From: Hillel Wayne
Date: Sat, 21 Mar 2020 12:19:59 -0500

Hi,

Once we've done this, we can simplify the spec even further by
moving all of the towers into a single `towers` sequence,
where each indice of `towers `is one of the three
towers. Then we can make

`Init ==
towers = <<
<< 1, 2, 3, 4 >>,
<<>>,
<<>>
>>
Next == \E t1, t2 \in DOMAIN towers:
t1 /= t2 /\ Move(t1, t2)
`

Modifying `Move` is left as an exercise to the reader :)

H

On 3/21/2020 6:30 AM, Stephan Merz wrote:
wrote:

Hello,

the spec looks quite reasonable, and in order to find a solution to the Tower of Hanoi problem you'd check the invariant

c # <<1,2,3,4>>

so that TLC gives you a solution as a counter-example. Two remarks:

1. The operator Compare is used only when the first parameter is non-empty, but you could be more "defensive" by checking this explicitly. I'll redefine it to simplify what follows:

Compare(x,y) ==/\ ~ Empty(x)/\ Empty(y) \/ Head(x) < Head(y)

2. All actions have the same shape, so you could have defined a single action

\* move the head of sequence x to y provided Compare(x,y) holds, and leave z unchangedMove(x,y,z) ==/\ Compare(x,y)/\ x' = Tail(x) /\ y' = Cons(Head(x), y) /\ z'=z

Next ==\/ Move(a,b,c) \/ Move(a,c,b)\/ Move(b,a,c) \/ Move(b,c,a)\/ Move(c,a,b) \/ Move(c,b,a)

Regards,
Stephan

On 21 Mar 2020, at 12:06, Emanuel Koczwara wrote:

Hi,

This is my first complete and working specification. I'll be grateful for your comments.

------------------------------- MODULE hanoi -------------------------------

EXTENDS Integers, Sequences

VARIABLES a, b, c

Empty(seq) == Len(seq) <= 0

Cons(elem, seq) == << elem >> \o seq

Compare(first, second) == ~Empty(second) /\ Head(first) < Head(second)

AB == /\ ~Empty(a)/\ Empty(b) \/ Compare(a, b)/\ a' = Tail(a) /\ b' = Cons(Head(a), b) /\ c' = c

AC == /\ ~Empty(a)/\ Empty(c) \/ Compare(a, c)/\ a' = Tail(a) /\ b' = b /\ c' = Cons(Head(a), c)

BA == /\ ~Empty(b)/\ Empty(a) \/ Compare(b, a)/\ a' = Cons(Head(b), a) /\ b' = Tail(b) /\ c' = c

BC == /\ ~Empty(b)/\ Empty(c) \/ Compare(b, c)/\ a' = a /\ b' = Tail(b) /\ c' = Cons(Head(b), c)

CA == /\ ~Empty(c)/\ Empty(a) \/ Compare(c, a)/\ a' = Cons(Head(c), a) /\ b' = b /\ c' = Tail(c)

CB == /\ ~Empty(c)/\ Empty(b) \/ Compare(c, b)/\ a' = a /\ b' = Cons(Head(c), b) /\ c' = Tail(c)

Init == /\ a = << 1, 2, 3, 4 >>/\ b = <<>>/\ c = <<>>

Next == AB \/ AC \/ BA \/ BC \/ CA \/ CB

Spec == Init /\ [][Next]_<<a, b, c>>

=============================================================================

Please note: the goal was to make it as simple as possible, I've done it together with my son, to show him how math and computers can solve real world problems.

Best regards,
Emanuel

--

