A Shallow-Embedding of TLA #
NOTE: There are multiple ways to formalize the concept of infinite sequences.
Here, we follow the definition from coq-tla, while an alternative is to define
infinite sequence as a coinductive datatype (like Stream in Rocq/Agda).
Lean also comes with a definition of `Stream`, but it is a type class instead of
a datatype, and the sequences generated from it are not necessarily infinite
(in the sense that it may generate finite sequences). So here we do not use it.
An action: a binary relation between the current and next state.
Equations
- TLA.action σ = (σ → σ → Prop)
Instances For
The list of the first k states of an execution.
Equations
- TLA.exec.take k σ = List.map σ (List.range k)
Instances For
The list of k states of an execution starting at index start.
Equations
- TLA.exec.takeFrom start k σ = List.map σ (List.range' start k)
Instances For
The always (box) modality: p holds on every suffix.
Equations
- σ |=tla= □p = ∀ (k : Nat), p (TLA.exec.drop k σ)
Instances For
The eventually (diamond) modality: p holds on some suffix.
Instances For
Syntax for TLA Notations #
Our notations for TLA formulas intersect with those for plain Lean terms,
so to avoid potentially ambiguity(?), we define a new syntax category `tlafml`
for TLA formulas and define macro rules for expanding formulas in `tlafml` into
Lean terms.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Syntax category for TLA formulas.
Equations
Instances For
Embed a term as a TLA formula.
Equations
- tlafml_ = Lean.ParserDescr.node `tlafml_ 1022 (Lean.ParserDescr.cat `term 1024)
Instances For
Parenthesized TLA formula.
Equations
- One or more equations did not get rendered due to their size.
Instances For
State-predicate TLA formula ⌜ p ⌝.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Pure-predicate TLA formula ⌞ p ⌟.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Action-predicate TLA formula ⟨ a ⟩.
Equations
- One or more equations did not get rendered due to their size.
Instances For
The ⊤ TLA formula.
Equations
- «tlafml⊤» = Lean.ParserDescr.node `«tlafml⊤» 1024 (Lean.ParserDescr.symbol "⊤")
Instances For
The ⊥ TLA formula.
Equations
- «tlafml⊥» = Lean.ParserDescr.node `«tlafml⊥» 1024 (Lean.ParserDescr.symbol "⊥")
Instances For
Unary heading operators on TLA formulas (¬, □, ◇, ◯).
Equations
- One or more equations did not get rendered due to their size.
Instances For
Apply a unary heading operator to a TLA formula.
Equations
- tlafml__ = Lean.ParserDescr.node `tlafml__ 1024 (Lean.ParserDescr.binary `andthen tlafmlHeadingOp (Lean.ParserDescr.cat `tlafml 40))
Instances For
The Enabled a TLA formula.
Equations
- tlafmlEnabled_ = Lean.ParserDescr.node `tlafmlEnabled_ 1024 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol "Enabled") (Lean.ParserDescr.cat `term 40))
Instances For
Implication of TLA formulas.
Equations
- «tlafml_→_» = Lean.ParserDescr.trailingNode `«tlafml_→_» 15 16 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol " → ") (Lean.ParserDescr.cat `tlafml 15))
Instances For
Conjunction of TLA formulas.
Equations
- «tlafml_∧_» = Lean.ParserDescr.trailingNode `«tlafml_∧_» 35 36 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol " ∧ ") (Lean.ParserDescr.cat `tlafml 35))
Instances For
Disjunction of TLA formulas.
Equations
- «tlafml_∨_» = Lean.ParserDescr.trailingNode `«tlafml_∨_» 30 31 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol " ∨ ") (Lean.ParserDescr.cat `tlafml 30))
Instances For
Leads-to (↝) of TLA formulas.
Equations
- «tlafml_↝_» = Lean.ParserDescr.trailingNode `«tlafml_↝_» 20 21 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol " ↝ ") (Lean.ParserDescr.cat `tlafml 20))
Instances For
Until (𝑈) of TLA formulas.
Equations
- «tlafml_𝑈_» = Lean.ParserDescr.trailingNode `«tlafml_𝑈_» 25 26 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol " 𝑈 ") (Lean.ParserDescr.cat `tlafml 25))
Instances For
Always-implies (⇒) of TLA formulas.
Equations
- «tlafml_⇒_» = Lean.ParserDescr.trailingNode `«tlafml_⇒_» 17 18 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol " ⇒ ") (Lean.ParserDescr.cat `tlafml 17))
Instances For
Weak-fairness (𝒲ℱ) of an action as a TLA formula.
Equations
- tlafml𝒲ℱ_ = Lean.ParserDescr.node `tlafml𝒲ℱ_ 1023 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol "𝒲ℱ") (Lean.ParserDescr.cat `term 1024))
Instances For
Universally quantified TLA formula.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Existentially quantified TLA formula.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Big-operator heads (⋀, ⋁) for TLA formulas.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Big conjunction/disjunction of a TLA formula over a collection.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Elaborate a TLA formula into a term.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Sequent notation p |-tla- q for entailment.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Validity notation |-tla- p.
Equations
- «term|-tla-_» = Lean.ParserDescr.node `«term|-tla-_» 1024 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol "|-tla- ") (Lean.ParserDescr.cat `tlafml 1024))
Instances For
Equality notation p =tla= q between TLA formulas.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Satisfaction notation e |=tla= p.
Equations
- «term_|=tla=_» = Lean.ParserDescr.trailingNode `«term_|=tla=_» 1022 0 (Lean.ParserDescr.binary `andthen (Lean.ParserDescr.symbol " |=tla= ") (Lean.ParserDescr.cat `tlafml 0))
Instances For
Pretty-Printing for TLA Notations #
Converting a syntax in term category into tlafml.
This is useful in the cases where we want to eliminate the redundant [tlafml| ... ]
wrapper of some sub-formula when it is inside a tlafml.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Converting a syntax in term category into tlafml,
by inserting [tlafml| ... ] wrapper if needed.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Annotate the syntax with term info for the delaborator.
Equations
- TLA.annAsTerm stx = (fun (x : Lean.Syntax) => { raw := x }) <$> do let a ← Lean.PrettyPrinter.Delaborator.annotateTermInfo { raw := stx.raw } pure a.raw
Instances For
Delaborate the current expression into tlafml syntax. fuel bounds the
recursion depth; each recursive call descends into a strict subexpression,
so seeding it with the expression's depth always suffices.
Instances For
Extract the binder name and body of a delaborated lambda.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Delaborate the current expression into tlafml syntax, seeding the depth
fuel from the expression's own approximate depth.
Equations
- TLA.delabTlafmlInner = do let __do_lift ← Lean.PrettyPrinter.Delaborator.SubExpr.getExpr TLA.delabTlafmlAux (__do_lift.approxDepth.toNat + 1)
Instances For
Delaborator turning TLA predicate applications back into tlafml notation.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Unexpander rendering predImplies as the |-tla- sequent notation.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Unexpander rendering valid as the |-tla- notation.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Unexpander rendering satisfies as the |=tla= notation.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Unexpander rendering equalities between TLA formulas with =tla=.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Wrap a piece of syntax in parentheses.
Equations
- One or more equations did not get rendered due to their size.