This directory contains a manually generated semantics of the simulation for the 
SimFW example, as well as its correctness verification, and the exploration of
several simulation variations with intentional design mistakes, which are
automatically detected by our verification strategy. 

The simulation (and its variations) were verified against the RoboChart model with 
assumptions TA1, TA2 and TA3. 

The file with the CSP models and verification assertions is:
src-gen/timed/SimFW_assertions-noabstracteventsinthesemantics

The interested reader can load this file in the FDR4 tool and check the assertions.
The relevant assertions are:

Absence of deadlock below indicates that the RoboChart model is schedulable. 

assert PConstrainedSpecA3; TSTOP :[deadlock free]

The assertions below ensure that the RoboSim model is equivalent to the RoboChart one
with the assumptions.

assert PConstrainedSpecA3 \ ExternalEvents_CFootBot  [FD= SimSpec
assert SimSpec [FD= PConstrainedSpecA3 \ ExternalEvents_CFootBot

There are similar assertions that uncover the problems with mistaken simulations.

 