Alloy Intro

1
????

• Alloy Intro

2
??????????

• ????? ???
• ????? ?????? SAT
• ????? ?DOT
• ????? ?? ????? SAT

3
???? ??????

• ???? ?? ?????? ????? ??????? ???????
• ???? ?????? Relational ??????? ????? ?? ??????
• ?????? ?? ?????? ??????? ?? Unary Relations
• ?????? ?? Singleton Sets

4
????? I - ???

• ?????? ??????? ROUTER, IP, LINK
• ?????
• Up-?? ????? ?? ?? ?-ROUTER ???????
• IP- ????? Router ? IP
• From- ????? Link ? Router
• -Table ????? Router ? IP SET

5
relational operators

• join
• p.q (p1, pn-1, q2, qm) (p1, pn)2p (q1,
  qm)2q pnq1
• for binary relations, p.q is composition
• for set s and relation r, s.r is relational image
• qp is syntactic variant of p.q
• product
• p-gtq (p1, pn, q1, qm) (p1, pn)2p (q1,
  qm) 2q
• for sets s and t, s-gtt is cross product
• set operators
• p q ,p q, p - q, p q union, overriding,
  difference, intersection
• p in q every tuple in p is also in q
• for scalar e and set s, e in s is set membership
• for relations p and q, p in q is set subset

6
Binary operations
7
a sample network
8
interlude identity etc

• constants
• ident identity maps each atom of type of t to
  itself
• univ t universal contains every tuple of type
  t
• none t zero contains no tuple of type t
• examples
• sig Router ip IP, table IP ?Link, nexts
  set Router
• fact NoSelfLinks all r Router r !in r.nexts
• fact NoSelfLinks no Routernexts iden
  Router

9
alloy constraints

• fact Basics all r Router // router table
  refers only to router's links r.tableIP.from
  r // nexts are routers reachable in one
  step r.nexts r.tableIP.to // router
  doesn't forward to itself no r.tabler.ip
  // ip addresses are unique no r1, r2 Router
  disjr1,r2 r1.ip r2.ip
• pred Consistent () // table forwards on
  plausible link all r Router, i IP
  r.tablei.to in i.ip.nexts

10
simulation commands

• -- show me a network that satisfies the
  Consistent constraintrun Consistent for 2
• -- show me one that doesntpred Inconsistent ()
  not Consistent ()run Inconsistent for 2

11
an inconsistent state
12
assertions commands

• -- define forwarding operation-- packet with
  destination d goes from at to atpred Forward
  (d IP, at, at' Router) at'
  at.tabled.to
• -- assert that packet doesnt get stuck in a
  loopassert Progress all d IP, at, at'
  Router Consistent() Forward d, at, at
  gt at ! at
• -- issue command to check assertioncheck
  Progress for 4

13
lack of progress
14
????? II ????
15
Position

• abstract sig Position adjacent set Position
• one sig p00,p01,p02, p10,p11,p12, p20,p21,p22
• extends Position

16
status

• abstract sig Status
• one sig Play, Won, Lost extends Status

17
state

• sig State
• walls set Position,
• food set Position,
• pacman Position,
• blinky Position,
• status Status

18
Walls

• fact WallsAreSolid
• all s State
• s.walls s.food none and
• not (s.pacman in (s.walls)) and
• not (s.blinky in (s.walls))

19
Won

• fact GameIsWonWhenAllTheFoodIsGone
• all s State
• s.status Won iff s.food none

20
Lost

• fact GameIsLostWhenBlinkyGetsPacman
• all s State
• s.status Lost iff s.blinky s.pacman

21
Food1

• pred FoodSupplyNeverIncreases(s, s' State)
• s'.food in s.food

22
Food2

• pred FoodIsEatenByPacman(s, s' State)
• s.pacman in s.food implies not (s.pacman in
  s'.food)

23
Adjacent

• fact AdjacentPositions
• adjacent
• p00 -gt p01 p00 -gt p10 .
• p01 -gt p00 p01 -gt p02 .

24
Adjacent

• pred MovementIsOnlyToAdjacentPosition(s,
  s'State)
• let p (s'.pacman), q (s.pacman) p-gtq in
  adjacent
• let p (s'.blinky), q (s.blinky) p-gtq in
  adjacent

25
movement

• pred WallsDontMove(s, s' State)
• s.walls s'.walls
• pred MovementIsPossibleOnlyWhilePlaying(s,s'State
  )
• s.status ! Play implies s s

26
(No Transcript)
27
Game

• open util/orderingState as ord
• fact ValidBehaviour
• all s State, s' ord/nexts
• FoodSupplyNeverIncreasess,s' and
• FoodIsEatenByPacmans,s' and
• MovementIsOnlyToAdjacentPositions,s' and
• WallsDontMoves,s' and
• MovementIsPossibleOnlyWhilePlayings,s'

28
Init

• pred InitGame(s State)
• s.walls p01 p11 p21 and
• s.food p00 p02 p10 p12 p20 p22 and
• s.status Play
• fact initialState
• InitGameord/first

29
Finish

• pred GameWon()
• ord/last.status Won
• pred GameLost()
• ord/last.status Lost