I am really confused over why there is always a counter example to my following assertion.
//assertions must NEVER by wrong
assert Symmetric{
all r: univ -> univ | some ~r iff (some x, y: univ | x not in y and y not in x and
(x->y in r) and (y->x in r))
}
check Symmetric
The counter-example always shows 1 element in univ set. However, this should not be the case since I specified that there will be some ~r iff x not in y and y not in x. The only element should not satisfy this statement.
Yet why does the model keep showing a counterexample to my assertion?
---INSTANCE---
integers={}
univ={Univ$0}
Int={}
seq/Int={}
String={}
none={}
this/Univ={Univ$0}
skolem $Symmetric_r={Univ$0->Univ$0}
Would really appreciate some guidance!
In Alloy, assertions are used to check the correctness of logic sentences (properties of your model), not to specify properties that should always hold in your model. So you didn't specify that
there will be some ~r iff x not in y and y not in x
you instead asked Alloy whether it is true that for all binary relations r, some ~r iff x not in y and y not in x [...], and Alloy answered that it is not true, and gave you a concrete example (counterexample) in which that property doesn't hold.
A couple other points
some ~r doesn't mean "r is symmetric"; it simply means that the transpose of r is non-empty, which is not the same. A binary relation is symmetric if it is equal to its transpose, so you can write r = ~r to express that;
instead of some x, y: univ | x not in y and y not in x and [...] you can equivalently write some disj x, y: univ | [...];
however, that some expression doesn't really express the symmetry property, because all it says is that "there are some x, y such that both x->y and y->x are in r"; instead, you want to say something like "for all x, y, if x->y is in r, then y->x is in r too".
Related
f x zero = Nothing
f x y = Just $ x / y
where zero = 0
The literal-bound identifier zero simply matches all after the warning Pattern match(es) are overlapped.
That's how Haskell's syntax works; every lowercase-initial variable name in a pattern (re)binds that name. Any existing binding will be shadowed.
But even if that weren't the case, the binding for zero would not be visible to the first alternative, because of how Haskell's syntax works. A similar thing happens in the following version:
f = \v1 v2 -> case (v1, v2) of
(x, zero) -> Nothing
(x, y) -> Just $ x / y
where zero = 0
The where clause only applies to the one alternative that it's part of, not to the whole list of alternatives. That code is pretty much the same thing as
f = \v1 v2 -> case (v1, v2) of
(x, zero) -> Nothing
(x, y) -> let zero = 0 in Just $ x / y
If bound identifiers had different semantics than unbound identifiers in a pattern match, that could be quite error prone as binding a new identifier could mess up pattern matches anywhere that identifier is in scope.
For example let's say you're importing some module Foo (unqualified). And now the module Foo is changed to add the binding x = 42 for some reason. Now in your pattern match you'd suddenly be comparing the first argument against 42 rather than binding it to x. That's a pretty hard to find bug.
So to avoid this kind of scenario, identifier patterns have the same semantics regardless of whether they're already bound somewhere.
Because they are very fragile. What does this compute?
f x y z = 2*x + 3*y + z
Would you expect this to be equal to
f x 3 z = 2*x + 9 + z
f _ _ _ = error "non-exhaustive patterns!"
only because there's a y = 3 defined somewhere in the same 1000+ line module?
Also consider this:
import SomeLibrary
f x y z = 2*x + 3*y + z
What if in a future release SomeLibrary defines y? We don't want that to suddenly stop working.
Finally, what if there is no Eq instance for y?
y :: a -> a
y = id
f :: a -> (a -> a) -> a
f x y = y x
f x w = w (w x)
Sure, it is a contrived example, but there's no way the runtime can compare the input function to check whether it is equal to y or not.
To disambiguate this, some new languages like Swift uses two different syntaxes. E.g. (pseudo-code)
switch someValue {
case .a(x) : ... // compare by equality using the outer x
case .b(let x) : ... // redefine x as a new local variable, shadowing the outer one
}
zero is just a variable that occurs inside a pattern, just like y does in the second line. There is no difference between the two. When a variable that occurs inside a pattern, this introduces a new variable. If there was a binding for that variable already, the new variable shadows the old one.
So you cannot use an already bound variable inside a pattern. Instead, you should do something like that:
f x y | y == zero = Nothing
where zero = 0
f x y = Just $ x / y
Notice that I also moved the where clause to bring it in scope for the first line.
In appendix B: Alloy Language Reference of Software Abstractions it is stated that
all x: X, y: Y | F
is short for
all x: X | all y: Y | F
but
one x: X, y: Y | F
is not short for
one x: X | one y: Y | F
I can't quite see clearly what is going on here and it occurs to me i am perhaps not reading this correctly at all..
my attempt would be "this is true if there is one instance, comprised of one x from X and one y from Y for which F is true".
Intuitively, one x: X, y: Y | F means "there is exactly one pair (x,y) in XxY s.t. F", while one x: X | one y: Y | F means "there is exactly one x in X s.t: there is exactly one y in Y s.t. F". In the latter case, the unique y s.t. F may depend on the given x.
