objective
play

Objective Explain basic concepts of TLA + modeling systems: static - PowerPoint PPT Presentation

Jul 30, 2023 •463 likes •1.27k views

A Tutorial Introduction to TLA + Stephan Merz http://www.loria.fr/merz/ INRIA Nancy & LORIA Nancy, France TLA + Community Event, ABZ 2014 Toulouse, June 3, 2014 TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 1 / 39

  1. A Tutorial Introduction to TLA + Stephan Merz http://www.loria.fr/˜merz/ INRIA Nancy & LORIA Nancy, France TLA + Community Event, ABZ 2014 Toulouse, June 3, 2014 TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 1 / 39

  2. Objective Explain basic concepts of TLA + ◮ modeling systems: static and dynamic aspects ◮ existing tool support for modeling and analysis PlusCal translator, TLC model checker, TLAPS proof platform ◮ elementary aspects of system refinement Example-driven presentation, not trying to be exhaustive TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 2 / 39

  3. Outline Modeling Systems in TLA + 1 2 System Verification 3 The PlusCal Algorithm Language Refinement in TLA + 4 TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 3 / 39

  4. Example: Distributed Termination Detection 0 1 3 2 Nodes arranged on a ring perform some computation ◮ nodes can be active (double circle) or inactive ◮ how can node 0 (master node) detect when all nodes are inactive? TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 4 / 39

  5. Example: Distributed Termination Detection 0 0 1 3 1 3 � 2 2 Nodes arranged on a ring perform some computation ◮ nodes can be active (double circle) or inactive ◮ how can node 0 (master node) detect when all nodes are inactive? Token-based algorithm ◮ initially: token at master node, who may pass it to its neighbor TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 4 / 39

  6. Example: Distributed Termination Detection 0 0 0 1 3 1 3 1 3 � � 2 2 2 Nodes arranged on a ring perform some computation ◮ nodes can be active (double circle) or inactive ◮ how can node 0 (master node) detect when all nodes are inactive? Token-based algorithm ◮ initially: token at master node, who may pass it to its neighbor ◮ when a node is inactive, it passes on the token TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 4 / 39

  7. Example: Distributed Termination Detection 0 0 0 0 1 3 1 3 · · · � 1 3 1 3 � � 2 2 2 2 Nodes arranged on a ring perform some computation ◮ nodes can be active (double circle) or inactive ◮ how can node 0 (master node) detect when all nodes are inactive? Token-based algorithm ◮ initially: token at master node, who may pass it to its neighbor ◮ when a node is inactive, it passes on the token ◮ termination detected when token returns to inactive master node TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 4 / 39

  8. Example: Distributed Termination Detection 0 0 0 0 1 3 1 3 · · · � 1 3 1 3 � � 2 2 2 2 Nodes arranged on a ring perform some computation ◮ nodes can be active (double circle) or inactive ◮ how can node 0 (master node) detect when all nodes are inactive? Token-based algorithm ◮ initially: token at master node, who may pass it to its neighbor ◮ when a node is inactive, it passes on the token ◮ termination detected when token returns to inactive master node Complication: nodes may send messages, activating receiver TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 4 / 39

  9. Dijkstra’s Algorithm (EWD 840, 1983) 0 1 3 2 Nodes and token colored black or white ◮ master node initiates probe by sending white token TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 5 / 39

  10. Dijkstra’s Algorithm (EWD 840, 1983) 0 0 1 3 1 3 � 2 2 Nodes and token colored black or white ◮ master node initiates probe by sending white token ◮ message to higher-numbered node stains sending node TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 5 / 39

  11. Dijkstra’s Algorithm (EWD 840, 1983) 0 0 0 1 3 1 3 1 3 � � 2 2 2 Nodes and token colored black or white ◮ master node initiates probe by sending white token ◮ message to higher-numbered node stains sending node ◮ when passing the token, a black node stains the token TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 5 / 39

