Merge pull request #1 from lemmy/master

Add MIT license for Examples repository and "Tower of Hanoi" example specification

Author: lemmy

LICENSE.md

@@ -0,0 +1,24 @@
+All these TLA+ examples are licensed under the MIT License.
+
+> Copyright (c) 2016: The TLA+ project and other contributors:
+> https://github.com/tlaplus/Examples/graphs/contributors
+>
+>
+> Permission is hereby granted, free of charge, to any person obtaining
+> a copy of this software and associated documentation files (the
+> "Software"), to deal in the Software without restriction, including
+> without limitation the rights to use, copy, modify, merge, publish,
+> distribute, sublicense, and/or sell copies of the Software, and to
+> permit persons to whom the Software is furnished to do so, subject to
+> the following conditions:
+>
+> The above copyright notice and this permission notice shall be
+> included in all copies or substantial portions of the Software.
+>
+> THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+> EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+> MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+> NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+> LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+> OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+> WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

specifications/tower_of_hanoi/Bits.java

@@ -0,0 +1,8 @@
+import tlc2.value.IntValue;
+
+public class Bits {
+    public static IntValue And(IntValue x, IntValue y) {
+        return IntValue.gen(x.val & y.val);
+    }
+}
+

specifications/tower_of_hanoi/Bits.tla

@@ -0,0 +1,20 @@
+-------------------------------- MODULE Bits --------------------------------
+
+\* Implemented by Bits.java. Manually create a
+\* .java file with the content from below copy&pasted 
+\* and compile it (javac) against tla2tools.jar. Place
+\* resulting .class file on the CLASSPATH when running
+\* TLC.
+\*
+\* javac -cp /path/to/tla2tools.jar Bits.java 
+LOCAL And(x,y) == FALSE
+
+(***************************************************************************)
+(* Bitwise AND of x and y                                                  *)
+(***************************************************************************)
+x & y == And(x, y) \* Infix variant of And(x,y)
+
+=============================================================================
+\* Modification History
+\* Last modified Tue May 17 15:07:08 CEST 2016 by markus
+\* Created Mon May 16 15:09:18 CEST 2016 by markus

