Temporal Logic of Actions (TLA) - Institute for Software Systems

6. TLA
Temporal Logic of Actions (TLA)
Leslie Lamport
Based on slides of
John A. Akinyemi
Department of Computer Science
University of Manitoba
and
Stephan Merz
INRIA Lorraine & LORIA
Nancy, France
Verified Software Systems
1
Introductional Example
Verified Software Systems
2
1
Explanation
Verified Software Systems
3
Verified Software Systems
4
Structure
2
Fairness
Verified Software Systems
5
Verified Software Systems
6
Specifications
3
TLA
Verified Software Systems
7
Anatomy of TLA
Verified Software Systems
8
4
...
Verified Software Systems
9
Verified Software Systems
10
...
5
...
Verified Software Systems
11
Verified Software Systems
12
...
6
...
Verified Software Systems
13
Verified Software Systems
14
...
7
Verification
Verified Software Systems
15
Deductive Verification
Verified Software Systems
16
8
Example
Verified Software Systems
17
Verified Software Systems
18
TLC
9
Output of TLC
Verified Software Systems
19
Verified Software Systems
20
Comments
10
The Language TLA+
Verified Software Systems
21
Specifying Data in TLA+
Verified Software Systems
22
11
Choice
Verified Software Systems
23
Choice vs. non-determinism
Verified Software Systems
24
12
Functional values in TLA+
Verified Software Systems
25
Verified Software Systems
26
Recursion
13
Modules in TLA+
Verified Software Systems
27
Principle of unique names
Verified Software Systems
28
14
Module Instantiation
Verified Software Systems
29
Case study: a resource allocator
Verified Software Systems
30
15
A first solution
Verified Software Systems
31
A first solution ...
Verified Software Systems
32
16
A first solution ...
Verified Software Systems
33
Checking some properties with TLC
Verified Software Systems
34
17
The specification SimpleAllocator is wrong.
Verified Software Systems
35
The specication SimpleAllocator is wrong.
Verified Software Systems
36
18
Second solution
Verified Software Systems
37
Second solution ...
Verified Software Systems
38
19
Second solution ...
Verified Software Systems
39
Second solution ...
Verified Software Systems
40
20
Second solution ...
Verified Software Systems
41
Second solution ...
Verified Software Systems
42
21
Comment
Verified Software Systems
43
Summary of case study
Verified Software Systems
44
22
Conclusion
TLA formulas semantically follows the semantics
of RTLA - a logic of actions.
TLA is a language for writing predicates, state
functions, and actions, and a logic for reasoning
about them.
TLA is useful for specifying and verifying safety
and liveness properties of discrete systems.
TLA has tools that aid program specifications
and verifications.
Verified Software Systems
45
Conclusion
A safety property asserts all constraints that ensure
the system does not enter an undesired state, and
a liveness property asserts that the system
performs all specified actions.
TLA makes it practical to describe a system by a
single formula.
TLA can be used to formalize the transitions and
evolution of states in a dynamic system, e.g. I
intend to use TLA to formalize the UML State
diagrams in my thesis.
Verified Software Systems
46
23
Example and Software
Get TLA+ from
http://research.microsoft.com/users/lampor
t/tla/tools.html
Java Version for Windows available
Get the TLA+ Eclipse plugin from
http://www.techjava.de/projects/etlaplugin/
Verified Software Systems
47
References
1.
2.
3.
4.
5.
6.
Leslie Lamport. Introduction to TLA. Technical Report
# 1994-001, Digital Systems Research Center, 1994.
Available at http://www.research.digital.com/SRC/
Leslie Lamport. Specifying Systems: The TLA+
Language and Tools for Hardware and Software
Engineers, Addison-Wesley, 2003.
Leslie Lamport. The Temporal Logic of Actions. ACM
Transactions on Programming Languages and
Systems, 16(3):872-923, May 1994.
DisCo. http://disco.cs.tut.fi/index.html
TLA. http://research.microsoft.com/users/lamport/
tla/tla.html
Work With and On Lamport's TLA. http://www.rvs.unibielefeld.de/publications/ abstracts.html#TLA
Verified Software Systems
48
24