Go backward to Describing Programs with RTLA Go up to Top Go forward to Adding Liveness

TLA

• Formula Phi is too simple.
  • Should allow stuttering steps
  • Leave both x and y unchanged.
• Example: clock specification.
  • Clock C₁ with hours h and minutes m.
  • Clock C₂ with hours h, minutes m, seconds s.
  • C₂ should statisfy specification of C₁.
  • But C₂ has 59 steps where h and m do not change!
  • Such stuttering steps should be ignored.
• Modification of Phi:
  • Phi <=> Init_Phi and always (A or ((x'=x) and(y'=y)))
  • Phi <=> Init_Phi and always A_<x, y>
  • [A]_f := A or (f'=f)
• TLA is subset of RTLA
  • Elementary formulas of form always [A]_f