index 0000000..84a80b5 --- /dev/null +++ b/fret-pipeline/pwr_hybrid_3.json @@ -0,0 +1,1724 @@ +{ + "requirements": [ + { + "reqid": "DRC_S004_SCRAM_STAY", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Whenever control_mode = q_scram & !manual_reset DRC shall at the next timepoint satisfy control_mode = q_scram", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "holding", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_scram", + "manual_reset" + ], + "qualifier_word": "whenever", + "pre_condition": "(control_mode = q_scram & ! manual_reset)", + "regular_condition": "(control_mode = q_scram & ! manual_reset)", + "conditionTextRange": [ + 0, + 46 + ], + "component_name": "DRC", + "componentTextRange": [ + 50, + 52 + ], + "timingTextRange": [ + 60, + 80 + ], + "post_condition": "(control_mode = q_scram)", + "responseTextRange": [ + 82, + 111 + ], + "diagramVariables": "CC = (control_mode = q_scram & ! manual_reset), Response = (control_mode = q_scram).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_scram & ! manual_reset) is true.
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_scram) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_scram & ! manual_reset) is true.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_scram) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_holding_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_unexp_ft": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_unexp_pctl": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_SMV_pt": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_SMV_ft": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_MLTL_ft": "((control_mode = q_scram) & (! manual_reset))", + "regular_condition_PRISM_pctl": "((control_mode = q_scram) & (! manual_reset))", + "post_condition_unexp_pt": "(control_mode = q_scram)", + "post_condition_unexp_ft": "(control_mode = q_scram)", + "post_condition_unexp_pctl": "(control_mode = q_scram)", + "post_condition_SMV_pt": "(control_mode = q_scram)", + "post_condition_SMV_ft": "(control_mode = q_scram)", + "post_condition_MLTL_ft": "(control_mode = q_scram)", + "post_condition_PRISM_pctl": "(control_mode = q_scram)", + "ft": "(LAST V (((control_mode = q_scram) & (! manual_reset)) -> (LAST | (X (control_mode = q_scram)))))", + "pt": "(H ((Y ((control_mode = q_scram) & (! manual_reset))) -> ((control_mode = q_scram) | (Z FALSE))))", + "pctl": "P>=1[(G (((control_mode = q_scram) & (! manual_reset)) => (P>=1[(LAST | (X (control_mode = q_scram)))])))]", + "ptExpanded": "(H ((Y ((control_mode = q_scram) & (! manual_reset))) -> ((control_mode = q_scram) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre(((control_mode = q_scram) and not (manual_reset))) => ((control_mode = q_scram) or ZtoPre(false))))", + "ftExpanded": "(LAST V (((control_mode = q_scram) & (! manual_reset)) -> (LAST | (X (control_mode = q_scram)))))", + "pctlExpanded": "P>=1[(G (((control_mode = q_scram) & (! manual_reset)) => (P>=1[(false | (X (control_mode = q_scram)))])))]", + "ftInfAUExpanded": "(G (((control_mode = q_scram) & (! manual_reset)) -> (X (control_mode = q_scram))))", + "mltlExpanded": "(G[0,M] (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_scram) & (! manual_reset))
p1: (control_mode = q_scram)", + "R2U2Code": "(((control_mode == q_scram) && (! manual_reset)) -> (F[1,1] (control_mode == q_scram)))", + "component": "DRC" + }, + "_id": "00151d40-3439-11f1-9e90-533f2b59d63b" + }, + { + "reqid": "DRC_T001_SHUTDOWN_TO_HEATUP", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Upon control_mode = q_shutdown & t_avg_above_min DRC shall at the next timepoint satisfy control_mode = q_heatup", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_shutdown", + "t_avg_above_min", + "q_heatup" + ], + "qualifier_word": "upon", + "pre_condition": "(control_mode = q_shutdown & t_avg_above_min)", + "regular_condition": "(control_mode = q_shutdown & t_avg_above_min)", + "conditionTextRange": [ + 0, + 47 + ], + "component_name": "DRC", + "componentTextRange": [ + 51, + 53 + ], + "timingTextRange": [ + 61, + 81 + ], + "post_condition": "(control_mode = q_heatup)", + "responseTextRange": [ + 83, + 113 + ], + "diagramVariables": "TC = (control_mode = q_shutdown & t_avg_above_min), Response = (control_mode = q_heatup).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_shutdown & t_avg_above_min) is true and any point in the interval where (control_mode = q_shutdown & t_avg_above_min) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_heatup) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_shutdown & t_avg_above_min) is true and any point in the interval where (control_mode = q_shutdown & t_avg_above_min) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_heatup) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_unexp_ft": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_unexp_pctl": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_SMV_pt": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_SMV_ft": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_MLTL_ft": "((control_mode = q_shutdown) & t_avg_above_min)", + "regular_condition_PRISM_pctl": "((control_mode = q_shutdown) & t_avg_above_min)", + "post_condition_unexp_pt": "(control_mode = q_heatup)", + "post_condition_unexp_ft": "(control_mode = q_heatup)", + "post_condition_unexp_pctl": "(control_mode = q_heatup)", + "post_condition_SMV_pt": "(control_mode = q_heatup)", + "post_condition_SMV_ft": "(control_mode = q_heatup)", + "post_condition_MLTL_ft": "(control_mode = q_heatup)", + "post_condition_PRISM_pctl": "(control_mode = q_heatup)", + "ft": "((LAST V (((! ((control_mode = q_shutdown) & t_avg_above_min)) & ((! LAST) & (X ((control_mode = q_shutdown) & t_avg_above_min)))) -> (X (LAST | (X (control_mode = q_heatup)))))) & (((control_mode = q_shutdown) & t_avg_above_min) -> (LAST | (X (control_mode = q_heatup)))))", + "pt": "(H ((Y (((control_mode = q_shutdown) & t_avg_above_min) & (Z (! ((control_mode = q_shutdown) & t_avg_above_min))))) -> ((control_mode = q_heatup) | (Z FALSE))))", + "pctl": "P>=1[((G (((! ((control_mode = q_shutdown) & t_avg_above_min)) & (X ((control_mode = q_shutdown) & t_avg_above_min))) => (X (P>=1[(LAST | (X (control_mode = q_heatup)))])))) & (((control_mode = q_shutdown) & t_avg_above_min) => (P>=1[(LAST | (X (control_mode = q_heatup)))])))]", + "ptExpanded": "(H ((Y (((control_mode = q_shutdown) & t_avg_above_min) & (Z (! ((control_mode = q_shutdown) & t_avg_above_min))))) -> ((control_mode = q_heatup) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((control_mode = q_shutdown) and t_avg_above_min) and ZtoPre(not (((control_mode = q_shutdown) and t_avg_above_min))))) => ((control_mode = q_heatup) or ZtoPre(false))))", + "ftExpanded": "((LAST V (((! ((control_mode = q_shutdown) & t_avg_above_min)) & ((! LAST) & (X ((control_mode = q_shutdown) & t_avg_above_min)))) -> (X (LAST | (X (control_mode = q_heatup)))))) & (((control_mode = q_shutdown) & t_avg_above_min) -> (LAST | (X (control_mode = q_heatup)))))", + "pctlExpanded": "P>=1[((G (((! ((control_mode = q_shutdown) & t_avg_above_min)) & (X ((control_mode = q_shutdown) & t_avg_above_min))) => (X (P>=1[(false | (X (control_mode = q_heatup)))])))) & (((control_mode = q_shutdown) & t_avg_above_min) => (P>=1[(false | (X (control_mode = q_heatup)))])))]", + "ftInfAUExpanded": "((G (((! ((control_mode = q_shutdown) & t_avg_above_min)) & (X ((control_mode = q_shutdown) & t_avg_above_min))) -> (X (X (control_mode = q_heatup))))) & (((control_mode = q_shutdown) & t_avg_above_min) -> (X (control_mode = q_heatup))))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[2,2] p1))) & (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_shutdown) & t_avg_above_min)
p1: (control_mode = q_heatup)", + "R2U2Code": "((((! ((control_mode == q_shutdown) && t_avg_above_min)) && (F[1,1] ((control_mode == q_shutdown) && t_avg_above_min))) -> (F[2,2] (control_mode == q_heatup))) && (((TAU == 0) && ((control_mode == q_shutdown) && t_avg_above_min)) -> (F[1,1] (control_mode == q_heatup))))", + "component": "DRC" + }, + "_id": "07c92900-3439-11f1-9e90-533f2b59d63b" + }, + { + "reqid": "DRC_T002_HEATUP_TO_OPERATION", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Upon control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds DRC shall at the next timepoint satisfy control_mode = q_operation", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_heatup", + "t_avg_in_range", + "p_above_crit", + "inv1_holds", + "q_operation" + ], + "qualifier_word": "upon", + "pre_condition": "(control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds)", + "regular_condition": "(control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds)", + "conditionTextRange": [ + 0, + 72 + ], + "component_name": "DRC", + "componentTextRange": [ + 75, + 77 + ], + "timingTextRange": [ + 85, + 105 + ], + "post_condition": "(control_mode = q_operation)", + "responseTextRange": [ + 107, + 140 + ], + "diagramVariables": "TC = (control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds), Response = (control_mode = q_operation).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds) is true and any point in the interval where (control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_operation) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds) is true and any point in the interval where (control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_operation) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_unexp_ft": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_unexp_pctl": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_SMV_pt": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_SMV_ft": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_MLTL_ft": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "regular_condition_PRISM_pctl": "((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)", + "post_condition_unexp_pt": "(control_mode = q_operation)", + "post_condition_unexp_ft": "(control_mode = q_operation)", + "post_condition_unexp_pctl": "(control_mode = q_operation)", + "post_condition_SMV_pt": "(control_mode = q_operation)", + "post_condition_SMV_ft": "(control_mode = q_operation)", + "post_condition_MLTL_ft": "(control_mode = q_operation)", + "post_condition_PRISM_pctl": "(control_mode = q_operation)", + "ft": "((LAST V (((! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)) & ((! LAST) & (X ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)))) -> (X (LAST | (X (control_mode = q_operation)))))) & (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) -> (LAST | (X (control_mode = q_operation)))))", + "pt": "(H ((Y (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) & (Z (! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds))))) -> ((control_mode = q_operation) | (Z FALSE))))", + "pctl": "P>=1[((G (((! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)) & (X ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds))) => (X (P>=1[(LAST | (X (control_mode = q_operation)))])))) & (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) => (P>=1[(LAST | (X (control_mode = q_operation)))])))]", + "ptExpanded": "(H ((Y (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) & (Z (! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds))))) -> ((control_mode = q_operation) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((((control_mode = q_heatup) and t_avg_in_range) and p_above_crit) and inv1_holds) and ZtoPre(not (((((control_mode = q_heatup) and t_avg_in_range) and p_above_crit) and inv1_holds))))) => ((control_mode = q_operation) or ZtoPre(false))))", + "ftExpanded": "((LAST V (((! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)) & ((! LAST) & (X ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)))) -> (X (LAST | (X (control_mode = q_operation)))))) & (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) -> (LAST | (X (control_mode = q_operation)))))", + "pctlExpanded": "P>=1[((G (((! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)) & (X ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds))) => (X (P>=1[(false | (X (control_mode = q_operation)))])))) & (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) => (P>=1[(false | (X (control_mode = q_operation)))])))]", + "ftInfAUExpanded": "((G (((! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)) & (X ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds))) -> (X (X (control_mode = q_operation))))) & (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) -> (X (control_mode = q_operation))))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[2,2] p1))) & (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)
p1: (control_mode = q_operation)", + "R2U2Code": "((((! ((((control_mode == q_heatup) && t_avg_in_range) && p_above_crit) && inv1_holds)) && (F[1,1] ((((control_mode == q_heatup) && t_avg_in_range) && p_above_crit) && inv1_holds))) -> (F[2,2] (control_mode == q_operation))) && (((TAU == 0) && ((((control_mode == q_heatup) && t_avg_in_range) && p_above_crit) && inv1_holds)) -> (F[1,1] (control_mode == q_operation))))", + "component": "DRC" + }, + "_id": "0ee142e0-3439-11f1-9e90-533f2b59d63b" + }, + { + "reqid": "DRC_A001_MODE_VALID", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "DRC shall always satisfy control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "probability": "null", + "timing": "always", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_shutdown", + "q_heatup", + "q_operation", + "q_scram" + ], + "component_name": "DRC", + "componentTextRange": [ + 0, + 2 + ], + "timingTextRange": [ + 10, + 15 + ], + "post_condition": "(control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram)", + "responseTextRange": [ + 17, + 129 + ], + "diagramVariables": "Response = (control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram) must hold at all time points between (and including) the trigger and the end of the interval.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram) must hold at all time points between (and including) the trigger and the end of the interval.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_always_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_unexp_ft": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_unexp_pctl": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_SMV_pt": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_SMV_ft": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_MLTL_ft": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "post_condition_PRISM_pctl": "((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "ft": "(LAST V ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))", + "pt": "(H ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))", + "pctl": "(P>=1[(G ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))])", + "ptExpanded": "(H ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))", + "CoCoSpecCode": "H(((((control_mode = q_shutdown) or (control_mode = q_heatup)) or (control_mode = q_operation)) or (control_mode = q_scram)))", + "ftExpanded": "(LAST V ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))", + "pctlExpanded": "(P>=1[(G ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))])", + "ftInfAUExpanded": "(G ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))", + "mltlExpanded": "(G[0,M] p0)", + "WESTMapping": "p0: ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram))", + "R2U2Code": "((((control_mode == q_shutdown) || (control_mode == q_heatup)) || (control_mode == q_operation)) || (control_mode == q_scram))", + "component": "DRC" + }, + "_id": "0f592770-3438-11f1-9e90-533f2b59d63b" + }, + { + "reqid": "DRC_T003_HEATUP_TO_SCRAM", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Upon control_mode = q_heatup & !inv1_holds DRC shall at the next timepoint satisfy control_mode = q_scram", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_heatup", + "inv1_holds", + "q_scram" + ], + "qualifier_word": "upon", + "pre_condition": "(control_mode = q_heatup & ! inv1_holds)", + "regular_condition": "(control_mode = q_heatup & ! inv1_holds)", + "conditionTextRange": [ + 0, + 41 + ], + "component_name": "DRC", + "componentTextRange": [ + 45, + 47 + ], + "timingTextRange": [ + 55, + 75 + ], + "post_condition": "(control_mode = q_scram)", + "responseTextRange": [ + 77, + 106 + ], + "diagramVariables": "TC = (control_mode = q_heatup & ! inv1_holds), Response = (control_mode = q_scram).