Content deleted Content added
m →IDE |
|||
| (32 intermediate revisions by 23 users not shown) | |||
Line 11:
| last = Lamport
| first = Leslie
|
| date = January 2000
| title = Specifying Concurrent Systems with TLA<sup>+</sup>
| publisher = IOS Press
| location=Amsterdam |
| volume = 173
| pages = 183–247
| url = http://research.microsoft.com/en-us/um/people/lamport/pubs/lamport-spec-tla-plus.pdf
| isbn = 978-90-5199-459-9
|
</ref>
| designer = [[Leslie Lamport]]
Line 32:
| last = Lamport
| first = Leslie
|
| date = 15 January 2014
| access-date = 2 May 2015}}
Line 41:
| influenced =
| operating_system = [[Cross-platform|Cross-platform (multi-platform)]]
| license = [[MIT License]]<ref name="toolboxlicense">{{cite web
| title = Tlaplus Tools - License
| website = [[CodePlex]]
Line 48 ⟶ 47:
| date = 8 April 2013
| url = https://tlaplus.codeplex.com/license
|
}}{{Dead link|date=January 2023 |bot=InternetArchiveBot |fix-attempted=yes }}
https://tlaplus.codeplex.com/license{{Dead link|date=January 2023 |bot=InternetArchiveBot |fix-attempted=yes }}</ref>
| website = {{URL|
| file_ext = .tla
| wikibooks =
}}
'''TLA<sup>+</sup>''' is a [[formal specification]] language developed by [[Leslie Lamport]]. It is used
{{cite web
|
|
| last2 = Rath
| first2 = Tim
Line 73 ⟶ 72:
| date = 29 September 2014
| url = http://research.microsoft.com/en-us/um/people/lamport/tla/formal-methods-amazon.pdf
|
</ref> and its use likened to [[Technical drawing|drawing blueprints]] for software systems;<ref name="wired">
{{cite
| last = Lamport
| first = Leslie
|
| title = Why We Should Build Software Like We Build Houses
|
| publisher = [[Wired (magazine)|Wired]]▼
| date = 25 January 2013
| url = https://www.wired.com/2013/01/code-bugs-programming-why-we-need-specs/
|
</ref> ''TLA'' is an [[acronym]] for [[Temporal Logic of Actions]].
Line 91 ⟶ 89:
| last = Lamport
| first = Leslie
|
| title = Specifying Systems: The TLA<sup>+</sup> Language and Tools for Hardware and Software Engineers
| chapter = 7.1 Why Specify
Line 108 ⟶ 106:
| last = Lamport
| first = Leslie
|
| title = How to Write a 21st Century Proof
| journal = Journal of Fixed Point Theory and Applications
Line 117 ⟶ 115:
| issn = 1661-7738
| doi = 10.1007/s11784-012-0071-6
|
| access-date = 23 May 2015}}
</ref>
TLA<sup>+</sup> was introduced in 1999, following several decades of research into a verification method for concurrent systems.
