i... dont know what to commit

TCommit.toolbox/.project

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>TCommit</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>toolbox.builder.TLAParserBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>toolbox.natures.TLANature</nature>
+	</natures>
+	<linkedResources>
+		<link>
+			<name>TCommit.tla</name>
+			<type>1</type>
+			<locationURI>PARENT-1-PROJECT_LOC/TCommit.tla</locationURI>
+		</link>
+	</linkedResources>
+</projectDescription>

TCommit.toolbox/.settings/org.lamport.tla.toolbox.prefs

@@ -0,0 +1,2 @@
+ProjectRootFile=PARENT-1-PROJECT_LOC/TCommit.tla
+eclipse.preferences.version=1

TCommit.toolbox/Model_1/MC.cfg

@@ -0,0 +1,14 @@
+\* CONSTANT definitions
+CONSTANT
+RM <- const_154541058889823000
+\* INIT definition
+INIT
+init_154541058889824000
+\* NEXT definition
+NEXT
+next_154541058889825000
+\* INVARIANT definition
+INVARIANT
+inv_154541058889826000
+inv_154541058889827000
+\* Generated on Fri Dec 21 17:43:08 CET 2018

TCommit.toolbox/Model_1/MC.tla

@@ -0,0 +1,27 @@
+---- MODULE MC ----
+EXTENDS TCommit, TLC
+
+\* CONSTANT definitions @modelParameterConstants:0RM
+const_154541058889823000 == 
+{"r1","r2","r3"}
+----
+
+\* INIT definition @modelBehaviorInit:0
+init_154541058889824000 ==
+TCInit
+----
+\* NEXT definition @modelBehaviorNext:0
+next_154541058889825000 ==
+TCNext
+----
+\* INVARIANT definition @modelCorrectnessInvariants:0
+inv_154541058889826000 ==
+TCTypeOK
+----
+\* INVARIANT definition @modelCorrectnessInvariants:1
+inv_154541058889827000 ==
+TCConsistent
+----
+=============================================================================
+\* Modification History
+\* Created Fri Dec 21 17:43:08 CET 2018 by veitheller

TCommit.toolbox/Model_1/TCommit.tla

@@ -0,0 +1,82 @@
+------------------------------ MODULE TCommit ------------------------------
+
+(***************************************************************************)
+(* This specification is explained in "Transaction Commit", Lecture 5 of   *)
+(* the TLA+ Video Course.                                                  *)
+(***************************************************************************)
+CONSTANT RM       \* The set of participating resource managers
+
+VARIABLE rmState  \* rmState[rm] is the state of resource manager r.
+-----------------------------------------------------------------------------
+TCTypeOK == 
+  (*************************************************************************)
+  (* The type-correctness invariant                                        *)
+  (*************************************************************************)
+  rmState \in [RM -> {"working", "prepared", "committed", "aborted"}]
+        
+TCInit ==   rmState = [r \in RM |-> "working"]
+  (*************************************************************************)
+  (* The initial predicate.                                                *)
+  (*************************************************************************)
+
+canCommit == \A r \in RM : rmState[r] \in {"prepared", "committed"}
+  (*************************************************************************)
+  (* True iff all RMs are in the "prepared" or "committed" state.          *)
+  (*************************************************************************)
+
+notCommitted == \A r \in RM : rmState[r] # "committed" 
+  (*************************************************************************)
+  (* True iff no resource manager has decided to commit.                   *)
+  (*************************************************************************)
+-----------------------------------------------------------------------------
+(***************************************************************************)
+(* We now define the actions that may be performed by the RMs, and then    *)
+(* define the complete next-state action of the specification to be the    *)
+(* disjunction of the possible RM actions.                                 *)
+(***************************************************************************)
+Prepare(r) == /\ rmState[r] = "working"
+              /\ rmState' = [rmState EXCEPT ![r] = "prepared"]
+
+Decide(r)  == \/ /\ rmState[r] = "prepared"
+                 /\ canCommit
+                 /\ rmState' = [rmState EXCEPT ![r] = "committed"]
+              \/ /\ rmState[r] \in {"working", "prepared"}
+                 /\ notCommitted
+                 /\ rmState' = [rmState EXCEPT ![r] = "aborted"]
+
+TCNext == \E r \in RM : Prepare(r) \/ Decide(r)
+  (*************************************************************************)
+  (* The next-state action.                                                *)
+  (*************************************************************************)
+-----------------------------------------------------------------------------
+TCConsistent ==  
+  (*************************************************************************)
+  (* A state predicate asserting that two RMs have not arrived at          *)
+  (* conflicting decisions.  It is an invariant of the specification.      *)
+  (*************************************************************************)
+  \A r1, r2 \in RM : ~ /\ rmState[r1] = "aborted"
+                       /\ rmState[r2] = "committed"
+-----------------------------------------------------------------------------
+(***************************************************************************)
+(* The following part of the spec is not discussed in Video Lecture 5.  It *)
+(* will be explained in Video Lecture 8.                                   *)
+(***************************************************************************)
+TCSpec == TCInit /\ [][TCNext]_rmState
+  (*************************************************************************)
+  (* The complete specification of the protocol written as a temporal      *)
+  (* formula.                                                              *)
+  (*************************************************************************)
+
+THEOREM TCSpec => [](TCTypeOK /\ TCConsistent)
+  (*************************************************************************)
+  (* This theorem asserts the truth of the temporal formula whose meaning  *)
+  (* is that the state predicate TCTypeOK /\ TCInvariant is an invariant   *)
+  (* of the specification TCSpec.  Invariance of this conjunction is       *)
+  (* equivalent to invariance of both of the formulas TCTypeOK and         *)
+  (* TCConsistent.                                                         *)
+  (*************************************************************************)
+
+=============================================================================
+\* Modification History
+\* Last modified Fri Dec 21 17:16:06 CET 2018 by veitheller
+\* Created Fri Dec 21 17:15:44 CET 2018 by veitheller

