Proving the Correctness of Distributed Algorithms using TLA

More documents

Recommendations

Info

Khushboo KanjaniThe properties which define the correctness of a program are often describedin temporal logic. The following is a brief overview of the kinds of logic:1.1 Logic• Binary Logic has two boolean values True and False.• Propositional Logic adds the following operators to the binary logic.conjunction(and) ∧disjunction(or) ∨negation(not) ¬implication(implies) →equivalence ≡.• First-Order(Predicate) Logic extends propositional logic with twoquantifiers:∃ existential quantification(there exists)∀ universal quantification (for all)• Temporal Logic quantifies in terms of time and has the following twooperators:♦ - now or sometime in future□ - now and foreverTime is viewed as a sequence of states in temporal logic.The Temporal Logic of Actions(TLA) is a combination of two logics : logicof actions and the standard temporal logic. In TLA, the program and itsproperties are written in the same language. The behavior of the programis written as a temporal formula σ. To prove that the program satisfies aproperty P, it is sufficient to prove that σ => P.1.2 Related WorkThe other formal methods based on temporal logic are Unity Logic [4], thelogic of Manna, Pnueli [11] and Process Algebra by Hoare [2], Milner[9].Unity logic is based on assertions of the form {p}s{q}, which denotes thatthe execution of statement s in any state satisfying predicate p results in astate satisfying predicate q. Properties of a program are expressed in termsof the basic operators unless, invariant, ensures and → (leads-to).CPSC 689-608 Spring 2007 Report Draft
Khushboo KanjaniThe language of temporal logic defined by Manna, Pnueli [11] is built froma state language used to construct state formulas, and a set of logical andtemporal operators. By applying the logical and temporal operators to thestate formulas, they construct general temporal formulas.Process algebra provides a tool for the high-level description of interactions,communications, and synchronizations between a collection of independentprocesses. Some examples of this are Hoare’s Communicating SequentialProcesses(CSP)[2] and Milner’s Calculus of Communicating Systems(CCS)[9].2 DefinitionsThis section defines all the definitions used in the logic. The semantic meaningof every object T in the logic in denoted by [[T]]. The semantic meaningof state functions, predicates, actions etc. are stated in Figure 1 from [6] inthe appendix.1. Values, Variables and States: A set Val of all possible values ofvariables is assumed. It includes sets like the set Nat of natural numbers.The booleans true and false do not belong to this set Val. Theset Var is an infinite set of all variable names. A state is a mappingfrom the set Var to the set Val. A state s assigns a value s[x] to avariable x. St is the collection of all possible states.2. State Functions: A non boolean expression built from variables andconstants. For example: z=x+y+3.3. State Predicate: It is a boolean expression built from variables andconstant symbols. For example x + y = 1 and x, y ∈ Nat4. Actions: An action represents an atomic operation in a concurrentprogram. It is a relation between unprimed variables(referring to oldstate) and primed variables(referring to the new state after the actionis executed). For example : y’=x+y+1. s[[A]]t is true if executing theA operation in state s produces state t.CPSC 689-608 Spring 2007 Report Draft
Page 1: Proving the Correctness of Distribu
Page 5 and 6: Khushboo KanjaniP1: while true doif
Page 7 and 8: Khushboo Kanjani5 DevelopmentsTLA+[
Page 9 and 10: Khushboo KanjaniFigure 1: Syntax of
Page 11: Khushboo KanjaniFigure 3: Quantific

Proving the Correctness of Distributed Algorithms using TLA

Create successful ePaper yourself

Delete template?

Save as template?