==History==
[[File:Amir Pnueli.jpg|thumb|alt=Portrait of an Israeli man in his sixties. His hair is short and balding, and he is wearing glasses with a dress shirt and jacket.|[[Amir Pnueli]] applied temporal logic to computer science, for which he received the 1996 [[Turing
Modern [[temporal logic]] was developed by [[Arthur Prior]] in 1957, then called tense logic. Although [[Amir Pnueli]] was the first to seriously study the applications of temporal logic to [[computer science]], Prior speculated on its use a decade earlier in 1967:
{{
Pnueli researched the use of temporal logic in specifying and reasoning about computer programs, introducing [[linear temporal logic]] in 1977. LTL became an important tool for analysis of concurrent programs, easily expressing properties such as [[mutual exclusion]] and freedom from [[deadlock]].<ref name="temporal-logic-history">
Line 149 ⟶ 148:
| last = Lamport
| first = Leslie
|
| title = The Writings of Leslie Lamport: Proving the Correctness of Multiprocess Programs
| url = http://research.microsoft.com/en-us/um/people/lamport/pubs/pubs.html#proving
|
</ref> This method was used to verify the first concurrent [[Garbage collection (computer science)|garbage collection]] algorithm in a 1978 paper with [[Edsger Dijkstra]].<ref name="lamport-garbage">
{{cite web
| last = Lamport
| first = Leslie
|
| title = The Writings of Leslie Lamport: On-the-fly Garbage Collection: an Exercise in Cooperation
| url = http://research.microsoft.com/en-us/um/people/lamport/pubs/pubs.html#garbage
|
</ref>
Line 167 ⟶ 166:
| last = Lamport
| first = Leslie
|
| title = The Writings of Leslie Lamport: 'Sometime' is Sometimes 'Not Never'
| url = http://research.microsoft.com/en-us/um/people/lamport/pubs/pubs.html#sometime
|
</ref> Lamport worked on writing temporal logic specifications during his time at [[SRI International|SRI]], but found the approach to be impractical:
[[File:Leslie Lamport.jpg|thumb|alt=Portrait of a Caucasian man in his seventies with medium-length gray hair and a full gray beard, wearing glasses and a T-shirt.|TLA<sup>+</sup> was developed by computer scientist and 2013 Turing award recipient [[Leslie Lamport]].]]
{{
His search for a practical method of specification resulted in the 1983 paper "Specifying Concurrent Programming Modules", which introduced the idea of describing state transitions as boolean-valued functions of primed and unprimed variables.<ref name="lamport-spec">
Line 181 ⟶ 180:
| last = Lamport
| first = Leslie
|
| title = The Writings of Leslie Lamport: Specifying Concurrent Programming Modules
| url = http://research.microsoft.com/en-us/um/people/lamport/pubs/pubs.html#spec
|
</ref> Work continued throughout the 1980s, and Lamport began publishing papers on the [[temporal logic of actions]] in 1990; however, it was not formally introduced until "The Temporal Logic of Actions" was published in 1994. TLA enabled the use of [[Action language|actions]] in temporal formulas, which according to Lamport "provides an elegant way to formalize and systematize all the reasoning used in concurrent system verification."<ref name="lamport-actions">
{{cite web
| last = Lamport
| first = Leslie
|
| title = The Writings of Leslie Lamport: The Temporal Logic of Actions
| url = http://research.microsoft.com/en-us/um/people/lamport/pubs/pubs.html#lamport-actions
|
</ref>
Line 203 ⟶ 202:
| last3 = Lamport
| first3 = Leslie
| authorlink3 = Leslie Lamport▼
|
| author-link3 = Leslie Lamport
▲ | journal = Correct Hardware Design and Verification Methods
| volume = 1703
| pages = 54–66
Line 212 ⟶ 211:
| doi = 10.1007/3-540-48153-2_6
| url = http://research.microsoft.com/en-us/um/people/lamport/pubs/yuanyu-model-checking.pdf
|
| isbn = 978-3-540-66559-5
}}
Line 221 ⟶ 220:
| last = Lamport
| first = Leslie
|
| title = Specifying Systems: The TLA<sup>+</sup> Language and Tools for Hardware and Software Engineers
| publisher = [[Addison-Wesley]]
Line 231 ⟶ 230:
| last = Lamport
| first = Leslie
▲ | authorlink = Leslie Lamport
| title =
▲ | journal = Lecture Notes in Computer Science
| chapter = The PlusCal Algorithm Language
| volume = 5684
| issue = Theoretical Aspects of Computing - ICTAC 2009
Line 239:
| publisher = [[Springer Berlin Heidelberg]]
| date = 2 January 2009
| chapter-url = http://research.microsoft.com/en-us/um/people/lamport/pubs/pluscal.pdf
| doi = 10.1007/978-3-642-03466-4_2
|
}}
</ref> and the TLA<sup>+</sup> proof system (TLAPS) in 2012.<ref name="tlaps-survey"/> TLA<sup>+2</sup> was announced in 2014, adding some additional language constructs as well as greatly increasing in-language support for the proof system.<ref name="tla2guide" /> Lamport is engaged in creating an updated TLA<sup>+</sup> reference, "The TLA<sup>+</sup> Hyperbook". The incomplete work is [http://research.microsoft.com/en-us/um/people/lamport/tla/hyperbook.html available] from his official website. Lamport is also creating [http://lamport.azurewebsites.net/video/videos.html The TLA<sup>+</sup> Video Course], described therein as "a work in progress that consists of the beginning of a series of video lectures to teach programmers and software engineers how to write their own TLA<sup>+</sup> specifications".
