Validating Traces of Distributed Programs Against TLA+ Specifications (2404.16075v2)

Published 24 Apr 2024 in cs.PL and cs.SE

Abstract: TLA+ is a formal language for specifying systems, including distributed algorithms, that is supported by powerful verification tools. In this work we present a framework for relating traces of distributed programs to high-level specifications written in TLA+. The problem is reduced to a constrained model checking problem, realized using the TLC model checker. Our framework consists of an API for instrumenting Java programs in order to record traces of executions, of a collection of TLA+ operators that are used for relating those traces to specifications, and of scripts for running the model checker. Crucially, traces only contain updates to specification variables rather than full values, and developers may choose to trace only certain variables. We have applied our approach to several distributed programs, detecting discrepancies between the specifications and the implementations in all cases. We discuss reasons for these discrepancies, best practices for instrumenting programs, and how to interpret the verdict produced by TLC.

Citations (3)

View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Summarize Now

Related Papers

SpecGen: Automated Generation of Formal Program Specifications via Large Language Models (2024)
Contextuality in distributed systems (2022)
Whither Programs as Specifications (2019)
TLA+ Proofs (2012)
Verifying Safety Properties With the TLA+ Proof System (2010)

Tweets

https://twitter.com/DistribSystems/status/1839987305269940424

https://twitter.com/ComputerPapers/status/1783775282500870565

https://twitter.com/realmofresearch/status/1783759387804512422