Stephan
On Thursday, April 4, 2013 4:59:09 PM UTC+2, Dmitry Kuvayskiy wrote:
Thank you for your answer!
My first try was to use a stand-alone variable Farmer, but I find my
final solution with sets more succinct. So yes, a matter of taste :)
And by the way, what is the preferable method to send code: as
attachments or in the email body? And if in email body, is it possible
to mark code somehow?
On 3 апр, 18:11, Stephan Merz <stepha...@xxxxxxxxx> wrote:
> Dear Dmitry,
>
> your representation looks fine to me. I have two remarks:
>
> 1. Instead of using your Safety predicate as a state constraint, you could have adapted the definition of toRight to include the conjunct Safety(RightShore'), and similarly for toLeft in order to ensure that the model checker only generates safe configurations (instead of ignoring unsafe ones in the state space).
>
> 2. The sequentialization of toLeft and toRight is somewhat implicit, based on the fact that the farmer changes shore at every step, and therefore you cannot perform, say, two toLeft actions in sequence. Alternatively, you could record the position of the farmer in a state variable (and leave it out of the set of objects transported), writing something like
>
> toRight(Obj) ==
> /\ farmer = "left"
> /\ farmer' = "right"
> /\ LeftShore' = LeftShore \ Obj
> /\ RightShore' = RightShore \cup Obj
>
> In this way, I find it a little more obvious that the two actions must alternate. Of course, this is a matter of taste.
>
> Best regards,
>
> Stephan
>
> On Apr 3, 2013, at 2:57 PM, Dmitry Kuvayskiy <dmitry.k...@xxxxxxxxx> wrote:
>
>
>
>
>
>
>
> > Hello!
>
> > I am studying TLA+ and PlusCal and below is one of my first
> > specifications (in TLA+). I wonder if any guru could evaluate how
> > idiomatic my code is and what could be done better. (The code works, I
> > just want to know how good it is.)
> > The puzzle I tried to solve is "Fox, goose and beans" classic -- how
> > can a farmer cross the river with a condition that he can take on a
> > boat only one object at a time. For more info see
> >http://en.wikipedia.org/wiki/Fox,_goose_and_bag_of_beans_puzzle.
>
> > Below is the code. In a model I specify my invariants "TypeInv" and
> > "NotSolved", also I add "Safety(LeftShore) /\ Safety(RightShore)" as a
> > state constraint.
> > Any comments are appreciated, thanks in advance.
>
> > ------------------------------- MODULE shores
> > -------------------------------
>
> > VARIABLES LeftShore, RightShore
>
> > Objects == {"Farmer", "Fox", "Goose", "Beans"}
>
> > Init == /\ LeftShore = Objects
> > /\ RightShore = {}
>
> > TypeInv == /\ LeftShore \in SUBSET Objects
> > /\ RightShore \in SUBSET Objects
>
> > Safety(Shore) == \/ "Farmer" \in Shore
> > \/ /\ \neg ({"Fox", "Goose"} \subseteq Shore)
> > /\ \neg ({"Goose", "Beans"} \subseteq
> > Shore)
>
> > toRight(Obj) == /\ Obj \in SUBSET LeftShore
> > /\ RightShore' = RightShore \cup Obj
> > /\ LeftShore' = LeftShore \ Obj
>
> > toLeft(Obj) == /\ Obj \in SUBSET RightShore
> > /\ RightShore' = RightShore \ Obj
> > /\ LeftShore' = LeftShore \cup Obj
>
> > Next == \/ toRight({"Farmer"})
> > \/ toRight({"Farmer", "Fox"})
> > \/ toRight({"Farmer", "Goose"})
> > \/ toRight({"Farmer", "Beans"})
> > \/ toLeft({"Farmer"})
> > \/ toLeft({"Farmer", "Fox"})
> > \/ toLeft({"Farmer", "Goose"})
> > \/ toLeft({"Farmer", "Beans"})
>
> > Spec == Init /\ [][Next]_<<LeftShore, RightShore>>
>
> > NotSolved == Objects # RightShore
>
> > --
> > You received this message because you are subscribed to the Google Groups "tlaplus" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+u...@googlegroups.com.
> > To post to this group, send email to tla...@xxxxxxxxxxxxxxxx.
> > Visit this group athttp://groups.google.com/group/tlaplus?hl=en.
> > For more options, visithttps://groups.google.com/groups/opt_out.