==Language==
Line 299:
| last = Lamport
| first = Leslie
|
| title = Specifying Systems: The TLA<sup>+</sup> Language and Tools for Hardware and Software Engineers
| chapter = 8.9.2 Machine Closure
Line 314:
| last = Lamport
| first = Leslie
|
| title = Specifying Systems: The TLA<sup>+</sup> Language and Tools for Hardware and Software Engineers
| chapter = 8.9.6 Temporal Logic Considered Confusing
Line 327:
===Operators===
TLA<sup>+</sup> is based on [[Zermelo–Fraenkel set theory|ZF]], so operations on variables involve set manipulation. The language includes set [[Element (mathematics)|membership]], [[Union (set theory)|union]], [[Intersection (set theory)|intersection]], [[Relative complement|difference]], [[powerset]], and [[subset]] operators. [[First-order logic]] operators such as {{math|∨}}, {{math|∧}}, {{math|¬}}, {{math|
Temporal logic operators are built into TLA<sup>+</sup>. Temporal formulas use <math>\Box P</math> to mean ''P'' is always true, and <math>\Diamond P</math> to mean ''P'' is eventually true. The operators are combined into <math>\Box \Diamond P</math> to mean ''P'' is true infinitely often, or <math>\Diamond \Box P</math> to mean eventually ''P'' will always be true. Other temporal operators include weak and strong fairness. Weak fairness WF<sub>e</sub>(''A'') means if action ''A'' is enabled ''continuously'' (i.e. without interruptions), it must eventually be taken. Strong fairness SF<sub>e</sub>(''A'') means if action ''A'' is enabled ''continually'' (repeatedly, with or without interruptions), it must eventually be taken.
User-defined operators are similar to [[Macro (computer science)|macros]]. Operators differ from functions in that their domain need not be a set: for example, the [[Element (mathematics)|set membership]] operator has the [[category of sets]] as its domain, which is [[set of all sets|not a valid set]] in ZFC (since its existence leads to [[Russell's paradox]]). Recursive and anonymous user-defined operators were added in TLA<sup>+2</sup>.
===Data structures===
The foundational data structure of TLA<sup>+</sup> is the set. Sets are either explicitly enumerated or constructed from other sets using operators or with <
[[Function (mathematics)|Functions]] in TLA<sup>+</sup> assign a value to each element in their domain, a set. <code>[S -> T]</code> is the set of all functions with f[''x''] in ''T'', for each ''x'' in the [[Domain of a function|domain]] set ''S''. For example, the TLA<sup>+</sup> function <code>Double[x \in Nat] == x*2</code> is an element of the set <code>[Nat -> Nat]</code> so <code>Double \in [Nat -> Nat]</code> is a true statement in TLA<sup>+</sup>. Functions are also defined with <code>[x \in S |-> e]</code> for some expression ''e'', or by modifying an existing function <code>[f EXCEPT ![v<sub>1</sub>] = v<sub>2</sub>]</code>.
Line 362:
===IDE===
{{Infobox software
| name = TLA<sup>+</sup> Toolbox
| title = TLA<sup>+</sup> Toolbox
| logo =
| screenshot = TLA IDE screenshot.png
Line 371:
| released = {{Start date and age|2010|02|04}}<!-- {{Start date and age|YYYY|MM|DD|df=yes/no}} -->
| discontinued =
| latest release version = 1.
| latest release date = {{Start date and age|
| latest preview version = 1.
