High-Level Specifications: Lessons from Industry

  • Brannon Batson
  • Leslie Lamport
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2852)

Abstract

We explain the rationale behind the design of the TLA +  specification language, and we describe our experience using it and the TLC model checker in industrial applications–including the verification of multiprocessor memory designs at Intel. Based on this experience, we challenge some conventional wisdom about high-level specifications.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Lamport, L.: The existence of refinement mappings. Theoretical Computer Science 82(2), 253–284 (1991)MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Ashcroft, E.A., Manna, Z.: Formalization of properties of parallel programs. In: Machine Intelligence, vol. 6. Edinburgh University Press, Edinburgh (1970)Google Scholar
  3. 3.
    Chandy, K.M., Misra, J.: Parallel Program Design. Addison-Wesley, Reading (1988)MATHGoogle Scholar
  4. 4.
    Constable, R.L., Allen, S.F., Bromley, H.M., Cleaveland, W.R., Cremer, J.F., Harper, R.W., Howe, D.J., Knoblock, T.B., Mendler, N.P., Panagaden, P., Sasaki, J.T., Smith, S.F.: Implementing Mathematics with the Nuprl Proof Development System. Prentice-Hall, Englewood Cliffs (1986)Google Scholar
  5. 5.
    Floyd, R.W.: Assigning meanings to programs. In: Proceedings of the Symposium on Applied Math., vol. 19, pp. 19–32. American Mathematical Society, Providence (1967)Google Scholar
  6. 6.
    Gafni, E., Lamport, L.: Disk paxos. To appear in Distributed Computing (2002)Google Scholar
  7. 7.
    Gharachorloo, K., Sharma, M., Steely, S., Van Doren, S.: Architecture and design of AlphaServer GS320. In: Gupta, A. (ed.) Proceedings of the Ninth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS IX), November 2000, pp. 13–24 (2000)Google Scholar
  8. 8.
    Gordon, M.J.C., Melham, T.F.: Introduction to HOL: A Theorem Proving Environment for Higher Order Logic. Cambridge University Press, Cambridge (1993)MATHGoogle Scholar
  9. 9.
    Hoare, C.A.R.: An axiomatic basis for computer programming. Communications of the ACM 12(10), 576–583 (1969)MATHCrossRefGoogle Scholar
  10. 10.
    Holzmann, G.: The model checker spin. IEEE Transactions on Software Engineering 23(5), 279–295 (1997)CrossRefMathSciNetGoogle Scholar
  11. 11.
    Lam, S.S., Shankar, A.U.: Protocol verification via projections. IEEE Transactions on Software Engineering SE-10(4), 325–342 (1984)CrossRefGoogle Scholar
  12. 12.
    Lamport, L.: Proving the correctness of multiprocess programs. IEEE Transactions on Software Engineering SE-3(2), 125–143 (1977)CrossRefMathSciNetGoogle Scholar
  13. 13.
    Lamport, L.: An assertional correctness proof of a distributed algorithm. Science of Computer Programming 2(3), 175–206 (1982)MATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Lamport, L.: How to write a long formula. Formal Aspects of Computing 6, 580–584 (1994); First appeared as Research Report 119, Digital Equipment Corporation, Systems Research CenterCrossRefGoogle Scholar
  15. 15.
    Lamport, L.: The temporal logic of actions. ACM Transactions on Programming Languages and Systems 16(3), 872–923 (1994)CrossRefGoogle Scholar
  16. 16.
    Lamport, L.: Composition: A way to make proofs harder. In: de Roever, W.-P., Langmaack, H., Pnueli, A. (eds.) COMPOS 1997. LNCS, vol. 1536, pp. 402–423. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  17. 17.
    Lamport, L.: Specifying Systems. Addison-Wesley, Boston (2002); A link to an electronic copy can be found at http://lamport.org Google Scholar
  18. 18.
    Lamport, L., Matthews, J., Tuttle, M., Yu, Y.: Specifying and verifying systems with TLA+. In: Proceedings of the Tenth ACM SIGOPS European Workshop, Saint-Emilion, France, September 2002, pp. 45–48. INRIA (Institut National de Recherche en Informatique et en Automatique) (2002)Google Scholar
  19. 19.
    Lamport, L., Paulson, L.C.: Should your specification language be typed? ACM Transactions on Programming Languages and Systems 21(3), 502–526 (1999)CrossRefGoogle Scholar
  20. 20.
    Lamport, L., Sharma, M., Tuttle, M., Yu, Y.: The wildfire verification challenge problem, At URL http://research.microsoft.com/users/lamport/tla/wildfire-challenge.html on the World Wide Web; It can also be found by searching the Web for the 24-letter string wildfirechallengeproblem
  21. 21.
    Owicki, S., Gries, D.: Verifying properties of parallel programs: An axiomatic approach. Communications of the ACM 19(5), 279–284 (1976)MATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    Owicki, S., Lamport, L.: Proving liveness properties of concurrent programs. ACM Transactions on Programming Languages and Systems 4(3), 455–495 (1982)MATHCrossRefGoogle Scholar
  23. 23.
    Owre, S., Rushby, J., Shankar, N., von Henke, F.: Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS. IEEE Transactions on Software Engineering 21(2), 107–125 (1995)CrossRefGoogle Scholar
  24. 24.
    Pnueli, A.: The temporal logic of programs. In: Proceedings of the 18th Annual Symposium on the Foundations of Computer Science, November 1977, pp. 46–57. IEEE, Los Alamitos (1977)Google Scholar
  25. 25.
    Tasiran, S., Yu, Y., Batson, B., Kreider, S.: Using formal specifications to monitor and guide simulation: Verifying the cache coherence engine of the Alpha 21364 microprocessor. In: Proceedings of the 3rd IEEE Workshop on Microprocessor Test and Verification, Common Challenges and Solutions. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  26. 26.
    Yu, Y., Manolios, P., Lamport, L.: Model checking TLA+ specifications. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 54–66. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Brannon Batson
    • 1
  • Leslie Lamport
    • 2
  1. 1.Intel Corporation 
  2. 2.Microsoft Research 

Personalised recommendations