in railcab-trans-old.maude fmod LOCATION-NEW is ex LOCATION . --- newly added op appCross : -> Location . endfm fmod MSG-NEW is ex MSG . --- newly added op chkMsg : -> Msg . op gateMsg : Bool -> Msg . endfm view VMSG-NEW from TRIV to MSG-NEW is sort Elt to Msg . endv fmod QUEUEMSG-NEW is pr QUEUE{VMSG-NEW}* (sort Queue{VMSG-NEW} to QMsgNew, op _&_ to _&&_, op empty to emptyNew) . op resp-n : QMsgNew -> Bool . eq resp-n(emptyNew) = false . var NW : QMsgNew . eq resp-n(respMsg(S:Signal) && NW) = true . eq resp-n(passed && NW) = false . eq resp-n(reqMsg && NW) = false . eq resp-n(chkMsg && NW) = false . eq resp-n(gateMsg(B:Bool) && NW) = false . op respG : QMsgNew -> Bool . eq respG(emptyNew) = false . eq respG(respMsg(S:Signal) && NW) = false . eq respG(passed && NW) = false . eq respG(reqMsg && NW) = false . eq respG(chkMsg && NW) = false . eq respG(gateMsg(B:Bool) && NW) = true . endfm fmod LABEL-NEW is ex LABEL . --- newly added ops s5 : -> Label . endfm mod RAILCAB-NEW is pr LOCATION-NEW . pr STATUS . pr LABEL-NEW . pr SIGNAL . pr QUEUEMSG-NEW . sort NewState . op _,_ : NewState NewState -> NewState [comm assoc] . op loc-n:_ : Location -> NewState [ctor] . op channel1-n:_ : QMsgNew -> NewState [ctor] . op channel2-n:_ : QMsgNew -> NewState [ctor] . op rStatus-n:_ : Status -> NewState [ctor] . op conLoc-N:_ : Label -> NewState [ctor] . op gate-n:_ : Bool -> NewState [ctor] . op pass-n:_ : Signal -> NewState [ctor] . --- newly added op appResult:_ : Signal -> NewState [ctor] . op init-n : -> NewState . var NW : QMsgNew . vars B B' : Bool . vars S S' : Signal . var ST : Status . --- modified (a new component is added) eq init-n = (loc-n: endOfTS), (rStatus-n: running), (pass-n: unknown), (channel1-n: emptyNew), (channel2-n: emptyNew), (conLoc-N: s1), (gate-n: false), (appResult: unknown) . --- modified (after sending request, it goes to appCross not in lastBrake) rl [sendReq] : (loc-n: endOfTS), (channel1-n: NW) => (loc-n: appCross), (channel1-n: (reqMsg && NW)) . --- newly added (to send a check gate-n status message at appCross location) rl [sendApp] : (loc-n: appCross), (channel1-n: NW) => (loc-n: lastBrake), (channel1-n: (chkMsg && NW)) . rl [recResp] : (channel2-n: (NW && respMsg(S))), (pass-n: S') => (channel2-n: NW), (pass-n: S) . --- newly added two rlitions (to receive gate-n status message) rl [recApp1] : (channel2-n: (NW && gateMsg(true))), (appResult: S') => (channel2-n: NW), (appResult: grant) . rl [recApp2] : (channel2-n: (NW && gateMsg(false))), (appResult: S') => (channel2-n: NW), (appResult: reject) . rl [brake] : (rStatus-n: running), (loc-n: lastBrake), (pass-n: reject) => (rStatus-n: braked), (loc-n: lastBrake), (pass-n: reject) . --- another case of braking rl [brake] : (rStatus-n: running), (loc-n: lastBrake), (appResult: reject) => (rStatus-n: braked), (loc-n: lastBrake), (appResult: reject) . --- modified rl [move2LEB1] : (rStatus-n: running), (loc-n: lastBrake), (pass-n: grant), (appResult: grant) => (rStatus-n: running), (loc-n: leBrake), (pass-n: grant), (appResult: grant) . rl [move2LEB2] : (rStatus-n: running), (loc-n: lastBrake), (pass-n: unknown), (appResult: grant) => (rStatus-n: running), (loc-n: leBrake), (pass-n: unknown), (appResult: grant) . --- newly added (to another cases