Proving INV1
38 views
Skip to first unread message
aric....@gmail.com
Jul 25, 2019, 9:11:52 AM7/25/19
to tlaplus
Hi all, I am reading Mr. Lamport's paper The Temporal Logic of Actions [0]. In section 5.6 of that paper, he lays out the proof rules of simple temporal logic and simple TLA. I managed to prove the validity of STL1-6 and Lattice and I have proven TLA1 and TLA2 using the previous rules, but I am stuck trying to prove INV1, which is
I /\ [N]_f => I'
-------------------
I /\ [][N]_f => []I
where I is a predicate, N is an action, and f is a state function.
I was thinking that you need to use either TLA1 or TLA2, but I have not had much luck. If anyone could point me in the right direction, such as by letting me know which proof rules are important in proving this rule, I would be grateful.
Thanks
[0] http://lamport.azurewebsites.net/pubs/pubs.html#lamport-actions
I /\ [N]_f => I'
-------------------
I /\ [][N]_f => []I
where I is a predicate, N is an action, and f is a state function.
I was thinking that you need to use either TLA1 or TLA2, but I have not had much luck. If anyone could point me in the right direction, such as by letting me know which proof rules are important in proving this rule, I would be grateful.
Thanks
[0] http://lamport.azurewebsites.net/pubs/pubs.html#lamport-actions
Stephan Merz
Jul 29, 2019, 4:29:03 AM7/29/19
to tla...@googlegroups.com
Hello,
from the hypothesis of INV1
I /\ [N]_f => I'
you can derive both
(1) [N]_f => [I => I']_f and (2) I /\ f'=f => I'
by propositional logic. Now, apply TLA1 to (1), with P and Q both TRUE, to derive
(3) [][N]_f => [][I => I']_f
(If you are really meticulous, use STL1 to get rid of the formula []TRUE on the left-hand side of the direct conclusion of TLA2.) From (2), TLA1 gives you
(4) []I <=> I /\ [][I => I']_f
and the conclusion of INV1 follows from (3) and (4).
Regards,
Stephan
> --
> You received this message because you are subscribed to the Google Groups "tlaplus" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+u...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/73c9e238-d51f-4f38-b7dd-4137fe456fc9%40googlegroups.com.
from the hypothesis of INV1
I /\ [N]_f => I'
(1) [N]_f => [I => I']_f and (2) I /\ f'=f => I'
by propositional logic. Now, apply TLA1 to (1), with P and Q both TRUE, to derive
(3) [][N]_f => [][I => I']_f
(If you are really meticulous, use STL1 to get rid of the formula []TRUE on the left-hand side of the direct conclusion of TLA2.) From (2), TLA1 gives you
(4) []I <=> I /\ [][I => I']_f
and the conclusion of INV1 follows from (3) and (4).
Regards,
Stephan
> You received this message because you are subscribed to the Google Groups "tlaplus" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+u...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/73c9e238-d51f-4f38-b7dd-4137fe456fc9%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages