Introduction to Alloy

Proof of a serial adder (http://blackmesatech.com/2010/01/serial-adder.als).

• Define a next relation on the items (i.e. DIY).
• Various utility libraries (util/sequence, util/seqrel, ...)
• util/ordering
• (in Alloy 4.2) the seq keyword

Provides a variety of helpful functions and predicates:

• first, last, prev[Item], next[Item]
• larger [x, y], smaller [x, y] (one Item), max [es: set Item], min [es: set Item] (lone Item), prevs[Item], nexts[Item] (set Item)
• lt [e1, e2: Item], gt [e1, e2: Item], lte [e1, e2: Item], gte [e1, e2: Item]

Documentation on Alloy site (http://alloy.mit.edu/alloy/documentation/quickguide/seq.html)

Consider a model of manuscript transmission:

sig MS {
  exemplar : lone MS
}
sig State {
  extant : set MS,
  lost : set MS - extant
}

Define how state can change:

pred step [disj s, s' : State] {
  s' = next[s]
  some destroyed, new_copies : set MS |
    destroyed in s.extant
    and new_copies in MS - (s.extant + s.lost)
    and (all c : new_copies | 
             some c.exemplar 
             and c.exemplar in s.extant)
    and s'.extant = new_copies + s.extant - destroyed
    and s'.lost = s.lost + destroyed
}

Import the util/ordering library:

open util/ordering[State]

Define initial state:

pred initial_state [ s : State ] {
  one s.extant
  no s.extant.exemplar
  no s.lost
}

Define state sequence:

pred history {
  initial_state[first]
  all s : State - last | 
    let s' = next[s] | 
      step[s, s']
}

An event-oriented idiom is also available; allows quantifying over events.