### Review of Task 1.

- Be careful to specify:
  - Safety properties
  - Liveness properties
  - Use cases: queries that express that expected behaviour is possible
- Seems Uppaal has two undocumented features:
  - Invariant: conjunction of
  - manual: clock-free expressions or clock-restrictions
    - tool: clock-free expressions or
      - (clock-free expressions implying clock-restrictions)
    - Committed Initial States
  - manual: Deadlock
    - tool: Possibility of initializing system



# Modeling Task 2 - the I<sup>2</sup>C bus

- The full name is Inter-Integrated Circuit bus.
- Multi-master bus: several chips may try to write at the same time.
- Slow bus: 400kHz maximum.
- Simple 2-wire design:
  - SDA carries Data and Address bits SCL carries CLock info for synchronizing
- Wires are high in passive state and can be pulled low by any device.



## The scenario to model

- Two masters trying to write a single byte to two slaves.
- Verify that both messages always arrive intact.



### Practical issues.

- State space explosion is a real danger.
- A working model is needed not a full implementation of the standard.
- Forget about the R/W bit.
- Forget about the acknowledgement.



# Elevator System

- One car
- N floors
- up/down buttons on each floor (Except top/bottom floor.)
- floor buttons in the car
- each button has a light built in
- the floors have additional light telling if the elevator will be going up or down

Task: write a full set of queries for an elevator.

