This directory contains a manually generated semantics of the simulation for the 
Transporter example, as well as its correctness verification.
The simulation was verified against the RoboChart model with 
assumptions TA1, TA2 and TA3. 

The file with the CSP models and verification assertions is:
src-gen/timed/module_assertions-withoptimisations

The interested reader can load this file in the FDR4 tool and check the assertions.
The relevant assertions are:

Absence of deadlock below indicates that the RoboChart model is schedulable. 

assert PMConstrainedSpecA3 \ ExternalEvents_System; TSTOP :[deadlock free]


The assertion below ensures that the RoboSim model is a refinement of the RoboChart one
with the assumptions. 

assert PMConstrainedSpecA3 \ ExternalEvents_System [F= SimSpec

We checked for divergence freedom using separate assertions:

assert SimSpec :[divergence free]
assert PMConstrainedSpecA3 \ ExternalEvents_System :[divergence free]


