diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.pdf index 686d236..d5206c4 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.tla index 6c636db..b419ec5 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.tla @@ -33,33 +33,16 @@ Init == /\ sbuf = [c \in Client |-> <<>>] /\ srec = [c \in Client |-> 0] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) DoOp(c, op) == /\ state' = [state EXCEPT ![c] = Apply(op, @)] /\ cbuf' = [cbuf EXCEPT ![c] = Append(@, op)] /\ crec' = [crec EXCEPT ![c] = 0] /\ Comm(Msg)!CSend([c |-> c, ack |-> crec[c], op |-> op]) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - Do(c) == - /\ \/ DoIns(c) - \/ DoDel(c) + /\ DoInt(DoOp, c) /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -Client c \in Client receives a message from the Server. -*) + Rev(c) == /\ Comm(Msg)!CRev(c) /\ crec' = [crec EXCEPT ![c] = @ + 1] @@ -70,11 +53,9 @@ Rev(c) == xcBuf == XformOpsOp(Xform, cShiftedBuf, m.op) IN /\ cbuf' = [cbuf EXCEPT ![c] = xcBuf] /\ state' = [state EXCEPT ![c] = Apply(xop, @)] - /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -The Server receives a message. -*) + /\ RevInt(c) + /\ UNCHANGED <> + SRev == /\ Comm(Msg)!SRev /\ LET m == Head(sincoming) @@ -89,7 +70,8 @@ SRev == IF cl = c THEN xcBuf ELSE Append(sbuf[cl], xop)] /\ state' = [state EXCEPT ![Server] = Apply(xop, @)] /\ Comm(Msg)!SSend(c, [cl \in Client |-> [ack |-> srec[cl], op |-> xop]]) - /\ UNCHANGED <> + /\ SRevInt + /\ UNCHANGED <> ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) @@ -106,5 +88,5 @@ QC == \* Quiescent Consistency THEOREM Spec => []QC ============================================================================= \* Modification History -\* Last modified Sun Dec 30 16:02:35 CST 2018 by hengxin -\* Created Sat Jun 23 17:14:18 CST 2018 by hengxin \ No newline at end of file +\* Last modified Mon Dec 31 21:02:17 CST 2018 by hengxin +\* Created Satchins, Jun 23 17:14:18 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter.pdf index 686d236..d5206c4 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter.tex index 696d7df..fc7acb0 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter.tex @@ -1031,159 +1031,125 @@ \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{16.4} \.{\land} srec\@s{2.70} \.{=} [ c \.{\in} Client \.{\mapsto} 0 ]}% \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Client \ensuremath{c \.{\in} Client} issues an operation \ensuremath{op}. -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}} DoOp ( c ,\, op ) + \@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}} DoOp ( c ,\, op ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}}\@s{26.06} \.{\land} state + \@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}}\@s{26.06} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ c ] \.{=} Apply ( op ,\, @ ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 41\hspace{1em}}\@s{26.06} \.{\land} cbuf + \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}}\@s{26.06} \.{\land} cbuf \.{'} \.{=} [ cbuf {\EXCEPT} {\bang} [ c ] \.{=} Append ( @ ,\, op ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}}\@s{26.06} \.{\land} crec + \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}}\@s{26.06} \.{\land} crec \.{'}\@s{2.19} \.{=} [ crec {\EXCEPT} {\bang} [ c ]\@s{2.19} \.{=} 0 ]}% - \@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{26.06} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}}\@s{26.06} \.{\land} Comm ( Msg ) {\bang} CSend ( [ c \.{\mapsto} c ,\, ack \.{\mapsto} crec [ c ] ,\, op \.{\mapsto} op ] )}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}} DoIns ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}}\@s{16.4} \E\, ins \.{\in} \{ - op \.{\in} Ins \.{:} op . pos \.{\in} 1 \.{\dotdot} ( Len ( state [ c ] ) - \.{+} 1 ) \.{\land} op . ch \.{\in} chins \.{\land} op . pr \.{=} Priority [ - c ] \} \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, ins )}% - \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{27.72} \.{\land} chins - \.{'} \.{=} chins \.{\,\backslash\,} \{ ins . ch \}}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}} DoDel ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}\@s{16.4} \E\, del \.{\in} \{ - op \.{\in} Del \.{:} op . pos \.{\in} 1 \.{\dotdot} Len ( state [ c ] ) \} - \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, del )}% - \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{27.72} \.{\land} - {\UNCHANGED} chins}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}} Do ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{22.34} \.{\land} \.{\lor} - DoIns ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{33.45} \.{\lor} DoDel ( c - )}% - \@x{\makebox[0pt][r]{\scriptsize 58\hspace{1em}}\@s{22.34} \.{\land} +\@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}} Do ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{22.34} \.{\land} DoInt ( + DoOp ,\, c )}% + \@x{\makebox[0pt][r]{\scriptsize 44\hspace{1em}}\@s{22.34} \.{\land} {\UNCHANGED} {\langle} sbuf ,\, srec {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% - Client \ensuremath{c \.{\in} Client} receives a message from the - \ensuremath{Server}. -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}} Rev ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}}\@s{20.94} \.{\land} Comm ( +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}} Rev ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{20.94} \.{\land} Comm ( Msg ) {\bang} CRev ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}}\@s{20.94} \.{\land} crec + \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{20.94} \.{\land} crec \.{'} \.{=} [ crec {\EXCEPT} {\bang} [ c ] \.{=} @ \.{+} 1 ]}% - \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{20.94} \.{\land} \.{\LET} + \@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}}\@s{20.94} \.{\land} \.{\LET} m \.{\defeq} Head ( cincoming [ c ] )}% - \@x{\makebox[0pt][r]{\scriptsize 67\hspace{1em}}\@s{52.45} cBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}}\@s{52.45} cBuf \.{\defeq} cbuf [ c ]}% - \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}}\@s{52.45} cShiftedBuf + \@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}\@s{52.45} cShiftedBuf \.{\defeq} SubSeq ( cBuf ,\, m . ack \.{+} 1 ,\, Len ( cBuf ) )}% - \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{52.45} xop \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}}\@s{52.45} xop \.{\defeq} XformOpOps ( Xform ,\, m . op ,\, cShiftedBuf )}% - \@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}}\@s{56.55} xcBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{56.55} xcBuf \.{\defeq} XformOpsOp ( Xform ,\, cShiftedBuf ,\, m . op )}% - \@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}\@s{36.15} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{36.15} \.{\IN} \.{\land} cbuf \.{'} \.{=} [ cbuf {\EXCEPT} {\bang} [ c ] \.{=} xcBuf ]}% - \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{56.55} \.{\land} state + \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{56.55} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ c ] \.{=} Apply ( xop ,\, @ ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}\@s{20.94} \.{\land} - {\UNCHANGED} {\langle} chins ,\, sbuf ,\, srec {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 74\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -The \ensuremath{Server} receives a message. -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 78\hspace{1em}} SRev \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}}\@s{16.4} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{20.94} \.{\land} RevInt ( + c )}% + \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{20.94} \.{\land} + {\UNCHANGED} {\langle} sbuf ,\, srec {\rangle}}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}} SRev \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}}\@s{16.4} \.{\land} Comm ( Msg ) {\bang} SRev}% - \@x{\makebox[0pt][r]{\scriptsize 80\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} + \@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} m \.{\defeq} Head ( sincoming )}% - \@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}}\@s{47.91} c\@s{3.77} + \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}}\@s{47.91} c\@s{3.77} \.{\defeq} m . c}% - \@x{\makebox[0pt][r]{\scriptsize 82\hspace{1em}}\@s{47.91} cBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}}\@s{47.91} cBuf \.{\defeq} sbuf [ c ]}% - \@x{\makebox[0pt][r]{\scriptsize 83\hspace{1em}}\@s{47.91} cShiftedBuf + \@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}}\@s{47.91} cShiftedBuf \.{\defeq} SubSeq ( cBuf ,\, m . ack \.{+} 1 ,\, Len ( cBuf ) )}% - \@x{\makebox[0pt][r]{\scriptsize 84\hspace{1em}}\@s{47.91} xop \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}}\@s{47.91} xop \.{\defeq} XformOpOps ( Xform ,\, m . op ,\, cShiftedBuf )}% - \@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}}\@s{52.01} xcBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{52.01} xcBuf \.{\defeq} XformOpsOp ( Xform ,\, cShiftedBuf ,\, m . op )}% - \@x{\makebox[0pt][r]{\scriptsize 86\hspace{1em}}\@s{31.61} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 67\hspace{1em}}\@s{31.61} \.{\IN} \.{\land} srec \.{'}\@s{2.19} \.{=} [ cl \.{\in} Client \.{\mapsto}}% - \@x{\makebox[0pt][r]{\scriptsize 87\hspace{1em}}\@s{117.66} {\IF} cl \.{=} c + \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}}\@s{117.66} {\IF} cl \.{=} c \.{\THEN} srec [ cl ] \.{+} 1 \.{\ELSE} 0 ]}% - \@x{\makebox[0pt][r]{\scriptsize 88\hspace{1em}}\@s{52.01} \.{\land} sbuf + \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{52.01} \.{\land} sbuf \.{'} \.{=} [ cl \.{\in} Client \.{\mapsto}}% - \@x{\makebox[0pt][r]{\scriptsize 89\hspace{1em}}\@s{117.66} {\IF} cl \.{=} c + \@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}}\@s{117.66} {\IF} cl \.{=} c \.{\THEN} xcBuf \.{\ELSE} Append ( sbuf [ cl ] ,\, xop ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 90\hspace{1em}}\@s{52.01} \.{\land} state + \@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}\@s{52.01} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ Server ] \.{=} Apply ( xop ,\, @ ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 91\hspace{1em}}\@s{52.01} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{52.01} \.{\land} Comm ( Msg ) {\bang} SSend ( c ,\, [ cl \.{\in} Client \.{\mapsto} [ ack \.{\mapsto} srec [ cl ] ,\, op \.{\mapsto} xop ] ] )}% - \@x{\makebox[0pt][r]{\scriptsize 92\hspace{1em}}\@s{16.4} \.{\land} - {\UNCHANGED} {\langle} chins ,\, cbuf ,\, crec {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 93\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 94\hspace{1em}} Next \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 95\hspace{1em}}\@s{16.4} \.{\lor} \E\, c +\@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}\@s{16.4} \.{\land} SRevInt}% + \@x{\makebox[0pt][r]{\scriptsize 74\hspace{1em}}\@s{16.4} \.{\land} + {\UNCHANGED} {\langle} cbuf ,\, crec {\rangle}}% +\@x{\makebox[0pt][r]{\scriptsize 75\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 76\hspace{1em}} Next \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}}\@s{16.4} \.{\lor} \E\, c \.{\in} Client \.{:} Do ( c ) \.{\lor} Rev ( c )}% -\@x{\makebox[0pt][r]{\scriptsize 96\hspace{1em}}\@s{16.4} \.{\lor} SRev}% +\@x{\makebox[0pt][r]{\scriptsize 78\hspace{1em}}\@s{16.4} \.{\lor} SRev}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 98\hspace{1em}} Fairness \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 80\hspace{1em}} Fairness \.{\defeq}}% \@y{\@s{0}% There is no requirement that the clients ever generate operations. }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 99\hspace{1em}}\@s{16.4} {\WF}_{ vars} ( + \@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}}\@s{16.4} {\WF}_{ vars} ( SRev \.{\lor} \E\, c \.{\in} Client \.{:} Rev ( c ) )}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 101\hspace{1em}} Spec \.{\defeq} Init + \@x{\makebox[0pt][r]{\scriptsize 83\hspace{1em}} Spec \.{\defeq} Init \.{\land} {\Box} [ Next ]_{ vars}}% \@y{\@s{0}% \ensuremath{\.{\land} Fairness }}% \@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 102\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 103\hspace{1em}} QC \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 84\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}} QC \.{\defeq}}% \@y{\@s{0}% Quiescent Consistency }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 104\hspace{1em}}\@s{20.37} Comm ( Msg ) + \@x{\makebox[0pt][r]{\scriptsize 86\hspace{1em}}\@s{20.37} Comm ( Msg ) {\bang} EmptyChannel \.{\implies} Cardinality ( Range ( state ) ) \.{=} 1}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 106\hspace{1em}} {\THEOREM} Spec - \.{\implies} {\Box} QC}% -\@x{\makebox[0pt][r]{\scriptsize 107\hspace{1em}}}\bottombar\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 88\hspace{1em}} {\THEOREM} Spec \.{\implies} + {\Box} QC}% +\@x{\makebox[0pt][r]{\scriptsize 89\hspace{1em}}}\bottombar\@xx{}% \setboolean{shading}{false} \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Modification History \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Last modified Sun \ensuremath{Dec} 30 - 16:02:35 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} + \ensuremath{Dec} 31 21:02:17 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Created Sat \ensuremath{Jun} 23 17:14:18 - \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}}* Created \ensuremath{Satchins}, Jun 23 + 17:14:18 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \end{lcom}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter___QC.launch b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter___QC.launch index 206e787..d1e8f80 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter___QC.launch +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/AJupiter___QC.launch @@ -6,7 +6,7 @@ - + @@ -20,7 +20,7 @@ - + diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/AJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/AJupiter.tla index 0618b0c..b419ec5 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/AJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/AJupiter.tla @@ -4,20 +4,18 @@ Specification of the Jupiter protocol presented by Hagit Attiya and others. *) EXTENDS JupiterInterface ----------------------------------------------------------------------------- -(* -Messages between the Server and the Clients. -*) -Msg == [c: Client, ack: Int, op: Op \cup {Nop}] \cup \* messages sent to the Server from a client c \in Client - [ack: Int, op: Op \cup {Nop}] \* messages broadcast to Clients from the Server ------------------------------------------------------------------------------ VARIABLES - cbuf, \* cbuf[c]: buffer (of operations) at the client c \in Client - crec, \* crec[c]: the number of new messages have been received by the client c \in Client - \* since the last time a message was sent - sbuf, \* sbuf[c]: buffer (of operations) at the Server, one per client c \in Client - srec \* srec[c]: the number of new messages have been ..., one per client c \in Client + cbuf, \* cbuf[c]: buffer for locally generated operations at client c \in Client + crec, \* crec[c]: number of remote operations received by client c \in Client + \* since the last time a local operation was generated + sbuf, \* sbuf[c]: buffer for transformed remote operations w.r.t client c \in Client + srec \* srec[c]: number of locally generated operations by client c \in Client + \* since the last time a remote operation was transformed at the Server vars == <> + +Msg == [c: Client, ack: Int, op: Op \cup {Nop}] \cup \* messages sent to the Server from a client c \in Client + [ack: Int, op: Op \cup {Nop}] \* messages broadcast to Clients from the Server ----------------------------------------------------------------------------- TypeOK == /\ TypeOKInt @@ -35,85 +33,60 @@ Init == /\ sbuf = [c \in Client |-> <<>>] /\ srec = [c \in Client |-> 0] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) DoOp(c, op) == /\ state' = [state EXCEPT ![c] = Apply(op, @)] /\ cbuf' = [cbuf EXCEPT ![c] = Append(@, op)] /\ crec' = [crec EXCEPT ![c] = 0] /\ Comm(Msg)!CSend([c |-> c, ack |-> crec[c], op |-> op]) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - Do(c) == - /\ \/ DoIns(c) - \/ DoDel(c) + /\ DoInt(DoOp, c) /\ UNCHANGED <> -(* -Client c \in Client receives a message from the Server. -*) + Rev(c) == /\ Comm(Msg)!CRev(c) /\ crec' = [crec EXCEPT ![c] = @ + 1] /\ LET m == Head(cincoming[c]) - cBuf == cbuf[c] \* the buffer at client c \in Client - cShiftedBuf == SubSeq(cBuf, m.ack + 1, Len(cBuf)) \* buffer shifted - xop == XformOpOps(Xform, m.op, cShiftedBuf) \* transform op vs. shifted buffer - xcBuf == XformOpsOp(Xform, cShiftedBuf, m.op) \* transform shifted buffer vs. op + cBuf == cbuf[c] + cShiftedBuf == SubSeq(cBuf, m.ack + 1, Len(cBuf)) + xop == XformOpOps(Xform, m.op, cShiftedBuf) + xcBuf == XformOpsOp(Xform, cShiftedBuf, m.op) IN /\ cbuf' = [cbuf EXCEPT ![c] = xcBuf] - /\ state' = [state EXCEPT ![c] = Apply(xop, @)] \* apply the transformed operation xop - /\ UNCHANGED <> -(* -The Server receives a message. -*) + /\ state' = [state EXCEPT ![c] = Apply(xop, @)] + /\ RevInt(c) + /\ UNCHANGED <> + SRev == /\ Comm(Msg)!SRev - /\ LET m == Head(sincoming) \* the message to handle with - c == m.c \* the client c \in Client that sends this message - cBuf == sbuf[c] \* the buffer at the Server for client c \in Client - cShiftedBuf == SubSeq(cBuf, m.ack + 1, Len(cBuf)) \* buffer shifted - xop == XformOpOps(Xform, m.op, cShiftedBuf) \* transform op vs. shifted buffer - xcBuf == XformOpsOp(Xform, cShiftedBuf, m.op) \* transform shifted buffer vs. op + /\ LET m == Head(sincoming) + c == m.c + cBuf == sbuf[c] + cShiftedBuf == SubSeq(cBuf, m.ack + 1, Len(cBuf)) + xop == XformOpOps(Xform, m.op, cShiftedBuf) + xcBuf == XformOpsOp(Xform, cShiftedBuf, m.op) IN /\ srec' = [cl \in Client |-> - IF cl = c - THEN srec[cl] + 1 \* receive one more operation from client c \in Client - ELSE 0] \* reset srec for other clients than c \in Client + IF cl = c THEN srec[cl] + 1 ELSE 0] /\ sbuf' = [cl \in Client |-> - IF cl = c - THEN xcBuf \* transformed buffer for client c \in Client - ELSE Append(sbuf[cl], xop)] \* store transformed xop into other clients' bufs - /\ state' = [state EXCEPT ![Server] = Apply(xop, @)] \* apply the transformed operation + IF cl = c THEN xcBuf ELSE Append(sbuf[cl], xop)] + /\ state' = [state EXCEPT ![Server] = Apply(xop, @)] /\ Comm(Msg)!SSend(c, [cl \in Client |-> [ack |-> srec[cl], op |-> xop]]) - /\ UNCHANGED <> + /\ SRevInt + /\ UNCHANGED <> ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) \/ SRev -(* -Fairness: There is no requirement that the clients ever generate operations. -*) -Fairness == + +Fairness == \* There is no requirement that the clients ever generate operations. WF_vars(SRev \/ \E c \in Client: Rev(c)) Spec == Init /\ [][Next]_vars \* /\ Fairness ----------------------------------------------------------------------------- -(* -Quiescent Consistency (QC) -*) -QC == +QC == \* Quiescent Consistency Comm(Msg)!EmptyChannel => Cardinality(Range(state)) = 1 THEOREM Spec => []QC ============================================================================= \* Modification History -\* Last modified Fri Dec 28 15:56:30 CST 2018 by hengxin -\* Created Sat Jun 23 17:14:18 CST 2018 by hengxin \ No newline at end of file +\* Last modified Mon Dec 31 21:02:17 CST 2018 by hengxin +\* Created Satchins, Jun 23 17:14:18 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/CSComm.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/CSComm.tla index 7a0691d..7cd4728 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/CSComm.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/CSComm.tla @@ -5,9 +5,9 @@ Specification of communication in a Client-Server system model. EXTENDS SequenceUtils ----------------------------------------------------------------------------- CONSTANTS - Client, \* the set of clients - Server, \* the (unique) server - Msg \* the set of possible messages + Client, \* the set of clients + Server, \* the (unique) server + Msg \* the set of messages ----------------------------------------------------------------------------- VARIABLES cincoming, \* cincoming[c]: incoming channel at client c \in Client @@ -23,44 +23,32 @@ Init == EmptyChannel == Init ----------------------------------------------------------------------------- -(* -A client sends a message msg to the Server. -*) -CSend(msg) == +CSend(msg) == \* A client sends a message msg to the Server. /\ sincoming' = Append(sincoming, msg) /\ UNCHANGED cincoming -(* -Client c receives a message from the Server. -*) -CRev(c) == + +CRev(c) == \* Client c receives and consumes a message from the Server. /\ cincoming[c] # <<>> - /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] \* consume a message + /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] /\ UNCHANGED sincoming ----------------------------------------------------------------------------- (* SRev/SSend below is often used as a subaction. No UNCHANGED in their definitions. *) -(* -The Server receives a message. -*) -SRev == +SRev == \* The Server receives and consumes a message. /\ sincoming # <<>> - /\ sincoming' = Tail(sincoming) \* consume a message -(* -The Server sents a message cmsg to each client other than c \in Client. -*) -SSend(c, cmsg) == + /\ sincoming' = Tail(sincoming) + +SSend(c, cmsg) == \* The Server sents a message cmsg to each client other than c \in Client. /\ cincoming' = [cl \in Client |-> IF cl = c THEN cincoming[cl] ELSE Append(cincoming[cl], cmsg[cl])] -(* -The Server broadcasts the same message msg to all Clients other than c \in Client. -*) -SSendSame(c, msg) == + +SSendSame(c, msg) == \* The Server broadcasts the message msg to all clients other than c \in Client. /\ SSend(c, [cl \in Client |-> msg]) ============================================================================= \* Modification History -\* Last modified Tue Dec 04 20:49:02 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:04:29 CST 2018 by hengxin \* Created Sun Jun 24 10:25:34 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/JupiterInterface.