Alloy Tutorial(2)LastPass; cacheMemory

于 2023-06-11 20:52:15 发布
阅读量1.1k 收藏
点赞数
文章标签: alloy
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_42902997/article/details/131155177
版权

文章目录

LastPass

module LastPass

/*
 * LastPass password map
 *
 * A simple example to explain basics of Alloy. 
 *
 * The 'PassBook' keeps track of a set of users' passwords for a set of URLs. 
 * For each User/URL pair, there is one password. Passwords can be added, 
 * deleted, looked up, and changed. 
 * A user can also request all of their password for all URLs.
 *
 * author: Tim Miller; updated by Toby Murray for Alloy 6, including simplifications
 */

sig URL {}
sig Username {}
sig Password {}
sig PassBook {var password : Username -> URL -> Password}

fact NoDuplicates 
{
  always all pb : PassBook, user : Username, url : URL | lone pb.password[user][url]
}

//Add a password for a new user/url pair
pred add [pb : PassBook, url : URL, user: Username, pwd: Password] {
    no pb.password[user][url] 
    pb.password' = pb.password + (user->url->pwd)
}

//Delete an existing password
pred delete [pb : PassBook, url : URL, user: Username] {
    one pb.password[user][url]
    pb.password' = pb.password - (user->url->Password)
}

//Update an existing password
pred update [pb : PassBook, url : URL, user: Username, pwd: Password] {
    one pb.password[user][url] 
    pb.password' = pb.password ++ (user->url->pwd)
}

//Return the password for a given user/URL pair
fun lookup [pb: PassBook, url : URL, user : Username] : lone Password {
    pb.password[user][url]
}

//Check if a user's passwords for two urls are the same
pred samePassword [pb : PassBook, url1, url2 : URL, user : Username] {
    lookup [pb, url1, user] = lookup [pb, url2, user]
}

//Retrieve all of the passwords and the url they are for, for a given user
pred retrieveAll [pb: PassBook, user : Username, pwds : URL -> Password] {
    pwds = (pb.password)[user]
}

//Initialise the PassBook to be empty
pred init [pb: PassBook] {
    no pb.password
}

//If we add a new password, then we get this password when we look it up
assert addWorks {
    all pb : PassBook, url : URL, user : Username, p : Password |
        add [pb, url, user, p] => (after (lookup [pb, url, user]) = p)
}

//If we update an existing password, then we get this password when we look it up
assert updateWorks {
    all pb : PassBook, url : URL, user : Username, p, p2 : Password |
        after (lookup [pb, url, user]) = p => 
            (add [pb, url, user, p2] => (after (lookup [pb, url, user]) = p2))
}

//If we add and then delete a password, we are back to 'the start'
assert deleteIsUndo {
    all pb : PassBook, url : URL, user : Username, pwd : Password |
        (add [pb, url, user, pwd] ; delete [pb, url, user])
            => pb.password = pb.password''
}

run add for 3 but 1 PassBook
run add for 5 URL, 5 Username, 10 Password, 1 PassBook
check addWorks for 3 but 1 PassBook expect 0
check updateWorks for 3 but 1 PassBook expect 0
check deleteIsUndo for 1 but 1 PassBook

题目: Write an assertion that checks that, after running the add operation, no two users have the same password for the same URL unless that was already the case before add was run. Check this assertion on your model. Of course, this assertion is trivially false, as users should never know anything the existence of another password. The exercise is intended to have you think about how to model this assertion.


pred noSharedPasswords[pb : PassBook] {
  all user1, user2 : Username, url : URL |
    user1 != user2 => no (pb.password[user1][url] & pb.password[user2][url])
}

assert addNoSharedPasswords {
  all pb : PassBook, url : URL, user : Username, pwd : Password |
    noSharedPasswords[pb] =>
    add[pb, url, user, pwd] => after (noSharedPasswords[pb])
}

check addNoSharedPasswords for 5 but 1 PassBook expect 0
  • 这样做会出现 counter example
  • 这表明:

    出现反例表示在你的模型中存在至少一个情况,使得你的断言addNoSharedPasswords不成立。这说明,在执行 add 操作之后,即使在添加操作之前没有两个用户对同一URL有相同的密码,也可能出现两个用户对同一URL有相同的密码。
    让我们来看看可能的原因:

