CONSTANTS Replica \* the set of nodesVARIABLES
uset, \* uset[r]: the set of updates seen by replica r \in Replica
doset, \* doset[r]: the set of updates made by replica r \in ReplicaI want to express liveness as every operation made must be delivered to every replica.
At first I write as this(oid means operation ID):
Fairness == \A r \in Replica: WF_vars(Send(r)) /\ WF_vars(Deliver(r))
Spec == Init /\ [][Next]_vars /\ Fairness
Liveness == \A oid \in Oid, r \in Replica: oid \in doset[r] ~> (\A s \in Replica : oid \in uset[s])But it's hard to enumerate Oid. I have to override nat by hand.So I want to know how to solve this question at usual?
I write another version later:
Liveness == [](\A r \in Replica: \A oid \in doset[r]:<>(\A s \in Replica: oid \in uset[s]))But Unfortunately, my TLC(1.5.7) cannot handle this temporal formula.I want to know why and how to rewrite it?
THANKS
Alen