EagleBear2002 的博客

这里必须根绝一切犹豫,这里任何怯懦都无济于事

TLA+

发表于 更新于 分类于
本文字数: 999 阅读时长 ≈ 1 分钟

官方网站:The TLA+ Home Page by Leslie Lamport

视频链接:The TLA+ Video Course

Terminology

TLA:时序逻辑行为(Temporal Logic of Actions)

TLC:遍历 TLA+ 抽象出来的系统的每一个可能路径,并在每条可能的路径上对一些条件(称为“不变式”)进行检验。

Demos

SimpleProgram

对以下 C 语言代码进行验证:

1
2
3
4
5
6
int i;
int main() {
    // someNumber() return an int between 0 and 1000
    i = someNumber();
    i = i + 1;
}
MOUDLE SimpleProgram

DieHard

MOUDLE DieHard

TCommit

两阶段提交

MOUDLE TCommit

TwoPhase

Arrays in TLA+

Syntax

The TLA+ syntax for an array expression:

$$ [variable \in set \mapsto expression] $$

For example:

$$ sqr = [i \in 1..42 \mapsto i^2] $$

Defines $sqr$ to be an array with index set $1..42$ such that $sqr[i] = i^2$ for all $i$ in $1..42$.

Terminology

Programming Math TLA+
array function function
index set domain domain
$f[e]$ $f(e)$ $f[e]$

Math and TLA+ allows a function to have any set as its domain — for exxample, the set of all integers.

Abbreviation

$$ rmState' = [s \in RM \mapsto \textup{IF} ; s = r ; \textup{THEN} ; \mathrm{"prepared"}; \textup{ELSE} ; rmState[s]] $$

Signal

Signal
Math Code
$\wedge$ /\, \land
$\vee$ \/, \lor
$\exists$ \E
$\forall$ \A
$\in$ \in
$\mapsto$ `
$\rightarrow$ ->
$\ge$ >=
$\le$ =<
$\triangleq$ ==
$\ne$ /=, #
$\neg$ ~
$\cup$ \cap, \union
$\langle$ <<