TLA+

官方网站：The TLA+ Home Page by Leslie Lamport

视频链接：The TLA+ Video Course

Terminology

TLA：时序逻辑行为（Temporal Logic of Actions）

TLC：遍历 TLA+ 抽象出来的系统的每一个可能路径，并在每条可能的路径上对一些条件（称为“不变式”）进行检验。

Demos

SimpleProgram

对以下 C 语言代码进行验证：

int i;
int main() {
    // someNumber() return an int between 0 and 1000
    i = someNumber();
    i = i + 1;
}

DieHard

TCommit

两阶段提交

TwoPhase

Arrays in TLA+

Syntax

The TLA+ syntax for an array expression:

[variable∈set↦expression]

For example:

sqr = [i∈1..42↦i²]

Defines sqr to be an array with index set 1..42 such that sqr[i] = i² for all i in 1..42.

Terminology

Programming	Math	TLA+
array	function	function
index set	domain	domain
f[e]	f(e)	f[e]

Math and TLA+ allows a function to have any set as its domain — for exxample, the set of all integers.

Abbreviation

$$rmStat{e}^{\prime }=[s\in RM\mapsto \text{IF}s=r\text{THEN}"\mathrm{prepared}"\text{ELSE}rmState[s]]$$

Signal

Math	Code
∧	/\, \land
∨	\/, \lor
∃	\E
∀	\A
∈	\in
↦	| ->
→	->
≥	>=
≤	=<
≜	==
≠	/=, #
¬	~
∪	\cap, \union
⟨	<<