[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlaplus] Is TLA spec shorter than code?

It looks like that your major challenge is to model/specify the environment of your system.

Systems interact with their environment all the time, so it is critical to specify the environment as well.

Specifying programs in TLA+ may seem hard at first, because programming languages offer a rich set of APIs that act as an interface to the environment.

It is possible that your spec will be as large as your program (or even larger), because it looks like your spec needs to cover too many details. It looks like that you are not only interested in the algorithm inside your the program, but also in the implementation details as well.

I still think that if you specify the essence of your program carefully then it would be unlikely for your spec to be larger than your program.


AmirHossein

On Mon, Jul 1, 2019, 11:40 PM zll zbw <zbwzll@xxxxxxxxx> wrote:
Hey guys, I wrote a spec for my cache algorithm, in which I cache data per id in memory after the first read from DB.
There're two parts in my spec, part 1 is the core algorithm for handling data update and deletion in cache of my server, as well as cache expiration. part 2 is a mimic of client and DB. Each part contributed about 200 lines in the final spec.
While in the actual program, the core algorithm, as specified in part 1 of my spec, only takes 200 lines too. I also not able to think abstractly of the algorithm, because to make it right and to explore all state spaces, I have to cover every detail of the algorithm.
So my problem/question is how could TLA spec be both shorter and less detailed than the actual program.
Things that I think I did abstractly is the mimic of request/response from/to DB and client using sequence, but in actual code, the request/response code are well encapsulated, so I also only need one line for them. I think also specified cache expiration abstractly, but I don't have to write it in the actual program, since it's in a library already.
I attached the spec, please help point out where I did wrong. Thanks!

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To post to this group, send email to tlaplus@xxxxxxxxxxxxxxxx.
Visit this group at https://groups.google.com/group/tlaplus.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/7fb23501-ca11-437d-9351-b5967765815f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+unsubscribe@xxxxxxxxxxxxxxxx.
To post to this group, send email to tlaplus@xxxxxxxxxxxxxxxx.
Visit this group at https://groups.google.com/group/tlaplus.
To view this discussion on the web visit https://groups.google.com/d/msgid/tlaplus/CAKxfy0uAgiobtUqZgm44Oh%2BnQGjuhSOPeD5Zrxzf69fsJzQhmg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.