objective
play

Objective Explain basic concepts of TLA + modeling systems: static - PowerPoint PPT Presentation

Jul 30, 2023 •463 likes •1.27k views

A Tutorial Introduction to TLA + Stephan Merz http://www.loria.fr/merz/ INRIA Nancy & LORIA Nancy, France TLA + Community Event, ABZ 2014 Toulouse, June 3, 2014 TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 1 / 39

  1. A Tutorial Introduction to TLA + Stephan Merz http://www.loria.fr/˜merz/ INRIA Nancy & LORIA Nancy, France TLA + Community Event, ABZ 2014 Toulouse, June 3, 2014 TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 1 / 39

  2. Objective Explain basic concepts of TLA + ◮ modeling systems: static and dynamic aspects ◮ existing tool support for modeling and analysis PlusCal translator, TLC model checker, TLAPS proof platform ◮ elementary aspects of system refinement Example-driven presentation, not trying to be exhaustive TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 2 / 39

  3. Outline Modeling Systems in TLA + 1 2 System Verification 3 The PlusCal Algorithm Language Refinement in TLA + 4 TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 3 / 39

  4. Example: Distributed Termination Detection 0 1 3 2 Nodes arranged on a ring perform some computation ◮ nodes can be active (double circle) or inactive ◮ how can node 0 (master node) detect when all nodes are inactive? TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 4 / 39

  5. Example: Distributed Termination Detection 0 0 1 3 1 3 � 2 2 Nodes arranged on a ring perform some computation ◮ nodes can be active (double circle) or inactive ◮ how can node 0 (master node) detect when all nodes are inactive? Token-based algorithm ◮ initially: token at master node, who may pass it to its neighbor TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 4 / 39

  6. Example: Distributed Termination Detection 0 0 0 1 3 1 3 1 3 � � 2 2 2 Nodes arranged on a ring perform some computation ◮ nodes can be active (double circle) or inactive ◮ how can node 0 (master node) detect when all nodes are inactive? Token-based algorithm ◮ initially: token at master node, who may pass it to its neighbor ◮ when a node is inactive, it passes on the token TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 4 / 39

  7. Example: Distributed Termination Detection 0 0 0 0 1 3 1 3 · · · � 1 3 1 3 � � 2 2 2 2 Nodes arranged on a ring perform some computation ◮ nodes can be active (double circle) or inactive ◮ how can node 0 (master node) detect when all nodes are inactive? Token-based algorithm ◮ initially: token at master node, who may pass it to its neighbor ◮ when a node is inactive, it passes on the token ◮ termination detected when token returns to inactive master node TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 4 / 39

  8. Example: Distributed Termination Detection 0 0 0 0 1 3 1 3 · · · � 1 3 1 3 � � 2 2 2 2 Nodes arranged on a ring perform some computation ◮ nodes can be active (double circle) or inactive ◮ how can node 0 (master node) detect when all nodes are inactive? Token-based algorithm ◮ initially: token at master node, who may pass it to its neighbor ◮ when a node is inactive, it passes on the token ◮ termination detected when token returns to inactive master node Complication: nodes may send messages, activating receiver TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 4 / 39

  9. Dijkstra’s Algorithm (EWD 840, 1983) 0 1 3 2 Nodes and token colored black or white ◮ master node initiates probe by sending white token TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 5 / 39

  10. Dijkstra’s Algorithm (EWD 840, 1983) 0 0 1 3 1 3 � 2 2 Nodes and token colored black or white ◮ master node initiates probe by sending white token ◮ message to higher-numbered node stains sending node TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 5 / 39

  11. Dijkstra’s Algorithm (EWD 840, 1983) 0 0 0 1 3 1 3 1 3 � � 2 2 2 Nodes and token colored black or white ◮ master node initiates probe by sending white token ◮ message to higher-numbered node stains sending node ◮ when passing the token, a black node stains the token TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 5 / 39

