Alloy Analyzer 4 Tutorial Session 2: Language and Analysis Greg Dennis and Rob Seater Software Design Group, MIT

alloy language & analysis language = syntax for structuring specifications in logic shorthands, puns, sugar analysis = tool for finding solutions to logical formulas searches for and visualizes counterexamples
“I'm My Own Grandpa” Song popular radio skit originally written in the 1930's expanded into hit song by “Lonzo and Oscar” in 1948

module  grandpa abstract sig  Person {   father:  lone  Man,   mother:  lone  Woman } sig  Man  extends  Person {   wife:  lone  Woman } sig  Woman  extends  Person {   husband:  lone  Man } fact  {   no  p: Person |     p  in p.^(mother + father)   wife = ~husband } assert  noSelfFather {  no  m: Man | m = m.father } check  noSelfFather fun  grandpas[p: Person] :  set  Person {  p.(mother + father).father } pred  ownGrandpa[p: Person] {  p  in  grandpas[p] } run  ownGrandpa  for  4 Person “I'm My Own Grandpa” in Alloy
language: module header module  grandpa first non-comment of an Alloy model

language: signatures sig  A {} set of atoms A sig  A {} sig  B {} disjoint sets A and B (no A & B) sig  A, B {} same as above sig  B  extends  A {} set B is a subset of A (B in A) sig  B  extends  A {} sig  C  extends  A {} B and C are disjoint subsets of A (B in A && C in A && no B & C) sig  B, C  extends  A {} same as above abstract sig  A {} sig  B  extends  A {} sig  C  extends  A {} A partitioned by disjoint subsets B and C (no B & C && A = (B + C)) sig  B  in  A {} B is a subset of A – not necessarily disjoint from any other set sig  C  in  A + B {} C is a subset of the union of A and B one sig  A {} lone sig  B {} some sig  C {} A is a singleton set B is a singleton or empty C is a non-empty set
grandpa: signatures all men and women are persons no person is both a man and a woman all persons are either men or women abstract sig  Person {   . . .

