CS 674 Homework You are to extend the simple model of the system for managing "ground traffic" at an airport that was developed in the first airport problem. (Problem #1 was done as a classroom exercise on Feb 6.) This extension will happen in three different areas: more detailed modeling of physical constraints, more detailed modeling of ground traffic control policies, and modeling the movement of mobile resources. You will actually do _two_ versions of the model. In the first version, you will specify operations by just describing the desired effects, with the implicit assumption that an operation must also preserve all the constraints in the model. In the second model, you will explicitly define the invariants, i.e., constraints that pertain to things that can be changed by the operations. Then you will use the Alloy tool to check that your operation specifications are adequate, i.e., no operation can falsify the invariants. (This will be discussed further in class.) What to submit: --------------- By email, send two text files called airport-hw1.als and airport-hw2.als. The first one should have a working model that answers Questions 1-6. below. The second one should have a working model that answers Questions 7-9. I will test the models on the cs.lab machines only. Problem Description: ------------------------ Recall that for the purposes of this problem we can consider an airport to have two kinds of resources: fixed resources and mobile resources. Fixed resources include gates, runways, and taxi-ways. In this problem we would like to enrich the model of these fixed resources to capture constraints on their topology and inter-connections. Examples constraints (which are detailed below) include: that a gate is comprised of a single location, that runways are comprised of multiple locations, and that runways may intersect but no other fixed resource may. The novelty here is the decoupling of the notion of location from the fixed resources. In the enriched model fixed resources are related to the locations that constitute the resource rather than being thought of as locations themselves. Airports have mobile resources like planes and service vehicles (trucks for delivering fuel/food/etc.). In addition to the constraints from problem #1 you will model the movement of mobile resources (e.g., takeoff, land, taxi, etc.). Definition of operations that model the movement of mobile resource together with an increased level of detail in modeling fixed resources will enable the enforcement of ground traffic control policies that could not be expressed in the model developed for problem #1. For example, your model will be able to describe the landing of a plane. Hint: You will need to define a suitable notion of adjacency. Try to think abstractly and enforce only the essential aspects of what it means for two locations to be adjacent. It is not necessary to model the real world too accurately, e.g., using a rectilinear coordinate system. If you do that your model will be very large and complex. Problem Constraints: ------------------------ The following constraints dictate the structure of the airport's fixed resources. All of these must be incorporated into your model and there should be comment marking the relevant declarations for each constraint. 1) Mobile resources can be at one location at a time 2) A location can hold at most one plane 3) Fixed resources consist of some number of adjacent locations 4) Gates consist of a single location that is adjacent to a single taxiway at a single location 5) Runways consist of multiple locations 6) Of the fixed resources, only runways can intersect and at atmost one location 7) Taxiways are adjacent to other fixed resources at atmost one location 8) Planes can reach a runway from any gate * Question 1: For constraints 4, 6, and 8, write an assert that expresses the constraint in a different way; run the assert with a reasonable scope in order to confirm that you've got the constraint right. We will reuse the constraints that governed policies on mobile resources in the static model from problem #1. We restate the constraints to be incorporated into your model here: 9) Mobile resources can only move between adjacent locations 10) Only planes can be on runways. 11) At most one plane can be on a runway. 12) Gates can have a single plane. 13) Gates can have multiple service vehicles. 14) If a plane is at a gate, then a vehicle should be there to service it. In addition to the definition of legal states of the model we want to be able to model the movement of mobile resources. There are lots of constraints one could imagine to enforce reasonable and safe movement of planes and vehicles at an airport. You are to incorporate the following constraints in your model: 15) A plane can take off on a runway when all intersecting runways are empty. 16) A plane can land on a runway when it is empty Taking these constraints into account you are to define the following operations a) Takeoff(plane, runway) : a plane on the runway takes off b) Land(plane, runway) : a plane in the air lands on the runway b) Move(equip, loc) : a piece of equipment moves Modeling operations: -------------------- To model the operations, follow the pattern discussed in class. First, identify what parts of the model are part of the _state_, which can be changed by operations. (E.g., the location of mobile resources but not the location of fixed resources.) Then put all the state together in a signature called State, so that operations can be described in terms of two parameters, s, s': State . * Question 2: For constraints 10, 11, and 14, write an assert that expresses the constraint in a different way; run the assert with a reasonable scope in order to confirm that you've got the constraint right. * Question 3: Write a predicate show() that produces non-trivial instances of your model. It should force at least the following: There are at least one gate, runway, vehicle and plane; and there is a pair of intersecting runways. Note: You could use scopes in the a "run" statement to force a certain number of gates etc; but for this question, use constraints in your show() predicate. * Question 4: Write a predicate ShowTakeoff that generates a nontrivial instance of Takeoff(plane,runway,s,s'). * Question 5: Write a predicate ShowLand that generates a nontrivial instance of Land(plane,runway,s,s'). * Question 6: Write a predicate ShowMove that generates a nontrivial instance of Move(equip,loc,s,s'). Checking invariants: -------------------- Make a second version of your model, in which constraints 9-14 are expressed by a separate predicate Invar(s: State) . * Question 7: Write and check an assertion that says the following: If state s satisfies Invar, and s' is the result from a Takeoff, then s' also satisfies Invar. This would be trivial if you just included Invar(s') in your definition of Takeoff, so don't do that. The point is to check that your definition of Takeoff spells out all the necessary preconditions and effects. * Question 8: like Question 7 but for Land. * Question 9: like Question 7 but for Move.