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_heatup & ! inv1_holds) is true and any point in the interval where (control_mode = q_heatup & ! inv1_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_scram) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_heatup & ! inv1_holds) is true and any point in the interval where (control_mode = q_heatup & ! inv1_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_scram) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_unexp_ft": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_unexp_pctl": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_SMV_pt": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_SMV_ft": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_MLTL_ft": "((control_mode = q_heatup) & (! inv1_holds))", + "regular_condition_PRISM_pctl": "((control_mode = q_heatup) & (! inv1_holds))", + "post_condition_unexp_pt": "(control_mode = q_scram)", + "post_condition_unexp_ft": "(control_mode = q_scram)", + "post_condition_unexp_pctl": "(control_mode = q_scram)", + "post_condition_SMV_pt": "(control_mode = q_scram)", + "post_condition_SMV_ft": "(control_mode = q_scram)", + "post_condition_MLTL_ft": "(control_mode = q_scram)", + "post_condition_PRISM_pctl": "(control_mode = q_scram)", + "ft": "((LAST V (((! ((control_mode = q_heatup) & (! inv1_holds))) & ((! LAST) & (X ((control_mode = q_heatup) & (! inv1_holds))))) -> (X (LAST | (X (control_mode = q_scram)))))) & (((control_mode = q_heatup) & (! inv1_holds)) -> (LAST | (X (control_mode = q_scram)))))", + "pt": "(H ((Y (((control_mode = q_heatup) & (! inv1_holds)) & (Z (! ((control_mode = q_heatup) & (! inv1_holds)))))) -> ((control_mode = q_scram) | (Z FALSE))))", + "pctl": "P>=1[((G (((! ((control_mode = q_heatup) & (! inv1_holds))) & (X ((control_mode = q_heatup) & (! inv1_holds)))) => (X (P>=1[(LAST | (X (control_mode = q_scram)))])))) & (((control_mode = q_heatup) & (! inv1_holds)) => (P>=1[(LAST | (X (control_mode = q_scram)))])))]", + "ptExpanded": "(H ((Y (((control_mode = q_heatup) & (! inv1_holds)) & (Z (! ((control_mode = q_heatup) & (! inv1_holds)))))) -> ((control_mode = q_scram) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((control_mode = q_heatup) and not (inv1_holds)) and ZtoPre(not (((control_mode = q_heatup) and not (inv1_holds)))))) => ((control_mode = q_scram) or ZtoPre(false))))", + "ftExpanded": "((LAST V (((! ((control_mode = q_heatup) & (! inv1_holds))) & ((! LAST) & (X ((control_mode = q_heatup) & (! inv1_holds))))) -> (X (LAST | (X (control_mode = q_scram)))))) & (((control_mode = q_heatup) & (! inv1_holds)) -> (LAST | (X (control_mode = q_scram)))))", + "pctlExpanded": "P>=1[((G (((! ((control_mode = q_heatup) & (! inv1_holds))) & (X ((control_mode = q_heatup) & (! inv1_holds)))) => (X (P>=1[(false | (X (control_mode = q_scram)))])))) & (((control_mode = q_heatup) & (! inv1_holds)) => (P>=1[(false | (X (control_mode = q_scram)))])))]", + "ftInfAUExpanded": "((G (((! ((control_mode = q_heatup) & (! inv1_holds))) & (X ((control_mode = q_heatup) & (! inv1_holds)))) -> (X (X (control_mode = q_scram))))) & (((control_mode = q_heatup) & (! inv1_holds)) -> (X (control_mode = q_scram))))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[2,2] p1))) & (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_heatup) & (! inv1_holds))
p1: (control_mode = q_scram)", + "R2U2Code": "((((! ((control_mode == q_heatup) && (! inv1_holds))) && (F[1,1] ((control_mode == q_heatup) && (! inv1_holds)))) -> (F[2,2] (control_mode == q_scram))) && (((TAU == 0) && ((control_mode == q_heatup) && (! inv1_holds))) -> (F[1,1] (control_mode == q_scram))))", + "component": "DRC" + }, + "_id": "1708a9e0-3439-11f1-9e90-533f2b59d63b" + }, + { + "reqid": "DRC_T004_OPERATION_TO_SCRAM", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Upon control_mode = q_operation & !inv2_holds DRC shall at the next timepoint satisfy control_mode = q_scram", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_operation", + "inv2_holds", + "q_scram" + ], + "qualifier_word": "upon", + "pre_condition": "(control_mode = q_operation & ! inv2_holds)", + "regular_condition": "(control_mode = q_operation & ! inv2_holds)", + "conditionTextRange": [ + 0, + 44 + ], + "component_name": "DRC", + "componentTextRange": [ + 48, + 50 + ], + "timingTextRange": [ + 58, + 78 + ], + "post_condition": "(control_mode = q_scram)", + "responseTextRange": [ + 80, + 109 + ], + "diagramVariables": "TC = (control_mode = q_operation & ! inv2_holds), Response = (control_mode = q_scram).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_operation & ! inv2_holds) is true and any point in the interval where (control_mode = q_operation & ! inv2_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_scram) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_operation & ! inv2_holds) is true and any point in the interval where (control_mode = q_operation & ! inv2_holds) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_scram) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_unexp_ft": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_unexp_pctl": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_SMV_pt": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_SMV_ft": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_MLTL_ft": "((control_mode = q_operation) & (! inv2_holds))", + "regular_condition_PRISM_pctl": "((control_mode = q_operation) & (! inv2_holds))", + "post_condition_unexp_pt": "(control_mode = q_scram)", + "post_condition_unexp_ft": "(control_mode = q_scram)", + "post_condition_unexp_pctl": "(control_mode = q_scram)", + "post_condition_SMV_pt": "(control_mode = q_scram)", + "post_condition_SMV_ft": "(control_mode = q_scram)", + "post_condition_MLTL_ft": "(control_mode = q_scram)", + "post_condition_PRISM_pctl": "(control_mode = q_scram)", + "ft": "((LAST V (((! ((control_mode = q_operation) & (! inv2_holds))) & ((! LAST) & (X ((control_mode = q_operation) & (! inv2_holds))))) -> (X (LAST | (X (control_mode = q_scram)))))) & (((control_mode = q_operation) & (! inv2_holds)) -> (LAST | (X (control_mode = q_scram)))))", + "pt": "(H ((Y (((control_mode = q_operation) & (! inv2_holds)) & (Z (! ((control_mode = q_operation) & (! inv2_holds)))))) -> ((control_mode = q_scram) | (Z FALSE))))", + "pctl": "P>=1[((G (((! ((control_mode = q_operation) & (! inv2_holds))) & (X ((control_mode = q_operation) & (! inv2_holds)))) => (X (P>=1[(LAST | (X (control_mode = q_scram)))])))) & (((control_mode = q_operation) & (! inv2_holds)) => (P>=1[(LAST | (X (control_mode = q_scram)))])))]", + "ptExpanded": "(H ((Y (((control_mode = q_operation) & (! inv2_holds)) & (Z (! ((control_mode = q_operation) & (! inv2_holds)))))) -> ((control_mode = q_scram) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((control_mode = q_operation) and not (inv2_holds)) and ZtoPre(not (((control_mode = q_operation) and not (inv2_holds)))))) => ((control_mode = q_scram) or ZtoPre(false))))", + "ftExpanded": "((LAST V (((! ((control_mode = q_operation) & (! inv2_holds))) & ((! LAST) & (X ((control_mode = q_operation) & (! inv2_holds))))) -> (X (LAST | (X (control_mode = q_scram)))))) & (((control_mode = q_operation) & (! inv2_holds)) -> (LAST | (X (control_mode = q_scram)))))", + "pctlExpanded": "P>=1[((G (((! ((control_mode = q_operation) & (! inv2_holds))) & (X ((control_mode = q_operation) & (! inv2_holds)))) => (X (P>=1[(false | (X (control_mode = q_scram)))])))) & (((control_mode = q_operation) & (! inv2_holds)) => (P>=1[(false | (X (control_mode = q_scram)))])))]", + "ftInfAUExpanded": "((G (((! ((control_mode = q_operation) & (! inv2_holds))) & (X ((control_mode = q_operation) & (! inv2_holds)))) -> (X (X (control_mode = q_scram))))) & (((control_mode = q_operation) & (! inv2_holds)) -> (X (control_mode = q_scram))))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[2,2] p1))) & (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_operation) & (! inv2_holds))
p1: (control_mode = q_scram)", + "R2U2Code": "((((! ((control_mode == q_operation) && (! inv2_holds))) && (F[1,1] ((control_mode == q_operation) && (! inv2_holds)))) -> (F[2,2] (control_mode == q_scram))) && (((TAU == 0) && ((control_mode == q_operation) && (! inv2_holds))) -> (F[1,1] (control_mode == q_scram))))", + "component": "DRC" + }, + "_id": "1f626b80-3439-11f1-9e90-533f2b59d63b" + }, + { + "reqid": "DRC_T005_SCRAM_TO_SHUTDOWN", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Upon control_mode = q_scram & manual_reset DRC shall at the next timepoint satisfy control_mode = q_shutdown", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "regular", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_scram", + "manual_reset", + "q_shutdown" + ], + "qualifier_word": "upon", + "pre_condition": "(control_mode = q_scram & manual_reset)", + "regular_condition": "(control_mode = q_scram & manual_reset)", + "conditionTextRange": [ + 0, + 41 + ], + "component_name": "DRC", + "componentTextRange": [ + 45, + 47 + ], + "timingTextRange": [ + 55, + 75 + ], + "post_condition": "(control_mode = q_shutdown)", + "responseTextRange": [ + 77, + 109 + ], + "diagramVariables": "TC = (control_mode = q_scram & manual_reset), Response = (control_mode = q_shutdown).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_scram & manual_reset) is true and any point in the interval where (control_mode = q_scram & manual_reset) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_shutdown) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval if (control_mode = q_scram & manual_reset) is true and any point in the interval where (control_mode = q_scram & manual_reset) becomes true (from false).
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_shutdown) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_regular_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_scram) & manual_reset)", + "regular_condition_unexp_ft": "((control_mode = q_scram) & manual_reset)", + "regular_condition_unexp_pctl": "((control_mode = q_scram) & manual_reset)", + "regular_condition_SMV_pt": "((control_mode = q_scram) & manual_reset)", + "regular_condition_SMV_ft": "((control_mode = q_scram) & manual_reset)", + "regular_condition_MLTL_ft": "((control_mode = q_scram) & manual_reset)", + "regular_condition_PRISM_pctl": "((control_mode = q_scram) & manual_reset)", + "post_condition_unexp_pt": "(control_mode = q_shutdown)", + "post_condition_unexp_ft": "(control_mode = q_shutdown)", + "post_condition_unexp_pctl": "(control_mode = q_shutdown)", + "post_condition_SMV_pt": "(control_mode = q_shutdown)", + "post_condition_SMV_ft": "(control_mode = q_shutdown)", + "post_condition_MLTL_ft": "(control_mode = q_shutdown)", + "post_condition_PRISM_pctl": "(control_mode = q_shutdown)", + "ft": "((LAST V (((! ((control_mode = q_scram) & manual_reset)) & ((! LAST) & (X ((control_mode = q_scram) & manual_reset)))) -> (X (LAST | (X (control_mode = q_shutdown)))))) & (((control_mode = q_scram) & manual_reset) -> (LAST | (X (control_mode = q_shutdown)))))", + "pt": "(H ((Y (((control_mode = q_scram) & manual_reset) & (Z (! ((control_mode = q_scram) & manual_reset))))) -> ((control_mode = q_shutdown) | (Z FALSE))))", + "pctl": "P>=1[((G (((! ((control_mode = q_scram) & manual_reset)) & (X ((control_mode = q_scram) & manual_reset))) => (X (P>=1[(LAST | (X (control_mode = q_shutdown)))])))) & (((control_mode = q_scram) & manual_reset) => (P>=1[(LAST | (X (control_mode = q_shutdown)))])))]", + "ptExpanded": "(H ((Y (((control_mode = q_scram) & manual_reset) & (Z (! ((control_mode = q_scram) & manual_reset))))) -> ((control_mode = q_shutdown) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((control_mode = q_scram) and manual_reset) and ZtoPre(not (((control_mode = q_scram) and manual_reset))))) => ((control_mode = q_shutdown) or ZtoPre(false))))", + "ftExpanded": "((LAST V (((! ((control_mode = q_scram) & manual_reset)) & ((! LAST) & (X ((control_mode = q_scram) & manual_reset)))) -> (X (LAST | (X (control_mode = q_shutdown)))))) & (((control_mode = q_scram) & manual_reset) -> (LAST | (X (control_mode = q_shutdown)))))", + "pctlExpanded": "P>=1[((G (((! ((control_mode = q_scram) & manual_reset)) & (X ((control_mode = q_scram) & manual_reset))) => (X (P>=1[(false | (X (control_mode = q_shutdown)))])))) & (((control_mode = q_scram) & manual_reset) => (P>=1[(false | (X (control_mode = q_shutdown)))])))]", + "ftInfAUExpanded": "((G (((! ((control_mode = q_scram) & manual_reset)) & (X ((control_mode = q_scram) & manual_reset))) -> (X (X (control_mode = q_shutdown))))) & (((control_mode = q_scram) & manual_reset) -> (X (control_mode = q_shutdown))))", + "mltlExpanded": "((G[0,M] (((! p0) & (F[1,1] p0)) -> (F[2,2] p1))) & (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_scram) & manual_reset)
p1: (control_mode = q_shutdown)", + "R2U2Code": "((((! ((control_mode == q_scram) && manual_reset)) && (F[1,1] ((control_mode == q_scram) && manual_reset))) -> (F[2,2] (control_mode == q_shutdown))) && (((TAU == 0) && ((control_mode == q_scram) && manual_reset)) -> (F[1,1] (control_mode == q_shutdown))))", + "component": "DRC" + }, + "_id": "268581e0-3439-11f1-9e90-533f2b59d63b" + }, + { + "reqid": "DRC_S001_SHUTDOWN_STAY", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Whenever control_mode = q_shutdown & !t_avg_above_min DRC shall at the next timepoint satisfy control_mode = q_shutdown", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "holding", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_shutdown", + "t_avg_above_min" + ], + "qualifier_word": "whenever", + "pre_condition": "(control_mode = q_shutdown & ! t_avg_above_min)", + "regular_condition": "(control_mode = q_shutdown & ! t_avg_above_min)", + "conditionTextRange": [ + 0, + 52 + ], + "component_name": "DRC", + "componentTextRange": [ + 56, + 58 + ], + "timingTextRange": [ + 66, + 86 + ], + "post_condition": "(control_mode = q_shutdown)", + "responseTextRange": [ + 88, + 120 + ], + "diagramVariables": "CC = (control_mode = q_shutdown & ! t_avg_above_min), Response = (control_mode = q_shutdown).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_shutdown & ! t_avg_above_min) is true.
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_shutdown) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_shutdown & ! t_avg_above_min) is true.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_shutdown) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_holding_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_unexp_ft": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_unexp_pctl": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_SMV_pt": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_SMV_ft": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_MLTL_ft": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "regular_condition_PRISM_pctl": "((control_mode = q_shutdown) & (! t_avg_above_min))", + "post_condition_unexp_pt": "(control_mode = q_shutdown)", + "post_condition_unexp_ft": "(control_mode = q_shutdown)", + "post_condition_unexp_pctl": "(control_mode = q_shutdown)", + "post_condition_SMV_pt": "(control_mode = q_shutdown)", + "post_condition_SMV_ft": "(control_mode = q_shutdown)", + "post_condition_MLTL_ft": "(control_mode = q_shutdown)", + "post_condition_PRISM_pctl": "(control_mode = q_shutdown)", + "ft": "(LAST V (((control_mode = q_shutdown) & (! t_avg_above_min)) -> (LAST | (X (control_mode = q_shutdown)))))", + "pt": "(H ((Y ((control_mode = q_shutdown) & (! t_avg_above_min))) -> ((control_mode = q_shutdown) | (Z FALSE))))", + "pctl": "P>=1[(G (((control_mode = q_shutdown) & (! t_avg_above_min)) => (P>=1[(LAST | (X (control_mode = q_shutdown)))])))]", + "ptExpanded": "(H ((Y ((control_mode = q_shutdown) & (! t_avg_above_min))) -> ((control_mode = q_shutdown) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre(((control_mode = q_shutdown) and not (t_avg_above_min))) => ((control_mode = q_shutdown) or ZtoPre(false))))", + "ftExpanded": "(LAST V (((control_mode = q_shutdown) & (! t_avg_above_min)) -> (LAST | (X (control_mode = q_shutdown)))))", + "pctlExpanded": "P>=1[(G (((control_mode = q_shutdown) & (! t_avg_above_min)) => (P>=1[(false | (X (control_mode = q_shutdown)))])))]", + "ftInfAUExpanded": "(G (((control_mode = q_shutdown) & (! t_avg_above_min)) -> (X (control_mode = q_shutdown))))", + "mltlExpanded": "(G[0,M] (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_shutdown) & (! t_avg_above_min))
p1: (control_mode = q_shutdown)", + "R2U2Code": "(((control_mode == q_shutdown) && (! t_avg_above_min)) -> (F[1,1] (control_mode == q_shutdown)))", + "component": "DRC" + }, + "_id": "27113c90-3438-11f1-9e90-533f2b59d63b" + }, + { + "reqid": "DRC_S002_HEATUP_STAY", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Whenever control_mode = q_heatup & inv1_holds & !(t_avg_in_range & p_above_crit) DRC shall at the next timepoint satisfy control_mode = q_heatup", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "holding", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_heatup", + "inv1_holds", + "t_avg_in_range", + "p_above_crit" + ], + "qualifier_word": "whenever", + "pre_condition": "(control_mode = q_heatup & inv1_holds & ! ( t_avg_in_range & p_above_crit ))", + "regular_condition": "(control_mode = q_heatup & inv1_holds & ! ( t_avg_in_range & p_above_crit ))", + "conditionTextRange": [ + 0, + 79 + ], + "component_name": "DRC", + "componentTextRange": [ + 83, + 85 + ], + "timingTextRange": [ + 93, + 113 + ], + "post_condition": "(control_mode = q_heatup)", + "responseTextRange": [ + 115, + 145 + ], + "diagramVariables": "CC = (control_mode = q_heatup & inv1_holds & ! ( t_avg_in_range & p_above_crit )), Response = (control_mode = q_heatup).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_heatup & inv1_holds & ! ( t_avg_in_range & p_above_crit )) is true.
