On Thursday, January 21, 2021 at 10:21:41 AM UTC sadraskol (Thomas Bracher) wrote:
Hello John,
I think Alex answered your first point, but I'll try to express by my own words for you to see how it translates to a formal description.
Say your system is a simple increment/decrement of a global state :
CallToApi(answer) == \/ /\ answer = "200"
/\ i' = i + 1
\/ /\ answer = "400"
/\ i' = i - 1
As you mentioned, you can use CHOOSE :
Init == i = 0
Next == LET answer == CHOOSE code \in {"200", "400"}: TRUE
IN CallToApi(answer)
But as mentioned by Alex and yourself, this would not yield the expected behavior. CHOOSE having no guarantees, all possible outputs are not covered by TLC.
The existential quantifier is the correct way of exploring all possible behavior :
Init == i = 0
Next == \E answer \in {"200", "400"}: CallToApi(answer)
The operator \E corresponds to the correct way of introducing non-determinist behavior in your specifications. TLC will check all possible behaviors for you.
I hope it helped,
Thomas
Le mercredi 20 janvier 2021 à 15:40:58 UTC+1, John a écrit :
Hi Alex,
Thank you for your message.
1 - Is CHOOSE sub \in ClaimsData : TRUE the correct way to say that I want TLA+ to pick a value from ClaimsData and label it sub ? How would you have expressed it ?
2 - In my module, I'm trying to represent the bahviour of an external API (which may respond with a 200 HTTP status or a 4XX or 5XX HTTP status : 2 states => Success OR Failure). Briefly put, how would you describe an external API that your system consumes and needs to react predictably according to the API's response (success or failure) ? (the "randomness" part is how often do you get a Successful/Failed response. The difficulty is how do I describe this beahviour ?
Thank you!