TLA+: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 03:06, 28 April 2022 edit FrescoBot (talk \| contribs) Bots 1,125,763 edits m Bot: link syntax ← Previous edit		Latest revision as of 11:18, 2 July 2024 edit undo Explicit (talk \| contribs) Autopatrolled, Administrators 296,321 edits m Removing link(s) undefined (XFDcloser)
(18 intermediate revisions by 11 users not shown)
Line 14: \| date = January 2000 \| title = Specifying Concurrent Systems with TLA<sup>+</sup> \| publisher = IOS Press, \| location=Amsterdam \| ~~journal~~series = NATO Science Series, III: Computer and Systems Sciences \| volume = 173 ~~\| issue = Calculational System Design~~ \| pages = 183–247 \| url = http://research.microsoft.com/en-us/um/people/lamport/pubs/lamport-spec-tla-plus.pdf Line 41: \| influenced = \| operating_system = [[Cross-platform\|Cross-platform (multi-platform)]] \| license = [[MIT License]]<ref name="toolboxlicense">{{cite web ~~{{cite web~~ \| title = Tlaplus Tools - License \| website = [[CodePlex]] Line 48 ⟶ 47: \| date = 8 April 2013 \| url = https://tlaplus.codeplex.com/license \| access-date = 10 May 2015}} }}{{Dead link\|date=January 2023 \|bot=InternetArchiveBot \|fix-attempted=yes }} ~~https://tlaplus.codeplex.com/license~~ https://tlaplus.codeplex.com/license{{Dead link\|date=January 2023 \|bot=InternetArchiveBot \|fix-attempted=yes }}</ref> ~~</ref>~~ \| website = {{URL\|https://lamport.azurewebsites.net/tla/tla.html}} \| file_ext = .tla \| wikibooks = }} '''TLA<sup>+</sup>''' is a [[formal specification]] language developed by [[Leslie Lamport]]. It is used tofor ~~design~~designing, ~~model~~modelling, ~~document~~documentation, and ~~verify~~verification of programs, especially [[concurrent systems]] and [[distributed systems]]. TLA<sup>+</sup> ~~has~~is ~~been~~considered ~~described~~to asbe exhaustively-testable [[pseudocode]],<ref name="awsorig"> {{cite web \| last1 = Newcombe Line 81 ⟶ 80: \| title = Why We Should Build Software Like We Build Houses \| magazine = Wired ~~\| publisher = [[Wired (magazine)\|Wired]]~~ \| date = 25 January 2013 \| url = https://www.wired.com/2013/01/code-bugs-programming-why-we-need-specs/ Line 121 ⟶ 119: </ref> TLA<sup>+</sup> was introduced in 1999, following several decades of research into a verification method for concurrent systems. AEver since, a toolchain has ~~since~~been developed, including an [[interactive development environment\|IDE]] and a distributed model checker. The pseudocode-like language [[PlusCal]] was created in 2009; it [[Source-to-source compiler\|transpiles]] to TLA<sup>+</sup> and is useful for specifying sequential algorithms. TLA<sup>+2</sup> was announced in 2014, expanding language support for proof constructs. The current TLA<sup>+</sup> reference is [http://research.microsoft.com/en-us/um/people/lamport/tla/hyperbook.html The TLA<sup>+</sup> Hyperbook] by Leslie Lamport. ==History== Line 127 ⟶ 125: Modern [[temporal logic]] was developed by [[Arthur Prior]] in 1957, then called tense logic. Although [[Amir Pnueli]] was the first to seriously study the applications of temporal logic to [[computer science]], Prior speculated on its use a decade earlier in 1967: {{~~quote~~blockquote\|The usefulness of systems of this sort [on discrete time] does not depend on any serious metaphysical assumption that time is discrete; they are applicable in limited fields of discourse in which we are concerned only with what happens next in a sequence of discrete states, e.g. in the working of a digital computer.}} Pnueli researched the use of temporal logic in specifying and reasoning about computer programs, introducing [[linear temporal logic]] in 1977. LTL became an important tool for analysis of concurrent programs, easily expressing properties such as [[mutual exclusion]] and freedom from [[deadlock]].<ref name="temporal-logic-history"> Line 176 ⟶ 174: [[File:Leslie Lamport.jpg\|thumb\|alt=Portrait of a Caucasian man in his seventies with medium-length gray hair and a full gray beard, wearing glasses and a T-shirt.\|TLA<sup>+</sup> was developed by computer scientist and 2013 Turing award recipient [[Leslie Lamport]].]] {{~~quote~~blockquote\|However, I became disillusioned with temporal logic when I saw how Schwartz, Melliar-Smith, and Fritz Vogt were spending days trying to specify a simple [[FIFO (computing and electronics)\|FIFO queue]] – arguing over whether the properties they listed were sufficient. I realized that, despite its aesthetic appeal, writing a specification as a conjunction of temporal properties just didn't work in practice.<ref name="lamport-spec"/>}} His search for a practical method of specification resulted in the 1983 paper "Specifying Concurrent Programming Modules", which introduced the idea of describing state transitions as boolean-valued functions of primed and unprimed variables.<ref name="lamport-spec"> Line 204 ⟶ 202: \| last3 = Lamport \| first3 = Leslie \| ~~journal~~title = Correct Hardware Design and Verification Methods▼ \| ~~title~~chapter = Model ~~checking~~Checking TLA<sup>+</sup> ~~specifications~~Specifications▼ \| author-link3 = Leslie Lamport ▲ \| title = Model checking TLA<sup>+</sup> specifications ▲ \| journal = Correct Hardware Design and Verification Methods \| volume = 1703 \| pages = 54–66 Line 232 ⟶ 230: \| last = Lamport \| first = Leslie \| ~~journal~~series = Lecture Notes in Computer Science▼ \| title = Theoretical Aspects of Computing - ICTAC 2009 \| author-link = Leslie Lamport \| chapter = The PlusCal Algorithm Language ▲ \| journal = Lecture Notes in Computer Science \| volume = 5684 \| issue = Theoretical Aspects of Computing - ICTAC 2009 Line 245 ⟶ 243: \| access-date = 10 May 2015 \| isbn = 978-3-642-03465-7 }} </ref> and the TLA<sup>+</sup> proof system (TLAPS) in 2012.<ref name="tlaps-survey"/> TLA<sup>+2</sup> was announced in 2014, adding some additional language constructs as well as greatly increasing in-language support for the proof system.<ref name="tla2guide" /> Lamport is engaged in creating an updated TLA<sup>+</sup> reference, "The TLA<sup>+</sup> Hyperbook". The incomplete work is [http://research.microsoft.com/en-us/um/people/lamport/tla/hyperbook.html available] from his official website. Lamport is also creating [http://lamport.azurewebsites.net/video/videos.html The TLA<sup>+</sup> Video Course], described therein as "a work in progress that consists of the beginning of a series of video lectures to teach programmers and software engineers how to write their own TLA<sup>+</sup> specifications". ==Language== Line 333 ⟶ 331: Temporal logic operators are built into TLA<sup>+</sup>. Temporal formulas use <math>\Box P</math> to mean ''P'' is always true, and <math>\Diamond P</math> to mean ''P'' is eventually true. The operators are combined into <math>\Box \Diamond P</math> to mean ''P'' is true infinitely often, or <math>\Diamond \Box P</math> to mean eventually ''P'' will always be true. Other temporal operators include weak and strong fairness. Weak fairness WF<sub>e</sub>(''A'') means if action ''A'' is enabled ''continuously'' (i.e. without interruptions), it must eventually be taken. Strong fairness SF<sub>e</sub>(''A'') means if action ''A'' is enabled ''continually'' (repeatedly, with or without interruptions), it must eventually be taken. ~~<nowiki> </nowiki>~~Temporal existential and universal quantification are included in TLA<sup>+</sup>, although without support from the tools. User-defined operators are similar to [[Macro (computer science)\|macros]]. Operators differ from functions in that their domain need not be a set: for example, the [[Element (mathematics)\|set membership]] operator has the [[category of sets]] as its domain, which is [[set of all sets\|not a valid set]] in ZFC (since its existence leads to [[Russell's paradox]]). Recursive and anonymous user-defined operators were added in TLA<sup>+2</sup>. ===Data structures=== The foundational data structure of