[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why Amazon Chose TLA+

With (interesting program) = Paxos, I intended "specification of (interesting program)" to mean consensus. You can use TLC to check that any model - even Liskov-Paxos - implements consensus without having to invent a refinement map. What you can't do is check that it implements Paxos (except for those cases where it does so fairly directly). 

It makes sense for someone trying to prove the correctness of Liskov-Paxos to prove that it implements Paxos. It doesn't make sense for someone who wants to check Liskov-Paxos to check that it implements Paxos, when you could instead just check that it implements consensus.

References:
- Why Amazon Chose TLA+
  - From: Chris Newcombe
- Re: Why Amazon Chose TLA+
  - From: edga . . .
- Re: Why Amazon Chose TLA+
  - From: Chris Newcombe
- Re: Why Amazon Chose TLA+
  - From: ernie . . .
- Re: Why Amazon Chose TLA+
  - From: Leslie Lamport
- Re: Why Amazon Chose TLA+
  - From: ernie . . .
- Re: Why Amazon Chose TLA+
  - From: Leslie Lamport
- Re: Why Amazon Chose TLA+
  - From: ernie . . .
- Re: Why Amazon Chose TLA+
  - From: Leslie Lamport
- Re: Why Amazon Chose TLA+
  - From: ernie . . .
- Re: Why Amazon Chose TLA+
  - From: Leslie Lamport

Prev by Date: Re: Why Amazon Chose TLA+
Next by Date: Re: Meeting of the TLA+ community at ABZ 2014
Previous by thread: Re: Why Amazon Chose TLA+
Next by thread: Re: Why Amazon Chose TLA+
Index(es):
- Date
- Thread