how TLA+ verify the crash model?

27 views
Skip to first unread message

杨超

unread,
Nov 29, 2021, 3:08:06 AM11/29/21
to tlaplus
fair process config = CONFIG
begin
Ctor:
Tick:
CrashOrContinue:
            if sthDone then
                   goto  Done;
            else
                     either
                         goto Tick;
                     or
                          goto Ctor;
                      end either;
            end if;   
end process;

my system has 4 process, the config process maybe crash, i want to verify that after the config crash, the whole system can eventually stable.
but i found the "either or" not make sure that goto Ctor will happen!

How can i do that, the crash will happen at some time, but the time not sure?

Stephan Merz

unread,
Nov 29, 2021, 3:28:45 AM11/29/21
to tla...@googlegroups.com
You may want to look at the thread [1] where a similar question has been discussed. In short, if you need to assume that the choice is fair, the appropriate fairness condition cannot be expressed in PlusCal and should be written in TLA+.

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/62e4f654-bdaf-473b-bc7a-18ad3d1e9f7dn%40googlegroups.com.

Reply all
Reply to author
Forward
0 new messages