Re: [tlaplus] Fairness condition for messages

Your fairness condition requires that some message must be received as long as there is some message in the network. If you want to say that any message in the network must eventually be received, you have to write something like

  \A m \in Response : WF_vars(RcvResponse(m))

where Response is the (constant) set of all possible response messages that may exist at some point. Of course, for TLC to be able to handle that condition, this should be a finite (and not too big) set.


On 27 Mar 2018, at 02:43, Pedro Paiva wrote:

Hi there,

I'm modeling the network as a set "network" and I add and remove messages from this set. There is an action called "RcvResponse(m)" that removes a message "m", whose type is "response". I am trying to set a fairness condition for this action, something like:

WF_vars(\E m \in network : RcvResponse(m))

But when checking liveness I got this problem: it might be possible that a message "m" remains in the network and is never removed, because new messages with the same type "response" can be added, thus creating a cycle. How can I guarantee that every message once added will be eventually removed (using the fairness conditions)? Thanks.