TCommit.toolbox/Model_1_SnapShot_1545410479536/MC.cfg

@@ -0,0 +1,13 @@
+\* CONSTANT definitions
+CONSTANT
+RM <- const_15454104746206000
+\* INIT definition
+INIT
+init_15454104746207000
+\* NEXT definition
+NEXT
+next_15454104746208000
+\* INVARIANT definition
+INVARIANT
+inv_15454104746209000
+\* Generated on Fri Dec 21 17:41:14 CET 2018

TCommit.toolbox/Model_1_SnapShot_1545410479536/MC.tla

@@ -0,0 +1,23 @@
+---- MODULE MC ----
+EXTENDS TCommit, TLC
+
+\* CONSTANT definitions @modelParameterConstants:0RM
+const_15454104746206000 == 
+{"r1","r2","r3"}
+----
+
+\* INIT definition @modelBehaviorInit:0
+init_15454104746207000 ==
+TCInit
+----
+\* NEXT definition @modelBehaviorNext:0
+next_15454104746208000 ==
+TCNext
+----
+\* INVARIANT definition @modelCorrectnessInvariants:0
+inv_15454104746209000 ==
+TCTypeOK
+----
+=============================================================================
+\* Modification History
+\* Created Fri Dec 21 17:41:14 CET 2018 by veitheller