  12. Dijkstra’s Algorithm (EWD 840, 1983) 0 0 0 1 3 1 3 1 3 � � 2 2 2 Nodes and token colored black or white ◮ master node initiates probe by sending white token ◮ message to higher-numbered node stains sending node ◮ when passing the token, a black node stains the token Termination detection by master node ◮ white token at inactive, white master node TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 5 / 39

  13. Dijkstra’s Algorithm (EWD 840, 1983) 0 0 0 1 3 1 3 1 3 � � 2 2 2 Nodes and token colored black or white ◮ master node initiates probe by sending white token ◮ message to higher-numbered node stains sending node ◮ when passing the token, a black node stains the token Termination detection by master node ◮ white token at inactive, white master node Required correctness properties ◮ safety: termination detected only if all nodes inactive ◮ liveness: when all nodes inactive, termination will be detected TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 5 / 39

  14. TLA + Specification of EWD 840: Data Model MODULE EWD840 EXTENDS Naturals CONSTANT N ∆ ASSUME NAssumption = N ∈ Nat \ { 0 } ∆ Nodes = 0 .. N − 1 ∆ Color = { “white” , “black” } VARIABLES tpos , tcolor , active , color ∆ = ∧ tpos ∈ Nodes ∧ tcolor ∈ Color TypeOK ∧ active ∈ [ Nodes → BOOLEAN ] ∧ color ∈ [ Nodes → Color ] Declaration of parameters Definition of operators ◮ sets Nodes and Color ◮ TypeOK documents expected values of variables ◮ active and color are arrays, i.e. functions TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 6 / 39

  15. TLA + Specification of EWD 840: Behavior (1) ∆ = ∧ tpos ∈ Nodes ∧ tcolor = “black” Init ∧ active ∈ [ Nodes → BOOLEAN ] ∧ color ∈ [ Nodes → Color ] Initial condition: any “type-correct” values; token should be black TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 7 / 39

  16. TLA + Specification of EWD 840: Behavior (1) ∆ = ∧ tpos ∈ Nodes ∧ tcolor = “black” Init ∧ active ∈ [ Nodes → BOOLEAN ] ∧ color ∈ [ Nodes → Color ] ∆ InitiateProbe = ∧ tpos = 0 ∧ ( tcolor = “black” ∨ color [ 0 ] = “black” ) ∧ tpos ′ = N − 1 ∧ tcolor ′ = “white” ∧ color ′ = [ color EXCEPT ! [ 0 ] = “white” ] ∧ active ′ = active ∆ PassToken ( i ) = ∧ tpos = i ∧ ¬ active [ i ] ∧ tpos ′ = i − 1 ∧ tcolor ′ = IF color [ i ] = “black” THEN “black” ELSE tcolor ∧ color ′ = [ color EXCEPT ! [ i ] = “white” ] ∧ active ′ = active Initial condition: any “type-correct” values; token should be black Action definitions: describe transitions of the algorithm TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 7 / 39

  17. TLA + Specification of EWD 840: Behavior (2) ∆ SendMsg ( i ) = ∧ active [ i ] ∧ ∃ j ∈ Nodes \ { i } : ∧ active ′ = [ active EXCEPT ! [ j ] = TRUE ] ∧ color ′ = [ color EXCEPT ! [ i ] = IF j > i THEN “black” ELSE @ ] ∧ UNCHANGED � tpos , tcolor � ∆ Deactivate ( i ) = ∧ active [ i ] ∧ active ′ = [ active EXCEPT ! [ i ] = FALSE ] ∧ UNCHANGED � color , tpos , tcolor � Definition of remaining actions TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 8 / 39

