[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlaplus] Re: About Action



Hello Huailin,

Yes, a state in TLA+ is an assignment of values to all variables declared in the spec. For example, if you have variables x, y, and z declared, then to define a state, we must provide values for each variable x, y, and z.

You can try defining an action, say Action, which does not say how the value of z, for example, changes between states. TLC will throw the following error: Successor state is not completely specified by action Action of the next-state relation. The following variable is not assigned: z.

For example, the spec:

---- MODULE Variables ----

EXTENDS Naturals

VARIABLES x, y, z

Action1 ==
    /\ x < 10
    /\ x' = x + 1
    /\ y' = y + 1

Action2 ==
    /\ x < 10
    /\ y + z >= 1
    /\ x' = y + z - 1
    /\ UNCHANGED <<y, z>>

Init ==
    /\ x = 0
    /\ y = 0
    /\ z = 0

Next == Action1 \/ Action2

Spec == Init /\ [][Next]_<<x, y, z>>

====

Action1 does not specify the value of z in a successor state... Maybe you actually do not want the value of z to change so you can add UNCHANGED z to Action1 and TLC will perform a successful model check.

Note: x' = y + z - 1 is equivalent to x' + 1 = y + z, but as Andrew suggested, you must write it in the form x' = y + z - 1 in order for TLC to evaluate it properly.


Best,

Isaac DeFrain


On Thu, Apr 22, 2021 at 3:06 PM Huailin <huailin@xxxxxxxxx> wrote:
Thanks a lot, Andrew. 

From Lamport's paper or/and the book, 

"An action represents a relation between old states and new states, where is unprimed variables refer to the old state and the primed variables refer to the new state."

and 

"Formally, the meaning [[A]] of an action A is a relation between states--a function that assigns a boolean s[[A]]t to a pair of states s, t. "

Hence, if I have an action described as my previous email: x' + 1 = y+z 
then the meaning of s[[x' + 1 = y+z ]] t:

s: (x, y,z) values.

t: (x', y,z) values. /* y and z are not changed after this action

 In other words, in TLA, the state is NOT 1:1 mapped to a variable, but to the whole set of the variables.

Am I correct?

Thanks,

Huailin



On Thu, Apr 22, 2021 at 6:38 AM Andrew Helwer <andrew.helwer@xxxxxxxxx> wrote:
Hi Huailin,

The formula x' + 1 = y + z is syntactically valid and can be used in an action property, but if you want to use TLC it cannot be used in an action itself. See Specifying Systems p238 for the expressions TLC can handle when computing successor states; they include expressions of the form:
  • x' = e
  • x' \in S
  • UNCHANGED x
Andrew

On Wednesday, April 21, 2021 at 11:48:27 PM UTC-4 hua...@xxxxxxxxx wrote:
Folks,

For an TLA's action, which is essentially a boolean _expression_, does it ONLY relate to two variables(primed or non-primed)?

For instance,  x' + 1 =y. (Please refer to Section 2.3 in Lamport's seminal paper "The Temporal Logic of Actions"-ACM 1993).

Can we have an  x' + 1 = y+z  as an action? If yes, how we define the "old state" and the new state with the postfix notation? maybe define a super-state to cover (y, z)?

Thanks huge,

Huailin

--
You received this message because you are subscribed to a topic in the Google Groups "tlaplus" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tlaplus/8tZQbkMScgU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/f0c51d43-c594-44af-a30b-ded598c34182n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/CAE7Z%3D%2B7X96c9p%3DoKvBMPJe2DUmD2J07VJS775GOQX3qHw%3DY9iw%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/CAM3xQxFR%3DZmPmNzOp_Tkzhh%2BSDvGCQo9ZM0FFda1wd%2Bf4u7vDQ%40mail.gmail.com.