I just wanted to share something that had me puzzled for a while which I have distilled down to its essence in case its useful to anyone. Suppose I have a simple spec as follows,
EXTENDS Naturals
VARIABLES x,y
Init == x=1 /\ y=1
A == y'=2 /\ UNCHANGED x
B == x < y'
Next == A /\ B
Spec == Init /\ [][Next]_<<x,y>>
TLC is fine with this spec. However, if I change the Next definition to
Next == A /\ ENABLED(B)
Then TLC throws a runtime error with a strange message saying that it has no idea what y is. I subsequently discovered that this means that it doesn't have a value for y'. The reason is that in the first spec TLC is evaluating the step predicate B and as long as A comes before B, it has a value for y'. However in the second spec, ENABLED is a state predicate, and unfortunately TLC doesn't have a value for y' in the current state.
Thanks
--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tlaplus/e8418ec5-830c-4fb3-a968-28295857c59dn%40googlegroups.com.