A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent...
Transcript of A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent...
![Page 1: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/1.jpg)
A High-Level Language for Modeling Algorithms andtheir Properties
Sabina Akhtar Stephan Merz Martin Quinson
LORIA – INRIA Nancy Grand Est and Nancy University, Nancy, France
SBMF 2010
1 / 55
![Page 2: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/2.jpg)
Outline
1 IntroductionBackgroundMotivations for PLUSCAL-2
2 PLUSCAL-2The LanguageThe StatementsThe Compiler
3 ResultsVerification of PLUSCAL-2 algorithmsComparison with PLUSCAL
4 Summary
2 / 55
![Page 3: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/3.jpg)
Background
Formal verification of concurrent and distributed systemsProblems like deadlocks, race conditions,...TLA+: Specification language
developed by Leslie Lamporta language based on mathematical set theory
TLC: Model checkerfor verifying TLA+ specifications
Leslie Lamport. Specifying Systems, The TLA+ Language and Tools forHardware and Software Engineers. Addison-Wesley, 2002.
3 / 55
![Page 4: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/4.jpg)
An Example
Lamport’s Mutual Exclusion Algorithm
4 / 55
![Page 5: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/5.jpg)
TLA+ Specifications
Init ∆= ∧ clock = 0∧ . . .∧ ProcSet = SiteIDs ∪ CommunicatorIDs∧ pc = [self ∈ ProcSet 7→ CASE self ∈ SiteIDs → ”ncrit”
�self ∈ CommunicatorIDs → ”chkMsg”]
ncrit(self )∆= ∧ pc[self ] = ”ncrit”
∧ . . .∧ pc′ = [pc EXCEPT![self ] = ”try”]∧ UNCHANGED vars\{pc}
try(self )∆= ∧ pc[self ] = ”try”
∧ . . .. . .
Site(self )∆= ncrit(self ) ∨ try(self ) ∨ enter(self ) ∨ crit(self ) ∨ exit(self )
. . .
Communicator(self )∆= chkMsg(self )
Next ∆= ∨ ∃self ∈ SiteIDs : Site(self )∨ ∃self ∈ CommunicatorIDs : Communicator(self )∨ (∧ ∀self ∈ ProcSet : pc[self ] = ”Done”∧ UNCHANGED vars
)
Spec ∆= Init ∧ 2[Next]vars
5 / 55
![Page 6: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/6.jpg)
TLA+ Specifications
Init ∆= ∧ clock = 0∧ . . .∧ ProcSet = SiteIDs ∪ CommunicatorIDs∧ pc = [self ∈ ProcSet 7→ CASE self ∈ SiteIDs → ”ncrit”
�self ∈ CommunicatorIDs → ”chkMsg”]
ncrit(self )∆= ∧ pc[self ] = ”ncrit”
∧ . . .∧ pc′ = [pc EXCEPT![self ] = ”try”]∧ UNCHANGED vars\{pc}
try(self )∆= ∧ pc[self ] = ”try”
∧ . . .. . .
Site(self )∆= ncrit(self ) ∨ try(self ) ∨ enter(self ) ∨ crit(self ) ∨ exit(self )
. . .
Communicator(self )∆= chkMsg(self )
Next ∆= ∨ ∃self ∈ SiteIDs : Site(self )∨ ∃self ∈ CommunicatorIDs : Communicator(self )∨ (∧ ∀self ∈ ProcSet : pc[self ] = ”Done”∧ UNCHANGED vars
)
Spec ∆= Init ∧ 2[Next]vars
6 / 55
![Page 7: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/7.jpg)
TLA+ Specifications
Init ∆= ∧ clock = 0∧ . . .∧ ProcSet = SiteIDs ∪ CommunicatorIDs∧ pc = [self ∈ ProcSet 7→ CASE self ∈ SiteIDs → ”ncrit”
�self ∈ CommunicatorIDs → ”chkMsg”]
ncrit(self )∆= ∧ pc[self ] = ”ncrit”
∧ . . .∧ pc′ = [pc EXCEPT![self ] = ”try”]∧ UNCHANGED vars\{pc}
try(self )∆= ∧ pc[self ] = ”try”
∧ . . .. . .
Site(self )∆= ncrit(self ) ∨ try(self ) ∨ enter(self ) ∨ crit(self ) ∨ exit(self )
. . .