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_heatup) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_heatup & inv1_holds & ! ( t_avg_in_range & p_above_crit )) is true.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_heatup) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_holding_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_unexp_ft": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_unexp_pctl": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_SMV_pt": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_SMV_ft": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_MLTL_ft": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "regular_condition_PRISM_pctl": "(((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))", + "post_condition_unexp_pt": "(control_mode = q_heatup)", + "post_condition_unexp_ft": "(control_mode = q_heatup)", + "post_condition_unexp_pctl": "(control_mode = q_heatup)", + "post_condition_SMV_pt": "(control_mode = q_heatup)", + "post_condition_SMV_ft": "(control_mode = q_heatup)", + "post_condition_MLTL_ft": "(control_mode = q_heatup)", + "post_condition_PRISM_pctl": "(control_mode = q_heatup)", + "ft": "(LAST V ((((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit))) -> (LAST | (X (control_mode = q_heatup)))))", + "pt": "(H ((Y (((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))) -> ((control_mode = q_heatup) | (Z FALSE))))", + "pctl": "P>=1[(G ((((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit))) => (P>=1[(LAST | (X (control_mode = q_heatup)))])))]", + "ptExpanded": "(H ((Y (((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))) -> ((control_mode = q_heatup) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre((((control_mode = q_heatup) and inv1_holds) and not ((t_avg_in_range and p_above_crit)))) => ((control_mode = q_heatup) or ZtoPre(false))))", + "ftExpanded": "(LAST V ((((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit))) -> (LAST | (X (control_mode = q_heatup)))))", + "pctlExpanded": "P>=1[(G ((((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit))) => (P>=1[(false | (X (control_mode = q_heatup)))])))]", + "ftInfAUExpanded": "(G ((((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit))) -> (X (control_mode = q_heatup))))", + "mltlExpanded": "(G[0,M] (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: (((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit)))
p1: (control_mode = q_heatup)", + "R2U2Code": "((((control_mode == q_heatup) && inv1_holds) && (! (t_avg_in_range && p_above_crit))) -> (F[1,1] (control_mode == q_heatup)))", + "component": "DRC" + }, + "_id": "de451bc0-3438-11f1-9e90-533f2b59d63b" + }, + { + "reqid": "DRC_S003_OPERATION_STAY", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "Whenever control_mode = q_operation & inv2_holds DRC shall at the next timepoint satisfy control_mode = q_operation ", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "holding", + "probability": "null", + "timing": "next", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_operation", + "inv2_holds" + ], + "qualifier_word": "whenever", + "pre_condition": "(control_mode = q_operation & inv2_holds)", + "regular_condition": "(control_mode = q_operation & inv2_holds)", + "conditionTextRange": [ + 0, + 47 + ], + "component_name": "DRC", + "componentTextRange": [ + 50, + 52 + ], + "timingTextRange": [ + 60, + 80 + ], + "post_condition": "(control_mode = q_operation)", + "responseTextRange": [ + 82, + 115 + ], + "diagramVariables": "CC = (control_mode = q_operation & inv2_holds), Response = (control_mode = q_operation).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_operation & inv2_holds) is true.
REQUIRED BEHAVIOR: for every trigger, (control_mode = q_operation) must hold at the next time step.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: every point in the interval where (control_mode = q_operation & inv2_holds) is true.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, (control_mode = q_operation) must hold at the next time step.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_holding_next_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "regular_condition_unexp_pt": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_unexp_ft": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_unexp_pctl": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_SMV_pt": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_SMV_ft": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_MLTL_ft": "((control_mode = q_operation) & inv2_holds)", + "regular_condition_PRISM_pctl": "((control_mode = q_operation) & inv2_holds)", + "post_condition_unexp_pt": "(control_mode = q_operation)", + "post_condition_unexp_ft": "(control_mode = q_operation)", + "post_condition_unexp_pctl": "(control_mode = q_operation)", + "post_condition_SMV_pt": "(control_mode = q_operation)", + "post_condition_SMV_ft": "(control_mode = q_operation)", + "post_condition_MLTL_ft": "(control_mode = q_operation)", + "post_condition_PRISM_pctl": "(control_mode = q_operation)", + "ft": "(LAST V (((control_mode = q_operation) & inv2_holds) -> (LAST | (X (control_mode = q_operation)))))", + "pt": "(H ((Y ((control_mode = q_operation) & inv2_holds)) -> ((control_mode = q_operation) | (Z FALSE))))", + "pctl": "P>=1[(G (((control_mode = q_operation) & inv2_holds) => (P>=1[(LAST | (X (control_mode = q_operation)))])))]", + "ptExpanded": "(H ((Y ((control_mode = q_operation) & inv2_holds)) -> ((control_mode = q_operation) | (Z FALSE))))", + "CoCoSpecCode": "H((YtoPre(((control_mode = q_operation) and inv2_holds)) => ((control_mode = q_operation) or ZtoPre(false))))", + "ftExpanded": "(LAST V (((control_mode = q_operation) & inv2_holds) -> (LAST | (X (control_mode = q_operation)))))", + "pctlExpanded": "P>=1[(G (((control_mode = q_operation) & inv2_holds) => (P>=1[(false | (X (control_mode = q_operation)))])))]", + "ftInfAUExpanded": "(G (((control_mode = q_operation) & inv2_holds) -> (X (control_mode = q_operation))))", + "mltlExpanded": "(G[0,M] (p0 -> (F[1,1] p1)))", + "WESTMapping": "p0: ((control_mode = q_operation) & inv2_holds)
p1: (control_mode = q_operation)", + "R2U2Code": "(((control_mode == q_operation) && inv2_holds) -> (F[1,1] (control_mode == q_operation)))", + "component": "DRC" + }, + "_id": "ec1666a0-3438-11f1-9e90-533f2b59d63b" + }, + { + "reqid": "DRC_I001_INIT_SHUTDOWN", + "parent_reqid": "", + "project": "PWR_HYBRID_3", + "rationale": "", + "comments": "", + "fulltext": "DRC shall immediately satisfy control_mode = q_shutdown", + "status": "", + "semantics": { + "type": "nasa", + "scope": { + "type": "null" + }, + "condition": "null", + "probability": "null", + "timing": "immediately", + "response": "satisfaction", + "variables": [ + "control_mode", + "q_shutdown" + ], + "component_name": "DRC", + "componentTextRange": [ + 0, + 2 + ], + "timingTextRange": [ + 10, + 20 + ], + "post_condition": "(control_mode = q_shutdown)", + "responseTextRange": [ + 22, + 54 + ], + "diagramVariables": "Response = (control_mode = q_shutdown).", + "description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, if trigger holds then (control_mode = q_shutdown) also holds at the same time point.", + "probabilistic_description": "SCOPE: in the interval defined by the entire execution.
TRIGGER: first point in the interval.
REQUIRED BEHAVIOR: for every trigger, with probability >=1, if trigger holds then (control_mode = q_shutdown) also holds at the same time point.", + "diagram": "_media/user-interface/examples/svgDiagrams/null_null_immediately_satisfaction.svg", + "scope_mode_pt": "BAD_PT", + "scope_mode_ft": "BAD_FT", + "post_condition_unexp_pt": "(control_mode = q_shutdown)", + "post_condition_unexp_ft": "(control_mode = q_shutdown)", + "post_condition_unexp_pctl": "(control_mode = q_shutdown)", + "post_condition_SMV_pt": "(control_mode = q_shutdown)", + "post_condition_SMV_ft": "(control_mode = q_shutdown)", + "post_condition_MLTL_ft": "(control_mode = q_shutdown)", + "post_condition_PRISM_pctl": "(control_mode = q_shutdown)", + "ft": "(control_mode = q_shutdown)", + "pt": "(H ((Z FALSE) -> (control_mode = q_shutdown)))", + "pctl": "(P>=1[(control_mode = q_shutdown)])", + "ptExpanded": "(H ((Z FALSE) -> (control_mode = q_shutdown)))", + "CoCoSpecCode": "H((ZtoPre(false) => (control_mode = q_shutdown)))", + "ftExpanded": "(control_mode = q_shutdown)", + "pctlExpanded": "(P>=1[(control_mode = q_shutdown)])", + "ftInfAUExpanded": "(control_mode = q_shutdown)", + "mltlExpanded": "p0", + "WESTMapping": "p0: (control_mode = q_shutdown)", + "R2U2Code": "((TAU == 0) -> (control_mode == q_shutdown))", + "component": "DRC" + }, + "_id": "f21c42a0-3437-11f1-9e90-533f2b59d63b" + } + ], + "variables": [ + { + "project": "FSM", + "component_name": "sw", + "variable_name": "P", + "reqs": [ + "L1" + ], + "otherDeps": [], + "dataType": "", + "idType": "", + "description": "", + "assignment": "", + "modeRequirement": "", + "model": false, + "modelComponent": "", + "model_id": "", + "_id": "FSMswP" + }, + { + "project": "FSM", + "component_name": "sw", + "variable_name": "R", + "reqs": [ + "L1" + ], + "otherDeps": [], + "dataType": "", + "idType": "", + "description": "", + "assignment": "", + "modeRequirement": "", + "model": false, + "modelComponent": "", + "model_id": "", + "_id": "FSMswR" + }, + { + "project": "PWR_HYBRID_3", + "component_name": "DRC", + "variable_name": "control_mode", + "reqs": [ + "00151d40-3439-11f1-9e90-533f2b59d63b", + "07c92900-3439-11f1-9e90-533f2b59d63b", + "0ee142e0-3439-11f1-9e90-533f2b59d63b", + "0f592770-3438-11f1-9e90-533f2b59d63b", + "1708a9e0-3439-11f1-9e90-533f2b59d63b", + "1f626b80-3439-11f1-9e90-533f2b59d63b", + "268581e0-3439-11f1-9e90-533f2b59d63b", + "27113c90-3438-11f1-9e90-533f2b59d63b", + "de451bc0-3438-11f1-9e90-533f2b59d63b", + "ec1666a0-3438-11f1-9e90-533f2b59d63b", + "f21c42a0-3437-11f1-9e90-533f2b59d63b" + ], + "dataType": "integer", + "idType": "Output", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": false, + "_id": "PWR_HYBRID_3DRCcontrol_mode" + }, + { + "project": "PWR_HYBRID_3", + "component_name": "DRC", + "variable_name": "inv1_holds", + "reqs": [ + "1708a9e0-3439-11f1-9e90-533f2b59d63b", + "de451bc0-3438-11f1-9e90-533f2b59d63b", + "0ee142e0-3439-11f1-9e90-533f2b59d63b" + ], + "dataType": "boolean", + "idType": "Input", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HYBRID_3DRCinv1_holds" + }, + { + "project": "PWR_HYBRID_3", + "component_name": "DRC", + "variable_name": "inv2_holds", + "reqs": [ + "1f626b80-3439-11f1-9e90-533f2b59d63b", + "ec1666a0-3438-11f1-9e90-533f2b59d63b" + ], + "dataType": "boolean", + "idType": "Input", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HYBRID_3DRCinv2_holds" + }, + { + "project": "PWR_HYBRID_3", + "component_name": "DRC", + "variable_name": "manual_reset", + "reqs": [ + "00151d40-3439-11f1-9e90-533f2b59d63b", + "268581e0-3439-11f1-9e90-533f2b59d63b" + ], + "dataType": "boolean", + "idType": "Input", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HYBRID_3DRCmanual_reset" + }, + { + "project": "PWR_HYBRID_3", + "component_name": "DRC", + "variable_name": "p_above_crit", + "reqs": [ + "0ee142e0-3439-11f1-9e90-533f2b59d63b", + "de451bc0-3438-11f1-9e90-533f2b59d63b" + ], + "dataType": "boolean", + "idType": "Input", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HYBRID_3DRCp_above_crit" + }, + { + "project": "PWR_HYBRID_3", + "component_name": "DRC", + "variable_name": "q_heatup", + "reqs": [ + "07c92900-3439-11f1-9e90-533f2b59d63b", + "0ee142e0-3439-11f1-9e90-533f2b59d63b", + "0f592770-3438-11f1-9e90-533f2b59d63b", + "1708a9e0-3439-11f1-9e90-533f2b59d63b", + "de451bc0-3438-11f1-9e90-533f2b59d63b" + ], + "dataType": "integer", + "idType": "Internal", + "moduleName": "", + "description": "", + "assignment": "1", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": false, + "smvCompleted": false, + "_id": "PWR_HYBRID_3DRCq_heatup" + }, + { + "project": "PWR_HYBRID_3", + "component_name": "DRC", + "variable_name": "q_operation", + "reqs": [ + "0ee142e0-3439-11f1-9e90-533f2b59d63b", + "0f592770-3438-11f1-9e90-533f2b59d63b", + "1f626b80-3439-11f1-9e90-533f2b59d63b", + "ec1666a0-3438-11f1-9e90-533f2b59d63b" + ], + "dataType": "integer", + "idType": "Internal", + "moduleName": "", + "description": "", + "assignment": "2", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": false, + "smvCompleted": false, + "_id": "PWR_HYBRID_3DRCq_operation" + }, + { + "project": "PWR_HYBRID_3", + "component_name": "DRC", + "variable_name": "q_scram", + "reqs": [ + "00151d40-3439-11f1-9e90-533f2b59d63b", + "0f592770-3438-11f1-9e90-533f2b59d63b", + "1708a9e0-3439-11f1-9e90-533f2b59d63b", + "1f626b80-3439-11f1-9e90-533f2b59d63b", + "268581e0-3439-11f1-9e90-533f2b59d63b" + ], + "dataType": "integer", + "idType": "Internal", + "moduleName": "", + "description": "", + "assignment": "3", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": false, + "smvCompleted": false, + "_id": "PWR_HYBRID_3DRCq_scram" + }, + { + "project": "PWR_HYBRID_3", + "component_name": "DRC", + "variable_name": "q_shutdown", + "reqs": [ + "07c92900-3439-11f1-9e90-533f2b59d63b", + "0f592770-3438-11f1-9e90-533f2b59d63b", + "268581e0-3439-11f1-9e90-533f2b59d63b", + "27113c90-3438-11f1-9e90-533f2b59d63b", + "f21c42a0-3437-11f1-9e90-533f2b59d63b" + ], + "dataType": "integer", + "idType": "Internal", + "moduleName": "", + "description": "", + "assignment": "0", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": false, + "smvCompleted": false, + "_id": "PWR_HYBRID_3DRCq_shutdown" + }, + { + "project": "PWR_HYBRID_3", + "component_name": "DRC", + "variable_name": "t_avg_above_min", + "reqs": [ + "07c92900-3439-11f1-9e90-533f2b59d63b", + "27113c90-3438-11f1-9e90-533f2b59d63b" + ], + "dataType": "boolean", + "idType": "Input", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HYBRID_3DRCt_avg_above_min" + }, + { + "project": "PWR_HYBRID_3", + "component_name": "DRC", + "variable_name": "t_avg_in_range", + "reqs": [ + "0ee142e0-3439-11f1-9e90-533f2b59d63b", + "de451bc0-3438-11f1-9e90-533f2b59d63b" + ], + "dataType": "boolean", + "idType": "Input", + "moduleName": "", + "description": "", + "assignment": "", + "assignmentVariables": [], + "copilotAssignment": "", + "r2u2Assignment": "", + "smvAssignment": "", + "smvAssignmentVariables": [], + "modeRequirement": "", + "modeldoc": false, + "modeldoc_id": "", + "modeldoc_vectorIndex": null, + "modelComponent": "", + "completed": true, + "r2u2Completed": true, + "smvCompleted": true, + "_id": "PWR_HYBRID_3DRCt_avg_in_range" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "emergencybutton", + "portType": "Inport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "emergencybutton" + }, + { + "component_name": "fsm_12B/FiniteStateMachine", + "dataType": [ + "double" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "2", + "portType": "Outport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "SENSTATE", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/FiniteStateMachine/SENSTATE" + }, + { + "component_name": "fsm_12B/FiniteStateMachine", + "dataType": [ + "double" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "1", + "portType": "Outport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "STATE", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/FiniteStateMachine/STATE" + }, + { + "component_name": "fsm_12B/FiniteStateMachine", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "2", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "apfail", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/FiniteStateMachine/apfail" + }, + { + "component_name": "fsm_12B/FiniteStateMachine", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "4", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "good", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/FiniteStateMachine/good" + }, + { + "component_name": "fsm_12B/FiniteStateMachine", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "4", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "limits", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/FiniteStateMachine/limits" + }, + { + "component_name": "fsm_12B/FiniteStateMachine", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "1", + "portType": "Outport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "pullup", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/FiniteStateMachine/pullup" + }, + { + "component_name": "fsm_12B/FiniteStateMachine", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "2", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "request", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/FiniteStateMachine/request" + }, + { + "component_name": "fsm_12B/FiniteStateMachine", + "dataType": [ + "double" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "4", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "senstate", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/FiniteStateMachine/senstate" + }, + { + "component_name": "fsm_12B/FiniteStateMachine", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "1", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "standby", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/FiniteStateMachine/standby" + }, + { + "component_name": "fsm_12B/FiniteStateMachine", + "dataType": [ + "double" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "5", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "state", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/FiniteStateMachine/state" + }, + { + "component_name": "fsm_12B/FiniteStateMachine", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "3", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "supported", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/FiniteStateMachine/supported" + }, + { + "component_name": "fsm_12B", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "2", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "apfail", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/apfail" + }, + { + "component_name": "fsm_12B", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "4", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "limits", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/limits" + }, + { + "component_name": "fsm_12B", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "1", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "standby", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/standby" + }, + { + "component_name": "fsm_12B", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "modeldoc": true, + "portNumber": "3", + "portType": "Inport", + "project": "FSM", + "tool": "Simulink", + "variable_name": "supported", + "width": 1, + "fretComponent": "FSM", + "_id": "fsm_12B/supported" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "liquidlevel1", + "portType": "Inport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "liquidlevel1" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "liquidlevel2", + "portType": "Inport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "liquidlevel2" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "startbutton", + "portType": "Inport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "startbutton" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "stirringmotor", + "portType": "Outport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "stirringmotor" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "timer120secexpire", + "portType": "Inport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "timer120secexpire" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "timer120secstart", + "portType": "Outport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "timer120secstart" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "timer60secexpire", + "portType": "Inport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "timer60secexpire" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "timer60secstart", + "portType": "Outport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "timer60secstart" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "valve0", + "portType": "Outport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "valve0" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "valve1", + "portType": "Outport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "valve1" + }, + { + "project": "Liquid_mixer", + "modeldoc": true, + "variable_name": "valve2", + "portType": "Outport", + "portNumber": "", + "component_name": "liquidmixer", + "tool": "Simulink", + "dataType": [ + "boolean" + ], + "dimensions": [ + 1, + 1 + ], + "width": 1, + "fretComponent": "liquid_mixer", + "_id": "valve2" + } + ] +} \ No newline at end of file diff --git a/fret-pipeline/scripts/.gitkeep b/fret-pipeline/scripts/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/fret-pipeline/scripts/aag2dot.py b/fret-pipeline/scripts/aag2dot.py new file mode 100644 index 0000000..111f90a --- /dev/null +++ b/fret-pipeline/scripts/aag2dot.py @@ -0,0 +1,167 @@ +#!/usr/bin/env python3 +"""Convert an ASCII AIGER (.aag) file to Graphviz DOT format. + +Usage: python3 scripts/aag2dot.py circuits/spec.aag | dot -Tsvg -o diagrams/spec.svg +""" + +import sys +from pathlib import Path + + +def parse_aag(text: str) -> dict: + lines = text.strip().split('\n') + header = lines[0].split() + assert header[0] == 'aag' + max_var = int(header[1]) + n_inputs = int(header[2]) + n_latches = int(header[3]) + n_outputs = int(header[4]) + n_ands = int(header[5]) + + idx = 1 + inputs = [] + for i in range(n_inputs): + inputs.append(int(lines[idx])) + idx += 1 + + latches = [] + for i in range(n_latches): + parts = lines[idx].split() + latches.append((int(parts[0]), int(parts[1]))) + idx += 1 + + outputs = [] + for i in range(n_outputs): + outputs.append(int(lines[idx])) + idx += 1 + + ands = [] + for i in range(n_ands): + parts = lines[idx].split() + ands.append((int(parts[0]), int(parts[1]), int(parts[2]))) + idx += 1 + + # Symbol table + input_names = {} + output_names = {} + latch_names = {} + while idx < len(lines): + line = lines[idx] + if line.startswith('i'): + parts = line.split(' ', 1) + input_names[int(parts[0][1:])] = parts[1] + elif line.startswith('o'): + parts = line.split(' ', 1) + output_names[int(parts[0][1:])] = parts[1] + elif line.startswith('l'): + parts = line.split(' ', 1) + latch_names[int(parts[0][1:])] = parts[1] + elif line.startswith('c'): + break + idx += 1 + + return { + 'inputs': inputs, + 'latches': latches, + 'outputs': outputs, + 'ands': ands, + 'input_names': input_names, + 'output_names': output_names, + 'latch_names': latch_names, + } + + +def lit_node(lit: int) -> tuple[str, bool]: + """Return (node_id, is_negated) for a literal.""" + var = lit >> 1 + negated = lit & 1 + return f'n{var}', bool(negated) + + +def to_dot(aag: dict) -> str: + lines = ['digraph aiger {'] + lines.append(' rankdir=LR;') + lines.append(' node [shape=record];') + lines.append('') + + # Constant 0 + lines.append(' n0 [label="0", shape=circle, style=filled, fillcolor=gray90];') + + # Inputs + lines.append(' { rank=source;') + for i, inp in enumerate(aag['inputs']): + var = inp >> 1 + name = aag['input_names'].get(i, f'i{i}') + lines.append(f' n{var} [label="{name}", shape=box, style=filled, fillcolor=lightblue];') + lines.append(' }') + + # Latches + for i, (latch_lit, next_lit) in enumerate(aag['latches']): + var = latch_lit >> 1 + name = aag['latch_names'].get(i, f'L{i}') + lines.append(f' n{var} [label="{name}", shape=box, style="filled,rounded", fillcolor=lightyellow];') + + # AND gates + for lhs, rhs0, rhs1 in aag['ands']: + var = lhs >> 1 + lines.append(f' n{var} [label="&", shape=circle, style=filled, fillcolor=white];') + + # Outputs + lines.append(' { rank=sink;') + for i, out_lit in enumerate(aag['outputs']): + name = aag['output_names'].get(i, f'o{i}') + lines.append(f' out_{i} [label="{name}", shape=box, style=filled, fillcolor=lightgreen];') + lines.append(' }') + + lines.append('') + + # AND gate edges + for lhs, rhs0, rhs1 in aag['ands']: + lhs_var = lhs >> 1 + for rhs in [rhs0, rhs1]: + src_node, negated = lit_node(rhs) + style = 'style=dashed, color=red' if negated else '' + label = 'label="~"' if negated else '' + attrs = ', '.join(filter(None, [style, label])) + if attrs: + lines.append(f' {src_node} -> n{lhs_var} [{attrs}];') + else: + lines.append(f' {src_node} -> n{lhs_var};') + + # Latch feedback edges + for i, (latch_lit, next_lit) in enumerate(aag['latches']): + latch_var = latch_lit >> 1 + src_node, negated = lit_node(next_lit) + style = 'style=dashed, color=red' if negated else '' + label = 'label="~"' if negated else '' + extra = 'constraint=false, ' + attrs = ', '.join(filter(None, [extra + style, label])) + lines.append(f' {src_node} -> n{latch_var} [{attrs}];') + + # Output edges + for i, out_lit in enumerate(aag['outputs']): + src_node, negated = lit_node(out_lit) + style = 'style=dashed, color=red' if negated else '' + label = 'label="~"' if negated else '' + attrs = ', '.join(filter(None, [style, label])) + if attrs: + lines.append(f' {src_node} -> out_{i} [{attrs}];') + else: + lines.append(f' {src_node} -> out_{i};') + + lines.append('}') + return '\n'.join(lines) + + +def main(): + if len(sys.argv) < 2: + print(f'Usage: {sys.argv[0]} ', file=sys.stderr) + sys.exit(1) + + text = Path(sys.argv[1]).read_text() + aag = parse_aag(text) + print(to_dot(aag)) + + +if __name__ == '__main__': + main() diff --git a/fret-pipeline/scripts/fret_to_synth.py b/fret-pipeline/scripts/fret_to_synth.py new file mode 100644 index 0000000..c689bef --- /dev/null +++ b/fret-pipeline/scripts/fret_to_synth.py @@ -0,0 +1,258 @@ +#!/usr/bin/env python3 +"""Convert FRET JSON export to ltlsynt synthesis config. + +Automatically detects: + - Mode variables: any variable matching `control_* = q_*` in the LTL. + Each control group (e.g. control_mode) gets its own set of boolean + outputs (e.g. in_mode_shutdown, in_mode_heatup) with a mutual + exclusion constraint. + - Environment inputs: variables that appear only in conditions + (pre_condition / regular_condition) and are not mode variables. + - System outputs: the boolean mode propositions derived from control_*. + +Naming convention in FRET: + - Mode variables MUST start with "control_" (e.g. control_mode, control_pump) + - Mode values MUST start with "q_" (e.g. q_shutdown, q_heatup) + - All other variables are classified by their FRET role. + +Usage: python3 scripts/fret_to_synth.py [output.json] +""" + +import json +import re +import sys +from collections import defaultdict +from pathlib import Path + + +def discover_modes(requirements): + """Scan all LTL formulas for (control_X = q_Y) patterns. + + Returns a dict: { "control_X": ["q_Y", "q_Z", ...] } + Each key is a mode group, values are the discovered mode values. + """ + # Match patterns like (control_mode = q_shutdown), (control_pump = q_off) + pattern = re.compile(r'\((\s*control_\w+)\s*=\s*(q_\w+)\s*\)') + + mode_groups = defaultdict(set) + for req in requirements: + sem = req["semantics"] + for field in ("ftInfAUExpanded", "ft", "ftExpanded"): + ltl = sem.get(field, "") + if ltl: + for match in pattern.finditer(ltl): + ctrl_var = match.group(1).strip() + mode_val = match.group(2).strip() + mode_groups[ctrl_var].add(mode_val) + + # Sort mode values for deterministic output + return {k: sorted(v) for k, v in sorted(mode_groups.items())} + + +def build_mode_map(mode_groups): + """Build the string replacement map and output variable list. + + For a single control group like control_mode with values + [q_heatup, q_operation, q_scram, q_shutdown], produces: + - replacements: {"(control_mode = q_heatup)": "in_mode_heatup", ...} + - outputs: ["in_mode_heatup", "in_mode_operation", ...] + + For multiple groups, the boolean name includes the group suffix: + control_mode -> in_mode_X + control_pump -> in_pump_X + """ + replacements = {} + outputs_by_group = {} + + for ctrl_var, mode_vals in mode_groups.items(): + # Derive group suffix: control_mode -> mode, control_pump -> pump + suffix = ctrl_var.replace("control_", "", 1) + group_outputs = [] + + for qval in mode_vals: + # q_shutdown -> shutdown + val_name = qval.replace("q_", "", 1) + bool_name = f"in_{suffix}_{val_name}" + replacements[f"({ctrl_var} = {qval})"] = bool_name + group_outputs.append(bool_name) + + outputs_by_group[ctrl_var] = group_outputs + + return replacements, outputs_by_group + + +def classify_variables(requirements, mode_groups): + """Classify non-mode variables as environment inputs. + + A variable is an environment input if: + - It is NOT a control_* or q_* variable (those are handled by mode encoding) + - It appears in any requirement's semantics.variables + + All mode propositions are system outputs (handled separately). + """ + # Collect all known mode-related variable names to exclude + mode_var_names = set() + for ctrl_var, mode_vals in mode_groups.items(): + mode_var_names.add(ctrl_var) + mode_var_names.update(mode_vals) + + # Collect all variables referenced across requirements + all_vars = set() + for req in requirements: + sem = req["semantics"] + for v in sem.get("variables", []): + all_vars.add(v) + + # Everything that's not a mode variable is an environment input + env_inputs = sorted(all_vars - mode_var_names) + return env_inputs + + +def encode_ltl(formula, replacements): + """Replace all (control_X = q_Y) with boolean mode propositions.""" + result = formula + for pattern, replacement in replacements.items(): + result = result.replace(pattern, replacement) + + # Sanity check: no control_ or q_ references should remain + leftover = re.findall(r'control_\w+|q_\w+', result) + if leftover: + raise ValueError( + f"Unhandled mode references in LTL: {leftover}\n" + f" Formula: {result}\n" + f" Known replacements: {list(replacements.keys())}" + ) + + return result + + +def mutual_exclusion_ltl(group_outputs): + """Generate LTL for exactly-one-active constraint over a mode group. + + Produces: G( (a & !b & !c & !d) | (!a & b & !c & !d) | ... ) + """ + clauses = [] + for i, m in enumerate(group_outputs): + parts = [] + for j, n in enumerate(group_outputs): + if i == j: + parts.append(n) + else: + parts.append(f"(! {n})") + clauses.append(f"({' & '.join(parts)})") + exactly_one = " | ".join(clauses) + return f"G ({exactly_one})" + + +def main(): + if len(sys.argv) < 2: + print(f"Usage: {sys.argv[0]} [output.json]", file=sys.stderr) + sys.exit(1) + + input_path = Path(sys.argv[1]) + output_path = Path(sys.argv[2]) if len(sys.argv) > 2 else Path("specs/synthesis_config_v3.json") + + with open(input_path) as f: + fret_data = json.load(f) + + requirements = fret_data["requirements"] + project = requirements[0]["project"] + component = requirements[0]["semantics"]["component_name"] + + # --- Auto-discover everything --- + mode_groups = discover_modes(requirements) + replacements, outputs_by_group = build_mode_map(mode_groups) + env_inputs = classify_variables(requirements, mode_groups) + all_outputs = [out for group in outputs_by_group.values() for out in group] + + print(f"Discovered {len(mode_groups)} mode group(s):") + for ctrl_var, modes in mode_groups.items(): + print(f" {ctrl_var}: {modes}") + print(f" -> booleans: {outputs_by_group[ctrl_var]}") + print(f"Environment inputs: {env_inputs}") + print(f"System outputs: {all_outputs}") + print() + + # --- Encode requirements --- + encoded_reqs = [] + for req in requirements: + reqid = req["reqid"] + fulltext = req["fulltext"] + sem = req["semantics"] + + # Prefer ftInfAUExpanded (cleanest infinite-horizon LTL) + raw_ltl = sem.get("ftInfAUExpanded") or sem.get("ft") + if not raw_ltl: + print(f"WARNING: No LTL for {reqid}, skipping", file=sys.stderr) + continue + + encoded = encode_ltl(raw_ltl, replacements) + + encoded_reqs.append({ + "req_id": reqid, + "fulltext": fulltext, + "project": project, + "component": component, + "ltl": encoded, + "ltl_original": raw_ltl, + "condition_type": sem.get("condition", "unknown"), + }) + + # --- Build structural constraints (one mutex per mode group) --- + structural = [] + for ctrl_var, group_outs in outputs_by_group.items(): + mutex = mutual_exclusion_ltl(group_outs) + structural.append({ + "name": f"mutex_{ctrl_var}", + "description": f"Exactly one {ctrl_var} value active at all times", + "ltl": mutex, + }) + + # --- Conjoin all formulas --- + all_formulas = [r["ltl"] for r in encoded_reqs] + all_formulas += [s["ltl"] for s in structural] + conjoined = " & ".join(f"({f})" for f in all_formulas) + + # --- Write config --- + config = { + "_comment": ( + f"Generated from {input_path.name} by fret_to_synth.py. " + f"Boolean mode encoding with auto-discovered mode groups. " + f"Mutual exclusion constraints are synthesis artifacts — they enforce " + f"the single-valued semantics of control_* variables after decomposition " + f"into independent booleans. They are NOT needed in FRET itself, where " + f"control_mode = q_X is inherently single-valued." + ), + "spec_name": f"{project}_{component}", + "source_file": str(input_path), + "mode_groups": { + ctrl_var: { + "values": modes, + "booleans": outputs_by_group[ctrl_var], + } + for ctrl_var, modes in mode_groups.items() + }, + "inputs": env_inputs, + "outputs": all_outputs, + "requirements": encoded_reqs, + "structural_constraints": structural, + "conjoined_ltl": conjoined, + } + + output_path.parent.mkdir(parents=True, exist_ok=True) + with open(output_path, "w") as f: + json.dump(config, f, indent=2) + + print(f"Synthesis config written to: {output_path}") + print(f" Requirements: {len(encoded_reqs)}") + print(f" Structural constraints: {len(structural)}") + print(f" Conjoined formula length: {len(conjoined)} chars") + + print("\nEncoded requirements:") + for r in encoded_reqs: + print(f" {r['req_id']} [{r['condition_type']}]:") + print(f" {r['ltl'][:120]}{'...' if len(r['ltl']) > 120 else ''}") + + +if __name__ == "__main__": + main() diff --git a/fret-pipeline/scripts/synthesize.sh b/fret-pipeline/scripts/synthesize.sh new file mode 100755 index 0000000..340fcbf --- /dev/null +++ b/fret-pipeline/scripts/synthesize.sh @@ -0,0 +1,80 @@ +#!/usr/bin/env bash +# Synthesize a controller from a FRET synthesis config using ltlsynt (Spot). +# +# Usage: ./scripts/synthesize.sh specs/synthesis_config.json [output_dir] +# +# Reads the synthesis_config.json produced by parse_fret_json.py and +# runs ltlsynt to produce an AIGER circuit. + +set -euo pipefail + +CONFIG="${1:?Usage: $0 [output_dir]}" +OUTPUT_DIR="${2:-circuits}" + +if ! command -v ltlsynt &>/dev/null; then + echo "Error: ltlsynt not found. Install with: brew install spot" + exit 1 +fi + +mkdir -p "$OUTPUT_DIR" + +# Extract synthesis parameters from config +eval "$(python3 -c " +import json, sys, shlex + +config = json.load(open(sys.argv[1])) +inputs = config['inputs'] +outputs = config['outputs'] +ltl = config.get('conjoined_ltl') +spec_name = config['spec_name'] + +if not ltl: + print('echo \"Error: no conjoined LTL formula in config\"; exit 1') + sys.exit(0) +if not outputs: + print('echo \"Error: no output variables defined\"; exit 1') + sys.exit(0) + +print(f'SPEC_NAME={shlex.quote(spec_name)}') +print(f'INPUTS={shlex.quote(\",\".join(inputs))}') +print(f'OUTPUTS={shlex.quote(\",\".join(outputs))}') +print(f'LTL_FORMULA={shlex.quote(ltl)}') +" "$CONFIG")" + +AAG_FILE="$OUTPUT_DIR/${SPEC_NAME}.aag" + +echo "=== ltlsynt Reactive Synthesis ===" +echo "Spec: $SPEC_NAME" +echo "Inputs: $INPUTS" +echo "Outputs: $OUTPUTS" +echo "Formula: ${LTL_FORMULA:0:200}..." +echo "" +echo "Running ltlsynt..." + +# Run ltlsynt +# -f: LTL formula +# --ins: uncontrollable (input/environment) propositions +# --outs: controllable (output/system) propositions +# --aiger: output as AIGER circuit +# --simplify=bwoa-sat: best simplification +SYNTH_OUTPUT=$(ltlsynt -f "$LTL_FORMULA" --ins="$INPUTS" --outs="$OUTPUTS" --aiger=both+ud+dc --simplify=bwoa-sat 2>&1) || true + +if echo "$SYNTH_OUTPUT" | head -1 | grep -q "^REALIZABLE"; then + echo "" + echo "Result: REALIZABLE" + # Strip the REALIZABLE line and write the AIGER circuit + echo "$SYNTH_OUTPUT" | tail -n +2 > "$AAG_FILE" + LINES=$(wc -l < "$AAG_FILE") + echo "Circuit written to: $AAG_FILE ($LINES lines)" +elif echo "$SYNTH_OUTPUT" | head -1 | grep -q "^UNREALIZABLE"; then + echo "" + echo "Result: UNREALIZABLE" + echo "The specification cannot be implemented as a controller." + echo "$SYNTH_OUTPUT" + exit 1 +else + echo "" + echo "Error: unexpected ltlsynt output:" + echo "$SYNTH_OUTPUT" + exit 1 +fi diff --git a/fret-pipeline/scripts/trace_aiger.py b/fret-pipeline/scripts/trace_aiger.py new file mode 100644 index 0000000..379344d --- /dev/null +++ b/fret-pipeline/scripts/trace_aiger.py @@ -0,0 +1,388 @@ +#!/usr/bin/env python3 +"""Enumerate all states and transitions of a synthesized AIGER controller. + +Generic AIGER parser — reads any .aag file and produces: +1. A full transition table +2. State-to-mode mapping +3. A Graphviz DOT file for the state machine with guard condition labels + +Usage: python3 scripts/trace_aiger.py [output_dir] +""" + +import sys +from itertools import product +from pathlib import Path +from collections import defaultdict + + +def parse_aag(path): + """Parse an ASCII AIGER file, return circuit definition.""" + lines = Path(path).read_text().strip().split('\n') + header = lines[0].split() + assert header[0] == 'aag' + n_inputs = int(header[2]) + n_latches = int(header[3]) + n_outputs = int(header[4]) + n_ands = int(header[5]) + + idx = 1 + input_lits = [] + for _ in range(n_inputs): + input_lits.append(int(lines[idx])); idx += 1 + + latch_pairs = [] # (current_lit, next_lit) + for _ in range(n_latches): + parts = lines[idx].split() + latch_pairs.append((int(parts[0]), int(parts[1]))); idx += 1 + + output_lits = [] + for _ in range(n_outputs): + output_lits.append(int(lines[idx])); idx += 1 + + ands = [] + for _ in range(n_ands): + parts = lines[idx].split() + ands.append((int(parts[0]), int(parts[1]), int(parts[2]))); idx += 1 + + input_names = {} + output_names = {} + while idx < len(lines): + line = lines[idx] + if line.startswith('i'): + parts = line.split(' ', 1) + input_names[int(parts[0][1:])] = parts[1] + elif line.startswith('o'): + parts = line.split(' ', 1) + output_names[int(parts[0][1:])] = parts[1] + elif line.startswith('c'): + break + idx += 1 + + return { + 'input_lits': input_lits, + 'input_names': [input_names.get(i, f'i{i}') for i in range(n_inputs)], + 'latch_lits': [lp[0] for lp in latch_pairs], + 'latch_next_lits': [lp[1] for lp in latch_pairs], + 'output_lits': output_lits, + 'output_names': [output_names.get(i, f'o{i}') for i in range(n_outputs)], + 'ands': ands, + } + + +def eval_circuit(circ, latch_vals, input_vals): + """Evaluate circuit for given latch and input values. Returns (outputs, next_latches).""" + val = {0: 0, 1: 1} + for lit, v in zip(circ['input_lits'], input_vals): + val[lit] = v; val[lit ^ 1] = 1 - v + for lit, v in zip(circ['latch_lits'], latch_vals): + val[lit] = v; val[lit ^ 1] = 1 - v + for lhs, rhs0, rhs1 in circ['ands']: + val[lhs] = val[rhs0] & val[rhs1] + val[lhs ^ 1] = 1 - val[lhs] + outputs = {name: val[lit] for name, lit in zip(circ['output_names'], circ['output_lits'])} + next_latches = tuple(val[nl] for nl in circ['latch_next_lits']) + return outputs, next_latches + + +def mode_label(outputs): + active = [name for name, val in outputs.items() if val] + return "+".join(active) if active else "NONE" + + +def output_display_name(name): + """Derive a human-readable state label from an output variable name. + + Strips common prefixes like 'in_' and uppercases the result. + E.g. 'in_shutdown' -> 'SHUTDOWN', 'is_active' -> 'ACTIVE'. + """ + for prefix in ('in_', 'is_', 'at_'): + if name.startswith(prefix): + return name[len(prefix):].upper() + return name.upper() + + +def extract_guard(input_combos, input_names): + """Build a minimal boolean guard expression from a set of input combinations. + + For each input variable, check if it is fixed to 0, fixed to 1, or don't-care + across all combos that trigger this edge. Fixed variables become guard terms. + If multiple distinct fixed-variable patterns exist, they are OR'd together. + + Returns a human-readable string like "inv1_holds & !p_above_crit" or "always". + """ + n_inputs = len(input_names) + n_total = 2 ** n_inputs + combos = list(input_combos) + + if len(combos) == n_total: + return "always" + + if len(combos) == 0: + return "never" + + # For each input variable, determine if it's fixed or don't-care + fixed = {} # var_index -> value (0 or 1), only if fixed across ALL combos + for i in range(n_inputs): + vals = set(c[i] for c in combos) + if len(vals) == 1: + fixed[i] = vals.pop() + + # Check if the fixed variables alone fully explain the combo set. + # Count how many combos the fixed vars predict: 2^(number of don't-care vars) + n_dontcare = n_inputs - len(fixed) + predicted = 2 ** n_dontcare + + if predicted == len(combos): + # The fixed variables perfectly partition this edge — single conjunction + if not fixed: + return "always" + terms = [] + for i in sorted(fixed): + name = input_names[i] + if fixed[i] == 1: + terms.append(name) + else: + terms.append(f"!{name}") + return " & ".join(terms) + + # Multiple patterns needed — group combos by their fixed-variable signature + # Strategy: iteratively find the largest single-conjunction cube that covers + # a subset of remaining combos, and OR the cubes together. + combo_set = set(combos) + remaining = set(combos) + all_possible = list(product([0, 1], repeat=n_inputs)) + cubes = [] + + while remaining: + # Pick an arbitrary combo and try to build the largest cube containing it + sample = next(iter(remaining)) + + # Greedy: start with all vars fixed to sample values, relax one at a time. + # A cube is valid only if every combo it covers belongs to this edge. + cur_fixed = {i: sample[i] for i in range(n_inputs)} + cur_set = {sample} + + changed = True + while changed: + changed = False + for i in list(cur_fixed): + # Try relaxing variable i + trial_fixed = {k: v for k, v in cur_fixed.items() if k != i} + trial_set = set() + for c in all_possible: + if all(c[k] == v for k, v in trial_fixed.items()): + trial_set.add(c) + # Only relax if the cube stays entirely within the edge's combos + if trial_set <= combo_set and len(trial_set) > len(cur_set): + cur_fixed = trial_fixed + cur_set = trial_set + changed = True + + # Build terms for this cube + terms = [] + for i in sorted(cur_fixed): + name = input_names[i] + if cur_fixed[i] == 1: + terms.append(name) + else: + terms.append(f"!{name}") + + cubes.append(" & ".join(terms) if terms else "always") + remaining -= cur_set + + if len(cubes) == 1: + return cubes[0] + # Wrap each multi-term cube in parens when OR-ing + parts = [] + for c in cubes: + if " & " in c: + parts.append(f"({c})") + else: + parts.append(c) + return " | ".join(parts) + + +def state_color(state, init_latches, reachable, mode_names): + """Assign a fill color based on state semantics. + + Heuristics (checked in order): + - Initial state: light blue + - Any active output containing 'scram' or 'emergency': salmon/red + - Any active output containing 'shutdown' or 'trip': light coral / orange + - Any active output containing 'operation' or 'run' or 'power': light green + - Otherwise (transitory / heatup / startup): light yellow + - Unreachable: gray + """ + if state not in reachable: + return "gray90" + + # Lowercase set of active mode keywords + modes_lower = " ".join(mode_names).lower() + + if state == init_latches: + return "\"#A8D8EA\"" # light blue + + if any(kw in modes_lower for kw in ('scram', 'emergency')): + return "\"#FF6B6B\"" # red + + if any(kw in modes_lower for kw in ('shutdown', 'trip')): + return "\"#FFB347\"" # orange + + if any(kw in modes_lower for kw in ('operation', 'run', 'power', 'normal')): + return "\"#77DD77\"" # green + + # Transitory / heatup / startup / other + return "\"#FFFACD\"" # light yellow + + +def edge_color(src, dst, dst_modes): + """Assign edge color based on transition type.""" + modes_lower = " ".join(dst_modes).lower() + if src == dst: + return "\"#4A90D9\"", "bold" # blue for self-loops + if any(kw in modes_lower for kw in ('scram', 'emergency')): + return "\"#CC0000\"", "bold" # red for scram transitions + return "\"#228B22\"", "" # green for normal transitions + + +def main(): + aag_path = sys.argv[1] if len(sys.argv) > 1 else "circuits/PWR_Hybrid_DRC.aag" + out_dir = Path(sys.argv[2]) if len(sys.argv) > 2 else Path("diagrams") + out_dir.mkdir(parents=True, exist_ok=True) + + circ = parse_aag(aag_path) + n_latches = len(circ['latch_lits']) + n_inputs = len(circ['input_lits']) + n_total_inputs = 2 ** n_inputs + basename = Path(aag_path).stem + + print("=" * 100) + print(f"Synthesized Controller Trace: {basename}") + print(f" Inputs ({n_inputs}): {circ['input_names']}") + print(f" Latches: {n_latches}") + print(f" Outputs ({len(circ['output_names'])}): {circ['output_names']}") + print("=" * 100) + + init_latches = tuple(0 for _ in range(n_latches)) + init_inputs = tuple(0 for _ in range(n_inputs)) + init_out, init_ns = eval_circuit(circ, init_latches, init_inputs) + print(f"\nInitial state: latches={init_latches}") + print(f"Initial outputs (all inputs 0): {mode_label(init_out)}") + for k, v in init_out.items(): + print(f" {k}={v}", end="") + print("\n") + + # Build