9/2/2024 Formal Methods

Submitted By: Syed Ali Farhad 38

09-02-2024
[COMPANY NAME]
Q = Solve some Alloy Exercises?

Exercise 1.
• Load family-1.als.
• Execute it.
• Analyze the metamodel.

Metamodel:

1
Source Code:
abstract sig Person {
children: set Person,
siblings: set Person
}

sig Man, Woman extends Person {}

sig Married in Person {

spouse: one Married
}
Exercise 2:
• Load family-2.als
• Execute it
• Analyze the metamodel
• Look at the generated instance

2
Metamodel:

Source Code:
abstract sig Person {
children: set Person,
siblings: set Person
}

sig Man, Woman extends Person {}

sig Married in Person {

spouse: one Married
}

-- Define the parents relation as an auxiliary one

fun parents [] : Person -> Person { ~children }
fact {
no p: Person | p in p.^parents

3
all p: Person | (lone (p.parents & Man)) and (lone (p.parents & Woman))

4
 all p: Person | p.siblings = {q: Person | p.parents = q.parents} - p
all p: Married | let s = p.spouse |
(p in Man implies s in Woman) and
(p in Woman implies s in Man)
no p: Married | p.spouse in p.siblings

}
run {} for 3

Exercise 3:
• Load family-3.als.
• Execute it.
• Look at the generated instance.

5
Source Code:
abstract sig Person {
children: set Person,
siblings: set Person
}

sig Man, Woman extends Person {}

sig Married in Person {

spouse: one Married
}
fun parents [] : Person -> Person { ~children }

fact {
no p: Person | p in p.^parents
all p: Person | (lone (p.parents & Man)) and (lone (p.parents & Woman))

6
 all p: Person | p.siblings = {q: Person | p.parents = q.parents} - p
all p: Married | let s = p.spouse |
(p in Man implies s in Woman) and
(p in Woman implies s in Man)
no p: Married | p.spouse in p.sibling
}
run {some Man & Married} for 2
run {some Man & Married} for 1
run {some Man & Married}
run {#Woman >= 1 and #Man = 0}
run {some Man and some Married and no Woman}
run {some p: Person | some p.children}

Exercise 4:
• Load family-4.als.
• Execute it.
• Look at the generated counter--‐examples.
• Why is Siblings Sibling false?
• Why is No Incest false?

7
 Siblings Sibling:

NoIncest:

Source Code:
abstract sig Person {
children: set Person,
siblings: set Person

8
}

sig Man, Woman extends Person {}

sig Married in Person {

spouse: one Married
}
fun parents [] : Person -> Person { ~children }

fact {
no p: Person | p in p.^parents
all p: Person | (lone (p.parents & Man)) and (lone (p.parents & Woman))
all p: Person | p.siblings = {q: Person | p.parents = q.parents} - p
all p: Married | let s = p.spouse |
(p in Man implies s in Woman) and
(p in Woman implies s in Man)
no p: Married | p.spouse in p.siblings

}
assert parentsArentsiblings {
all p: Person | no p.parents & p.siblings
}
check parentsArentsiblings for 10
assert siblingsSiblings {
all p: Person | p.siblings = p.siblings.siblings
}
check siblingsSiblings

9
assert NoIncest {
no p: Married |
some p.^parents & p.spouse.^parents
}
check NoIncest
run {some Man & Married} for 2
run {some Man & Married} for 1
run {some Man & Married}

run {#Woman >= 1 and #Man = 0}

run {some Man and some Married and no Woman}
run {some p: Person | some p.children}

Exercise 5:
• Fix the specification in family-4.als.
– If the model is under constrained, add appropriate constraints.
– If the assertion is not correct, modify it.

10
Source Code:
abstract sig Person {
children: set Person,
siblings: set Person
}

sig Man, Woman extends Person {}

11
sig Married in Person {
spouse: one Married
}

fun parents [] : Person -> Person { ~children }

-- Two persons are blood relatives iff they have a common ancestor
pred BloodRelatives [p: Person, q: Person] {
some p.*parents & q.*parents
}

fact {
no p: Person | p in p.^parents

all p: Person | (lone (p.parents & Man)) and (lone (p.parents & Woman))
all p: Person | p.siblings = {q: Person | p.parents = q.parents} - p
all p: Married | let s = p.spouse |
(p in Man implies s in Woman) and
no p: Married | p.spouse in p.siblings
no p: Married | BloodRelatives [p, p.spouse]
all p, q: Person |
(some p.children & q.children and p != q) implies
not BloodRelatives [p, q]
}

12
Exercise 6:

sig Time {}

abstract sig Person {

children: Person set -> Time,
parents: Person set -> Time,
siblings: Person set -> Time,
13
 spouse: Person lone -> Time,
alive: set Time
}

sig Man, Woman extends Person {}

Predicate

-- Two persons are blood relatives at time t iff

-- they have a common ancestor at time t
pred BloodRelatives [p: Person, q: Person, t: Time, ] {
some p.*(parents.t) & q.*(parents.t)
}

Fact

-- Define the parents relation

fact parentsDef {
all t: Time |
parents.t = ~(children.t)
}

-- A person P's siblings are those people with the same parents as P (excluding P)
fact siblingsDef {
all t: Time | all p: Person |
some p.parents.t
implies p.siblings.t = {q: Person | p.parents.t = q.parents.t} - p
else no p.siblings.t

14
}

fact staticOld {
-- No person can be their own ancestor
all t: Time | no p: Person | p in p.^(parents.t)

-- No person can have more than one father or mother

all t: Time | all p: Person |
lone (p.parents.t & Man) and
lone (p.parents.t & Woman)

-- Each married man (woman) has a wife (husband)

all t: Time | all p: Person |
let s = p.spouse.t |
(p in Man implies s in Woman) and
(p in Woman implies s in Man)

-- A spouse can't be a siblings

all t: Time | no p: Person |
one p.spouse.t and p.spouse.t in p.siblings.t

-- A person can't be married to a blood relative

all t: Time | no p: Person |
one p.spouse.t and BloodRelatives [p, p.spouse.t, t]

-- a person can't have children with a blood relative

all t: Time | all p, q: Person |
(some p.children.t & q.children.t and p != q) implies

15
 not BloodRelatives [p, q, t]
}
run {some p: Person | some p.children} for 5

16