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/JupiterInterface.tla index d39304a..148bcf2 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/JupiterInterface.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/JupiterInterface.tla @@ -6,9 +6,9 @@ the interface of a family of Jupiter specs. EXTENDS Integers, SequenceUtils, OT ----------------------------------------------------------------------------- CONSTANTS + Char, \* the set of characters Client, \* the set of client replicas Server, \* the (unique) server replica - Char, \* the set of characters allowed to be inserted InitState \* the initial state of each replica ASSUME \* We assume that all inserted elements are unique. @@ -32,14 +32,6 @@ MaxLen == Cardinality(Char) + Len(InitState) \* the max length of lists in any s ClientNum == Cardinality(Client) Priority == CHOOSE f \in [Client -> 1 .. ClientNum] : Injective(f) ----------------------------------------------------------------------------- -TypeOKInt == - /\ state \in [Replica -> List] - /\ chins \subseteq Char - -InitInt == - /\ state = [r \in Replica |-> InitState] - /\ chins = Char ------------------------------------------------------------------------------ (* The set of all operations. Note: The positions are indexed from 1. *) @@ -48,7 +40,37 @@ Del == [type: {"Del"}, pos: 1 .. MaxLen] Ins == [type: {"Ins"}, pos: 1 .. (MaxLen + 1), ch: Char, pr: 1 .. ClientNum] \* pr: priority Op == Ins \cup Del \* Now we don't consider Rd operations +----------------------------------------------------------------------------- +TypeOKInt == + /\ state \in [Replica -> List] + /\ chins \subseteq Char + +InitInt == + /\ state = [r \in Replica |-> InitState] + /\ chins = Char + +DoIns(DoOp(_, _), c) == \* Client c \in Client generates an "Ins" operation. + \E ins \in {op \in Ins: + /\ op.pos \in 1 .. (Len(state[c]) + 1) + /\ op.ch \in chins /\ op.pr = Priority[c]}: + /\ DoOp(c, ins) + /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. + +DoDel(DoOp(_, _), c) == \* Client c \in Client generates a "Del" operation. + \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: + /\ DoOp(c, del) + /\ UNCHANGED chins + +DoInt(DoOp(_, _), c) == \* Client c \in Client issues an operation. + \/ DoIns(DoOp, c) + \/ DoDel(DoOp, c) + +RevInt(c) == \* Client c \in Client receives a message from the Server. + /\UNCHANGED chins + +SRevInt == \* The Server receives a message. + /\ UNCHANGED chins ============================================================================= \* Modification History -\* Last modified Wed Dec 12 20:20:43 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:25 CST 2018 by hengxin \* Created Tue Dec 04 19:01:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/MC.cfg b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/MC.cfg index 8e91bd9..b698a63 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/MC.cfg +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/MC.cfg @@ -8,24 +8,24 @@ a = a b = b \* MV CONSTANT definitions CONSTANT -Client <- const_1545983864728191000 +Client <- const_154626143550144000 \* MV CONSTANT definitions CONSTANT -Char <- const_1545983864728192000 +Char <- const_154626143550145000 \* CONSTANT declarations CONSTANT Server = Server \* SYMMETRY definition -SYMMETRY symm_1545983864728193000 +SYMMETRY symm_154626143550146000 \* CONSTANT definitions CONSTANT -InitState <- const_1545983864728194000 +InitState <- const_154626143550147000 \* CONSTANT definition CONSTANT Nop = Nop \* SPECIFICATION definition SPECIFICATION -spec_1545983864728196000 +spec_154626143550149000 \* INVARIANT definition INVARIANT -inv_1545983864728197000 -\* Generated on Fri Dec 28 15:57:44 CST 2018 \ No newline at end of file +inv_154626143550150000 +\* Generated on Mon Dec 31 21:03:55 CST 2018 \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/MC.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/MC.tla index 295a0d7..eef0460 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/MC.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/MC.tla @@ -12,33 +12,33 @@ a, b ---- \* MV CONSTANT definitions Client -const_1545983864728191000 == +const_154626143550144000 == {c1, c2} ---- \* MV CONSTANT definitions Char -const_1545983864728192000 == +const_154626143550145000 == {a, b} ---- \* SYMMETRY definition -symm_1545983864728193000 == -Permutations(const_1545983864728192000) +symm_154626143550146000 == +Permutations(const_154626143550145000) ---- \* CONSTANT definitions @modelParameterConstants:2InitState -const_1545983864728194000 == +const_154626143550147000 == <<>> ---- \* SPECIFICATION definition @modelBehaviorSpec:0 -spec_1545983864728196000 == +spec_154626143550149000 == Spec ---- \* INVARIANT definition @modelCorrectnessInvariants:0 -inv_1545983864728197000 == +inv_154626143550150000 == QC ---- ============================================================================= \* Modification History -\* Created Fri Dec 28 15:57:44 CST 2018 by hengxin +\* Created Mon Dec 31 21:03:55 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/OT.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/OT.tla index a8dacd0..4980ff3 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/OT.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/OT.tla @@ -1,21 +1,11 @@ --------------------------------- MODULE OT --------------------------------- -(***************************************************************************) -(* Specification of OT (Operational Transformation) functions. *) -(* It consists of the basic OT functions for two operations and *) -(* more general ones involving operation sequences. *) -(***************************************************************************) +(* +This module contains the basic OT (Operational Transformation) functions +for two operations and general ones involving operation sequences. +*) EXTENDS OpOperators, SetUtils ----------------------------------------------------------------------------- -(***************************************************************************) -(* OT (Operational Transformation) functions. *) -(* *) -(* Naming convention: I for "Ins" and D for "Del". *) -(***************************************************************************) - -(***************************************************************************) -(* The left "Ins" lins transformed against the right "Ins" rins. *) -(***************************************************************************) -XformII(lins, rins) == +XformII(lins, rins) == \* lins is transformed against rins IF lins.pos < rins.pos THEN lins ELSE IF lins.pos > rins.pos @@ -25,84 +15,59 @@ XformII(lins, rins) == ELSE IF lins.pr > rins.pr THEN [lins EXCEPT !.pos = @+1] ELSE lins -(***************************************************************************) -(* The left "Ins" ins transformed against the right "Del" del. *) -(***************************************************************************) -XformID(ins, del) == + +XformID(ins, del) == \* ins is transformed against del IF ins.pos <= del.pos THEN ins ELSE [ins EXCEPT !.pos = @-1] -(***************************************************************************) -(* The left "Del" del transformed against the right "Ins" ins. *) -(***************************************************************************) -XformDI(del, ins) == + +XformDI(del, ins) == \* del is transformed against ins IF del.pos < ins.pos THEN del ELSE [del EXCEPT !.pos = @+1] -(***************************************************************************) -(* The left "Del" ldel transformed against the right "Del" rdel. *) -(***************************************************************************) -XformDD(ldel, rdel) == + +XformDD(ldel, rdel) == \* ldel is transformed against rdel IF ldel.pos < rdel.pos THEN ldel ELSE IF ldel.pos > rdel.pos THEN [ldel EXCEPT !.pos = @-1] ELSE Nop ------------------------------------------------------------------------------ -(***************************************************************************) -(* Transform the left operation lop against the right operation rop *) -(* with appropriate OT function. *) -(***************************************************************************) -Xform(lop, rop) == + +Xform(lop, rop) == \* lop is transformed against rop CASE lop = Nop \/ rop = Nop -> lop [] lop.type = "Ins" /\ rop.type = "Ins" -> XformII(lop, rop) [] lop.type = "Ins" /\ rop.type = "Del" -> XformID(lop, rop) [] lop.type = "Del" /\ rop.type = "Ins" -> XformDI(lop, rop) [] lop.type = "Del" /\ rop.type = "Del" -> XformDD(lop, rop) ----------------------------------------------------------------------------- -(***************************************************************************) -(* Generalized OT functions on operation sequences. *) -(***************************************************************************) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(***************************************************************************) -RECURSIVE XformOpOps(_, _, _) -XformOpOps(xform(_,_), op, ops) == +(* +Generalized OT functions on operation sequences. +*) +RECURSIVE XformOpOps(_, _, _) +XformOpOps(xform(_,_), op, ops) == \* Transform an operation op against an operation sequence ops. IF ops = <<>> THEN op ELSE XformOpOps(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(* Being different from XformOpOps, *) -(* XformOpOpsX maintains the intermediate transformed operation *) -(***************************************************************************) + RECURSIVE XformOpOpsX(_, _,_) -XformOpOpsX(xform(_, _), op, ops) == +XformOpOpsX(xform(_, _), op, ops) == \* Transform an operation op against an operation sequence ops. IF ops = <<>> - THEN <> + THEN <> \* Maintain and return the intermediate transformed operations. ELSE <> \o XformOpOpsX(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation sequence ops *) -(* against an operation op. *) -(***************************************************************************) -XformOpsOp(xform(_, _), ops, op) == + +XformOpsOp(xform(_, _), ops, op) == \* Transform an operation sequence ops against an operation op. LET opX == XformOpOpsX(xform, op, ops) IN [i \in 1 .. Len(ops) |-> xform(ops[i], opX[i])] -(***************************************************************************) -(* Iteratively/recursively transforms an operation sequence ops1 *) -(* against another operation sequence ops2. *) -(* *) -(* See also Definition 2.13 of the paper "Imine @ TCS06". *) -(***************************************************************************) +(* +Transforms an operation sequence ops1 against another operation sequence ops2; +see Definition 2.13 of the paper "Imine@TCS06". +*) RECURSIVE XformOpsOps(_, _,_) -XformOpsOps(xform(_, _), ops1, ops2) == +XformOpsOps(xform(_, _), ops1, ops2) == IF ops2 = <<>> THEN ops1 ELSE XformOpsOps(xform, XformOpsOp(xform, ops1, Head(ops2)), Tail(ops2)) ============================================================================= \* Modification History -\* Last modified Fri Dec 28 14:58:58 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:45:16 CST 2018 by hengxin \* Created Sun Jun 24 15:57:48 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/OpOperators.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/OpOperators.tla index 6131506..2989bbe 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/OpOperators.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiter.toolbox/QC/OpOperators.tla @@ -1,39 +1,23 @@ ---------------------------- MODULE OpOperators ---------------------------- -(***************************************************************************) -(* Operators for Op. *) -(***************************************************************************) +(* +Operators for Op. +*) EXTENDS Naturals, Sequences, SequenceUtils - -Nop == PickNone(Nat) ----------------------------------------------------------------------------- -(*********************************************************************) -(* The "Apply" operator which applies an operation op on the list l. *) -(* *) -(* Del: If pos > Len(l), the last element of l is deleted. *) -(* This is realized by the DeleteElement operator. *) -(* Ins: If pos > Len(l), the new element is appended to l. *) -(* This is realized by the InsertElement operator. *) -(*********************************************************************) -Apply(op, l) == CASE op = Nop -> l - [] op.type = "Rd" -> l - [] op.type = "Del" -> DeleteElement(l, op.pos) - [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) -(*********************************************************************) -(* The "ApplyOps" operator which applies an operation sequence ops *) -(* on the list l. *) -(*********************************************************************) -RECURSIVE ApplyOps(_, _) +Nop == PickNone(Nat) + +Apply(op, l) == \* Apply an operation op on the list l. + CASE op = Nop -> l + [] op.type = "Rd" -> l + [] op.type = "Del" -> DeleteElement(l, op.pos) \* Last(l) is deleted if pos > Len(l) + [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) \* Append(l, ch) if pos > Len(l) + +RECURSIVE ApplyOps(_, _) \* Apply an operation sequence ops on the list l. ApplyOps(ops, l) == IF ops = <<>> THEN l ELSE Apply(Last(ops), ApplyOps(AllButLast(ops), l)) ------------------------------------------------------------------------------ -(*********************************************************************) -(* Check whether an operation op is legal with respect to the list l.*) -(*********************************************************************) -IsLegalOp(op, l) == CASE op.type = "Del" -> op.pos <= Len(l) - [] op.type = "Ins" -> op.pos <= Len(l) + 1 ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:14:35 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:21:16 CST 2018 by hengxin \* Created Tue Aug 28 14:58:54 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.pdf index ea03955..9fd6cc0 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.tla index 932a532..695a6f6 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.tla @@ -1,7 +1,6 @@ -------------------------- MODULE AJupiterExtended -------------------------- (* -AJupiter extended with JupiterCtx. -This is used to show that AJupiter implements XJupiter. +AJupiter extended with JupiterCtx. This is used to show that AJupiter implements XJupiter. *) EXTENDS JupiterCtx ----------------------------------------------------------------------------- @@ -35,10 +34,7 @@ InitEx == /\ cbuf = [c \in Client |-> <<>>] /\ sbuf = [c \in Client |-> <<>>] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) -DoOp(c, op) == +DoOpEx(c, op) == LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] IN /\ crec' = [crec EXCEPT ![c] = 0] /\ cbuf' = [cbuf EXCEPT ![c] = Append(@, cop)] @@ -46,25 +42,11 @@ DoOp(c, op) == /\ Comm(Msg)!CSend([ack |-> crec[c], cop |-> cop, oid |-> cop.oid]) /\ commXJ!CSend(cop) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - DoEx(c) == /\ DoCtx(c) - /\ \/ DoIns(c) - \/ DoDel(c) + /\ DoInt(DoOpEx, c) /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -Client c \in Client receives a message from the Server. -*) + RevEx(c) == /\ Comm(Msg)!CRev(c) /\ commXJ!CRev(c) @@ -77,11 +59,9 @@ RevEx(c) == IN /\ cbuf' = [cbuf EXCEPT ![c] = xcBuf] /\ state' = [state EXCEPT ![c] = Apply(xcop.op, @)] /\ RevCtx(c) - /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -The Server receives a message. -*) + /\ RevInt(c) + /\ UNCHANGED <> + SRevEx == /\ Comm(Msg)!SRev /\ commXJ!SRev @@ -99,7 +79,8 @@ SRevEx == /\ Comm(Msg)!SSend(c, [cl \in Client |-> [ack |-> srec[cl], cop |-> xcop, oid |-> xcop.oid]]) /\ commXJ!SSendSame(c, xcop) /\ SRevCtx - /\ UNCHANGED <> + /\ SRevInt + /\ UNCHANGED <> ----------------------------------------------------------------------------- NextEx == \/ \E c \in Client: DoEx(c) \/ RevEx(c) @@ -116,5 +97,5 @@ QC == \* Quiescent Consistency THEOREM SpecEx => []QC ============================================================================= \* Modification History -\* Last modified Sun Dec 30 16:43:20 CST 2018 by hengxin +\* Last modified Mon Dec 31 21:21:44 CST 2018 by hengxin \* Created Thu Dec 27 21:15:09 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/.project b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/.project index cbc0e7c..cbfdcce 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/.project +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/.project @@ -23,42 +23,42 @@ CSComm.tla 1 - /home/hengxin/Public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CSComm.tla + PARENT-1-PROJECT_LOC/CSComm.tla FunctionUtils.tla 1 - /home/hengxin/Public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/FunctionUtils.tla + PARENT-1-PROJECT_LOC/FunctionUtils.tla JupiterCtx.tla 1 - /home/hengxin/Public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterCtx.tla + PARENT-1-PROJECT_LOC/JupiterCtx.tla JupiterInterface.tla 1 - /home/hengxin/Public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.tla + PARENT-1-PROJECT_LOC/JupiterInterface.tla OT.tla 1 - /home/hengxin/Public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/OT.tla + PARENT-1-PROJECT_LOC/OT.tla OpOperators.tla 1 - /home/hengxin/Public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/OpOperators.tla + PARENT-1-PROJECT_LOC/OpOperators.tla SequenceUtils.tla 1 - /home/hengxin/Public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/SequenceUtils.tla + PARENT-1-PROJECT_LOC/SequenceUtils.tla SetUtils.tla 1 - /home/hengxin/Public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/SetUtils.tla + PARENT-1-PROJECT_LOC/SetUtils.tla diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended.pdf index 7e7b55f..e95a035 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended.tex index 4eae68b..ba10226 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended.tex @@ -943,218 +943,200 @@ {\MODULE} AJupiterExtended}\moduleRightDash\@xx{}% \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% -\ensuremath{AJupiter} extended with \ensuremath{JupiterCtx}. - This is used to show that \ensuremath{AJupiter} implements - \ensuremath{XJupiter}. + \ensuremath{AJupiter} extended with \ensuremath{JupiterCtx}. This is used to + show that \ensuremath{AJupiter} implements \ensuremath{XJupiter}. \end{cpar}% \end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 6\hspace{1em}} {\EXTENDS} JupiterCtx}% -\@x{\makebox[0pt][r]{\scriptsize 7\hspace{1em}}}\midbar\@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 8\hspace{1em}} {\VARIABLES} cbuf ,\, crec - ,\, sbuf ,\, srec}% +\@x{\makebox[0pt][r]{\scriptsize 5\hspace{1em}} {\EXTENDS} JupiterCtx}% +\@x{\makebox[0pt][r]{\scriptsize 6\hspace{1em}}}\midbar\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 7\hspace{1em}} {\VARIABLES} cbuf ,\, crec + ,\, sbuf ,\, srec ,\, cincomingXJ ,\, sincomingXJ}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 10\hspace{1em}} varsEx \.{\defeq} {\langle} - intVars ,\, ctxVars ,\, cbuf ,\, crec ,\, sbuf ,\, srec {\rangle}}% + \@x{\makebox[0pt][r]{\scriptsize 9\hspace{1em}} commXJVars \.{\defeq} + {\langle} cincomingXJ ,\, sincomingXJ {\rangle}}% + \@x{\makebox[0pt][r]{\scriptsize 10\hspace{1em}} commXJ \.{\defeq} + {\INSTANCE} CSComm {\WITH} Msg \.{\leftarrow} Seq ( Cop ) ,\,}% + \@x{\makebox[0pt][r]{\scriptsize 11\hspace{1em}}\@s{83.13} cincoming + \.{\leftarrow} cincomingXJ ,\, sincoming \.{\leftarrow} sincomingXJ}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 12\hspace{1em}} Msg \.{\defeq} [ ack \.{:} + \@x{\makebox[0pt][r]{\scriptsize 13\hspace{1em}} varsEx\@s{8.99} \.{\defeq} + {\langle} intVars ,\, ctxVars ,\, cbuf ,\, crec ,\, sbuf ,\, srec ,\, + commXJVars {\rangle}}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 15\hspace{1em}} Msg \.{\defeq} [ ack \.{:} Int ,\, cop \.{:} Cop ,\, oid \.{:} Oid ]}% -\@x{\makebox[0pt][r]{\scriptsize 13\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 14\hspace{1em}} TypeOKEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 15\hspace{1em}}\@s{16.4} \.{\land} +\@x{\makebox[0pt][r]{\scriptsize 16\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 17\hspace{1em}} TypeOKEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 18\hspace{1em}}\@s{16.4} \.{\land} TypeOKInt}% - \@x{\makebox[0pt][r]{\scriptsize 16\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 19\hspace{1em}}\@s{16.4} \.{\land} TypeOKCtx}% - \@x{\makebox[0pt][r]{\scriptsize 17\hspace{1em}}\@s{16.4} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 20\hspace{1em}}\@s{16.4} \.{\land} Comm ( Msg ) {\bang} TypeOK}% - \@x{\makebox[0pt][r]{\scriptsize 18\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 21\hspace{1em}}\@s{16.4} \.{\land} commXJ + {\bang} TypeOK}% + \@x{\makebox[0pt][r]{\scriptsize 22\hspace{1em}}\@s{16.4} \.{\land} crec\@s{2.19} \.{\in} [ Client \.{\rightarrow} Int ]}% - \@x{\makebox[0pt][r]{\scriptsize 19\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 23\hspace{1em}}\@s{16.4} \.