cmsc 838p, spring 2006: Elevator specification assignment

Please specify the following system in two different ways: statecharts and SCR-style tables. Then compare and contrast the two approaches.

If you find the following description of the elevator control system ambiguous or confusing, well, that's the problem with using standard English prose for requirements! When unsure what to do, just use your best judgment. Your goal is to specify the guarantees you would like the elevator control system to offer you regarding elevator service.

A Lift Control System, by Guindon and Curtis

An N-lift system is to be installed in a building with M floors. The lifts and the control mechanism are supplied by a manufacturer. The internal mechanisms of these are assumed (given) in this problem.

DESIGN THE LOGIC TO MOVE LIFTS BETWEEN FLOORS IN THE BUILDING:

1. Each lift has a set of buttons, 1 button for each floor. These illuminate when pressed and cause the lift to visit the corresponding floor. The illumination is canceled when the corresponding floor is visited (i.e., stopped at) by the lift.
2. Each floor has 2 buttons (except ground and top), one to request an up-lift and one to request a down-lift. These buttons illuminate when pressed. The buttons are canceled when a lift visits the floor with no requests outstanding.
   In the latter case, if both floor request buttons are illuminated, only 1 should be canceled. The algorithm used to decide which to service first should minimize the waiting time for both requests.
3. When a lift has no requests to service, it should remain at its final destination with its doors closed and await further requests (or model a "holding" floor).
4. All requests for lifts from floors must be serviced eventually, with all floors given equal priority.
5. All requests for floors within lifts must be serviced eventually, with floors being serviced sequentially in the direction of travel.
6. Each lift has an emergency button which when pressed causes a warning signal to be sent to the site manager. The lift is then deemed "out of service." Each lift has a mechanism to cancel its "out of service" status.