    • 首先,add 操作是向密码本 pb 添加一个新的用户/URL/密码组合。这并不保证新添加的密码与其他用户对同一URL的密码不同。 这意味着,如果添加的新密码与某个用户对同一URL的现有密码相同,那么 add 操作就会导致出现共享密码。
    • 因此,你的断言 addNoSharedPasswords 在当前的模型中可能不成立,这可能是由于 add 操作并未尽可能地避免添加共享密码。
    • 为了确保断言的成立,需要修改 add 操作以避免添加共享密码。例如,你可以在 add 操作中添加一个检查,确保新密码与其他用户对同一URL的密码不同。这可能会使你的模型变得复杂,但是可以提高密码的安全性。
    • 总的来说,模型的问题在于,它允许 add 操作创建共享密码,这与 addNoSharedPasswords 断言的要求相冲突。你需要修改你的模型以消除这种冲突。
  • 因此把 add 改成如下这样:
pred add [pb : PassBook, url : URL, user: Username, pwd: Password] {
    no pb.password[user][url] 
    // 在添加之前注明,新增的这个密码 pwd 不能和其他 user 的密码冲突
	all otherUser: Username | pwd != pb.password[otherUser][url]
    pb.password' = pb.password + (user->url->pwd)
}

整体 solution 代码:

module LastPass

/*
 * LastPass password map
 *
 * A simple example to explain basics of Alloy. 
 *
 * The 'PassBook' keeps track of a set of users' passwords for a set of URLs. 
 * For each User/URL pair, there is one password. Passwords can be added, 
 * deleted, looked up, and changed. 
 * A user can also request all of their password for all URLs.
 *
 * author: Tim Miller; updated by Toby Murray for Alloy 6, including simplifications
 */

sig URL {}
sig Username {}
sig Password {}
sig PassBook {var password : Username -> URL -> Password}

fact NoDuplicates 
{
  always all pb : PassBook, user : Username, url : URL | lone pb.password[user][url]
}

//Add a password for a new user/url pair
pred add [pb : PassBook, url : URL, user: Username, pwd: Password] {
    no pb.password[user][url] 
    // 对 add 操作进行限制,避免加入的时候与其他的 user 的密码重复
	all otherUser: Username | pwd != pb.password[otherUser][url]
    pb.password' = pb.password + (user->url->pwd)
}

//Delete an existing password
pred delete [pb : PassBook, url : URL, user: Username] {
    one pb.password[user][url]
    pb.password' = pb.password - (user->url->Password)
}

//Update an existing password
pred update [pb : PassBook, url : URL, user: Username, pwd: Password] {
    one pb.password[user][url] 
    pb.password' = pb.password ++ (user->url->pwd)
}

//Return the password for a given user/URL pair
fun lookup [pb: PassBook, url : URL, user : Username] : lone Password {
    pb.password[user][url]
}

//Check if a user's passwords for two urls are the same
pred samePassword [pb : PassBook, url1, url2 : URL, user : Username] {
    lookup [pb, url1, user] = lookup [pb, url2, user]
}

//Retrieve all of the passwords and the url they are for, for a given user
pred retrieveAll [pb: PassBook, user : Username, pwds : URL -> Password] {
    pwds = (pb.password)[user]
}

//Initialise the PassBook to be empty
pred init [pb: PassBook] {
    no pb.password
}

//If we add a new password, then we get this password when we look it up
assert addWorks {
    all pb : PassBook, url : URL, user : Username, p : Password |
        add [pb, url, user, p] => (after (lookup [pb, url, user]) = p)
}

//If we update an existing password, then we get this password when we look it up
assert updateWorks {
    all pb : PassBook, url : URL, user : Username, p, p2 : Password |
        after (lookup [pb, url, user]) = p => 
            (add [pb, url, user, p2] => (after (lookup [pb, url, user]) = p2))
}