TCommit.toolbox/Model_1_SnapShot_1545410479536/TCommit.tla

@@ -0,0 +1,82 @@
+------------------------------ MODULE TCommit ------------------------------
+
+(***************************************************************************)
+(* This specification is explained in "Transaction Commit", Lecture 5 of   *)
+(* the TLA+ Video Course.                                                  *)
+(***************************************************************************)
+CONSTANT RM       \* The set of participating resource managers
+
+VARIABLE rmState  \* rmState[rm] is the state of resource manager r.
+-----------------------------------------------------------------------------
+TCTypeOK == 
+  (*************************************************************************)
+  (* The type-correctness invariant                                        *)
+  (*************************************************************************)
+  rmState \in [RM -> {"working", "prepared", "committed", "aborted"}]
+        
+TCInit ==   rmState = [r \in RM |-> "working"]
+  (*************************************************************************)
+  (* The initial predicate.                                                *)
+  (*************************************************************************)
+
+canCommit == \A r \in RM : rmState[r] \in {"prepared", "committed"}
+  (*************************************************************************)
+  (* True iff all RMs are in the "prepared" or "committed" state.          *)
+  (*************************************************************************)
+
+notCommitted == \A r \in RM : rmState[r] # "committed" 
+  (*************************************************************************)
+  (* True iff no resource manager has decided to commit.                   *)
+  (*************************************************************************)
+-----------------------------------------------------------------------------
+(***************************************************************************)
+(* We now define the actions that may be performed by the RMs, and then    *)
+(* define the complete next-state action of the specification to be the    *)
+(* disjunction of the possible RM actions.                                 *)
+(***************************************************************************)
+Prepare(r) == /\ rmState[r] = "working"
+              /\ rmState' = [rmState EXCEPT ![r] = "prepared"]
+
+Decide(r)  == \/ /\ rmState[r] = "prepared"
+                 /\ canCommit
+                 /\ rmState' = [rmState EXCEPT ![r] = "committed"]
+              \/ /\ rmState[r] \in {"working", "prepared"}
+                 /\ notCommitted
+                 /\ rmState' = [rmState EXCEPT ![r] = "aborted"]
+
+TCNext == \E r \in RM : Prepare(r) \/ Decide(r)
+  (*************************************************************************)
+  (* The next-state action.                                                *)
+  (*************************************************************************)
+-----------------------------------------------------------------------------
+TCConsistent ==  
+  (*************************************************************************)
+  (* A state predicate asserting that two RMs have not arrived at          *)
+  (* conflicting decisions.  It is an invariant of the specification.      *)
+  (*************************************************************************)
+  \A r1, r2 \in RM : ~ /\ rmState[r1] = "aborted"
+                       /\ rmState[r2] = "committed"
+-----------------------------------------------------------------------------
+(***************************************************************************)
+(* The following part of the spec is not discussed in Video Lecture 5.  It *)
+(* will be explained in Video Lecture 8.                                   *)
+(***************************************************************************)
+TCSpec == TCInit /\ [][TCNext]_rmState
+  (*************************************************************************)
+  (* The complete specification of the protocol written as a temporal      *)
+  (* formula.                                                              *)
+  (*************************************************************************)
+
+THEOREM TCSpec => [](TCTypeOK /\ TCConsistent)
+  (*************************************************************************)
+  (* This theorem asserts the truth of the temporal formula whose meaning  *)
+  (* is that the state predicate TCTypeOK /\ TCInvariant is an invariant   *)
+  (* of the specification TCSpec.  Invariance of this conjunction is       *)
+  (* equivalent to invariance of both of the formulas TCTypeOK and         *)
+  (* TCConsistent.                                                         *)
+  (*************************************************************************)
+
+=============================================================================
+\* Modification History
+\* Last modified Fri Dec 21 17:16:06 CET 2018 by veitheller
+\* Created Fri Dec 21 17:15:44 CET 2018 by veitheller

TCommit.toolbox/Model_1_SnapShot_1545410497334/MC.cfg

@@ -0,0 +1,13 @@
+\* CONSTANT definitions
+CONSTANT
+RM <- const_154541048821114000
+\* INIT definition
+INIT
+init_154541048821115000
+\* NEXT definition
+NEXT
+next_154541048821116000
+\* INVARIANT definition
+INVARIANT
+inv_154541048821117000
+\* Generated on Fri Dec 21 17:41:28 CET 2018

TCommit.toolbox/Model_1_SnapShot_1545410497334/MC.tla

@@ -0,0 +1,23 @@
+---- MODULE MC ----
+EXTENDS TCommit, TLC
+
+\* CONSTANT definitions @modelParameterConstants:0RM
+const_154541048821114000 == 
+{"r1","r2","r3"}
+----
+
+\* INIT definition @modelBehaviorInit:0
+init_154541048821115000 ==
+TCInit
+----
+\* NEXT definition @modelBehaviorNext:0
+next_154541048821116000 ==
+TCNext
+----
+\* INVARIANT definition @modelCorrectnessInvariants:0
+inv_154541048821117000 ==
+TCTypeOK
+----
+=============================================================================
+\* Modification History
+\* Created Fri Dec 21 17:41:28 CET 2018 by veitheller