  12. Dijkstra’s Algorithm (EWD 840, 1983) 0 0 0 1 3 1 3 1 3 � � 2 2 2 Nodes and token colored black or white ◮ master node initiates probe by sending white token ◮ message to higher-numbered node stains sending node ◮ when passing the token, a black node stains the token Termination detection by master node ◮ white token at inactive, white master node TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 5 / 39

  13. Dijkstra’s Algorithm (EWD 840, 1983) 0 0 0 1 3 1 3 1 3 � � 2 2 2 Nodes and token colored black or white ◮ master node initiates probe by sending white token ◮ message to higher-numbered node stains sending node ◮ when passing the token, a black node stains the token Termination detection by master node ◮ white token at inactive, white master node Required correctness properties ◮ safety: termination detected only if all nodes inactive ◮ liveness: when all nodes inactive, termination will be detected TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 5 / 39

  14. TLA + Specification of EWD 840: Data Model MODULE EWD840 EXTENDS Naturals CONSTANT N ∆ ASSUME NAssumption = N ∈ Nat \ { 0 } ∆ Nodes = 0 .. N − 1 ∆ Color = { “white” , “black” } VARIABLES tpos , tcolor , active , color ∆ = ∧ tpos ∈ Nodes ∧ tcolor ∈ Color TypeOK ∧ active ∈ [ Nodes → BOOLEAN ] ∧ color ∈ [ Nodes → Color ] Declaration of parameters Definition of operators ◮ sets Nodes and Color ◮ TypeOK documents expected values of variables ◮ active and color are arrays, i.e. functions TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 6 / 39

  15. TLA + Specification of EWD 840: Behavior (1) ∆ = ∧ tpos ∈ Nodes ∧ tcolor = “black” Init ∧ active ∈ [ Nodes → BOOLEAN ] ∧ color ∈ [ Nodes → Color ] Initial condition: any “type-correct” values; token should be black TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 7 / 39

  16. TLA + Specification of EWD 840: Behavior (1) ∆ = ∧ tpos ∈ Nodes ∧ tcolor = “black” Init ∧ active ∈ [ Nodes → BOOLEAN ] ∧ color ∈ [ Nodes → Color ] ∆ InitiateProbe = ∧ tpos = 0 ∧ ( tcolor = “black” ∨ color [ 0 ] = “black” ) ∧ tpos ′ = N − 1 ∧ tcolor ′ = “white” ∧ color ′ = [ color EXCEPT ! [ 0 ] = “white” ] ∧ active ′ = active ∆ PassToken ( i ) = ∧ tpos = i ∧ ¬ active [ i ] ∧ tpos ′ = i − 1 ∧ tcolor ′ = IF color [ i ] = “black” THEN “black” ELSE tcolor ∧ color ′ = [ color EXCEPT ! [ i ] = “white” ] ∧ active ′ = active Initial condition: any “type-correct” values; token should be black Action definitions: describe transitions of the algorithm TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 7 / 39

  17. TLA + Specification of EWD 840: Behavior (2) ∆ SendMsg ( i ) = ∧ active [ i ] ∧ ∃ j ∈ Nodes \ { i } : ∧ active ′ = [ active EXCEPT ! [ j ] = TRUE ] ∧ color ′ = [ color EXCEPT ! [ i ] = IF j > i THEN “black” ELSE @ ] ∧ UNCHANGED � tpos , tcolor � ∆ Deactivate ( i ) = ∧ active [ i ] ∧ active ′ = [ active EXCEPT ! [ i ] = FALSE ] ∧ UNCHANGED � color , tpos , tcolor � Definition of remaining actions TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 8 / 39

  18. TLA + Specification of EWD 840: Behavior (2) ∆ SendMsg ( i ) = ∧ active [ i ] ∧ ∃ j ∈ Nodes \ { i } : ∧ active ′ = [ active EXCEPT ! [ j ] = TRUE ] ∧ color ′ = [ color EXCEPT ! [ i ] = IF j > i THEN “black” ELSE @ ] ∧ UNCHANGED � tpos , tcolor � ∆ Deactivate ( i ) = ∧ active [ i ] ∧ active ′ = [ active EXCEPT ! [ i ] = FALSE ] ∧ UNCHANGED � color , tpos , tcolor � ∆ = Next ∨ InitiateProbe ∨ ∃ i ∈ Nodes \ { 0 } : PassToken ( i ) ∨ ∃ i ∈ Nodes : SendMsg ( i ) ∨ Deactivate ( i ) ∆ vars = � tpos , tcolor , active , color � ∆ Spec = Init ∧ � [ Next ] vars Definition of remaining actions Possible executions: initial condition, interleaving of transitions TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 8 / 39

  19. Modeling a System in TLA + Describe the system configurations 1 ◮ represent the state of the system by state variables ◮ mathematical abstractions: numbers, sets, functions, tuples, . . . TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 9 / 39

  20. Modeling a System in TLA + Describe the system configurations 1 ◮ represent the state of the system by state variables ◮ mathematical abstractions: numbers, sets, functions, tuples, . . . Specify system behavior as a state machine Init ∧ � [ Next ] v 2 ◮ initial condition: state formula identifies initial states ◮ next-state relation: action formula constrains allowed transitions ◮ overall spec: temporal formula defines system executions ◮ � [ Next ] v every transition satisfies Next or leaves v unchanged TLA + Tutorial Stephan Merz (INRIA Nancy) Toulouse, June 2014 9 / 39

Recommend

COMBINING SWIFT AND OBJECTIVE-C AGENDA Using Objective-C from Swift Using Swift from

COMBINING SWIFT AND OBJECTIVE-C AGENDA Using Objective-C from Swift Using Swift from

COMBINING SWIFT AND OBJECTIVE-C AGENDA Using Objective-C from Swift Using Swift from Objective-C Objective-C Behavior in Swift Classes IMPORTING OBJECTIVE-C INTO SWIFT APPLE FRAMEWORKS No additional setup required! import UIKit import

339 views • 22 slides
OBJECTIVES Objective 1 Identify intent & requirements Objective 2 Identify strategies for

OBJECTIVES Objective 1 Identify intent & requirements Objective 2 Identify strategies for

OBJECTIVES Objective 1 Identify intent & requirements Objective 2 Identify strategies for success Objective 3 Recognize unique nature of IP as woven throughout the LEED v4 Rating System Objective 4 Recognize benefits of integrative approach

349 views • 34 slides
The objective of this tutorial is to introduce EnergyPlus to architects and 3 Installation

The objective of this tutorial is to introduce EnergyPlus to architects and 3 Installation

11/17/2014 objective - energyplustutorial Objective 1 Home 2 Objective The objective of this tutorial is to introduce EnergyPlus to architects and 3 Installation engineers who are familiar with the basic concepts of energy simulation and 4

672 views • 48 slides
1 CONTENT & STRATEGIES Focus/Review Use focus to activate background knowledge and

1 CONTENT & STRATEGIES Focus/Review Use focus to activate background knowledge and

Lesson Plans BEGINNING OF A PLAN Subject Topic Related NCSCOS objective or Common Core objective Date Submitted and Date Taught Daily Lesson Objective 21 st Century Skills Rationale/Purpose Objective:

406 views • 6 slides
Instructors Guide XCollar Plus and NeXsplint Plus Objective: Our objective is to

Instructors Guide XCollar Plus and NeXsplint Plus Objective: Our objective is to

Instructors Guide XCollar Plus and NeXsplint Plus Objective: Our objective is to give instructors the information, tools and skills to clearly teach and evaluate this new Cervical Splinting Technology to new trainees. The following

228 views • 4 slides
2020 Annual GSM Report on the Discount objective Discount objective Monthly Monitoring 31

