Assignment # 02

Course: Formal Methods in Software Engineering

Submitted By:

Name: Sayed Ali Farhaad

Roll No: 38

Class: BS SE

Semester: 5th

Submitted to: Sir Khurram Mustafa

Submission Date: 09-02-2024

Exercise 1.

• Load family-1.als.
• Execute it.
• Analyze the metamodel.

Metamodel:

1
Source Code:

abstract sig Person {

children: set Person,

siblings: set Person

sig Man, Woman extends Person {}

sig Married in Person {

spouse: one Married

Exercise 2:

2
• Load family-2.als

• Execute it

• Analyze the metamodel

• Look at the generated instance

Metamodel:

3
Source Code:

abstract sig Person {

children: set Person,

siblings: set Person

sig Man, Woman extends Person {}

sig Married in Person {

spouse: one Married

4
-- Define the parents relation as an auxiliary one

fun parents [] : Person -> Person { ~children } fact

no p: Person | p in p.^parents

all p: Person | (lone (p.parents & Man)) and (lone (p.parents & Woman))

all p: Person | p.siblings = {q: Person | p.parents = q.parents} - p

all p: Married | let s = p.spouse |

(p in Man implies s in Woman) and

(p in Woman implies s in Man)

no p: Married | p.spouse in p.siblings

} run {} for

Exercise 3:

• Load family-3.als.
• Execute it.
• Look at the generated instance.

5
Source Code:
abstract sig Person {

children: set Person,

siblings: set Person

6
sig Man, Woman extends Person {}

sig Married in Person {

spouse: one Married

} fun parents [] : Person -> Person { ~children

fact {

no p: Person | p in p.^parents

all p: Person | (lone (p.parents & Man)) and (lone (p.parents & Woman))

all p: Person | p.siblings = {q: Person | p.parents = q.parents} - p

all p: Married | let s = p.spouse |

(p in Man implies s in Woman) and

(p in Woman implies s in Man)

no p: Married | p.spouse in p.sibling

run {some Man & Married} for 2 run {some Man

& Married} for 1 run {some Man & Married} run

{#Woman >= 1 and #Man = 0} run {some

Man and some Married and no Woman} run

{some p: Person | some p.children}

Exercise 4:
• Load family-4.als.
• Execute it.

7
• Look at the generated counter--‐examples.
• Why is Siblings Sibling false?
• Why is No Incest false?

Siblings Sibling:

8
NoIncest:

9
Source Code:
abstract sig Person {

children: set Person,

siblings: set Person }

sig Man, Woman extends Person {}

sig Married in Person {

spouse: one Married

} fun parents [] : Person -> Person { ~children

fact {

no p: Person | p in p.^parents

all p: Person | (lone (p.parents & Man)) and (lone (p.parents & Woman))

all p: Person | p.siblings = {q: Person | p.parents = q.parents} - p all p:

Married | let s = p.spouse |

(p in Man implies s in Woman) and

(p in Woman implies s in Man)

no p: Married | p.spouse in p.siblings

assert parentsArentsiblings { all p:

Person | no p.parents & p.siblings

10
check parentsArentsiblings for 10 assert

siblingsSiblings {

all p: Person | p.siblings = p.siblings.siblings

check siblingsSiblings

assert NoIncest {

no p: Married |

some p.^parents & p.spouse.^parents

} check

NoIncest

run {some Man & Married} for 2 run

{some Man & Married} for 1 run

{some Man & Married}

run {#Woman >= 1 and #Man = 0} run {some

Man and some Married and no Woman} run

{some p: Person | some p.children}

Exercise 5:

• Fix the specification in family-4.als.

– If the model is under constrained, add appropriate constraints.

– If the assertion is not correct, modify it.

11
12
Source Code:
abstract sig Person {

children: set Person,

siblings: set Person

sig Man, Woman extends Person {}

sig Married in Person {

spouse: one Married

fun parents [] : Person -> Person { ~children }

13
-- Two persons are blood relatives iff they have a common ancestor

pred BloodRelatives [p: Person, q: Person] { some

p.*parents & q.*parents

fact {

no p: Person | p in p.^parents

all p: Person | (lone (p.parents & Man)) and (lone (p.parents & Woman))

all p: Person | p.siblings = {q: Person | p.parents = q.parents} - p all p:

Married | let s = p.spouse |

(p in Man implies s in Woman) and

no p: Married | p.spouse in p.siblings no p:

Married | BloodRelatives [p, p.spouse] all p,

q: Person |

(some p.children & q.children and p != q) implies

not BloodRelatives [p, q]

Exercise 6:

14
sig Time {}

15
abstract sig Person { children:

Person set -> Time, parents:

Person set -> Time, siblings:

Person set -> Time, spouse:

Person lone -> Time, alive: set

Time

sig Man, Woman extends Person {}

---------------- Predicate ----------------

-- Two persons are blood relatives at time t iff -- they

have a common ancestor at time t pred BloodRelatives

[p: Person, q: Person, t: Time, ] { some

p.*(parents.t) & q.*(parents.t)

---------------- Fact ----------------

-- Define the parents relation fact

parentsDef {

all t: Time |

parents.t = ~(children.t)

16
-- A person P's siblings are those people with the same parents as P (excluding P)

fact siblingsDef { all t: Time | all p: Person |

some p.parents.t

implies p.siblings.t = {q: Person | p.parents.t = q.parents.t} - p

else no p.siblings.t

fact staticOld {

-- No person can be their own ancestor

all t: Time | no p: Person | p in p.^(parents.t)

-- No person can have more than one father or mother

all t: Time | all p: Person | lone (p.parents.t & Man) and

lone (p.parents.t & Woman)

-- Each married man (woman) has a wife (husband)

all t: Time | all p: Person |

let s = p.spouse.t |

(p in Man implies s in Woman) and

(p in Woman implies s in Man)

-- A spouse can't be a siblings

all t: Time | no p: Person |

one p.spouse.t and p.spouse.t in p.siblings.t

17
 -- A person can't be married to a blood relative

all t: Time | no p: Person | one p.spouse.t and

BloodRelatives [p, p.spouse.t, t]

-- a person can't have children with a blood relative

all t: Time | all p, q: Person |

(some p.children.t & q.children.t and p != q) implies

not BloodRelatives [p, q, t]

run {some p: Person | some p.children} for 5

18