1

Verified Software Systems 1

6. TLA

Temporal Logic of Actions (TLA)Leslie Lamport

Based on slides of

John A. AkinyemiDepartment of Computer Science

University of Manitoba

and

Stephan MerzINRIA Lorraine & LORIA

Nancy, France

Verified Software Systems 2

Introductional Example

2

Verified Software Systems 3

Explanation

Verified Software Systems 4

Structure

3

Verified Software Systems 5

Fairness

Verified Software Systems 6

Specifications

4

Verified Software Systems 7

TLA

Verified Software Systems 8

Anatomy of TLA

5

Verified Software Systems 9

...

Verified Software Systems 10

...

6

Verified Software Systems 11

...

Verified Software Systems 12

...

7

Verified Software Systems 13

...

Verified Software Systems 14

...

8

Verified Software Systems 15

Verification

Verified Software Systems 16

Deductive Verification

9

Verified Software Systems 17

Example

Verified Software Systems 18

TLC

10

Verified Software Systems 19

Output of TLC

Verified Software Systems 20

Comments

11

Verified Software Systems 21

The Language TLA+

Verified Software Systems 22

Specifying Data in TLA+

12

Verified Software Systems 23

Choice

Verified Software Systems 24

Choice vs. non-determinism

13

Verified Software Systems 25

Functional values in TLA+

Verified Software Systems 26

Recursion

14

Verified Software Systems 27

Modules in TLA+

Verified Software Systems 28

Principle of unique names

15

Verified Software Systems 29

Module Instantiation

Verified Software Systems 30

Case study: a resource allocator

16

Verified Software Systems 31

A first solution

Verified Software Systems 32

A first solution ...

17

Verified Software Systems 33

A first solution ...

Verified Software Systems 34

Checking some properties with TLC

18

Verified Software Systems 35

The specification SimpleAllocator is wrong.

Verified Software Systems 36

The specication SimpleAllocator is wrong.

19

Verified Software Systems 37

Second solution

Verified Software Systems 38

Second solution ...

20

Verified Software Systems 39

Second solution ...

Verified Software Systems 40

Second solution ...

21

Verified Software Systems 41

Second solution ...

Verified Software Systems 42

Second solution ...

22

Verified Software Systems 43

Comment

Verified Software Systems 44

Summary of case study

23

Verified Software Systems 45

Conclusion

� TLA formulas semantically follows the semantics of RTLA - a logic of actions.

� TLA is a language for writing predicates, state functions, and actions, and a logic for reasoningabout them.

� TLA is useful for specifying and verifying safetyand liveness properties of discrete systems.

� TLA has tools that aid program specifications and verifications.

Verified Software Systems 46

Conclusion

� A safety property asserts all constraints that ensure the system does not enter an undesired state, and a liveness property asserts that the system performs all specified actions.

� TLA makes it practical to describe a system by a single formula.

� TLA can be used to formalize the transitions and evolution of states in a dynamic system, e.g. I intend to use TLA to formalize the UML State diagrams in my thesis.

24

Verified Software Systems 47

Example and Software

� Get TLA+ fromhttp://research.microsoft.com/users/lamport/tla/tools.htmlJava Version for Windows available

� Get the TLA+ Eclipse plugin fromhttp://www.techjava.de/projects/etla-plugin/

Verified Software Systems 48

References

1. Leslie Lamport. Introduction to TLA. Technical Report# 1994-001, Digital Systems Research Center, 1994. Available at http://www.research.digital.com/SRC/

2. Leslie Lamport. Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers, Addison-Wesley, 2003.

3. Leslie Lamport. The Temporal Logic of Actions. ACM Transactions on Programming Languages and Systems, 16(3):872-923, May 1994.

4. DisCo. http://disco.cs.tut.fi/index.html

5. TLA. http://research.microsoft.com/users/lamport/tla/tla.html

6. Work With and On Lamport's TLA. http://www.rvs.uni-bielefeld.de/publications/ abstracts.html#TLA