Hi,
I have been trying different proofs with TLAPS. In the spec attached in this conversation, I tried a simple example of increment and update of two variables. That is, Increment the first variable at a given time and then update the second variable with the incremented value of the first variable at a different time.
This spec has two variables - valX and valY. valX and valY are represented as a record with two fields: val that can take Natural numbers and ts as timestamp associated with it. We use a global clock for time.
valX is incremented by 1 and valY is updated with the new value of valX. This increment and update pattern is an abstraction that can be used during server/worker zero-downtime updates.
I was able to use TLAPS to prove the safety property of the spec. But it required two extra enabling conditions in the Inc action for the proof to work:
/\ valX.ts <= clock \*<-this is required only for proof
/\ valY.ts <= clock \*<-this is required only for proof
I am not clear as to why we would need these two conditions. It should follow from the induction hypothesis.
I would appreciate it if someone can provide me some more insights into the workings of the TLAPS proof.
I have attached the spec with this conversation.
Best,
Smruti
ps: I am unable to post any attached TLA+ spec to this group in my conversation. so renamed the file with .txt.
--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/d9af2d7a-f150-422f-956a-98b6b69f7843n%40googlegroups.com.
Attempted to enumerate a set of the form [l1 : v1, ..., ln : vn],
but can't enumerate the value of the `val' field:Nat
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/189be644-18f8-40ae-9584-b552fc0c5842n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/189be644-18f8-40ae-9584-b552fc0c5842n%40googlegroups.com.