Previous | 
Home
Section: New Software and Platforms
The TLA+ Proof System
Functional Description
TLAPS, the TLA+ proof system developed at the Joint MSR-Inria Centre, is a platform for developing and mechanically verifying proofs about TLA+ specifications. The TLA+ proof language is hierarchical and explicit, allowing a user to decompose the overall proof into independent proof steps. TLAPS consists of a proof manager that interprets the proof language and generates a collection of proof obligations that are sent to backend verifiers. The current backends include the tableau-based prover Zenon for first-order logic, Isabelle/TLA+, an encoding of TLA+ as an object logic in the logical framework Isabelle, an SMT backend designed for use with any SMT-lib compatible solver, and an interface to a decision procedure for propositional temporal logic.
The current version 1.4.3 of TLAPS was released in June 2015, it is distributed under a BSD-like license. The prover fully handles the non-temporal part of TLA+. Basic temporal logic reasoning is supported through an interface with a decision procedure for propositional temporal logic that performs on-the-fly abstraction of first-order subformulas. Symmetrically, subformulas whose main operator is a connective of temporal logic are abstracted before being sent to backends for first-order logic.
A complete rewrite of the proof manager has started in 2015. Its objectives are to replace the ad-hoc parser used so far with an interface to SANY, the standard parser and semantic analyzer for TLA+, to extend the scope of the fragment of TLA+ that is handled by TLAPS, and general code refactoring and performance improvements.
TLAPS has been used in several case studies in 2015, including the proof of determinacy of PharOS (section 8.1 ) and the verification of the Pastry routing protocol (section 7.2 ). These case studies feed back into the standard library of the distribution.