Communicator(self )∆= chkMsg(self )
Next ∆= ∨ ∃self ∈ SiteIDs : Site(self )∨ ∃self ∈ CommunicatorIDs : Communicator(self )∨ (∧ ∀self ∈ ProcSet : pc[self ] = ”Done”∧ UNCHANGED vars
)
Spec ∆= Init ∧ 2[Next]vars
7 / 55
![Page 8: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/8.jpg)
TLA+ Specifications
Init ∆= ∧ clock = 0∧ . . .∧ ProcSet = SiteIDs ∪ CommunicatorIDs∧ pc = [self ∈ ProcSet 7→ CASE self ∈ SiteIDs → ”ncrit”
�self ∈ CommunicatorIDs → ”chkMsg”]
ncrit(self )∆= ∧ pc[self ] = ”ncrit”
∧ . . .∧ pc′ = [pc EXCEPT![self ] = ”try”]∧ UNCHANGED vars\{pc}
try(self )∆= ∧ pc[self ] = ”try”
∧ . . .. . .
Site(self )∆= ncrit(self ) ∨ try(self ) ∨ enter(self ) ∨ crit(self ) ∨ exit(self )
. . .
Communicator(self )∆= chkMsg(self )
Next ∆= ∨ ∃self ∈ SiteIDs : Site(self )∨ ∃self ∈ CommunicatorIDs : Communicator(self )∨ (∧ ∀self ∈ ProcSet : pc[self ] = ”Done”∧ UNCHANGED vars
)
Spec ∆= Init ∧ 2[Next]vars
8 / 55
![Page 9: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/9.jpg)
TLA+ Specifications
Init ∆= ∧ clock = 0∧ . . .∧ ProcSet = SiteIDs ∪ CommunicatorIDs∧ pc = [self ∈ ProcSet 7→ CASE self ∈ SiteIDs → ”ncrit”
�self ∈ CommunicatorIDs → ”chkMsg”]
ncrit(self )∆= ∧ pc[self ] = ”ncrit”
∧ . . .∧ pc′ = [pc EXCEPT![self ] = ”try”]∧ UNCHANGED vars\{pc}
try(self )∆= ∧ pc[self ] = ”try”
∧ . . .. . .
Site(self )∆= ncrit(self ) ∨ try(self ) ∨ enter(self ) ∨ crit(self ) ∨ exit(self )
. . .
Communicator(self )∆= chkMsg(self )
Next ∆= ∨ ∃self ∈ SiteIDs : Site(self )∨ ∃self ∈ CommunicatorIDs : Communicator(self )∨ (∧ ∀self ∈ ProcSet : pc[self ] = ”Done”∧ UNCHANGED vars
)
Spec ∆= Init ∧ 2[Next]vars
9 / 55
![Page 10: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/10.jpg)
TLA+ Specifications
Init ∆= ∧ clock = 0∧ . . .∧ ProcSet = SiteIDs ∪ CommunicatorIDs∧ pc = [self ∈ ProcSet 7→ CASE self ∈ SiteIDs → ”ncrit”
�self ∈ CommunicatorIDs → ”chkMsg”]
ncrit(self )∆= ∧ pc[self ] = ”ncrit”
∧ . . .∧ pc′ = [pc EXCEPT![self ] = ”try”]∧ UNCHANGED vars\{pc}
try(self )∆= ∧ pc[self ] = ”try”
∧ . . .. . .
Site(self )∆= ncrit(self ) ∨ try(self ) ∨ enter(self ) ∨ crit(self ) ∨ exit(self )
. . .
Communicator(self )∆= chkMsg(self )
Next ∆= ∨ ∃self ∈ SiteIDs : Site(self )∨ ∃self ∈ CommunicatorIDs : Communicator(self )∨ (∧ ∀self ∈ ProcSet : pc[self ] = ”Done”∧ UNCHANGED vars
)
Spec ∆= Init ∧ 2[Next]vars
10 / 55
![Page 11: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/11.jpg)
TLA+ Specifications
Init ∆= ∧ clock = 0∧ . . .∧ ProcSet = SiteIDs ∪ CommunicatorIDs∧ pc = [self ∈ ProcSet 7→ CASE self ∈ SiteIDs → ”ncrit”
�self ∈ CommunicatorIDs → ”chkMsg”]
ncrit(self )∆= ∧ pc[self ] = ”ncrit”
∧ . . .∧ pc′ = [pc EXCEPT![self ] = ”try”]∧ UNCHANGED vars\{pc}
try(self )∆= ∧ pc[self ] = ”try”
∧ . . .. . .
Site(self )∆= ncrit(self ) ∨ try(self ) ∨ enter(self ) ∨ crit(self ) ∨ exit(self )
. . .
Communicator(self )∆= chkMsg(self )
Next ∆= ∨ ∃self ∈ SiteIDs : Site(self )∨ ∃self ∈ CommunicatorIDs : Communicator(self )∨ (∧ ∀self ∈ ProcSet : pc[self ] = ”Done”∧ UNCHANGED vars
)
Spec ∆= Init ∧ 2[Next]vars
11 / 55
![Page 12: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/12.jpg)
TLA+ Specifications
Init ∆= ∧ clock = 0∧ . . .∧ ProcSet = SiteIDs ∪ CommunicatorIDs∧ pc = [self ∈ ProcSet 7→ CASE self ∈ SiteIDs → ”ncrit”
�self ∈ CommunicatorIDs → ”chkMsg”]
ncrit(self )∆= ∧ pc[self ] = ”ncrit”
∧ . . .∧ pc′ = [pc EXCEPT![self ] = ”try”]∧ UNCHANGED vars\{pc}
try(self )∆= ∧ pc[self ] = ”try”
∧ . . .. . .
Site(self )∆= ncrit(self ) ∨ try(self ) ∨ enter(self ) ∨ crit(self ) ∨ exit(self )
. . .
Communicator(self )∆= chkMsg(self )
Next ∆= ∨ ∃self ∈ SiteIDs : Site(self )∨ ∃self ∈ CommunicatorIDs : Communicator(self )∨ (∧ ∀self ∈ ProcSet : pc[self ] = ”Done”∧ UNCHANGED vars
)
Spec ∆= Init ∧ 2[Next]vars
12 / 55
![Page 13: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/13.jpg)
TLA+ Specifications
Init ∆= ∧ clock = 0∧ . . .∧ ProcSet = SiteIDs ∪ CommunicatorIDs∧ pc = [self ∈ ProcSet 7→ CASE self ∈ SiteIDs → ”ncrit”
�self ∈ CommunicatorIDs → ”chkMsg”]
ncrit(self )∆= ∧ pc[self ] = ”ncrit”
∧ . . .∧ pc′ = [pc EXCEPT![self ] = ”try”]∧ UNCHANGED vars\{pc}
try(self )∆= ∧ pc[self ] = ”try”
∧ . . .. . .
Site(self )∆= ncrit(self ) ∨ try(self ) ∨ enter(self ) ∨ crit(self ) ∨ exit(self )
. . .
Communicator(self )∆= chkMsg(self )
Next ∆= ∨ ∃self ∈ SiteIDs : Site(self )∨ ∃self ∈ CommunicatorIDs : Communicator(self )∨ (∧ ∀self ∈ ProcSet : pc[self ] = ”Done”∧ UNCHANGED vars
)
Spec ∆= Init ∧ 2[Next]vars
13 / 55
![Page 14: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/14.jpg)
PLUSCAL: A high-level language
TLA+: Specification languagerequires specifications in the form of formulasdifficult to write for algorithm designers
PLUSCAL: Algorithmic Languageproposed by Leslie Lamport for algorithm designersa language for modeling algorithmsgenerates TLA+ specifications for a given model
Featuresallows writing informal description of algorithmsno complicated conceptsconstructs for expressing non-determinism
Leslie Lamport. The +CAL Algorithm Language.Theoretical Aspects of Computing-ICTAC 2009, number 5684, pp. 36-60.
14 / 55
![Page 15: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/15.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL
—————————————–MODULE LamportMutex—————————————–EXTENDS Naturals, Sequences (* Modules to be imported *)CONSTANTS N, maxClock, Peers, Workers
(* - - algorithm LamportMutexvariable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]]macro send(from, to, msg) begin . . . (* Variables, define sections and macros *)process Site ∈ Peers (* Processes *)
variables clock = 1, . . .begin
start: skip;. . .
end processprocess Communicator ∈Workersbegin. . .
end processend algorithm*)\* BEGIN TRANSLATION
(* Compiler generates TLA+ formulas here. *)\* END TRANSLATION===================================================================
15 / 55
![Page 16: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/16.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL
—————————————–MODULE LamportMutex—————————————–EXTENDS Naturals, Sequences (* Modules to be imported *)CONSTANTS N, maxClock, Peers, Workers
(* - - algorithm LamportMutexvariable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]]macro send(from, to, msg) begin . . . (* Variables, define sections and macros *)process Site ∈ Peers (* Processes *)
variables clock = 1, . . .begin
start: skip;. . .
end processprocess Communicator ∈Workersbegin. . .
end processend algorithm*)\* BEGIN TRANSLATION
(* Compiler generates TLA+ formulas here. *)\* END TRANSLATION===================================================================
16 / 55
![Page 17: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/17.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL
—————————————–MODULE LamportMutex—————————————–EXTENDS Naturals, Sequences (* Modules to be imported *)CONSTANTS N, maxClock, Peers, Workers
(* - - algorithm LamportMutexvariable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]]macro send(from, to, msg) begin . . . (* Variables, define sections and macros *)process Site ∈ Peers (* Processes *)
variables clock = 1, . . .begin
start: skip;. . .
end processprocess Communicator ∈Workersbegin. . .
end processend algorithm*)\* BEGIN TRANSLATION
(* Compiler generates TLA+ formulas here. *)\* END TRANSLATION===================================================================
17 / 55
![Page 18: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/18.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL
—————————————–MODULE LamportMutex—————————————–EXTENDS Naturals, Sequences (* Modules to be imported *)CONSTANTS N, maxClock, Peers, Workers
(* - - algorithm LamportMutexvariable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]]macro send(from, to, msg) begin . . . (* Variables, define sections and macros *)process Site ∈ Peers (* Processes *)
variables clock = 1, . . .begin
start: skip;. . .
end processprocess Communicator ∈Workersbegin. . .
end processend algorithm*)\* BEGIN TRANSLATION
(* Compiler generates TLA+ formulas here. *)\* END TRANSLATION===================================================================
18 / 55
![Page 19: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/19.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL
—————————————–MODULE LamportMutex—————————————–EXTENDS Naturals, Sequences (* Modules to be imported *)CONSTANTS N, maxClock, Peers, Workers
(* - - algorithm LamportMutexvariable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]]macro send(from, to, msg) begin . . . (* Variables, define sections and macros *)process Site ∈ Peers (* Processes *)
variables clock = 1, . . .begin
start: skip;. . .
end processprocess Communicator ∈Workersbegin. . .
end processend algorithm*)\* BEGIN TRANSLATION
(* Compiler generates TLA+ formulas here. *)\* END TRANSLATION===================================================================
19 / 55
![Page 20: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/20.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL
—————————————–MODULE LamportMutex—————————————–EXTENDS Naturals, Sequences (* Modules to be imported *)CONSTANTS N, maxClock, Peers, Workers
(* - - algorithm LamportMutexvariable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]]macro send(from, to, msg) begin . . . (* Variables, define sections and macros *)process Site ∈ Peers (* Processes *)
variables clock = 1, . . .begin
start: skip;. . .
end processprocess Communicator ∈Workersbegin. . .
end processend algorithm*)\* BEGIN TRANSLATION
(* Compiler generates TLA+ formulas here. *)\* END TRANSLATION===================================================================
20 / 55
![Page 21: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/21.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL
—————————————–MODULE LamportMutex—————————————–EXTENDS Naturals, Sequences (* Modules to be imported *)CONSTANTS N, maxClock, Peers, Workers
(* - - algorithm LamportMutexvariable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]]macro send(from, to, msg) begin . . . (* Variables, define sections and macros *)process Site ∈ Peers (* Processes *)
variables clock = 1, . . .begin
start: skip;. . .
end processprocess Communicator ∈Workersbegin. . .
end processend algorithm*)\* BEGIN TRANSLATION
(* Compiler generates TLA+ formulas here. *)\* END TRANSLATION===================================================================
21 / 55
![Page 22: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/22.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL
—————————————–MODULE LamportMutex—————————————–EXTENDS Naturals, Sequences (* Modules to be imported *)CONSTANTS N, maxClock, Peers, Workers
(* - - algorithm LamportMutexvariable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]]macro send(from, to, msg) begin . . . (* Variables, define sections and macros *)process Site ∈ Peers (* Processes *)
variables clock = 1, . . .begin
start: skip;. . .
end processprocess Communicator ∈Workersbegin. . .
end processend algorithm*)\* BEGIN TRANSLATION
(* Compiler generates TLA+ formulas here. *)\* END TRANSLATION===================================================================
22 / 55
![Page 23: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/23.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL
—————————————–MODULE LamportMutex—————————————–EXTENDS Naturals, Sequences (* Modules to be imported *)CONSTANTS N, maxClock, Peers, Workers
(* - - algorithm LamportMutexvariable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]]macro send(from, to, msg) begin . . . (* Variables, define sections and macros *)process Site ∈ Peers (* Processes *)
variables clock = 1, . . .begin
start: skip;. . .
end processprocess Communicator ∈Workersbegin. . .
end processend algorithm*)\* BEGIN TRANSLATION
(* Compiler generates TLA+ formulas here. *)\* END TRANSLATION===================================================================
23 / 55
![Page 24: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/24.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL
—————————————–MODULE LamportMutex—————————————–EXTENDS Naturals, Sequences (* Modules to be imported *)CONSTANTS N, maxClock, Peers, Workers
(* - - algorithm LamportMutexvariable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]]macro send(from, to, msg) begin . . . (* Variables, define sections and macros *)process Site ∈ Peers (* Processes *)
variables clock = 1, . . .begin
start: skip;. . .
end processprocess Communicator ∈Workersbegin. . .
end processend algorithm*)\* BEGIN TRANSLATION
(* Compiler generates TLA+ formulas here. *)\* END TRANSLATION===================================================================
24 / 55
![Page 25: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/25.jpg)
Outline
1 IntroductionBackgroundMotivations for PLUSCAL-2
2 PLUSCAL-2The LanguageThe StatementsThe Compiler
3 ResultsVerification of PLUSCAL-2 algorithmsComparison with PLUSCAL
4 Summary
25 / 55
![Page 26: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/26.jpg)
Why change PLUSCAL?
Need to understand TLA+ and the compilationcannot express properties in PLUSCAL algorithmsfairness assumptions should be added in generated TLA+
specificationsLack of process hierarchy and scoping rules
impossible to express distributed algorithms naturallyall variables are considered as global variables
Restrictions in specifying atomicitylabels define atomic blocksrestrictions on label placements
Other technical limitationsno primitive for iterating over a setrestriction on multiple assignments to a variable in a block
26 / 55
![Page 27: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/27.jpg)
Outline
1 IntroductionBackgroundMotivations for PLUSCAL-2
2 PLUSCAL-2The LanguageThe StatementsThe Compiler
3 ResultsVerification of PLUSCAL-2 algorithmsComparison with PLUSCAL
4 Summary
27 / 55
![Page 28: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/28.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL-2
algorithm LamportMutexextends Naturals, Sequences (* Modules to be imported *)constants N, maxClock
variable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]] (* Variables and definitions *)definition send(from, to, msg) ∆
= . . .process Site[N] (* Processes *)
variables clock = 1, . . .fair process Communicator[1] (* subprocess Communicator *). . .end process. . .
end process
end algorithmtemporal ∀ s ∈ Site : Site[s]@enter ; Site[s]@critsection. . .(* Finite instance for model checking *)constants N = 3, maxclock = 5constraint ∀ s ∈ Site : Site[s].clock ≤ maxClock
28 / 55
![Page 29: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/29.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL-2
algorithm LamportMutexextends Naturals, Sequences (* Modules to be imported *)constants N, maxClock
variable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]] (* Variables and definitions *)definition send(from, to, msg) ∆
= . . .process Site[N] (* Processes *)
variables clock = 1, . . .fair process Communicator[1] (* subprocess Communicator *). . .end process. . .
end process
end algorithmtemporal ∀ s ∈ Site : Site[s]@enter ; Site[s]@critsection. . .(* Finite instance for model checking *)constants N = 3, maxclock = 5constraint ∀ s ∈ Site : Site[s].clock ≤ maxClock
29 / 55
![Page 30: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/30.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL-2
algorithm LamportMutexextends Naturals, Sequences (* Modules to be imported *)constants N, maxClock
variable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]] (* Variables and definitions *)definition send(from, to, msg) ∆
= . . .process Site[N] (* Processes *)
variables clock = 1, . . .fair process Communicator[1] (* subprocess Communicator *). . .end process. . .
end process
end algorithmtemporal ∀ s ∈ Site : Site[s]@enter ; Site[s]@critsection. . .(* Finite instance for model checking *)constants N = 3, maxclock = 5constraint ∀ s ∈ Site : Site[s].clock ≤ maxClock
30 / 55
![Page 31: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/31.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL-2
algorithm LamportMutexextends Naturals, Sequences (* Modules to be imported *)constants N, maxClock
variable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]] (* Variables and definitions *)definition send(from, to, msg) ∆
= . . .process Site[N] (* Processes *)
variables clock = 1, . . .fair process Communicator[1] (* subprocess Communicator *). . .end process. . .
end process
end algorithmtemporal ∀ s ∈ Site : Site[s]@enter ; Site[s]@critsection. . .(* Finite instance for model checking *)constants N = 3, maxclock = 5constraint ∀ s ∈ Site : Site[s].clock ≤ maxClock
31 / 55
![Page 32: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/32.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL-2
algorithm LamportMutexextends Naturals, Sequences (* Modules to be imported *)constants N, maxClock
variable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]] (* Variables and definitions *)definition send(from, to, msg) ∆
= . . .process Site[N] (* Processes *)
variables clock = 1, . . .fair process Communicator[1] (* subprocess Communicator *). . .end process. . .
end process
end algorithmtemporal ∀ s ∈ Site : Site[s]@enter ; Site[s]@critsection. . .(* Finite instance for model checking *)constants N = 3, maxclock = 5constraint ∀ s ∈ Site : Site[s].clock ≤ maxClock
32 / 55
![Page 33: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/33.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL-2
algorithm LamportMutexextends Naturals, Sequences (* Modules to be imported *)constants N, maxClock
variable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]] (* Variables and definitions *)definition send(from, to, msg) ∆
= . . .process Site[N] (* Processes *)
variables clock = 1, . . .fair process Communicator[1] (* subprocess Communicator *). . .end process. . .
end process
end algorithmtemporal ∀ s ∈ Site : Site[s]@enter ; Site[s]@critsection. . .(* Finite instance for model checking *)constants N = 3, maxclock = 5constraint ∀ s ∈ Site : Site[s].clock ≤ maxClock
33 / 55
![Page 34: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/34.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL-2
algorithm LamportMutexextends Naturals, Sequences (* Modules to be imported *)constants N, maxClock
variable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]] (* Variables and definitions *)definition send(from, to, msg) ∆
= . . .process Site[N] (* Processes *)
variables clock = 1, . . .fair process Communicator[1] (* subprocess Communicator *). . .end process. . .
end process
end algorithmtemporal ∀ s ∈ Site : Site[s]@enter ; Site[s]@critsection. . .(* Finite instance for model checking *)constants N = 3, maxclock = 5constraint ∀ s ∈ Site : Site[s].clock ≤ maxClock
34 / 55
![Page 35: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/35.jpg)
Lamport’s Mutual Exclusion algorithm in PLUSCAL-2
algorithm LamportMutexextends Naturals, Sequences (* Modules to be imported *)constants N, maxClock
variable network = [from ∈ Site 7→ [to ∈ Site 7→ 〈〉]] (* Variables and definitions *)definition send(from, to, msg) ∆
= . . .process Site[N] (* Processes *)
variables clock = 1, . . .fair process Communicator[1] (* subprocess Communicator *). . .end process. . .
end process
end algorithmtemporal ∀ s ∈ Site : Site[s]@enter ; Site[s]@critsection. . .(* Finite instance for model checking *)constants N = 3, maxclock = 5constraint ∀ s ∈ Site : Site[s].clock ≤ maxClock
35 / 55
![Page 36: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/36.jpg)
Outline
1 IntroductionBackgroundMotivations for PLUSCAL-2
2 PLUSCAL-2The LanguageThe StatementsThe Compiler
3 ResultsVerification of PLUSCAL-2 algorithmsComparison with PLUSCAL
4 Summary
36 / 55
![Page 37: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/37.jpg)
The PLUSCAL-2 Statements
Assignment and skip statementsAtomic construct
atomiclabel1: x := 3;label2: y := 4;
end atomicNon-deterministic choice construct: either orConditional constructs
if, when, and either from previous PLUSCAL.new construct branch, inspired by Dijkstra’s guarded commands
Iteration constructswhile, loop and for constructs
37 / 55
![Page 38: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/38.jpg)
Outline
1 IntroductionBackgroundMotivations for PLUSCAL-2
2 PLUSCAL-2The LanguageThe StatementsThe Compiler
3 ResultsVerification of PLUSCAL-2 algorithmsComparison with PLUSCAL
4 Summary
38 / 55
![Page 39: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/39.jpg)
The PLUSCAL-2 Compiler
PLUSCAL-2 ParserTranslation to intermediate format
PLUSCAL-2 algorithm
λ: while x > 4 dox := x + 1;
µ: . . .end while
ν: . . .
Intermediate format
λ: branchx > 4 then
x := x + 1; pc[self] := µ;¬(x > 4) then
pc[self] := ν;end branch
µ: . . .pc[self] := λ;
39 / 55
![Page 40: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/40.jpg)
The PLUSCAL-2 Compiler
PLUSCAL-2 ParserTranslation to intermediate format
PLUSCAL-2 algorithm
λ: while x > 4 dox := x + 1;
µ: . . .end while
ν: . . .
Intermediate format
λ: branchx > 4 then
x := x + 1; pc[self] := µ;¬(x > 4) then
pc[self] := ν;end branch
µ: . . .pc[self] := λ;
40 / 55
![Page 41: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/41.jpg)
The PLUSCAL-2 Compiler
PLUSCAL-2 ParserTranslation to intermediate format
PLUSCAL-2 algorithm
λ: while x > 4 dox := x + 1;
µ: . . .end while
ν: . . .
Intermediate format
λ: branchx > 4 then
x := x + 1; pc[self] := µ;¬(x > 4) then
pc[self] := ν;end branch
µ: . . .pc[self] := λ;
41 / 55
![Page 42: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/42.jpg)
The PLUSCAL-2 Compiler
PLUSCAL-2 ParserTranslation to intermediate format
PLUSCAL-2 algorithm
λ: while x > 4 dox := x + 1;
µ: . . .end while
ν: . . .
Intermediate format
λ: branchx > 4 then
x := x + 1; pc[self] := µ;¬(x > 4) then
pc[self] := ν;end branch
µ: . . .pc[self] := λ;
42 / 55
![Page 43: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/43.jpg)
The PLUSCAL-2 Compiler
PLUSCAL-2 ParserTranslation to intermediate format
PLUSCAL-2 algorithm
λ: while x > 4 dox := x + 1;
µ: . . .end while
ν: . . .
Intermediate format
λ: branchx > 4 then
x := x + 1; pc[self] := µ;¬(x > 4) then
pc[self] := ν;end branch
µ: . . .pc[self] := λ;
43 / 55
![Page 44: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/44.jpg)
The PLUSCAL-2 Compiler
PLUSCAL-2 ParserTranslation to intermediate format
PLUSCAL-2 algorithm
λ: while x > 4 dox := x + 1;
µ: . . .end while
ν: . . .
Intermediate format
λ: branchx > 4 then
x := x + 1; pc[self] := µ;¬(x > 4) then
pc[self] := ν;end branch
µ: . . .pc[self] := λ;
44 / 55
![Page 45: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/45.jpg)
The PLUSCAL Compiler
Generation of TLA+ codegenerates the actual TLA+ model from the list of guardedcommands
Intermediate format
λ: branchx > 4 then
x := x + 1; pc[self] := µ;¬(x > 4) then
pc[self] := ν;end branch
TLA+ code
λ(self )∆= ∧ pc[self ] = λ∧ ∨ ∧ x > 4∧ x ′ = x + 1∧ pc′ = [pc EXCEPT ![self ] = µ]∧ UNCHANGED vars \ {x , pc}∨ ∧ ¬(x > 4)∧ pc′ = [pc EXCEPT ![self ] = ν]∧ UNCHANGED vars \ {pc}
45 / 55
![Page 46: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/46.jpg)
The PLUSCAL Compiler
Generation of TLA+ codegenerates the actual TLA+ model from the list of guardedcommands
Intermediate format
λ: branchx > 4 then
x := x + 1; pc[self] := µ;¬(x > 4) then
pc[self] := ν;end branch
TLA+ code
λ(self )∆= ∧ pc[self ] = λ∧ ∨ ∧ x > 4∧ x ′ = x + 1∧ pc′ = [pc EXCEPT ![self ] = µ]∧ UNCHANGED vars \ {x , pc}∨ ∧ ¬(x > 4)∧ pc′ = [pc EXCEPT ![self ] = ν]∧ UNCHANGED vars \ {pc}
46 / 55
![Page 47: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/47.jpg)
The PLUSCAL Compiler
Generation of TLA+ codegenerates the actual TLA+ model from the list of guardedcommands
Intermediate format
λ: branchx > 4 then
x := x + 1; pc[self] := µ;¬(x > 4) then
pc[self] := ν;end branch
TLA+ code
λ(self )∆= ∧ pc[self ] = λ∧ ∨ ∧ x > 4∧ x ′ = x + 1∧ pc′ = [pc EXCEPT ![self ] = µ]∧ UNCHANGED vars \ {x , pc}∨ ∧ ¬(x > 4)∧ pc′ = [pc EXCEPT ![self ] = ν]∧ UNCHANGED vars \ {pc}
