tlaplus
A discussion group for users of the TLA+ specification language and PlusCal algorithm language. For more information see <a href="http://research.microsoft.com/en-us/um/people/lamport/tla/tla.html">http://research.microsoft.com/en-us/um/people/lamport/tla/tla.html</a> .enn-ary Cartesian product
Hello, I need n-ary Cartesian product operator. Something that would do: Cartesian({S1, S2, .., Sn}) = S1 \X S2 \X .. Sn The output shouldn't necessarily be sequences. Sets will do. Is there already something like this in TLA+? Regards, Mariusz
Mariusz RyndzionekTue, 20 Oct 2020 11:28:17 UTCFunctions and Sets
Clarifying my fundamental (mis-)understanding :) [ {0, 1} -> {2, 3} ] \* set of functions. evaluates to: { (0 :> 2 @@ 1 :> 2), (0 :> 2 @@ 1 :> 3), (0 :> 3 @@ 1 :> 2), (0 :> 3 @@ 1 :> 3) } (0 :> 2 @@ 1 :> 2) \* is a function from the set above (0 :> 2 @@ 1 :> 2) \in [ {0, 1} -> {2, 3} ] \*
Igor KimMon, 19 Oct 2020 10:43:22 UTCUTF-8
Hi, I'm playing with TLA+ language so not a real application. Can I think if UTF-8 specification (ignoring endianness) as this? LOCAL INSTANCE Naturals NotNegNat == {i \in Nat: i >= 0} \* array index \* BIT BIT == {0, 1} \* ASCII == 1 byte UTF-8 == 0XXX_XXXX UTF8_1B == [0 -> 0] \cup [1 .. 7 ->
Igor KimSun, 18 Oct 2020 00:20:58 UTCHow Can I Specify a State Can Be Reachable in TLC?
Hi, I'm writing a specification. I want to check if a state can be reachable from Init in all the state space. I have a work around to do it for now: I define this behavior as part of Next step. If TLC find it's never enabled, it will report some warnings. I'm wondering if there is a way to
Bin WangSun, 04 Oct 2020 16:28:37 UTC[Newbie Question] Engineer trying to get maths meaning
Hi, I'm trying to understand this part of the paxos specification. I'm not trying to understand how paxos works, I get that, I'm just trying to understand how to read and understand this part of the specification. 01 /\ \E Q \in Quorum : 02 LET Q1b == {m \in msgs : /\ m.type = "1b" 03
Frank EavesFri, 02 Oct 2020 17:44:13 UTCRaft Spec Checking problem
Hello, I run the raft protocol specification from Diego Ongaro's Ph.D. dissertation. Now I use a server and run thread on 6 core with 25Gb ram. After 3 hours, it still keeps running. How can I estimate how long will it take for a complex spec. is there any Variants or Liveness property that may
sadjad talaWed, 30 Sep 2020 09:15:04 UTCJava overflow when using RandomSubset to check inductive invariance
I am using the RandomSubset operator of the Randomization module to check inductive invariance as described in [1], but I am running into issues when my set of type correct states gets, apparently, too big for TLC. Here is the TLC error I encounter: Attempted to apply the operator overridden by
Willy SchultzMon, 14 Sep 2020 02:55:55 UTCProving Prefix Safety Properties
My understanding is that it should always be possible to prove a safety property of a specification by finding an inductive invariant [1]. For safety properties that can be expressed as state predicates (i.e. invariants), the technique is clear to me i.e. find an inductive invariant, prove that
Willy SchultzSun, 13 Sep 2020 19:53:41 UTCUsing formal methods to reason about probabilistic systems
A long while back I posted a hilariously uninformed idea about using TLA+ to check systems that use probability: https://groups.google.com/g/tlaplus/c/ZDe9ogog6mE/m/GmBVdr-8DQAJ After a lot of reading & learning, I've summarized how you actually can do this - not with TLA+ currently, but with
Andrew HelwerFri, 11 Sep 2020 16:17:02 UTCArtificial coupling of variables
Hello, Consider this simple module EXTENDS Integers VARIABLES s Init == s = [i \in 1..2 |-> 0] Inc(i) == s' = [s EXCEPT ![i] = s[i] + 1] Next == Inc(1) /\ Inc(2) Next can never be enabled because Inc(i) is enabled when just 1 element of the array increments. This
Jedd HaberstroSun, 06 Sep 2020 03:32:45 UTCPostdoc position on Formal Methods and Testing @ TU Graz, Austria
I am looking for a University Assistant (postdoc) to join my research group at Graz University of Technology, Austria. We do research in the areas of formal methods, testing and automata learning. The group combines verification, falsification, modelling, and learning. The postdoc will do
Bernhard AichernigThu, 03 Sep 2020 11:36:59 UTCChecking invariants periods during periods of quiescence
Hi all, I am modeling a concurrent data structure in PlusCal. There are invariants that may become false during method invocations, but which should become true once all such invocations have completed (during periods of "quiescence", if you will). Is there a customary way to model check such
Jedd HaberstroTue, 01 Sep 2020 04:45:25 UTCTLA+ major mode for Emacs
Hello, I am currently in the process of learning TLA+ and how to specify software. To do that, I created a Major-Mode to edit TLA+ specifications within the Emacs ecosystem(*). If someone is also interested in writing specifications with Emacs, the elisp code can be downloaded here [1].
Christian BarthelThu, 27 Aug 2020 15:40:44 UTCRunning tla2tex.TeX on a TeX file without document preamble
Hello, I'd like to include TLA+ source code listings in a LaTeX TeX file. The file is structured with various "\input{document}" commands. Is it possible to run tla2tex.TeX on "document.tex" (the tex file has no \begin{document} preamble..) to generate the TLA+ pretty printed tex code?
Christian BarthelThu, 27 Aug 2020 07:39:31 UTCGet the raw LaTeX from the spec instead of an exported PDF?
Hello! I have a spec that I designed in the Toolbox, and I want to take the spec and include it into a paper I'm writing. Is there a way to export the raw LaTeX code from the toolbox instead of just the PDF?
thomas...@gmail.comTue, 25 Aug 2020 16:06:27 UTC