Why Amazon Chose TLA +
نویسنده
چکیده
Since 2011, engineers at Amazon have been using TLA+ to help solve difficult design problems in critical systems. This paper describes the reasons why we chose TLA+ instead of other methods, and areas in which we would welcome further progress.
منابع مشابه
PGo: Corresponding a high-level formal specification with its implementation
Distributed systems are difficult to design and implement correctly. There is a growing interest in specification languages for distributed systems, which can be checked exhaustively or proved to satisfy certain properties. For example, Amazon uses TLA+ and PlusCal in building its web services [14]. PlusCal is a formal specification language which has simple constructs for synchronization, nond...
متن کاملA Definitional Encoding of TLA* in Isabelle/HOL
We mechanise the logic TLA∗ [8], an extension of Lamport’s Temporal Logic of Actions (TLA) [5] for specifying and reasoning about concurrent and reactive systems. Aiming at a framework for mechanising the verification of TLA (or TLA∗) specifications, this contribution reuses some elements from a previous axiomatic encoding of TLA in Isabelle/HOL by the second author [7], which has been part of ...
متن کاملOn TLA
We describe the Temporal Logic of Actions (TLA) from a logical perspective. After giving the syntax and semantics of TLA, we discuss some methods for representing reactive systems in TLA and study veriication rules. 1 The L in TLA The Temporal Logic of Actions (TLA) is a variant of temporal logic, designed for the speciication and veriication of reactive systems in terms of their actions. In th...
متن کاملA TLA+ Proof System
We describe an extension to the TLA specification language with constructs for writing proofs and a proof environment, called the Proof Manager (PM), to checks those proofs. The language and the PM support the incremental development and checking of hierarchically structured proofs. The PM translates a proof into a set of independent proof obligations and calls upon a collection of back-end pro...
متن کاملModel Checking TLA+ Specifications
TLA is a specification language for concurrent and reactive systems that combines the temporal logic TLA with full first-order logic and ZF set theory. TLC is a new model checker for debugging a TLA specification by checking invariance properties of a finite-state model of the specification. It accepts a subclass of TLA specifications that should include most descriptions of real system designs...
متن کامل