47 / 55
![Page 48: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/48.jpg)
The PLUSCAL Compiler
Generation of TLA+ codegenerates the actual TLA+ model from the list of guardedcommands
Intermediate format
λ: branchx > 4 then
x := x + 1; pc[self] := µ;¬(x > 4) then
pc[self] := ν;end branch
TLA+ code
λ(self )∆= ∧ pc[self ] = λ∧ ∨ ∧ x > 4∧ x ′ = x + 1∧ pc′ = [pc EXCEPT ![self ] = µ]∧ UNCHANGED vars \ {x , pc}∨ ∧ ¬(x > 4)∧ pc′ = [pc EXCEPT ![self ] = ν]∧ UNCHANGED vars \ {pc}
48 / 55
![Page 49: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/49.jpg)
The PLUSCAL Compiler
Generation of TLA+ codegenerates the actual TLA+ model from the list of guardedcommands
Intermediate format
λ: branchx > 4 then
x := x + 1; pc[self] := µ;¬(x > 4) then
pc[self] := ν;end branch
TLA+ code
λ(self )∆= ∧ pc[self ] = λ∧ ∨ ∧ x > 4∧ x ′ = x + 1∧ pc′ = [pc EXCEPT ![self ] = µ]∧ UNCHANGED vars \ {x , pc}∨ ∧ ¬(x > 4)∧ pc′ = [pc EXCEPT ![self ] = ν]∧ UNCHANGED vars \ {pc}
49 / 55
![Page 50: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/50.jpg)
Outline
1 IntroductionBackgroundMotivations for PLUSCAL-2
2 PLUSCAL-2The LanguageThe StatementsThe Compiler
3 ResultsVerification of PLUSCAL-2 algorithmsComparison with PLUSCAL
4 Summary
50 / 55
![Page 51: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/51.jpg)
Verification results for PLUSCAL-2 algorithms
No degradation found in the output of TLC model checkerGenerated state space doesn’t increase
More natural representation of the algorithms in PLUSCAL-2Except for the TLA+ specifications, they become less readable.Users are not supposed to read TLA+ specifications
Comparison between TLC output for PLUSCAL and PLUSCAL-2
Algorithm # proc. PLUSCAL PLUSCAL-2Peterson 2 37 23FastMutex 2 2679 2679Naimi-Trehel 3 111749 53905
51 / 55
![Page 52: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/52.jpg)
Outline
1 IntroductionBackgroundMotivations for PLUSCAL-2
2 PLUSCAL-2The LanguageThe StatementsThe Compiler
3 ResultsVerification of PLUSCAL-2 algorithmsComparison with PLUSCAL
4 Summary
52 / 55
![Page 53: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/53.jpg)
Comparison with PLUSCAL
Models have become self-containedfairness assumptions, correctness properties or model checkingconstraints can be expressed within PLUSCAL-2 algorithm
Nested processes and scoped declarationsrepresent the locality informationincrease readability of algorithmsless errors are expected while modeling an algorithm
Representation is more flexible, without losing any performancenew statements like atomic, for,...multiple assignments to same variable in a block
53 / 55
![Page 54: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/54.jpg)
Conclusions and work in progress
AchievementsEasily accessible for algorithm designersNo need to read/modify TLA+ specifications
Ongoing/Future WorkImplementation of Partial order reduction for TLC geared towardsPLUSCAL-2 algorithmsImplementation of the module for collecting locality informationIntegration of the module in PLUSCAL-2
54 / 55
![Page 55: A High-Level Language for Modeling Algorithms and their ... · Formal verification of concurrent and distributed systems Problems like deadlocks ... developed by Leslie Lamport a](https://reader034.fdocuments.net/reader034/viewer/2022050308/5f70113474e32d0905284be7/html5/thumbnails/55.jpg)
Questions!
55 / 55