specifications/tower_of_hanoi/Hanoi.tla

@@ -0,0 +1,122 @@
+------------------------------- MODULE Hanoi -------------------------------
+EXTENDS Naturals, Bits, FiniteSets, TLC
+
+(***************************************************************************)
+(* TRUE iff i is a power of two                                            *)
+(***************************************************************************)
+PowerOfTwo(i) == i & (i-1) = 0
+
+(***************************************************************************)
+(* A set of all powers of two up to n                                      *)
+(***************************************************************************)
+SetOfPowerOfTwo(n) == {x \in 1..(2^n-1): PowerOfTwo(x)}
+
+(***************************************************************************)
+(* Copied from TLA+'s Bags standard library. The sum of f[x] for all x in  *)
+(* DOMAIN f.                                                               *)
+(***************************************************************************)
+Sum(f) == LET DSum[S \in SUBSET DOMAIN f] ==
+               LET elt == CHOOSE e \in S : TRUE
+               IN  IF S = {} THEN 0
+                             ELSE f[elt] + DSum[S \ {elt}]
+          IN  DSum[DOMAIN f]
+
+(***************************************************************************)
+(* D is number of disks and N number of towers                             *)
+(***************************************************************************)
+CONSTANT D, N
+
+(***************************************************************************)
+(* Towers of Hanoi with N towers                                           *)
+(***************************************************************************)
+VARIABLES towers
+vars == <<towers>>
+
+(***************************************************************************)
+(* The total sum of all towers must amount to the disks in the system      *)
+(***************************************************************************)
+Inv == Sum(towers) = 2^D - 1
+
+(* Towers are naturals in the interval (0, 2^D] *)
+TypeOK == /\ \A i \in DOMAIN towers : /\ towers[i] \in Nat \* Towers are represented by natural numbers
+                                      /\ towers[i] < 2^D
+          
+(***************************************************************************)
+(* Now we define of the initial predicate, that specifies the initial      *)
+(* values of the variables.                                                *)
+(***************************************************************************)
+Init == /\ towers = [i \in 1..N |-> IF i = 1 THEN 2^D - 1 ELSE 0] \* all towers are empty except all disks are on the first Tower
+
+(***************************************************************************)
+(* TRUE iff the tower is empty                                             *)
+(***************************************************************************)
+IsEmptyTower(tower) == tower = 0
+
+(***************************************************************************)
+(* TRUE iff the disk is located on the given tower                         *)
+(***************************************************************************)    
+IsOnTower(tower, disk) == /\ tower & disk = disk
+
+(***************************************************************************)
+(* TRUE iff disk is the smallest disk on tower                             *)
+(***************************************************************************)
+IsSmallestDisk(tower, disk) == /\ IsOnTower(tower, disk)
+                               /\ tower & (disk - 1) = 0 \* All less significant bits are 0
+
+(***************************************************************************)
+(* TRUE iff disk can be moved off of tower                                 *)
+(***************************************************************************)
+CanMoveOff(tower, disk) == /\ IsOnTower(tower, disk)
+                           /\ IsSmallestDisk(tower, disk)
+
+(***************************************************************************)
+(* TRUE iff disk can be moved to the tower                                 *)
+(***************************************************************************)
+CanMoveTo(tower, disk) == \/ tower & (disk - 1) = 0
+                          \/ IsEmptyTower(tower)
+
+(***************************************************************************)
+(*                                                                         *)
+(***************************************************************************)
+Move(from, to, disk) == /\ CanMoveOff(towers[from], disk)
+                        /\ CanMoveTo(towers[to], disk)
+                        /\ towers' = [towers EXCEPT ![from] = towers[from] - disk,  \* Remaining tower does not change
+                                                    ![to] = towers[to] + disk]
+
+(***************************************************************************)
+(* Define all possible actions that disks can perform.                     *)
+(***************************************************************************)
+Next == \E d \in SetOfPowerOfTwo(D): \E idx1, idx2 \in DOMAIN towers: 
+            /\ idx1 # idx2 \* No need to try to move onto the same tower (Move(...) prevents it too)
+            /\ Move(idx1, idx2, d)
+	
+(***************************************************************************)
+(* We define the formula Spec to be the complete specification, asserting  *)
+(* of a behavior that it begins in a state satisfying Init, and that every *)
+(* step either satisfies Next or else leaves the pair <<big, small>>       *)
+(* unchanged.                                                              *)
+(***************************************************************************)
+Spec == Init /\ [][Next]_vars
+-----------------------------------------------------------------------------
+
+(***************************************************************************)
+(* The final configuration has all disks on the right tower. If TLC is set *)
+(* to run with an invariant rightTower # 2^N-1, it will search for         *)
+(* configurations in which this invariant is violated. If violation can be *)
+(* found, the stack trace shows the steps to solve the Hanoi problem.      *)
+(***************************************************************************)
+NotSolved == towers[N] # 2^D - 1
+
+(***************************************************************************)
+(* We find a solution by having TLC check if NotSolved is an invariant,    *)
+(* which will cause it to print out an "error trace" consisting of a       *)
+(* behavior ending in a state where NotSolved is false. With three disks,  *)
+(* and three towers the puzzle can be solved in seven moves.               *)
+(* The minimum number of moves required to solve a Tower of Hanoi puzzle   *)
+(* generally is 2n - 1, where n is the number of disks. Thus, the counter- *)
+(* examples shown by TLC will be of length 2n-1                            *)
+(***************************************************************************)
+=============================================================================
+\* Modification History
+\* Last modified Tue May 17 14:55:33 CEST 2016 by markus
+\* Created Sun Jul 17 10:20:57 CEST 2011 by markus

specifications/tower_of_hanoi/README.md

@@ -0,0 +1,3 @@
+# Tower of Hanoi
+A specification of the ["Tower of Hanoi" problem](https://en.wikipedia.org/wiki/Tower_of_Hanoi)
+with the number of disk and towers defined by the model.