Re: [tlaplus] Proving partial correctness of the SetGCD algorithm in the hyperbook

[Stephan Merz <stepha...@xxxxxxxxx>]

I haven't tried writing a formal proof of that algorithm, and it is not entirely clear to me where you are stuck.

The (type) invariant contains the conjunct

  IsFiniteSet(S)

and you need to prove that this predicate is preserved by action Lbl_1. You'll need to use the standard module FiniteSetTheorems contained in the TLAPS distribution. (If you haven't done so yet, you should add the corresponding directory to the Toolbox search path.) In particular, the lemmas FS_AddElement and FS_RemoveElement will be useful.

Hope this helps,

Stephan

On 24 Jun 2016, at 02:55, Jens Weber <jensh...@xxxxxxxxx> wrote:

Hello TLA community,

I am trying to prove partial correctness of the SetGCD algorithm in the hyperbook - but I am not successful. Does anybody have a solution here? I am currently stuck on showing that S' is a finite set. 

Thanks

Jens

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+u...@xxxxxxxxxxxxxxxx.
To post to this group, send email to tla...@xxxxxxxxxxxxxxxx.
Visit this group at https://groups.google.com/group/tlaplus.
For more options, visit https://groups.google.com/d/optout.