//If we add and then delete a password, we are back to 'the start'
assert deleteIsUndo {
    all pb : PassBook, url : URL, user : Username, pwd : Password |
        (add [pb, url, user, pwd] ; delete [pb, url, user])
            => pb.password = pb.password''
}


pred noSharedPasswords[pb : PassBook] {
  all user1, user2 : Username, url : URL |
    user1 != user2 => no (pb.password[user1][url] & pb.password[user2][url])
}

assert addNoSharedPasswords {
  all pb : PassBook, url : URL, user : Username, pwd : Password |
    noSharedPasswords[pb] =>
    add[pb, url, user, pwd] => after (noSharedPasswords[pb])
}

check addNoSharedPasswords for 5 but 1 PassBook expect 0

cacheMemory

//Addresses and data
sig Addr {}
sig Data {}

//A cache system consists of main memory and cached memory, but mapping addresses to data
one sig CacheSystem {
	var main, cache: Addr -> lone Data
}

//Initially there is no memory allocated
pred init [c: CacheSystem] {
	no c.main + c.cache
}

//Write data to a specified address in the cache
pred write [c : CacheSystem, a: Addr, d: Data] {
	c.main' = c.main
	c.cache' = c.cache ++ a -> d
}

//Read data from a specified address in the cache
pred read [c: CacheSystem, a: Addr, d: Data] {
	some d
	d = c.cache [a]
        c.main' = c.main
        c.cache' = c.cache
}

//Load some data from the main memory in the cache
//Note that this is non-deterministic: it does not specific what to load. This is left to the implementation
pred load [c : CacheSystem] {
	some addrs: set c.main.Data - c.cache.Data |
		c.cache' = c.cache ++ addrs <: c.main
	c.main' = c.main
}

//Flush memory from the cache back into the main memory.
//Note this is also non-deterministic
pred flush [c : CacheSystem] {
	some addrs: some c.cache.Data {
		c.main' = c.main ++ addrs <: c.cache
		c.cache' = c.cache - addrs -> Data
	}
}

//If a load is performed between a write and a read, this should not be observable.
//That is, if we perform the sequence: read, write, load, and read, 
//then reading the same address in both reads should return the same value,
//unless the write in between overwrote that value (i.e. a1=a2)
assert LoadNotObservable {
	all c : CacheSystem, a1, a2: Addr, d1, d2, d3: Data |
		{
		read [c, a2, d2];
		write [c, a1, d1];
		load [c];
		read [c, a2, d3]
		} implies d3 = (a1=a2 => d1 else d2)
	}

check LoadNotObservable for 5

题目:What is the meaning of the one and var keywords in the sig declaration?

  • one 是限制集合中元素的数量
  • var 是定义一个可变的 relation 代表其在运行途中可以发生改变(例如update 或者扩展等操作)

题目:Why does the read predicate need the following two lines? Try removing them and see how it affects the model (e.g. whether the LoadNotObservable assertion holds).
在这里插入图片描述

  • 在 Alloy 中,如果你在断言、谓词或函数中使用到带撇号(')的变量,这表示你在引用系统的下一个状态,而不是当前状态。在这个缓存系统模型中,main'cache' 分别代表下一状态的主内存和缓存内存。

  • 这两行代码的作用是确保在读取操作中,主内存和缓存内存的状态不会改变。 如果你删除了这两行,就相当于允许在读取操作中改变内存的状态,这可能会导致模型的行为与预期不符。

题目:Write an assertion called LoadPreserves, which specifies that when memory is loaded, the main memory does not change. Check this assertion.

assert LoadPreserves{
	all c: CacheSystem | load[c] => c.main'=c.main
}

check LoadPreserves

题目:Write an assertion called CannotReadInitially, which specifies that in the initial state, nothing can be read (i.e., the read operation is not valid). Check this assertion.

assert CannotReadInitially{
	all c: CacheSystem, a: Addr, d: Data | init[c] => not read[c, a, d]
}
check CannotReadInitially

Write an operation called destroy, which takes a memory address as input and removes that memory address and its associated data, whether the address is in the cache or the main memory.

pred destroy[c: CacheSystem, a: Addr]{
	c.main' = c.main - (a -> Data)
	c.cache' = c.cache - (a -> Data)
}

Write an assertion called OnlyOneMemoryDestroyed, which specifies that when memory is destroyed by the destroy operation, it removes memory from either the cache or main memory, but not both. Does this assertion hold? If not, why not?

