This article describes a small example of how the use of the Alloy modeling language can help in software development.

About the quality of software and tools

Typeable , . :

2. Haskell
3. -
6. , QA
   
   ( Octopod QA)
7. pre-production

, . , .

. , , 30 . CI, 30 . , 30 , CI .

, : QA- , - . , , !

, , ? , , !

Alloy

Alloy. Alloy – , , .

, Alloy . Alloy , . , .

. :

newAuthCode
  :: (MonadWhatever m)
  => DB.Client
  -> DB.SessionId
  -> m DB.AuthorizationCode
newAuthCode clid sid = do
  let codeData = mkAuthCodeFor clid sid
  void $ DB.deleteAllCodes clid sid
  void $ DB.insertAuthCode codeData
  return code
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

HTTP- , , . , . « » (uniqueness constraint violation).

?

, , Alloy. , . newAuthCode



Alloy. , , , .

, , .

, , . , . Alloy, :

open util/time  //    Time

sig Operation       //    ...
  { delete : Time   // ...   -  
  , insert : Time   // ...    - 
  }
  { lt[delete,insert]  //    
    lt[first,delete]   //      
                       //     
  }
  run {some Operation} for 4 //    
                             //  <= 4 
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

. , Operation



, .

, alloy . 'execute' 'show', :

Alloy , 'next'.

, ( 'next’ 'Table'):

┌──────────────┬──────┬──────┐
│this/Operation│delete│insert│
├──────────────┼──────┼──────┤
│Operation⁰    │Time¹ │Time³ │ ← Operation⁰    Time¹ 
├──────────────┼──────┼──────┤      Time³
│Operation¹    │Time² │Time³ │ ← Operation¹    Time² 
└──────────────┴──────┴──────┘       Time³
                         ↑
                        !
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

, , , Alloy , !

, : , , . , , postgresql , .

!

!

, .

code <- run $ do
  handleJust constraintViolation
    (launchPG $ selectCodeForSession clid scope sid
    (launchPG . pgWithTransaction $ newAuthCode clid scope sid)
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

, , , , . , select



, .

?

Alloy , :

open util/time //  Time

sig Token {} //    Token

one sig DBState //    
 {userToken : Token lone -> Time}
    //          
    // (..       )

sig Operation {
   delete : Time
 , insert : Time
 , select : Time //      select
}
{
  lt[first,delete]   //       
                     //   

  lt[delete,insert]  //    delete

  lte[insert,select] // select      insert'

  no userToken.(insert.prev) //    (.. 
  => insert = select         //     ),
                             //       
                             //   (..   
                             // 'INSERT RETURNING').
                             //     
                             // ,  select   
}
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

. DBState



, , select, , . , , , .

, . , :

fact Trace {                           //  Trace   
 all t : Time - first | {              //   ,  :

   some delete.t => no userToken.t       //   ,  

   some insert.t => some userToken.t     //   ,   

   no delete.t and no insert.t           //     ,  ,
    => userToken.t = userToken.(t.prev)  //   
  }
}
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

, .

, , . Alloy . , , , select.

Alloy .

assert selectIsGood {         // ,    
 all s : Operation.select |   // ,   select,
  some userToken.s            //    
}

check selectIsGood for 6 // ,  selectIsGood  
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

, :

┌────────┬────────────┐
│DBState │userToken   │
├────────┼──────┬─────┤
│DBState⁰│Token²│Time³│
│        │      ├─────┤  ← Token²      Time³  Time⁵
│        │      │Time⁵│
│        ├──────┼─────┤
│        │Token³│Time²│  ← Token³     Time².
└────────┴──────┴─────┘
                   ↑
                     
                  Time², Time³  Time⁵
                 ,   
                 Time⁴  !

┌──────────────┬──────┬──────┬──────┐
│Operation     │delete│insert│select│
├──────────────┼──────┼──────┼──────┤
│Operation⁰    │ TIME⁴│ Time⁵│ Time⁵│
├──────────────┼──────┼──────┼──────┤
│Operation¹    │ Time¹│ Time³│ TIME⁴│   ←     Time⁴ 
├──────────────┼──────┼──────┼──────┤     select    Operation¹!
│Operation²    │ Time¹│ Time²│ Time²│
└──────────────┴──────┴──────┴──────┘
                  ↑       ↑      ↑
                  , 
                  
      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

. , . -, . , , , . , , select .

, , , , , !

.

, Alloy. , , . , .

, , , , , . , Alloy, «».

, . ? , , , , , .

Alloy?

, , , Alloy:

• https://alloytools.org/ < —
• https://alloy.readthedocs.io/en/latest/ < —
• https://mitpress.mit.edu/books/software-abstractions < — Alloy, . , .
• https://alloytools.org/citations/case-studies.html < — Alloy . .

---

P.S. , .