INTRODUCTION TO TLA + Presented by : Kevin Yeh What is TLA+ - - PowerPoint PPT Presentation

introduction to tla
SMART_READER_LITE
LIVE PREVIEW

INTRODUCTION TO TLA + Presented by : Kevin Yeh What is TLA+ - - PowerPoint PPT Presentation

Jan 20, 2024 391 likes •612 views

INTRODUCTION TO TLA + Presented by : Kevin Yeh What is TLA+ Specification Language for modelling complex or concurrent systems TLA+ toolbox performs model checks to check for correctness PlusCAL What can TLA+ do for you?

slide-1
SLIDE 1

INTRODUCTION TO TLA +

Presented by : Kevin Yeh

slide-2
SLIDE 2

What is TLA+

  • Specification Language for modelling

complex or concurrent systems

  • TLA+ toolbox performs model checks to

check for correctness

  • PlusCAL
slide-3
SLIDE 3

What can TLA+ do for you?

  • Modelling of ALGORITHMS prior to

implementation

  • Meant as a supplement to traditional test/

verification

  • Very powerful bug detection
slide-4
SLIDE 4
  • Been used successfully at Amazon, HP, and Intel
  • Two weeks before value was added

What can TLA+ do for you?

slide-5
SLIDE 5

Intangibles

  • Requires up-front system understanding
  • Adds value even after production release
slide-6
SLIDE 6

TLA+ an Overview

  • 4 parts to a specification
  • Initial predicate
  • Possible “Next” states
  • Safety Properties
  • Liveness Properties
slide-7
SLIDE 7

Alternating One-bit Clock

  • Initial Predicate
  • (b = 0 ) V (b = 1)
  • Next States
  • ((b = 0) /\ (b’ = 1)) V ((b = 1) /\ (b’ = 0 ))
slide-8
SLIDE 8

Alternating One-bit Clock

  • Initial Predicate
  • (b = 0 ) V (b = 1)
  • Next States
  • ((b = 0) /\ (b’ = 1)) V ((b = 1) /\ (b’ = 0 ))
slide-9
SLIDE 9

Die Hard Problem

  • What you have: 3-gallon jug, 5-gallon jug, and a faucet
  • Goal: Measure 4 gallons
slide-10
SLIDE 10

Die Hard Problem

slide-11
SLIDE 11

Die Hard Problem

FillSmall == /\ small’ = 3 /\ big’ = big SmallToBig == \/ /\ big+ small >5 /\ big’ = 5 /\ small’ = small – (5-big) \/ /\ big + small <= 5 /\ big’ = big + small /\ small’ = 0

slide-12
SLIDE 12

Model Checker

State Statistics Invariant Checker

  • Builds up a Directed Graph
  • f all possible states.
slide-13
SLIDE 13

Die Hard - Solution

slide-14
SLIDE 14

Safety/Liveness Properties

  • Safety Property – Define a correct behavior of your

procedure

  • Partial Correctness : (terminated) => (Correct_Output)
  • Liveness Property – Define a correct behavior that must

eventually hold

  • Termination
slide-15
SLIDE 15

Euclid’s Algorithm – a high level view

  • Find the Greatest Common Divisor of two numbers
  • General Procedure:
  • PlusCAL -> TLA+
  • Write the definition of GCD using set logic: GCD(m,n)
  • Use definition to write Safety/Liveness Properties
  • This is how TLA+ is used in industry
slide-16
SLIDE 16

Euclid’s Algorithm

  • PlusCAL code:
slide-17
SLIDE 17
slide-18
SLIDE 18
slide-19
SLIDE 19
slide-20
SLIDE 20

Model Checking

Safety Liveness 0 BUGS!

slide-21
SLIDE 21

Questions?