Section: New Software and Platforms

TLAPS, the TLA⁺ Proof System

Functional Description

TLAPS, the TLA⁺ proof system developed at the Joint MSR-Inria Centre, is a platform for developing and mechanically verifying proofs about TLA⁺ specifications. The TLA⁺ proof language is hierarchical and explicit, allowing a user to decompose the overall proof into independent proof steps. TLAPS consists of a proof manager that interprets the proof language and generates a collection of proof obligations that are sent to backend verifiers. The current backends include the tableau-based prover Zenon for first-order logic, Isabelle/TLA⁺, an encoding of TLA⁺ as an object logic in the logical framework Isabelle, an SMT backend designed for use with any SMT-lib compatible solver, and an interface to a decision procedure for propositional temporal logic.

The current version 1.4.3 of TLAPS was released in June 2015, it is distributed under a BSD-like license. The prover fully handles the non-temporal part of TLA⁺. Basic temporal logic reasoning is supported through an interface with a decision procedure for propositional temporal logic that performs on-the-fly abstraction of first-order subformulas. Symmetrically, subformulas whose main operator is a connective of temporal logic are abstracted before being sent to backends for first-order logic.

A complete rewrite of the proof manager is ongoing. Its objectives are a cleaner interaction with the standard TLA⁺ front-ends, in particular SANY, the standard parser and semantic analyzer. This is necessary for extending the scope of the fragment of TLA⁺ that is handled by TLAPS, such as full temporal logic and module instantiation.

TLAPS has been used in several case studies, including the proof of determinacy of PharOS [21] and the verification of the Pastry routing protocol [22]. These case studies feed back into the development of the proof system and of its standard library.

• Contact: Stephan Merz

• URL: https://tla.msr-inria.inria.fr/tlaps/content/Home.html