TCommit.toolbox/Model_1_SnapShot_1545410497334/TCommit.tla

@@ -0,0 +1,82 @@
+------------------------------ MODULE TCommit ------------------------------
+
+(***************************************************************************)
+(* This specification is explained in "Transaction Commit", Lecture 5 of   *)
+(* the TLA+ Video Course.                                                  *)
+(***************************************************************************)
+CONSTANT RM       \* The set of participating resource managers
+
+VARIABLE rmState  \* rmState[rm] is the state of resource manager r.
+-----------------------------------------------------------------------------
+TCTypeOK == 
+  (*************************************************************************)
+  (* The type-correctness invariant                                        *)
+  (*************************************************************************)
+  rmState \in [RM -> {"working", "prepared", "committed", "aborted"}]
+        
+TCInit ==   rmState = [r \in RM |-> "working"]
+  (*************************************************************************)
+  (* The initial predicate.                                                *)
+  (*************************************************************************)
+
+canCommit == \A r \in RM : rmState[r] \in {"prepared", "committed"}
+  (*************************************************************************)
+  (* True iff all RMs are in the "prepared" or "committed" state.          *)
+  (*************************************************************************)
+
+notCommitted == \A r \in RM : rmState[r] # "committed" 
+  (*************************************************************************)
+  (* True iff no resource manager has decided to commit.                   *)
+  (*************************************************************************)
+-----------------------------------------------------------------------------
+(***************************************************************************)
+(* We now define the actions that may be performed by the RMs, and then    *)
+(* define the complete next-state action of the specification to be the    *)
+(* disjunction of the possible RM actions.                                 *)
+(***************************************************************************)
+Prepare(r) == /\ rmState[r] = "working"
+              /\ rmState' = [rmState EXCEPT ![r] = "prepared"]
+
+Decide(r)  == \/ /\ rmState[r] = "prepared"
+                 /\ canCommit
+                 /\ rmState' = [rmState EXCEPT ![r] = "committed"]
+              \/ /\ rmState[r] \in {"working", "prepared"}
+                 /\ notCommitted
+                 /\ rmState' = [rmState EXCEPT ![r] = "aborted"]
+
+TCNext == \E r \in RM : Prepare(r) \/ Decide(r)
+  (*************************************************************************)
+  (* The next-state action.                                                *)
+  (*************************************************************************)
+-----------------------------------------------------------------------------
+TCConsistent ==  
+  (*************************************************************************)
+  (* A state predicate asserting that two RMs have not arrived at          *)
+  (* conflicting decisions.  It is an invariant of the specification.      *)
+  (*************************************************************************)
+  \A r1, r2 \in RM : ~ /\ rmState[r1] = "aborted"
+                       /\ rmState[r2] = "committed"
+-----------------------------------------------------------------------------
+(***************************************************************************)
+(* The following part of the spec is not discussed in Video Lecture 5.  It *)
+(* will be explained in Video Lecture 8.                                   *)
+(***************************************************************************)
+TCSpec == TCInit /\ [][TCNext]_rmState
+  (*************************************************************************)
+  (* The complete specification of the protocol written as a temporal      *)
+  (* formula.                                                              *)
+  (*************************************************************************)
+
+THEOREM TCSpec => [](TCTypeOK /\ TCConsistent)
+  (*************************************************************************)
+  (* This theorem asserts the truth of the temporal formula whose meaning  *)
+  (* is that the state predicate TCTypeOK /\ TCInvariant is an invariant   *)
+  (* of the specification TCSpec.  Invariance of this conjunction is       *)
+  (* equivalent to invariance of both of the formulas TCTypeOK and         *)
+  (* TCConsistent.                                                         *)
+  (*************************************************************************)
+
+=============================================================================
+\* Modification History
+\* Last modified Fri Dec 21 17:16:06 CET 2018 by veitheller
+\* Created Fri Dec 21 17:15:44 CET 2018 by veitheller

TCommit.toolbox/Model_1_SnapShot_1545410597019/MC.cfg

@@ -0,0 +1,14 @@
+\* CONSTANT definitions
+CONSTANT
+RM <- const_154541058889823000
+\* INIT definition
+INIT
+init_154541058889824000
+\* NEXT definition
+NEXT
+next_154541058889825000
+\* INVARIANT definition
+INVARIANT
+inv_154541058889826000
+inv_154541058889827000
+\* Generated on Fri Dec 21 17:43:08 CET 2018

TCommit.toolbox/Model_1_SnapShot_1545410597019/MC.tla

@@ -0,0 +1,27 @@
+---- MODULE MC ----
+EXTENDS TCommit, TLC
+
+\* CONSTANT definitions @modelParameterConstants:0RM
+const_154541058889823000 == 
+{"r1","r2","r3"}
+----
+
+\* INIT definition @modelBehaviorInit:0
+init_154541058889824000 ==
+TCInit
+----
+\* NEXT definition @modelBehaviorNext:0
+next_154541058889825000 ==
+TCNext
+----
+\* INVARIANT definition @modelCorrectnessInvariants:0
+inv_154541058889826000 ==
+TCTypeOK
+----
+\* INVARIANT definition @modelCorrectnessInvariants:1
+inv_154541058889827000 ==
+TCConsistent
+----
+=============================================================================
+\* Modification History
+\* Created Fri Dec 21 17:43:08 CET 2018 by veitheller

TCommit.toolbox/Model_1_SnapShot_1545410597019/TCommit.tla

@@ -0,0 +1,82 @@
+------------------------------ MODULE TCommit ------------------------------
+
+(***************************************************************************)
+(* This specification is explained in "Transaction Commit", Lecture 5 of   *)
+(* the TLA+ Video Course.                                                  *)
+(***************************************************************************)
+CONSTANT RM       \* The set of participating resource managers
+
+VARIABLE rmState  \* rmState[rm] is the state of resource manager r.
+-----------------------------------------------------------------------------
+TCTypeOK == 
+  (*************************************************************************)
+  (* The type-correctness invariant                                        *)
+  (*************************************************************************)
+  rmState \in [RM -> {"working", "prepared", "committed", "aborted"}]
+        
+TCInit ==   rmState = [r \in RM |-> "working"]
+  (*************************************************************************)
+  (* The initial predicate.                                                *)
+  (*************************************************************************)
+
+canCommit == \A r \in RM : rmState[r] \in {"prepared", "committed"}
+  (*************************************************************************)
+  (* True iff all RMs are in the "prepared" or "committed" state.          *)
+  (*************************************************************************)
+
+notCommitted == \A r \in RM : rmState[r] # "committed" 
+  (*************************************************************************)
+  (* True iff no resource manager has decided to commit.                   *)
+  (*************************************************************************)
+-----------------------------------------------------------------------------
+(***************************************************************************)
+(* We now define the actions that may be performed by the RMs, and then    *)
+(* define the complete next-state action of the specification to be the    *)
+(* disjunction of the possible RM actions.                                 *)
+(***************************************************************************)
+Prepare(r) == /\ rmState[r] = "working"
+              /\ rmState' = [rmState EXCEPT ![r] = "prepared"]
+
+Decide(r)  == \/ /\ rmState[r] = "prepared"
+                 /\ canCommit
+                 /\ rmState' = [rmState EXCEPT ![r] = "committed"]
+              \/ /\ rmState[r] \in {"working", "prepared"}
+                 /\ notCommitted
+                 /\ rmState' = [rmState EXCEPT ![r] = "aborted"]
+
+TCNext == \E r \in RM : Prepare(r) \/ Decide(r)
+  (*************************************************************************)
+  (* The next-state action.                                                *)
+  (*************************************************************************)
+-----------------------------------------------------------------------------
+TCConsistent ==  
+  (*************************************************************************)
+  (* A state predicate asserting that two RMs have not arrived at          *)
+  (* conflicting decisions.  It is an invariant of the specification.      *)
+  (*************************************************************************)
+  \A r1, r2 \in RM : ~ /\ rmState[r1] = "aborted"
+                       /\ rmState[r2] = "committed"
+-----------------------------------------------------------------------------
+(***************************************************************************)
+(* The following part of the spec is not discussed in Video Lecture 5.  It *)
+(* will be explained in Video Lecture 8.                                   *)
+(***************************************************************************)
+TCSpec == TCInit /\ [][TCNext]_rmState
+  (*************************************************************************)
+  (* The complete specification of the protocol written as a temporal      *)
+  (* formula.                                                              *)
+  (*************************************************************************)
+
+THEOREM TCSpec => [](TCTypeOK /\ TCConsistent)
+  (*************************************************************************)
+  (* This theorem asserts the truth of the temporal formula whose meaning  *)
+  (* is that the state predicate TCTypeOK /\ TCInvariant is an invariant   *)
+  (* of the specification TCSpec.  Invariance of this conjunction is       *)
+  (* equivalent to invariance of both of the formulas TCTypeOK and         *)
+  (* TCConsistent.                                                         *)
+  (*************************************************************************)
+
+=============================================================================
+\* Modification History
+\* Last modified Fri Dec 21 17:16:06 CET 2018 by veitheller
+\* Created Fri Dec 21 17:15:44 CET 2018 by veitheller

