Alloy:How to understand the counterexample in the Alloy demo?

Question

I write a strange Alloy demo about "assert" out of curiosity.

Assume there is a "Program", the "Program" has 2 "Varieties", and each "Variety" has a "Value" from "Data" set.

Then I also set a "fact" that all of the "Value" of the "Variety" are "data1".

Finally, I set an "assert" that for all "Program", all of "Value" of the "Variety" in the "Program" are "data1".

I think the "assert" satisfies the "fact", however when I check the "assert", it gives a counterexample, I cannot understand about this, why it has the counterexample?

The code appears as follows:

enum Data{data1,data2}

sig Program{
    Var1:Variable,
    Var2:Variable
}
sig Variable{
    Value:Data
}

fact{
   all v:Variable{
       v.Value=data1
   }
}

assert test{
    all p:Program{
        all v:(Program->Variable){
            p.v.Value=data1
        }
    }
}

The counterexample is as follows:

Answer 1

I'm a bit confused about your example because the var1 and var2 fields don't seem to be used. But the reason you're getting a counterexample is probably because v can be empty, in which case pvValue evaluates to the empty relation, and data1 evaluates to a singleton, so they're not equal.

Answer 2

There are two mistakes in my question, I modify the code, and it is right now.

enum Data{data1,data2}

sig Program{
    Var1:Variable,
    Var2:Variable
}
sig Variable{
    Value:Data
}

fact{
    all p:Program{
        //In theory, there should be "all v:(Program->Variable)", but Alloy does not support HOL.
        //all v:(Program->Variable){
            p.Var1.Value=data1
            p.Var2.Value=data1
        // }
    }
}

assert test{
    all p:Program{
         p.Var1.Value=data1
         p.Var2.Value=data2
        // And here is another mistake, Var1 and Var2 is only the subset of "all v:(Program->Variable)"
        // all v:(Program->Variable){
            // p.v.Value=data1
        // }
    }
}

check test for 10 but 1 Program