Presentation is loading. Please wait.

Presentation is loading. Please wait.

UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine1 CSE 503 – Software Engineering Lecture 3: An introduction to Alloy Rob DeLine 5 Apr 2004.

Published byBrian Carter Modified over 9 years ago

Similar presentations

Presentation on theme: "UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine1 CSE 503 – Software Engineering Lecture 3: An introduction to Alloy Rob DeLine 5 Apr 2004."— Presentation transcript:

1 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine1 CSE 503 – Software Engineering Lecture 3: An introduction to Alloy Rob DeLine 5 Apr 2004

2 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine2 Where we are Problem frames let us be methodical about the problem Now we’ll be methodical about the system behavior  Explore system behavior before committing to design details  Ensure that the system has desired properties System properties have different flavors  Safety property: “The system does not do something bad.”  Liveness property: “The system (eventually) does something good.”  Functional property: “The system computes what we want.” To explore properties, we formally model the system  A model abstracts some aspect of the system and its environment  Different languages emphasize different types of behavior  Different languages come with different theorems and tools

3 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine3 Different languages for different properties Explore the structure of the system’s state  Model system state as sets and relations in Alloy  Use Alloy to see if possible state configurations uphold properties Explore states the system can reach through operations  Model system as a state transition system  Use a model checker to see if possible traces uphold properties Explore communication patterns in concurrent systems  Model system as processes exchanging messages  Use a process calculus to prove refinements Explore functional properties of algorithms  Model system state as predicates  Use Hoare logic to prove algorithm’s effect on the system state

4 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine4 Class schedule For the next four weeks  Monday: the syntax/semantics of the notation, use of the tool  Wednesday: case studies, practice modeling together  Assignments will give you individual practice at modeling Tools  May 5/7: Alloy  May 12/14: Promela/SPIN  May 19/21: CCS and Pi  May 26/28: Hoare logic, plus ESC/Java or Boogie/Spec#

5 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine5 Alloy is based on relations Basic concepts  Atoms are indivisible, immutable, uninterpreted  Relations are sets of tuples of one or more atoms { (a,x), (b,x), (c,y) } Alloy treats all values uniformly as relations  There’s no syntax in the language for atoms or sets  An “set” is a relation with tuples of size 1: { (a), (b), (c) }  An “atom” or scalar is a relation with one tuple of size 1: { (a) }  You don’t need to worry about undefined values or special cases a b c x y ax bx cy

6 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine6 Equality of relations { (a), (b) } { (a), (a) } { (a,b) } { (a,b), (c,d) } { (a,b), (a,b) } { (a,a) } { (b), (a) } { (a) } { (b,a) } { (c,d), (a,b) } { (a,b) } { (a) } = = != = =

7 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine7 “Set” operations { (a), (b) } + { (c), (d) } = { (a,b) } + { (a,b), (c,d) } = { (a), (b) } & { (b), (c) } = { (a,b), (b,b) } & { (a,a), (a,b) } = { (a), (b) } – { (b) } = { (a,b), (b,c) } – { (b,c), (c,d) } = { (a), (b), (c), (d) } { (a,b), (c,d) } { (b) } { (a,b) } { (a) } { (a,b) } Union (+), intersection (&), and difference (-)

8 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine8 Join: Relational composition General pattern:  Find left tuple that ends in atom that begins right tuple  Concatenate the two tuples, eliminating common atom { (a 1,…,a n ) }. { (a n,…,a m ) } = { (a 1,…,a n-1,a n+1,…,a m ) } Join mimics fields access in languages with records  Let X be an object with an f field X = { (o 1 ) }  Let F be a relation mapping an object to the contents of its f field F = { (o 1,x 1 ), (o 2,x 2 ), (o 3,x 2 ) }  X.F = { (o 1 ) }. { (o 1,x 1 ), (o 2,x 2 ), (o 3,x 2 ) } = { (x 1 ) }  Uniformly lets you get the fields of multiple objects X = { (o 1 ), (o 2 ) } X.F = { (x 1 ), (x 2 ) }

9 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine9 Join practice { (a) }. { (a,b) } = { (a,b) }. { (b,c) } = { (a) }. { (c,d) } = { (a),(b) }. { (a,c),(b,d),(a,e) } = { (b) } { (a,c) } { } { (c),(d),(e) }

10 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine10 Cross product { (a) } -> { (b) } = { (a) } -> { (b,c) } = { (a,b) } -> { (c) } = { (a),(b) } -> { (c),(d) } = { (a,b) } { (a,b,c) } { (a,c), (a,d), (b,c), (b,d) } Product R -> S: Concatenate every x in R to every y in S

11 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine11 Relational operators Transpose (~) reverses the tuples in the set ~ { (a,b), (b,c) } = { (b,a), (c,b) } Transitive closure (^): ^R = limit of R + R.R + R.R.R + … ^ { (a,b), (b,c) } = { (a,b), (b,c), (a,c) } Useful constants  Empty relation:none [e]  Universal relation:univ [e]  Identity relation:iden [e](e is a scalar or set)  Type of the result determined by the type of e Reflexive transitive closure (*): *(S->S) = ^(S->S) + iden [S] * { (a,b), (b,c) } = { (a,a), (a,b), (b,b), (b,c), (c,c), (a,c) }

