[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlaplus] Re: Supporting Action Composition in TLC

For an indication of why ENABLED is ugly, see page 335 of "Specifying Systems".  For why it's necessary, you need to understand the concept of machine closure and why it's important, as well as the relation between WF/SF and machine closure.  I'm afraid I don't have time to explain that now; perhaps someone else will.

Note that ENABLED and \cdot (action composition) are not necessary in the sense that any particular instance of them can be written as an _expression_ that doesn't use them.  For example, (x'=x+1)\cdot(x'=2* x)  equals \E y : (x' = y+1) /\ (y = 2*x).  Because of the importance of WF/SF in ensuring machine closure, requiring the user to do this translation would be a bad idea both because it would be inconvenient and permit errors in the translation.  This is less of an issue for \cdot.

Leslie 

On Saturday, May 9, 2020 at 1:28:33 PM UTC-7, William Schultz wrote:
Thank you, that's helpful background information. I would be curious to know what you mean when you say that ENABLED and action composition are "mathematically ugly" operators. From a cursory glance, I might guess that you consider them "ugly" because they are in some way an "extension" to a more primitive core of TLA. For example, in the Action Operators section (16.2.3) of Specifying Systems, you give definitions for ENABLED and the composition operator, both of which cannot be defined in terms of existing constructs. Their definitions also appear to rely on quantification over states, which seems distinct from other action operator definitions.  

It seems that most common, practically useful TLA formulas can be written in terms of the prime construct (') and the box operator (☐). ENABLED and action composition introduce exceptions to this. Temporal operators like \EE would seem to be another exception, but perhaps you have similar opinions on their aesthetics based on your "stone in the soup" comments from [1]. 

I also recall that the definitions of weak and strong fairness are given in terms of ENABLED, so perhaps that was one motivator for inclusion of the "necessary evil", but I am mostly conjecturing here.

[1] https://lamport.azurewebsites.net/tla/hiding-and-refinement.pdf

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/faac9fdc-4f91-4871-bc11-9cac48f1b565%40googlegroups.com.