| latest preview date = {{Start date and age|2020|
| repo = {{URL|https://github.com/tlaplus/tlaplus}}
| programming language = [[Java (programming language)|Java]]
Line 418:
| publisher = [[Microsoft Research]] - [[INRIA]] Joint Centre
| url = https://tla.msr-inria.inria.fr/tlaps/content/Documentation/Unsupported_features.html
|
</ref> TLAPS has been used to prove correctness of [[Paxos (computer science)#Byzantine Paxos|Byzantine Paxos]], the Memoir security architecture,
| last = Koutanov
| first = Emil
| title = Spire: A Cooperative, Phase-Symmetric Solution to Distributed Consensus
| journal = IEEE Access
| date = 12 July 2021
| volume = 9
| pages = 101702–101717
| doi = 10.1109/ACCESS.2021.3096326
| bibcode = 2021IEEEA...9j1702K
| s2cid = 236480167
| doi-access = free
}}
</ref> It is distributed separately from the rest of the TLA<sup>+</sup> tools and is free software, distributed under the [[BSD license]].<ref>[https://tla.msr-inria.inria.fr/tlaps/content/Home.html TLA<sup>+</sup> Proof System]</ref> TLA<sup>+2</sup> greatly expanded language support for proof constructs.
==Industry use==
Line 431 ⟶ 445:
| date = 3 April 2014
| url = http://channel9.msdn.com/Events/Build/2014/3-642#time=21m46s
|
</ref> TLA<sup>+</sup> was used to write formal proofs of correctness for [[Paxos (computer science)#Byzantine Paxos|Byzantine Paxos]] and components of the [[Pastry (DHT)|Pastry distributed hash table]].<ref name="tlaps-survey">
{{cite book
Line 440 ⟶ 454:
| last3 = Lamport
| first3 = Leslie
|
| last4 = Merz
| first4 = Stephan
Line 447 ⟶ 461:
| last6 = Vanzetto
| first6 = Hernán
| title =
| chapter = TLA<sup>+</sup> Proofs
| publisher = [[Springer Berlin Heidelberg]]
| volume = 7436
| pages = 147–154
Line 455 ⟶ 469:
| doi = 10.1007/978-3-642-32759-9_14
| url = http://research.microsoft.com/en-us/um/people/lamport/pubs/tlaps.pdf
|
| isbn = 978-3-642-32758-2
| s2cid = 5243433
}}
</ref>
Line 464 ⟶ 479:
| last = Chris
| first = Newcombe
| title =
|
| chapter = Why Amazon Chose TLA<sup>+</sup>
| volume = 8477
| pages = 25–39
| publisher = [[Springer Berlin Heidelberg]]
Line 484 ⟶ 499:
| date = 10 May 2017
| url = https://techcrunch.com/2017/05/10/with-cosmos-db-microsoft-wants-to-build-one-database-to-rule-them-all/
|
</ref><ref name="lamportcosmos">
{{cite AV media
Line 493 ⟶ 508:
| date = 10 May 2017
| url = https://www.youtube.com/watch?v=L_PPKyAsR3w
|
</ref>
Altreonic NV used TLA<sup>+</sup> to [[Model checking|model check]] [[OpenComRTOS#Formal development approach|OpenComRTOS]].
==Examples==
<syntaxhighlight lang="tex">
--------------------------- MODULE KeyValueStore ---------------------------
CONSTANTS Key, \* The set of all keys.
Line 600 ⟶ 616:
THEOREM Spec => [](TypeInvariant /\ TxLifecycle)
=============================================================================
</syntaxhighlight>
<syntaxhighlight lang="tex">
▲<div class="NavHead">A rule-based [[firewall (computing)|firewall]]</div>
------------------------------ MODULE Firewall ------------------------------
EXTENDS Integers
Line 661 ⟶ 672:
/\ \A rule \in matches : rule.allow
=============================================================================
</syntaxhighlight>
<syntaxhighlight lang="tex">
▲<div class="NavHead">A multi-car [[elevator]] system</div>
------------------------------ MODULE Elevator ------------------------------
(***************************************************************************)
Line 895 ⟶ 902:
=============================================================================
</syntaxhighlight>
==See also==
* [[Communicating sequential processes]]
* [[Alloy (specification language)]]
* [[B-Method]]
| |||