Hi Lorin,
Thanks for reporting this. I don’t have time to deal with it now, but I will in a few days.
Cheers,
Leslie Lamport
From:
tla...@googlegroups.com <tla...@googlegroups.com> On Behalf Of
Lorin Hochstein
Sent: Sunday, January 14, 2024 21:03
To: tlaplus <tla...@googlegroups.com>
Subject: [tlaplus] Re: Draft of New TLA Book
You don't often get email from lor...@gmail.com. Learn why this is important |
--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
tlaplus+u...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tlaplus/bef439e7-6a6c-4058-8366-a544088b5666n%40googlegroups.com.
Hi Lorin,
Thank you for finding a serious error in the book. The inductive invariant Inv in the book is strong enough to prove mutual exclusion, but not deadlock freedom. That invariant allows process 1 to halt in its noncritical section with x[1] = TRUE, which will not allow process 0 to enter its critical section. A stronger inductive invariant is needed to prove liveness. This will be corrected in the next released version. Meanwhile, I suggest that you find the necessary inductive invariant yourself.
I’m embarrassed that I didn’t notice such an error. I think it happened because the TLA+ version that I model checked had the correct invariant. When I checked my proof, I must have been thinking Inv was the invariant in the TLA+ version. I believe a significant amount of time passed between when I wrote Section 4.2.5.2 that contains the invariant and the current version of Section 4.2.5.3 containing the liveness proof. That’s probably why I didn’t notice that the TLA+ version of the invariant was not the one in the book.
Cheers,
Leslie
From:
tla...@googlegroups.com <tla...@googlegroups.com> On Behalf Of
Lorin Hochstein
Sent: Sunday, January 14, 2024 21:03
To: tlaplus <tla...@googlegroups.com>
Subject: [tlaplus] Re: Draft of New TLA Book
You don't often get email from lor...@gmail.com. Learn why this is important |
Hi Leslie:
--
Hi Lorin,
Thanks for finding all these errors. One thing you reported is not an error:
p297 A subset S of a metric space M is said to be dense iff C(S) = [M].
-> should be [S]?
This is the correct definition of a dense set. C(S) = S is the definition
of a closed set.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/4471dd6a-08d2-4aea-8f8f-140a81a401f4n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/LV2PR21MB322921E13D5EAF3419284511B87E2%40LV2PR21MB3229.namprd21.prod.outlook.com.
Hi Akash,
The term “dense set” should appear only in the appendix, and its definition is given there. If the definition does not give you an intuitive idea of what it means, thinking about the example of the set of ordered pairs of finite-digit numbers should help.
If there any things in the book that you did not learn in your classes and are not defined in the book, please let me know.
Cheers,
Lelie Lamport
From:
tla...@googlegroups.com <tla...@googlegroups.com> On Behalf Of
Akash
Sent: Tuesday, January 30, 2024 11:11
To: tla...@googlegroups.com
Subject: Re: [tlaplus] Re: Draft of New TLA Book
You don't often get email from akash.g...@gmail.com. Learn why this is important |
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/CAFZmCwCWFUFQW10xb%2B9HmWvqmmfSNFtrVbmP2oT_EnENPPUH%3DQ%40mail.gmail.com.