[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlaplus] Re: Draft of New TLA Book
Hi Leslie:
I have a question about section 4.2.5.3: Proving Liveness
On page 134, the proof sketches for edge 5 and edge 7 read:
> edge 5 This is an implication since ☐Inv implies that if process 1 is forever
at ncs, then x (1) is forever false.
> edge 7 This is an implication, because Inv and pc(1) = w4 imply ¬x (1).
p130 reads:
> We define Inv to equal (4.6), with TypeOK defined by (4.17).
According to (4.6) on p122, this would mean:
Inv == /\ TypeOK
/\ \A p \in {0,1): /\ (pc(p) \in {w2, cs}) => x(p))
/\ (pc(p) = cs) => (pc(1-p)\= cs)
Given the above definition for Inv, I can't see how ☐Inv could be used to imply ☐¬x(1), given that the only place that x(p) appears in Inv (other than TypeOK) is in the consequent of an implication. What am I missing here? (Am I using the wrong Inv?)
Take care,
Lorin
On Wednesday, January 3, 2024 at 11:14:24 AM UTC-8 Leslie Lamport wrote:
A draft of a new book I have tentatively titled A Science of Concurrent Programs is available here. The book explains the scientific principles underlying the TLA+ language. It contains a lot of math. All the math beyond high school algebra is explained, but it will be tough going for readers who haven't taken an introductory university math class for computer science students that covers things like sets and logic. The book contains little discussion of how TLA+ is used in practice, but it explains why TLA+ is what it is.
This is a preliminary version and I welcome comments, suggestions, and questions. Anyone who is the first to report any error will be thanked in the final version.
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/bef439e7-6a6c-4058-8366-a544088b5666n%40googlegroups.com.