Assignment no 4

Submitted By:
Name: Syed Ali Farhad
Roll No: 38
Subject: Formal Method
Department: BS-SE 5th

Submitted to:
Khurram Mustafa
Due Date: 12 Mar 2024

University Of Kotli
1. Exercise No 1

 Load Family-6.als.
 Execute it
 Analyze the model
 Look at the generated instance
 Does it look correct?
 What, if anything, would you change about it?

The Code:
-- Signatures --
module family
sig Time {}
abstract sig Person {
children: Person set -> Time,
parents: Person set -> Time,
siblings: Person set -> Time,
spouse: Person lone -> Time,
alive: set Time}
 sig Man, Woman extends Person {}
pred BloodRelatives [p: Person, q: Person, t: Time, ] {
some p.(parents.t) & q.(parents.t)}
fact parentsDef {
all t: Time |
parents.t = ~(children.t)}
fact siblingsDef {
all t: Time | all p: Person |
p.siblings.t = { q: Person - p | some q.parents.t and
p.parents.t = q.parents.t }}
fact staticOld {
all t: Time | no p: Person | p in p.^(parents.t)
all t: Time | all p: Person |
lone (p.parents.t & Man) and
lone (p.parents.t & Woman)
all t: Time | all p: Person |
let s = p.spouse.t |
(p in Man implies s in Woman) and
(p in Woman implies s in Man)
all t: Time | no p: Person |
one p.spouse.t and p.spouse.t in p.siblings.t
all t: Time | no p: Person |
one p.spouse.t and BloodRelatives [p, p.spouse.t, t]
all t: Time | all p, q: Person |
(some p.children.t & q.children.t and p != q) implies
not BloodRelatives [p, q, t]}
run {#Time > 1 and some p: Person | some p.children} for 5

2. Exercise 2
 Load family-7.als.
 Execute it.
 Look at the generated instance.
 Does it look correct?
 What if anything would you change about it?
 Check each of the given asserDons
 Are they all valid?
 If not, how would you change the model to fix that?
 Examine various sample instances.
Code:

module family
open util/ordering [Time] as T
---------------- Signatures ----------------
sig Time {}
abstract sig Person {
children: Person set -> Time,
parents: Person set -> Time,
siblings: Person set -> Time,
spouse: Person lone -> Time,
alive: set Time}
sig Man, Woman extends Person {}
---------------- Predicate ----------------
-- Two persons are blood relatives at time t iff
-- they have a common ancestor at time t
pred BloodRelatives [p: Person, q: Person, t: Time, ] {
 some p.*(parents.t) & q.*(parents.t)}
---------------- Fact ----------------
-- Define the parents relation
fact parentsDef {
all t: Time |
parents.t = ~(children.t)}
-- A person P's siblings are those people with the same parents as P (excluding P)
fact siblingsDef {
all t: Time | all p: Person |
some p.parents.t
implies p.siblings.t = {q: Person | p.parents.t = q.parents.t} - p
else no p.siblings.t}
fact staticOld {
-- No person can be their own ancestor
all t: Time | no p: Person | p in p.^(parents.t)
-- No person can have more than one father or mother
all t: Time | all p: Person |
lone (p.parents.t & Man) and
lone (p.parents.t & Woman)
-- Each married man (woman) has a wife (husband)
all t: Time | all p: Person |
let s = p.spouse.t |
(p in Man implies s in Woman) and
(p in Woman implies s in Man)
-- A spouse can't be a siblings
all t: Time | no p: Person |
one p.spouse.t and p.spouse.t in p.siblings.t
-- A person can't be married to a blood relative
all t: Time | no p: Person |
one p.spouse.t and BloodRelatives [p, p.spouse.t, t]
 -- a person can't have children with a blood relative
all t: Time | all p, q: Person |
(some (p.children.t & q.children.t) and p != q) implies
not BloodRelatives [p, q, t]
-- the spouse relation is symmetric
all t: Time | spouse.t = ~(spouse.t)}
-- only living people can have children or be married
fact staticAlive {
all t: Time | all p: Person |
let mainFields = children + spouse |
p !in alive.t implies
(no p.mainFields.t and no q: Person | p in q.mainFields.t)}
------------------------ dynamic model ------------------------
pred noChildrenChangeExcept [ps: set Person, t,t': Time, ] {
all p: Person - ps | p.children.t' = p.children.t}
pred noSpouseChangeExcept [ps: set Person, t,t': Time] {
all p: Person - ps | p.spouse.t' = p.spouse.t}
pred noAliveChange [t, t': Time] {
alive.t' = alive.t}
pred marriage [m: Man, w: Woman, t,t': Time] {
-- Precondition
-- m and w must be alive before marriage (at time t)
m+w in alive.t
-- m and w must not be married
no (m+w).spouse.t
-- Post-condition
-- After marriage w is m's wife
m.spouse.t' = w
-- After marriage m is w's husband
-- w.spouse.t' = m
 -- Frame condition
noChildrenChangeExcept [none, t, t']
noSpouseChangeExcept [m+w, t, t']
noAliveChange [t, t']}
pred birth [t, t': Time]{
-- precondition and post-condition
one p: Person |
p !in alive.t and alive.t' = alive.t + p
-- frame condition
noChildrenChangeExcept [none, t, t']
noSpouseChangeExcept [none, t, t']}
pred birthFromParents [m: Man, w: Woman, t,t': Time] {
-- precondition
m+w in alive.t
m.spouse.t = w
-- precondition and post-condition
one p: Person | {
-- precondition
p !in alive.t
-- postcondition
alive.t' = alive.t + p
m.children.t' = m.children.t + p
w.children.t' = w.children.t + p}
-- frame condition
noChildrenChangeExcept [m+w, t, t']
noSpouseChangeExcept [none, t, t']}
pred init [t: Time] {
no children.t
no spouse.t
no alive.t}
fact Trace {
init [T/first]
all t: Time-T/last |
let t' = T/next [t] |
birth [t, t'] or
one m: Man | one w: Woman |
marriage [m, w, t, t'] or
birthFromParents [m, w, t, t']}
run {
#Man >1
#Woman > 1
some p: Person | some p.children
} for 5 but 8 Time
------------------- predicate for finding instances -------------------
pred marriageInstance {
some t: Time | some m: Man | some w: Woman |
let t' = T/next [t] | marriage [m, w, t, t']}
pred birthInstance {
some t: Time | let t' = T/next [t] | birth [t, t']}
pred birthFromParentsInstance {
some t: Time | some m: Man | some w: Woman |
let t' = T/next [t] |
birthFromParents [m, w, t, t']}
--------------------------- Run -----------------------------
-- run marriage once
run {
some t: Time | some m: Man | some w: Woman |
let t' = T/next [t] | marriage [m, w, t, t']
} for 5
run {
 marriageInstance
birthInstance
birthFromParentsInstance
} for 5
ing for 10