Train Gate System A one-directional railway track crosses a road A gate at the crossing may be lowered or raised under computer control A short distance from the crossing a sensor detects entering trains A short distance from the crossing a sensor detects leaving trains.
Physical Requirements The gate must be closed whenever there are trains in the area The gate must be kept open when there are no trains in the area
Timing Requirements The arriving trains have an average inter- arrival period, avgP The gate takes z time units to close (or open).
Simulation Outputs Trace of events Performance measures –Number of trains serviced –Worst reaction time –Worst response time –Number of deadlines missed: Gate opening/closing Communication timeouts
Train Control A physical safety requirement of the system is that the gate is closed whenever there are trains in the area The physical liveness requirement is to keep the gate open if there are no trains in the area The controller C controls the gate with the openg (og) and closeg (cg) commands.
Timeouts Activity timeouts Communications timeout
Activity Timeouts The Gate takes a maximum of z time units to close or to open The controller process normally waits for the Gate to open or close If the Gate takes longer than the maximum allocated time, the controller flags a timeout for the gate and triggers an alarm
Communication Timeouts The real-time systems uses synchronous communications In the normal case, one of the processes, either the sender or the receiver, will wait for the other to establish the communication A communication timer object will interrupt a process attempting to communicate, on timeout.
Sequence Diagram for Train Arrival
Main Class Diagram
Train Gate System Communication Diagram
Entry Sensor
Revised Entry sensor
Exit Sensor
Revised Exit Sensor
Monitor
Revised Monitor
Controller Process
Revised Controller Process
Gate Process
Revised Gate