[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlaplus] Re: Stuttering state when fairness specified



I just ran your original spec with smaller parameters and constraints: PckCount = 3 and state constraint

   Len(msgC) <= 3 /\ Len(ackC) <= 3

The counter-example that I obtain (using a pre-release version of the Toolbox and TLC that avoids the bug that Leslie mentioned) does not end in stuttering, but in a loop shown in the attached screenshot. As you can see, the receiver process acks the value of "next", the sender receives this ack message but doesn't increment toSend because it expects to receive an acknowledgement message with value 3.

This appears to be a legitimate counter-example to the termination property. (I didn't investigate your spec any further.)

Stephan



On 29 Apr 2015, at 19:56, Chen Fu <chen...@xxxxxxxxx> wrote:

I tried to reduce the size of the spec but still keep the error, now the spec is

(********************************************
--algorithm dum
{

  variables msgC = <<>>;
 
  fair process (Sender = "S")

      variables toSend = 0; ack = 0;
  {
    l_send:
      while (toSend < 1) {
              msgC := Append(msgC, toSend);
      }
  }
}
*********************************************)


Temporal formula I am trying to check is <>(msgC /= <<>>)
The error trace given is initial state followed by stuttering.

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+u...@xxxxxxxxxxxxxxxx.
To post to this group, send email to tla...@xxxxxxxxxxxxxxxx.
Visit this group at http://groups.google.com/group/tlaplus.
For more options, visit https://groups.google.com/d/optout.