[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*From*: shinsa82 <shinsa82@xxxxxxxxx>*Date*: Tue, 30 Jul 2019 19:06:12 -0700 (PDT)*References*: <61020587-764f-43bf-859f-24001b37baa4@googlegroups.com> <50ACB5BD-FAE7-4BD1-B471-BE58CE03D7AE@gmail.com>

Stephan,

2019年7月29日月曜日 15時52分56秒 UTC+9 Stephan Merz:

-- Thank you for your answer. My understanding is that basically I should make PTL prove concrete proposition for each theorem instance (without using metatheorem). I'm reading [1], I also gonna read the section.

By the way, is there any way to declare a formula including variables by "NEW <something> Invariant"?

2019年7月29日月曜日 15時52分56秒 UTC+9 Stephan Merz:

Hello,for a lemma involving temporal operators to be useful, its hypotheses should be "boxed", i.e. occur in the scope of an always operator. For example, you could stateLEMMA BoxImplies ==ASSUME NEW TEMPORAL F, NEW TEMPORAL G,[]F, [](F => G)PROVE []Gand then use this lemma somewhere in a proof about temporal properties. For details, please see section 8.3 of [1]. In practice, we never state lemmas of (propositional) temporal logic because the PTL decision procedure proves them automatically.Also note that your proof only goes through only because "NEW Invariant" implicitly means "NEW CONSTANT Invariant", hence the formula Invariant' in steps <1>2 and <1>3 gets rewritten to Invariant, and these steps are therefore tautologies. It is certainly not what you had in mind.Regards,Stephan[1] http://lamport.azurewebsites.net/tla/tla2-guide.pdf On 25 Jul 2019, at 18:55, shinsa82 <shin...@xxxxxxxxx> wrote:I want to prove a meta-theorem (or induction lemma, tactic) for a specification and reuse it in other proofs, like Coq.I wonder if its possible or not.Consider the following spec:----vars == <state variables>Act1 == ...Act2 == ...Next == Act1 \/ Act2Spec == Init /\ [][Next]_vars----Then we expect the following lemma holdfor any non-temporal formula "Invariant", and we want to use it to prove, say, its type invariance.(I know its too simple. Actually I want to consider more complicated cases)I was able to prove the lemma, but I could not "apply" the lemma to the type invariant theorem.Is there anything wrong?----LEMMASpecInduction ==ASSUMENEWInvariant,ASSUMEInitPROVEInvariant,ASSUMEInvariant, Act1PROVEInvariant',ASSUMEInvariant, Act2PROVEInvariant',PROVESpec => []InvariantPROOF<1>1. Init => InvariantOBVIOUS<1>2. Invariant /\ Next => Invariant'OBVIOUS<1>3. Invariant /\UNCHANGEDvars => Invariant'OBVIOUS

<1>QEDBYPTL, <1>1, <1>2, <1>3DEFSpec------

You received this message because you are subscribed to the Google Groups "tlaplus" group.

To unsubscribe from this group and stop receiving emails from it, send an email to tla...@googlegroups.com .

To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/61020587- .764f-43bf-859f-24001b37baa4% 40googlegroups.com

You received this message because you are subscribed to the Google Groups "tlaplus" group.

To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.

To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/d3afd887-ba2f-4b58-b001-b5484a6f5da1%40googlegroups.com.

**Follow-Ups**:**Re: [tlaplus] Meta-theorem (induction lemma) in TLA+***From:*Stephan Merz

**References**:**[tlaplus] Meta-theorem (induction lemma) in TLA+***From:*shinsa82

**Re: [tlaplus] Meta-theorem (induction lemma) in TLA+***From:*Stephan Merz

- Prev by Date:
**[tlaplus] Trying to follow along with INRIA's TLAPS tutorial** - Next by Date:
**Re: [tlaplus] Meta-theorem (induction lemma) in TLA+** - Previous by thread:
**Re: [tlaplus] Meta-theorem (induction lemma) in TLA+** - Next by thread:
**Re: [tlaplus] Meta-theorem (induction lemma) in TLA+** - Index(es):