2020 Annual GSM Report on the Discount objective Discount objective Monthly Monitoring 31

Fondul Proprietatea 28 April 2020 2020 Annual GSM Report on the Discount objective Discount objective Monthly Monitoring 31 December 2019 Objective The discount between the closing price for each trading day on the In the period 1

877 views • 39 slides
10/20/19 Multi-objective Evolutionary Algorithms Genetic Algorithms Multi-objective

10/20/19 Multi-objective Evolutionary Algorithms Genetic Algorithms Multi-objective

10/20/19 Multi-objective Evolutionary Algorithms Genetic Algorithms Multi-objective optimization problems (MOPs) - Examples - Domination - Pareto optimality - Practical example Multi-objective EC approaches Optimization -

433 views • 8 slides
A STAR is born Collaborative Strategy that works! Objective Objective Demonstrate the

A STAR is born Collaborative Strategy that works! Objective Objective Demonstrate the

A STAR is born Collaborative Strategy that works! Objective Objective Demonstrate the importance of developing and nurturing partnerships in achieving quality outcomes, providing the right care at the right place at the right time

336 views • 31 slides
Objective This objective of this programme is to provide the delegates with a structured process

Objective This objective of this programme is to provide the delegates with a structured process

Effective Business Presentation Skills Objective This objective of this programme is to provide the delegates with a structured process to developing their presentations and a true to life climate within which to practice their new skills.

370 views • 6 slides
Optimizing the Algorithm Hard-Margin Objective Current objective: want to relax hard

Optimizing the Algorithm Hard-Margin Objective Current objective: want to relax hard

Optimizing the Algorithm Hard-Margin Objective Current objective: want to relax hard constraint Soft-Margin Objective New objective: Loss Function Loss Function takes into account window overlaps up to 50% Soft-Margin

327 views • 16 slides
Statement of Entry Challenge/Objective: Our objective for 2014 was to utilize partnership to

Statement of Entry Challenge/Objective: Our objective for 2014 was to utilize partnership to

Statement of Entry Challenge/Objective: Our objective for 2014 was to utilize partnership to provide engaging, impactful events at high quality venues free to our members. This gives added value to our members and encourages/incents new members

170 views • 6 slides
Regulations beyond 2020 Outline Background, objective and scope of the study Objective of

Regulations beyond 2020 Outline Background, objective and scope of the study Objective of

Assessment of the Modalities for LDV CO 2 Regulations beyond 2020 Outline Background, objective and scope of the study Objective of the regulation Findings on the level of ambition Main choices for the design (modalities)

866 views • 21 slides
Objective Proficiency Presentation Plus DVD-ROM Objective Proficiency Presentation Plus DVD-ROM

Objective Proficiency Presentation Plus DVD-ROM Objective Proficiency Presentation Plus DVD-ROM

[PDF] Objective Proficiency Presentation Plus DVD-ROM Objective Proficiency Presentation Plus DVD-ROM Objective Proficiency Presentation Plus DVD-ROM Book Review Book Review This ebook will be worth acquiring. It is actually writter in basic

64 views • 3 slides
Outline Objective of Presentation Objective of Presentation Digital IC Project and

Outline Objective of Presentation Objective of Presentation Digital IC Project and

Outline Objective of Presentation Objective of Presentation Digital IC Project and Verification Synthesis Basic synthesis flow i h i fl ASIC Synthesis DesignCompiler Synthesis script Deepak Dasalukunte & Joachim

457 views • 9 slides
Constraint Approach to Two Approaches Let Us Estimate the . . . Multi-Objective Let Us Estimate

Constraint Approach to Two Approaches Let Us Estimate the . . . Multi-Objective Let Us Estimate

Multi-Objective . . . Multi-Objective . . . Analysis of the Problem Constraint Approach to Two Approaches Let Us Estimate the . . . Multi-Objective Let Us Estimate the . . . Optimization Both Ideas Lead to . . . Home Page Martine Ceberio,

