[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlaplus] Rules for writing formulae with primed variables

From: Markus Kuppe <tlaplus-google-group@xxxxxxxxxxx>
Date: Tue, 25 Nov 2025 17:36:42 -0800
References: <1b6b77fa-7e32-4370-80a3-ce750e8928d4n@googlegroups.com>

No, the two specifications are not equivalent. Remember that TLA+ is untyped, so you cannot infer from

  t' ≤ 10 ∧ t' ≥ 0

that

  t' ∈ 1‥10.

Adding the conjunct t' ∈ Nat makes Apalache accept the spec, but for TLC you will also have to redefine Nat to something like 0..100 for it to evaluate your spec. That is obviously not what you intend.

Note that the TLA Proof System (TLAPS) will happily discharge the following:

THEOREM
  ASSUME NEW t
  PROVE t ∈ 0..10 ⇔ (t ≥ 0 ∧ t ≤ 10 ∧ t ∈ Nat)
OBVIOUS

M.

---- MODULE m ----
EXTENDS Integers

MyNat == 0..100

VARIABLES
   \* @type: Int;
   t

Init == t = 0

Next == t' \in Nat /\ t' <= 10 /\ t' >= 0

THEOREM ASSUME NEW q PROVE q \in 0..10 <=> q >= 0 /\ q <= 10 /\ q \in Nat OBVIOUS
====
---- CONFIG m ----
INIT Init
NEXT Next
CONSTANT Nat <- MyNat
====

> On Nov 25, 2025, at 5:08 PM, Mathew Kuthur James <mathewkj2048@xxxxxxxxx> wrote:
> 
> Hi, I was playing around with a simple TLA+ model and noticed the following:
> 
> ---- MODULE m ----
> EXTENDS Integers, FiniteSets
> VARIABLES t
> _Init == t = 0
> _Next == t' \in 1..10
> ====
> TLC ran successfully. When I edited it like so:
> ---- MODULE m ----
> EXTENDS Integers, FiniteSets
> VARIABLES t
> _Init == t = 0
> _Next == t' <= 10 /\ t' >= 0
> ====
> It produced an error message:
> 
> "TLC threw an unexpected exception.
> This was probably caused by an error in the spec or model.
> See the User Output or TLC Console for clues to what happened.
> The exception was a java.lang.RuntimeException
> :
> In evaluation, the identifier t is either undefined or not an operator."
> 
> This happens on both the VSCode extension and the toolbox. Is there a set of rules about how expressions involving primed variables ought to be written? From what I understand, both specs mean the same thing.

-- 
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To view this discussion visit https://groups.google.com/d/msgid/tlaplus/D9EC5A11-8476-4043-AF2E-5DCC1F3E359E%40lemmster.de.

Follow-Ups:
- Re: [tlaplus] Rules for writing formulae with primed variables
  - From: Andrew Helwer

References:
- [tlaplus] Rules for writing formulae with primed variables
  - From: Mathew Kuthur James

Prev by Date: [tlaplus] Rules for writing formulae with primed variables
Next by Date: Re: [tlaplus] Rules for writing formulae with primed variables
Previous by thread: [tlaplus] Rules for writing formulae with primed variables
Next by thread: Re: [tlaplus] Rules for writing formulae with primed variables
Index(es):
- Date
- Thread