Skip to main content
View expanded cover

International Conference on Abstract State Machines, Alloy, B, TLA, VDM, and Z

ABZ 2014: Abstract State Machines, Alloy, B, TLA, VDM, and Z pp 25–39Cite as

Why Amazon Chose TLA + 

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 8477)

Abstract

Since 2011, engineers at Amazon have been using TLA +  to help solve difficult design problems in critical systems. This paper describes the reasons why we chose TLA +  instead of other methods, and areas in which we would welcome further progress.

Keywords

  • Model Checker
  • Temporal Logic
  • Proof System
  • Linear Temporal Logic
  • Safety Property

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-662-43652-3_3
  • Chapter length: 15 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-662-43652-3
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   69.99
Price excludes VAT (USA)
Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abrial, J.-R.: Formal methods in industry: achievements, problems, future. In: 28th Intl. Conf. Software Engineering (ICSE), Shanghai, China, pp. 761–768. ACM (2006)

    Google Scholar 

  2. Abrial, J.-R.: Modeling in Event-B. Cambridge University Press (2010)

    Google Scholar 

  3. Abrial, J.-R., et al.: Rodin: an open toolset for modelling and reasoning in Event-B. STTT 12(6), 447–466 (2010)

    CrossRef  Google Scholar 

  4. Alloy online tutorial: How to think about an alloy model: 3 levels, http://alloy.mit.edu/alloy/tutorials/online/sidenote-levels-of-understanding.html

  5. Event-B wiki: Industrial projects, http://wiki.event-b.org/index.php/Industrial_Projects

  6. Barr, J.: Amazon S3 – the first trillion objects. Amazon Web Services Blog (June 2012), http://aws.typepad.com/aws/2012/06/amazon-s3-the-first-trillion-objects.html

  7. Barr, J.: Amazon S3 – two trillion objects, 1.1 million requests per second. Amazon Web Services Blog (March 2013), http://aws.typepad.com/aws/2013/04/amazon-s3-two-trillion-objects-11-million-requests-second.html

  8. Batson, B., Lamport, L.: High-level specifications: Lessons from industry. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2002. LNCS, vol. 2852, pp. 242–261. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  9. Bolosky, W.J., Douceur, J.R., Howell, J.: The Farsite project: a retrospective. Operating Systems Reviews 41(2), 17–26 (2007)

    CrossRef  Google Scholar 

  10. Cohen, E., Moskal, M., Schulte, W., Tobies, S.: Local verification of global invariants in concurrent programs. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 480–494. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  11. Douceur, J., et al.: Memoir: Formal specs and correctness proof (2011), http://research.microsoft.com/pubs/144962/memoir-proof.pdf

  12. Hall, A.: Seven myths of formal methods. IEEE Software 7(5), 11–19 (1990)

    CrossRef  Google Scholar 

  13. Holzmann, G.: Design and Validation of Computer Protocols. Prentice Hall, New Jersey (1991)

    Google Scholar 

  14. Jackson, D.: Personal communication (2014)

    Google Scholar 

  15. Jackson, D.: Software Abstractions, revised edition. MIT Press (2012), http://www.softwareabstractions.org/

  16. Lamport, L.: Comment on the history of the TLC model checker, http://research.microsoft.com/en-us/um/people/lamport/pubs/pubs.html#yuanyu-model-checking

  17. Lamport, L.: Summary of TLA + , http://research.microsoft.com/en-us/um/people/lamport/tla/summary.pdf

  18. Lamport, L.: The TLA +  Hyperbook, http://research.microsoft.com/en-us/um/people/lamport/tla/hyperbook.html

  19. Lamport, L.: The Temporal Logic of Actions. ACM Trans. Prog. Lang. Syst. 16(3), 872–923 (1994)

    CrossRef  Google Scholar 

  20. Lamport, L.: Specifying Systems. Addison-Wesley (2002), http://research.microsoft.com/en-us/um/people/lamport/tla/book-02-08-08.pdf

  21. Lamport, L.: Fast Paxos. Distributed Computing 19(2), 79–103 (2006)

    CrossRef  MATH  MathSciNet  Google Scholar 

  22. Lamport, L.: Byzantizing Paxos by refinement. In: Peleg, D. (ed.) DISC 2011. LNCS, vol. 6950, pp. 211–224. Springer, Heidelberg (2011)

    Google Scholar 

  23. Lamport, L.: How to write a 21st century proof. Fixed Point Theory and Applications (2012)

    Google Scholar 

  24. Lamport, L., Merz, S.: Specifying and verifying fault-tolerant systems. In: Langmaack, H., de Roever, W.-P., Vytopil, J. (eds.) FTRTFT 1994 and ProCoS 1994. LNCS, vol. 863, pp. 41–76. Springer, Heidelberg (1994)

    CrossRef  Google Scholar 

  25. Lamport, L., Sharma, M., Tuttle, M., Yu, Y.: The wildfire challenge problem (2001), http://research.microsoft.com/en-us/um/people/lamport/pubs/wildfire-challenge.pdf

  26. Lamport, L., Tuttle, M., Yu, Y.: The wildfire verification challenge problem [example of a specification from industry], http://research.microsoft.com/en-us/um/people/lamport/tla/wildfire-challenge.html

  27. Leinenbach, D., Santen, T.: Verifying the Microsoft Hyper-V Hypervisor with VCC. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 806–809. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  28. Lu, T., Merz, S., Weidenbach, C.: Towards verification of the Pastry protocol using TLA + . In: Bruni, R., Dingel, J. (eds.) FORTE 2011 and FMOODS 2011. LNCS, vol. 6722, pp. 244–258. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  29. Newcombe, C.: Debugging designs. Presented at the 14th Intl. Wsh. High-Performance Transaction Systems (2011), http://hpts.ws/papers/2011/sessions_2011/Debugging.pdf and associated specifications: http://hpts.ws/papers/2011/sessions_2011/amazonbundle.tar.gz

  30. Owre, S., et al.: Combining specification, proof checking, and model checking. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 411–414. Springer, Heidelberg (1996)

    CrossRef  Google Scholar 

  31. Schwartz, B.: The paradox of choice, http://www.ted.com/talks/barry_schwartz_on_the_paradox_of_choice.html

  32. Zave, P.: Using lightweight modeling to understand Chord. Comp. Comm. Reviews 42(2), 49–57 (2012)

    CrossRef  Google Scholar 

  33. Zave, P.: A practical comparison of Alloy and Spin. Formal Aspects of Computing (to appear, 2014), http://www2.research.att.com/~pamela/compare.pdf

Download references

Author information

Authors and Affiliations

  1. Amazon, Inc., USA

    Chris Newcombe

Authors
  1. Chris Newcombe
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. INP-ENSEEIHT/IRIT, 2 Rue Charles Camichel, BP 7122, 31071, Toulouse Cedex 7, France

    Yamine Ait Ameur

  2. Software Competence Center Hagenberg, Softwarepark 21, 4232, Hagenberg, Austria

    Klaus-Dieter Schewe

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Newcombe, C. (2014). Why Amazon Chose TLA +  . In: Ait Ameur, Y., Schewe, KD. (eds) Abstract State Machines, Alloy, B, TLA, VDM, and Z. ABZ 2014. Lecture Notes in Computer Science, vol 8477. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43652-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-43652-3_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-43651-6

  • Online ISBN: 978-3-662-43652-3

  • eBook Packages: Computer ScienceComputer Science (R0)