{\land} srec\@s{2.70} \.{\in} [ Client \.{\rightarrow} Int ]}% - \@x{\makebox[0pt][r]{\scriptsize 20\hspace{1em}}\@s{16.4} \.{\land} cbuf + \@x{\makebox[0pt][r]{\scriptsize 24\hspace{1em}}\@s{16.4} \.{\land} cbuf \.{\in} [ Client \.{\rightarrow} Seq ( Cop ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 21\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 25\hspace{1em}}\@s{16.4} \.{\land} sbuf\@s{0.51} \.{\in} [ Client \.{\rightarrow} Seq ( Cop ) ]}% -\@x{\makebox[0pt][r]{\scriptsize 22\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 23\hspace{1em}} InitEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 24\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} +\@x{\makebox[0pt][r]{\scriptsize 26\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 27\hspace{1em}} InitEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} InitInt}% - \@x{\makebox[0pt][r]{\scriptsize 25\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} InitCtx}% - \@x{\makebox[0pt][r]{\scriptsize 26\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + commXJ {\bang} Init}% + \@x{\makebox[0pt][r]{\scriptsize 31\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} Comm ( Msg ) {\bang} Init}% - \@x{\makebox[0pt][r]{\scriptsize 27\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 32\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} crec\@s{2.19} \.{=} [ c \.{\in} Client \.{\mapsto} 0 ]}% - \@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} srec\@s{2.70} \.{=} [ c \.{\in} Client \.{\mapsto} 0 ]}% - \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} cbuf \.{=} [ c \.{\in} Client \.{\mapsto} {\langle} {\rangle} ]}% - \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} sbuf\@s{0.51} \.{=} [ c \.{\in} Client \.{\mapsto} {\langle} {\rangle} ]}% -\@x{\makebox[0pt][r]{\scriptsize 31\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Client \ensuremath{c \.{\in} Client} issues an operation \ensuremath{op}. -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}} DoOp ( c ,\, op )\@s{5.43} +\@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}}}\midbar\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}} DoOp ( c ,\, op )\@s{5.43} \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}}\@s{26.06} \.{\LET} cop + \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}}\@s{26.06} \.{\LET} cop \.{\defeq} [ op \.{\mapsto} op ,\, oid \.{\mapsto} [ c \.{\mapsto} c ,\, seq \.{\mapsto} cseq \.{'} [ c ] ] ,\, ctx \.{\mapsto} ds [ c ] ]}% - \@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}}\@s{26.06} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}}\@s{26.06} \.{\IN} \.{\land} crec \.{'}\@s{2.19} \.{=} [ crec {\EXCEPT} {\bang} [ c ]\@s{2.19} \.{=} 0 ]}% - \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}}\@s{46.46} \.{\land} cbuf + \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}}\@s{46.46} \.{\land} cbuf \.{'} \.{=} [ cbuf {\EXCEPT} {\bang} [ c ] \.{=} Append ( @ ,\, cop ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}}\@s{46.46} \.{\land} state + \@x{\makebox[0pt][r]{\scriptsize 41\hspace{1em}}\@s{46.46} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ c ] \.{=} Apply ( op ,\, @ ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}}\@s{46.46} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}}\@s{46.46} \.{\land} Comm ( Msg ) {\bang} CSend ( [ ack \.{\mapsto} crec [ c ] ,\, cop \.{\mapsto} cop ,\, oid \.{\mapsto} cop . oid ] )}% + \@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{46.46} \.{\land} commXJ + {\bang} CSend ( cop )}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}} DoIns ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{16.4} \E\, ins \.{\in} \{ - op \.{\in} Ins \.{:} op . pos \.{\in} 1 \.{\dotdot} ( Len ( state [ c ] ) - \.{+} 1 ) \.{\land} op . ch \.{\in} chins \.{\land} op . pr \.{=} Priority [ - c ] \} \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 44\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, ins )}% - \@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}}\@s{27.72} \.{\land} chins - \.{'} \.{=} chins \.{\,\backslash\,} \{ ins . ch \}}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}} DoDel ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{16.4} \E\, del \.{\in} \{ - op \.{\in} Del \.{:} op . pos \.{\in} 1 \.{\dotdot} Len ( state [ c ] ) \} - \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, del )}% - \@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}}\@s{27.72} \.{\land} - {\UNCHANGED} chins}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}} DoEx ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{25.28} \.{\land} DoCtx ( +\@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}} DoEx ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}}\@s{25.28} \.{\land} DoCtx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{25.28} \.{\land} \.{\lor} - DoIns ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{36.39} \.{\lor} DoDel ( c - )}% - \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{25.28} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{25.28} \.{\land} DoInt ( + DoOp ,\, c )}% + \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{25.28} \.{\land} {\UNCHANGED} {\langle} sbuf ,\, srec {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% - Client \ensuremath{c \.{\in} Client} receives a message from the - \ensuremath{Server}. -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}} RevEx ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}}\@s{16.4} \.{\land} Comm ( +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}} RevEx ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}\@s{16.4} \.{\land} Comm ( Msg ) {\bang} CRev ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}}\@s{16.4} \.{\land} crec + \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}}\@s{16.4} \.{\land} commXJ + {\bang} CRev ( c )}% + \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{16.4} \.{\land} crec \.{'} \.{=} [ crec {\EXCEPT} {\bang} [ c ] \.{=} @ \.{+} 1 ]}% - \@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} + \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} m \.{\defeq} Head ( cincoming [ c ] )}% - \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}}\@s{47.91} cBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{47.91} cBuf \.{\defeq} cbuf [ c ]}% - \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{47.91} cShiftedBuf + \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{47.91} cShiftedBuf \.{\defeq} SubSeq ( cBuf ,\, m . ack \.{+} 1 ,\, Len ( cBuf ) )}% - \@x{\makebox[0pt][r]{\scriptsize 67\hspace{1em}}\@s{47.91} xcop \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{47.91} xcop \.{\defeq} XformOpOps ( COT ,\, m . cop ,\, cShiftedBuf )}% - \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}}\@s{52.01} xcBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 58\hspace{1em}}\@s{52.01} xcBuf \.{\defeq} XformOpsOp ( COT ,\, cShiftedBuf ,\, m . cop )}% - \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{31.61} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}}\@s{31.61} \.{\IN} \.{\land} cbuf \.{'} \.{=} [ cbuf {\EXCEPT} {\bang} [ c ] \.{=} xcBuf ]}% - \@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}}\@s{52.01} \.{\land} state + \@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}}\@s{52.01} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ c ] \.{=} Apply ( xcop . op ,\, @ ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}\@s{16.4} \.{\land} RevCtx ( + \@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}}\@s{16.4} \.{\land} RevCtx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{16.4} \.{\land} - {\UNCHANGED} {\langle} chins ,\, sbuf ,\, srec {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -The \ensuremath{Server} receives a message. -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}} SRevEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 78\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}}\@s{16.4} \.{\land} RevInt ( + c )}% + \@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}}\@s{16.4} \.{\land} + {\UNCHANGED} {\langle} sbuf ,\, srec {\rangle}}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}} SRevEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} Comm ( Msg ) {\bang} SRev}% - \@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + \@x{\makebox[0pt][r]{\scriptsize 67\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + commXJ {\bang} SRev}% + \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} \.{\LET} m \.{\defeq} Head ( sincoming )}% - \@x{\makebox[0pt][r]{\scriptsize 80\hspace{1em}}\@s{54.63} c\@s{3.77} + \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{54.63} c\@s{3.77} \.{\defeq} ClientOf ( m . cop )}% - \@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}}\@s{54.63} cBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}}\@s{54.63} cBuf \.{\defeq} sbuf [ c ]}% - \@x{\makebox[0pt][r]{\scriptsize 82\hspace{1em}}\@s{54.63} cShiftedBuf + \@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}\@s{54.63} cShiftedBuf \.{\defeq} SubSeq ( cBuf ,\, m . ack \.{+} 1 ,\, Len ( cBuf ) )}% - \@x{\makebox[0pt][r]{\scriptsize 83\hspace{1em}}\@s{54.63} xcop \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{54.63} xcop \.{\defeq} XformOpOps ( COT ,\, m . cop ,\, cShiftedBuf )}% - \@x{\makebox[0pt][r]{\scriptsize 84\hspace{1em}}\@s{58.73} xcBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}\@s{58.73} xcBuf \.{\defeq} XformOpsOp ( COT ,\, cShiftedBuf ,\, m . cop )}% - \@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}}\@s{38.33} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 74\hspace{1em}}\@s{38.33} \.{\IN} \.{\land} srec \.{'}\@s{2.19} \.{=} [ cl \.{\in} Client \.{\mapsto}}% -\@x{\makebox[0pt][r]{\scriptsize 86\hspace{1em}}\@s{124.38} {\IF} cl \.{=} c}% - \@x{\makebox[0pt][r]{\scriptsize 87\hspace{1em}}\@s{124.38} \.{\THEN} srec [ - cl ] \.{+} 1}% -\@x{\makebox[0pt][r]{\scriptsize 88\hspace{1em}}\@s{124.38} \.{\ELSE} 0 ]}% - \@x{\makebox[0pt][r]{\scriptsize 89\hspace{1em}}\@s{58.73} \.{\land} sbuf + \@x{\makebox[0pt][r]{\scriptsize 75\hspace{1em}}\@s{124.38} {\IF} cl \.{=} c + \.{\THEN} srec [ cl ] \.{+} 1 \.{\ELSE} 0 ]}% + \@x{\makebox[0pt][r]{\scriptsize 76\hspace{1em}}\@s{58.73} \.{\land} sbuf \.{'} \.{=} [ cl \.{\in} Client \.{\mapsto}}% -\@x{\makebox[0pt][r]{\scriptsize 90\hspace{1em}}\@s{124.38} {\IF} cl \.{=} c}% -\@x{\makebox[0pt][r]{\scriptsize 91\hspace{1em}}\@s{124.38} \.{\THEN} xcBuf}% - \@x{\makebox[0pt][r]{\scriptsize 92\hspace{1em}}\@s{124.38} \.{\ELSE} Append - ( sbuf [ cl ] ,\, xcop ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 93\hspace{1em}}\@s{58.73} \.{\land} state + \@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}}\@s{124.38} {\IF} cl \.{=} c + \.{\THEN} xcBuf \.{\ELSE} Append ( sbuf [ cl ] ,\, xcop ) ]}% + \@x{\makebox[0pt][r]{\scriptsize 78\hspace{1em}}\@s{58.73} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ Server ] \.{=} Apply ( xcop . op ,\, @ ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 94\hspace{1em}}\@s{58.73} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}}\@s{58.73} \.{\land} Comm ( Msg ) {\bang} SSend ( c ,\, [ cl \.{\in} Client \.{\mapsto} [ ack \.{\mapsto} srec [ cl ] ,\, cop \.{\mapsto} xcop ,\, oid \.{\mapsto} xcop . oid ] ] )}% - \@x{\makebox[0pt][r]{\scriptsize 95\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + \@x{\makebox[0pt][r]{\scriptsize 80\hspace{1em}}\@s{58.73} \.{\land} commXJ + {\bang} SSendSame ( c ,\, xcop )}% + \@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} SRevCtx}% - \@x{\makebox[0pt][r]{\scriptsize 96\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} - {\UNCHANGED} {\langle} chins ,\, cbuf ,\, crec {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 97\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 98\hspace{1em}} NextEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 99\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} + \@x{\makebox[0pt][r]{\scriptsize 82\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + SRevInt}% + \@x{\makebox[0pt][r]{\scriptsize 83\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + {\UNCHANGED} {\langle} cbuf ,\, crec {\rangle}}% +\@x{\makebox[0pt][r]{\scriptsize 84\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}} NextEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 86\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} \E\, c \.{\in} Client \.{:} DoEx ( c ) \.{\lor} RevEx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 100\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} + \@x{\makebox[0pt][r]{\scriptsize 87\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} SRevEx}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 102\hspace{1em}} FairnessEx \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 89\hspace{1em}} FairnessEx \.{\defeq}}% \@y{\@s{0}% There is no requirement that the clients ever generate operations. }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 103\hspace{1em}}\@s{16.4} {\WF}_{ varsEx} ( + \@x{\makebox[0pt][r]{\scriptsize 90\hspace{1em}}\@s{16.4} {\WF}_{ varsEx} ( SRevEx \.{\lor} \E\, c \.{\in} Client \.{:} RevEx ( c ) )}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 105\hspace{1em}} SpecEx \.{\defeq} InitEx + \@x{\makebox[0pt][r]{\scriptsize 92\hspace{1em}} SpecEx \.{\defeq} InitEx \.{\land} {\Box} [ NextEx ]_{ varsEx}}% \@y{\@s{0}% \ensuremath{\.{\land} FairnessEx }}% \@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 106\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 107\hspace{1em}} QC \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 93\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 94\hspace{1em}} QC \.{\defeq}}% \@y{\@s{0}% Quiescent Consistency }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 108\hspace{1em}}\@s{20.37} Comm ( Msg ) + \@x{\makebox[0pt][r]{\scriptsize 95\hspace{1em}}\@s{20.37} Comm ( Msg ) {\bang} EmptyChannel \.{\implies} Cardinality ( Range ( state ) ) \.{=} 1}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 110\hspace{1em}} {\THEOREM} SpecEx + \@x{\makebox[0pt][r]{\scriptsize 97\hspace{1em}} {\THEOREM} SpecEx \.{\implies} {\Box} QC}% -\@x{\makebox[0pt][r]{\scriptsize 111\hspace{1em}}}\bottombar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 98\hspace{1em}}}\bottombar\@xx{}% \setboolean{shading}{false} \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Modification History \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Last modified Sat \ensuremath{Dec} 29 - 18:55:12 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} + \ensuremath{Dec} 31 21:05:54 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended___QC.launch b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended___QC.launch index 0ee611a..4829065 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended___QC.launch +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/AJupiterExtended___QC.launch @@ -6,7 +6,7 @@ - + @@ -19,8 +19,8 @@ - - + + diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/AJupiterExtended.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/AJupiterExtended.tla index 5620355..3b512e3 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/AJupiterExtended.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/AJupiterExtended.tla @@ -1,13 +1,16 @@ -------------------------- MODULE AJupiterExtended -------------------------- (* -AJupiter extended with JupiterCtx. -This is used to show that AJupiter implements XJupiter. +AJupiter extended with JupiterCtx. This is used to show that AJupiter implements XJupiter. *) EXTENDS JupiterCtx ----------------------------------------------------------------------------- -VARIABLES cbuf, crec, sbuf, srec +VARIABLES cbuf, crec, sbuf, srec, cincomingXJ, sincomingXJ -varsEx == <> +commXJVars == <> +commXJ == INSTANCE CSComm WITH Msg <- Seq(Cop), + cincoming <- cincomingXJ, sincoming <- sincomingXJ + +varsEx == <> Msg == [ack: Int, cop: Cop, oid: Oid] ----------------------------------------------------------------------------- @@ -15,6 +18,7 @@ TypeOKEx == /\ TypeOKInt /\ TypeOKCtx /\ Comm(Msg)!TypeOK + /\ commXJ!TypeOK /\ crec \in [Client -> Int] /\ srec \in [Client -> Int] /\ cbuf \in [Client -> Seq(Cop)] @@ -23,43 +27,29 @@ TypeOKEx == InitEx == /\ InitInt /\ InitCtx + /\ commXJ!Init /\ Comm(Msg)!Init /\ crec = [c \in Client |-> 0] /\ srec = [c \in Client |-> 0] /\ cbuf = [c \in Client |-> <<>>] /\ sbuf = [c \in Client |-> <<>>] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) DoOp(c, op) == LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] IN /\ crec' = [crec EXCEPT ![c] = 0] /\ cbuf' = [cbuf EXCEPT ![c] = Append(@, cop)] /\ state' = [state EXCEPT ![c] = Apply(op, @)] /\ Comm(Msg)!CSend([ack |-> crec[c], cop |-> cop, oid |-> cop.oid]) - -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins + /\ commXJ!CSend(cop) DoEx(c) == /\ DoCtx(c) - /\ \/ DoIns(c) - \/ DoDel(c) + /\ DoInt(DoOp, c) /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -Client c \in Client receives a message from the Server. -*) + RevEx(c) == /\ Comm(Msg)!CRev(c) + /\ commXJ!CRev(c) /\ crec' = [crec EXCEPT ![c] = @ + 1] /\ LET m == Head(cincoming[c]) cBuf == cbuf[c] @@ -69,13 +59,12 @@ RevEx(c) == IN /\ cbuf' = [cbuf EXCEPT ![c] = xcBuf] /\ state' = [state EXCEPT ![c] = Apply(xcop.op, @)] /\ RevCtx(c) - /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -The Server receives a message. -*) + /\ RevInt(c) + /\ UNCHANGED <> + SRevEx == /\ Comm(Msg)!SRev + /\ commXJ!SRev /\ LET m == Head(sincoming) c == ClientOf(m.cop) cBuf == sbuf[c] @@ -83,17 +72,15 @@ SRevEx == xcop == XformOpOps(COT, m.cop, cShiftedBuf) xcBuf == XformOpsOp(COT, cShiftedBuf, m.cop) IN /\ srec' = [cl \in Client |-> - IF cl = c - THEN srec[cl] + 1 - ELSE 0] - /\ sbuf' = [cl \in Client |-> - IF cl = c - THEN xcBuf - ELSE Append(sbuf[cl], xcop)] + IF cl = c THEN srec[cl] + 1 ELSE 0] + /\ sbuf' = [cl \in Client |-> + IF cl = c THEN xcBuf ELSE Append(sbuf[cl], xcop)] /\ state' = [state EXCEPT ![Server] = Apply(xcop.op, @)] /\ Comm(Msg)!SSend(c, [cl \in Client |-> [ack |-> srec[cl], cop |-> xcop, oid |-> xcop.oid]]) + /\ commXJ!SSendSame(c, xcop) /\ SRevCtx - /\ UNCHANGED <> + /\ SRevInt + /\ UNCHANGED <> ----------------------------------------------------------------------------- NextEx == \/ \E c \in Client: DoEx(c) \/ RevEx(c) @@ -110,5 +97,5 @@ QC == \* Quiescent Consistency THEOREM SpecEx => []QC ============================================================================= \* Modification History -\* Last modified Sat Dec 29 18:55:12 CST 2018 by hengxin +\* Last modified Mon Dec 31 21:05:54 CST 2018 by hengxin \* Created Thu Dec 27 21:15:09 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/CSComm.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/CSComm.tla index 7a0691d..7cd4728 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/CSComm.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/CSComm.tla @@ -5,9 +5,9 @@ Specification of communication in a Client-Server system model. EXTENDS SequenceUtils ----------------------------------------------------------------------------- CONSTANTS - Client, \* the set of clients - Server, \* the (unique) server - Msg \* the set of possible messages + Client, \* the set of clients + Server, \* the (unique) server + Msg \* the set of messages ----------------------------------------------------------------------------- VARIABLES cincoming, \* cincoming[c]: incoming channel at client c \in Client @@ -23,44 +23,32 @@ Init == EmptyChannel == Init ----------------------------------------------------------------------------- -(* -A client sends a message msg to the Server. -*) -CSend(msg) == +CSend(msg) == \* A client sends a message msg to the Server. /\ sincoming' = Append(sincoming, msg) /\ UNCHANGED cincoming -(* -Client c receives a message from the Server. -*) -CRev(c) == + +CRev(c) == \* Client c receives and consumes a message from the Server. /\ cincoming[c] # <<>> - /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] \* consume a message + /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] /\ UNCHANGED sincoming ----------------------------------------------------------------------------- (* SRev/SSend below is often used as a subaction. No UNCHANGED in their definitions. *) -(* -The Server receives a message. -*) -SRev == +SRev == \* The Server receives and consumes a message. /\ sincoming # <<>> - /\ sincoming' = Tail(sincoming) \* consume a message -(* -The Server sents a message cmsg to each client other than c \in Client. -*) -SSend(c, cmsg) == + /\ sincoming' = Tail(sincoming) + +SSend(c, cmsg) == \* The Server sents a message cmsg to each client other than c \in Client. /\ cincoming' = [cl \in Client |-> IF cl = c THEN cincoming[cl] ELSE Append(cincoming[cl], cmsg[cl])] -(* -The Server broadcasts the same message msg to all Clients other than c \in Client. -*) -SSendSame(c, msg) == + +SSendSame(c, msg) == \* The Server broadcasts the message msg to all clients other than c \in Client. /\ SSend(c, [cl \in Client |-> msg]) ============================================================================= \* Modification History -\* Last modified Tue Dec 04 20:49:02 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:04:29 CST 2018 by hengxin \* Created Sun Jun 24 10:25:34 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/JupiterCtx.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/JupiterCtx.tla index 25e92f5..151b007 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/JupiterCtx.