assert OnlyOneMemoryDestroyed{
	all c: CacheSystem, a: Addr | (destroy[c, a] => c.main'=c.main-(a->Data) and c.cache'=c.cache) 
	or (destroy[c, a] =>  c.cache'=c.cache-(a->Data) and c.main' = c.main)
}

check OnlyOneMemoryDestroyed
  • 不可能 hold,因为 destroy 的定义和这个是违背的。
暖仔会飞
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
alloy
03-17
合金 去做 步骤1 关闭范围包含ThunkID而不是值 算术表达式 属性集 字段访问器解析 错误: let id = x:x; x = 4 in id x let id = x:x; x = 4 in id x发散 let x = 4; in {a = x;} let x = 4; in {a = x;}给出未绑定变量, let x=4; in x let x=4; in x作品中 让绑定 语法返工 消除镜头依赖? 第2步 找出步骤2 (!)函数调用带有大括号的语法问题,f(x)在rt和ct中具有不同的含义。 空格? 与有关RTExprs作为值的未解决问题有关 递归 内建 运行时功能POC 修复优先级问题( builtins.fix (self: 0)失败) 第三步 找出步骤3 递归但正确实施起来应该很容易,但是它需要将let转换成比语法糖更重要的
GMW 15340-2011 Polyolefin Alloy - Talc Filled, High Stiffness,.
09-13
GMW 15340-2011 Polyolefin Alloy - Talc Filled, High Stiffness,.
Alloy Tutorial(1)Alloy 基本使用
qq_42902997的博客
06-11 1133
这个谓词的含义更为广泛,它实际上描述的是一个连通图,连通图的特性就是对于所有的节点对,至少存在一条边使得这两个节点是连通的。注意,这并不意味着图是无向的,因为它并未要求如果存在从u到v的边,那么必须存在从v到u的边。这个谓词表示在图 g 中,对于所有的节点 u 和 v,都存在从u到v的边,并且从v到u的边。这个谓词实际上在描述一个无向图,因为无向图的特性就是如果存在一个从u到v的边,那么必须存在一个从v到u的边。这种逻辑符号进行连接是肯定不对的。这个谓词表示在图g中,
高完整性系统工程(四): An Overview of Alloy
Abner98414的博客
04-09 487
在第一章中,我们将解释如何使用 Alloy 来探索一个非常简单的软件组件的设计,即大多数操作系统中存在的众所周知的垃圾箱或回收站。目的是对如何使用 Alloy 指定和分析软件设计进行简要的(有时是肤浅的)概述。Alloy 规范语言和分析技术的全部细节将在以下章节中给出。​Trash 的目标是:1. 使已删除的文件仍然可以恢复,直到执行清空 Trash 的(可撤消的)操作a. 当文件被删除时,它存储在 Trash 中;b. 仍在 Trash 中时,可以恢复文件;
腾讯前端Alloy团队访谈:HTML5开源图像处理框架AlloyImage
啊啊啊啊2
04-26 365
近日,腾讯Web前端Alloy团队Blog发布了最新的开源项目:一个基于HTML5技术的专业级图像处理引擎——AlloyImage(简称AI),以及一个在线Web图像处理平台——AlloyPhoto(简称AP)。项目源码发布在http://alloyteam.github.com/AlloyPhoto/。InfoQ中文站对此曾做过相关报道。在报道之后,我们联系到Alloy团队,对AlloyImag...
FLUENT 2020R2 tutorial guide PDF及案例源文件
08-16
2. How To Use This Manual Depending on your familiarity with computational fluid dynamics and the ANSYS Fluent software, you can use this tutorial guide in a variety of ways. 2.1. For the Beginner If ...
Tensorflow 2 Tutorial.pdf
04-08
TensorFlow2入门教程
STM32例程Tutorial 30 - FLASH Memory.7z
07-22
STM32例程Tutorial 30 - FLASH Memory.7z
vuetable-2-tutorial-bootstrap
02-01
vuetable-2-tutorial-bootstrap 使用Bootstrap 3 CSS的Vuetable-2您可以在使用相同的教程内容,而只需在此仓库中使用代码即可。 此仓库中的代码已修改为使用Bootstrap 3 CSS而不是语义UI。建立克隆项目并使用npm或...
TurboGrid_Tutorial_Package_2021_R2.zip
03-01
TurboGrid_Tutorial_Package_2021_R2
