# Re: [tlaplus] Requesting help with TLAPM proof

Thank you!

On Tue, Jul 14, 2020 at 8:25 AM Stephan Merz <stephan.merz@xxxxxxxxx> wrote:
Hello,

this is not provable unless you assume that the values y[i] are numbers (for i \in DOMAIN y). For example, we don't know if {} + 1 = {} or not. You should be able to prove

THEOREM
ASSUME y \in [DOMAIN y -> Nat], inc
PROVE  \A i \in DOMAIN y : y'[i] # y[i]

In typical reasoning about specifications, one includes a typing invariant that provides such information.

Regards,
Stephan

On 14 Jul 2020, at 14:16, Swee Warman <swee@xxxxxxxxx> wrote:

Hi,

I am learning to use the TLAPM prover and would like some help.

I have the following simple example and I am trying to prove the theorem as shown below. I am not sure how to prove this in TLAPM. Anyone has any thoughts on how I could proceed?

Many thanks,
Swee

------------------------------- MODULE test -------------------------------

EXTENDS Naturals, TLAPS

VARIABLE y

inc == y' = [i \in DOMAIN y |-> y[i] + 1]

THEOREM inc => \A i \in DOMAIN y: y[i]' /= y[i]
<1> SUFFICES ASSUME inc
PROVE  \A i \in DOMAIN y: y[i]' /= y[i]
OBVIOUS
<1> QED
BY DEF inc

============================================

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.