RE: Sets and bags / Identity of a link



Date view Thread view Subject view Author view

Daniel Jackson (dnj@lcs.mit.edu)
Thu, 25 Jan 2001 08:10:54 -0500


gonzalo, ....> 2. it's phenomenologically spurious (see chapter on ...."designations" in: M. ....Jackson, Requirements and Specifications, Addison Wesley ....1995). we won't ....want an abstract model to make distinctions that we can't ....make in the real ....world. for example, if the parent association is a set of ....links, we'll have ....to explain what the difference is between Alice being Bob's ....parent under ....link L1, and Alice being Bob's parent under link L2. ....> 5. what would it mean to have two distinct links that ....link the same ....objects? this might sometimes be useful, but then you ....should just construct ....a link object specially. in the general case, it will be ....tedious and obscure ....to have to rule this out. .... ....I think the example given later by Perdita Stevens about ....Edge and Node ....answers this. no it doesn't. you can't refute an argument by saying "sometimes the modelling notation will force you to say things you don't want to say" by exhibiting an example! let me try and explain with another example. suppose i want to build a model that describes a security domain. i have classification levels, such as classified, secret, top secret. i want to say that there is an ordering on these levels (to support the rules known as "read down" -- if you can read documents with a level x, you can read ones with a lower level too -- and "write up"). now if i have relations in my notation, i can just declare lower : Level -> Level which i would designate (see the M. Jackson book) like this: (L1, L2) is in lower when the level L1 is regarded as less secret than the level L2 now if instead my basic notion is a link, then the association lower will need a designation of the form: (link1, L1, L2) is in lower when .... and the problem is that i don't know what to put on the right hand side. in particular i have to explain how i will distinguish (link1, L1, L2) from (link2, L1, L2). this is a problem that was discussed extensively in the 80's as "implementation bias". in VDM, cliff jones developed a criterion to check that your models are not "biased". if associations are interpreted as sets of links, it will be impossible to avoid bias. /daniel


Date view Thread view Subject view Author view