Created
July 23, 2021 00:12
-
-
Save ghulette/5a4bdec761ee1e8011721566dc85b0dd to your computer and use it in GitHub Desktop.
Illustrating fairness in TLA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SPECIFICATION Spec | |
| INVARIANT TypeInv | |
| PROPERTY EventuallyC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ---- MODULE Fair ---- | |
| VARIABLE st | |
| A == 1 | |
| B == 2 | |
| C == 3 | |
| TypeInv == st \in {A, B, C} | |
| Init == st = A | |
| AB == st = A /\ st' = B | |
| BA == st = B /\ st' = A | |
| AC == st = A /\ st' = C | |
| CC == st = C /\ st' = C | |
| (* You need WF on BA to make sure we don't just stutter forever in B (SF is | |
| sufficient but unnecessary). You need SF on AC because it is infinitely often | |
| disabled (because AB can preempt it) to assert you must eventually go to C. *) | |
| Spec == Init /\ [][AB \/ BA \/ AC \/ CC]_st /\ WF_st(BA) /\ SF_st(AC) | |
| EventuallyC == <>(st = C) | |
| ===================== |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment