apalache
quint
apalache | quint | |
---|---|---|
7 | 6 | |
410 | 586 | |
2.7% | 3.9% | |
9.4 | 9.8 | |
3 days ago | 5 days ago | |
Scala | TypeScript | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
apalache
-
Verified Rust for low-level systems code
TLA+ has also had an SMT-based backend, Apalache [1], for a few years now. In general, you encode your system model (which would be the Rust functions for Verus, the TLA model for Apalache) and your desired properties into an SMT formula, and you let the solver have a go at it. The deal is that the SMT language is quite expressive, which makes such encodings... not easy, but not impossible. And after you're done with it, you can leverage all the existing solvers that people have built.
While there is a series of "standard" techniques for encoding particular program languages features into SMT (e.g., handling higher-order functions, which SMT solves don't handle natively), the details of how you encode the model/properties are extremely specific to each formalism, and you need to be very careful to ensure that the encoding is sound. You'd need to go and read the relevant papers to see how this is done.
[1]: https://apalache.informal.systems
- Holiday protocols: secret Santa with Quint
-
Learn TLA+
Anyone know of some good free software TLA+ model checkers? The "Other Tooling" mentions one alternative checker, https://apalache.informal.systems/, but that's all I could find. Thanks.
- Apalache – Symbolic Model Checker for TLA+
-
A dependently typed language for proofs that you can implement in one day
> How are those types any different than outright stating a behavioral invariant?
Because the behavior of programs can't be verified without executing the program, but types can be checked purely based on syntax. There is way less source code than runtime states of any non-trivial program.
I've asked this same question many times, the TLA+ way is much more expressive and _simpler_. But model checking is a way harder problem than type checking, in general. SMT solvers make this line blurry - in fact, have you heard of the SMT-based model checker for TLA+, [Apalache](https://apalache.informal.systems/)?. I haven't tried it out, but that should be way faster than TLC which just brute forces the state-space exploration.
I'm totally with you about TLA+ style spec properties, but it's a big theoretical hurdle to cross before they could be as efficient as types.
- Apalache Release v0.15.1
- Apalache, a symbolic model checker for TLA+, v0.8.0 is released
quint
-
Holiday protocols: secret Santa with Quint
Hi! I wrote a blogpost exploring a formal specification in Quint [1] for the secret santa game, and verifying some of its properties with Apalache [2].
Hope you enjoy it, and any feedback is welcome. Happy holidays!
[1]: https://github.com/informalsystems/quint
-
Quint: A specification language based on the temporal logic of actions (TLA)
I can sympathize! We are aiming to maintain most of the expressive power of TLA+ -- ideally everything you need for a concise, high-high level specification, that can be simulated and/or verified -- but with surface syntax that is more approachable coming from a programming background. If you're interested in seeing how it maps to TLA+, you can find much of that in this document: https://github.com/informalsystems/quint/blob/main/doc/lang....
We still have lots of ways to improve, and -- we think -- lots of opportunities to improve our interop and complementary qualities in relation to TLA+ and TLC. But we have found the tools in their current state useful enough to be worth sharing :)
- Quint – a new language based on TLA+ with modern syntax and developer tooling
-
Programming Languages Going Above and Beyond
It's still in pretty early development, but you may be interested in https://github.com/informalsystems/quint
> It combines the robust theoretical basis of the Temporal Logic of Actions (TLA) with state-of-the-art static analysis and development tooling.
And it is typed ;)
What are some alternatives?
tlaplus - TLC is a model checker for specifications written in TLA+. The TLA+Toolbox is an IDE for TLA+.
evm-dafny - An EVM interpreter in Dafny
Formality - A modern proof language [Moved to: https://github.com/kind-lang/Kind]
TypeScript - TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
advent-of-tla - AoC goals in TLA+
BlockingQueue - Tutorial "Weeks of debugging can save you hours of TLA+". Each git commit introduces a new concept => check the git history!
ewd998 - Distributed termination detection on a ring, due to Shmuel Safra:
suslik - Synthesis of Heap-Manipulating Programs from Separation Logic
PomPom-Language - The cuteness implementation of a dependently typed language.
P - The P programming language.