合金均等

Question

I've got an Alloy model which contains the following :

abstract sig person{}

one sig john,Steve extends person  {Gender: man} 

sig man{}

fact {
  all name: person, Gender: man | 
      name.Gender = name.Gender => person =person}

How can I make equality between two signatures?

Answer 1

It's not clear from your question what you want to do, and from your sample Alloy code it looks as if you may be suffering from some confusions.

First, the model you show uses the name Gender in two different ways, which is not illegal in itself but seems to suggest some confusion. (It certainly confuses the willies out of this reader.)

In the declaration for the two singleton signatures john and Steve, Gender denotes two binary relations, one holding between the signature john and the signature man, the other holding between Steve and man. To say the same thing in symbolic form, Gender denotes (a) some subset of john -> man, and (b) some subset of Steve -> man.

In the anonymous fact, however, Gender denotes a variable of type man.

Your model will be easier to understand if you find a way to rename one or the other of these. Since variable names in a quantified expression are arbitrary, your fact will mean the same thing if you reformulate it as

fact { all P : person, M : man | P.M = P.M => person = person }

If that's not what you meant to say, then you may have meant to say something like

fact { all P : person, M : man | 
    P.Gender = P.Gender => person = person 
}

Renaming the variable forces you to choose one meaning or the other. This is a good thing. (It is an unfortunate fact that neither formulation is actually satisfactory in Alloy. But let's deal with one problem at a time; getting rid of the double use of the name Gender is the first step.)

A second issue is that whichever formulation of the fact you meant, it almost certainly doesn't mean what you wanted it to mean. Ignoring the specifics of the model for a moment, your fact takes the form

fact { all V1 : sig1, V2 : sig2 | 
  Expression = Expression => sig1 = sig1
}

where Expression is either V1.V2 or V1.Relation, for some Relation defined in the model. There are several things wrong here:

• V1.V2 is meaningless where V1 and V2 are both names of signatures or variables ranging over given signatures: the dot operator is meaningful only if one of its arguments is the name of a relation.

• If any expression E is meaningful at all, then a Boolean expression of the form E = E (for example, person.Gender = person.Gender) is true regardless of what E means. Anything denoted by E is naturally going to be equal to itself. So the conditional might as well be written

   1 = 1 => person = person 

• For the same reason, person = person will always be true, regardless of the model: for any model instance the set of persons in the instance will be identical to the set of persons in the instance. So the conditional will always be true, and the fact won't actually impose any constraint on instances of the model.

It's not clear how best to help you move forward. Perhaps one way to start would be to ask yourself which of the following statements you are trying to capture in your model.

• There is a set of persons.
• Some persons are males (have gender = 'man'). Others are not males.
• John is a male individual.
• Steve is a male individual.
• John and Steve are distinct individuals.
• If x and y are individuals with the same gender, then x and y are the same individual. Ie no two individuals have the same gender.

Note that these statements cannot all be true at the same time. (If that's not obvious, you might do worse than try to figure out why. Alloy can be helpful in that effort.)

Good luck.