-
Notifications
You must be signed in to change notification settings - Fork 205
/
Copy pathREADME
43 lines (34 loc) · 1.62 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Misra Reachability Algorithm
This example is built around a simple sequential algorithm by Jayadev
Misra for computing the set of nodes in a directed graph thaa are
reachable from a given node. It includes a multiprocess algorithm
that implements Misra's algorithm and TLAPS checked proofs that the
two algorithms satisfy their safety property. Proofs are in separate
modules so the algorithms can be read independently from the proofs.
Here is what each module contains, in the order one might want to read
them.
Reachable
Misra's algorithm written in PlusCal, its correctness properties, and
an informal proof of its correctness.
Reachability
The TLA+ definitions of a directed graph and reachability.
It is imported by module Reachable.
ParReach
The parallel implementation of Misra's algorithm written in PlusCal
and the TLA+ formulation of the assertion that it implements
Misra's algorithm under a suitable refinement mapping.
ReachableProofs
The TLAPS checked proofs that the algorithm of module Reachable
satisfies its desired safety property. The proof assumes some
properties of reachability in a directed graph.
ReachabilityTest
Defines operators that TLC can use to check the correctness of the
properties of directed graphs assumed by the proofs in module
ReachableProofs.
ParReachProofs
A TLAPS checked proof that the parallel algorithm of module ParReach
implements the safety part of Misra's algorithm, under the refinement
mapping defined in that module.
ReachabilityProofs
TLAPS checked proofs of the reachability properties used in the proofs
of module ReachableProofs.