670 views • 12 slides
Part of the Strategic Plan Goal #4 Objective 4.3 & Goal #5 Objective 5.4 Design Development

Part of the Strategic Plan Goal #4 Objective 4.3 & Goal #5 Objective 5.4 Design Development

Campus Wayfaring Project Part of the Strategic Plan Goal #4 Objective 4.3 & Goal #5 Objective 5.4 Design Development Phase Update June 29, 2016 Goals / Scope of the Project Improve the experience of visitors &

237 views • 19 slides
vias Objective Objective vias EST-DEM Present and demonstrate the Chemical

vias Objective Objective vias EST-DEM Present and demonstrate the Chemical

vias Objective Objective vias EST-DEM Present and demonstrate the Chemical Vias production process used on CERN Compare with other process used to produce vias Patented by CERN, to make microvias on high density printed

536 views • 26 slides
Career Diploma Pathway Regional Input Meeting Meeting Objective / Agenda Meeting Objective : The

Career Diploma Pathway Regional Input Meeting Meeting Objective / Agenda Meeting Objective : The

Career Diploma Pathway Regional Input Meeting Meeting Objective / Agenda Meeting Objective : The Department of Education will demonstrate an understanding of how the state can assist local communities in developing Louisiana Diploma pathways to

320 views • 8 slides
Multiple objective function optimization R.T. Marker, J.S. Arora, Survey of multi-objective

Multiple objective function optimization R.T. Marker, J.S. Arora, Survey of multi-objective

Multiple objective function optimization R.T. Marker, J.S. Arora, Survey of multi-objective optimization methods for engineering Structural and Multidisciplinary Optimization Volume 26, Number 6, April 2004 , pp. 369-395(27) Multiple

457 views • 41 slides
Part of the Strategic Plan Goal #4 Objective 4.3 & Goal #5 Objective 5.4

Part of the Strategic Plan Goal #4 Objective 4.3 & Goal #5 Objective 5.4

Campus Wayfaring Project Part of the Strategic Plan Goal #4 Objective 4.3 & Goal #5 Objective 5.4

455 views • 3 slides
PRESENTATION AGENDA Introduction - Objective Where are we now? Business Club

PRESENTATION AGENDA Introduction - Objective Where are we now? Business Club

ROAD SHOW PRESENTATION AGENDA Introduction - Objective Where are we now? Business Club Membership: Benefits, Business Testimonials, How to Join? Future plans OBJECTIVE TO TO REMAIN IN THE TO TOP FIVE CO COASTAL TOURING

475 views • 20 slides
Sites Objective of Guideline Objective: provide guidance to address inconsistent accounting

Sites Objective of Guideline Objective: provide guidance to address inconsistent accounting

Accounting for Landfill Sites Objective of Guideline Objective: provide guidance to address inconsistent accounting practices Improve comparability Provide necessary information to users Format: Guideline Scope of Guideline

617 views • 26 slides
Project Icewine Roadshow February 2015 ABN 80 072 964 179 Objective and Why Tangiers NOW?

Project Icewine Roadshow February 2015 ABN 80 072 964 179 Objective and Why Tangiers NOW?

Project Icewine Roadshow February 2015 ABN 80 072 964 179 Objective and Why Tangiers NOW? Objective: Compelling oil play with unique logistics, market access, & fiscal incentives 99,360 acres onshore North Slope, Alaska with 10 year

390 views • 28 slides
25 January 2016 Draft in progress | 1 Objective: We have been thinking about opportunities

25 January 2016 Draft in progress | 1 Objective: We have been thinking about opportunities

25 January 2016 Draft in progress | 1 Objective: We have been thinking about opportunities to improve orthopaedic services. We have reached the stage where we want to test our thoughts with a wider group of service users. Our objective

203 views • 19 slides

More recommend