Re: [tlaplus] Requesting help with TLAPM proof

[Stephan Merz <stephan.merz@xxxxxxxxx>]

Hello,

this is not provable unless you assume that the values y[i] are numbers (for i \in DOMAIN y). For example, we don't know if {} + 1 = {} or not. You should be able to prove

THEOREM

  ASSUME y \in [DOMAIN y -> Nat], inc

  PROVE  \A i \in DOMAIN y : y'[i] # y[i]

In typical reasoning about specifications, one includes a typing invariant that provides such information.

Regards,

Stephan

On 14 Jul 2020, at 14:16, Swee Warman <swee@xxxxxxxxx> wrote:

Hi,

I am learning to use the TLAPM prover and would like some help.

I have the following simple example and I am trying to prove the theorem as shown below. I am not sure how to prove this in TLAPM. Anyone has any thoughts on how I could proceed?

Many thanks,

Swee

------------------------------- MODULE test -------------------------------

EXTENDS Naturals, TLAPS

VARIABLE y

inc == y' = [i \in DOMAIN y |-> y[i] + 1]

THEOREM inc => \A i \in DOMAIN y: y[i]' /= y[i]
  <1> SUFFICES ASSUME inc
               PROVE  \A i \in DOMAIN y: y[i]' /= y[i]
      OBVIOUS
  <1> QED
    BY DEF inc
  
============================================

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/fd2059df-06ce-475a-89d3-3acf3781c665n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/213FC0B5-D2FC-4A59-A703-5D38C5AE615C%40gmail.com.