TCommit.toolbox/TCommit___Model_1.launch

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<launchConfiguration type="org.lamport.tla.toolbox.tool.tlc.modelCheck">
+    <stringAttribute key="TLCCmdLineParameters" value=""/>
+    <stringAttribute key="configurationName" value="Model_1"/>
+    <booleanAttribute key="deferLiveness" value="false"/>
+    <intAttribute key="dfidDepth" value="100"/>
+    <booleanAttribute key="dfidMode" value="false"/>
+    <intAttribute key="distributedFPSetCount" value="0"/>
+    <stringAttribute key="distributedNetworkInterface" value="172.18.172.100"/>
+    <intAttribute key="distributedNodesCount" value="1"/>
+    <stringAttribute key="distributedTLC" value="off"/>
+    <stringAttribute key="distributedTLCVMArgs" value=""/>
+    <intAttribute key="fpBits" value="1"/>
+    <intAttribute key="fpIndex" value="1"/>
+    <intAttribute key="maxHeapSize" value="25"/>
+    <intAttribute key="maxSetSize" value="1000000"/>
+    <booleanAttribute key="mcMode" value="true"/>
+    <stringAttribute key="modelBehaviorInit" value="TCInit"/>
+    <stringAttribute key="modelBehaviorNext" value="TCNext"/>
+    <stringAttribute key="modelBehaviorSpec" value=""/>
+    <intAttribute key="modelBehaviorSpecType" value="2"/>
+    <stringAttribute key="modelBehaviorVars" value="rmState"/>
+    <stringAttribute key="modelComments" value=""/>
+    <booleanAttribute key="modelCorrectnessCheckDeadlock" value="false"/>
+    <listAttribute key="modelCorrectnessInvariants">
+        <listEntry value="1TCTypeOK"/>
+        <listEntry value="1TCConsistent"/>
+    </listAttribute>
+    <listAttribute key="modelCorrectnessProperties"/>
+    <stringAttribute key="modelExpressionEval" value=""/>
+    <stringAttribute key="modelParameterActionConstraint" value=""/>
+    <listAttribute key="modelParameterConstants">
+        <listEntry value="RM;;{&quot;r1&quot;,&quot;r2&quot;,&quot;r3&quot;};0;0"/>
+    </listAttribute>
+    <stringAttribute key="modelParameterContraint" value=""/>
+    <listAttribute key="modelParameterDefinitions"/>
+    <stringAttribute key="modelParameterModelValues" value="{}"/>
+    <stringAttribute key="modelParameterNewDefinitions" value=""/>
+    <intAttribute key="numberOfWorkers" value="2"/>
+    <booleanAttribute key="recover" value="false"/>
+    <stringAttribute key="result.mail.address" value=""/>
+    <intAttribute key="simuAril" value="-1"/>
+    <intAttribute key="simuDepth" value="100"/>
+    <intAttribute key="simuSeed" value="-1"/>
+    <stringAttribute key="specName" value="TCommit"/>
+    <stringAttribute key="view" value=""/>
+    <booleanAttribute key="visualizeStateGraph" value="false"/>
+</launchConfiguration>

TCommit.toolbox/TCommit___Model_1_SnapShot_1545410479536.launch

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<launchConfiguration type="org.lamport.tla.toolbox.tool.tlc.modelCheck">
+    <stringAttribute key="TLCCmdLineParameters" value=""/>
+    <stringAttribute key="configurationName" value="Model_1_SnapShot_1545410479536"/>
+    <booleanAttribute key="deferLiveness" value="false"/>
+    <intAttribute key="dfidDepth" value="100"/>
+    <booleanAttribute key="dfidMode" value="false"/>
+    <intAttribute key="distributedFPSetCount" value="0"/>
+    <stringAttribute key="distributedNetworkInterface" value="172.18.172.100"/>
+    <intAttribute key="distributedNodesCount" value="1"/>
+    <stringAttribute key="distributedTLC" value="off"/>
+    <stringAttribute key="distributedTLCVMArgs" value=""/>
+    <intAttribute key="fpBits" value="1"/>
+    <intAttribute key="fpIndex" value="1"/>
+    <intAttribute key="maxHeapSize" value="25"/>
+    <intAttribute key="maxSetSize" value="1000000"/>
+    <booleanAttribute key="mcMode" value="true"/>
+    <stringAttribute key="modelBehaviorInit" value="TCInit"/>
+    <stringAttribute key="modelBehaviorNext" value="TCNext"/>
+    <stringAttribute key="modelBehaviorSpec" value=""/>
+    <intAttribute key="modelBehaviorSpecType" value="2"/>
+    <stringAttribute key="modelBehaviorVars" value="rmState"/>
+    <stringAttribute key="modelComments" value=""/>
+    <booleanAttribute key="modelCorrectnessCheckDeadlock" value="true"/>
+    <listAttribute key="modelCorrectnessInvariants">
+        <listEntry value="1TCTypeOK"/>
+    </listAttribute>
+    <listAttribute key="modelCorrectnessProperties"/>
+    <stringAttribute key="modelExpressionEval" value=""/>
+    <stringAttribute key="modelParameterActionConstraint" value=""/>
+    <listAttribute key="modelParameterConstants">
+        <listEntry value="RM;;{&quot;r1&quot;,&quot;r2&quot;,&quot;r3&quot;};0;0"/>
+    </listAttribute>
+    <stringAttribute key="modelParameterContraint" value=""/>
+    <listAttribute key="modelParameterDefinitions"/>
+    <stringAttribute key="modelParameterModelValues" value="{}"/>
+    <stringAttribute key="modelParameterNewDefinitions" value=""/>
+    <intAttribute key="numberOfWorkers" value="2"/>
+    <booleanAttribute key="recover" value="false"/>
+    <stringAttribute key="result.mail.address" value=""/>
+    <intAttribute key="simuAril" value="-1"/>
+    <intAttribute key="simuDepth" value="100"/>
+    <intAttribute key="simuSeed" value="-1"/>
+    <stringAttribute key="specName" value="TCommit"/>
+    <stringAttribute key="view" value=""/>
+    <booleanAttribute key="visualizeStateGraph" value="false"/>
+</launchConfiguration>

TCommit.toolbox/TCommit___Model_1_SnapShot_1545410497334.launch

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<launchConfiguration type="org.lamport.tla.toolbox.tool.tlc.modelCheck">
+    <stringAttribute key="TLCCmdLineParameters" value=""/>
+    <stringAttribute key="configurationName" value="Model_1_SnapShot_1545410497334"/>
+    <booleanAttribute key="deferLiveness" value="false"/>
+    <intAttribute key="dfidDepth" value="100"/>
+    <booleanAttribute key="dfidMode" value="false"/>
+    <intAttribute key="distributedFPSetCount" value="0"/>
+    <stringAttribute key="distributedNetworkInterface" value="172.18.172.100"/>
+    <intAttribute key="distributedNodesCount" value="1"/>
+    <stringAttribute key="distributedTLC" value="off"/>
+    <stringAttribute key="distributedTLCVMArgs" value=""/>
+    <intAttribute key="fpBits" value="1"/>
+    <intAttribute key="fpIndex" value="1"/>
+    <intAttribute key="maxHeapSize" value="25"/>
+    <intAttribute key="maxSetSize" value="1000000"/>
+    <booleanAttribute key="mcMode" value="true"/>
+    <stringAttribute key="modelBehaviorInit" value="TCInit"/>
+    <stringAttribute key="modelBehaviorNext" value="TCNext"/>
+    <stringAttribute key="modelBehaviorSpec" value=""/>
+    <intAttribute key="modelBehaviorSpecType" value="2"/>
+    <stringAttribute key="modelBehaviorVars" value="rmState"/>
+    <stringAttribute key="modelComments" value=""/>
+    <booleanAttribute key="modelCorrectnessCheckDeadlock" value="false"/>
+    <listAttribute key="modelCorrectnessInvariants">
+        <listEntry value="1TCTypeOK"/>
+    </listAttribute>
+    <listAttribute key="modelCorrectnessProperties"/>
+    <stringAttribute key="modelExpressionEval" value=""/>
+    <stringAttribute key="modelParameterActionConstraint" value=""/>
+    <listAttribute key="modelParameterConstants">
+        <listEntry value="RM;;{&quot;r1&quot;,&quot;r2&quot;,&quot;r3&quot;};0;0"/>
+    </listAttribute>
+    <stringAttribute key="modelParameterContraint" value=""/>
+    <listAttribute key="modelParameterDefinitions"/>
+    <stringAttribute key="modelParameterModelValues" value="{}"/>
+    <stringAttribute key="modelParameterNewDefinitions" value=""/>
+    <intAttribute key="numberOfWorkers" value="2"/>
+    <booleanAttribute key="recover" value="false"/>
+    <stringAttribute key="result.mail.address" value=""/>
+    <intAttribute key="simuAril" value="-1"/>
+    <intAttribute key="simuDepth" value="100"/>
+    <intAttribute key="simuSeed" value="-1"/>
+    <stringAttribute key="specName" value="TCommit"/>
+    <stringAttribute key="view" value=""/>
+    <booleanAttribute key="visualizeStateGraph" value="false"/>
+</launchConfiguration>

