search

AlloyTools / org.alloytools.alloy

Alloy is a language for describing structures and a tool for exploring them. It has been used in a wide range of applications from finding holes in security mechanisms to designing telephone switching networks. This repository contains the code for the tool.
Other
709 stars 124 forks source link

Type checking corner case #72

Closed graymalkin closed 5 years ago

graymalkin commented 5 years ago 
sig MySig {
  eq: set MySig
}

fact {
  iden in eq
}

This bombs out while generating the CNF. It's probably possible to catch with the type checker, as iden has a larger type than eq.

This is of course easy to fix with 

fact { 
    (MySig->MySig & iden) in eq
}

but it took me a few minutes to understand the error.

aleksandarmilicevic commented 5 years ago

What do you mean by "bombs out"? I just ran it and it gave me "no solution", which is expected. The reason why this model is unsatisfiable is because integers are automatically added to the universe, so, as you said, iden is always larger than eq, and hence iden in eq is unsatisfiable.

This model cannot be ruled out by the type checker because the satisfiability of iden in eq depends not only on the types, but also the bounds. For example, if you explicitly remove integers, the model becomes satisfiable:

sig MySig {
  eq: set MySig
}

fact {
  iden in eq
}

run {} for 0 Int

finds:

---INSTANCE---
integers={}
univ={MySig$0}
Int={}
seq/Int={}
String={}
none={}
this/MySig={MySig$0}
this/MySig<:eq={MySig$0->MySig$0}