前18大旋转修整器企业占据全球87%的市场份额.docx
05-06
前18大旋转修整器企业占据全球87%的市场份额
Planet-SkySat-Imagery-Product-Specification-Jan2020.pdf
05-06
SKYSAT IMAGERY PRODUCT SPECIFICATION PLANET.COM VIDEO Full motion videos are collected between 30 and 120 seconds by a single camera from any of the active SkySats. Videos are collected using only the Panchromatic half of the camera, hence all videos are PAN only. Videos are packaged and delivered with a video mpeg-4 file, plus all image frames with accompanying video metadata and a frame index file (reference Product Types below)
Screenshot_20240506_133458_com.netease.yhtj.vivo.jpg
05-06
Screenshot_20240506_133458_com.netease.yhtj.vivo.jpg
2019年A~F题特等奖论文合集.pdf
05-06
大学生,数学建模,美国大学生数学建模竞赛,MCM/ICM,历年美赛特等奖O奖论文
雷达物位变送器安装和操作手册
05-06
雷达物位变送器安装和操作手册
node-v11.6.0-linux-armv7l.tar.xz
最新发布
05-06
Node.js,简称Node,是一个开源且跨平台的JavaScript运行时环境,它允许在浏览器外运行JavaScript代码。Node.js于2009年由Ryan Dahl创立,旨在创建高性能的Web服务器和网络应用程序。它基于Google Chrome的V8 JavaScript引擎,可以在Windows、Linux、Unix、Mac OS X等操作系统上运行。 Node.js的特点之一是事件驱动和非阻塞I/O模型,这使得它非常适合处理大量并发连接,从而在构建实时应用程序如在线游戏、聊天应用以及实时通讯服务时表现卓越。此外,Node.js使用了模块化的架构,通过npm(Node package manager,Node包管理器),社区成员可以共享和复用代码,极大地促进了Node.js生态系统的发展和扩张。 Node.js不仅用于服务器端开发。随着技术的发展,它也被用于构建工具链、开发桌面应用程序、物联网设备等。Node.js能够处理文件系统、操作数据库、处理网络请求等,因此,开发者可以用JavaScript编写全栈应用程序,这一点大大提高了开发效率和便捷性。 在实践中,许多大型企业和组织已经采用Node.js作为其Web应用程序的开发平台,如Netflix、PayPal和Walmart等。它们利用Node.js提高了应用性能,简化了开发流程,并且能更快地响应市场需求。
Python3实现快速排序(源代码)
05-06
快速排序是一种基于分治策略的排序算法,通过选择一个基准元素,将待排序的数组划分为两个子数组,一个包含所有小于基准的元素,另一个包含所有大于基准的元素,然后递归地对这两个子数组进行快速排序。快速排序在平均情况下具有O(n log n)的时间复杂度,是一种非常高效的排序算法。然而,在最坏情况下,当输入数据已经有序或接近有序时,快速排序的性能会退化为O(n^2)。此外,快速排序是不稳定的排序算法,即相等的元素可能在排序过程中改变相对位置。尽管如此,快速排序仍然因其高效的平均性能而在实际应用中广泛使用。在Python3中,可以通过递归或迭代的方式实现快速排序算法,但为了避免额外的空间开销,通常会采用原地排序的方式来实现。
毕业课设基于51单片机的出租车计价器(昼夜)
05-06
【作品名称】:基于51单片机的出租车计价器(昼夜) 含(程序、仿真图、流程图、原理图) 【适用人群】:适用于希望学习不同技术领域的小白或进阶学习者。可作为毕设项目、课程设计、大作业、工程实训或初期项目立项。 出租车计价器: 1、不同情况具有不同的收费标准,具有白天和夜晚不同的计价能力 2、能进行手动修改单价 3、具有数据的复位功能(起步价,起步公里数,里程单价,白天晚上不一样) 4、能够在掉电的情况下存储单价等数据 5、步进电机模拟里程,一圈表示一里路
2024年中国API 11P往复式气体压缩机行业研究报告.docx
05-06
2024年中国API 11P往复式气体压缩机行业研究报告
tutorial master 2下载
12-19
如果你想要下载"tutorial master 2",你可以通过以下几种方式来实现。 首先,你可以在网络上搜索"tutorial master 2"的官方网站或者官方下载页面。在这里,你可以找到官方提供的下载链接,点击链接即可将程序下载到...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

暖仔会飞

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值