header + inp_hdr = " ".join(f"{n[:5]:>5}" for n in circ['input_names']) + out_hdr = " ".join(f"{n[:6]:>6}" for n in circ['output_names']) + l_hdr = " ".join(f"L{i}" for i in range(n_latches)) + nl_hdr = " ".join(f"nL{i}" for i in range(n_latches)) + header = f"{l_hdr} | {inp_hdr} | {out_hdr} | {nl_hdr} | mode" + print(header) + print("-" * len(header)) + + # transitions[src][dst] = set of input combo tuples + transitions = defaultdict(lambda: defaultdict(set)) + state_modes = defaultdict(set) + + all_latch_states = list(product([0, 1], repeat=n_latches)) + all_input_combos = list(product([0, 1], repeat=n_inputs)) + + for ls in all_latch_states: + for iv in all_input_combos: + outputs, ns = eval_circuit(circ, ls, iv) + ml = mode_label(outputs) + state_modes[ls].add(ml) + transitions[ls][ns].add(iv) + + l_str = " ".join(f"{v:>2}" for v in ls) + i_str = " ".join(f"{v:>5}" for v in iv) + o_str = " ".join(f"{v:>6}" for v in outputs.values()) + n_str = " ".join(f"{v:>3}" for v in ns) + print(f"{l_str} | {i_str} | {o_str} | {n_str} | {ml}") + + # Reachability + print("\n" + "=" * 80) + print(f"REACHABILITY (from initial state {init_latches})") + print("=" * 80) + frontier = {init_latches} + reachable = set() + while frontier: + s = frontier.pop() + if s in reachable: continue + reachable.add(s) + for ns in transitions[s]: + if ns not in reachable: + frontier.add(ns) + + for s in sorted(all_latch_states): + modes = sorted(state_modes[s]) + tag = "REACHABLE" if s in reachable else "UNREACHABLE" + print(f" State {s}: modes={modes} [{tag}]") + + # Transition summary with guard labels + print("\n" + "=" * 80) + print("STATE TRANSITION SUMMARY") + print("=" * 80) + for s in sorted(reachable): + print(f"\nFrom state {s} — modes: {sorted(state_modes[s])}") + for ns in sorted(transitions[s]): + guard = extract_guard(transitions[s][ns], circ['input_names']) + n = len(transitions[s][ns]) + print(f" -> {ns} [{n}/{n_total_inputs} combos] guard: {guard}") + + # Build output display name mapping + out_display = {name: output_display_name(name) for name in circ['output_names']} + + # Generate DOT + dot = ['digraph Controller {', + ' rankdir=LR;', + ' bgcolor="white";', + ' node [shape=Mrecord, style="filled,rounded", fontname="Helvetica-Bold", fontsize=12, penwidth=1.5];', + ' edge [fontname="Helvetica", fontsize=9];', ''] + + for s in sorted(all_latch_states): + modes = sorted(state_modes[s]) + # Build display label: show human-readable output names + display_modes = [] + for m in modes: + if m == "NONE": + display_modes.append("NONE") + else: + parts = m.split("+") + display_modes.append(" + ".join(out_display.get(p, p.upper()) for p in parts)) + label = " | ".join(display_modes) + sid = "s" + "".join(str(v) for v in s) + color = state_color(s, init_latches, reachable, modes) + dot.append(f' {sid} [label="{label}", fillcolor={color}];') + + init_id = "s" + "".join(str(v) for v in init_latches) + dot += ['', ' init [shape=point, width=0.25, color="black"];', f' init -> {init_id} [penwidth=2.0];', ''] + + for s in sorted(reachable): + sid = "s" + "".join(str(v) for v in s) + for ns in sorted(transitions[s]): + nsid = "s" + "".join(str(v) for v in ns) + guard = extract_guard(transitions[s][ns], circ['input_names']) + + # Determine destination modes for coloring + dst_modes = sorted(state_modes[ns]) + color, style = edge_color(s, ns, dst_modes) + + n = len(transitions[s][ns]) + pw = "2.0" if n > n_total_inputs // 2 else "1.2" + + # Escape guard for DOT label + dot_guard = guard.replace('"', '\\"') + style_attr = f', style="{style}"' if style else '' + dot.append(f' {sid} -> {nsid} [label="{dot_guard}", penwidth={pw}, color={color}, fontcolor={color}{style_attr}];') + + dot.append('}') + + dot_path = out_dir / f"{basename}_states.dot" + dot_path.write_text('\n'.join(dot)) + print(f"\nDOT written to: {dot_path}") + + +if __name__ == "__main__": + main() diff --git a/fret-pipeline/scripts/visualize.sh b/fret-pipeline/scripts/visualize.sh new file mode 100755 index 0000000..a98d07f --- /dev/null +++ b/fret-pipeline/scripts/visualize.sh @@ -0,0 +1,61 @@ +#!/usr/bin/env bash +# Visualize an AIGER circuit as SVG using aigtodot + graphviz, or yosys. +# +# Usage: ./scripts/visualize.sh circuits/DRC.aag [output_dir] [method] +# +# Methods: +# dot - aigtodot + graphviz (default, requires aiger tools + graphviz) +# yosys - yosys show command (requires yosys + graphviz) + +set -euo pipefail + +AAG_FILE="${1:?Usage: $0 [output_dir] [dot|yosys]}" +OUTPUT_DIR="${2:-diagrams}" +METHOD="${3:-dot}" + +BASENAME=$(basename "$AAG_FILE" .aag) +mkdir -p "$OUTPUT_DIR" + +case "$METHOD" in + dot) + if ! command -v aigtodot &>/dev/null; then + echo "Error: aigtodot not found." + echo "Install AIGER tools: https://github.com/arminbiere/aiger" + echo " git clone https://github.com/arminbiere/aiger && cd aiger && ./configure.sh && make" + exit 1 + fi + if ! command -v dot &>/dev/null; then + echo "Error: graphviz not found. Install with: brew install graphviz" + exit 1 + fi + echo "Generating DOT from AIGER..." + aigtodot "$AAG_FILE" | dot -Tsvg -o "$OUTPUT_DIR/${BASENAME}.svg" + echo "SVG written to: $OUTPUT_DIR/${BASENAME}.svg" + + # Also generate PNG for quick viewing + aigtodot "$AAG_FILE" | dot -Tpng -o "$OUTPUT_DIR/${BASENAME}.png" + echo "PNG written to: $OUTPUT_DIR/${BASENAME}.png" + ;; + + yosys) + if ! command -v yosys &>/dev/null; then + echo "Error: yosys not found. Install with: brew install yosys" + exit 1 + fi + if ! command -v dot &>/dev/null; then + echo "Error: graphviz not found. Install with: brew install graphviz" + exit 1 + fi + echo "Generating schematic with Yosys..." + yosys -p "read_aiger $AAG_FILE; show -format svg -prefix $OUTPUT_DIR/${BASENAME}" + echo "SVG written to: $OUTPUT_DIR/${BASENAME}.svg" + ;; + + *) + echo "Unknown method: $METHOD (use 'dot' or 'yosys')" + exit 1 + ;; +esac + +echo "" +echo "Open with: open $OUTPUT_DIR/${BASENAME}.svg" diff --git a/fret-pipeline/specs/.gitkeep b/fret-pipeline/specs/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/fret-pipeline/specs/synthesis_config_v3.json b/fret-pipeline/specs/synthesis_config_v3.json new file mode 100644 index 0000000..618a7d7 --- /dev/null +++ b/fret-pipeline/specs/synthesis_config_v3.json @@ -0,0 +1,144 @@ +{ + "_comment": "Generated from pwr_hybrid_3.json by fret_to_synth.py. Boolean mode encoding with auto-discovered mode groups. Mutual exclusion constraints are synthesis artifacts \u2014 they enforce the single-valued semantics of control_* variables after decomposition into independent booleans. They are NOT needed in FRET itself, where control_mode = q_X is inherently single-valued.", + "spec_name": "PWR_HYBRID_3_DRC", + "source_file": "pwr_hybrid_3.json", + "mode_groups": { + "control_mode": { + "values": [ + "q_heatup", + "q_operation", + "q_scram", + "q_shutdown" + ], + "booleans": [ + "in_mode_heatup", + "in_mode_operation", + "in_mode_scram", + "in_mode_shutdown" + ] + } + }, + "inputs": [ + "inv1_holds", + "inv2_holds", + "manual_reset", + "p_above_crit", + "t_avg_above_min", + "t_avg_in_range" + ], + "outputs": [ + "in_mode_heatup", + "in_mode_operation", + "in_mode_scram", + "in_mode_shutdown" + ], + "requirements": [ + { + "req_id": "DRC_S004_SCRAM_STAY", + "fulltext": "Whenever control_mode = q_scram & !manual_reset DRC shall at the next timepoint satisfy control_mode = q_scram", + "project": "PWR_HYBRID_3", + "component": "DRC", + "ltl": "(G ((in_mode_scram & (! manual_reset)) -> (X in_mode_scram)))", + "ltl_original": "(G (((control_mode = q_scram) & (! manual_reset)) -> (X (control_mode = q_scram))))", + "condition_type": "holding" + }, + { + "req_id": "DRC_T001_SHUTDOWN_TO_HEATUP", + "fulltext": "Upon control_mode = q_shutdown & t_avg_above_min DRC shall at the next timepoint satisfy control_mode = q_heatup", + "project": "PWR_HYBRID_3", + "component": "DRC", + "ltl": "((G (((! (in_mode_shutdown & t_avg_above_min)) & (X (in_mode_shutdown & t_avg_above_min))) -> (X (X in_mode_heatup)))) & ((in_mode_shutdown & t_avg_above_min) -> (X in_mode_heatup)))", + "ltl_original": "((G (((! ((control_mode = q_shutdown) & t_avg_above_min)) & (X ((control_mode = q_shutdown) & t_avg_above_min))) -> (X (X (control_mode = q_heatup))))) & (((control_mode = q_shutdown) & t_avg_above_min) -> (X (control_mode = q_heatup))))", + "condition_type": "regular" + }, + { + "req_id": "DRC_T002_HEATUP_TO_OPERATION", + "fulltext": "Upon control_mode = q_heatup & t_avg_in_range & p_above_crit & inv1_holds DRC shall at the next timepoint satisfy control_mode = q_operation", + "project": "PWR_HYBRID_3", + "component": "DRC", + "ltl": "((G (((! (((in_mode_heatup & t_avg_in_range) & p_above_crit) & inv1_holds)) & (X (((in_mode_heatup & t_avg_in_range) & p_above_crit) & inv1_holds))) -> (X (X in_mode_operation)))) & ((((in_mode_heatup & t_avg_in_range) & p_above_crit) & inv1_holds) -> (X in_mode_operation)))", + "ltl_original": "((G (((! ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds)) & (X ((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds))) -> (X (X (control_mode = q_operation))))) & (((((control_mode = q_heatup) & t_avg_in_range) & p_above_crit) & inv1_holds) -> (X (control_mode = q_operation))))", + "condition_type": "regular" + }, + { + "req_id": "DRC_A001_MODE_VALID", + "fulltext": "DRC shall always satisfy control_mode = q_shutdown | control_mode = q_heatup | control_mode = q_operation | control_mode = q_scram", + "project": "PWR_HYBRID_3", + "component": "DRC", + "ltl": "(G (((in_mode_shutdown | in_mode_heatup) | in_mode_operation) | in_mode_scram))", + "ltl_original": "(G ((((control_mode = q_shutdown) | (control_mode = q_heatup)) | (control_mode = q_operation)) | (control_mode = q_scram)))", + "condition_type": "null" + }, + { + "req_id": "DRC_T003_HEATUP_TO_SCRAM", + "fulltext": "Upon control_mode = q_heatup & !inv1_holds DRC shall at the next timepoint satisfy control_mode = q_scram", + "project": "PWR_HYBRID_3", + "component": "DRC", + "ltl": "((G (((! (in_mode_heatup & (! inv1_holds))) & (X (in_mode_heatup & (! inv1_holds)))) -> (X (X in_mode_scram)))) & ((in_mode_heatup & (! inv1_holds)) -> (X in_mode_scram)))", + "ltl_original": "((G (((! ((control_mode = q_heatup) & (! inv1_holds))) & (X ((control_mode = q_heatup) & (! inv1_holds)))) -> (X (X (control_mode = q_scram))))) & (((control_mode = q_heatup) & (! inv1_holds)) -> (X (control_mode = q_scram))))", + "condition_type": "regular" + }, + { + "req_id": "DRC_T004_OPERATION_TO_SCRAM", + "fulltext": "Upon control_mode = q_operation & !inv2_holds DRC shall at the next timepoint satisfy control_mode = q_scram", + "project": "PWR_HYBRID_3", + "component": "DRC", + "ltl": "((G (((! (in_mode_operation & (! inv2_holds))) & (X (in_mode_operation & (! inv2_holds)))) -> (X (X in_mode_scram)))) & ((in_mode_operation & (! inv2_holds)) -> (X in_mode_scram)))", + "ltl_original": "((G (((! ((control_mode = q_operation) & (! inv2_holds))) & (X ((control_mode = q_operation) & (! inv2_holds)))) -> (X (X (control_mode = q_scram))))) & (((control_mode = q_operation) & (! inv2_holds)) -> (X (control_mode = q_scram))))", + "condition_type": "regular" + }, + { + "req_id": "DRC_T005_SCRAM_TO_SHUTDOWN", + "fulltext": "Upon control_mode = q_scram & manual_reset DRC shall at the next timepoint satisfy control_mode = q_shutdown", + "project": "PWR_HYBRID_3", + "component": "DRC", + "ltl": "((G (((! (in_mode_scram & manual_reset)) & (X (in_mode_scram & manual_reset))) -> (X (X in_mode_shutdown)))) & ((in_mode_scram & manual_reset) -> (X in_mode_shutdown)))", + "ltl_original": "((G (((! ((control_mode = q_scram) & manual_reset)) & (X ((control_mode = q_scram) & manual_reset))) -> (X (X (control_mode = q_shutdown))))) & (((control_mode = q_scram) & manual_reset) -> (X (control_mode = q_shutdown))))", + "condition_type": "regular" + }, + { + "req_id": "DRC_S001_SHUTDOWN_STAY", + "fulltext": "Whenever control_mode = q_shutdown & !t_avg_above_min DRC shall at the next timepoint satisfy control_mode = q_shutdown", + "project": "PWR_HYBRID_3", + "component": "DRC", + "ltl": "(G ((in_mode_shutdown & (! t_avg_above_min)) -> (X in_mode_shutdown)))", + "ltl_original": "(G (((control_mode = q_shutdown) & (! t_avg_above_min)) -> (X (control_mode = q_shutdown))))", + "condition_type": "holding" + }, + { + "req_id": "DRC_S002_HEATUP_STAY", + "fulltext": "Whenever control_mode = q_heatup & inv1_holds & !(t_avg_in_range & p_above_crit) DRC shall at the next timepoint satisfy control_mode = q_heatup", + "project": "PWR_HYBRID_3", + "component": "DRC", + "ltl": "(G (((in_mode_heatup & inv1_holds) & (! (t_avg_in_range & p_above_crit))) -> (X in_mode_heatup)))", + "ltl_original": "(G ((((control_mode = q_heatup) & inv1_holds) & (! (t_avg_in_range & p_above_crit))) -> (X (control_mode = q_heatup))))", + "condition_type": "holding" + }, + { + "req_id": "DRC_S003_OPERATION_STAY", + "fulltext": "Whenever control_mode = q_operation & inv2_holds DRC shall at the next timepoint satisfy control_mode = q_operation ", + "project": "PWR_HYBRID_3", + "component": "DRC", + "ltl": "(G ((in_mode_operation & inv2_holds) -> (X in_mode_operation)))", + "ltl_original": "(G (((control_mode = q_operation) & inv2_holds) -> (X (control_mode = q_operation))))", + "condition_type": "holding" + }, + { + "req_id": "DRC_I001_INIT_SHUTDOWN", + "fulltext": "DRC shall immediately satisfy control_mode = q_shutdown", + "project": "PWR_HYBRID_3", + "component": "DRC", + "ltl": "in_mode_shutdown", + "ltl_original": "(control_mode = q_shutdown)", + "condition_type": "null" + } + ], + "structural_constraints": [ + { + "name": "mutex_control_mode", + "description": "Exactly one control_mode value active at all times", + "ltl": "G ((in_mode_heatup & (! in_mode_operation) & (! in_mode_scram) & (! in_mode_shutdown)) | ((! in_mode_heatup) & in_mode_operation & (! in_mode_scram) & (! in_mode_shutdown)) | ((! in_mode_heatup) & (! in_mode_operation) & in_mode_scram & (! in_mode_shutdown)) | ((! in_mode_heatup) & (! in_mode_operation) & (! in_mode_scram) & in_mode_shutdown))" + } + ], + "conjoined_ltl": "((G ((in_mode_scram & (! manual_reset)) -> (X in_mode_scram)))) & (((G (((! (in_mode_shutdown & t_avg_above_min)) & (X (in_mode_shutdown & t_avg_above_min))) -> (X (X in_mode_heatup)))) & ((in_mode_shutdown & t_avg_above_min) -> (X in_mode_heatup)))) & (((G (((! (((in_mode_heatup & t_avg_in_range) & p_above_crit) & inv1_holds)) & (X (((in_mode_heatup & t_avg_in_range) & p_above_crit) & inv1_holds))) -> (X (X in_mode_operation)))) & ((((in_mode_heatup & t_avg_in_range) & p_above_crit) & inv1_holds) -> (X in_mode_operation)))) & ((G (((in_mode_shutdown | in_mode_heatup) | in_mode_operation) | in_mode_scram))) & (((G (((! (in_mode_heatup & (! inv1_holds))) & (X (in_mode_heatup & (! inv1_holds)))) -> (X (X in_mode_scram)))) & ((in_mode_heatup & (! inv1_holds)) -> (X in_mode_scram)))) & (((G (((! (in_mode_operation & (! inv2_holds))) & (X (in_mode_operation & (! inv2_holds)))) -> (X (X in_mode_scram)))) & ((in_mode_operation & (! inv2_holds)) -> (X in_mode_scram)))) & (((G (((! (in_mode_scram & manual_reset)) & (X (in_mode_scram & manual_reset))) -> (X (X in_mode_shutdown)))) & ((in_mode_scram & manual_reset) -> (X in_mode_shutdown)))) & ((G ((in_mode_shutdown & (! t_avg_above_min)) -> (X in_mode_shutdown)))) & ((G (((in_mode_heatup & inv1_holds) & (! (t_avg_in_range & p_above_crit))) -> (X in_mode_heatup)))) & ((G ((in_mode_operation & inv2_holds) -> (X in_mode_operation)))) & (in_mode_shutdown) & (G ((in_mode_heatup & (! in_mode_operation) & (! in_mode_scram) & (! in_mode_shutdown)) | ((! in_mode_heatup) & in_mode_operation & (! in_mode_scram) & (! in_mode_shutdown)) | ((! in_mode_heatup) & (! in_mode_operation) & in_mode_scram & (! in_mode_shutdown)) | ((! in_mode_heatup) & (! in_mode_operation) & (! in_mode_scram) & in_mode_shutdown)))" +} \ No newline at end of file diff --git a/plant-model/CLAUDE.md b/plant-model/CLAUDE.md new file mode 100644 index 0000000..f8665b4 --- /dev/null +++ b/plant-model/CLAUDE.md @@ -0,0 +1,132 @@ +# CLAUDE.md + +Guidance for Claude Code (and any AI agent) working in this subdirectory. + +See also: the parent repo's `CLAUDE.md` (living-documentation rule — update +this file when new knowledge is created) and `claude_memory/` for session +notes that haven't yet earned a place here. + +## What this is + +A 10-state point kinetic equation (PKE) model of a PWR coupled with +lumped-parameter thermal-hydraulics, plus mode-specific continuous +controllers. Implements the *plant* and the *tactical* layer of the HAHACS +methodology — see `../thesis/3-research-approach/approach.tex` sections on +transitory, stabilizing, and expulsory modes. + +The model is being developed for hybrid-systems reachability analysis. The +end goal is barrier-certificate and reachability methods (in `../reachability/`) +to prove each continuous mode satisfies its obligations under bounded +`Q_sg(t)` variations. + +## Naming convention (thesis-aligned) + +Continuous state and control-theory notation matches the thesis: + +| Symbol | Meaning | +|---|---| +| `t` | time [s] | +| `x` | continuous state vector, `[n; C1..C6; T_f; T_c; T_cold]` | +| `plant` | parameter struct from `pke_params()` (was `p` — renamed to avoid collision with `p_i` predicates) | +| `u` | control input: external rod reactivity [dk/k] | +| `Q_sg` | bounded disturbance: SG heat removal [W], as a function handle `Q_sg(t)` | +| `ref` | reference/setpoint struct (e.g. `ref.T_avg`) | + +`T_avg = T_c` (algebraic alias); `T_hot = 2*T_c - T_cold` (linear coolant +profile assumption). + +## Running + +From inside MATLAB: + +```matlab +main % runs the default closed-loop scenario +``` + +From a terminal (figures appear as their own windows): + +```bash +matlab -nodesktop -nosplash -r "main" # drops at >> prompt; `exit` to quit +matlab -r "main" & # full IDE, backgrounded +matlab -batch "main" # headless sanity check (no figures shown) +``` + +`main.m` configures the scenario (plant, `Q_sg`, ref, tspan), picks a +controller, and calls `pke_solver`. Tested on MATLAB R2025b; works on any +MATLAB with `ode15s` (R2020b or newer). + +## Architecture + +``` +plant-model/ + pke_params.m plant parameters and derived steady state + pke_initial_conditions.m analytic equilibrium x0 from plant + pke_th_rhs.m dynamics: dx/dt = f(t, x, plant, Q_sg, u) + pke_solver.m closed-loop driver; takes a controller fn handle + plot_pke_results.m 4-panel results plot + load_profile.m canned Q_sg demand shapes + main.m entry point — scenario config + run + controllers/ + ctrl_null.m u = 0 (baseline, no feedback) + ctrl_operation.m stabilizing: P on T_avg + (future: ctrl_heatup, ctrl_scram, ctrl_shutdown) +``` + +**Controller contract:** + +```matlab +u = ctrl_(t, x, plant, ref) +``` + +Pure function. Returns scalar `u` (external rod reactivity in `dk/k`). All +four signature args are required even if unused — lets the solver swap +controllers by function handle without caring which one it is. + +**Solver contract:** + +```matlab +[t, X, U] = pke_solver(plant, Q_sg, ctrl_fn, ref, tspan) +``` + +Builds the closed-loop RHS internally, calls `ode15s`, then reconstructs the +control trajectory `U` by re-evaluating `ctrl_fn` at each returned time step. +For event-driven or hysteretic controllers, this reconstruction may miss +interior solver evaluations — revisit if / when that matters. + +## Key design decisions + +- **`Q_sg` is the disturbance, never an actuator.** Cold leg temperature is + a dynamic state resulting from SG heat removal — the reachability + formulation needs `Q_sg ∈ [Q_min, Q_max]` as a bounded disturbance, not a + control input. +- **`u` is explicit.** `pke_th_rhs` takes `u` directly instead of reading + `p.rho_ext(t)` from the params struct. This decouples plant from + controller and matches the thesis's `f(x, u)` formulation. +- **Controller gains live in the controller file.** Rough-out phase — we'll + lift to a config struct once we're tuning more than one mode. The gain + in `ctrl_operation` (`Kp = 1e-4 /K`) is chosen to roughly double the + effective moderator coefficient, not for precision tracking. +- **`ode15s` is required** because the system is stiff: `Lambda` (~10⁻⁴ s) + vs thermal time constants (~10–100 s). + +## Conventions + +- One function per file, each file has a single responsibility. +- Internal model uses SI (W, kg, °C); all printed/plotted temperatures in °F. +- Reference setpoints in SI (so `ref.T_avg` is in °C). +- Controllers are pure functions — no persistent state. If a mode ever + needs integral action, augment `x` rather than hiding state in globals. + +## For reachability work (next chapter) + +- `pke_th_rhs(t, x, plant, Q_sg, u)` is the `ẋ = f(x, u)` with `Q_sg` as the + disturbance `w`. For a given mode, substitute `u = ctrl_(t, x, plant, ref)` + to get the closed-loop `ẋ = f_cl(x, w)`. +- Linearize around `x0` from `pke_initial_conditions(plant)` for `A, B, B_w` + matrices when a linear reach set is enough. +- Safe regions come from the FRET spec's guards (see + `../fret-pipeline/specs/synthesis_config_v3.json`) — these define + `X_entry`, `X_exit`, `X_safe` per the thesis approach. +- Do NOT try to verify the whole hybrid system at once. Pick one mode, + compute its reach set, discharge the per-mode obligation. The + compositionality argument in the thesis is what makes this tractable. diff --git a/plant-model/README.md b/plant-model/README.md new file mode 100644 index 0000000..7d2901a --- /dev/null +++ b/plant-model/README.md @@ -0,0 +1,92 @@ +# plant-model + +PWR plant model (point kinetics + lumped thermal-hydraulics) and +mode-specific continuous controllers for the HAHACS preliminary example. + +## Overview + +A 10-state coupled neutronics + thermal-hydraulics model in MATLAB: + +- 6 delayed neutron precursor groups (U-235 thermal fission, Keepin) +- Lumped fuel, core coolant, and SG/cold-leg thermal nodes +- Steam generator heat removal `Q_sg(t)` as the bounded disturbance input +- Doppler and moderator temperature reactivity feedback +- External rod reactivity `u` as the controllable input + +State vector: `x = [n; C1..C6; T_f; T_c; T_cold]` (10 states). See +`CLAUDE.md` for the naming convention. + +## Quick Start + +Open MATLAB in this directory and run: + +```matlab +main +``` + +The default scenario runs two simulations of a 100% → 80% SG demand step: +once with `ctrl_null` (plant feedback only) and once with `ctrl_operation` +(proportional rod reactivity on T_avg error), and plots the comparison. + +## Files + +| File | Role | +|------|------| +| `main.m` | Entry point — scenario config and run | +| `pke_params.m` | Plant parameters and steady-state derivation | +| `pke_th_rhs.m` | Dynamics `ẋ = f(t, x, plant, Q_sg, u)` | +| `pke_initial_conditions.m` | Analytic steady-state `x0` | +| `pke_solver.m` | Closed-loop driver — takes a controller function handle | +| `plot_pke_results.m` | 4-panel results plot | +| `load_profile.m` | SG heat demand shapes | +| `controllers/ctrl_null.m` | `u = 0` baseline | +| `controllers/ctrl_operation.m` | Stabilizing mode: P on `T_avg` | + +## Controllers + +Controllers share a single signature: + +```matlab +u = ctrl_(t, x, plant, ref) +``` + +Returns scalar `u` (external rod reactivity in `dk/k`). The solver swaps +controllers via function handle: + +```matlab +[t, X, U] = pke_solver(plant, Q_sg, @ctrl_operation, ref, tspan); +``` + +Additional modes (`ctrl_heatup`, `ctrl_scram`, `ctrl_shutdown`) will land in +`controllers/` following the same signature. + +## Running Different Scenarios + +Swap `Q_sg` in `main.m`: + +```matlab +% Step down to 90% at t = 10s +Q_sg = @(t) plant.P0 * (1.0 - 0.1 * (t >= 10)); + +% Interpolated time series +t_data = [0, 100, 200, 300]; +q_data = [1.0, 0.85, 0.9, 1.0] * plant.P0; +Q_sg = @(t) interp1(t_data, q_data, t, 'linear', 'extrap'); +``` + +Swap the controller: + +```matlab +[t, X, U] = pke_solver(plant, Q_sg, @ctrl_null, [], tspan); +``` + +Change the reference (for modes that use one): + +```matlab +ref.T_avg = plant.T_c0 + 5; % track 5 C above nominal +``` + +## Requirements + +MATLAB (R2020b or newer, tested on R2025b). Uses `ode15s` from base MATLAB +— no toolboxes required. diff --git a/plant-model/context.md b/plant-model/context.md new file mode 100644 index 0000000..8fcef54 --- /dev/null +++ b/plant-model/context.md @@ -0,0 +1,88 @@ +# PKE Playground — LLM Context + +This document provides context for an LLM working on this codebase. It explains the model, design decisions, and where the project is headed. + +## What This Is + +A point kinetic equation (PKE) model coupled with lumped-parameter thermal-hydraulics, implemented in MATLAB/Octave. The model represents a simplified PWR (pressurized water reactor) core and primary loop. + +## Why It Exists + +This is a workable plant model being developed for **hybrid systems reachability analysis**. The end goal is to use barrier certificate methods to prove that under bounded variations in steam generator (SG) heat removal, the reactor stays within a defined safe operating region (bounded temperatures, power levels, etc.). + +The model needs to be: +- Physically motivated (not just a toy system) +- Clean and state-space oriented (explicit state vector, clear inputs/outputs) +- Structured so that `Q_sg(t)` is a bounded disturbance input for reachability tools + +## The Model + +### State Vector (10 states) + +``` +y = [n; C1; C2; C3; C4; C5; C6; T_f; T_c; T_cold] +``` + +- `n` — normalized neutron population (1.0 = nominal) +- `C1..C6` — six delayed neutron precursor group concentrations (Keepin U-235 thermal fission data) +- `T_f` — lumped fuel temperature [C] +- `T_c` — average core coolant temperature [C] +- `T_cold` — cold leg / SG outlet coolant temperature [C] + +### Algebraic Outputs + +- `T_hot = 2*T_c - T_cold` (linear coolant temperature profile through the core) +- `T_avg = T_c` + +### Equations + +**Neutronics:** +``` +dn/dt = (rho - beta) / Lambda * n + sum(lambda_i * C_i) +dC_i/dt = beta_i / Lambda * n - lambda_i * C_i +``` + +**Thermal-hydraulics (three lumped nodes):** +``` +M_f*c_f * dT_f/dt = P0*n - hA*(T_f - T_c) [fuel] +M_c*c_c * dT_c/dt = hA*(T_f - T_c) - 2*W*c_c*(T_c - T_cold) [core coolant] +M_sg*c_c * dT_cold/dt = W*c_c*(T_hot - T_cold) - Q_sg(t) [SG/cold leg] +``` + +**Reactivity feedback:** +``` +rho = rho_ext(t) + alpha_f*(T_f - T_f0) + alpha_c*(T_c - T_c0) +``` + +### Why Q_sg Is the Input (Not T_cold) + +In a real PWR, the steam generator removes heat from the primary loop based on secondary-side demand. The cold leg temperature is a *result* of that heat removal, not a boundary condition you get to set. Treating `Q_sg(t)` as the external input and letting `T_cold` be a dynamic state is physically correct and maps naturally to the reachability problem: "given that SG demand is somewhere in [Q_min, Q_max], what states can the reactor reach?" + +### Why T_hot = 2*T_c - T_cold + +This comes from the linear coolant temperature profile assumption through the core. If coolant enters at `T_cold` and exits at `T_hot`, and the average is `T_c`, then `T_c = (T_hot + T_cold) / 2`, so `T_hot = 2*T_c - T_cold`. This avoids needing a separate hot leg state while still tracking both temperatures. + +### Why ode15s + +The PKE system is stiff. The prompt neutron generation time `Lambda` (~10^-4 s) is orders of magnitude smaller than the thermal time constants (~10-100 s) and precursor decay constants (~0.01-3 s^-1). An explicit solver would need extremely small timesteps; `ode15s` handles this naturally. + +## File Structure + +Each file has one purpose: + +| File | Purpose | +|------|---------| +| `pke_solver.m` | Main driver script — scenario config, solve, print | +| `pke_params.m` | All plant parameters and steady-state derivation | +| `pke_th_rhs.m` | ODE right-hand side `f(t, y)` — this is the dynamics | +| `pke_initial_conditions.m` | Analytic steady-state initial condition | +| `load_profile.m` | SG heat demand time series (swappable) | +| `plot_pke_results.m` | 4-panel results plotting | + +## For Future Reachability Work + +- `pke_th_rhs.m` is your `dx/dt = f(x, w)` where `w = Q_sg` +- Linearize around the steady state from `pke_params.m` to get `A`, `B` matrices +- The safe region will be a polytope or sublevel set on `[n, T_f, T_hot, T_cold]` (or a subset) +- `Q_sg` is the bounded disturbance: `Q_sg in [Q_min, Q_max]` around `P0` +- Barrier certificate `B(x)` would certify that trajectories starting in the safe set stay there for all admissible `Q_sg(t)` diff --git a/plant-model/controllers/ctrl_null.m b/plant-model/controllers/ctrl_null.m new file mode 100644 index 0000000..8f774e3 --- /dev/null +++ b/plant-model/controllers/ctrl_null.m @@ -0,0 +1,13 @@ +function u = ctrl_null(t, x, plant, ref) +% CTRL_NULL No-op controller. Returns u = 0. +% +% Use for unforced-plant simulations (feedback-only response to Q_sg) or +% as a baseline to compare against closed-loop modes. +% +% Signature matches all other controllers: +% u = ctrl_(t, x, plant, ref) +% so it can be dropped into pke_solver as a function handle. + + u = 0; + +end diff --git a/plant-model/controllers/ctrl_operation.m b/plant-model/controllers/ctrl_operation.m new file mode 100644 index 0000000..2090bb8 --- /dev/null +++ b/plant-model/controllers/ctrl_operation.m @@ -0,0 +1,31 @@ +function u = ctrl_operation(t, x, plant, ref) +% CTRL_OPERATION Stabilizing mode controller: hold T_avg at ref.T_avg. +% +% Proportional feedback on external reactivity (rod worth) driven by +% temperature error: +% u = Kp * (ref.T_avg - T_avg) +% +% Sign check: when T_avg > ref.T_avg, error < 0, u < 0 → rods insert, +% power drops, T_avg falls. Correct polarity for a PWR. +% +% Gain Kp is a rough-out value. Scale reasoning: +% - alpha_c ~ -1e-4 /K means the moderator already supplies 1e-4/K of +% restoring reactivity per Kelvin of temperature error. +% - Kp = 1e-4 /K roughly doubles the effective moderator coefficient — +% it damps transients without overwhelming the intrinsic feedback. +% - Real PWR rod controllers use much smaller gains with a deadband. +% We can retune or switch to PI once we care about steady-state offset. +% +% Inputs: +% t - time [s] (unused in