Layer2_MMS_SW_SPARK: update F_FC behavior

UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt-f_fc-behavior-guarantees.adb

@@ -2,11 +2,25 @@ with MMS.F_PT.F_FC.State;
 
 package body MMS.F_PT.F_FC.Behavior.Guarantees with SPARK_Mode is
 
+   Stored_Time_Since_In_Safety_Escape : Time_Type with Ghost;
+   function Get_Time_Since_In_Safety_Escape return Time_Type is
+     (Stored_Time_Since_In_Safety_Escape);
+
    procedure Run is
    begin
+      if On_State = RUNNING then
+         Check_Safety_Escape;
+         if not In_Safety_Envelope then
+            Stored_Time_Since_In_Safety_Escape := Time_Since_In_Safety_Escape;
+         end if;
+
+         Choose_Operating_Mode;
+      end if;
+
+      AV_State_Vector;
       Update_State;
 
-      if Mission_State in FLIGHT | LANDING then
+      if On_State = RUNNING then
          Propulsion_Braking_Mutual_Exclusion;
 
          Reference_Trajectory_Computation;

UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt-f_fc-behavior-guarantees.ads

@@ -15,13 +15,16 @@ package MMS.F_PT.F_FC.Behavior.Guarantees with SPARK_Mode is
    range BRAKING .. WAITING_PROP;
 
    function Engine_State_In_Braking return Boolean is
-     (Mission_State in FLIGHT | LANDING
+     (On_State = RUNNING
       and then Engine_State in Braking_State_Type);
 
    function Engine_State_In_Propulsion return Boolean is
-     (Mission_State in FLIGHT | LANDING
+     (On_State = RUNNING
       and then Engine_State in Propulsion_State_Type);
 
+   function Get_Time_Since_In_Safety_Escape return Time_Type with
+     Ghost;
+
    -----------------------------------
    -- High-Level Garantees for F_FC --
    -----------------------------------
@@ -41,8 +44,8 @@ package MMS.F_PT.F_FC.Behavior.Guarantees with SPARK_Mode is
      --  Escape_Time seconds.
 
      and then
-       (if Mission_State = ABORTED and then Mission_State'Old /= ABORTED
+       (if On_State = ABORTED and then On_State'Old /= ABORTED
            and then Aborted_With_Propulsion_Available
-        then Time_Since_In_Safety_Escape > MMS.F_PT.F_FC.Data.Escape_Time);
+        then Get_Time_Since_In_Safety_Escape > MMS.F_PT.F_FC.Data.Escape_Time);
 
 end MMS.F_PT.F_FC.Behavior.Guarantees;

UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt-f_fc.ads

@@ -2,6 +2,9 @@ with Types; use Types;
 
 package MMS.F_PT.F_FC with
   Abstract_State => (Input_State,
+                     Safety_Escape_State,
+                     Operating_Mode_State,
+                     AV_State_Vector_State,
                      Trajectory_State,
                      Private_State,
                      Mutual_Exclusion_State,
@@ -34,8 +37,6 @@ is
 
    type Time_Type is new Integer; --  in s ??? some bounds
 
-   type Mission_State_Type is (INIT, FLIGHT, LANDING, ABORTED, COMPLETE);
-
    type Engine_State_Type is
      (PROPULSION, WAITING_BRAK, BRAKING, WAITING_PROP);
 

UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt-f_mm-data.ads

@@ -70,4 +70,9 @@ package MMS.F_PT.F_MM.Data is
      (AI : Glide_Altitude_Center) return Current_Range_Type
    with Pre => AI in Glide_Distance_Domain_Mesh'Range;
 
+   --  Issue #28
+
+   Altitude_ref_TakeOff : Current_Altitude_Type;
+   Speed_ref_TakeOff    : Current_Speed_Type;
+
 end MMS.F_PT.F_MM.Data;

UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt-f_mm.ads

@@ -15,10 +15,6 @@ is
 
    type Power_State_Type is (ON, OFF);
 
-   type On_State_Type is (INIT, RUNNING, COMPLETE, ABORTED);
-
-   type Running_State_Type is (TAKE_OFF, FLIGHT, LANDING);
-
    type Init_State_Type is (PREPARATION, READY, CANCELLED);
 
    type Viability_Cell_Center_Type is record

UseCaseDevelopment/Layer2_MMS_SW_SPARK/mms-f_pt.ads

@@ -22,6 +22,10 @@ package MMS.F_PT is
    type Payload_Mass_Grid_Type is array (Payload_Mass_Center range <>)
      of Payload_Mass_Type;
 
+   type On_State_Type is (INIT, RUNNING, COMPLETE, ABORTED);
+
+   type Running_State_Type is (TAKE_OFF, FLIGHT, LANDING);
+
    type Flight_Phase_Type is (CLIMB, CRUISE, DESCENT);
 
 end MMS.F_PT;