[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlaplus] Understanding CHOOSE



Thank you Thomas. I am reading Specifying Systems, and I think I know understand better CHOOSE.
Thank you for your explanation. It helped me as well figure out how this keyword functions. Leslie Lamport says in his book that CHOOSE is the equivalent of Hilbert's epsilon.

On Thursday, January 21, 2021 at 11:21:41 AM UTC+1 sadraskol (Thomas Bracher) wrote:
Hello John,

I think Alex answered your first point, but I'll try to express by my own words for you to see how it translates to a formal description.
Say your system is a simple increment/decrement of a global state :

CallToApi(answer) == \/ /\ answer = "200"
                                   /\ i' = i + 1
                               \/ /\ answer = "400"
                                   /\ i' = i - 1


As you mentioned, you can use CHOOSE :

Init == i = 0
Next == LET answer == CHOOSE code \in {"200", "400"}: TRUE
              IN CallToApi(answer)

But as mentioned by Alex and yourself, this would not yield the expected behavior. CHOOSE having no guarantees, all possible outputs are not covered by TLC.
The existential quantifier is the correct way of exploring all possible behavior :

Init == i = 0
Next == \E answer \in {"200", "400"}: CallToApi(answer)

The operator \E corresponds to the correct way of introducing non-determinist behavior in your specifications. TLC will check all possible behaviors for you.

I hope it helped,

Thomas
Le mercredi 20 janvier 2021 à 15:40:58 UTC+1, John a écrit :
Hi Alex,

Thank you for your message.

1 - Is  CHOOSE sub \in ClaimsData : TRUE   the correct way to say that I want TLA+ to pick a value from ClaimsData and label it sub ? How would you have expressed it ?

2 - In my module, I'm trying to represent the bahviour of an external API (which may respond with a 200 HTTP status or a 4XX or 5XX HTTP status : 2 states => Success OR Failure). Briefly put, how would you describe an external API that your system consumes and needs to react predictably according to the API's response (success or failure) ? (the "randomness" part is how often do you get a Successful/Failed response. The difficulty is how do I describe this beahviour ?

Thank you!

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/999253ba-25c5-42f3-9db0-fd464e02d663n%40googlegroups.com.