ebook img

Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineering PDF

387 Pages·2002·1.786 MB·
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineering

Specifying Systems First Printing Version of 18 June 2002 Specifying Systems The TLA+ Language and Tools for Hardware and Software Engineers Leslie Lamport Microsoft Research Boston San Francisco New York Toronto Montreal • • • • London Munich Paris Madrid • • • Capetown Sydney Tokyo Singapore Mexico City • • • • Manyofthedesignationsusedbymanufacturersandsellerstodistinguishtheir productsareclaimedastrademarks. Wherethosedesignationsappearinthisbook, andAddison-Wesleywasawareofatrademarkclaim,thedesignationshavebeen printedwithinitialcapitallettersorinallcapitals. Theauthorandpublisherhavetakencareinthepreparationofthisbook,butmakeno expressedorimpliedwarrantyofanykindandassumenoresponsibilityforerrorsor omissions. Noliabilityisassumedforincidentalorconsequentialdamagesinconnection withorarisingoutoftheuseoftheinformationorprogramscontainedherein. Thepublisheroffersdiscountsonthisbookwhenorderedinquantityforspecialsales. Formoreinformation,pleasecontact: U.S.CorporateandGovernmentSales (800)382-3419 [email protected] ForsalesoutsideoftheU.S.,pleasecontact: InternationalSales (317)581-3793 [email protected] VisitAddison-WesleyontheWeb: www.awprofessional.com Library of Congress Cataloging-in-Publication Data Lamport,Leslie Specifyingsystems: the TLA+ languageand tools for hardwareand software engineers/LeslieLamport. p. cm. Includesbibliographicalreferencesandindex. ISBN0-321-14306-X(alk. paper) 1. Systemdesign. 2. Computersystems–Specifications. 3. Logic,symbolic andmathematical.I.Title. QA76.9.S88L352003 2002074369 004.2′1--dc21 Copyright(cid:13)c 2003byPearsonEducation,Inc Allrightsreserved. Nopartofthispublicationmaybereproduced,storedinare- trievalsystem,ortransmitted,inanyform,orbyanymeans,electronic,mechanical, photocopying,recording,orotherwise,withoutthepriorconsentofthepublisher. PrintedintheUnitedStatesofAmerica. PublishedsimultaneouslyinCanada. Forinformationonobtainingpermissionforuseofmaterialfromthiswork,please submitawrittenrequestto: PearsonEducation,Inc. RightsandContractsDepartment 75ArlingtonStreet,Suite300 Boston,MA02116 Fax: (617)848-7047 ISBN0-321-14306-X Textprintedonrecycledpaper 12345678910-MA-0605040302 Firstprinting, July 2002 To Ellen This whole book is but a draught—nay, but the draught of a draught. Herman Melville Contents List of Figures and Tables xv Acknowledgments xvii Introduction 1 Part I Getting Started 5 1 A Little Simple Math 9 1.1 Propositional Logic . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.2 Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.3 Predicate Logic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.4 Formulasand Language . . . . . . . . . . . . . . . . . . . . . . . 14 2 Specifying a Simple Clock 15 2.1 Behaviors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.2 An Hour Clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 2.3 A Closer Look at the Specification . . . . . . . . . . . . . . . . . 18 2.4 The Specification in TLA+. . . . . . . . . . . . . . . . . . . . . . 19 2.5 An Alternative Specification . . . . . . . . . . . . . . . . . . . . . 21 3 An Asynchronous Interface 23 3.1 The First Specification . . . . . . . . . . . . . . . . . . . . . . . . 24 3.2 Another Specification . . . . . . . . . . . . . . . . . . . . . . . . 28 3.3 Types: A Reminder . . . . . . . . . . . . . . . . . . . . . . . . . 30 3.4 Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 3.5 Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 4 A FIFO 35 4.1 The Inner Specification . . . . . . . . . . . . . . . . . . . . . . . 35 4.2 Instantiation Examined . . . . . . . . . . . . . . . . . . . . . . . 37 ix x CONTENTS 4.2.1 Instantiation Is Substitution. . . . . . . . . . . . . . . . . 37 4.2.2 Parametrized Instantiation . . . . . . . . . . . . . . . . . 39 4.2.3 ImplicitSubstitutions . . . . . . . . . . . . . . . . . . . . 40 4.2.4 Instantiation Without Renaming . . . . . . . . . . . . . . 40 4.3 Hiding the Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.4 A Bounded FIFO . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 4.5 What We’re Specifying . . . . . . . . . . . . . . . . . . . . . . . . 43 5 A Caching Memory 45 5.1 The MemoryInterface . . . . . . . . . . . . . . . . . . . . . . . . 45 5.2 Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 5.3 A Linearizable Memory . . . . . . . . . . . . . . . . . . . . . . . 51 5.4 Tuples as Functions . . . . . . . . . . . . . . . . . . . . . . . . . 53 5.5 Recursive Function Definitions . . . . . . . . . . . . . . . . . . . 54 5.6 A Write-Through Cache . . . . . . . . . . . . . . . . . . . . . . . 54 5.7 Invariance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 5.8 Proving Implementation . . . . . . . . . . . . . . . . . . . . . . . 62 6 Some More Math 65 6.1 Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 6.2 Silly Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 6.3 Recursion Revisited . . . . . . . . . . . . . . . . . . . . . . . . . 67 6.4 Functions versus Operators . . . . . . . . . . . . . . . . . . . . . 69 6.5 Using Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 6.6 Choose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 7 Writing a Specification: Some Advice 75 7.1 Why Specify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 7.2 What to Specify . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 7.3 The Grain of Atomicity . . . . . . . . . . . . . . . . . . . . . . . 76 7.4 The Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . 78 7.5 Writing the Specification . . . . . . . . . . . . . . . . . . . . . . . 79 7.6 Some Further Hints. . . . . . . . . . . . . . . . . . . . . . . . . . 80 7.7 When and How to Specify . . . . . . . . . . . . . . . . . . . . . . 83 Part II More Advanced Topics 85 8 Liveness and Fairness 87 8.1 Temporal Formulas . . . . . . . . . . . . . . . . . . . . . . . . . . 88 8.2 Temporal Tautologies . . . . . . . . . . . . . . . . . . . . . . . . 92 8.3 Temporal Proof Rules . . . . . . . . . . . . . . . . . . . . . . . . 95 8.4 Weak Fairness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 8.5 The MemorySpecification . . . . . . . . . . . . . . . . . . . . . . 100

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.