when a railCab can enter leBrake), rl [move2LEB1] : (rStatus-n: running), (loc-n: lastBrake), (pass-n: grant), (appResult: unknown) => (rStatus-n: running), (loc-n: leBrake), (pass-n: grant), (appResult: unknown) . rl [move2LEB2] : (rStatus-n: running), (loc-n: lastBrake), (pass-n: unknown), (appResult: unknown) => (rStatus-n: running), (loc-n: leBrake), (pass-n: unknown), (appResult: unknown) . rl [eBrake1] : (rStatus-n: running), (loc-n: leBrake), (pass-n: reject) => (rStatus-n: eBraked), (loc-n: leBrake), (pass-n: reject) . --- case 2 : if no response message in the network crl [eBrake2] : (rStatus-n: running), (loc-n: leBrake), (pass-n: unknown), (channel2-n: NW) => (rStatus-n: eBraked), (loc-n: leBrake), (pass-n: unknown), (channel2-n: NW) if not resp-n(NW) . --- newly added (another two cases of emergency brake) rl [eBrake3] : (rStatus-n: running), (loc-n: leBrake), (appResult: reject) => (rStatus-n: eBraked), (loc-n: leBrake), (appResult: reject) . crl [eBrake4] : (rStatus-n: running), (loc-n: leBrake), (appResult: unknown), (channel2-n: NW) => (rStatus-n: eBraked), (loc-n: leBrake), (appResult: unknown), (channel2-n: NW) if not respG(NW) . --- move to the section where brake cannot be allowed --- modified (a new condition is added) rl [move2nr] : (rStatus-n: running), (loc-n: leBrake), (pass-n: grant), (appResult: grant) => (rStatus-n: running), (loc-n: noReturn), (pass-n: grant), (appResult: grant) . --- pass-n rl [pass-n] : (loc-n: noReturn) => (loc-n: opposite) . rl [sendPass] : (loc-n: opposite), (channel1-n: NW), (pass-n: S), (appResult: S') => (pass-n: unknown), (appResult: unknown), (loc-n: endOfTS), (channel1-n: (passed && NW)) . --- newly added (to switch from brake to running, this happens when --- the railCab receives message after being braked) rl [toRun1] : (rStatus-n: braked), (pass-n: grant), (appResult: grant) => (rStatus-n: running), (pass-n: grant), (appResult: grant) . rl [toRun2] : (rStatus-n: eBraked), (pass-n: grant), (appResult: grant) => (rStatus-n: running), (pass-n: grant), (appResult: grant) . --- behavior of controller --- get the request message rl [recReq] : (conLoc-N: s1), (channel1-n: (NW && reqMsg)) => (conLoc-N: s2), (channel1-n: NW) . --- send response, if gate-n B is true (closed), the requesting railCab cannot pass-n rl [sendResp1] : (conLoc-N: s2), (channel2-n: NW), (gate-n: true) => (conLoc-N: s1), (gate-n: true), (channel2-n: (respMsg(reject) && NW)) . rl [sendResp2] : (conLoc-N: s2), (channel2-n: NW), (gate-n: false) => (conLoc-N: s3), (channel2-n: (respMsg(grant) && NW)), (gate-n: false) . --- rl [closeGate-N] : (conLoc-N: s3), (gate-n: B) => (conLoc-N: s1), (gate-n: true) . rl [getPass-N] : (conLoc-N: s1), (channel1-n: (NW && passed)) => (conLoc-N: s4), (channel1-n: NW) . rl [open] : (conLoc-N: s4), (gate-n: B) => (conLoc-N: s1), (gate-n: false) . --- newly added rl [recAppMsg] : (conLoc-N: s1), (channel1-n: (NW && chkMsg)) => (conLoc-N: s5), (channel1-n: NW) . rl [sendAppVal] : (conLoc-N: s5), (channel2-n: NW), (gate-n: B) => (conLoc-N: s1), (channel2-n: (gateMsg(B) && NW)), (gate-n: B) . endm eof search init-n =>* (loc-n: noReturn), (gate-n: true), S:NewState . search init-n =>* (loc-n: noReturn), (channel1-n: NW), S:NewState such that not (NW = emptyNew) .