Requesting help with TLAPM proof

[Swee Warman]

Hi,

I am learning to use the TLAPM prover and would like some help.

I have the following simple example and I am trying to prove the theorem as shown below. I am not sure how to prove this in TLAPM. Anyone has any thoughts on how I could proceed?

Many thanks,

Swee

------------------------------- MODULE test -------------------------------

EXTENDS Naturals, TLAPS

VARIABLE y

inc == y' = [i \in DOMAIN y |-> y[i] + 1]

THEOREM inc => \A i \in DOMAIN y: y[i]' /= y[i]
  <1> SUFFICES ASSUME inc
               PROVE  \A i \in DOMAIN y: y[i]' /= y[i]
      OBVIOUS
  <1> QED
    BY DEF inc
  
============================================

[Stephan Merz]

Hello,

this is not provable unless you assume that the values y[i] are numbers (for i \in DOMAIN y). For example, we don't know if {} + 1 = {} or not. You should be able to prove

THEOREM

  ASSUME y \in [DOMAIN y -> Nat], inc

  PROVE  \A i \in DOMAIN y : y'[i] # y[i]

In typical reasoning about specifications, one includes a typing invariant that provides such information.

Regards,

Stephan

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/fd2059df-06ce-475a-89d3-3acf3781c665n%40googlegroups.com.

[Swee]

Thank you!

You received this message because you are subscribed to a topic in the Google Groups "tlaplus" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tlaplus/1kFaT2np5f0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tlaplus+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/213FC0B5-D2FC-4A59-A703-5D38C5AE615C%40gmail.com.