[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*From*: Swee <swee@xxxxxxxxx>*Date*: Tue, 14 Jul 2020 09:04:13 -0400*References*: <fd2059df-06ce-475a-89d3-3acf3781c665n@googlegroups.com> <213FC0B5-D2FC-4A59-A703-5D38C5AE615C@gmail.com>

Thank you!

On Tue, Jul 14, 2020 at 8:25 AM Stephan Merz <stephan.merz@xxxxxxxxx> wrote:

Hello,--this is not provable unless you assume that the values y[i] are numbers (for i \in DOMAIN y). For example, we don't know if {} + 1 = {} or not. You should be able to proveTHEOREMASSUME y \in [DOMAIN y -> Nat], incPROVE \A i \in DOMAIN y : y'[i] # y[i]In typical reasoning about specifications, one includes a typing invariant that provides such information.Regards,StephanOn 14 Jul 2020, at 14:16, Swee Warman <swee@xxxxxxxxx> wrote:Hi,I am learning to use the TLAPM prover and would like some help.I have the following simple example and I am trying to prove the theorem as shown below. I am not sure how to prove this in TLAPM. Anyone has any thoughts on how I could proceed?Many thanks,Swee------------------------------- MODULE test -------------------------------

EXTENDS Naturals, TLAPS

VARIABLE y

inc == y' = [i \in DOMAIN y |-> y[i] + 1]

THEOREM inc => \A i \in DOMAIN y: y[i]' /= y[i]

<1> SUFFICES ASSUME inc

PROVE \A i \in DOMAIN y: y[i]' /= y[i]

OBVIOUS

<1> QED

BY DEF inc

============================================--

You received this message because you are subscribed to the Google Groups "tlaplus" group.

To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.

To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/fd2059df-06ce-475a-89d3-3acf3781c665n%40googlegroups.com.

You received this message because you are subscribed to a topic in the Google Groups "tlaplus" group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/tlaplus/1kFaT2np5f0/unsubscribe.

To unsubscribe from this group and all its topics, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.

To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/213FC0B5-D2FC-4A59-A703-5D38C5AE615C%40gmail.com.

You received this message because you are subscribed to the Google Groups "tlaplus" group.

To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.

To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/CABDPWumvv4HBGmWjp68goi5E_vMbDTXdDg-C_B-HDFyNdjGMjQ%40mail.gmail.com.

**References**:**[tlaplus] Requesting help with TLAPM proof***From:*Swee Warman

**Re: [tlaplus] Requesting help with TLAPM proof***From:*Stephan Merz

- Prev by Date:
**Re: [tlaplus] Requesting help with TLAPM proof** - Next by Date:
**[tlaplus] Formal Specifications of Graph Search Algorithms** - Previous by thread:
**Re: [tlaplus] Requesting help with TLAPM proof** - Next by thread:
**[tlaplus] Formal Specifications of Graph Search Algorithms** - Index(es):