Skip to content

Instantly share code, notes, and snippets.

@hwayne

hwayne/offer.tla Secret

Created December 30, 2019 21:13
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hwayne/36303c2a0a22c85489f40f7fa528930d to your computer and use it in GitHub Desktop.
Save hwayne/36303c2a0a22c85489f40f7fa528930d to your computer and use it in GitHub Desktop.
Download ZIP
Trading Platform Spec
Raw
offer.tla
------------------------------- MODULE offer -------------------------------
EXTENDS Integers, Sequences, TLC
set ++ x == set \union {x}
set -- x == set \ {x}
People == {"alice", "bob", "eve"}
Items == {"hat"}
VARIABLES owner, offers
vars == <<owner, offers>>
Init ==
/\ owner \in [Items -> People]
/\ offers = {}
Propose(from, to, item) ==
/\ owner[item] = from
/\ offers' = offers ++ <<from, to, item>>
/\ UNCHANGED owner
Accept(from, to, item) ==
/\ <<from, to, item>> \in offers
/\ offers' = offers -- <<from, to, item>>
/\ owner' = [owner EXCEPT ![item] = to]
Reject(from, to, item) ==
/\ <<from, to, item>> \in offers
/\ offers' = offers -- <<from, to, item>>
/\ UNCHANGED owner
Next ==
\E from, to \in People, item \in Items:
/\ from /= to
/\ \/ Propose(from, to, item)
\/ Accept(from, to, item)
\/ Reject(from, to, item)
Spec == Init /\ [][Next]_vars
ValidChange(item) ==
LET co == owner[item]
IN co /= co' =>
Accept(co, co', item)
ChangeInvariant ==
[][\A i \in Items: ValidChange(i)]_owner
=============================================================================
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment