Skip to main content
SpringerLink
Log in

Extracting Symbolic Transitions from TLA\(^{+}\) Specifications

  • Conference paper
  • First Online:
Abstract State Machines, Alloy, B, TLA, VDM, and Z (ABZ 2018)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10817))

Abstract

In \(\textsc {TLA}^{+}\), a system specification is written as a logical formula that restricts the system behavior. As a logic, \(\textsc {TLA}^{+}\) does not have assignments and other imperative statements that are used by model checkers to compute the successor states of a system state. Model checkers compute successors either explicitly — by evaluating program statements — or symbolically — by translating program statements to an SMT formula and checking its satisfiability. To efficiently enumerate the successors, TLA’s model checker TLC introduces side effects. For instance, an equality \(x' = e\) is interpreted as an assignment of e to the yet unbound variable x.

Inspired by TLC, we introduce an automatic technique for discovering expressions in \(\textsc {TLA}^{+}\) formulas such as \(x' = e\) and \(x' \in \{e_1, \dots , e_k\}\) that can be provably used as assignments. In contrast to TLC, our technique does not explicitly evaluate expressions, but it reduces the problem of finding assignments to the satisfiability of an SMT formula. Hence, we give a way to slice a \(\textsc {TLA}^{+}\) formula in symbolic transitions, which can be used as an input to a symbolic model checker. Our prototype implementation successfully extracts symbolic transitions from a few \(\textsc {TLA}^{+}\) benchmarks.

Supported by the Vienna Science and Technology Fund (WWTF) through project APALACHE (ICT15-103) and the Austrian Science Fund (FWF) through Doctoral College LogiCS (W1255-N23).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. A collection of \({\rm TLA}^{+}\) specifications. https://github.com/tlaplus/Examples/. Accessed 21 Oct 2017

  2. Azmy, N., Merz, S., Weidenbach, C.: A rigorous correctness proof for pastry. In: Butler, M., Schewe, K.-D., Mashkoor, A., Biro, M. (eds.) ABZ 2016. LNCS, vol. 9675, pp. 86–101. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33600-8_5

    Chapter  Google Scholar 

  3. Beyer, D., Keremoglu, M.E.: CPAchecker: a tool for configurable software verification. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184–190. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_16

    Chapter  Google Scholar 

  4. Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 193–207. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-49059-0_14

    Chapter  Google Scholar 

  5. Biere, A., Heule, M., van Maaren, H.: Handbook of Satisfiability, vol. 185. IOS press, Amsterdam (2009)

    MATH  Google Scholar 

  6. Bracha, G., Toueg, S.: Asynchronous consensus and broadcast protocols. J. ACM 32(4), 824–840 (1985)

    Article  MathSciNet  Google Scholar 

  7. Chandra, T.D., Toueg, S.: Unreliable failure detectors for reliable distributed systems. J. ACM 43(2), 225–267 (1996)

    Article  MathSciNet  Google Scholar 

  8. Chaudhuri, K., Doligez, D., Lamport, L., Merz, S.: The TLA\(^{+}\) proof system: building a heterogeneous verification platform. In: Cavalcanti, A., Deharbe, D., Gaudel, M.-C., Woodcock, J. (eds.) ICTAC 2010. LNCS, vol. 6255, p. 44. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14808-8_3

    Chapter  Google Scholar 

  9. Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5), 752–794 (2003)

    Article  MathSciNet  Google Scholar 

  10. Conchon, S., Goel, A., Krstić, S., Mebsout, A., Zaïdi, F.: Cubicle: a parallel SMT-based model checker for parameterized systems. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 718–724. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31424-7_55

    Chapter  Google Scholar 

  11. Dijkstra, E.W., Feijen, W.H., Van Gasteren, A.M.: Derivation of a termination detection algorithm for distributed computations. In: Broy, M. (ed.) Control Flow and Data Flow: concepts of distributed programming, pp. 507–512. Springer, Heidelberg (1986). https://doi.org/10.1007/978-3-642-82921-5_13

    Chapter  Google Scholar 

  12. Gafni, E., Lamport, L.: Disk paxos. Distrib. Comput. 16(1), 1–20 (2003)

    Article  Google Scholar 

  13. Guerraoui, R.: On the hardness of failure-sensitive agreement problems. Inf. Process. Lett. 79(2), 99–104 (2001)

    Article  MathSciNet  Google Scholar 

  14. Konnov, I., Lazić, M., Veith, H., Widder, J.: A short counterexample property for safety and liveness verification of fault-tolerant distributed algorithms. In: POPL, pp. 719–734 (2017)

    Article  Google Scholar 

  15. Kroening, D., Tautschnig, M.: CBMC – C bounded model checker. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 389–391. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_26

    Chapter  Google Scholar 

  16. Kukovec, J., Tran, T.H., Konnov, I.: Extracting symbolic transitions from \({\rm TLA}^{+}\) specifications (technical report 2018). http://forsyte.at/wp-content/uploads/abz2018_full.pdf. Accessed 7 Feb 2018

  17. Lamport, L.: The part-time parliament. ACM TCS 16(2), 133–169 (1998)

    Article  Google Scholar 

  18. Lamport, L.: Specifying systems: the \({\rm TLA}^{+}\) language and tools for hardware and software engineers. Addison-Wesley Longman Publishing Co., Inc., Boston (2002)

    Google Scholar 

  19. Merz, S.: The specification language \({\rm TLA}^{+}\). In: Bjørner, D., Henson, M.C. (eds.) Logics of specification languages. Monographs in Theoretical Computer Science (An EATCS Series), pp. 401–451. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-74107-7_8

    Chapter  Google Scholar 

  20. Merz, S., Vanzetto, H.: Automatic verification of \({\rm TLA}^{+}\) proof obligations with SMT solvers. In: Bjørner, N., Voronkov, A. (eds.) LPAR 2012. LNCS, vol. 7180, pp. 289–303. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28717-6_23

    Chapter  Google Scholar 

  21. Merz, S., Vanzetto, H.: Harnessing SMT solvers for \({\rm TLA}^{+}\) proofs. ECEASST, 53 (2012). https://hal.inria.fr/hal-00760579

  22. Moraru, I., Andersen, D.G., Kaminsky, M.: There is more consensus in Egalitarian parliaments. In: SOSP, pp. 358–372. ACM (2013)

    Google Scholar 

  23. Newcombe, C., Rath, T., Zhang, F., Munteanu, B., Brooker, M., Deardeuff, M.: How Amazon web services uses formal methods. Commun. ACM 58(4), 66–73 (2015)

    Article  Google Scholar 

  24. Ongaro, D.: Consensus: bridging theory and practice. Ph.D. thesis, Stanford University (2014)

    Google Scholar 

  25. Raynal, M.: A case study of agreement problems in distributed systems: non-blocking atomic commitment. In: HASE, pp. 209–214 (1997)

    Google Scholar 

  26. Yu, Y., Manolios, P., Lamport, L.: Model checking TLA+ specifications. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 54–66. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48153-2_6

    Chapter  Google Scholar 

Download references

Acknowledgments

We are grateful to Stephan Merz for insightful discussions on semantics of \(\textsc {TLA}^{+}\). We thank anonymous reviewers for their helpful suggestions.

Author information

Authors and Affiliations

  1. TU Wien (Vienna University of Technology), Vienna, Austria

    Jure Kukovec, Thanh-Hai Tran & Igor Konnov

  2. University of Lorraine, CNRS, Inria, LORIA, 54000, Nancy, France

    Igor Konnov

Authors
  1. Jure Kukovec
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thanh-Hai Tran
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Igor Konnov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Igor Konnov .

Editor information

Editors and Affiliations

  1. University of Southampton, Southampton, United Kingdom

    Michael Butler

  2. Universität Ulm, Ulm, Germany

    Alexander Raschke

  3. University of Southampton, Southampton, United Kingdom

    Thai Son Hoang

  4. Thales Austria GmbH, Vienna, Austria

    Klaus Reichl

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kukovec, J., Tran, TH., Konnov, I. (2018). Extracting Symbolic Transitions from TLA\(^{+}\) Specifications. In: Butler, M., Raschke, A., Hoang, T., Reichl, K. (eds) Abstract State Machines, Alloy, B, TLA, VDM, and Z. ABZ 2018. Lecture Notes in Computer Science(), vol 10817. Springer, Cham. https://doi.org/10.1007/978-3-319-91271-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-91271-4_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-91270-7

  • Online ISBN: 978-3-319-91271-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation