我使用Alloy * hola-0.2.jar来表示和研究高阶问题。
以下代码
check isAR for 1 but exactly 1 Node, exactly 1 Edge只会因一个反例而失败。
是的,Alloy *快速找到了反例。但是,当我点击"下一步"为了找到另一个反例,求解器从不完成它。 (我在macbook pro中运行了至少3个小时。)
事实上,从理论上讲,不存在更多的反例。所以Alloy *应该说没有发现反例。断言可能有效。但是,它永远不会弹出。
我意识到解决高阶问题需要更多的计算工作。然而,我的这个问题非常小。所以我怀疑我的代码。问题是什么?
// a Heyting Algebra of subgraphs of a given graph
sig Node {}
sig Edge {
source: Node,
target: Node}
fun Edge.proj : set Node { this.source + this.target}
pred isGraph[ns: set Node, es: set Edge] {es.proj in ns}
// Cmpl[sns,ses,cns,ces] means: a pseudo-complement of a subgraph s is a subgraph c.
pred Cmpl[sns: set Node, ses: set Edge, cns: set Node, ces: set Edge] {
!((cns!=none or ces!=none) and Node in sns and Edge in ses)
Node in sns + cns
Edge in ses + ces
all ns: set Node | all es: set Edge when isGraph[ns,es] and (Node in sns + ns) and (Edge in ses + es)|
(cns in ns and ces in es)
}
/* An element x of a Heyting algebra H is called regular
* if x = ¬y for some y in H.
*/
pred isRegular [xns: set Node, xes: set Edge] {
some yns: set Node | some yes: set Edge when isGraph[yns,yes]|
one cyns: set Node | one cyes: set Edge |
isGraph[cyns,cyes] and Cmpl[yns,yes,cyns,cyes] and (cyns=xns and cyes=xes)
}
assert isAR { // is always regular?
all subns: set Node, subes: set Edge when isGraph[subns,subes] |
isRegular[subns,subes]
}
check isAR for 1 but exactly 1 Node, exactly 1 Edge
// this should fail with 1 couterexample (by theory)