| Your definition is not even syntactically well formed. If I understand correctly, you would like to define the set of all records whose fields are those of your prototype record and such that the value of each field is contained in the interval between 0 and the number that the prototype assigns to the field. This can be defined as AllPossibleShipments == { f \in [DOMAIN Inventory -> Nat] : \A item \in DOMAIN Inventory : f[item] \in 0 .. Inventory[item] } However, TLC will be unable to evaluate this definition because the base set of the set comprehension, i.e. [DOMAIN Inventory -> Nat] is infinite. The cheap ways around this are to either introduce a constant MAX as an upper bound on the stocks of each item and replace `Nat' by `0 .. MAX' or to redefine Nat to an interval such as `0 .. 10' (Advanced Options -> Definition Override in the model checking pane of the Toolbox). If you want to be more sophisticated, you can write AllPossibleShipments == LET fields == DOMAIN Inventory bounds == { Inventory[item] : item \in fields } max == CHOOSE b \in bounds : \A bb \in bounds : bb <= b IN { f \in [fields -> (0 .. max)] : \A item \in fields : f[item] \in 0 .. Inventory[item] } Disclaimer: I haven't actually checked these definitions, they may contain typos. Regards, Stephan
|