12 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine12 Logical operators Negation! Fnot F ConjunctionF && GF and G DisjunctionF || GF or G ImplicationF => GF implies G(! F || G) If then elseF => G,HF implies G else HF=>G && !F=>H Bi-implicationF GF iff GF=>G && G=>F

13 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine13 Quantifiers all x:e | Funiversal; F is true for every x in e some x:e | Fexistential; F is true for at least one x in e no x:e | F F is true for no x in e sole x:e | F F is true for at most one (and possibly no) x in e one x:e | F F is true for exactly one x in e Several variables can be quantified over at once. E.g., one x:e, y: f | F exactly one way to pick x and y that makes F true If you want the variables to be distinct, use disj: one disj x, y : e | F

14 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine14 Set comprehensions Set comprehensions construct sets and relations directly from properties. { x:e | F } — the set of atoms x from e for which F holds { x : Person | no x.spouse } is the set of unmarried people Can also use comprehensions to construct relations, by declaring more than one variable { x:e, y: f | F} creates a binary relation.

15 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine15 Toplevel declarations Alloy provides declarations to organize your specification  module – break your specification into manageable pieces  sig – declare new sets and relations  fact – record axioms about your sets and relations (not checked)  fun – name and abbreviate expressions  assert – write conditions that you want to check Alloy provides commands to invoke its constraint engine  check – try to find a counterexample for an assertion  run – try to find an instance of a function

16 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine16 Signatures Signatures introduce sets and relations sig Name { /* the set of name atoms */ } sig Person { // new set of person atoms name : Name,// new relation Person -> Name spouse : Person, parents: Person, childWith : Person -> Person } Multiplicity markers add contraints on relations  S m->n T where m and n can be ?zero or one !exactly one +one or more option Person, set Person,

17 UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine17 Facts Facts add axioms about your sets and relations fact { all p : Person | p.spouse.spouse = p } It’s handy to add these as part of a sig sig Person { // new set of person atoms name : Name,// new relation Person -> Name spouse : option Person, parents: set Person, childWith : Person -> Person } { // extra block adds facts about “this” this !in spouse }

Download ppt "UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine1 CSE 503 – Software Engineering Lecture 3: An introduction to Alloy Rob DeLine 5 Apr 2004."

Similar presentations

Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 2.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 2.
Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 4.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2013 Lecture 4.
– Seminar in Software Engineering Cynthia Disenfeld

– Seminar in Software Engineering Cynthia Disenfeld
CSE 105 Theory of Computation Alexander Tsiatas Spring 2012 Theory of Computation Lecture Slides by Alexander Tsiatas is licensed under a Creative Commons.

CSE 105 Theory of Computation Alexander Tsiatas Spring 2012 Theory of Computation Lecture Slides by Alexander Tsiatas is licensed under a Creative Commons.
Alloy Vatche Ishakian Boston University- CS511 March/24/2008 Contributors: Andrei Lapets, Michalis Potamias, Mark Reynolds.

Alloy Vatche Ishakian Boston University- CS511 March/24/2008 Contributors: Andrei Lapets, Michalis Potamias, Mark Reynolds.
Chapter 2 Logic Circuits.

Chapter 2 Logic Circuits.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Basic Structures: Sets, Functions, Sequences, Sums, and Matrices

Basic Structures: Sets, Functions, Sequences, Sums, and Matrices
Basic Structures: Sets, Functions, Sequences, Sums, and Matrices

Basic Structures: Sets, Functions, Sequences, Sums, and Matrices
CS5371 Theory of Computation Lecture 5: Automata Theory III (Non-regular Language, Pumping Lemma, Regular Expression)

CS5371 Theory of Computation Lecture 5: Automata Theory III (Non-regular Language, Pumping Lemma, Regular Expression)
Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space 03-640-760603-640-5358 html://www.cs.tau.ac.il/~msagiv/courses/sem03.html.

Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://
Semantics with Applications Mooly Sagiv Schrirber 317 03-640-7606 html://www.cs.tau.ac.il/~msagiv/courses/sem08.html Textbooks:Winskel The.

Semantics with Applications Mooly Sagiv Schrirber html:// Textbooks:Winskel The.
Preliminaries/ Chapter 1: Introduction. Definitions: from Abstract to Linear Algebra.

Preliminaries/ Chapter 1: Introduction. Definitions: from Abstract to Linear Algebra.
Algebraic Properties: The Rules of Algebra Be Cool - Follow The Rules!

Algebraic Properties: The Rules of Algebra Be Cool - Follow The Rules!
Boolean Algebra Dr. Bernard Chen Ph.D. University of Central Arkansas Spring 2009.

Boolean Algebra Dr. Bernard Chen Ph.D. University of Central Arkansas Spring 2009.
CSE 311 Foundations of Computing I Lecture 6 Predicate Logic, Logical Inference Spring 2013 1.

CSE 311 Foundations of Computing I Lecture 6 Predicate Logic, Logical Inference Spring
UML Unified Modeling Language. What is UML? Unified Modeling Language (UML) is a standardized, general-purpose modeling language in the field of software.

UML Unified Modeling Language. What is UML? Unified Modeling Language (UML) is a standardized, general-purpose modeling language in the field of software.
Chapter 2 Languages.

Chapter 2 Languages.
Systems of Linear Equation and Matrices

Systems of Linear Equation and Matrices
Chap. 2 Matrices 2.1 Operations with Matrices

Chap. 2 Matrices 2.1 Operations with Matrices

Similar presentations

Ads by Google