A First Step in the Translation of Alloy to Coq

International audienceAlloy is both a formal language and a tool for software mod-eling. The language is basically first order relational logic. The analyzer is based on instance finding: it tries to refute assertions and if it succeeds it reports a counterexample. It works by translating Alloy models and instance finding into SAT problems. If no instance is found it does not mean the assertion is satisfied. Alloy relies on the small scope hypothesis: examining all small cases is likely to produce interesting counterexamples. This is very valuable when developing a system. However, Alloy cannot show their absence. In this paper, we propose an approach where Alloy can be used as a first step, and then using a tool we develop, Alloy models can be translated to Coq code to be proved correct interactively

Astra Version 1.0: Evaluating Translations from Alloy to SMT-LIB

We present a variety of translation options for converting Alloy to SMT-LIB via Alloy’s Kodkod interface. Our translations, which are implemented in a library that we call Astra, are based on converting the set and relational operations of Alloy into their equivalent in typed first-order logic (TFOL). We investigate and compare the performance of an SMT solver for many translation options. We compare using only one universal type to recovering Alloy type information from the Kod- kod representation and using multiple types in TFOL. We compare a direct translation of the relations to predicates in TFOL to one where we recover functions from their relational form in Kodkod and repre- sent these as functions in TFOL. We compare representations in TFOL with unbounded scopes to ones with bounded scopes, either pre or post quantifier expansion. Our results across all these dimensions provide di- rections for portfolio solvers, modelling improvements, and optimizing SMT solvers

Linking Alloy with SMT-based Finite Model Finding

Alloy is a well-known declarative language for modelling systems early in the development process. Currently, it uses the Kodkod library as its back-end for finite model finding (finding instances of the model by determining satisfiability for finite sets). Alloy's tool, the Alloy Analyzer, converts the Alloy model to an equivalent Kodkod problem, which is translated to boolean logic and analyzed using an off-the-shelf SAT solver by Kodkod. However, this method can often handle only problems of fairly small size sets. We present Portus, a tool for translating Alloy into an equisatisfiable many-sorted finite model finding (MSFMF) problem of first-order logic. The MSFMF problem is evaluated by an SMT-based finite model finding method implemented in the Fortress solver, creating an alternative back-end to the Alloy Analyzer. Fortress converts the MSFMF problem into (mostly) the logic of equality with uninterpreted functions (EUF), a decidable fragment of first-order logic that is well-supported in many SMT solvers. Portus is presented as a two-fold approach. First, we discuss the basic translation of all Alloy constructs in detail. Second, we suggest optimizations applicable to some Alloy models to improve the performance of Portus. We evaluate the effect of each optimization on Portus. Finally, we compare the performance of Portus with Kodkod, the current solver of the Alloy Analyzer, on a corpus of Alloy models over various scopes. We classify these Alloy models based on certain characteristics and provide a hypothesis regarding the class of Alloy models Portus performs better on

Relational Reasoning - Constraint Solving, Deduction, and Program Verification

This dissertation exploits the formal methods paradigm in which the software system and its specification are transformed to a logical formula, such that the formula is valid iff the specification is correct. The thesis provides a reasoning framework for the verification of software systems against relational specifications written in a first-order relational logic. The system description can be given either at the abstract relational level or at the detailed implementation level