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/JupiterCtx.tla @@ -19,7 +19,7 @@ ClientOf(cop) == cop.oid.c COT(lcop, rcop) == \* OT of two Cop(s). [lcop EXCEPT !.op = Xform(lcop.op, rcop.op), !.ctx = @ \cup {rcop.oid}] -UpdateDS(r, oid) == \* update ds to include new oid \in Oid +UpdateDS(r, oid) == \* update ds[r] to include new oid \in Oid ds' = [ds EXCEPT ![r] = @ \cup {oid}] ----------------------------------------------------------------------------- TypeOKCtx == @@ -43,5 +43,5 @@ SRevCtx == /\ UNCHANGED cseq ============================================================================= \* Modification History -\* Last modified Fri Dec 28 14:38:39 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:52:44 CST 2018 by hengxin \* Created Wed Dec 05 20:03:50 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/JupiterInterface.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/JupiterInterface.tla index d39304a..148bcf2 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/JupiterInterface.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/JupiterInterface.tla @@ -6,9 +6,9 @@ the interface of a family of Jupiter specs. EXTENDS Integers, SequenceUtils, OT ----------------------------------------------------------------------------- CONSTANTS + Char, \* the set of characters Client, \* the set of client replicas Server, \* the (unique) server replica - Char, \* the set of characters allowed to be inserted InitState \* the initial state of each replica ASSUME \* We assume that all inserted elements are unique. @@ -32,14 +32,6 @@ MaxLen == Cardinality(Char) + Len(InitState) \* the max length of lists in any s ClientNum == Cardinality(Client) Priority == CHOOSE f \in [Client -> 1 .. ClientNum] : Injective(f) ----------------------------------------------------------------------------- -TypeOKInt == - /\ state \in [Replica -> List] - /\ chins \subseteq Char - -InitInt == - /\ state = [r \in Replica |-> InitState] - /\ chins = Char ------------------------------------------------------------------------------ (* The set of all operations. Note: The positions are indexed from 1. *) @@ -48,7 +40,37 @@ Del == [type: {"Del"}, pos: 1 .. MaxLen] Ins == [type: {"Ins"}, pos: 1 .. (MaxLen + 1), ch: Char, pr: 1 .. ClientNum] \* pr: priority Op == Ins \cup Del \* Now we don't consider Rd operations +----------------------------------------------------------------------------- +TypeOKInt == + /\ state \in [Replica -> List] + /\ chins \subseteq Char + +InitInt == + /\ state = [r \in Replica |-> InitState] + /\ chins = Char + +DoIns(DoOp(_, _), c) == \* Client c \in Client generates an "Ins" operation. + \E ins \in {op \in Ins: + /\ op.pos \in 1 .. (Len(state[c]) + 1) + /\ op.ch \in chins /\ op.pr = Priority[c]}: + /\ DoOp(c, ins) + /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. + +DoDel(DoOp(_, _), c) == \* Client c \in Client generates a "Del" operation. + \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: + /\ DoOp(c, del) + /\ UNCHANGED chins + +DoInt(DoOp(_, _), c) == \* Client c \in Client issues an operation. + \/ DoIns(DoOp, c) + \/ DoDel(DoOp, c) + +RevInt(c) == \* Client c \in Client receives a message from the Server. + /\UNCHANGED chins + +SRevInt == \* The Server receives a message. + /\ UNCHANGED chins ============================================================================= \* Modification History -\* Last modified Wed Dec 12 20:20:43 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:25 CST 2018 by hengxin \* Created Tue Dec 04 19:01:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/MC.cfg b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/MC.cfg index cd5ce1b..e0b0d42 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/MC.cfg +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/MC.cfg @@ -8,24 +8,24 @@ a = a b = b \* MV CONSTANT definitions CONSTANT -Client <- const_154608092877258000 +Client <- const_154626169490958000 \* MV CONSTANT definitions CONSTANT -Char <- const_154608092877259000 +Char <- const_154626169490959000 \* CONSTANT declarations CONSTANT Server = Server \* SYMMETRY definition -SYMMETRY symm_154608092877260000 +SYMMETRY symm_154626169490960000 \* CONSTANT definitions CONSTANT -InitState <- const_154608092877261000 +InitState <- const_154626169490961000 \* CONSTANT definition CONSTANT Nop = Nop \* SPECIFICATION definition SPECIFICATION -spec_154608092877263000 +spec_154626169491063000 \* INVARIANT definition INVARIANT -inv_154608092877264000 -\* Generated on Sat Dec 29 18:55:28 CST 2018 \ No newline at end of file +inv_154626169491064000 +\* Generated on Mon Dec 31 21:08:14 CST 2018 \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/MC.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/MC.tla index ad96504..fd1c042 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/MC.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/MC.tla @@ -12,33 +12,33 @@ a, b ---- \* MV CONSTANT definitions Client -const_154608092877258000 == +const_154626169490958000 == {c1, c2} ---- \* MV CONSTANT definitions Char -const_154608092877259000 == +const_154626169490959000 == {a, b} ---- \* SYMMETRY definition -symm_154608092877260000 == -Permutations(const_154608092877259000) +symm_154626169490960000 == +Permutations(const_154626169490959000) ---- \* CONSTANT definitions @modelParameterConstants:2InitState -const_154608092877261000 == +const_154626169490961000 == <<>> ---- \* SPECIFICATION definition @modelBehaviorSpec:0 -spec_154608092877263000 == +spec_154626169491063000 == SpecEx ---- \* INVARIANT definition @modelCorrectnessInvariants:0 -inv_154608092877264000 == +inv_154626169491064000 == QC ---- ============================================================================= \* Modification History -\* Created Sat Dec 29 18:55:28 CST 2018 by hengxin +\* Created Mon Dec 31 21:08:14 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/OT.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/OT.tla index a8dacd0..4980ff3 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/OT.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/OT.tla @@ -1,21 +1,11 @@ --------------------------------- MODULE OT --------------------------------- -(***************************************************************************) -(* Specification of OT (Operational Transformation) functions. *) -(* It consists of the basic OT functions for two operations and *) -(* more general ones involving operation sequences. *) -(***************************************************************************) +(* +This module contains the basic OT (Operational Transformation) functions +for two operations and general ones involving operation sequences. +*) EXTENDS OpOperators, SetUtils ----------------------------------------------------------------------------- -(***************************************************************************) -(* OT (Operational Transformation) functions. *) -(* *) -(* Naming convention: I for "Ins" and D for "Del". *) -(***************************************************************************) - -(***************************************************************************) -(* The left "Ins" lins transformed against the right "Ins" rins. *) -(***************************************************************************) -XformII(lins, rins) == +XformII(lins, rins) == \* lins is transformed against rins IF lins.pos < rins.pos THEN lins ELSE IF lins.pos > rins.pos @@ -25,84 +15,59 @@ XformII(lins, rins) == ELSE IF lins.pr > rins.pr THEN [lins EXCEPT !.pos = @+1] ELSE lins -(***************************************************************************) -(* The left "Ins" ins transformed against the right "Del" del. *) -(***************************************************************************) -XformID(ins, del) == + +XformID(ins, del) == \* ins is transformed against del IF ins.pos <= del.pos THEN ins ELSE [ins EXCEPT !.pos = @-1] -(***************************************************************************) -(* The left "Del" del transformed against the right "Ins" ins. *) -(***************************************************************************) -XformDI(del, ins) == + +XformDI(del, ins) == \* del is transformed against ins IF del.pos < ins.pos THEN del ELSE [del EXCEPT !.pos = @+1] -(***************************************************************************) -(* The left "Del" ldel transformed against the right "Del" rdel. *) -(***************************************************************************) -XformDD(ldel, rdel) == + +XformDD(ldel, rdel) == \* ldel is transformed against rdel IF ldel.pos < rdel.pos THEN ldel ELSE IF ldel.pos > rdel.pos THEN [ldel EXCEPT !.pos = @-1] ELSE Nop ------------------------------------------------------------------------------ -(***************************************************************************) -(* Transform the left operation lop against the right operation rop *) -(* with appropriate OT function. *) -(***************************************************************************) -Xform(lop, rop) == + +Xform(lop, rop) == \* lop is transformed against rop CASE lop = Nop \/ rop = Nop -> lop [] lop.type = "Ins" /\ rop.type = "Ins" -> XformII(lop, rop) [] lop.type = "Ins" /\ rop.type = "Del" -> XformID(lop, rop) [] lop.type = "Del" /\ rop.type = "Ins" -> XformDI(lop, rop) [] lop.type = "Del" /\ rop.type = "Del" -> XformDD(lop, rop) ----------------------------------------------------------------------------- -(***************************************************************************) -(* Generalized OT functions on operation sequences. *) -(***************************************************************************) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(***************************************************************************) -RECURSIVE XformOpOps(_, _, _) -XformOpOps(xform(_,_), op, ops) == +(* +Generalized OT functions on operation sequences. +*) +RECURSIVE XformOpOps(_, _, _) +XformOpOps(xform(_,_), op, ops) == \* Transform an operation op against an operation sequence ops. IF ops = <<>> THEN op ELSE XformOpOps(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(* Being different from XformOpOps, *) -(* XformOpOpsX maintains the intermediate transformed operation *) -(***************************************************************************) + RECURSIVE XformOpOpsX(_, _,_) -XformOpOpsX(xform(_, _), op, ops) == +XformOpOpsX(xform(_, _), op, ops) == \* Transform an operation op against an operation sequence ops. IF ops = <<>> - THEN <> + THEN <> \* Maintain and return the intermediate transformed operations. ELSE <> \o XformOpOpsX(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation sequence ops *) -(* against an operation op. *) -(***************************************************************************) -XformOpsOp(xform(_, _), ops, op) == + +XformOpsOp(xform(_, _), ops, op) == \* Transform an operation sequence ops against an operation op. LET opX == XformOpOpsX(xform, op, ops) IN [i \in 1 .. Len(ops) |-> xform(ops[i], opX[i])] -(***************************************************************************) -(* Iteratively/recursively transforms an operation sequence ops1 *) -(* against another operation sequence ops2. *) -(* *) -(* See also Definition 2.13 of the paper "Imine @ TCS06". *) -(***************************************************************************) +(* +Transforms an operation sequence ops1 against another operation sequence ops2; +see Definition 2.13 of the paper "Imine@TCS06". +*) RECURSIVE XformOpsOps(_, _,_) -XformOpsOps(xform(_, _), ops1, ops2) == +XformOpsOps(xform(_, _), ops1, ops2) == IF ops2 = <<>> THEN ops1 ELSE XformOpsOps(xform, XformOpsOp(xform, ops1, Head(ops2)), Tail(ops2)) ============================================================================= \* Modification History -\* Last modified Fri Dec 28 14:58:58 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:45:16 CST 2018 by hengxin \* Created Sun Jun 24 15:57:48 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/OpOperators.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/OpOperators.tla index 6131506..2989bbe 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/OpOperators.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterExtended.toolbox/QC/OpOperators.tla @@ -1,39 +1,23 @@ ---------------------------- MODULE OpOperators ---------------------------- -(***************************************************************************) -(* Operators for Op. *) -(***************************************************************************) +(* +Operators for Op. +*) EXTENDS Naturals, Sequences, SequenceUtils - -Nop == PickNone(Nat) ----------------------------------------------------------------------------- -(*********************************************************************) -(* The "Apply" operator which applies an operation op on the list l. *) -(* *) -(* Del: If pos > Len(l), the last element of l is deleted. *) -(* This is realized by the DeleteElement operator. *) -(* Ins: If pos > Len(l), the new element is appended to l. *) -(* This is realized by the InsertElement operator. *) -(*********************************************************************) -Apply(op, l) == CASE op = Nop -> l - [] op.type = "Rd" -> l - [] op.type = "Del" -> DeleteElement(l, op.pos) - [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) -(*********************************************************************) -(* The "ApplyOps" operator which applies an operation sequence ops *) -(* on the list l. *) -(*********************************************************************) -RECURSIVE ApplyOps(_, _) +Nop == PickNone(Nat) + +Apply(op, l) == \* Apply an operation op on the list l. + CASE op = Nop -> l + [] op.type = "Rd" -> l + [] op.type = "Del" -> DeleteElement(l, op.pos) \* Last(l) is deleted if pos > Len(l) + [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) \* Append(l, ch) if pos > Len(l) + +RECURSIVE ApplyOps(_, _) \* Apply an operation sequence ops on the list l. ApplyOps(ops, l) == IF ops = <<>> THEN l ELSE Apply(Last(ops), ApplyOps(AllButLast(ops), l)) ------------------------------------------------------------------------------ -(*********************************************************************) -(* Check whether an operation op is legal with respect to the list l.*) -(*********************************************************************) -IsLegalOp(op, l) == CASE op.type = "Del" -> op.pos <= Len(l) - [] op.type = "Ins" -> op.pos <= Len(l) + 1 ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:14:35 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:21:16 CST 2018 by hengxin \* Created Tue Aug 28 14:58:54 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.pdf index 79c3d40..6282c6a 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.tla index 67d4f86..e201c97 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.tla @@ -23,20 +23,15 @@ FairnessH == SpecH == InitH /\ [][NextH]_varsH \* /\ FairnessH ------------------------------------------------------------- -(*********************************************************************) -(* Weak List Consistency (WLSpec) *) -(*********************************************************************) -WLSpec == Comm(Msg)!EmptyChannel - => \A l1, l2 \in list: - /\ Injective(l1) - /\ Injective(l2) - /\ Compatible(l1, l2) +WLSpec == \* The weak list specification + Comm(Msg)!EmptyChannel + => \A l1, l2 \in list: + /\ Injective(l1) + /\ Injective(l2) + /\ Compatible(l1, l2) THEOREM SpecH => WLSpec -(*********************************************************************) -(* Strong List Consistency (SLSpec) *) -(*********************************************************************) ============================================================================= \* Modification History -\* Last modified Thu Dec 27 20:36:24 CST 2018 by hengxin +\* Last modified Mon Dec 31 21:09:21 CST 2018 by hengxin \* Created Thu Aug 30 21:26:18 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.toolbox/AJupiterH.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.toolbox/AJupiterH.pdf index 79c3d40..6282c6a 100755 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.toolbox/AJupiterH.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.toolbox/AJupiterH.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.toolbox/AJupiterH.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.toolbox/AJupiterH.tex index 555c3fe..ce5c2a4 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.toolbox/AJupiterH.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterH.toolbox/AJupiterH.tex @@ -978,38 +978,33 @@ }}% \@xx{}% \@x{\makebox[0pt][r]{\scriptsize 25\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Weak \ensuremath{List} Consistency (\ensuremath{WLSpec}) -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}} WLSpec \.{\defeq} Comm ( Msg - ) {\bang} EmptyChannel}% - \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{62.82} \.{\implies} \A\, +\@x{\makebox[0pt][r]{\scriptsize 26\hspace{1em}} WLSpec \.{\defeq}}% +\@y{\@s{0}% + The weak list specification +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 27\hspace{1em}}\@s{16.4} Comm ( Msg ) + {\bang} EmptyChannel}% + \@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}}\@s{45.78} \.{\implies} \A\, l1 ,\, l2 \.{\in} list \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 31\hspace{1em}}\@s{82.48} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}}\@s{65.44} \.{\land} Injective ( l1 )}% - \@x{\makebox[0pt][r]{\scriptsize 32\hspace{1em}}\@s{82.48} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{65.44} \.{\land} Injective ( l2 )}% - \@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}}\@s{82.48} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 31\hspace{1em}}\@s{65.44} \.{\land} Compatible ( l1 ,\, l2 )}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}} {\THEOREM} SpecH + \@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}} {\THEOREM} SpecH \.{\implies} WLSpec}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Strong \ensuremath{List} Consistency (\ensuremath{SLSpec}) -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}}}\bottombar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}}\bottombar\@xx{}% \setboolean{shading}{false} \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Modification History \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Thu} - \ensuremath{Dec} 27 20:36:24 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} + \ensuremath{Dec} 31 21:09:21 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.pdf index d3cd311..58df8fc 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.tla index c9c51d0..04308cc 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.tla @@ -17,38 +17,19 @@ InitImpl == /\ c2ss = [c \in Client |-> EmptySS] /\ s2ss = [c \in Client |-> EmptySS] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) DoOpImpl(c, op) == - LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] - IN /\ crec' = [crec EXCEPT ![c] = 0] - /\ cbuf' = [cbuf EXCEPT ![c] = Append(@, cop)] - /\ state' = [state EXCEPT ![c] = Apply(op, @)] - /\ Comm(Msg)!CSend([ack |-> crec[c], cop |-> cop, oid |-> cop.oid]) - /\ commXJ!CSend(cop) - /\ c2ss' = [c2ss EXCEPT ![c] = + /\ DoOpEx(c, op) + /\ LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] + IN c2ss' = [c2ss EXCEPT ![c] = @ (+) [node |-> {ds'[c]}, - edge |-> {[from |-> ds[c], to |-> ds'[c], cop |-> cop]}] - ] - /\ UNCHANGED s2ss - -DoInsImpl(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOpImpl(c, ins) - /\ chins' = chins \ {ins.ch} - -DoDelImpl(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOpImpl(c, del) - /\ UNCHANGED chins + edge |-> {[from |-> ds[c], to |-> ds'[c], cop |-> cop]}]] + /\ UNCHANGED s2ss DoImpl(c) == /\ DoCtx(c) - /\ \/ DoInsImpl(c) - \/ DoDelImpl(c) + /\ DoInt(DoOpImpl, c) \* TODO: refactor to use DoEx(c) /\ UNCHANGED <> ------------------------------------------------------------------------------ + RevImpl(c) == /\ RevEx(c) /\ LET m == Head(cincoming[c]) @@ -57,7 +38,7 @@ RevImpl(c) == xform == xFormCopCopsSS(m.cop, cShiftedBuf) \* [lss, xss] IN c2ss' = [c2ss EXCEPT ![c] = @ (+) xform.xss] /\ UNCHANGED s2ss ------------------------------------------------------------------------------ + SRevImpl == /\ SRevEx /\ LET m == Head(sincoming) @@ -77,12 +58,12 @@ FairnessImpl == WF_varsImpl(SRevImpl \/ \E c \in Client: RevImpl(c)) SpecImpl == InitImpl /\ [][NextImpl]_varsImpl \* /\ FairnessImpl - +----------------------------------------------------------------------------- XJ == INSTANCE XJupiter WITH cincoming <- cincomingXJ, sincoming <- sincomingXJ THEOREM SpecImpl => XJ!Spec ============================================================================= \* Modification History -\* Last modified Sun Dec 30 16:48:09 CST 2018 by hengxin +\* Last modified Mon Dec 31 21:24:30 CST 2018 by hengxin \* Created Sat Dec 29 18:36:51 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterExtended.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterExtended.pdf index ea03955..9fd6cc0 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterExtended.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterExtended.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterExtended.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterExtended.tex index 6b23045..522bc67 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterExtended.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterExtended.tex @@ -943,234 +943,200 @@ {\MODULE} AJupiterExtended}\moduleRightDash\@xx{}% \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% -\ensuremath{AJupiter} extended with \ensuremath{JupiterCtx}. - This is used to show that \ensuremath{AJupiter} implements - \ensuremath{XJupiter}. + \ensuremath{AJupiter} extended with \ensuremath{JupiterCtx}. This is used to + show that \ensuremath{AJupiter} implements \ensuremath{XJupiter}. \end{cpar}% \end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 6\hspace{1em}} {\EXTENDS} JupiterCtx}% -\@x{\makebox[0pt][r]{\scriptsize 7\hspace{1em}}}\midbar\@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 8\hspace{1em}} {\VARIABLES} cbuf ,\, crec +\@x{\makebox[0pt][r]{\scriptsize 5\hspace{1em}} {\EXTENDS} JupiterCtx}% +\@x{\makebox[0pt][r]{\scriptsize 6\hspace{1em}}}\midbar\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 7\hspace{1em}} {\VARIABLES} cbuf ,\, crec ,\, sbuf ,\, srec ,\, cincomingXJ ,\, sincomingXJ}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 10\hspace{1em}} commXJVars \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 9\hspace{1em}} commXJVars \.{\defeq} {\langle} cincomingXJ ,\, sincomingXJ {\rangle}}% - \@x{\makebox[0pt][r]{\scriptsize 11\hspace{1em}} commXJ \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 10\hspace{1em}} commXJ \.{\defeq} {\INSTANCE} CSComm {\WITH} Msg \.{\leftarrow} Seq ( Cop ) ,\,}% - \@x{\makebox[0pt][r]{\scriptsize 12\hspace{1em}}\@s{83.13} cincoming + \@x{\makebox[0pt][r]{\scriptsize 11\hspace{1em}}\@s{83.13} cincoming \.{\leftarrow} cincomingXJ ,\, sincoming \.{\leftarrow} sincomingXJ}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 14\hspace{1em}} varsEx\@s{8.99} \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 13\hspace{1em}} varsEx\@s{8.99} \.{\defeq} {\langle} intVars ,\, ctxVars ,\, cbuf ,\, crec ,\, sbuf ,\, srec ,\, commXJVars {\rangle}}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 16\hspace{1em}} Msg \.{\defeq} [ ack \.{:} + \@x{\makebox[0pt][r]{\scriptsize 15\hspace{1em}} Msg \.{\defeq} [ ack \.{:} Int ,\, cop \.{:} Cop ,\, oid \.{:} Oid ]}% -\@x{\makebox[0pt][r]{\scriptsize 17\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 18\hspace{1em}} TypeOKEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 19\hspace{1em}}\@s{16.4} \.{\land} +\@x{\makebox[0pt][r]{\scriptsize 16\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 17\hspace{1em}} TypeOKEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 18\hspace{1em}}\@s{16.4} \.{\land} TypeOKInt}% - \@x{\makebox[0pt][r]{\scriptsize 20\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 19\hspace{1em}}\@s{16.4} \.{\land} TypeOKCtx}% - \@x{\makebox[0pt][r]{\scriptsize 21\hspace{1em}}\@s{16.4} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 20\hspace{1em}}\@s{16.4} \.{\land} Comm ( Msg ) {\bang} TypeOK}% - \@x{\makebox[0pt][r]{\scriptsize 22\hspace{1em}}\@s{16.4} \.{\land} commXJ + \@x{\makebox[0pt][r]{\scriptsize 21\hspace{1em}}\@s{16.4} \.{\land} commXJ {\bang} TypeOK}% - \@x{\makebox[0pt][r]{\scriptsize 23\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 22\hspace{1em}}\@s{16.4} \.{\land} crec\@s{2.19} \.{\in} [ Client \.{\rightarrow} Int ]}% - \@x{\makebox[0pt][r]{\scriptsize 24\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 23\hspace{1em}}\@s{16.4} \.{\land} srec\@s{2.70} \.{\in} [ Client \.{\rightarrow} Int ]}% - \@x{\makebox[0pt][r]{\scriptsize 25\hspace{1em}}\@s{16.4} \.{\land} cbuf + \@x{\makebox[0pt][r]{\scriptsize 24\hspace{1em}}\@s{16.4} \.{\land} cbuf \.{\in} [ Client \.{\rightarrow} Seq ( Cop ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 26\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 25\hspace{1em}}\@s{16.4} \.{\land} sbuf\@s{0.51} \.{\in} [ Client \.{\rightarrow} Seq ( Cop ) ]}% -\@x{\makebox[0pt][r]{\scriptsize 27\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}} InitEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} +\@x{\makebox[0pt][r]{\scriptsize 26\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 27\hspace{1em}} InitEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} InitInt}% - \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} InitCtx}% - \@x{\makebox[0pt][r]{\scriptsize 31\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} commXJ {\bang} Init}% - \@x{\makebox[0pt][r]{\scriptsize 32\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 31\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} Comm ( Msg ) {\bang} Init}% - \@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 32\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} crec\@s{2.19} \.{=} [ c \.{\in} Client \.{\mapsto} 0 ]}% - \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} srec\@s{2.70} \.{=} [ c \.{\in} Client \.{\mapsto} 0 ]}% - \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} cbuf \.{=} [ c \.{\in} Client \.{\mapsto} {\langle} {\rangle} ]}% - \@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} sbuf\@s{0.51} \.{=} [ c \.{\in} Client \.{\mapsto} {\langle} {\rangle} ]}% -\@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Client \ensuremath{c \.{\in} Client} issues an operation \ensuremath{op}. -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 41\hspace{1em}} DoOp ( c ,\, op )\@s{5.43} +\@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}}}\midbar\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}} DoOpEx ( c ,\, op ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}}\@s{26.06} \.{\LET} cop + \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}}\@s{16.4} \.{\LET} cop \.{\defeq} [ op \.{\mapsto} op ,\, oid \.{\mapsto} [ c \.{\mapsto} c ,\, seq \.{\mapsto} cseq \.{'} [ c ] ] ,\, ctx \.{\mapsto} ds [ c ] ]}% - \@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{26.06} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}}\@s{16.4} \.{\IN} \.{\land} crec \.{'}\@s{2.19} \.{=} [ crec {\EXCEPT} {\bang} [ c ]\@s{2.19} \.{=} 0 ]}% - \@x{\makebox[0pt][r]{\scriptsize 44\hspace{1em}}\@s{46.46} \.{\land} cbuf + \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}}\@s{36.79} \.{\land} cbuf \.{'} \.{=} [ cbuf {\EXCEPT} {\bang} [ c ] \.{=} Append ( @ ,\, cop ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}}\@s{46.46} \.{\land} state + \@x{\makebox[0pt][r]{\scriptsize 41\hspace{1em}}\@s{36.79} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ c ] \.{=} Apply ( op ,\, @ ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}}\@s{46.46} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}}\@s{36.79} \.{\land} Comm ( Msg ) {\bang} CSend ( [ ack \.{\mapsto} crec [ c ] ,\, cop \.{\mapsto} cop ,\, oid \.{\mapsto} cop . oid ] )}% - \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{46.46} \.{\land} commXJ + \@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{36.79} \.{\land} commXJ {\bang} CSend ( cop )}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}} DoIns ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}}\@s{16.4} \E\, ins \.{\in} \{ - op \.{\in} Ins \.{:} op . pos \.{\in} 1 \.{\dotdot} ( Len ( state [ c ] ) - \.{+} 1 ) \.{\land} op . ch \.{\in} chins \.{\land} op . pr \.{=} Priority [ - c ] \} \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, ins )}% - \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}}\@s{27.72} \.{\land} chins - \.{'} \.{=} chins \.{\,\backslash\,} \{ ins . ch \}}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}} DoDel ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{16.4} \E\, del \.{\in} \{ - op \.{\in} Del \.{:} op . pos \.{\in} 1 \.{\dotdot} Len ( state [ c ] ) \} - \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, del )}% - \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{27.72} \.{\land} - {\UNCHANGED} chins}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}} DoEx ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}}\@s{25.28} \.{\land} DoCtx ( +\@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}} DoEx ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}}\@s{25.28} \.{\land} DoCtx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}}\@s{25.28} \.{\land} \.{\lor} - DoIns ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}}\@s{36.39} \.{\lor} DoDel ( c - )}% - \@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}}\@s{25.28} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{25.28} \.{\land} DoInt ( + DoOpEx ,\, c )}% + \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{25.28} \.{\land} {\UNCHANGED} {\langle} sbuf ,\, srec {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% - Client \ensuremath{c \.{\in} Client} receives a message from the - \ensuremath{Server}. -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}} RevEx ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{16.4} \.{\land} Comm ( +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}} RevEx ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}\@s{16.4} \.{\land} Comm ( Msg ) {\bang} CRev ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}}\@s{16.4} \.{\land} commXJ + \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}}\@s{16.4} \.{\land} commXJ {\bang} CRev ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}\@s{16.4} \.{\land} crec + \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{16.4} \.{\land} crec \.{'} \.{=} [ crec {\EXCEPT} {\bang} [ c ] \.{=} @ \.{+} 1 ]}% - \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} + \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} m \.{\defeq} Head ( cincoming [ c ] )}% - \@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}\@s{47.91} cBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{47.91} cBuf \.{\defeq} cbuf [ c ]}% - \@x{\makebox[0pt][r]{\scriptsize 74\hspace{1em}}\@s{47.91} cShiftedBuf + \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{47.91} cShiftedBuf \.{\defeq} SubSeq ( cBuf ,\, m . ack \.{+} 1 ,\, Len ( cBuf ) )}% - \@x{\makebox[0pt][r]{\scriptsize 75\hspace{1em}}\@s{47.91} xcop \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{47.91} xcop \.{\defeq} XformOpOps ( COT ,\, m . cop ,\, cShiftedBuf )}% - \@x{\makebox[0pt][r]{\scriptsize 76\hspace{1em}}\@s{52.01} xcBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 58\hspace{1em}}\@s{52.01} xcBuf \.{\defeq} XformOpsOp ( COT ,\, cShiftedBuf ,\, m . cop )}% - \@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}}\@s{31.61} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}}\@s{31.61} \.{\IN} \.{\land} cbuf \.{'} \.{=} [ cbuf {\EXCEPT} {\bang} [ c ] \.{=} xcBuf ]}% - \@x{\makebox[0pt][r]{\scriptsize 78\hspace{1em}}\@s{52.01} \.{\land} state + \@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}}\@s{52.01} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ c ] \.{=} Apply ( xcop . op ,\, @ ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}}\@s{16.4} \.{\land} RevCtx ( + \@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}}\@s{16.4} \.{\land} RevCtx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 80\hspace{1em}}\@s{16.4} \.{\land} - {\UNCHANGED} {\langle} chins ,\, sbuf ,\, srec {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -The \ensuremath{Server} receives a message. -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}} SRevEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 86\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}}\@s{16.4} \.{\land} RevInt ( + c )}% + \@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}}\@s{16.4} \.{\land} + {\UNCHANGED} {\langle} sbuf ,\, srec {\rangle}}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}} SRevEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} Comm ( Msg ) {\bang} SRev}% - \@x{\makebox[0pt][r]{\scriptsize 87\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + \@x{\makebox[0pt][r]{\scriptsize 67\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} commXJ {\bang} SRev}% - \@x{\makebox[0pt][r]{\scriptsize 88\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} \.{\LET} m \.{\defeq} Head ( sincoming )}% - \@x{\makebox[0pt][r]{\scriptsize 89\hspace{1em}}\@s{54.63} c\@s{3.77} + \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{54.63} c\@s{3.77} \.{\defeq} ClientOf ( m . cop )}% - \@x{\makebox[0pt][r]{\scriptsize 90\hspace{1em}}\@s{54.63} cBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}}\@s{54.63} cBuf \.{\defeq} sbuf [ c ]}% - \@x{\makebox[0pt][r]{\scriptsize 91\hspace{1em}}\@s{54.63} cShiftedBuf + \@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}\@s{54.63} cShiftedBuf \.{\defeq} SubSeq ( cBuf ,\, m . ack \.{+} 1 ,\, Len ( cBuf ) )}% - \@x{\makebox[0pt][r]{\scriptsize 92\hspace{1em}}\@s{54.63} xcop \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{54.63} xcop \.{\defeq} XformOpOps ( COT ,\, m . cop ,\, cShiftedBuf )}% - \@x{\makebox[0pt][r]{\scriptsize 93\hspace{1em}}\@s{58.73} xcBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}\@s{58.73} xcBuf \.{\defeq} XformOpsOp ( COT ,\, cShiftedBuf ,\, m . cop )}% - \@x{\makebox[0pt][r]{\scriptsize 94\hspace{1em}}\@s{38.33} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 74\hspace{1em}}\@s{38.33} \.{\IN} \.{\land} srec \.{'}\@s{2.19} \.{=} [ cl \.{\in} Client \.{\mapsto}}% - \@x{\makebox[0pt][r]{\scriptsize 95\hspace{1em}}\@s{124.38} {\IF} cl \.{=} c + \@x{\makebox[0pt][r]{\scriptsize 75\hspace{1em}}\@s{124.38} {\IF} cl \.{=} c \.{\THEN} srec [ cl ] \.{+} 1 \.{\ELSE} 0 ]}% - \@x{\makebox[0pt][r]{\scriptsize 96\hspace{1em}}\@s{58.73} \.{\land} sbuf + \@x{\makebox[0pt][r]{\scriptsize 76\hspace{1em}}\@s{58.73} \.{\land} sbuf \.{'} \.{=} [ cl \.{\in} Client \.{\mapsto}}% - \@x{\makebox[0pt][r]{\scriptsize 97\hspace{1em}}\@s{124.38} {\IF} cl \.{=} c + \@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}}\@s{124.38} {\IF} cl \.{=} c \.{\THEN} xcBuf \.{\ELSE} Append ( sbuf [ cl ] ,\, xcop ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 98\hspace{1em}}\@s{58.73} \.{\land} state + \@x{\makebox[0pt][r]{\scriptsize 78\hspace{1em}}\@s{58.73} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ Server ] \.{=} Apply ( xcop . op ,\, @ ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 99\hspace{1em}}\@s{58.73} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}}\@s{58.73} \.{\land} Comm ( Msg ) {\bang} SSend ( c ,\, [ cl \.{\in} Client \.{\mapsto} [ ack \.{\mapsto} srec [ cl ] ,\, cop \.{\mapsto} xcop ,\, oid \.{\mapsto} xcop . oid ] ] )}% - \@x{\makebox[0pt][r]{\scriptsize 100\hspace{1em}}\@s{58.73} \.{\land} commXJ + \@x{\makebox[0pt][r]{\scriptsize 80\hspace{1em}}\@s{58.73} \.{\land} commXJ {\bang} SSendSame ( c ,\, xcop )}% - \@x{\makebox[0pt][r]{\scriptsize 101\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + \@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} SRevCtx}% - \@x{\makebox[0pt][r]{\scriptsize 102\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} - {\UNCHANGED} {\langle} chins ,\, cbuf ,\, crec {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 103\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 104\hspace{1em}} NextEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 105\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} + \@x{\makebox[0pt][r]{\scriptsize 82\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + SRevInt}% + \@x{\makebox[0pt][r]{\scriptsize 83\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + {\UNCHANGED} {\langle} cbuf ,\, crec {\rangle}}% +\@x{\makebox[0pt][r]{\scriptsize 84\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}} NextEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 86\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} \E\, c \.{\in} Client \.{:} DoEx ( c ) \.{\lor} RevEx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 106\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} + \@x{\makebox[0pt][r]{\scriptsize 87\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} SRevEx}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 108\hspace{1em}} FairnessEx \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 89\hspace{1em}} FairnessEx \.{\defeq}}% \@y{\@s{0}% There is no requirement that the clients ever generate operations. }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 109\hspace{1em}}\@s{16.4} {\WF}_{ varsEx} ( + \@x{\makebox[0pt][r]{\scriptsize 90\hspace{1em}}\@s{16.4} {\WF}_{ varsEx} ( SRevEx \.{\lor} \E\, c \.{\in} Client \.{:} RevEx ( c ) )}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 111\hspace{1em}} SpecEx \.{\defeq} InitEx + \@x{\makebox[0pt][r]{\scriptsize 92\hspace{1em}} SpecEx \.{\defeq} InitEx \.{\land} {\Box} [ NextEx ]_{ varsEx}}% \@y{\@s{0}% \ensuremath{\.{\land} FairnessEx }}% \@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 112\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 113\hspace{1em}} QC \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 93\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 94\hspace{1em}} QC \.{\defeq}}% \@y{\@s{0}% Quiescent Consistency }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 114\hspace{1em}}\@s{20.37} Comm ( Msg ) + \@x{\makebox[0pt][r]{\scriptsize 95\hspace{1em}}\@s{20.37} Comm ( Msg ) {\bang} EmptyChannel \.{\implies} Cardinality ( Range ( state ) ) \.{=} 1}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 116\hspace{1em}} {\THEOREM} SpecEx + \@x{\makebox[0pt][r]{\scriptsize 97\hspace{1em}} {\THEOREM} SpecEx \.{\implies} {\Box} QC}% -\@x{\makebox[0pt][r]{\scriptsize 117\hspace{1em}}}\bottombar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 98\hspace{1em}}}\bottombar\@xx{}% \setboolean{shading}{false} \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Modification History \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Last modified Sun \ensuremath{Dec} 30 - 16:43:20 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} + \ensuremath{Dec} 31 21:21:44 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter.pdf index d3cd311..58df8fc 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter.tex index 5a0e584..b511ee5 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter.tex @@ -967,143 +967,111 @@ \@x{\makebox[0pt][r]{\scriptsize 18\hspace{1em}}\@s{16.4} \.{\land} s2ss\@s{0.25} \.{=} [ c \.{\in} Client \.{\mapsto} EmptySS ]}% \@x{\makebox[0pt][r]{\scriptsize 19\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Client \ensuremath{c \.{\in} Client} issues an operation \ensuremath{op}. -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 23\hspace{1em}} DoOpImpl ( c ,\, op ) + \@x{\makebox[0pt][r]{\scriptsize 20\hspace{1em}} DoOpImpl ( c ,\, op ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 24\hspace{1em}}\@s{16.4} \.{\LET}\@s{9.37} + \@x{\makebox[0pt][r]{\scriptsize 21\hspace{1em}}\@s{16.4} \.{\land} DoOpEx ( + c ,\, op )}% + \@x{\makebox[0pt][r]{\scriptsize 22\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} cop \.{\defeq} [ op \.{\mapsto} op ,\, oid \.{\mapsto} [ c \.{\mapsto} c ,\, seq \.{\mapsto} cseq \.{'} [ c ] ] ,\, ctx \.{\mapsto} ds [ c ] ]}% - \@x{\makebox[0pt][r]{\scriptsize 25\hspace{1em}}\@s{16.4} \.{\IN} \.{\land} - crec \.{'}\@s{2.19} \.{=} [ crec {\EXCEPT} {\bang} [ c ]\@s{2.19} \.{=} 0 ]}% - \@x{\makebox[0pt][r]{\scriptsize 26\hspace{1em}}\@s{36.79} \.{\land} cbuf - \.{'} \.{=} [ cbuf {\EXCEPT} {\bang} [ c ] \.{=} Append ( @ ,\, cop ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 27\hspace{1em}}\@s{36.79} \.{\land} state - \.{'} \.{=} [ state {\EXCEPT} {\bang} [ c ] \.{=} Apply ( op ,\, @ ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}}\@s{36.79} \.{\land} Comm ( - Msg ) {\bang} CSend ( [ ack \.{\mapsto} crec [ c ] ,\, cop \.{\mapsto} cop - ,\, oid \.{\mapsto} cop . oid ] )}% - \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}}\@s{36.79} \.{\land} commXJ - {\bang} CSend ( cop )}% - \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{36.79} \.{\land} c2ss - \.{'} \.{=} [ c2ss {\EXCEPT} {\bang} [ c ] \.{=}}% - \@x{\makebox[0pt][r]{\scriptsize 31\hspace{1em}}\@s{105.15} @ \.{\oplus} [ + \@x{\makebox[0pt][r]{\scriptsize 23\hspace{1em}}\@s{31.61} \.{\IN} c2ss \.{'} + \.{=} [ c2ss {\EXCEPT} {\bang} [ c ] \.{=}}% + \@x{\makebox[0pt][r]{\scriptsize 24\hspace{1em}}\@s{106.49} @ \.{\oplus} [ node \.{\mapsto} \{ ds \.{'} [ c ] \} ,\,}% - \@x{\makebox[0pt][r]{\scriptsize 32\hspace{1em}}\@s{127.93} edge\@s{1.53} + \@x{\makebox[0pt][r]{\scriptsize 25\hspace{1em}}\@s{129.26} edge\@s{1.53} \.{\mapsto} \{ [ from \.{\mapsto} ds [ c ] ,\, to \.{\mapsto} ds \.{'} [ c ] - ,\, cop \.{\mapsto} cop ] \} ]}% -\@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}}\@s{83.21} ]}% - \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{36.79} \.{\land} + ,\, cop \.{\mapsto} cop ] \} ] ]}% + \@x{\makebox[0pt][r]{\scriptsize 26\hspace{1em}}\@s{16.4} \.{\land} {\UNCHANGED} s2ss}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}} DoInsImpl ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}}\@s{16.4} \E\, ins \.{\in} \{ - op \.{\in} Ins \.{:} op . pos \.{\in} 1 \.{\dotdot} ( Len ( state [ c ] ) - \.{+} 1 ) \.{\land} op . ch \.{\in} chins \.{\land} op . pr \.{=} Priority [ - c ] \} \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}}\@s{27.72} \.{\land} DoOpImpl - ( c ,\, ins )}% - \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}}\@s{27.72} \.{\land} chins - \.{'} \.{=} chins \.{\,\backslash\,} \{ ins . ch \}}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 41\hspace{1em}} DoDelImpl ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}}\@s{16.4} \E\, del \.{\in} \{ - op \.{\in} Del \.{:} op . pos \.{\in} 1 \.{\dotdot} Len ( state [ c ] ) \} - \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{27.72} \.{\land} DoOpImpl - ( c ,\, del )}% - \@x{\makebox[0pt][r]{\scriptsize 44\hspace{1em}}\@s{27.72} \.{\land} - {\UNCHANGED} chins}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}} DoImpl ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{16.4} \.