| Hello, the two formulas channels = [p \in Player |-> << >>] and \A p \in Player : channels[p] = << >> are not equivalent. In particular, the latter doesn't tell you what the domain of `channels' is, or in fact if it is a function at all. You could rewrite your initial condition as follows ChanType == channels \in [Player -> Seq(Msg)] Init == ChanType /\ \A p \in Player : Channels(p)!Init The problem is that TLC will not be able to enumerate the infinite set of type-correct channel values (unbounded queues), and even if you override the `Seq' operator so that it returns the set of sequences up to some length bound, it is very inefficient to first enumerate all possible sequences and then reduce the set to just the empty sequence for each player. Essentially the same applies to the definition of actions: using your definitions, you could write Next == /\ ChanType' /\ \E p \in Player : /\ PlayerSend(p) \/ PlayerReceive(p) /\ \A q \in Player \ {p} : UNCHANGED channels[q] but again, these definitions are not suitable for TLC (or horribly inefficient if you restrict to bounded sequences). ––– If you want to use a separate module for the basic operations on a channel (which is probably overkill for such a simple example [1]), I recommend that you define operators in a "functional" style: -------------------------- MODULE Channel ----------------------------- EXTENDS Naturals, Sequences New == << >> Ready(chan) == Len(chan) > 0 Send(chan, msg) == Append(chan, msg) Receive(chan) == Tail(chan) ======================================================================= and then use them as follows -------------------------------- MODULE TlaSandbox -------------------------------- EXTENDS Channel CONSTANT Player, Msg \* these are best instantiated from the Toolbox VARIABLE channels Init == /\ channels = [p \in Player |-> New] PlayerSend(self) == /\ ~ Ready(channels[self]) /\ \E msg \in Msg : channels' = [channels EXCEPT ![self] = Send(@,msg)] PlayerReceive(self) == /\ Ready(channels[self]) /\ channels' = [channels EXCEPT ![self] = Receive(@)] Next == \E p \in Player: \/ PlayerSend(p) \/ PlayerReceive(p) ============================================================================= Regards, Stephan [1] I recommend reading Leslie's recent note on (not) reusing TLA+ modules: https://groups.google.com/forum/#!topic/tlaplus/BHBNTkJ2QFE
You received this message because you are subscribed to the Google Groups "tlaplus" group. To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx. To post to this group, send email to tlaplus@xxxxxxxxxxxxxxxx. Visit this group at https://groups.google.com/group/tlaplus. To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/D6D1DF0D-98EB-45F9-9DA4-47A930A5B926%40gmail.com. For more options, visit https://groups.google.com/d/optout. |