TLA<sup>+</sup> is the set. Sets are either explicitly enumerated or constructed from other sets using operators or with <~~syntaxhighlight lang="tex" inline~~code>{x \in S : p}</~~syntaxhighlight~~code> where ''p'' is some condition on ''x'', or <~~syntaxhighlight lang="tex" inline~~code>{e : x \in S}</~~syntaxhighlight~~code> where ''e'' is some function of ''x''. The unique [[empty set]] is represented as <code>{}</code>. [[Function (mathematics)\|Functions]] in TLA<sup>+</sup> assign a value to each element in their domain, a set. <code>[S -> T]</code> is the set of all functions with f[''x''] in ''T'', for each ''x'' in the [[Domain of a function\|domain]] set ''S''. For example, the TLA<sup>+</sup> function <code>Double[x \in Nat] == x2</code> is an element of the set <code>[Nat -> Nat]</code> so <code>Double \in [Nat -> Nat]</code> is a true statement in TLA<sup>+</sup>. Functions are also defined with <code>[x \in S \|-> e]</code> for some expression ''e'', or by modifying an existing function <code>[f EXCEPT ![v<sub>1</sub>] = v<sub>2</sub>]</code>. Line 364 ⟶ 362: ===IDE=== {{Infobox software \| name = TLA<sup>+</sup> Toolbox \| title = TLA<sup>+</sup> Toolbox \| logo = \| screenshot = TLA IDE screenshot.png Line 373 ⟶ 371: \| released = {{Start date and age\|2010\|02\|04}}<!-- {{Start date and age\|YYYY\|MM\|DD\|df=yes/no}} --> \| discontinued = \| latest release version = 1.7.02 Theano \| latest release date = {{Start date and age\|~~2020~~2022\|0402\|2502}}<!-- {{Start date and age\|YYYY\|MM\|DD\|df=yes/no}} --> \| latest preview version = 1.78.10 Clarke \| latest preview date = {{Start date and age\|2020\|0512\|0106}} \| repo = {{URL\|https://github.com/tlaplus/tlaplus}} \| programming language = [[Java (programming language)\|Java]] Line 431 ⟶ 429: \| pages = 101702–101717 \| doi = 10.1109/ACCESS.2021.3096326 \| bibcode = 2021IEEEA...9j1702K \| s2cid = 236480167 \| doi-access = free ~~\| url = https://doi.org/10.1109/ACCESS.2021.3096326~~ }} ~~\| access-date = 6 Sep 2021}}~~ </ref> It is distributed separately from the rest of the TLA<sup>+</sup> tools and is free software, distributed under the [[BSD license]].<ref>[https://tla.msr-inria.inria.fr/tlaps/content/Home.html TLA<sup>+</sup> Proof System]</ref> TLA<sup>+2</sup> greatly expanded language support for proof constructs. ==Industry use== Line 462 ⟶ 461: \| last6 = Vanzetto \| first6 = Hernán \| title = ~~TLA<sup>+</sup>~~FM ~~Proofs~~2012: Formal Methods \| chapter = TLA<sup>+</sup> Proofs \| publisher = [[Springer Berlin Heidelberg]] ~~\| journal = FM 2012: Formal Methods~~ \| volume = 7436 \| pages = 147–154 Line 480 ⟶ 479: \| last = Chris \| first = Newcombe \| title = ~~Why~~Abstract ~~Amazon~~State ~~Chose~~Machines, Alloy, B, TLA~~<sup>+</sup>~~, VDM, and Z \| ~~journal~~series = Lecture Notes in Computer Science \| chapter = Why Amazon Chose TLA<sup>+</sup> \| volume = 8477 ~~\| issue = Abstract State Machines, Alloy, B, TLA, VDM, and Z~~ \| pages = 25–39 \| publisher = [[Springer Berlin Heidelberg]] Line 512 ⟶ 511: </ref> Altreonic NV used TLA<sup>+</sup> to [[Model checking\|model check]] [[OpenComRTOS#Formal development approach\|OpenComRTOS]]. ==Examples== A [[key-value store]] with [[snapshot isolation]]: <syntaxhighlight lang="~~Haskell~~tex"> --------------------------- MODULE KeyValueStore --------------------------- CONSTANTS Key, \ The set of all keys. Line 619 ⟶ 618: </syntaxhighlight> A rule-based [[firewall (computing)\|firewall]]: <syntaxhighlight lang="~~Haskell~~tex"> ------------------------------ MODULE Firewall ------------------------------ EXTENDS Integers Line 675 ⟶ 674: </syntaxhighlight> A multi-car [[elevator]] system: <syntaxhighlight lang="~~Haskell~~tex"> ------------------------------ MODULE Elevator ------------------------------ (**************************************************************************) Line 906 ⟶ 905: ==See also== [[Communicating sequential processes]] * [[Alloy (specification language)]] * [[B-Method]]