检查合金中的 Sig 相等性

Question

In the following Alloy model I want to check the equality of two instances of a sig with Bool field type:在以下合金模型中，我想检查具有Bool字段类型的 sig 的两个实例的相等性：

module test

open util/boolean as bool


sig Info {
    active: Bool
}

assert assertion {
    all x1, x2: Info |
        x1.active = True && x2.active = True implies x1 = x2
}

check assertion for 10

This model checks for equality of x_1 and x_2 if both have True as their active field.如果x_1和x_2的active字段都为True ，则此模型会检查它们是否相等。 Alloy comes back with a counterexample, however, in the counterexample, both x_1 and x_2 are structurally equal but for some reason Alloy considers them not equal. Alloy 给出了一个反例，然而，在反例中， x_1和x_2在结构上是相等的，但由于某种原因，Alloy 认为它们不相等。

Edit :编辑：

One suggestion is to use subtyping as follows:一种建议是使用子类型如下：

sig Info {}

sig ActiveInfo in Info {}

-- i is inactive if i in (Info - ActiveInfo)

However, this is not suitable for my model.但是，这不适合我的模型。

Quote from the Software Abstractions book:引自《软件抽象》一书：

" Is equality structural equality or reference equality? "平等是结构平等还是参照平等？

A relation has no identity distinct from its value, so this distinction, based on programming notions, doesn't make sense here.关系没有与其值不同的身份，因此这种基于编程概念的区别在这里没有意义。 If two relations have the same set of tuples, they aren't two relations: they're just one and the same relation.如果两个关系具有相同的元组集，则它们不是两个关系：它们只是一个且相同的关系。 An atom is nothing but its identity;一个原子不过是它的身份； two atoms are equal when they are the same atom.当两个原子是同一个原子时，它们是相等的。 If you have a set of atoms that represent composite objects (using some relations to map the atoms to their contents), you can define any notion of structural equality you want explicitly, by introducing a new relation.如果你有一组代表复合对象的原子（使用一些关系将原子映射到它们的内容），你可以通过引入一个新的关系来明确定义任何你想要的结构相等的概念。 (And for those C++ programmers out there: no, you can't redefine the equals symbol in Alloy.)" （对于那些 C++ 程序员来说：不，你不能在 Alloy 中重新定义等号。）”

I don't quite understand this paragraph.这一段我不是很明白。 I appreciate explanation on how equality works in Alloy.我很欣赏关于合金中平等如何运作的解释。 Particularly on how to check equalities of atoms with different identities but same values?特别是如何检查具有不同身份但相同值的原子的相等性？

Answer 1

I know that equality in Alloy is based on values.我知道 Alloy 中的平等是基于价值观的。

This is not true.这不是真的。 x1 and x2 have the same value for active , but are different atoms in the signature. x1和x2具有相同的active值，但在签名中是不同的原子。 It's similar to how in a lot of OOP languages, two objects can have the same structural values but have different identities.这类似于在许多 OOP 语言中，两个对象可以具有相同的结构值但具有不同的身份。

Incidentally, I'd recommend using subtypes to represent booleans.顺便说一句，我建议使用子类型来表示布尔值。 You could do你可以做

sig Info {}

sig ActiveInfo in Info {}

-- i is inactive if i in (Info - ActiveInfo)

Answer 2

You can think of a field in a signature as "belonging" to an atom of that signature if you like, but it's better just to think of fields as relations.如果愿意，您可以将签名中的字段视为“属于”该签名的原子，但最好将字段视为关系。 You wouldn't expect two persons to be the same if they have the same mother:如果他们有同一个母亲，你不会期望两个人是一样的：

sig Person {mother: Parent}

But if you want your signature to have the property that no two distinct members have the same fields, you can just add that as a fact:但是，如果您希望签名具有没有两个不同成员具有相同字段的属性，则可以将其添加为事实：

sig Coordinate {x, y: Value}
fact {all c, c': Coordinate | (c.x = c'.x and c.y = c'.y) implies c = c'}

检查合金中的 Sig 相等性

问题描述

2 个解决方案

解决方案1
2 2021-07-21 21:15:49

解决方案2
1 已采纳 2021-07-22 12:48:50

检查合金中的 Sig 相等性

问题描述

2 个解决方案

解决方案1 2 2021-07-21 21:15:49

解决方案2 1 已采纳 2021-07-22 12:48:50

解决方案1
2 2021-07-21 21:15:49

解决方案2
1 已采纳 2021-07-22 12:48:50