Advertisement

Model Checking TLA+ Specifications

  • Yuan Yu
  • Panagiotis Manolios
  • Leslie Lamport
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1703)

Abstract

TLA+ is a specification language for concurrent and reactive systems that combines the temporal logic TLA with full first-order logic and ZF set theory. TLC is a new model checker for debugging a TLA+ specification by checking invariance properties of a finite-state model of the specification. It accepts a subclass of TLA+ specifications that should include most descriptions of real system designs. It has been used by engineers to find errors in the cache coherence protocol for a new Compaq multiprocessor. We describe TLA+ specifications and their TLC models, how TLC works, and our experience using it.

Keywords

Model Checker Temporal Logic Reachable State Liveness Property Input Language 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Alpha Architecture Committee. Alpha Architecture Reference Manual. Digital Press, Boston, third edition, 1998.Google Scholar
  2. 2.
    E. A. Ashcroft. Proving assertions about parallel programs. Journal of Computer and System Sciences, 10:110–135, February 1975.zbMATHMathSciNetGoogle Scholar
  3. 3.
    E.M. Clarke and E. A. Emerson. Design and synthesis of synchronization skeletons using branching time temporal logic. In Workshop on Logics of Programs, volume 131 of LNCS. Springer-Verlag, 1981.Google Scholar
  4. 4.
    E.M. Clarke, E.A. Emerson, and A.P. Sistla. Automatic verification of finite-state concurrent systems using temporal logic. ACM Transactions on Programming Languages and Systems, 8(2), 1986.Google Scholar
  5. 5.
    David L. Dill. The Murϕ verification system. In Computer Aided Verification. 8th International Conference, pages 390–393, 1996.Google Scholar
  6. 6.
    Z. Har’El and R. P. Kurshan. Software for analytical development of communication protocols. AT&T Technical Journal, 69(1):44–59, 1990.Google Scholar
  7. 7.
    Kurshan and Leslie Lamport. Verification of a multiplier: 64 bits and beyond. In Costas Courcoubetis, editor, Computer-Aided Verification, volume 697 of Lecture Notes in Computer Science, pages 166–179, Berlin, June 1993. Springer-Verlag. Proceedings of the Fifth International Conference, CAV’93.Google Scholar
  8. 8.
    Peter Ladkin, Leslie Lamport, Bryan Olivier, and Denis Roegel. Lazy caching in TLA. Distributed Computing, 12, 1999. To appear.Google Scholar
  9. 9.
    Leslie Lamport. TLA-temporal logic of actions. At URL http://www.research.digital.com/SRC/tla/ on the World Wide Web. It can also be found by searching the Web for the 21-letter string formed by concatenating uid and lamporttlahomepage.
  10. 10.
    Leslie Lamport. How to make a multiprocessorcomputer that correctly executes multiprocess programs. IEEE Transactions on computer, C-28(9):690–691, September 1979.CrossRefGoogle Scholar
  11. 11.
    Leslie Lamport. Introduction to TLA. Technical Report 1994-001, Digital Equipment Corporation Systems Research Center, Palo Alto, CA, December 1994.Google Scholar
  12. 12.
    Leslie Lamprt. The temporal logic of actions. ACM Transactions on Programming Languages and System, 16(3):872–923, May 1994.CrossRefGoogle Scholar
  13. 13.
    Leslie Lamport. Specifying concurrent systems with tla+. In Manfred. Broy and Ralf Steinbrüggen, editors, Calculational System Design, pages 183–247, Amsterdam, 1999. IOS Press.Google Scholar
  14. 14.
    K. L. McMillan. Symbolic Model Checking. Kluwer, 1993.Google Scholar
  15. 15.
    Susan Owicki and David Gries. Verifying properties of parallel programs: An axiomatic approach. Communications of the ACM, 19(5):279–284, May 1976.zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    J. P. Queille and J. Sifakis. Specification and verification of concurrent systems in CESAR. In Proc. of the 5th International Symposium on Programming, volume 137 of LNCS, pages 337–350, 1981.Google Scholar
  17. 17.
    M. O. Rabin. Fingerprinting by random polynomials. Technical Report TR-15-81, Center for Research in Computing Technology, Harvard University, 1981.Google Scholar
  18. 18.
    A. W. R oscoe. Model-checking CSP. In A Classical Mind: Essays in Honour of C A R Hoare, International Series in Computer Science, chapter 21, pages 353–378. Prentice-Hall International, 1994.Google Scholar
  19. 19.
    Ulrich Stern. Algorithmic Techniques in Verification by Explicit State Enumeration. PhD thesis, Technical University of Munich, 1997.Google Scholar
  20. 20.
    Ulrich Stern and David L. Dill. Using magnetic disk instead of main memory in the Murϕ verifier. In Alan J. Hu and Moshe Y. Vardi, editors, Computer Aided Verification, volume 1427 of Lecture Notes in Computer Science, pages 172–183, Berlin, June 1998. Springer-Verlag. 10th International Conference, CAV’98.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Yuan Yu
    • 1
  • Panagiotis Manolios
    • 2
  • Leslie Lamport
    • 1
  1. 1.Compaq Systems Research CenterUSA
  2. 2.Department of Computer SciencesUniversity of Texas at AustinUSA

Personalised recommendations