6. TLA Temporal Logic of Actions (TLA) Leslie Lamport Based on slides of John A. Akinyemi Department of Computer Science University of Manitoba and Stephan Merz INRIA Lorraine & LORIA Nancy, France Verified Software Systems 1 Introductional Example Verified Software Systems 2 1 Explanation Verified Software Systems 3 Verified Software Systems 4 Structure 2 Fairness Verified Software Systems 5 Verified Software Systems 6 Specifications 3 TLA Verified Software Systems 7 Anatomy of TLA Verified Software Systems 8 4 ... Verified Software Systems 9 Verified Software Systems 10 ... 5 ... Verified Software Systems 11 Verified Software Systems 12 ... 6 ... Verified Software Systems 13 Verified Software Systems 14 ... 7 Verification Verified Software Systems 15 Deductive Verification Verified Software Systems 16 8 Example Verified Software Systems 17 Verified Software Systems 18 TLC 9 Output of TLC Verified Software Systems 19 Verified Software Systems 20 Comments 10 The Language TLA+ Verified Software Systems 21 Specifying Data in TLA+ Verified Software Systems 22 11 Choice Verified Software Systems 23 Choice vs. non-determinism Verified Software Systems 24 12 Functional values in TLA+ Verified Software Systems 25 Verified Software Systems 26 Recursion 13 Modules in TLA+ Verified Software Systems 27 Principle of unique names Verified Software Systems 28 14 Module Instantiation Verified Software Systems 29 Case study: a resource allocator Verified Software Systems 30 15 A first solution Verified Software Systems 31 A first solution ... Verified Software Systems 32 16 A first solution ... Verified Software Systems 33 Checking some properties with TLC Verified Software Systems 34 17 The specification SimpleAllocator is wrong. Verified Software Systems 35 The specication SimpleAllocator is wrong. Verified Software Systems 36 18 Second solution Verified Software Systems 37 Second solution ... Verified Software Systems 38 19 Second solution ... Verified Software Systems 39 Second solution ... Verified Software Systems 40 20 Second solution ... Verified Software Systems 41 Second solution ... Verified Software Systems 42 21 Comment Verified Software Systems 43 Summary of case study Verified Software Systems 44 22 Conclusion TLA formulas semantically follows the semantics of RTLA - a logic of actions. TLA is a language for writing predicates, state functions, and actions, and a logic for reasoning about them. TLA is useful for specifying and verifying safety and liveness properties of discrete systems. TLA has tools that aid program specifications and verifications. Verified Software Systems 45 Conclusion A safety property asserts all constraints that ensure the system does not enter an undesired state, and a liveness property asserts that the system performs all specified actions. TLA makes it practical to describe a system by a single formula. TLA can be used to formalize the transitions and evolution of states in a dynamic system, e.g. I intend to use TLA to formalize the UML State diagrams in my thesis. Verified Software Systems 46 23 Example and Software Get TLA+ from http://research.microsoft.com/users/lampor t/tla/tools.html Java Version for Windows available Get the TLA+ Eclipse plugin from http://www.techjava.de/projects/etlaplugin/ Verified Software Systems 47 References 1. 2. 3. 4. 5. 6. Leslie Lamport. Introduction to TLA. Technical Report # 1994-001, Digital Systems Research Center, 1994. Available at http://www.research.digital.com/SRC/ Leslie Lamport. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers, Addison-Wesley, 2003. Leslie Lamport. The Temporal Logic of Actions. ACM Transactions on Programming Languages and Systems, 16(3):872-923, May 1994. DisCo. http://disco.cs.tut.fi/index.html TLA. http://research.microsoft.com/users/lamport/ tla/tla.html Work With and On Lamport's TLA. http://www.rvs.unibielefeld.de/publications/ abstracts.html#TLA Verified Software Systems 48 24
© Copyright 2024 Paperzz
