CIS 771: Software Specifications. Lecture: Alloy Whirlwind Tour (part A)

Size: px

Start display at page:

Download "CIS 771: Software Specifications. Lecture: Alloy Whirlwind Tour (part A)"

Abigail Wilkerson
5 years ago
Views:

1 CIS 771: Software Specifications Lecture: Alloy Whirlwind Tour (part A) Copyright 2007, John Hatcliff, and Robby. The syllabus and all lectures for this course are copyrighted materials and may not be used in other course settings outside of Kansas State University in their current form or modified form without the express written permission of one of the copyright holders. During this course, students are prohibited from selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of one of the copyright holders. Alloy Quick Tour Objectives of the Quick Tour lectures Understand primary features of the Alloy modeling language modeling structures specifying constraints Understand the basic capabilities of the Alloy Constraint Analyzer (ACA) automated tool Be able to write Alloy specifications that model simple systems Be able to run ACA to analyze simple systems this short lecture gives a quick tour of the quick tour 1

Address Book Application Presentation will be based on a simple application Address Lists Text-based Modeling Language module tour/addressbook1 sig, Addr {} sig Book { addr: -> lone Addr } Formal

2 Address Book Application Presentation will be based on a simple application Address Lists Text-based Modeling Language module tour/addressbook1 sig, Addr {} sig Book { addr: -> lone Addr } Formal semantics based on sets and relations Book b2 Signatures hold sets of abstract elements. b1 n1 n2 n3 n4 a1 a2 a3 a4 Addr Fields form relations between signature elements and elements of field type. 2

for system configurations that satisfy the specifications If we expected instances, but none can be found we know we have made a mistake by

3 User Interface An instance has been found. Click Instance found to launch visualization. Results Result of execution from previous slide Settings: Goto Theme, then Book, then turn on Project over this sig Alloy automatically looks for system configurations that satisfy the specifications If we expected instances, but none can be found we know we have made a mistake by over-constraining our specification If instances are found that we didn t expect, this may mean that we need to add more constraints to our specification to rule out undesirable configurations 3

4 Generating Instances Add constraints to direct the analysis pred show1 (b: Book) { #b.addr > 1 } run show1 for 3 but 1 Book Introduce a constraint that requires the existence of some Book b, such that the number of entries in the addr map for b is > 1. Example Operations Pre-State b1 Book Operational view: Operation transforms the pre-state into the post-state n1 n2 a1 a2 Addr adding a new book Post-State Declarative view: Operation relates the pre-state and the post-state b1 b2 Book n1 n2 a1 a2 Addr 4

Modeling Add Address pred add2(b, b': Book, n:, a:addr) { // pre-condition // n is not currently in the book no n.(b.addr) } // post-condition // invoking b addr map on n yield s a n.

(b'.addr) Results Pre-State using project over Book sig option in visualization not associated with Addr Post-State maps to

5 Modeling Add Address pred add2(b, b': Book, n:, a:addr) { // pre-condition // n is not currently in the book no n.(b.addr) } // post-condition // invoking b addr map on n yield s a n.(b'.addr) = a // frame-condition // for all other names, the addr map should // yield the same value all n1: ( - n) n1.(b.addr) = n1.(b'.addr) Results Pre-State using project over Book sig option in visualization not associated with Addr Post-State maps to Addr run add2 for 2 Book, exactly 4, exactly 4 Addr 5

Modeling System Executions Consider the address book example use

signature elements first() b = next(b ) last() b b b initially, the

yields next state relate states/elements in the sequence using

add or del yields next state Results 2 0 1 add(group,addr) 3

6 Modeling System Executions Consider the address book example use built-in functions from ordering library to impose an ordering on signature elements first() b = next(b ) last() b b b initially, the address book is empty add or del yields next state add or del yields next state relate states/elements in the sequence using operations (output of one operation forms the input of the next) add or del yields next state Results add(group,addr) 3 del(group,addr) add(alias,group) assertion violation -- Group doesn t map to anything. 6

7 Acknowledgements The material in this lecture is based on Chapter 2 from Software Abstractions: Logic, Language, and Analysis, Daniel Jackson, MIT Press,

CIS 771: Software Specifications. Lecture: Alloy Logic (part D)

CIS 771: Software Specifications Lecture: Alloy Logic (part D) Copyright 2007, John Hatcliff, and Robby. The syllabus and all lectures for this course are copyrighted materials and may not be used in other