hellerve/tla-notes
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

i... dont know what to commit

Browse Source
This commit is contained in:
Veit Heller
2018-12-27 16:07:37 +01:00
commit 70c944a2b7
88 changed files with 5671 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
TCommit.toolbox/Model_1_SnapShot_1545410597019/MC.cfg Normal file
View File

@@ -0,0 +1,14 @@
\* CONSTANT definitions
CONSTANT
RM <- const_154541058889823000
\* INIT definition
INIT
init_154541058889824000
\* NEXT definition
NEXT
next_154541058889825000
\* INVARIANT definition
INVARIANT
inv_154541058889826000
inv_154541058889827000
\* Generated on Fri Dec 21 17:43:08 CET 2018

27
TCommit.toolbox/Model_1_SnapShot_1545410597019/MC.tla Normal file
View File

@@ -0,0 +1,27 @@
---- MODULE MC ----
EXTENDS TCommit, TLC
\* CONSTANT definitions @modelParameterConstants:0RM
const_154541058889823000 ==
{"r1","r2","r3"}
----
\* INIT definition @modelBehaviorInit:0
init_154541058889824000 ==
TCInit
----
\* NEXT definition @modelBehaviorNext:0
next_154541058889825000 ==
TCNext
----
\* INVARIANT definition @modelCorrectnessInvariants:0
inv_154541058889826000 ==
TCTypeOK
----
\* INVARIANT definition @modelCorrectnessInvariants:1
inv_154541058889827000 ==
TCConsistent
----
=============================================================================
\* Modification History
\* Created Fri Dec 21 17:43:08 CET 2018 by veitheller

82
TCommit.toolbox/Model_1_SnapShot_1545410597019/TCommit.tla Normal file
View File

@@ -0,0 +1,82 @@
------------------------------ MODULE TCommit ------------------------------
(***************************************************************************)
(* This specification is explained in "Transaction Commit", Lecture 5 of *)
(* the TLA+ Video Course. *)
(***************************************************************************)
CONSTANT RM \* The set of participating resource managers
VARIABLE rmState \* rmState[rm] is the state of resource manager r.
-----------------------------------------------------------------------------
TCTypeOK ==
(*************************************************************************)
(* The type-correctness invariant *)
(*************************************************************************)
rmState \in [RM -> {"working", "prepared", "committed", "aborted"}]
TCInit == rmState = [r \in RM |-> "working"]
(*************************************************************************)
(* The initial predicate. *)
(*************************************************************************)
canCommit == \A r \in RM : rmState[r] \in {"prepared", "committed"}
(*************************************************************************)
(* True iff all RMs are in the "prepared" or "committed" state. *)
(*************************************************************************)
notCommitted == \A r \in RM : rmState[r] # "committed"
(*************************************************************************)
(* True iff no resource manager has decided to commit. *)
(*************************************************************************)
-----------------------------------------------------------------------------
(***************************************************************************)
(* We now define the actions that may be performed by the RMs, and then *)
(* define the complete next-state action of the specification to be the *)
(* disjunction of the possible RM actions. *)
(***************************************************************************)
Prepare(r) == /\ rmState[r] = "working"
/\ rmState' = [rmState EXCEPT ![r] = "prepared"]
Decide(r) == \/ /\ rmState[r] = "prepared"
/\ canCommit
/\ rmState' = [rmState EXCEPT ![r] = "committed"]
\/ /\ rmState[r] \in {"working", "prepared"}
/\ notCommitted
/\ rmState' = [rmState EXCEPT ![r] = "aborted"]
TCNext == \E r \in RM : Prepare(r) \/ Decide(r)
(*************************************************************************)
(* The next-state action. *)
(*************************************************************************)
-----------------------------------------------------------------------------
TCConsistent ==
(*************************************************************************)
(* A state predicate asserting that two RMs have not arrived at *)
(* conflicting decisions. It is an invariant of the specification. *)
(*************************************************************************)
\A r1, r2 \in RM : ~ /\ rmState[r1] = "aborted"
/\ rmState[r2] = "committed"
-----------------------------------------------------------------------------
(***************************************************************************)
(* The following part of the spec is not discussed in Video Lecture 5. It *)
(* will be explained in Video Lecture 8. *)
(***************************************************************************)
TCSpec == TCInit /\ [][TCNext]_rmState
(*************************************************************************)
(* The complete specification of the protocol written as a temporal *)
(* formula. *)
(*************************************************************************)
THEOREM TCSpec => [](TCTypeOK /\ TCConsistent)
(*************************************************************************)
(* This theorem asserts the truth of the temporal formula whose meaning *)
(* is that the state predicate TCTypeOK /\ TCInvariant is an invariant *)
(* of the specification TCSpec. Invariance of this conjunction is *)
(* equivalent to invariance of both of the formulas TCTypeOK and *)
(* TCConsistent. *)
(*************************************************************************)
=============================================================================
\* Modification History
\* Last modified Fri Dec 21 17:16:06 CET 2018 by veitheller
\* Created Fri Dec 21 17:15:44 CET 2018 by veitheller