{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

11-The Specification Language TLA+

11-The Specification Language TLA+ - The Specication...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
The Specifcation Language TLA + Stephan Merz INRIA Lorraine, LORIA, 615 rue du Jardin Botanique, F-54602 Villers-l` es-Nancy, France, [email protected] 1 Introduction The specifcation language TLA + was designed by Lamport For Formally de- scribing and reasoning about distributed algorithms. It is described in Lam- port’s book SpeciFying Systems [29], which also gives good advice on how to make the best use oF TLA + and its supporting tools. Systems are specifed in TLA + as Formulas oF the Temporal Logic oF Actions, TLA, a variant oF linear-time temporal logic also introduced by Lamport [27]. The underlying data structures are specifed in (a variant oF) Zermelo–±r¨ ankel set theory, the language accepted by most mathematicians as the standard basis For Formaliz- ing mathematics. This choice is motivated by a desire For conciseness, clarity, and Formality that befts a language oF Formal specifcation where executabil- ity or efficiency are not oF major concern. TLA + specifcations are organized in modules that can be reused independently. In a quest For minimality and orthogonality oF concepts, TLA + does not Formally distinguish between specifcations and properties: both are written as logical Formulas, and concepts such as refnement, composition oF systems, and hiding oF the internal state are expressed using logical connectives oF implication, conjunction, and quantifcation. Despite its expressiveness, TLA + is supported by tools such as model checkers and theorem provers to aid a designer in carrying out Formal developments. This chapter attempts to Formally defne the core concepts oF TLA and TLA + and to describe the motivation behind some choices, in particular with respect to competing Formalisms. BeFore doing so, an introductory overview oF system specifcation in TLA + is given using the example oF a resource allo- cator. Lamport’s book remains the defnitive reFerence For the language itselF and on the methodology For using TLA + . In particular, the module language oF TLA + is only introduced by example, and the rich standard mathematical library is only sketched. The outline oF this chapter is as Follows. Sect. 2 introduces TLA + by means oF a frst specifcation oF the resource allocator and illustrates the use
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
402 Stephan Merz of the tlc model checker. The logic of TLA is formally deFned in Sect. 3, followed by an overview of the TLA + proof rules for system veriFcation in Sect. 4. Section 5 describes the version of set theory that underlies TLA + , including some of the constructions most frequently used for specifying data. The resource allocator example is taken up again in Sect. 6, where an improved high-level speciFcation is given and a step towards a distributed reFnement is taken. ±inally, Sect. 7 contains some concluding remarks.
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 51

11-The Specification Language TLA+ - The Specication...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online