-
-
Save agostbiro/e66e0fd78f5a93e85ab3852920918b40 to your computer and use it in GitHub Desktop.
TLA+ alarm clock spec where the Ring action is never enabled. Source: https://emptysqua.re/blog/interactive-tla-plus
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SPECIFICATION | |
| HC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ------------------------------ MODULE AlarmClock ------------------------------ | |
| EXTENDS Integers, Sequences | |
| VARIABLES hr, alarmHr, alarmOn | |
| vars == <<hr, alarmHr, alarmOn>> | |
| HCini == | |
| /\ hr \in (1 .. 12) | |
| /\ alarmHr \in (1..12) | |
| /\ alarmOn = FALSE | |
| AdvanceHour == | |
| /\ hr' = IF hr # 12 THEN hr + 1 ELSE 1 | |
| /\ UNCHANGED <<alarmHr, alarmOn>> | |
| SetAlarm == | |
| /\ alarmHr' \in (1..12) | |
| \* Oops, forgot to set alarmOn' = TRUE | |
| \* /\ alarmOn' = TRUE | |
| \* /\ UNCHANGED <<hr>> | |
| /\ UNCHANGED <<hr, alarmOn>> | |
| Ring == | |
| /\ alarmOn \* Oops, alarmOn is always FALSE | |
| /\ hr = alarmHr | |
| /\ alarmOn' = FALSE | |
| /\ UNCHANGED <<alarmHr, hr>> | |
| HC == HCini /\ [][AdvanceHour \/ SetAlarm \/ Ring]_vars /\ SF_vars(Ring) | |
| ============================================================================= |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment