On the Logic of TLA+

TLA+ is a language intended for the high-level specification of reactive, distributed, and in particular asynchronous systems. Combining the linear-time temporal logic TLA and classical set-theory, it provides an expressive specification formalism and supports assertional verification

TLA+ Proofs

TLA+ is a specification language based on standard set theory and temporal logic that has constructs for hierarchical proofs. We describe how to write TLA+ proofs and check them with TLAPS, the TLA+ Proof System. We use Peterson's mutual exclusion algorithm as a simple example to describe the features of TLAPS and show how it and the Toolbox (an IDE for TLA+) help users to manage large, complex proofs.Comment: A shorter version of this article appeared in the proceedings of the conference Formal Methods 2012 (FM 2012, Paris, France, Springer LNCS 7436, pp. 147-154

Encoding TLA+ set theory into many-sorted first-order logic

We present an encoding of Zermelo-Fraenkel set theory into many-sorted first-order logic, the input language of state-of-the-art SMT solvers. This translation is the main component of a back-end prover based on SMT solvers in the TLA+ Proof System

Reasoning about goal-directed real-time teleo-reactive programs

The teleo-reactive programming model is a high-level approach to developing real-time systems that supports hierarchical composition and durative actions. The model is different from frameworks such as action systems, timed automata and TLA+, and allows programs to be more compact and descriptive of their intended behaviour. Teleo-reactive programs are particularly useful for implementing controllers for autonomous agents that must react robustly to their dynamically changing environments. In this paper, we develop a real-time logic that is based on Duration Calculus and use this logic to formalise the semantics of teleo-reactive programs. We develop rely/guarantee rules that facilitate reasoning about a program and its environment in a compositional manner. We present several theorems for simplifying proofs of teleo-reactive programs and present a partially mechanised method for proving progress properties of goal-directed agents. © 2013 British Computer Society

Harnessing SMT Solvers for TLA+ Proofs

International audienceTLA+ is a language based on Zermelo-Fraenkel set theory and linear temporal logic designed for specifying and verifying concurrent and distributed algorithms and systems. The TLA+ proof system TLAPS allows users to interactively verify safety properties of these systems. At the core of TLAPS, a proof manager interprets the proof language, generates corresponding proof obligations and passes them to backend provers. We recently developed a backend that relies on a typing discipline to encode (untyped) TLA+ formulas into multi-sorted first-order logic for SMT solvers. In this paper we present a different encoding of TLA+ formulas that does not require explicit type inference for TLA+ expressions. We also present a number of techniques based on rewriting in order to simplify the resulting formulas

Validation of formal specifications

Colloque avec actes sans comité de lecture.TLA, (the Temporal Logic of Actions) is a linear temporal logic for specifying and reasoning about reactive systems. The purpose of this paper is to develop an animator and a model checker, both based on a subset of TLA, and illustrates how we can combine these tools to validate TLA specifications

Prototype performance evaluation of multimedia service components

This paper deals with a formal approach for decomposition and description of multimedia service components and their performance analysis. Our approach is based on the Temporal Logic of Actions (TLA) specifications. A TLA based specification of multimedia components is transformed into process prototypes described with the SPIMS (SICS Protocol Implementation Measurement System) application language. The multimedia component prototype derived in this way is then evaluated with the SPIMS tool for different QoS parameters. The proposed approach using TLA based specifications, transformations in SPIMS application prototypes, and performance analysis provides the background for an computer based system for test specification and performance analysis which is currently under development. We present and discuss practical test scenarios derived from the proposed method for performance analysis of the Audio-Visual Communication (AVC)component of the Joint-Viewing and Tele-Operation Service (JVTOS). The multimedia test scenarios shown use the TCP/IP and XTP protocols on top of FORE ATM networks

Encoding TLA+ into unsorted and many-sorted first-order logic

International audienceTLA+ is a specification language designed for the verification of concurrent and distributed algorithms and systems. We present an encoding of a non-temporal fragment of TLA+ into (unsorted) first-order logic and many-sorted first-order logic, the input languages of first-order automated theorem provers. The non-temporal subset of TLA+ is based on untyped set theory and includes functions, arithmetic expressions, and Hilbert's choice operator. The translation, based on encoding techniques such as boolification, injection of unsorted expressions into sorted languages, term rewriting, and abstraction, is the core component of a back-end prover based on first-order theorem provers and SMT solvers for the TLA+ Proof System

Formal specification of QoS properties

We describe the specification of communication services, with special emphasis being placed on the use of the Temporal Logic of Actions (TLA) to describe the behaviours involved. We show how, startingfrom Message Sequence Charts, this temporal logic may be used to describe The Joint Viewing and Tele Operating Service (JVTOS) and its associated functions; and so lead on to the specification of QoS parameters. We discuss the approach that was taken to determine the exact nature of the Quality of Service parameters, and how the method may be used to extend the specification, and probe further aspects of the services and protocols involved

Verifying Safety Properties With the TLA+ Proof System

TLAPS, the TLA+ proof system, is a platform for the development and mechanical verification of TLA+ proofs written in a declarative style requiring little background beyond elementary mathematics. The language supports hierarchical and non-linear proof construction and verification, and it is independent of any verification tool or strategy. A Proof Manager uses backend verifiers such as theorem provers, proof assistants, SMT solvers, and decision procedures to check TLA+ proofs. This paper documents the first public release of TLAPS, distributed with a BSD-like license. It handles almost all the non-temporal part of TLA+ as well as the temporal reasoning needed to prove standard safety properties, in particular invariance and step simulation, but not liveness properties