Good question. There are a few ways to do this, assuming your model values {v1, v2, ... vn} are in a constant called Value, and your spec is called SpecName.tla:
- Have a separate constant called Rank which is a function you define of type [Value -> Nat], and use this whenever comparing model values in your spec (so instead of v1 < v1 it's Rank[v1] < Rank[v2]). See here for how you can define the value of Rank in your model.
- If the rank is arbitrary, you could skip having to define the value of Rank by hand and write a separate MCSpecName.tla spec that includes SpecName.tla with INSTANCE and instantiates Rank using an arbitrary order function created with CHOOSE.
- If you want to be fancy you could declare CONSTANT _ \preceq _ in SpecName.tla and define its value in MCSpecName.tla with INSTANCE SpecName WITH \preceq <- LAMBDA a, b : Rank[a] <= Rank[b]. Then in SpecName.tla you can naturally compare v1 \preceq v1. You could of course use CONSTANT _ <= _ but this is likely to conflict with the definition of <= if you import Nat or Int.
Andrew
On Thursday, January 27, 2022 at 7:52:28 AM UTC-5 jiaojiao cai wrote:
Can I artificially define the size order for model values like Integer? For example, v1 is less than v2,v2 is less than v3。
If yes, how can l do it?