{\land} DoCtx ( c +\@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}} DoImpl ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}}\@s{16.4} \.{\land} DoCtx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{16.4} \.{\land} \.{\lor} - DoInsImpl ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}}\@s{27.51} \.{\lor} DoDelImpl - ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{16.4} \.{\land} DoInt ( + DoOpImpl ,\, c )}% +\@y{\@s{0}% + \ensuremath{TODO}: refactor to use \ensuremath{DoEx(c) +}}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 31\hspace{1em}}\@s{16.4} \.{\land} {\UNCHANGED} {\langle} sbuf ,\, srec {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}} RevImpl ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{16.4} \.{\land}\@s{9.20} +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}} RevImpl ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{16.4} \.{\land}\@s{9.20} RevEx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{16.4} \.{\land}\@s{9.20} + \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}}\@s{16.4} \.{\land}\@s{9.20} \.{\LET} m \.{\defeq} Head ( cincoming [ c ] )}% - \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{57.11} cBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}}\@s{57.11} cBuf \.{\defeq} cbuf [ c ]}% - \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{57.11} cShiftedBuf + \@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}}\@s{57.11} cShiftedBuf \.{\defeq} SubSeq ( cBuf ,\, m . ack \.{+} 1 ,\, Len ( cBuf ) )}% - \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{61.21} xform \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}}\@s{61.21} xform \.{\defeq} xFormCopCopsSS ( m . cop ,\, cShiftedBuf )}% \@y{\@s{0}% [\ensuremath{lss}, \ensuremath{xss}] }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 58\hspace{1em}}\@s{40.81} \.{\IN} c2ss \.{'} + \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}}\@s{40.81} \.{\IN} c2ss \.{'} \.{=} [ c2ss {\EXCEPT} {\bang} [ c ] \.{=} @ \.{\oplus} xform . xss ]}% - \@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}}\@s{16.4} \.{\land}\@s{9.20} + \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}}\@s{16.4} \.{\land}\@s{9.20} {\UNCHANGED} s2ss}% -\@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}} SRevImpl \.{\defeq}}% -\@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}}\@s{16.4} \.{\land} SRevEx}% - \@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}} SRevImpl \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{16.4} \.{\land} SRevEx}% + \@x{\makebox[0pt][r]{\scriptsize 44\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} m \.{\defeq} Head ( sincoming )}% - \@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}}\@s{47.91} c\@s{3.77} + \@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}}\@s{47.91} c\@s{3.77} \.{\defeq} ClientOf ( m . cop )}% - \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}}\@s{47.91} cBuf \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}}\@s{47.91} cBuf \.{\defeq} sbuf [ c ]}% - \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{47.91} cShiftedBuf + \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{47.91} cShiftedBuf \.{\defeq} SubSeq ( cBuf ,\, m . ack \.{+} 1 ,\, Len ( cBuf ) )}% - \@x{\makebox[0pt][r]{\scriptsize 67\hspace{1em}}\@s{52.01} xform \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{52.01} xform \.{\defeq} xFormCopCopsSS ( m . cop ,\, cShiftedBuf )}% \@y{\@s{0}% [\ensuremath{lss}, \ensuremath{xss}] }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}}\@s{31.61} \.{\IN} s2ss \.{'} + \@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}}\@s{31.61} \.{\IN} s2ss \.{'} \.{=} [ cl \.{\in} Client \.{\mapsto}}% - \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{102.12} {\IF} cl \.{=} c + \@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}}\@s{102.12} {\IF} cl \.{=} c \.{\THEN} s2ss [ cl ] \.{\oplus} xform . xss \.{\ELSE} s2ss [ cl ] \.{\oplus} xform . lss ]}% - \@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}\@s{16.4} \.{\land} {\UNCHANGED} c2ss}% -\@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}} NextImpl \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}\@s{16.4} \.{\lor} \E\, c +\@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}} NextImpl \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{16.4} \.{\lor} \E\, c \.{\in} Client \.{:} DoImpl ( c ) \.{\lor} RevImpl ( c )}% -\@x{\makebox[0pt][r]{\scriptsize 74\hspace{1em}}\@s{16.4} \.{\lor} SRevImpl}% +\@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{16.4} \.{\lor} SRevImpl}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 76\hspace{1em}} FairnessImpl \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}}\@s{16.4} {\WF}_{ varsImpl} ( +\@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}} FairnessImpl \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 58\hspace{1em}}\@s{16.4} {\WF}_{ varsImpl} ( SRevImpl \.{\lor} \E\, c \.{\in} Client \.{:} RevImpl ( c ) )}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}} SpecImpl \.{\defeq} InitImpl + \@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}} SpecImpl \.{\defeq} InitImpl \.{\land} {\Box} [ NextImpl ]_{ varsImpl}}% \@y{\@s{0}% \ensuremath{\.{\land} FairnessImpl }}% \@xx{}% -\@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}} XJ \.{\defeq} {\INSTANCE} +\@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}}}\midbar\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}} XJ \.{\defeq} {\INSTANCE} XJupiter {\WITH}}% - \@x{\makebox[0pt][r]{\scriptsize 82\hspace{1em}}\@s{57.57} cincoming + \@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}}\@s{57.57} cincoming \.{\leftarrow} cincomingXJ ,\, sincoming \.{\leftarrow} sincomingXJ}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 84\hspace{1em}} {\THEOREM} SpecImpl + \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}} {\THEOREM} SpecImpl \.{\implies} XJ {\bang} Spec}% -\@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}}}\bottombar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}}\bottombar\@xx{}% \setboolean{shading}{false} \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Modification History \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Last modified Sun \ensuremath{Dec} 30 - 16:48:09 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} + \ensuremath{Dec} 31 21:24:30 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/AJupiterExtended.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/AJupiterExtended.tla index 932a532..695a6f6 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/AJupiterExtended.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/AJupiterExtended.tla @@ -1,7 +1,6 @@ -------------------------- MODULE AJupiterExtended -------------------------- (* -AJupiter extended with JupiterCtx. -This is used to show that AJupiter implements XJupiter. +AJupiter extended with JupiterCtx. This is used to show that AJupiter implements XJupiter. *) EXTENDS JupiterCtx ----------------------------------------------------------------------------- @@ -35,10 +34,7 @@ InitEx == /\ cbuf = [c \in Client |-> <<>>] /\ sbuf = [c \in Client |-> <<>>] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) -DoOp(c, op) == +DoOpEx(c, op) == LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] IN /\ crec' = [crec EXCEPT ![c] = 0] /\ cbuf' = [cbuf EXCEPT ![c] = Append(@, cop)] @@ -46,25 +42,11 @@ DoOp(c, op) == /\ Comm(Msg)!CSend([ack |-> crec[c], cop |-> cop, oid |-> cop.oid]) /\ commXJ!CSend(cop) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - DoEx(c) == /\ DoCtx(c) - /\ \/ DoIns(c) - \/ DoDel(c) + /\ DoInt(DoOpEx, c) /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -Client c \in Client receives a message from the Server. -*) + RevEx(c) == /\ Comm(Msg)!CRev(c) /\ commXJ!CRev(c) @@ -77,11 +59,9 @@ RevEx(c) == IN /\ cbuf' = [cbuf EXCEPT ![c] = xcBuf] /\ state' = [state EXCEPT ![c] = Apply(xcop.op, @)] /\ RevCtx(c) - /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -The Server receives a message. -*) + /\ RevInt(c) + /\ UNCHANGED <> + SRevEx == /\ Comm(Msg)!SRev /\ commXJ!SRev @@ -99,7 +79,8 @@ SRevEx == /\ Comm(Msg)!SSend(c, [cl \in Client |-> [ack |-> srec[cl], cop |-> xcop, oid |-> xcop.oid]]) /\ commXJ!SSendSame(c, xcop) /\ SRevCtx - /\ UNCHANGED <> + /\ SRevInt + /\ UNCHANGED <> ----------------------------------------------------------------------------- NextEx == \/ \E c \in Client: DoEx(c) \/ RevEx(c) @@ -116,5 +97,5 @@ QC == \* Quiescent Consistency THEOREM SpecEx => []QC ============================================================================= \* Modification History -\* Last modified Sun Dec 30 16:43:20 CST 2018 by hengxin +\* Last modified Mon Dec 31 21:21:44 CST 2018 by hengxin \* Created Thu Dec 27 21:15:09 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/AJupiterImplXJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/AJupiterImplXJupiter.tla index c9c51d0..04308cc 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/AJupiterImplXJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/AJupiterImplXJupiter.tla @@ -17,38 +17,19 @@ InitImpl == /\ c2ss = [c \in Client |-> EmptySS] /\ s2ss = [c \in Client |-> EmptySS] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) DoOpImpl(c, op) == - LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] - IN /\ crec' = [crec EXCEPT ![c] = 0] - /\ cbuf' = [cbuf EXCEPT ![c] = Append(@, cop)] - /\ state' = [state EXCEPT ![c] = Apply(op, @)] - /\ Comm(Msg)!CSend([ack |-> crec[c], cop |-> cop, oid |-> cop.oid]) - /\ commXJ!CSend(cop) - /\ c2ss' = [c2ss EXCEPT ![c] = + /\ DoOpEx(c, op) + /\ LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] + IN c2ss' = [c2ss EXCEPT ![c] = @ (+) [node |-> {ds'[c]}, - edge |-> {[from |-> ds[c], to |-> ds'[c], cop |-> cop]}] - ] - /\ UNCHANGED s2ss - -DoInsImpl(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOpImpl(c, ins) - /\ chins' = chins \ {ins.ch} - -DoDelImpl(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOpImpl(c, del) - /\ UNCHANGED chins + edge |-> {[from |-> ds[c], to |-> ds'[c], cop |-> cop]}]] + /\ UNCHANGED s2ss DoImpl(c) == /\ DoCtx(c) - /\ \/ DoInsImpl(c) - \/ DoDelImpl(c) + /\ DoInt(DoOpImpl, c) \* TODO: refactor to use DoEx(c) /\ UNCHANGED <> ------------------------------------------------------------------------------ + RevImpl(c) == /\ RevEx(c) /\ LET m == Head(cincoming[c]) @@ -57,7 +38,7 @@ RevImpl(c) == xform == xFormCopCopsSS(m.cop, cShiftedBuf) \* [lss, xss] IN c2ss' = [c2ss EXCEPT ![c] = @ (+) xform.xss] /\ UNCHANGED s2ss ------------------------------------------------------------------------------ + SRevImpl == /\ SRevEx /\ LET m == Head(sincoming) @@ -77,12 +58,12 @@ FairnessImpl == WF_varsImpl(SRevImpl \/ \E c \in Client: RevImpl(c)) SpecImpl == InitImpl /\ [][NextImpl]_varsImpl \* /\ FairnessImpl - +----------------------------------------------------------------------------- XJ == INSTANCE XJupiter WITH cincoming <- cincomingXJ, sincoming <- sincomingXJ THEOREM SpecImpl => XJ!Spec ============================================================================= \* Modification History -\* Last modified Sun Dec 30 16:48:09 CST 2018 by hengxin +\* Last modified Mon Dec 31 21:24:30 CST 2018 by hengxin \* Created Sat Dec 29 18:36:51 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/JupiterInterface.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/JupiterInterface.tla index 9eacafd..148bcf2 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/JupiterInterface.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/JupiterInterface.tla @@ -32,14 +32,6 @@ MaxLen == Cardinality(Char) + Len(InitState) \* the max length of lists in any s ClientNum == Cardinality(Client) Priority == CHOOSE f \in [Client -> 1 .. ClientNum] : Injective(f) ----------------------------------------------------------------------------- -TypeOKInt == - /\ state \in [Replica -> List] - /\ chins \subseteq Char - -InitInt == - /\ state = [r \in Replica |-> InitState] - /\ chins = Char ------------------------------------------------------------------------------ (* The set of all operations. Note: The positions are indexed from 1. *) @@ -48,7 +40,37 @@ Del == [type: {"Del"}, pos: 1 .. MaxLen] Ins == [type: {"Ins"}, pos: 1 .. (MaxLen + 1), ch: Char, pr: 1 .. ClientNum] \* pr: priority Op == Ins \cup Del \* Now we don't consider Rd operations +----------------------------------------------------------------------------- +TypeOKInt == + /\ state \in [Replica -> List] + /\ chins \subseteq Char + +InitInt == + /\ state = [r \in Replica |-> InitState] + /\ chins = Char + +DoIns(DoOp(_, _), c) == \* Client c \in Client generates an "Ins" operation. + \E ins \in {op \in Ins: + /\ op.pos \in 1 .. (Len(state[c]) + 1) + /\ op.ch \in chins /\ op.pr = Priority[c]}: + /\ DoOp(c, ins) + /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. + +DoDel(DoOp(_, _), c) == \* Client c \in Client generates a "Del" operation. + \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: + /\ DoOp(c, del) + /\ UNCHANGED chins + +DoInt(DoOp(_, _), c) == \* Client c \in Client issues an operation. + \/ DoIns(DoOp, c) + \/ DoDel(DoOp, c) + +RevInt(c) == \* Client c \in Client receives a message from the Server. + /\UNCHANGED chins + +SRevInt == \* The Server receives a message. + /\ UNCHANGED chins ============================================================================= \* Modification History -\* Last modified Mon Dec 31 18:51:58 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:25 CST 2018 by hengxin \* Created Tue Dec 04 19:01:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/MC.cfg b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/MC.cfg index 7a1b190..036c4eb 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/MC.cfg +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/MC.cfg @@ -10,22 +10,22 @@ b = b CONSTANT Server = Server \* MV CONSTANT definitions CONSTANT -Client <- const_15462569000992000 +Client <- const_154626269689879000 \* MV CONSTANT definitions CONSTANT -Char <- const_15462569000993000 +Char <- const_154626269689880000 \* SYMMETRY definition -SYMMETRY symm_15462569000994000 +SYMMETRY symm_154626269689881000 \* CONSTANT definitions CONSTANT -InitState <- const_15462569000995000 +InitState <- const_154626269689882000 \* CONSTANT definition CONSTANT Nop = Nop \* SPECIFICATION definition SPECIFICATION -spec_15462569001007000 +spec_154626269689884000 \* PROPERTY definition PROPERTY -prop_15462569001008000 -\* Generated on Mon Dec 31 19:48:20 CST 2018 \ No newline at end of file +prop_154626269689985000 +\* Generated on Mon Dec 31 21:24:56 CST 2018 \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/MC.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/MC.tla index 322912d..5f90a14 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/MC.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/MC.tla @@ -12,33 +12,33 @@ a, b ---- \* MV CONSTANT definitions Client -const_15462569000992000 == +const_154626269689879000 == {c1, c2} ---- \* MV CONSTANT definitions Char -const_15462569000993000 == +const_154626269689880000 == {a, b} ---- \* SYMMETRY definition -symm_15462569000994000 == -Permutations(const_15462569000993000) +symm_154626269689881000 == +Permutations(const_154626269689880000) ---- \* CONSTANT definitions @modelParameterConstants:2InitState -const_15462569000995000 == +const_154626269689882000 == <<>> ---- \* SPECIFICATION definition @modelBehaviorSpec:0 -spec_15462569001007000 == +spec_154626269689884000 == SpecImpl ---- \* PROPERTY definition @modelCorrectnessProperties:0 -prop_15462569001008000 == +prop_154626269689985000 == XJ!Spec ---- ============================================================================= \* Modification History -\* Created Mon Dec 31 19:48:20 CST 2018 by hengxin +\* Created Mon Dec 31 21:24:56 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/XJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/XJupiter.tla index 7387569..cf2d58a 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/XJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AJupiterImplXJupiter.toolbox/AJupiterImplXJupiter/XJupiter.tla @@ -25,11 +25,7 @@ Init == /\ c2ss = [c \in Client |-> EmptySS] /\ s2ss = [c \in Client |-> EmptySS] ----------------------------------------------------------------------------- -(* -xForm: iteratively transform cop with a path -through the 2D state space ss at some client. -*) -xForm(cop, ss, cur) == +xForm(cop, ss, cur) == \* Transform cop with a path (i.e., operation sequence) through 2D state space ss. LET u == Locate(cop, ss) v == u \cup {cop.oid} RECURSIVE xFormHelper(_, _, _, _) @@ -47,72 +43,49 @@ xForm(cop, ss, cur) == [from |-> uprime, to |-> vprime, cop |-> coph2copprime]}]) IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) ----------------------------------------------------------------------------- -(* -Client c \in Client perform operation cop. -*) -ClientPerform(cop, c) == +ClientPerform(cop, c) == \* Client c \in Client perform operation cop. LET xform == xForm(cop, c2ss[c], ds[c]) \* xform: [xss, xcop] IN /\ c2ss' = [c2ss EXCEPT ![c] = @ (+) xform.xss] /\ state' = [state EXCEPT ![c] = Apply(xform.xcop.op, @)] -(* -Client c \in Client generates an operation op. -*) + DoOp(c, op) == LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] IN /\ ClientPerform(cop, c) /\ Comm(Cop)!CSend(cop) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - Do(c) == /\ DoCtx(c) - /\ \/ DoIns(c) - \/ DoDel(c) + /\ DoInt(DoOp, c) /\ UNCHANGED s2ss -(* -Client c \in Client receives a message from the Server. -*) + Rev(c) == /\ Comm(Cop)!CRev(c) - /\ LET cop == Head(cincoming[c]) - IN ClientPerform(cop, c) + /\ ClientPerform(Head(cincoming[c]), c) /\ RevCtx(c) - /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -The Server performs operation cop. -*) + /\ RevInt(c) + /\ UNCHANGED s2ss + ServerPerform(cop) == LET c == ClientOf(cop) scur == ds[Server] xform == xForm(cop, s2ss[c], scur) \* xform: [xss, xcop] xcop == xform.xcop xcur == scur \cup {cop.oid} - IN /\ s2ss' = [cl \in Client |-> + IN /\ s2ss' = [cl \in Client |-> IF cl = c THEN s2ss[cl] (+) xform.xss ELSE s2ss[cl] (+) [node |-> {xcur}, - edge |-> {[from |-> scur, to |-> xcur, cop |-> xcop]}] - ] - /\ state' = [state EXCEPT ![Server] = Apply(xcop.op, @)] - /\ Comm(Cop)!SSendSame(c, xcop) -(* -The Server receives a message. -*) + edge |-> {[from |-> scur, to |-> xcur, cop |-> xcop]}] + ] + /\ state' = [state EXCEPT ![Server] = Apply(xcop.op, @)] + /\ Comm(Cop)!SSendSame(c, xcop) + SRev == /\ Comm(Cop)!SRev - /\ LET cop == Head(sincoming) - IN ServerPerform(cop) + /\ ServerPerform(Head(sincoming)) /\ SRevCtx - /\ UNCHANGED <> + /\ SRevInt + /\ UNCHANGED c2ss ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) @@ -129,5 +102,5 @@ CSSync == \* Each client c \in Client is synchonized with the Server. THEOREM Spec => []CSSync ============================================================================= \* Modification History -\* Last modified Mon Dec 31 11:05:08 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:46:54 CST 2018 by hengxin \* Created Tue Oct 09 16:33:18 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.pdf index 330a0a8..86d3227 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.tla index c15ee99..3aaa1b8 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.tla @@ -43,37 +43,23 @@ Perform(cop, r) == IN /\ state' = [state EXCEPT ![r] = Apply(xform.xcop.op, @)] /\ copss' = [copss EXCEPT ![r] = xform.xcopss \cup {cop}] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) -DoOp(c, op) == \* op: the raw operation generated by the client c \in Client - /\ LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] - IN /\ Perform(cop, c) - /\ Comm(Cop)!CSend(cop) - -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins +DoOp(c, op) == \* Client c \in Client processes a locally generated operation op. + LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] + IN /\ Perform(cop, c) + /\ Comm(Cop)!CSend(cop) Do(c) == /\ DoCtx(c) /\ DoSerial(c) - /\ \/ DoIns(c) - \/ DoDel(c) ------------------------------------------------------------------------------ + /\ DoInt(DoOp, c) + Rev(c) == /\ Comm(Cop)!CRev(c) /\ Perform(Head(cincoming[c]), c) /\ RevSerial(c) /\ RevCtx(c) - /\ UNCHANGED chins ------------------------------------------------------------------------------ + /\ RevInt(c) + SRev == /\ Comm(Cop)!SRev /\ LET cop == Head(sincoming) @@ -81,7 +67,7 @@ SRev == /\ Comm(Cop)!SSendSame(cop.oid.c, cop) /\ SRevSerial /\ SRevCtx - /\ UNCHANGED chins + /\ SRevInt ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) @@ -98,5 +84,5 @@ Compactness == THEOREM Spec => Compactness ============================================================================= \* Modification History -\* Last modified Mon Dec 31 10:50:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:49 CST 2018 by hengxin \* Created Wed Dec 05 19:55:52 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/AbsJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/AbsJupiter.pdf index 330a0a8..86d3227 100755 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/AbsJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/AbsJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/AbsJupiter.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/AbsJupiter.tex index fcb3798..09da70f 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/AbsJupiter.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/AbsJupiter.tex @@ -1046,122 +1046,91 @@ \.{'} \.{=} [ copss {\EXCEPT} {\bang} [ r ] \.{=} xform . xcopss \.