  18. TLA + Specification of EWD 840: Behavior (2) ∆ SendMsg ( i ) = ∧ active [ i ] ∧ ∃ j ∈ Nodes \ { i } : ∧ active ′ = [ active EXCEPT ! [ j ] = TRUE ] ∧ color ′ = [ color EXCEPT ! [ i ] = IF j > i THEN “black” ELSE @ ] ∧ UNCHANGED � tpos , tcolor � ∆ Deactivate ( i ) = ∧ active [ i ] ∧ active ′ = [ active EXCEPT ! [ i ] = FALSE ] ∧ UNCHANGED � color , tpos , tcolor � ∆ = Next ∨ InitiateProbe ∨ ∃ i ∈ Nodes \ { 0 } : PassToken ( i ) ∨ ∃ i ∈ Nodes : SendMsg ( i ) ∨ Deactivate ( i ) ∆ vars = � tpos , tcolor , active , color � ∆ Spec = Init ∧ � [ Next ] vars Definition of remaining actions Possible executions: initial condition, interleaving of transitions TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 8 / 39

  19. Modeling a System in TLA + Describe the system configurations 1 ◮ represent the state of the system by state variables ◮ mathematical abstractions: numbers, sets, functions, tuples, . . . TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 9 / 39

  20. Modeling a System in TLA + Describe the system configurations 1 ◮ represent the state of the system by state variables ◮ mathematical abstractions: numbers, sets, functions, tuples, . . . Specify system behavior as a state machine Init ∧ � [ Next ] v 2 ◮ initial condition: state formula identifies initial states ◮ next-state relation: action formula constrains allowed transitions ◮ overall spec: temporal formula defines system executions ◮ � [ Next ] v every transition satisfies Next or leaves v unchanged TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 9 / 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

COMBINING SWIFT AND OBJECTIVE-C AGENDA Using Objective-C from Swift Using Swift from

COMBINING SWIFT AND OBJECTIVE-C AGENDA Using Objective-C from Swift Using Swift from

COMBINING SWIFT AND OBJECTIVE-C AGENDA Using Objective-C from Swift Using Swift from Objective-C Objective-C Behavior in Swift Classes IMPORTING OBJECTIVE-C INTO SWIFT APPLE FRAMEWORKS No additional setup required! import UIKit import

339 views • 22 slides
OBJECTIVES Objective 1 Identify intent & requirements Objective 2 Identify strategies for

OBJECTIVES Objective 1 Identify intent & requirements Objective 2 Identify strategies for

OBJECTIVES Objective 1 Identify intent & requirements Objective 2 Identify strategies for success Objective 3 Recognize unique nature of IP as woven throughout the LEED v4 Rating System Objective 4 Recognize benefits of integrative approach

349 views • 34 slides
The objective of this tutorial is to introduce EnergyPlus to architects and 3 Installation

The objective of this tutorial is to introduce EnergyPlus to architects and 3 Installation

11/17/2014 objective - energyplustutorial Objective 1 Home 2 Objective The objective of this tutorial is to introduce EnergyPlus to architects and 3 Installation engineers who are familiar with the basic concepts of energy simulation and 4

672 views • 48 slides
1 CONTENT & STRATEGIES Focus/Review Use focus to activate background knowledge and

1 CONTENT & STRATEGIES Focus/Review Use focus to activate background knowledge and

Lesson Plans BEGINNING OF A PLAN Subject Topic Related NCSCOS objective or Common Core objective Date Submitted and Date Taught Daily Lesson Objective 21 st Century Skills Rationale/Purpose Objective:

406 views • 6 slides
Instructors Guide XCollar Plus and NeXsplint Plus Objective: Our objective is to

Instructors Guide XCollar Plus and NeXsplint Plus Objective: Our objective is to

Instructors Guide XCollar Plus and NeXsplint Plus Objective: Our objective is to give instructors the information, tools and skills to clearly teach and evaluate this new Cervical Splinting Technology to new trainees. The following

228 views • 4 slides
2020 Annual GSM Report on the Discount objective Discount objective Monthly Monitoring 31

2020 Annual GSM Report on the Discount objective Discount objective Monthly Monitoring 31

Fondul Proprietatea 28 April 2020 2020 Annual GSM Report on the Discount objective Discount objective Monthly Monitoring 31 December 2019 Objective The discount between the closing price for each trading day on the In the period 1

877 views • 39 slides
10/20/19 Multi-objective Evolutionary Algorithms Genetic Algorithms Multi-objective

10/20/19 Multi-objective Evolutionary Algorithms Genetic Algorithms Multi-objective

