Proving the Correctness of Distributed Algorithms using TLA

More documents

Recommendations

Info

Khushboo Kanjani5. Validity: The formal definition of validity of an action A, denoted as|= A is:|= A ≡ ∀s, t ∈ St : s[[A]]t6. Rigid Variables: A variable whose value does not change in the executionof the program is termed as a rigid variable.7. Enabled Predicate: For any action A, Enabled A is defined as follows:s[[EnabledA]] ≡ ∃t ∈ St : s[[A]]t8. Unchanged Action: An action Unchanged f , for a state function f isdefined as a step in which the value of f does not change. Formally :Unchanged f ≡ f ′ = f3 TLAIn TLA, specification of the system and the desired properties are stated byTLA formulas. A TLA formula is true or false on a behavior, which is asequence of states, where a state is an assignment of values to variables.3.1 SpecificationA specification is a formal description of the desired behavior of a program.The approach to define it can be divided into two steps:• State the variables that define the system’s state.• State the granularity of the steps that change those variables’ values.CPSC 689-608 Spring 2007 Report Draft
Khushboo KanjaniP1: while true doif x 1 = x n thenx 1 := (x 1 + 1)mod(n + 1)endendP i (i ≠ 1) :while true doifx i ≠ x i−1 thenx i := x i−1endendAlgorithm 1: Dijkstra self-stabilizing algorithm for MEExample: Here we give a TLA specification of the famous Dijkstra’s selfstabilizingalgorithm for mutual exclusion in a ring described in Algorithm1. The notations used here are explained in Figure 1. Equation 1 describesthe initial condition of the variables. Equation 2 states that ∀i ∈ [0, N]i ≠ 1if the value of x i is not equal to that of its left neighbor, it is assigned thatvalue when process P i is activated. For P 1 , equation 3 states that the valueof x 1 is incremented if its value is equal to x n . In equation 4, w definesthe state function of all the variables in the program. These TLA formulasC 1 , C 2 , ....C n describe the behavior of the processes P 1 , P 2 , ....P n respectively.All possible executions of the program satisfy the temporal formula definedin equation 6.Init φ ≡ ∀i ∈ n, 0 ≤ x i ≤ n (1)∀i ∈ [0, N]i ≠ 1, C i ≡ (x i ≠ x i−1 ) ∧ (x ′ i = x i−1 ) ∧ Unchanged < AllBut(x i ) >(2)C 1 ≡ (x 1 = x n ) ∧ (x ′ 1 = (x 1 + 1)mod(n + 1)) ∧ Unchanged < AllBut(x 1 ) >(3)w =< x 1 , x 2 , ........., x n > (4)C ≡ C 1 ∨ C 2 ∨ ........ ∨ C n (5)φ ≡ Init φ ∧ □[C] w (6)CPSC 689-608 Spring 2007 Report Draft
Page 1 and 2: Proving the Correctness of Distribu
Page 3: Khushboo KanjaniThe language of tem
Page 7 and 8: Khushboo Kanjani5 DevelopmentsTLA+[
Page 9 and 10: Khushboo KanjaniFigure 1: Syntax of
Page 11: Khushboo KanjaniFigure 3: Quantific

Proving the Correctness of Distributed Algorithms using TLA

Create successful ePaper yourself

Delete template?

Save as template?