Alloy meets TLA+: An exploratory study
Nuno Macedo, Alcino Cunha
TL;DR
This paper compares Alloy and TLA+ formal specification languages, analyzing their strengths and limitations in modeling systems with both static and dynamic properties through an example.
Contribution
It provides an exploratory analysis of Alloy and TLA+ for complex systems, highlighting their complementary capabilities and limitations.
Findings
Alloy excels at structural properties but needs ad hoc mechanisms for temporal aspects.
TLA+ effectively models temporal properties but is less suited for static structures.
Combining both can address systems with rich static and dynamic features.
Abstract
Alloy and TLA+ are two formal specification languages that are increasingly popular due to their simplicity and flexibility, as well as the effectiveness of their companion model checkers, the Alloy Analyzer and TLC, respectively. Nonetheless, while TLA+ focuses on temporal properties, Alloy is better suited to handle structural properties, requiring ad hoc mechanisms to reason about temporal properties. Thus, both have limitations in the specification and analysis of systems rich in both static and dynamic properties. This paper explores the pros and cons of these two frameworks when handling this class of systems through the step-by-step modeling, specification and verification of an example.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsFormal Methods in Verification · Software Reliability and Analysis Research · Model-Driven Software Engineering Techniques