this controller, kept for signature) +% x - state vector (10 x 1) +% plant - parameter struct (unused here; reserved for future gain-scheduling) +% ref - struct with field .T_avg = target average coolant temperature [C] + + Kp = 1e-4; % [dk/k per K] + + T_avg = x(9); + e = ref.T_avg - T_avg; + u = Kp * e; + +end diff --git a/plant-model/load_profile.m b/plant-model/load_profile.m new file mode 100644 index 0000000..989bebd --- /dev/null +++ b/plant-model/load_profile.m @@ -0,0 +1,26 @@ +function f = load_profile(t) +% LOAD_PROFILE Returns fractional SG heat demand at time t. +% +% Output is in [0, 1] where 1.0 = 100% of nominal power P0. +% Multiply by P0 to get Q_sg in watts: Q_sg = @(t) P0 * load_profile(t) +% +% Default profile (load-following): +% 0 - 30s: hold at 100% +% 30 - 130s: ramp 100% -> 80% +% 130 - 350s: hold at 80% +% 350 - 450s: ramp 80% -> 100% +% 450+: hold at 100% + + if t < 30 + f = 1.0; + elseif t < 130 + f = 1.0 - 0.2 * (t - 30) / 100; + elseif t < 350 + f = 0.8; + elseif t < 450 + f = 0.8 + 0.2 * (t - 350) / 100; + else + f = 1.0; + end + +end diff --git a/plant-model/main.m b/plant-model/main.m new file mode 100644 index 0000000..113473a --- /dev/null +++ b/plant-model/main.m @@ -0,0 +1,50 @@ +%% main.m — closed-loop entry point +% +% Scenario: a 100% → 80% SG demand step. Compare the plant's intrinsic +% feedback response (ctrl_null) against the stabilizing operation-mode +% controller (ctrl_operation) holding T_avg at the nominal setpoint. +% +% Controller signature (thesis naming): +% u = ctrl_(t, x, plant, ref) +% where x is the continuous state vector and u is the external rod reactivity. + +clear; clc; close all; +addpath('controllers'); + +%% ===== Plant ===== +plant = pke_params(); + +%% ===== Scenario ===== + +% SG heat removal: step down to 80% at t = 30s, hold. +Q_sg = @(t) plant.P0 * (1.0 - 0.2 * (t >= 30)); + +% Reference for the operation-mode controller. +ref = struct(); +ref.T_avg = plant.T_c0; % hold T_avg at steady-state value + +% Simulation window. +tspan = [0, 600]; + +%% ===== Baseline: unforced feedback response ===== +fprintf('\n----- Run 1: ctrl_null (plant feedback only) -----\n'); +[t1, X1, U1] = pke_solver(plant, Q_sg, @ctrl_null, [], tspan); + +%% ===== Closed loop: operation mode ===== +fprintf('\n----- Run 2: ctrl_operation (P on T_avg) -----\n'); +[t2, X2, U2] = pke_solver(plant, Q_sg, @ctrl_operation, ref, tspan); + +%% ===== Plots ===== +plot_pke_results(t1, X1, U1, plant, Q_sg, 'ctrl_null (baseline)'); +plot_pke_results(t2, X2, U2, plant, Q_sg, 'ctrl_operation (P on T_avg)'); + +%% ===== Quick comparison figure ===== +CtoF = @(T) T*9/5 + 32; +figure('Position', [100 50 1000 450], 'Name', 'T_avg comparison'); +plot(t1, CtoF(X1(:,9)), 'b-', 'LineWidth', 1.5); hold on; +plot(t2, CtoF(X2(:,9)), 'r-', 'LineWidth', 1.5); +yline(CtoF(plant.T_c0), 'k--', 'LineWidth', 1.0); +xlabel('Time [s]'); ylabel('T_{avg} [F]'); +legend('ctrl\_null', 'ctrl\_operation', 'setpoint', 'Location', 'best'); +title('T_{avg} tracking: baseline vs stabilizing controller'); +grid on; diff --git a/plant-model/pke_initial_conditions.m b/plant-model/pke_initial_conditions.m new file mode 100644 index 0000000..74573fa --- /dev/null +++ b/plant-model/pke_initial_conditions.m @@ -0,0 +1,12 @@ +function x0 = pke_initial_conditions(plant) +% PKE_INITIAL_CONDITIONS Steady-state initial condition vector. +% +% Returns x0 = [n0; C1..C6; T_f0; T_c0; T_cold0] (10 x 1) +% Precursor concentrations are the analytic equilibrium values at n = 1. + + n0 = 1.0; + C0 = (plant.beta_i ./ (plant.lambda_i * plant.Lambda)) * n0; + + x0 = [n0; C0; plant.T_f0; plant.T_c0; plant.T_cold0]; + +end diff --git a/plant-model/pke_params.m b/plant-model/pke_params.m new file mode 100644 index 0000000..1d6b85b --- /dev/null +++ b/plant-model/pke_params.m @@ -0,0 +1,86 @@ +function p = pke_params() +% PKE_PARAMS Returns the parameter struct for the coupled PKE + T/H model. +% +% All plant parameters, kinetic data, and steady-state conditions live here. +% Modify this file to change the reactor you're modeling. + + p = struct(); + + % --- Neutronics --- + % Prompt neutron generation time for a typical PWR with enriched UO2 fuel + % and a water-moderated thermal spectrum. Literature range: 1e-5 to 5e-4 s; + % 1e-4 is a standard mid-range value (Duderstadt & Hamilton, Ch. 6). + p.Lambda = 1e-4; % prompt neutron generation time [s] + + % 6-group delayed neutron data for U-235 thermal fission (Keepin et al., + % Phys. Rev. 107, 1957). These are the canonical values used in virtually + % all PKE models. Total beta_eff ~ 650 pcm. + p.beta_i = [0.000215; 0.001424; 0.001274; 0.002568; 0.000748; 0.000273]; + p.lambda_i = [0.0124; 0.0305; 0.111; 0.301; 1.14; 3.01]; + p.beta = sum(p.beta_i); + + % --- Thermal-hydraulic --- + % 1000 MWth is a round number representative of a 2-loop PWR (e.g., + % Westinghouse 2-loop class). Actual plants range ~1800-3400 MWth for + % 2-loop to 4-loop designs. + p.P0 = 1000e6; % nominal thermal power [W] + + % Fuel mass: representative of total UO2 inventory in the core. + % A typical 4-loop PWR has ~100,000 kg UO2; scaled down for 1000 MWth. + p.M_f = 50000; % fuel mass [kg] + + % UO2 specific heat at operating temperatures (~400-800 C). Published + % values range 250-350 J/kg-K (MATPRO / Fink correlation); 300 is a + % standard lumped value for transient analysis. + p.c_f = 300; % fuel specific heat [J/kg-K] + + % Coolant mass in the core region. Based on core volume fraction of + % water in a PWR (~40% moderator-to-fuel ratio) and active core volume. + p.M_c = 20000; % coolant mass in core [kg] + + % Pressurized water specific heat at ~15.5 MPa, ~300 C. NIST/IAPWS + % gives cp ~ 5.4-5.5 kJ/kg-K in this range. + p.c_c = 5450; % coolant specific heat [J/kg-K] + + % Lumped fuel-to-coolant heat transfer coefficient x area. Chosen so that + % the steady-state fuel-to-coolant dT = P0/hA = 20 C, which is in the + % right ballpark for the average pellet-to-bulk-coolant temperature drop + % in a lumped single-node fuel model. + p.hA = 5e7; % fuel-to-coolant heat transfer coeff * area [W/K] + + % Primary coolant mass flow rate. Typical PWR: ~4000-6000 kg/s per loop. + % 5000 kg/s gives core dT = P0/(W*c_c) ~ 36.7 C, consistent with a + % ~35-38 C core rise in operating PWRs. + p.W = 5000; % coolant mass flow rate [kg/s] + + % Coolant mass in SG + hot/cold leg piping. Represents the ex-core primary + % inventory that participates in the loop transport delay. Larger than M_c + % because the SG tubes and piping hold significant volume. + p.M_sg = 30000; % coolant mass in SG + hot/cold leg piping [kg] + + % --- Reactivity feedback coefficients --- + % Doppler coefficient: fuel temperature feedback, predominantly from + % U-238 resonance broadening. Typical BOL range: -2 to -3 pcm/K + % (Todreas & Kazimi). -2.5 pcm/K is a standard mid-cycle value. + p.alpha_f = -2.5e-5; % fuel (Doppler) [dk/k per K] + + % Moderator temperature coefficient: captures water density change with + % temperature and its effect on neutron moderation/absorption. Typical + % range: -5 to -50 pcm/K depending on boron concentration and burnup. + % -10 pcm/K is moderate (mid-cycle, moderate boron). + p.alpha_c = -1.0e-4; % coolant (moderator) [dk/k per K] + + % --- Steady-state (derived from energy balance at P0, n=1) --- + % Q_sg = P0, all dT/dt = 0 + % T_hot - T_cold = P0 / (W*c_c) + % T_c = (T_hot + T_cold) / 2 + % T_f = T_c + P0 / hA + % Cold leg temperature of 290 C (554 F) is typical for a PWR at full + % power (Westinghouse plants: ~288-293 C depending on design). + p.T_cold0 = 290; % inlet coolant [C] + p.dT_core = p.P0 / (p.W * p.c_c); % core delta-T [C] + p.T_hot0 = p.T_cold0 + p.dT_core; + p.T_c0 = (p.T_hot0 + p.T_cold0) / 2; % avg coolant [C] + p.T_f0 = p.T_c0 + p.P0 / p.hA; % fuel [C] + +end diff --git a/plant-model/pke_solver.m b/plant-model/pke_solver.m new file mode 100644 index 0000000..d499ad2 --- /dev/null +++ b/plant-model/pke_solver.m @@ -0,0 +1,60 @@ +function [t, X, U] = pke_solver(plant, Q_sg, ctrl_fn, ref, tspan) +% PKE_SOLVER Solve the coupled PKE + T/H system in closed loop with a mode controller. +% +% Inputs: +% plant - parameter struct from pke_params() +% Q_sg - function handle Q_sg(t) returning SG heat removal [W] +% ctrl_fn - function handle u = ctrl_fn(t, x, plant, ref) +% ref - struct of per-mode setpoints (e.g. ref.T_avg); [] if unused +% tspan - [t_start, t_end] in seconds +% +% Outputs: +% t - time vector (M x 1) from the ODE solver +% X - state matrix (M x 10): columns are [n, C1..C6, T_f, T_c, T_cold] +% U - control input trajectory (M x 1): u evaluated at each (t(k), X(k,:)) + + CtoF = @(T) T * 9/5 + 32; + + %% ===== Print Steady-State ===== + fprintf('=== Steady-State Conditions ===\n'); + fprintf(' beta = %.5f (%.1f pcm)\n', plant.beta, plant.beta*1e5); + fprintf(' Lambda = %.1e s\n', plant.Lambda); + fprintf(' P0 = %.0f MWth\n', plant.P0/1e6); + fprintf(' T_cold = %.1f F\n', CtoF(plant.T_cold0)); + fprintf(' T_avg = %.1f F\n', CtoF(plant.T_c0)); + fprintf(' T_hot = %.1f F\n', CtoF(plant.T_hot0)); + fprintf(' T_fuel = %.1f F\n', CtoF(plant.T_f0)); + fprintf(' Core dT = %.1f F\n', plant.dT_core * 9/5); + fprintf('================================\n\n'); + + %% ===== Solve closed-loop ===== + x0 = pke_initial_conditions(plant); + options = odeset('RelTol', 1e-8, 'AbsTol', 1e-10); + + rhs = @(t, x) pke_th_rhs(t, x, plant, Q_sg, ctrl_fn(t, x, plant, ref)); + [t, X] = ode15s(rhs, tspan, x0, options); + + %% ===== Reconstruct control trajectory ===== + M = length(t); + U = zeros(M, 1); + for k = 1:M + U(k) = ctrl_fn(t(k), X(k,:).', plant, ref); + end + + %% ===== Print Final State ===== + n = X(end, 1); T_f = X(end, 8); T_c = X(end, 9); T_cold = X(end, 10); + T_hot = 2*T_c - T_cold; + rho_tot = U(end) ... + + plant.alpha_f*(T_f - plant.T_f0) ... + + plant.alpha_c*(T_c - plant.T_c0); + + fprintf('=== Final State (t = %.0f s) ===\n', t(end)); + fprintf(' Power = %.1f MWth (%.3f x nominal)\n', n*plant.P0/1e6, n); + fprintf(' T_fuel = %.1f F\n', CtoF(T_f)); + fprintf(' T_hot = %.1f F\n', CtoF(T_hot)); + fprintf(' T_avg = %.1f F\n', CtoF(T_c)); + fprintf(' T_cold = %.1f F\n', CtoF(T_cold)); + fprintf(' u = %.4f $ (external reactivity from controller)\n', U(end)/plant.beta); + fprintf(' rho = %.4f $ (total, incl. T-feedback)\n', rho_tot/plant.beta); + +end diff --git a/plant-model/pke_th_rhs.m b/plant-model/pke_th_rhs.m new file mode 100644 index 0000000..f109224 --- /dev/null +++ b/plant-model/pke_th_rhs.m @@ -0,0 +1,49 @@ +function dxdt = pke_th_rhs(t, x, plant, Q_sg, u) +% PKE_TH_RHS ODE right-hand side for coupled PKE + thermal-hydraulics. +% +% State x = [n; C1..C6; T_f; T_c; T_cold] (10 x 1) +% +% Inputs: +% t - time [s] +% x - continuous state vector (10 x 1) +% plant - parameter struct from pke_params() +% Q_sg - function handle Q_sg(t) returning SG heat removal [W] +% u - external reactivity (rod worth) [dk/k], scalar +% +% The controller is responsible for computing u; this function treats u +% as a given input. Q_sg is the bounded disturbance. + + n = x(1); + C = x(2:7); + T_f = x(8); + T_c = x(9); + T_cold = x(10); + T_hot = 2 * T_c - T_cold; + + Q_sg_val = Q_sg(t); + + % --- Reactivity with feedback --- + % rho = u + alpha_f*(T_f - T_f0) + alpha_c*(T_c - T_c0) + rho = u ... + + plant.alpha_f * (T_f - plant.T_f0) ... + + plant.alpha_c * (T_c - plant.T_c0); + + % --- Neutronics --- + dndt = (rho - plant.beta) / plant.Lambda * n + plant.lambda_i' * C; + dCdt = (plant.beta_i / plant.Lambda) * n - plant.lambda_i .* C; + + % --- Thermal-hydraulics --- + % Fuel node: fission power in, heat transfer to coolant out + dTf_dt = (plant.P0 * n - plant.hA * (T_f - T_c)) / (plant.M_f * plant.c_f); + + % Core coolant: heat from fuel in, bulk enthalpy flow out + dTc_dt = (plant.hA * (T_f - T_c) - 2*plant.W*plant.c_c*(T_c - T_cold)) ... + / (plant.M_c * plant.c_c); + + % SG/loop node: hot leg enthalpy in, SG heat removal out + dTcold_dt = (plant.W * plant.c_c * (T_hot - T_cold) - Q_sg_val) ... + / (plant.M_sg * plant.c_c); + + dxdt = [dndt; dCdt; dTf_dt; dTc_dt; dTcold_dt]; + +end diff --git a/plant-model/plot_pke_results.m b/plant-model/plot_pke_results.m new file mode 100644 index 0000000..020712c --- /dev/null +++ b/plant-model/plot_pke_results.m @@ -0,0 +1,76 @@ +function plot_pke_results(t, X, U, plant, Q_sg, plot_title) +% PLOT_PKE_RESULTS Standard 4-panel plot of PKE + T/H simulation results. +% +% Inputs: +% t - time vector from ODE solver +% X - state matrix (M x 10): [n, C1..C6, T_f, T_c, T_cold] +% U - control input trajectory (M x 1): scalar u at each time +% plant - parameter struct from pke_params() +% Q_sg - function handle Q_sg(t) used in the simulation +% plot_title - (optional) string used in the figure name and first subplot + + if nargin < 6 || isempty(plot_title) + plot_title = 'PKE + T/H closed-loop'; + end + + % --- Extract states --- + n = X(:, 1); + T_f = X(:, 8); + T_c = X(:, 9); + T_cold = X(:, 10); + T_hot = 2 * T_c - T_cold; + + % --- Convert temperatures to Fahrenheit for display --- + CtoF = @(T) T * 9/5 + 32; + T_f_F = CtoF(T_f); + T_c_F = CtoF(T_c); + T_cold_F = CtoF(T_cold); + T_hot_F = CtoF(T_hot); + + % --- Derived quantities --- + power_MW = n * plant.P0 / 1e6; + Q_sg_MW = arrayfun(Q_sg, t) / 1e6; + + rho_fb = plant.alpha_f * (T_f - plant.T_f0) + plant.alpha_c * (T_c - plant.T_c0); + rho_tot = U + rho_fb; + + % --- Plot --- + figure('Position', [100 50 1000 950], 'Name', plot_title); + + % Power & SG demand + subplot(4, 1, 1); + plot(t, power_MW, 'b-', 'LineWidth', 1.5); hold on; + plot(t, Q_sg_MW, 'r--', 'LineWidth', 1.2); + xlabel('Time [s]'); ylabel('Power [MW_{th}]'); + legend('Reactor Power', 'Q_{sg}', 'Location', 'east'); + title(sprintf('%s — Power and SG Heat Demand', plot_title)); + grid on; + + % Reactivity: controller u, feedback, total + subplot(4, 1, 2); + plot(t, U / plant.beta, 'k-', 'LineWidth', 1.5); hold on; + plot(t, rho_fb / plant.beta, 'b-.', 'LineWidth', 1.2); + plot(t, rho_tot / plant.beta, 'm:', 'LineWidth', 1.5); + xlabel('Time [s]'); ylabel('\rho [$]'); + legend('u (controller)', 'Feedback', 'Total', 'Location', 'east'); + title('Reactivity'); + grid on; + + % Coolant temperatures + subplot(4, 1, 3); + plot(t, T_hot_F, 'r-', 'LineWidth', 1.5); hold on; + plot(t, T_c_F, 'm--', 'LineWidth', 1.2); + plot(t, T_cold_F, 'b-', 'LineWidth', 1.5); + xlabel('Time [s]'); ylabel('Temperature [F]'); + legend('T_{hot}', 'T_{avg}', 'T_{cold}', 'Location', 'east'); + title('Coolant Temperatures'); + grid on; + + % Fuel temperature + subplot(4, 1, 4); + plot(t, T_f_F, 'Color', [0.85 0.33 0.1], 'LineWidth', 1.5); + xlabel('Time [s]'); ylabel('Temperature [F]'); + title('Fuel Temperature'); + grid on; + +end diff --git a/presentations/2026DICE b/presentations/2026DICE new file mode 160000 index 0000000..bb00a94 --- /dev/null +++ b/presentations/2026DICE @@ -0,0 +1 @@ +Subproject commit bb00a946f828176b76858d8f3774723f6bd77292 diff --git a/thesis b/thesis new file mode 160000 index 0000000..e9ed9e2 --- /dev/null +++ b/thesis @@ -0,0 +1 @@ +Subproject commit e9ed9e252ea2ee74bbef3019d17e92e7bf164bf9