[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*From*: Stephan Merz <stephan.merz@xxxxxxxxx>*Date*: Thu, 14 Feb 2019 09:12:28 +0100*References*: <350F45E9-8039-499E-923A-91B42C4B61CA@mailworks.org>

Hello Philip, I cannot reconcile these two statements. Suppose the original CHOOSE _expression_ gives v1. After the same substitution as in the first quote, the CHOOSE _expression_ gives v3. Is that not "equal to the original _expression_", in the same way that the tuples above are equal? {{v1, v2}, {v1, v3}, {v2, v3}} is not a tuple, but a set (of sets), and sets are unordered. Therefore, {{v3, v2}, {v3, v1}, {v2, v1}} is the same set as the first one. But note that you cannot even write this set unless you have access to the names of its elements. What is unique about CHOOSE that it is "the only TLA+ operator that can produce a non-symmetric _expression_”? Suppose we have a constant parameter S, instantiated to the set of model values {v1,v2,v3}, and a definition someS == CHOOSE x \in S : TRUE Then the _expression_ IF s = someS THEN 0 ELSE 42 returns 0 for the chosen value but 42 for the others and is therefore not symmetric in S. This shows that S cannot be declared as a symmetry set for a specification that contains these entities. The other TLA+ operators do not allow you to name elements of your parameter sets, for example you cannot explicitly build the tuple << v1, v2, v3 >> which would not be symmetric in S. In contrast, expressions such as { seq \in Seq(S) : Len(seq) = 3 } i.e., the set of all triples built from S, are symmetric. In contrast, replacing the definition of someS with the operator definition notS == CHOOSE x : x \notin S does not destroy symmetry of the specification with respect to S. In particular, the test s = notS returns FALSE for all elements of S. In summary, symmetry reduction is very helpful for model checking, but deciding if a parameter can be declared as a symmetry set for a given specification can be subtle. Regards, Stephan
You received this message because you are subscribed to the Google Groups "tlaplus" group. To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx. To post to this group, send email to tlaplus@xxxxxxxxxxxxxxxx. Visit this group at https://groups.google.com/group/tlaplus. For more options, visit https://groups.google.com/d/optout. |

**Follow-Ups**:**Re: [tlaplus] Symmetry sets***From:*Philip White

**References**:**[tlaplus] Symmetry sets***From:*Philip White

- Prev by Date:
**Re: [tlaplus] Fumbling Through TLA+** - Next by Date:
**[tlaplus] Re: Fumbling Through TLA+** - Previous by thread:
**[tlaplus] Symmetry sets** - Next by thread:
**Re: [tlaplus] Symmetry sets** - Index(es):