To see what happens formally, you could translate one in terms of all and some; and then recast your example this way.
I'm trying out an exercise where I have to print out a root node of a bst. They are telling me to use data BinSearch x y = Empty | Node x y (BinSearch x y) (BinSearch x y) (meaning a binary search tree either has nothing in it or it does) and the signature, result :: BinSearch x y -> Maybe y. I need to run the program like,
> result None
Nothing
> result (Node 0 44 None None)
Just 44
I'm a bit confused on how to do this. If I had control over the signature, it'd be easy, but I don't understand how to go about this.
The only thing I've come up with is
data BinSearch x y = None | Node x y (BinSearch x y) (BinSearch x y)
result :: BinSearch x y -> Maybe y
result (Node a b None None) = b
but the error I get there is that it couldn't match v with BinSearch x0 y0.
EDIT: I have fixed all transcription errors, apologies. The problem is now stated EXACTLY as it was in the book.
Two small hints: first, it must be BinSearch with a capital B. I suspect this was a transcription error on your part. Second is a syntax hint; your pattern needs parentheses, like this:
result (Node a b None None) = ...
This is not a complete solution; but will get you over this hurdle and into the next (more interesting) error.
I got it. I'm dumb. You just have to put "Just 44" at the end. My problem was that I didn't know that "Just" was built in.
I already asked about the Cartesian product and disjoint union in Alloy here . There, I considered sets as unary defined predicates.
What if I simple want to disjoint union two simple signatures in Alloy.
suppose I have the following signatures:
sig A {}
sig B {}
I would like to define a relation from A to B Û B, where I used Û for disjoint union. Is this possible directly in alloy?
I can think of two approaches. (But I realize, re-reading your question that I have no idea what your last paragraph means. So perhaps this is all irrelevant to your goals.)
First: A disjoint union labels each member with a flag so you know which parent set it came from, and so that no element in the disjoint union is in both parent sets. If the point of the exercise is to ensure that you know what parent set each member of the disjoint union came from, and to ensure that no member of the disjoint union came from more than one parent set, then in this case, normal union seems to do what you need. In your example, signatures A and B are already disjoint, and it's always possible to tell whether a given atom is in A or in B. So the first approach is just to use the expression A + B.
Second: If A + B won't do, for reasons not given in the question, and you really really want a set of pairs, then define that set of pairs. In each pair, either the first element is from A and the second element is 1 (or some other flag) or else the first element is from B and the second element is 2 (or some other flag).
One way to write this would be:
{v : X + Y, n : Int | (v in X and n = 1) or (v in Y and n = 2) }
Another equivalent way would be:
{x : X, y : Int | y = 1}
+
{x : Y, y : Int | y = 2}
A third way is even simpler:
{v : X, n : 1} + {v : Y, n : 2}
And simpler yet:
(X -> 1) + (Y -> 2)
Like any expression, this can be packaged in a function:
fun du[Left, Right : set univ] : (Left + Right) -> Int {
(Left -> 1) + (Right -> 2)
}
And then the disjoint union of A and B can be written du[A, B].
I repeat my advice to spend some time learning about comprehensions.
I've been asking a few questions about strictness, but I think I've missed the mark before. Hopefully this is more precise.
Lets say we have:
n = 1000000
f z = foldl' (\(x1, x2) y -> (x1 + y, y - x2)) z [1..n]
Without changing f, what should I set
z = ...
So that f z does not overflow the stack? (i.e. runs in constant space regardless of the size of n)
Its okay if the answer requires GHC extensions.
My first thought is to define:
g (a1, a2) = (!a1, !a2)
and then
z = g (0, 0)
But I don't think g is valid Haskell.
So your strict foldl' is only going to evaluate the result of your lambda at each step of the fold to Weak Head Normal Form, i.e. it is only strict in the outermost constructor. Thus the tuple will be evaluated, however those additions inside the tuple may build up as thunks. This in-depth answer actually seems to address your exact situation here.
W/R/T your g: You are thinking of BangPatterns extension, which would look like
g (!a1, !a2) = (a1, a2)
and which evaluates a1 and a2 to WHNF before returning them in the tuple.
What you want to be concerned about is not your initial accumulator, but rather your lambda expression. This would be a nice solution:
f z = foldl' (\(!x1, !x2) y -> (x1 + y, y - x2)) z [1..n]
EDIT: After noticing your other questions I see I didn't read this one very carefully. Your goal is to have "strict data" so to speak. Your other option, then, is to make a new tuple type that has strictness tags on its fields:
data Tuple a b = Tuple !a !b
Then when you pattern match on Tuple a b, a and b will be evaluated.
You'll need to change your function regardless.
There is nothing you can do without changing f. If f were overloaded in the type of the pair you could use strict pairs, but as it stands you're locked in to what f does. There's some small hope that the compiler (strictness analysis and transformations) can avoid the stack growth, but nothing you can count on.