Post on 03-Feb-2022
1
Verified Software Systems 1
6. TLA
Temporal Logic of Actions (TLA)Leslie Lamport
Based on slides of
John A. AkinyemiDepartment of Computer Science
University of Manitoba
and
Stephan MerzINRIA Lorraine & LORIA
Nancy, France
Verified Software Systems 2
Introductional Example
2
Verified Software Systems 3
Explanation
Verified Software Systems 4
Structure
3
Verified Software Systems 5
Fairness
Verified Software Systems 6
Specifications
4
Verified Software Systems 7
TLA
Verified Software Systems 8
Anatomy of TLA
5
Verified Software Systems 9
...
Verified Software Systems 10
...
6
Verified Software Systems 11
...
Verified Software Systems 12
...
7
Verified Software Systems 13
...
Verified Software Systems 14
...
8
Verified Software Systems 15
Verification
Verified Software Systems 16
Deductive Verification
9
Verified Software Systems 17
Example
Verified Software Systems 18
TLC
10
Verified Software Systems 19
Output of TLC
Verified Software Systems 20
Comments
11
Verified Software Systems 21
The Language TLA+
Verified Software Systems 22
Specifying Data in TLA+
12
Verified Software Systems 23
Choice
Verified Software Systems 24
Choice vs. non-determinism
13
Verified Software Systems 25
Functional values in TLA+
Verified Software Systems 26
Recursion
14
Verified Software Systems 27
Modules in TLA+
Verified Software Systems 28
Principle of unique names
15
Verified Software Systems 29
Module Instantiation
Verified Software Systems 30
Case study: a resource allocator
16
Verified Software Systems 31
A first solution
Verified Software Systems 32
A first solution ...
17
Verified Software Systems 33
A first solution ...
Verified Software Systems 34
Checking some properties with TLC
18
Verified Software Systems 35
The specification SimpleAllocator is wrong.
Verified Software Systems 36
The specication SimpleAllocator is wrong.
19
Verified Software Systems 37
Second solution
Verified Software Systems 38
Second solution ...
20
Verified Software Systems 39
Second solution ...
Verified Software Systems 40
Second solution ...
21
Verified Software Systems 41
Second solution ...
Verified Software Systems 42
Second solution ...
22
Verified Software Systems 43
Comment
Verified Software Systems 44
Summary of case study
23
Verified Software Systems 45
Conclusion
� TLA formulas semantically follows the semantics of RTLA - a logic of actions.
� TLA is a language for writing predicates, state functions, and actions, and a logic for reasoningabout them.
� TLA is useful for specifying and verifying safetyand liveness properties of discrete systems.
� TLA has tools that aid program specifications and verifications.
Verified Software Systems 46
Conclusion
� A safety property asserts all constraints that ensure the system does not enter an undesired state, and a liveness property asserts that the system performs all specified actions.
� TLA makes it practical to describe a system by a single formula.
� TLA can be used to formalize the transitions and evolution of states in a dynamic system, e.g. I intend to use TLA to formalize the UML State diagrams in my thesis.
24
Verified Software Systems 47
Example and Software
� Get TLA+ fromhttp://research.microsoft.com/users/lamport/tla/tools.htmlJava Version for Windows available
� Get the TLA+ Eclipse plugin fromhttp://www.techjava.de/projects/etla-plugin/
Verified Software Systems 48
References
1. Leslie Lamport. Introduction to TLA. Technical Report# 1994-001, Digital Systems Research Center, 1994. Available at http://www.research.digital.com/SRC/
2. Leslie Lamport. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers, Addison-Wesley, 2003.
3. Leslie Lamport. The Temporal Logic of Actions. ACM Transactions on Programming Languages and Systems, 16(3):872-923, May 1994.
4. DisCo. http://disco.cs.tut.fi/index.html
5. TLA. http://research.microsoft.com/users/lamport/tla/tla.html
6. Work With and On Lamport's TLA. http://www.rvs.uni-bielefeld.de/publications/ abstracts.html#TLA