Alloy Problem in predicate

1. open util/boolean
2.  
3. // Signatures
4.  
5.  
6. abstract sig Sensor {
7. available: one Bool
8. }
9.  
10. sig HeartRateSensor extends Sensor{}
11. sig BloodPressureSensor extends Sensor{}
12. sig SleepMonitoringSensor extends Sensor{}
13.  
14.  
15. sig Smartwatch {
16. user: one User,
17. sensors: set Sensor,
18. compatible: one Bool
19. } {
20. // Must have at least 3 different sensors:
21. // HeartRateSensor, BloodPressureSensor, SleepMonitoringSensor
22. all disj s, s', s'': Sensor {
23. ((s in sensors && s' in sensors && s'' in sensors) &&
24. (s != s' && s' != s'' && s != s'') &&
25. ( s.available = True && s'.available = True && s''.available = True)) <=> compatible = True
26. }
27. }
28.  
29.  
30. abstract sig Customer {
31. username: lone String,
32. password: lone String,
33. canRegister: one Bool,
34. isRegistered: one Bool
35. } {
36. isRegistered = True => canRegister = True
37. canRegister = False => isRegistered = False
38. #username = 0 || #password = 0 => canRegister = False
39. }
40.  
41. sig User extends Customer {
42. fiscalCodeOrSSN: lone String,
43. smartwatch: one Smartwatch,
44. notifications: set Notification,
45. acceptsDataRequestFrom: set Company
46. } {
47. (#fiscalCodeOrSSN = 0 || smartwatch.compatible = False) => canRegister = False
48. }
49.  
50. sig Company extends Customer {
51. paymentMethod: lone String,
52. queries: set Query
53. } {
54. #paymentMethod = 0 => canRegister = False
55. isRegistered = False => #queries = 0
56. }
57.  
58. abstract sig Query {
59. company: one Company
60. }
61.  
62. sig AnonQuery extends Query {
63. people: set User,
64. isValid: one Bool
65. } {
66. isValid = True <=> #people >= 5
67. }
68.  
69. sig IndividualQuery extends Query {
70. person: one User,
71. userAccepts: lone Bool, // lone cause if #userAccepts = 0 it must mean that a notification had been received by the user
72. } {
73. all u: User {
74. u = person => userAccepts = True else #userAccepts = 0 && #person.notifications > 0
75. }
76. }
77.  
78. sig Notification {
79. user: one User,
80. company: one Company
81. }
82.  
83. // Facts: Consistency
84.  
85. fact UsernameConsistency {
86. // There are no 2 Customer(s) with the same username
87. all disj c, c': Customer | c.username != c'.username
88. }
89.  
90. fact FiscalCodeOrSSNConsistency {
91. // There are no 2 User(s) with the same fiscalCodeOrSSN
92. all disj u, u': User | u.fiscalCodeOrSSN != u'.fiscalCodeOrSSN
93. }
94.  
95. fact SmartWatchConsistency {
96. // Let's suppose, wlog, that the cardinality of the relation
97. // between smartwatch and user is 1 to 1
98. all s: Smartwatch, u: User | s.user = u <=> u.smartwatch = s
99. }
100.  
101. fact QueryConsistency {
102. // If a query has been made by a company
103. // it must be in the set of all the queries
104. // made by the company
105. all q: Query, c: Company | q.company = c <=> q in c.queries
106. }
107.  
108. fact NotificationConsistency {
109. // If a notification has been sent to a user
110. // the user must have it in the set of
111. // all notifications
112. all n: Notification, u: User | n.user = u <=> n in u.notifications
113. }
114.  
115. // Assertions
116.  
117. // Goal G2: The system should allow users to register by providing his
118. // Fiscal Code or his Social Security Number, an username and a password.
119.  
120. assert UserCanRegister {
121. all u: User {
122. (
123. #u.username = 1 &&
124. #u.password = 1 &&
125. #u.fiscalCodeOrSSN = 1 &&
126. u.isRegistered = False &&
127. u.(smartwatch.compatible) = True
128. ) => u.canRegister = True
129. }
130. }
131.  
132. check UserCanRegister for 5
133.  
134. // Goal G3: The system should allow companies to register
135.  
136. assert CompaniesCanRegister {
137. all c: Company {
138. (
139. #c.username = 1 &&
140. #c.password = 1 &&
141. #c.paymentMethod = 1
142. ) => c.canRegister = True
143. }
144. }
145.  
146. check CompaniesCanRegister for 5
147.  
148. // Goal G4: The system should allow registered companies to request data
149. // from an anonymized group of individuals, only if individuals in the
150. // group are more than 1000.
151.  
152. assert CompaniesCanMakeAnonimizedQueries {
153. all c: Company, q: AnonQuery{
154. (
155. c.isRegistered = True &&
156. #queries > 0 &&
157. #q.people >= 5
158. ) => q.isValid = True && q in c.queries
159.  
160. }
161. }
162.  
163. check CompaniesCanMakeAnonimizedQueries for 5
164.  
165. // Goal G5: The system should allow registered companies to request data
166. // from an individual person, only if individuals accept the request.
167.  
168. assert CompaniesCanMakeIndividualQueries {
169.  
170. // If a company requests data from a single person
171. // either
172. // the person accepts <=> company is in the person acceptance list
173. // or
174. // the person still hasn't accepted => there's a notification concerning the company and the user in the person notification list
175.  
176. all q: IndividualQuery, c: Company, n: Notification {
177. (q.company = c) &&
178. (
179. (q.userAccepts = True <=> c in q.(person.acceptsDataRequestFrom)) ||
180. (#q.userAccepts = 0 => (
181. n.user = q.person &&
182. n.company = c &&
183. n in q.(person.notifications)
184. ))
185. )
186. }
187.  
188. }
189.  
190. check CompaniesCanMakeAnonimizedQueries for 5
191.  
192. pred show(){}
193.  
194. run show for 10