TLC Error that had me puzzled for a while

[ns]

I just wanted to share something that had me puzzled for a while which I have distilled down to its essence in case its useful to anyone. Suppose I have a simple spec as follows, 

EXTENDS Naturals

VARIABLES x,y

Init == x=1 /\ y=1

A == y'=2 /\ UNCHANGED x

B == x < y'

Next == A /\ B

Spec == Init /\ [][Next]_<<x,y>>

TLC is fine with this spec. However, if I change the Next definition to 

Next == A /\ ENABLED(B)

Then TLC throws a runtime error with a strange message saying that it has no idea what y is. I subsequently discovered that this means that it doesn't have a value for y'. The reason is that in the first spec TLC is evaluating the step predicate B and as long as A comes before B, it has a value for y'. However in the second spec, ENABLED is a state predicate, and unfortunately TLC doesn't have a value for y' in the current state. 

Thanks

[Stephan Merz]

Hello,

TLC will be able to handle your second spec if you restrict the choice of y' to a finite set, such as

B == y' \in 0..10 /\ x < y'

Stephan

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/e8418ec5-830c-4fb3-a968-28295857c59dn%40googlegroups.com.