Encoding TLA+ into unsorted and many-sorted first-order logic

Merz, Stephan; Vanzetto, Hernán

doi:10.1016/j.scico.2017.09.004

Cited by 5 publications

(4 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As sets are encoded as constants of uninterpreted sorts in SMT, it is not sound to use the SMT equality. One way of imposing equality constraints is by writing down the set equality axioms as done by [Merz and Vanzetto 2018]. However, such axioms immediately introduce quantified formulas in SMT.…”

Section: Setsmentioning

confidence: 99%

“…We are not aware of applying this tool to fault-tolerant distributed algorithms such as Paxos, reliable broadcast łbcastByz", or two phase commit łTwoPhase". [Merz and Vanzetto 2018] introduced two encodings to translate TLA + to SMT formulas: an untyped one and a multi-sorted one. Their work is designed towards proving unsatisfiablity of obligations inside the TLA Proof System [Chaudhuri et al 2010].…”

Section: Related Work 141 General-purpose Specification Languagesmentioning

confidence: 99%

“…We first tried to use the untyped encoding for bounded model checking, but the search space of Z3 was significantly larger even for small examples than in the case of a multi-sorted encoding. While our type system is similar to one in [Merz and Vanzetto 2018], our abstract reduction system applies a quantifier-free encoding, and unrolls a complete TLA + specification up to k steps. This allows us to check satisfiability (when finding enabled transitions or counterexamples) as well as unsatisfiability (when proving that a transition is disabled and an invariant holds true).…”

Section: Related Work 141 General-purpose Specification Languagesmentioning

confidence: 99%

“…Although these techniques can be used to reason about some TLA + expressions, they pose various constraints on the set theory that would not easily accommodate typical TLA + specifications. [Merz and Vanzetto 2018] introduced an unsorted SMT encoding of TLA + for discharging proof obligations in TLAPS. This encoding did not scale to model checking in our preliminary experiments.…”

mentioning

confidence: 99%

See 3 more Smart Citations

TLA+ model checking made symbolic

Konnov

Kukovec²,

Tran³

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

TLA + is a language for formal specification of all kinds of computer systems. System designers use this language to specify concurrent, distributed, and fault-tolerant protocols, which are traditionally presented in pseudo-code. TLA + is extremely concise yet expressive: The language primitives include Booleans, integers, functions, tuples, records, sequences, and sets thereof, which can be also nested. This is probably why the only model checker for TLA + (called TLC) relies on explicit enumeration of values and states. In this paper, we present APALACHE Ð a first symbolic model checker for TLA +. Like TLC, it assumes that all specification parameters are fixed and all states are finite structures. Unlike TLC, APALACHE translates the underlying transition relation into quantifier-free SMT constraints, which allows us to exploit the power of SMT solvers. Designing this translation is the central challenge that we address in this paper. Our experiments show that APALACHE outperforms TLC on examples with large state spaces. CCS Concepts: • Theory of computation → Logic and verification; • Software and its engineering → Model checking; Specification languages.

show abstract

Section: Setsmentioning

confidence: 99%

Section: Related Work 141 General-purpose Specification Languagesmentioning

confidence: 99%

Section: Related Work 141 General-purpose Specification Languagesmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

TLA+ model checking made symbolic

Konnov

Kukovec²,

Tran³

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

Symbolic Model Checking for TLA+ Made Faster

Otoni

Konnov²,

Kukovec³

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The need to provide formal guarantees about the behaviour of the algorithms underpinning modern distributed systems became evident in recent years. This interest made apparent the complexities involved in applying verification techniques in a distributed setting, with significant effort being made in both academia and industry to aid in this endeavour. Many formalisms have been proposed to tackle the difficulties faced by practitioners, with one that has seen widespread use in industry being TLA$$^+$$ + , adopted, for instance, by Amazon Web Services. TLA$$^+$$ + provides engineers with a way of specifying both systems and desired properties, and is supported by a number of verification tools. Despite their extensive use, such tools suffer considerably from lack of scalability. To solve this, we propose a novel encoding of TLA$$^+$$ + into SMT constraints to improve symbolic model checking efficiency. Our insight is the need to provide the SMT solver with structural information about the TLA$$^+$$ + specification encoded, i.e., how data structures and their component elements interact, which we do by relying on the SMT theory of arrays. We implemented our approach by modifying the SMT-based model checker Apalache and evaluated it against comparable tools. Our results show that our approach outperforms existing ones on a number of benchmarks, with an order of magnitude improvement in checking time.

show abstract

Encoding $$\textrm{TLA}^{+}$$ Proof Obligations Safely for SMT

Defourné

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Encoding TLA+ into unsorted and many-sorted first-order logic

Cited by 5 publications

References 27 publications

TLA+ model checking made symbolic

TLA+ model checking made symbolic

Symbolic Model Checking for TLA+ Made Faster

Encoding $$\textrm{TLA}^{+}$$ Proof Obligations Safely for SMT

Contact Info

Product

Resources

About