TCommit.toolbox/TCommit___Model_1_SnapShot_1545410597019.launch

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<launchConfiguration type="org.lamport.tla.toolbox.tool.tlc.modelCheck">
+    <stringAttribute key="TLCCmdLineParameters" value=""/>
+    <stringAttribute key="configurationName" value="Model_1_SnapShot_1545410597019"/>
+    <booleanAttribute key="deferLiveness" value="false"/>
+    <intAttribute key="dfidDepth" value="100"/>
+    <booleanAttribute key="dfidMode" value="false"/>
+    <intAttribute key="distributedFPSetCount" value="0"/>
+    <stringAttribute key="distributedNetworkInterface" value="172.18.172.100"/>
+    <intAttribute key="distributedNodesCount" value="1"/>
+    <stringAttribute key="distributedTLC" value="off"/>
+    <stringAttribute key="distributedTLCVMArgs" value=""/>
+    <intAttribute key="fpBits" value="1"/>
+    <intAttribute key="fpIndex" value="1"/>
+    <intAttribute key="maxHeapSize" value="25"/>
+    <intAttribute key="maxSetSize" value="1000000"/>
+    <booleanAttribute key="mcMode" value="true"/>
+    <stringAttribute key="modelBehaviorInit" value="TCInit"/>
+    <stringAttribute key="modelBehaviorNext" value="TCNext"/>
+    <stringAttribute key="modelBehaviorSpec" value=""/>
+    <intAttribute key="modelBehaviorSpecType" value="2"/>
+    <stringAttribute key="modelBehaviorVars" value="rmState"/>
+    <stringAttribute key="modelComments" value=""/>
+    <booleanAttribute key="modelCorrectnessCheckDeadlock" value="false"/>
+    <listAttribute key="modelCorrectnessInvariants">
+        <listEntry value="1TCTypeOK"/>
+        <listEntry value="1TCConsistent"/>
+    </listAttribute>
+    <listAttribute key="modelCorrectnessProperties"/>
+    <stringAttribute key="modelExpressionEval" value=""/>
+    <stringAttribute key="modelParameterActionConstraint" value=""/>
+    <listAttribute key="modelParameterConstants">
+        <listEntry value="RM;;{&quot;r1&quot;,&quot;r2&quot;,&quot;r3&quot;};0;0"/>
+    </listAttribute>
+    <stringAttribute key="modelParameterContraint" value=""/>
+    <listAttribute key="modelParameterDefinitions"/>
+    <stringAttribute key="modelParameterModelValues" value="{}"/>
+    <stringAttribute key="modelParameterNewDefinitions" value=""/>
+    <intAttribute key="numberOfWorkers" value="2"/>
+    <booleanAttribute key="recover" value="false"/>
+    <stringAttribute key="result.mail.address" value=""/>
+    <intAttribute key="simuAril" value="-1"/>
+    <intAttribute key="simuDepth" value="100"/>
+    <intAttribute key="simuSeed" value="-1"/>
+    <stringAttribute key="specName" value="TCommit"/>
+    <stringAttribute key="view" value=""/>
+    <booleanAttribute key="visualizeStateGraph" value="false"/>
+</launchConfiguration>