Automatische Fehlersuche in algebraischen Spezifikationen

sig List { -list basis cplx: one Nat, -list functions and predicates -#1 specification: list app: List -> lone List, lastcons: Elem -> lone List, r_isin: set Elem, -reversed arguments -#2 specification: list-dup adjoin: Elem -> lone List, rmdup: lone List, disjoin: set List, -#3 specification: list-last last: lone Elem, butlast: lone List, r_butlastn: Nat -> lone List, -reversed arguments rev: lone List, r_fillfirst: Nat -> Elem -> lone List, -reversed arguments prefix: set List, postfix: set List, -#4 specification: list-del del: Elem -> lone List, del1: Elem -> lone List, delpos: Nat -> lone List, get: Nat -> lone Elem, r_pos: Elem -> lone Nat, -reversed arguments put: Nat -> Elem -> lone List, r_sublist: Nat -> Nat-> lone List, -reversed arguments r_firstn: Nat -> lone List, -reversed arguments r_restn: Nat -> lone List, -reversed arguments r_lastn: Nat -> lone List, -reversed arguments frome: Elem -> lone List, -#5 specification: list-set union: List -> lone List, diff: List -> lone List, filter: List -> lone List, subset: set List, -#6 specification: list-perm r_oc: Elem -> lone Nat, -reversed arguments perm: set List, msubset: set List, 124 ANHANG A. SPEZIFIKATIONEN -#7 specification: olist r_ins: Elem -> lone List, -reversed arguments merge: List -> lone List, -#8 specification: olist-sort sort: lone List } one sig Nil extends List {} sig Cons extends List { first: Elem, rest: List } ----------------------------monadic predicates -----------------------------#2 specification: list-dup sig dups in List {} -#7 specification: olist sig le in List {} sig ls in List {} ------------------------SUA axioms ------------------------fact Uniqueness { all l,l’: Cons | l.first = l’.first and l.rest = l’.rest => l = l’ } fact Acyclic { no l: Cons | l in l.^rest } -CPLX (term size) -KIV view -(1) cplx([]) = 0 -(2) cplx(a + x) = 1 + cplx(x) fact CPLX { cplx = {x: List, n: Nat | (x = Nil and n = Zero) or some z1: List, a: Elem, m1: Nat | { cons[a,z1,x] (z1->m1) in cplx succ[n,m1] } } } --------------------------predicates --------------------------A.2. ALLOY SPEZIFIKATIONEN 125 pred cons [e: Elem, l: List, c: List] { c.first = e and c.rest = l } -------------------------------signature: elem -------------------------------sig Elem { -basis els: set Elem, -#1 specification: list mklist01: lone List, mklist02: Elem -> lone List, -#3 specification: list-last mklist: Nat -> lone List } fact ORDER_IRREFLEX { no a: Elem | (a->a) in els } fact ORDER_TRANSITIVE { all a,b,c: Elem | (a->b) in els and (b->c) in els => (a->c) in els } fact ORDER_TOTAL { all a,b: Elem | (a->b) in els or (b->a) in els or a = b } ----------------------------------s,k completeness -----------------------------------