tla-web
apalache
tla-web | apalache | |
---|---|---|
1 | 7 | |
56 | 411 | |
- | 2.9% | |
9.3 | 9.4 | |
6 days ago | 4 days ago | |
TLA | Scala | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
tla-web
apalache
-
Verified Rust for low-level systems code
TLA+ has also had an SMT-based backend, Apalache [1], for a few years now. In general, you encode your system model (which would be the Rust functions for Verus, the TLA model for Apalache) and your desired properties into an SMT formula, and you let the solver have a go at it. The deal is that the SMT language is quite expressive, which makes such encodings... not easy, but not impossible. And after you're done with it, you can leverage all the existing solvers that people have built.
While there is a series of "standard" techniques for encoding particular program languages features into SMT (e.g., handling higher-order functions, which SMT solves don't handle natively), the details of how you encode the model/properties are extremely specific to each formalism, and you need to be very careful to ensure that the encoding is sound. You'd need to go and read the relevant papers to see how this is done.
[1]: https://apalache.informal.systems
- Holiday protocols: secret Santa with Quint
-
Learn TLA+
Anyone know of some good free software TLA+ model checkers? The "Other Tooling" mentions one alternative checker, https://apalache.informal.systems/, but that's all I could find. Thanks.
- Apalache – Symbolic Model Checker for TLA+
-
A dependently typed language for proofs that you can implement in one day
> How are those types any different than outright stating a behavioral invariant?
Because the behavior of programs can't be verified without executing the program, but types can be checked purely based on syntax. There is way less source code than runtime states of any non-trivial program.
I've asked this same question many times, the TLA+ way is much more expressive and _simpler_. But model checking is a way harder problem than type checking, in general. SMT solvers make this line blurry - in fact, have you heard of the SMT-based model checker for TLA+, [Apalache](https://apalache.informal.systems/)?. I haven't tried it out, but that should be way faster than TLC which just brute forces the state-space exploration.
I'm totally with you about TLA+ style spec properties, but it's a big theoretical hurdle to cross before they could be as efficient as types.
- Apalache Release v0.15.1
- Apalache, a symbolic model checker for TLA+, v0.8.0 is released
What are some alternatives?
tlaplus - TLC is a model checker for specifications written in TLA+. The TLA+Toolbox is an IDE for TLA+.
Formality - A modern proof language [Moved to: https://github.com/kind-lang/Kind]
advent-of-tla - AoC goals in TLA+
BlockingQueue - Tutorial "Weeks of debugging can save you hours of TLA+". Each git commit introduces a new concept => check the git history!
suslik - Synthesis of Heap-Manipulating Programs from Separation Logic
ewd998 - Distributed termination detection on a ring, due to Shmuel Safra:
PomPom-Language - The cuteness implementation of a dependently typed language.
verus-analyzer - A Verus compiler front-end for IDEs (derived from rust-analyzer)
P - The P programming language.