Re: [tlaplus] how TLA+ verify the crash model?

[Stephan Merz <stephan.merz@xxxxxxxxx>]

You may want to look at the thread [1] where a similar question has been discussed. In short, if you need to assume that the choice is fair, the appropriate fairness condition cannot be expressed in PlusCal and should be written in TLA+.

Stephan

[1] https://groups.google.com/g/tlaplus/c/99lWDQyk-wE

On 29 Nov 2021, at 09:08, 杨超 <magicsupery@xxxxxxxxx> wrote:

fair process config = CONFIG

begin

Ctor:

Tick:

CrashOrContinue:

            if sthDone then

                   goto  Done;

            else

                     either

                         goto Tick;

                     or

                          goto Ctor;

                      end either;

            end if;   

end process;

my system has 4 process, the config process maybe crash, i want to verify that after the config crash, the whole system can eventually stable.

but i found the "either or" not make sure that goto Ctor will happen!

How can i do that, the crash will happen at some time, but the time not sure?

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/62e4f654-bdaf-473b-bc7a-18ad3d1e9f7dn%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/B6C9B908-9250-48C1-8D2A-2E5C40919F9C%40gmail.com.