10/20/19 Multi-objective Evolutionary Algorithms Genetic Algorithms Multi-objective optimization problems (MOPs) - Examples - Domination - Pareto optimality - Practical example Multi-objective EC approaches Optimization -

433 views • 8 slides
A STAR is born Collaborative Strategy that works! Objective Objective Demonstrate the

A STAR is born Collaborative Strategy that works! Objective Objective Demonstrate the

A STAR is born Collaborative Strategy that works! Objective Objective Demonstrate the importance of developing and nurturing partnerships in achieving quality outcomes, providing the right care at the right place at the right time

336 views • 31 slides
Objective This objective of this programme is to provide the delegates with a structured process

Objective This objective of this programme is to provide the delegates with a structured process

Effective Business Presentation Skills Objective This objective of this programme is to provide the delegates with a structured process to developing their presentations and a true to life climate within which to practice their new skills.

370 views • 6 slides
Optimizing the Algorithm Hard-Margin Objective Current objective: want to relax hard

Optimizing the Algorithm Hard-Margin Objective Current objective: want to relax hard

Optimizing the Algorithm Hard-Margin Objective Current objective: want to relax hard constraint Soft-Margin Objective New objective: Loss Function Loss Function takes into account window overlaps up to 50% Soft-Margin

327 views • 16 slides
Statement of Entry Challenge/Objective: Our objective for 2014 was to utilize partnership to

Statement of Entry Challenge/Objective: Our objective for 2014 was to utilize partnership to

Statement of Entry Challenge/Objective: Our objective for 2014 was to utilize partnership to provide engaging, impactful events at high quality venues free to our members. This gives added value to our members and encourages/incents new members

170 views • 6 slides
Regulations beyond 2020 Outline Background, objective and scope of the study Objective of

Regulations beyond 2020 Outline Background, objective and scope of the study Objective of

Assessment of the Modalities for LDV CO 2 Regulations beyond 2020 Outline Background, objective and scope of the study Objective of the regulation Findings on the level of ambition Main choices for the design (modalities)

866 views • 21 slides
Objective Proficiency Presentation Plus DVD-ROM Objective Proficiency Presentation Plus DVD-ROM

Objective Proficiency Presentation Plus DVD-ROM Objective Proficiency Presentation Plus DVD-ROM

[PDF] Objective Proficiency Presentation Plus DVD-ROM Objective Proficiency Presentation Plus DVD-ROM Objective Proficiency Presentation Plus DVD-ROM Book Review Book Review This ebook will be worth acquiring. It is actually writter in basic

64 views • 3 slides
Outline Objective of Presentation Objective of Presentation Digital IC Project and

Outline Objective of Presentation Objective of Presentation Digital IC Project and

Outline Objective of Presentation Objective of Presentation Digital IC Project and Verification Synthesis Basic synthesis flow i h i fl ASIC Synthesis DesignCompiler Synthesis script Deepak Dasalukunte & Joachim

457 views • 9 slides
Constraint Approach to Two Approaches Let Us Estimate the . . . Multi-Objective Let Us Estimate

Constraint Approach to Two Approaches Let Us Estimate the . . . Multi-Objective Let Us Estimate

Multi-Objective . . . Multi-Objective . . . Analysis of the Problem Constraint Approach to Two Approaches Let Us Estimate the . . . Multi-Objective Let Us Estimate the . . . Optimization Both Ideas Lead to . . . Home Page Martine Ceberio,

670 views • 12 slides
Part of the Strategic Plan Goal #4 Objective 4.3 & Goal #5 Objective 5.4 Design Development

Part of the Strategic Plan Goal #4 Objective 4.3 & Goal #5 Objective 5.4 Design Development

Campus Wayfaring Project Part of the Strategic Plan Goal #4 Objective 4.3 & Goal #5 Objective 5.4 Design Development Phase Update June 29, 2016 Goals / Scope of the Project Improve the experience of visitors &

237 views • 19 slides
Luminosity at LHCb Vladislav Balagura (LLR Ecole polytechnique / CNRS / IN2P3) on behalf of

