Verifying safety properties with the TLA+ proof system

Kaustuv Chaudhuri; Damien Doligez; Leslie Lamport; Stephan Merz

doi:10.1007/978-3-642-14203-1_12

Verifying safety properties with the TLA⁺ proof system

Kaustuv Chaudhuri, Damien Doligez, Leslie Lamport, Stephan Merz

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

TLAPS, the TLA⁺ proof system, is a platform for the development and mechanical verification of TLA⁺ proofs. The TLA⁺ proof language is declarative, and understanding proofs requires little background beyond elementary mathematics. The language supports hierarchical and non-linear proof construction and verification, and it is independent of any verification tool or strategy. Proofs are written in the same language as specifications; engineers do not have to translate their high-level designs into the language of a particular verification tool. A proof manager interprets a TLA⁺ proof as a collection of proof obligations to be verified, which it sends to backend verifiers that include theorem provers, proof assistants, SMT solvers, and decision procedures. The first public release of TLAPS is available from [1], distributed with a BSD-like license. It handles almost all the non-temporal part of TLA⁺ as well as the temporal reasoning needed to prove standard safety properties, in particular invariance and step simulation, but not liveness properties. Intuitively, a safety property asserts what is permitted to happen; a liveness property asserts what must happen; for a more formal overview, see [3,10].

Original language	English
Title of host publication	Automated Reasoning - 5th International Joint Conference, IJCAR 2010, Proceedings
Pages	142-148
Number of pages	7
DOIs	https://doi.org/10.1007/978-3-642-14203-1_12
Publication status	Published - 10 Aug 2010
Externally published	Yes
Event	5th International Joint Conference on Automated Reasoning, IJCAR 2010 - Edinburgh, United Kingdom Duration: 16 Jul 2010 → 19 Jul 2010

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6173 LNAI
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	5th International Joint Conference on Automated Reasoning, IJCAR 2010
Country/Territory	United Kingdom
City	Edinburgh
Period	16/07/10 → 19/07/10

Access to Document

10.1007/978-3-642-14203-1_12

Cite this

Chaudhuri, K., Doligez, D., Lamport, L., & Merz, S. (2010). Verifying safety properties with the TLA⁺ proof system. In Automated Reasoning - 5th International Joint Conference, IJCAR 2010, Proceedings (pp. 142-148). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6173 LNAI). https://doi.org/10.1007/978-3-642-14203-1_12

@inproceedings{1c3ea342a61c4fed9959b24ea692b5ab,

title = "Verifying safety properties with the TLA+ proof system",

abstract = "TLAPS, the TLA+ proof system, is a platform for the development and mechanical verification of TLA+ proofs. The TLA+ proof language is declarative, and understanding proofs requires little background beyond elementary mathematics. The language supports hierarchical and non-linear proof construction and verification, and it is independent of any verification tool or strategy. Proofs are written in the same language as specifications; engineers do not have to translate their high-level designs into the language of a particular verification tool. A proof manager interprets a TLA+ proof as a collection of proof obligations to be verified, which it sends to backend verifiers that include theorem provers, proof assistants, SMT solvers, and decision procedures. The first public release of TLAPS is available from [1], distributed with a BSD-like license. It handles almost all the non-temporal part of TLA+ as well as the temporal reasoning needed to prove standard safety properties, in particular invariance and step simulation, but not liveness properties. Intuitively, a safety property asserts what is permitted to happen; a liveness property asserts what must happen; for a more formal overview, see [3,10].",

author = "Kaustuv Chaudhuri and Damien Doligez and Leslie Lamport and Stephan Merz",

year = "2010",

month = aug,

day = "10",

doi = "10.1007/978-3-642-14203-1\_12",

language = "English",

isbn = "3642142028",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "142--148",

booktitle = "Automated Reasoning - 5th International Joint Conference, IJCAR 2010, Proceedings",

note = "5th International Joint Conference on Automated Reasoning, IJCAR 2010 ; Conference date: 16-07-2010 Through 19-07-2010",

}

Chaudhuri, K, Doligez, D, Lamport, L & Merz, S 2010, Verifying safety properties with the TLA⁺ proof system. in Automated Reasoning - 5th International Joint Conference, IJCAR 2010, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6173 LNAI, pp. 142-148, 5th International Joint Conference on Automated Reasoning, IJCAR 2010, Edinburgh, United Kingdom, 16/07/10. https://doi.org/10.1007/978-3-642-14203-1_12

Verifying safety properties with the TLA⁺ proof system. / Chaudhuri, Kaustuv; Doligez, Damien; Lamport, Leslie et al.
Automated Reasoning - 5th International Joint Conference, IJCAR 2010, Proceedings. 2010. p. 142-148 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6173 LNAI).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Verifying safety properties with the TLA+ proof system

AU - Chaudhuri, Kaustuv

AU - Doligez, Damien

AU - Lamport, Leslie

AU - Merz, Stephan

PY - 2010/8/10

Y1 - 2010/8/10

N2 - TLAPS, the TLA+ proof system, is a platform for the development and mechanical verification of TLA+ proofs. The TLA+ proof language is declarative, and understanding proofs requires little background beyond elementary mathematics. The language supports hierarchical and non-linear proof construction and verification, and it is independent of any verification tool or strategy. Proofs are written in the same language as specifications; engineers do not have to translate their high-level designs into the language of a particular verification tool. A proof manager interprets a TLA+ proof as a collection of proof obligations to be verified, which it sends to backend verifiers that include theorem provers, proof assistants, SMT solvers, and decision procedures. The first public release of TLAPS is available from [1], distributed with a BSD-like license. It handles almost all the non-temporal part of TLA+ as well as the temporal reasoning needed to prove standard safety properties, in particular invariance and step simulation, but not liveness properties. Intuitively, a safety property asserts what is permitted to happen; a liveness property asserts what must happen; for a more formal overview, see [3,10].

AB - TLAPS, the TLA+ proof system, is a platform for the development and mechanical verification of TLA+ proofs. The TLA+ proof language is declarative, and understanding proofs requires little background beyond elementary mathematics. The language supports hierarchical and non-linear proof construction and verification, and it is independent of any verification tool or strategy. Proofs are written in the same language as specifications; engineers do not have to translate their high-level designs into the language of a particular verification tool. A proof manager interprets a TLA+ proof as a collection of proof obligations to be verified, which it sends to backend verifiers that include theorem provers, proof assistants, SMT solvers, and decision procedures. The first public release of TLAPS is available from [1], distributed with a BSD-like license. It handles almost all the non-temporal part of TLA+ as well as the temporal reasoning needed to prove standard safety properties, in particular invariance and step simulation, but not liveness properties. Intuitively, a safety property asserts what is permitted to happen; a liveness property asserts what must happen; for a more formal overview, see [3,10].

U2 - 10.1007/978-3-642-14203-1_12

DO - 10.1007/978-3-642-14203-1_12

M3 - Conference contribution

AN - SCOPUS:77955264460

SN - 3642142028

SN - 9783642142024

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 142

EP - 148

BT - Automated Reasoning - 5th International Joint Conference, IJCAR 2010, Proceedings

T2 - 5th International Joint Conference on Automated Reasoning, IJCAR 2010

Y2 - 16 July 2010 through 19 July 2010

ER -

Chaudhuri K, Doligez D, Lamport L, Merz S. Verifying safety properties with the TLA⁺ proof system. In Automated Reasoning - 5th International Joint Conference, IJCAR 2010, Proceedings. 2010. p. 142-148. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-14203-1_12