Luminosity at LHCb Vladislav Balagura (LLR Ecole polytechnique / CNRS / IN2P3) on behalf of

INSTR-17 Luminosity at LHCb Vladislav Balagura (LLR Ecole polytechnique / CNRS / IN2P3) on behalf of LHCb collaboration Outline: (1) LHCb experiment (2) Relative luminosity monitoring during physics data taking (3) Methods of absolute

445 views • 20 slides
Influence.ME: Tools for detecting influential data in mixed models Rense Nieuwenhuis // Ben

Influence.ME: Tools for detecting influential data in mixed models Rense Nieuwenhuis // Ben

Influence.ME: Tools for detecting influential data in mixed models Rense Nieuwenhuis // Ben Pelzer // Manfred te Grotenhuis A first indication something may go wrong ... A first indication something may go wrong ... Math score by Class

619 views • 44 slides
Questions? Static Semantics Primitive types First exercise is online: Primitive value

Questions? Static Semantics Primitive types First exercise is online: Primitive value

Questions? Static Semantics Primitive types First exercise is online: Primitive value can not be decomposed into simpler http://www.win.tue.nl/~mvdbrand/courses/GLT/1112/ values Deadline 17 th of October Primitive type is a type

210 views • 9 slides
LUMINOSITY MEASUREMENT AND CALIBRATION AT THE LHC W. Kozanecki, CEA-IRFU-SPP LAL-Orsay, 28

LUMINOSITY MEASUREMENT AND CALIBRATION AT THE LHC W. Kozanecki, CEA-IRFU-SPP LAL-Orsay, 28

LUMINOSITY MEASUREMENT AND CALIBRATION AT THE LHC W. Kozanecki, CEA-IRFU-SPP LAL-Orsay, 28 April 2017 Outline 2 ! Introduction: the basics ! Relative-luminosity monitoring strategies ! Absolute-luminosity calibration strategies & their

760 views • 56 slides
On the strong Scott conjecture for Chandrasekhar atoms Konstantin Merz 1 Joint work with Rupert

On the strong Scott conjecture for Chandrasekhar atoms Konstantin Merz 1 Joint work with Rupert

On the strong Scott conjecture for Chandrasekhar atoms Konstantin Merz 1 Joint work with Rupert L. Frank 2, 3 , Heinz Siedentop 2 , and Barry Simon 3 1 Technische Universit at Braunschweig, Germany 2 LudwigMaximiliansUniversit at M

557 views • 12 slides
Solvency II newspeak one year uncertainty for IBNR the boostrap approach Arthur

Solvency II newspeak one year uncertainty for IBNR the boostrap approach Arthur

Arthur CHARPENTIER, IBNR and one-year uncertainty Solvency II newspeak one year uncertainty for IBNR the boostrap approach Arthur Charpentier 1 & Laurent Devineau 2 1 Universit Ecole Polytechnique, 2 Milliman e Rennes 1 - CREM

831 views • 69 slides
Towards Explainable AI: Significance Tests for Neural Networks Kay Giesecke Advanced Financial

Towards Explainable AI: Significance Tests for Neural Networks Kay Giesecke Advanced Financial

Towards Explainable AI: Significance Tests for Neural Networks Kay Giesecke Advanced Financial Technologies Laboratory Stanford University people.stanford.edu/giesecke/ fintech.stanford.edu Joint work with Enguerrand Horel (Stanford) 1 / 27

435 views • 27 slides
NETWORK MODELS FOR THE QUANTUM HALL EFFECT AND ITS GENERALISATIONS John Chalker Physics

NETWORK MODELS FOR THE QUANTUM HALL EFFECT AND ITS GENERALISATIONS John Chalker Physics

NETWORK MODELS FOR THE QUANTUM HALL EFFECT AND ITS GENERALISATIONS John Chalker Physics Department, Oxford University Outline Network models Quantum lattice models for single-particle systems with disorder Symmetry classes Discrete

465 views • 13 slides

More recommend