{\cup} \{ cop \} ]}% \@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Client \ensuremath{c \.{\in} Client} issues an operation \ensuremath{op}. -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}} DoOp ( c ,\, op ) + \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}} DoOp ( c ,\, op )\@s{5.43} \.{\defeq}}% \@y{\@s{0}% - \ensuremath{op}: the raw operation generated by the client \ensuremath{c - \.{\in} Client -}}% + Client \ensuremath{c \.{\in} Client} processes a locally generated operation + \ensuremath{op}. +}% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}}\@s{26.06} \.{\land} \.{\LET} - cop \.{\defeq} [ op \.{\mapsto} op ,\, oid \.{\mapsto} [ c \.{\mapsto} c ,\, - seq \.{\mapsto} cseq \.{'} [ c ] ] ,\, ctx \.{\mapsto} ds [ c ] ]}% - \@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}\@s{37.18} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{26.06} \.{\LET} cop + \.{\defeq} [ op \.{\mapsto} op ,\, oid \.{\mapsto} [ c \.{\mapsto} c ,\, seq + \.{\mapsto} cseq \.{'} [ c ] ] ,\, ctx \.{\mapsto} ds [ c ] ]}% + \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{30.16} \.{\IN} \.{\land} Perform ( cop ,\, c )}% - \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}}\@s{57.58} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}}\@s{50.56} \.{\land} Comm ( Cop ) {\bang} CSend ( cop )}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}} DoIns ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{16.4} \E\, ins \.{\in} \{ - op \.{\in} Ins \.{:} op . pos \.{\in} 1 \.{\dotdot} ( Len ( state [ c ] ) - \.{+} 1 ) \.{\land} op . ch \.{\in} chins \.{\land} op . pr \.{=} Priority [ - c ] \} \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, ins )}% - \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{27.72} \.{\land} chins - \.{'} \.{=} chins \.{\,\backslash\,} \{ ins . ch \}}% -\@y{\@s{0}% - We assume that all inserted elements are unique. -}% -\@xx{}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}} DoDel ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}}\@s{16.4} \E\, del \.{\in} \{ - op \.{\in} Del \.{:} op . pos \.{\in} 1 \.{\dotdot} Len ( state [ c ] ) \} - \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, del )}% - \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}}\@s{27.72} \.{\land} - {\UNCHANGED} chins}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}} Do ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}}\@s{22.34} \.{\land} DoCtx ( +\@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}} Do ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}}\@s{22.34} \.{\land} DoCtx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{22.34} \.{\land} DoSerial + \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{22.34} \.{\land} DoSerial ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 67\hspace{1em}}\@s{22.34} \.{\land} \.{\lor} - DoIns ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}}\@s{33.45} \.{\lor} DoDel ( c - )}% -\@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}} Rev ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}\@s{20.94} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{22.34} \.{\land} DoInt ( + DoOp ,\, c )}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}} Rev ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{20.94} \.{\land} Comm ( Cop ) {\bang} CRev ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{20.94} \.{\land} Perform + \@x{\makebox[0pt][r]{\scriptsize 58\hspace{1em}}\@s{20.94} \.{\land} Perform ( Head ( cincoming [ c ] ) ,\, c )}% - \@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}\@s{20.94} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}}\@s{20.94} \.{\land} RevSerial ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 74\hspace{1em}}\@s{20.94} \.{\land} RevCtx ( + \@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}}\@s{20.94} \.{\land} RevCtx ( + c )}% + \@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}}\@s{20.94} \.{\land} RevInt ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 75\hspace{1em}}\@s{20.94} \.{\land} - {\UNCHANGED} chins}% -\@x{\makebox[0pt][r]{\scriptsize 76\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}} SRev \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 78\hspace{1em}}\@s{16.4} \.{\land} Comm ( +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}} SRev \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}}\@s{16.4} \.{\land} Comm ( Cop ) {\bang} SRev}% - \@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} + \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} cop \.{\defeq} Head ( sincoming )}% - \@x{\makebox[0pt][r]{\scriptsize 80\hspace{1em}}\@s{31.61} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{31.61} \.{\IN} \.{\land} Perform ( cop ,\, Server )}% - \@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}}\@s{52.01} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 67\hspace{1em}}\@s{52.01} \.{\land} Comm ( Cop ) {\bang} SSendSame ( cop . oid . c ,\, cop )}% - \@x{\makebox[0pt][r]{\scriptsize 82\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}}\@s{16.4} \.{\land} SRevSerial}% -\@x{\makebox[0pt][r]{\scriptsize 83\hspace{1em}}\@s{16.4} \.{\land} SRevCtx}% - \@x{\makebox[0pt][r]{\scriptsize 84\hspace{1em}}\@s{16.4} \.{\land} - {\UNCHANGED} chins}% -\@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 86\hspace{1em}} Next \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 87\hspace{1em}}\@s{16.4} \.{\lor} \E\, c +\@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{16.4} \.{\land} SRevCtx}% +\@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}}\@s{16.4} \.{\land} SRevInt}% +\@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}} Next \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}\@s{16.4} \.{\lor} \E\, c \.{\in} Client \.{:} Do ( c ) \.{\lor} Rev ( c )}% -\@x{\makebox[0pt][r]{\scriptsize 88\hspace{1em}}\@s{16.4} \.{\lor} SRev}% +\@x{\makebox[0pt][r]{\scriptsize 74\hspace{1em}}\@s{16.4} \.{\lor} SRev}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 90\hspace{1em}} Fairness \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 91\hspace{1em}}\@s{16.4} {\WF}_{ vars} ( +\@x{\makebox[0pt][r]{\scriptsize 76\hspace{1em}} Fairness \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}}\@s{16.4} {\WF}_{ vars} ( SRev \.{\lor} \E\, c \.{\in} Client \.{:} Rev ( c ) )}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 93\hspace{1em}} Spec \.{\defeq} Init + \@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}} Spec \.{\defeq} Init \.{\land} {\Box} [ Next ]_{ vars}}% \@y{\@s{0}% \ensuremath{\.{\land} Fairness }}% \@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 94\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 95\hspace{1em}} Compactness \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 96\hspace{1em}}\@s{16.4} Comm ( Cop ) +\@x{\makebox[0pt][r]{\scriptsize 80\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}} Compactness \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 82\hspace{1em}}\@s{16.4} Comm ( Cop ) {\bang} EmptyChannel \.{\implies} Cardinality ( Range ( copss ) ) \.{=} 1}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 98\hspace{1em}} {\THEOREM} Spec \.{\implies} + \@x{\makebox[0pt][r]{\scriptsize 84\hspace{1em}} {\THEOREM} Spec \.{\implies} Compactness}% -\@x{\makebox[0pt][r]{\scriptsize 99\hspace{1em}}}\bottombar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}}}\bottombar\@xx{}% \setboolean{shading}{false} \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% -\ensuremath{\.{\,\backslash\,}}* Modification History +\ensuremath{\.{\,\backslash\,}\.{*}} Modification History \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} - \ensuremath{Dec} 31 10:50:36 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}\.{*} Last} modified \ensuremath{Mon} + \ensuremath{Dec} 31 20:27:49 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Created \ensuremath{Wed} \ensuremath{Dec} 05 - 19:55:52 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}\.{*}} Created \ensuremath{Wed} + \ensuremath{Dec} 05 19:55:52 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \end{lcom}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/AbsJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/AbsJupiter.tla index c15ee99..3aaa1b8 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/AbsJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/AbsJupiter.tla @@ -43,37 +43,23 @@ Perform(cop, r) == IN /\ state' = [state EXCEPT ![r] = Apply(xform.xcop.op, @)] /\ copss' = [copss EXCEPT ![r] = xform.xcopss \cup {cop}] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) -DoOp(c, op) == \* op: the raw operation generated by the client c \in Client - /\ LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] - IN /\ Perform(cop, c) - /\ Comm(Cop)!CSend(cop) - -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins +DoOp(c, op) == \* Client c \in Client processes a locally generated operation op. + LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] + IN /\ Perform(cop, c) + /\ Comm(Cop)!CSend(cop) Do(c) == /\ DoCtx(c) /\ DoSerial(c) - /\ \/ DoIns(c) - \/ DoDel(c) ------------------------------------------------------------------------------ + /\ DoInt(DoOp, c) + Rev(c) == /\ Comm(Cop)!CRev(c) /\ Perform(Head(cincoming[c]), c) /\ RevSerial(c) /\ RevCtx(c) - /\ UNCHANGED chins ------------------------------------------------------------------------------ + /\ RevInt(c) + SRev == /\ Comm(Cop)!SRev /\ LET cop == Head(sincoming) @@ -81,7 +67,7 @@ SRev == /\ Comm(Cop)!SSendSame(cop.oid.c, cop) /\ SRevSerial /\ SRevCtx - /\ UNCHANGED chins + /\ SRevInt ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) @@ -98,5 +84,5 @@ Compactness == THEOREM Spec => Compactness ============================================================================= \* Modification History -\* Last modified Mon Dec 31 10:50:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:49 CST 2018 by hengxin \* Created Wed Dec 05 19:55:52 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/CSComm.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/CSComm.tla index 7a0691d..7cd4728 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/CSComm.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/CSComm.tla @@ -5,9 +5,9 @@ Specification of communication in a Client-Server system model. EXTENDS SequenceUtils ----------------------------------------------------------------------------- CONSTANTS - Client, \* the set of clients - Server, \* the (unique) server - Msg \* the set of possible messages + Client, \* the set of clients + Server, \* the (unique) server + Msg \* the set of messages ----------------------------------------------------------------------------- VARIABLES cincoming, \* cincoming[c]: incoming channel at client c \in Client @@ -23,44 +23,32 @@ Init == EmptyChannel == Init ----------------------------------------------------------------------------- -(* -A client sends a message msg to the Server. -*) -CSend(msg) == +CSend(msg) == \* A client sends a message msg to the Server. /\ sincoming' = Append(sincoming, msg) /\ UNCHANGED cincoming -(* -Client c receives a message from the Server. -*) -CRev(c) == + +CRev(c) == \* Client c receives and consumes a message from the Server. /\ cincoming[c] # <<>> - /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] \* consume a message + /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] /\ UNCHANGED sincoming ----------------------------------------------------------------------------- (* SRev/SSend below is often used as a subaction. No UNCHANGED in their definitions. *) -(* -The Server receives a message. -*) -SRev == +SRev == \* The Server receives and consumes a message. /\ sincoming # <<>> - /\ sincoming' = Tail(sincoming) \* consume a message -(* -The Server sents a message cmsg to each client other than c \in Client. -*) -SSend(c, cmsg) == + /\ sincoming' = Tail(sincoming) + +SSend(c, cmsg) == \* The Server sents a message cmsg to each client other than c \in Client. /\ cincoming' = [cl \in Client |-> IF cl = c THEN cincoming[cl] ELSE Append(cincoming[cl], cmsg[cl])] -(* -The Server broadcasts the same message msg to all Clients other than c \in Client. -*) -SSendSame(c, msg) == + +SSendSame(c, msg) == \* The Server broadcasts the message msg to all clients other than c \in Client. /\ SSend(c, [cl \in Client |-> msg]) ============================================================================= \* Modification History -\* Last modified Tue Dec 04 20:49:02 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:04:29 CST 2018 by hengxin \* Created Sun Jun 24 10:25:34 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterCtx.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterCtx.tla index 25e92f5..151b007 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterCtx.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterCtx.tla @@ -19,7 +19,7 @@ ClientOf(cop) == cop.oid.c COT(lcop, rcop) == \* OT of two Cop(s). [lcop EXCEPT !.op = Xform(lcop.op, rcop.op), !.ctx = @ \cup {rcop.oid}] -UpdateDS(r, oid) == \* update ds to include new oid \in Oid +UpdateDS(r, oid) == \* update ds[r] to include new oid \in Oid ds' = [ds EXCEPT ![r] = @ \cup {oid}] ----------------------------------------------------------------------------- TypeOKCtx == @@ -43,5 +43,5 @@ SRevCtx == /\ UNCHANGED cseq ============================================================================= \* Modification History -\* Last modified Fri Dec 28 14:38:39 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:52:44 CST 2018 by hengxin \* Created Wed Dec 05 20:03:50 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterInterface.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterInterface.tla index d39304a..148bcf2 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterInterface.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterInterface.tla @@ -6,9 +6,9 @@ the interface of a family of Jupiter specs. EXTENDS Integers, SequenceUtils, OT ----------------------------------------------------------------------------- CONSTANTS + Char, \* the set of characters Client, \* the set of client replicas Server, \* the (unique) server replica - Char, \* the set of characters allowed to be inserted InitState \* the initial state of each replica ASSUME \* We assume that all inserted elements are unique. @@ -32,14 +32,6 @@ MaxLen == Cardinality(Char) + Len(InitState) \* the max length of lists in any s ClientNum == Cardinality(Client) Priority == CHOOSE f \in [Client -> 1 .. ClientNum] : Injective(f) ----------------------------------------------------------------------------- -TypeOKInt == - /\ state \in [Replica -> List] - /\ chins \subseteq Char - -InitInt == - /\ state = [r \in Replica |-> InitState] - /\ chins = Char ------------------------------------------------------------------------------ (* The set of all operations. Note: The positions are indexed from 1. *) @@ -48,7 +40,37 @@ Del == [type: {"Del"}, pos: 1 .. MaxLen] Ins == [type: {"Ins"}, pos: 1 .. (MaxLen + 1), ch: Char, pr: 1 .. ClientNum] \* pr: priority Op == Ins \cup Del \* Now we don't consider Rd operations +----------------------------------------------------------------------------- +TypeOKInt == + /\ state \in [Replica -> List] + /\ chins \subseteq Char + +InitInt == + /\ state = [r \in Replica |-> InitState] + /\ chins = Char + +DoIns(DoOp(_, _), c) == \* Client c \in Client generates an "Ins" operation. + \E ins \in {op \in Ins: + /\ op.pos \in 1 .. (Len(state[c]) + 1) + /\ op.ch \in chins /\ op.pr = Priority[c]}: + /\ DoOp(c, ins) + /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. + +DoDel(DoOp(_, _), c) == \* Client c \in Client generates a "Del" operation. + \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: + /\ DoOp(c, del) + /\ UNCHANGED chins + +DoInt(DoOp(_, _), c) == \* Client c \in Client issues an operation. + \/ DoIns(DoOp, c) + \/ DoDel(DoOp, c) + +RevInt(c) == \* Client c \in Client receives a message from the Server. + /\UNCHANGED chins + +SRevInt == \* The Server receives a message. + /\ UNCHANGED chins ============================================================================= \* Modification History -\* Last modified Wed Dec 12 20:20:43 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:25 CST 2018 by hengxin \* Created Tue Dec 04 19:01:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterSerial.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterSerial.tla index d766fce..d3bd0bd 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterSerial.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/JupiterSerial.tla @@ -30,7 +30,7 @@ commSerial == INSTANCE CSComm WITH Msg <- Seq(Oid), TypeOKSerial == /\ serial \in [Replica -> Seq(Oid)] /\ commSerial!TypeOK ------------------------------------------------------------------------------ + InitSerial == /\ serial = [r \in Replica |-> <<>>] /\ commSerial!Init @@ -44,10 +44,10 @@ RevSerial(c) == SRevSerial == /\ LET cop == Head(sincoming) - IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] + IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] /\ commSerial!SSendSame(cop.oid.c, serial'[Server]) /\ UNCHANGED <> ============================================================================= \* Modification History -\* Last modified Wed Dec 12 21:04:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:54:56 CST 2018 by hengxin \* Created Wed Dec 05 21:03:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/MC.cfg b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/MC.cfg index 8020b92..16c8812 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/MC.cfg +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/MC.cfg @@ -10,22 +10,22 @@ b = b CONSTANT Server = Server \* MV CONSTANT definitions CONSTANT -Client <- const_15462247898772000 +Client <- const_154625928656630000 \* MV CONSTANT definitions CONSTANT -Char <- const_15462247898773000 +Char <- const_154625928656631000 \* SYMMETRY definition -SYMMETRY symm_15462247898774000 +SYMMETRY symm_154625928656632000 \* CONSTANT definitions CONSTANT -InitState <- const_15462247898775000 +InitState <- const_154625928656633000 \* CONSTANT definition CONSTANT Nop = Nop \* SPECIFICATION definition SPECIFICATION -spec_15462247898777000 +spec_154625928656635000 \* INVARIANT definition INVARIANT -inv_15462247898778000 -\* Generated on Mon Dec 31 10:53:09 CST 2018 \ No newline at end of file +inv_154625928656636000 +\* Generated on Mon Dec 31 20:28:06 CST 2018 \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/MC.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/MC.tla index 4bc99c8..8449257 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/MC.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/MC.tla @@ -12,33 +12,33 @@ a, b ---- \* MV CONSTANT definitions Client -const_15462247898772000 == +const_154625928656630000 == {c1, c2} ---- \* MV CONSTANT definitions Char -const_15462247898773000 == +const_154625928656631000 == {a, b} ---- \* SYMMETRY definition -symm_15462247898774000 == -Permutations(const_15462247898773000) +symm_154625928656632000 == +Permutations(const_154625928656631000) ---- \* CONSTANT definitions @modelParameterConstants:2InitState -const_15462247898775000 == +const_154625928656633000 == <<>> ---- \* SPECIFICATION definition @modelBehaviorSpec:0 -spec_15462247898777000 == +spec_154625928656635000 == Spec ---- \* INVARIANT definition @modelCorrectnessInvariants:0 -inv_15462247898778000 == +inv_154625928656636000 == Compactness ---- ============================================================================= \* Modification History -\* Created Mon Dec 31 10:53:09 CST 2018 by hengxin +\* Created Mon Dec 31 20:28:06 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/OT.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/OT.tla index a8dacd0..4980ff3 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/OT.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/OT.tla @@ -1,21 +1,11 @@ --------------------------------- MODULE OT --------------------------------- -(***************************************************************************) -(* Specification of OT (Operational Transformation) functions. *) -(* It consists of the basic OT functions for two operations and *) -(* more general ones involving operation sequences. *) -(***************************************************************************) +(* +This module contains the basic OT (Operational Transformation) functions +for two operations and general ones involving operation sequences. +*) EXTENDS OpOperators, SetUtils ----------------------------------------------------------------------------- -(***************************************************************************) -(* OT (Operational Transformation) functions. *) -(* *) -(* Naming convention: I for "Ins" and D for "Del". *) -(***************************************************************************) - -(***************************************************************************) -(* The left "Ins" lins transformed against the right "Ins" rins. *) -(***************************************************************************) -XformII(lins, rins) == +XformII(lins, rins) == \* lins is transformed against rins IF lins.pos < rins.pos THEN lins ELSE IF lins.pos > rins.pos @@ -25,84 +15,59 @@ XformII(lins, rins) == ELSE IF lins.pr > rins.pr THEN [lins EXCEPT !.pos = @+1] ELSE lins -(***************************************************************************) -(* The left "Ins" ins transformed against the right "Del" del. *) -(***************************************************************************) -XformID(ins, del) == + +XformID(ins, del) == \* ins is transformed against del IF ins.pos <= del.pos THEN ins ELSE [ins EXCEPT !.pos = @-1] -(***************************************************************************) -(* The left "Del" del transformed against the right "Ins" ins. *) -(***************************************************************************) -XformDI(del, ins) == + +XformDI(del, ins) == \* del is transformed against ins IF del.pos < ins.pos THEN del ELSE [del EXCEPT !.pos = @+1] -(***************************************************************************) -(* The left "Del" ldel transformed against the right "Del" rdel. *) -(***************************************************************************) -XformDD(ldel, rdel) == + +XformDD(ldel, rdel) == \* ldel is transformed against rdel IF ldel.pos < rdel.pos THEN ldel ELSE IF ldel.pos > rdel.pos THEN [ldel EXCEPT !.pos = @-1] ELSE Nop ------------------------------------------------------------------------------ -(***************************************************************************) -(* Transform the left operation lop against the right operation rop *) -(* with appropriate OT function. *) -(***************************************************************************) -Xform(lop, rop) == + +Xform(lop, rop) == \* lop is transformed against rop CASE lop = Nop \/ rop = Nop -> lop [] lop.type = "Ins" /\ rop.type = "Ins" -> XformII(lop, rop) [] lop.type = "Ins" /\ rop.type = "Del" -> XformID(lop, rop) [] lop.type = "Del" /\ rop.type = "Ins" -> XformDI(lop, rop) [] lop.type = "Del" /\ rop.type = "Del" -> XformDD(lop, rop) ----------------------------------------------------------------------------- -(***************************************************************************) -(* Generalized OT functions on operation sequences. *) -(***************************************************************************) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(***************************************************************************) -RECURSIVE XformOpOps(_, _, _) -XformOpOps(xform(_,_), op, ops) == +(* +Generalized OT functions on operation sequences. +*) +RECURSIVE XformOpOps(_, _, _) +XformOpOps(xform(_,_), op, ops) == \* Transform an operation op against an operation sequence ops. IF ops = <<>> THEN op ELSE XformOpOps(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(* Being different from XformOpOps, *) -(* XformOpOpsX maintains the intermediate transformed operation *) -(***************************************************************************) + RECURSIVE XformOpOpsX(_, _,_) -XformOpOpsX(xform(_, _), op, ops) == +XformOpOpsX(xform(_, _), op, ops) == \* Transform an operation op against an operation sequence ops. IF ops = <<>> - THEN <> + THEN <> \* Maintain and return the intermediate transformed operations. ELSE <> \o XformOpOpsX(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation sequence ops *) -(* against an operation op. *) -(***************************************************************************) -XformOpsOp(xform(_, _), ops, op) == + +XformOpsOp(xform(_, _), ops, op) == \* Transform an operation sequence ops against an operation op. LET opX == XformOpOpsX(xform, op, ops) IN [i \in 1 .. Len(ops) |-> xform(ops[i], opX[i])] -(***************************************************************************) -(* Iteratively/recursively transforms an operation sequence ops1 *) -(* against another operation sequence ops2. *) -(* *) -(* See also Definition 2.13 of the paper "Imine @ TCS06". *) -(***************************************************************************) +(* +Transforms an operation sequence ops1 against another operation sequence ops2; +see Definition 2.13 of the paper "Imine@TCS06". +*) RECURSIVE XformOpsOps(_, _,_) -XformOpsOps(xform(_, _), ops1, ops2) == +XformOpsOps(xform(_, _), ops1, ops2) == IF ops2 = <<>> THEN ops1 ELSE XformOpsOps(xform, XformOpsOp(xform, ops1, Head(ops2)), Tail(ops2)) ============================================================================= \* Modification History -\* Last modified Fri Dec 28 14:58:58 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:45:16 CST 2018 by hengxin \* Created Sun Jun 24 15:57:48 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/OpOperators.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/OpOperators.tla index 6131506..2989bbe 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/OpOperators.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/Compactness/OpOperators.tla @@ -1,39 +1,23 @@ ---------------------------- MODULE OpOperators ---------------------------- -(***************************************************************************) -(* Operators for Op. *) -(***************************************************************************) +(* +Operators for Op. +*) EXTENDS Naturals, Sequences, SequenceUtils - -Nop == PickNone(Nat) ----------------------------------------------------------------------------- -(*********************************************************************) -(* The "Apply" operator which applies an operation op on the list l. *) -(* *) -(* Del: If pos > Len(l), the last element of l is deleted. *) -(* This is realized by the DeleteElement operator. *) -(* Ins: If pos > Len(l), the new element is appended to l. *) -(* This is realized by the InsertElement operator. *) -(*********************************************************************) -Apply(op, l) == CASE op = Nop -> l - [] op.type = "Rd" -> l - [] op.type = "Del" -> DeleteElement(l, op.pos) - [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) -(*********************************************************************) -(* The "ApplyOps" operator which applies an operation sequence ops *) -(* on the list l. *) -(*********************************************************************) -RECURSIVE ApplyOps(_, _) +Nop == PickNone(Nat) + +Apply(op, l) == \* Apply an operation op on the list l. + CASE op = Nop -> l + [] op.type = "Rd" -> l + [] op.type = "Del" -> DeleteElement(l, op.pos) \* Last(l) is deleted if pos > Len(l) + [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) \* Append(l, ch) if pos > Len(l) + +RECURSIVE ApplyOps(_, _) \* Apply an operation sequence ops on the list l. ApplyOps(ops, l) == IF ops = <<>> THEN l ELSE Apply(Last(ops), ApplyOps(AllButLast(ops), l)) ------------------------------------------------------------------------------ -(*********************************************************************) -(* Check whether an operation op is legal with respect to the list l.*) -(*********************************************************************) -IsLegalOp(op, l) == CASE op.type = "Del" -> op.pos <= Len(l) - [] op.type = "Ins" -> op.pos <= Len(l) + 1 ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:14:35 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:21:16 CST 2018 by hengxin \* Created Tue Aug 28 14:58:54 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/JupiterInterface.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/JupiterInterface.pdf new file mode 100644 index 0000000..69a240b Binary files /dev/null and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/JupiterInterface.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/JupiterInterface.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/JupiterInterface.tex new file mode 100644 index 0000000..53a909d --- /dev/null +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiter.toolbox/JupiterInterface.tex @@ -0,0 +1,1161 @@ +\batchmode %% Suppresses most terminal output. +\documentclass{article} +\usepackage{color} +\definecolor{boxshade}{gray}{0.85} +\setlength{\textwidth}{360pt} +\setlength{\textheight}{541pt} +\usepackage{latexsym} +\usepackage{ifthen} +% \usepackage{color} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% SWITCHES % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\newboolean{shading} +\setboolean{shading}{false} +\makeatletter + %% this is needed only when inserted into the file, not when + %% used as a package file. +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% % +% DEFINITIONS OF SYMBOL-PRODUCING COMMANDS % +% % +% TLA+ LaTeX % +% symbol command % +% ------ ------- % +% => \implies % +% <: \ltcolon % +% :> \colongt % +% == \defeq % +% .. \dotdot % +% :: \coloncolon % +% =| \eqdash % +% ++ \pp % +% -- \mm % +% ** \stst % +% // \slsl % +% ^ \ct % +% \A \A % +% \E \E % +% \AA \AA % +% \EE \EE % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\newlength{\symlength} +\newcommand{\implies}{\Rightarrow} +\newcommand{\ltcolon}{\mathrel{<\!\!\mbox{:}}} +\newcommand{\colongt}{\mathrel{\!\mbox{:}\!\!>}} +\newcommand{\defeq}{\;\mathrel{\smash %% keep this symbol from being too tall + {{\stackrel{\scriptscriptstyle\Delta}{=}}}}\;} +\newcommand{\dotdot}{\mathrel{\ldotp\ldotp}} +\newcommand{\coloncolon}{\mathrel{::\;}} +\newcommand{\eqdash}{\mathrel = \joinrel \hspace{-.28em}|} +\newcommand{\pp}{\mathbin{++}} +\newcommand{\mm}{\mathbin{--}} +\newcommand{\stst}{*\!*} +\newcommand{\slsl}{/\!/} +\newcommand{\ct}{\hat{\hspace{.4em}}} +\newcommand{\A}{\forall} +\newcommand{\E}{\exists} +\renewcommand{\AA}{\makebox{$\raisebox{.05em}{\makebox[0pt][l]{% + $\forall\hspace{-.517em}\forall\hspace{-.517em}\forall$}}% + \forall\hspace{-.517em}\forall \hspace{-.517em}\forall\,$}} +\newcommand{\EE}{\makebox{$\raisebox{.05em}{\makebox[0pt][l]{% + $\exists\hspace{-.517em}\exists\hspace{-.517em}\exists$}}% + \exists\hspace{-.517em}\exists\hspace{-.517em}\exists\,$}} +\newcommand{\whileop}{\.{\stackrel + {\mbox{\raisebox{-.3em}[0pt][0pt]{$\scriptscriptstyle+\;\,$}}}% + {-\hspace{-.16em}\triangleright}}} + +% Commands are defined to produce the upper-case keywords. +% Note that some have space after them. +\newcommand{\ASSUME}{\textsc{assume }} +\newcommand{\ASSUMPTION}{\textsc{assumption }} +\newcommand{\AXIOM}{\textsc{axiom }} +\newcommand{\BOOLEAN}{\textsc{boolean }} +\newcommand{\CASE}{\textsc{case }} +\newcommand{\CONSTANT}{\textsc{constant }} +\newcommand{\CONSTANTS}{\textsc{constants }} +\newcommand{\ELSE}{\settowidth{\symlength}{\THEN}% + \makebox[\symlength][l]{\textsc{ else}}} +\newcommand{\EXCEPT}{\textsc{ except }} +\newcommand{\EXTENDS}{\textsc{extends }} +\newcommand{\FALSE}{\textsc{false}} +\newcommand{\IF}{\textsc{if }} +\newcommand{\IN}{\settowidth{\symlength}{\LET}% + \makebox[\symlength][l]{\textsc{in}}} +\newcommand{\INSTANCE}{\textsc{instance }} +\newcommand{\LET}{\textsc{let }} +\newcommand{\LOCAL}{\textsc{local }} +\newcommand{\MODULE}{\textsc{module }} +\newcommand{\OTHER}{\textsc{other }} +\newcommand{\STRING}{\textsc{string}} +\newcommand{\THEN}{\textsc{ then }} +\newcommand{\THEOREM}{\textsc{theorem }} +\newcommand{\LEMMA}{\textsc{lemma }} +\newcommand{\PROPOSITION}{\textsc{proposition }} +\newcommand{\COROLLARY}{\textsc{corollary }} +\newcommand{\TRUE}{\textsc{true}} +\newcommand{\VARIABLE}{\textsc{variable }} +\newcommand{\VARIABLES}{\textsc{variables }} +\newcommand{\WITH}{\textsc{ with }} +\newcommand{\WF}{\textrm{WF}} +\newcommand{\SF}{\textrm{SF}} +\newcommand{\CHOOSE}{\textsc{choose }} +\newcommand{\ENABLED}{\textsc{enabled }} +\newcommand{\UNCHANGED}{\textsc{unchanged }} +\newcommand{\SUBSET}{\textsc{subset }} +\newcommand{\UNION}{\textsc{union }} +\newcommand{\DOMAIN}{\textsc{domain }} +% Added for tla2tex +\newcommand{\BY}{\textsc{by }} +\newcommand{\OBVIOUS}{\textsc{obvious }} +\newcommand{\HAVE}{\textsc{have }} +\newcommand{\QED}{\textsc{qed }} +\newcommand{\TAKE}{\textsc{take }} +\newcommand{\DEF}{\textsc{ def }} +\newcommand{\HIDE}{\textsc{hide }} +\newcommand{\RECURSIVE}{\textsc{recursive }} +\newcommand{\USE}{\textsc{use }} +\newcommand{\DEFINE}{\textsc{define }} +\newcommand{\PROOF}{\textsc{proof }} +\newcommand{\WITNESS}{\textsc{witness }} +\newcommand{\PICK}{\textsc{pick }} +\newcommand{\DEFS}{\textsc{defs }} +\newcommand{\PROVE}{\settowidth{\symlength}{\ASSUME}% + \makebox[\symlength][l]{\textsc{prove}}\@s{-4.1}}% + %% The \@s{-4.1) is a kludge added on 24 Oct 2009 [happy birthday, Ellen] + %% so the correct alignment occurs if the user types + %% ASSUME X + %% PROVE Y + %% because it cancels the extra 4.1 pts added because of the + %% extra space after the PROVE. This seems to works OK. + %% However, the 4.1 equals Parameters.LaTeXLeftSpace(1) and + %% should be changed if that method ever changes. +\newcommand{\SUFFICES}{\textsc{suffices }} +\newcommand{\NEW}{\textsc{new }} +\newcommand{\LAMBDA}{\textsc{lambda }} +\newcommand{\STATE}{\textsc{state }} +\newcommand{\ACTION}{\textsc{action }} +\newcommand{\TEMPORAL}{\textsc{temporal }} +\newcommand{\ONLY}{\textsc{only }} %% added by LL on 2 Oct 2009 +\newcommand{\OMITTED}{\textsc{omitted }} %% added by LL on 31 Oct 2009 +\newcommand{\@pfstepnum}[2]{\ensuremath{\langle#1\rangle}\textrm{#2}} +\newcommand{\bang}{\@s{1}\mbox{\small !}\@s{1}} +%% We should format || differently in PlusCal code than in TLA+ formulas. +\newcommand{\p@barbar}{\ifpcalsymbols + \,\,\rule[-.25em]{.075em}{1em}\hspace*{.2em}\rule[-.25em]{.075em}{1em}\,\,% + \else \,||\,\fi} +%% PlusCal keywords +\newcommand{\p@fair}{\textbf{fair }} +\newcommand{\p@semicolon}{\textbf{\,; }} +\newcommand{\p@algorithm}{\textbf{algorithm }} +\newcommand{\p@mmfair}{\textbf{-{}-fair }} +\newcommand{\p@mmalgorithm}{\textbf{-{}-algorithm }} +\newcommand{\p@assert}{\textbf{assert }} +\newcommand{\p@await}{\textbf{await }} +\newcommand{\p@begin}{\textbf{begin }} +\newcommand{\p@end}{\textbf{end }} +\newcommand{\p@call}{\textbf{call }} +\newcommand{\p@define}{\textbf{define }} +\newcommand{\p@do}{\textbf{ do }} +\newcommand{\p@either}{\textbf{either }} +\newcommand{\p@or}{\textbf{or }} +\newcommand{\p@goto}{\textbf{goto }} +\newcommand{\p@if}{\textbf{if }} +\newcommand{\p@then}{\,\,\textbf{then }} +\newcommand{\p@else}{\ifcsyntax \textbf{else } \else \,\,\textbf{else }\fi} +\newcommand{\p@elsif}{\,\,\textbf{elsif }} +\newcommand{\p@macro}{\textbf{macro }} +\newcommand{\p@print}{\textbf{print }} +\newcommand{\p@procedure}{\textbf{procedure }} +\newcommand{\p@process}{\textbf{process }} +\newcommand{\p@return}{\textbf{return}} +\newcommand{\p@skip}{\textbf{skip}} +\newcommand{\p@variable}{\textbf{variable }} +\newcommand{\p@variables}{\textbf{variables }} +\newcommand{\p@while}{\textbf{while }} +\newcommand{\p@when}{\textbf{when }} +\newcommand{\p@with}{\textbf{with }} +\newcommand{\p@lparen}{\textbf{(\,\,}} +\newcommand{\p@rparen}{\textbf{\,\,) }} +\newcommand{\p@lbrace}{\textbf{\{\,\,}} +\newcommand{\p@rbrace}{\textbf{\,\,\} }} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% REDEFINE STANDARD COMMANDS TO MAKE THEM FORMAT BETTER % +% % +% We redefine \in and \notin % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\renewcommand{\_}{\rule{.4em}{.06em}\hspace{.05em}} +\newlength{\equalswidth} +\let\oldin=\in +\let\oldnotin=\notin +\renewcommand{\in}{% + {\settowidth{\equalswidth}{$\.{=}$}\makebox[\equalswidth][c]{$\oldin$}}} +\renewcommand{\notin}{% + {\settowidth{\equalswidth}{$\.{=}$}\makebox[\equalswidth]{$\oldnotin$}}} + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% % +% HORIZONTAL BARS: % +% % +% \moduleLeftDash |~~~~~~~~~~ % +% \moduleRightDash ~~~~~~~~~~| % +% \midbar |----------| % +% \bottombar |__________| % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\newlength{\charwidth}\settowidth{\charwidth}{{\small\tt M}} +\newlength{\boxrulewd}\setlength{\boxrulewd}{.4pt} +\newlength{\boxlineht}\setlength{\boxlineht}{.5\baselineskip} +\newcommand{\boxsep}{\charwidth} +\newlength{\boxruleht}\setlength{\boxruleht}{.5ex} +\newlength{\boxruledp}\setlength{\boxruledp}{-\boxruleht} +\addtolength{\boxruledp}{\boxrulewd} +\newcommand{\boxrule}{\leaders\hrule height \boxruleht depth \boxruledp + \hfill\mbox{}} +\newcommand{\@computerule}{% + \setlength{\boxruleht}{.5ex}% + \setlength{\boxruledp}{-\boxruleht}% + \addtolength{\boxruledp}{\boxrulewd}} + +\newcommand{\bottombar}{\hspace{-\boxsep}% + \raisebox{-\boxrulewd}[0pt][0pt]{\rule[.5ex]{\boxrulewd}{\boxlineht}}% + \boxrule + \raisebox{-\boxrulewd}[0pt][0pt]{% + \rule[.5ex]{\boxrulewd}{\boxlineht}}\hspace{-\boxsep}\vspace{0pt}} + +\newcommand{\moduleLeftDash}% + {\hspace*{-\boxsep}% + \raisebox{-\boxlineht}[0pt][0pt]{\rule[.5ex]{\boxrulewd + }{\boxlineht}}% + \boxrule\hspace*{.4em }} + +\newcommand{\moduleRightDash}% + {\hspace*{.4em}\boxrule + \raisebox{-\boxlineht}[0pt][0pt]{\rule[.5ex]{\boxrulewd + }{\boxlineht}}\hspace{-\boxsep}}%\vspace{.2em} + +\newcommand{\midbar}{\hspace{-\boxsep}\raisebox{-.5\boxlineht}[0pt][0pt]{% + \rule[.5ex]{\boxrulewd}{\boxlineht}}\boxrule\raisebox{-.5\boxlineht% + }[0pt][0pt]{\rule[.5ex]{\boxrulewd}{\boxlineht}}\hspace{-\boxsep}} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% FORMATING COMMANDS % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% PLUSCAL SHADING % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +% The TeX pcalshading switch is set on to cause PlusCal shading to be +% performed. This changes the behavior of the following commands and +% environments to cause full-width shading to be performed on all lines. +% +% \tstrut \@x cpar mcom \@pvspace +% +% The TeX pcalsymbols switch is turned on when typesetting a PlusCal algorithm, +% whether or not shading is being performed. It causes symbols (other than +% parentheses and braces and PlusCal-only keywords) that should be typeset +% differently depending on whether they are in an algorithm to be typeset +% appropriately. Currently, the only such symbol is "||". +% +% The TeX csyntax switch is turned on when typesetting a PlusCal algorithm in +% c-syntax. This allows symbols to be format differently in the two syntaxes. +% The "else" keyword is the only one that is. + +\newif\ifpcalshading \pcalshadingfalse +\newif\ifpcalsymbols \pcalsymbolsfalse +\newif\ifcsyntax \csyntaxtrue + +% The \@pvspace command makes a vertical space. It uses \vspace +% except with \ifpcalshading, in which case it sets \pvcalvspace +% and the space is added by a following \@x command. +% +\newlength{\pcalvspace}\setlength{\pcalvspace}{0pt}% +\newcommand{\@pvspace}[1]{% + \ifpcalshading + \par\global\setlength{\pcalvspace}{#1}% + \else + \par\vspace{#1}% + \fi +} + +% The lcom environment was changed to set \lcomindent equal to +% the indentation it produces. This length is used by the +% cpar environment to make shading extend for the full width +% of the line. This assumes that lcom environments are not +% nested. I hope TLATeX does not nest them. +% +\newlength{\lcomindent}% +\setlength{\lcomindent}{0pt}% + +%\tstrut: A strut to produce inter-paragraph space in a comment. +%\rstrut: A strut to extend the bottom of a one-line comment so +% there's no break in the shading between comments on +% successive lines. +\newcommand\tstrut% + {\raisebox{\vshadelen}{\raisebox{-.25em}{\rule{0pt}{1.15em}}}% + \global\setlength{\vshadelen}{0pt}} +\newcommand\rstrut{\raisebox{-.25em}{\rule{0pt}{1.15em}}% + \global\setlength{\vshadelen}{0pt}} + + +% \.{op} formats operator op in math mode with empty boxes on either side. +% Used because TeX otherwise vary the amount of space it leaves around op. +\renewcommand{\.}[1]{\ensuremath{\mbox{}#1\mbox{}}} + +% \@s{n} produces an n-point space +\newcommand{\@s}[1]{\hspace{#1pt}} + +% \@x{txt} starts a specification line in the beginning with txt +% in the final LaTeX source. +\newlength{\@xlen} +\newcommand\xtstrut% + {\setlength{\@xlen}{1.05em}% + \addtolength{\@xlen}{\pcalvspace}% + \raisebox{\vshadelen}{\raisebox{-.25em}{\rule{0pt}{\@xlen}}}% + \global\setlength{\vshadelen}{0pt}% + \global\setlength{\pcalvspace}{0pt}} + +\newcommand{\@x}[1]{\par + \ifpcalshading + \makebox[0pt][l]{\shadebox{\xtstrut\hspace*{\textwidth}}}% + \fi + \mbox{$\mbox{}#1\mbox{}$}} + +% \@xx{txt} continues a specification line with the text txt. +\newcommand{\@xx}[1]{\mbox{$\mbox{}#1\mbox{}$}} + +% \@y{cmt} produces a one-line comment. +\newcommand{\@y}[1]{\mbox{\footnotesize\hspace{.65em}% + \ifthenelse{\boolean{shading}}{% + \shadebox{#1\hspace{-\the\lastskip}\rstrut}}% + {#1\hspace{-\the\lastskip}\rstrut}}} + +% \@z{cmt} produces a zero-width one-line comment. +\newcommand{\@z}[1]{\makebox[0pt][l]{\footnotesize + \ifthenelse{\boolean{shading}}{% + \shadebox{#1\hspace{-\the\lastskip}\rstrut}}% + {#1\hspace{-\the\lastskip}\rstrut}}} + + +% \@w{str} produces the TLA+ string "str". +\newcommand{\@w}[1]{\textsf{``{#1}''}} + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% SHADING % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\def\graymargin{1} + % The number of points of margin in the shaded box. + +% \definecolor{boxshade}{gray}{.85} +% Defines the darkness of the shading: 1 = white, 0 = black +% Added by TLATeX only if needed. + +% \shadebox{txt} puts txt in a shaded box. +\newlength{\templena} +\newlength{\templenb} +\newsavebox{\tempboxa} +\newcommand{\shadebox}[1]{{\setlength{\fboxsep}{\graymargin pt}% + \savebox{\tempboxa}{#1}% + \settoheight{\templena}{\usebox{\tempboxa}}% + \settodepth{\templenb}{\usebox{\tempboxa}}% + \hspace*{-\fboxsep}\raisebox{0pt}[\templena][\templenb]% + {\colorbox{boxshade}{\usebox{\tempboxa}}}\hspace*{-\fboxsep}}} + +% \vshade{n} makes an n-point inter-paragraph space, with +% shading if the `shading' flag is true. +\newlength{\vshadelen} +\setlength{\vshadelen}{0pt} +\newcommand{\vshade}[1]{\ifthenelse{\boolean{shading}}% + {\global\setlength{\vshadelen}{#1pt}}% + {\vspace{#1pt}}} + +\newlength{\boxwidth} +\newlength{\multicommentdepth} + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% THE cpar ENVIRONMENT % +% ^^^^^^^^^^^^^^^^^^^^ % +% The LaTeX input % +% % +% \begin{cpar}{pop}{nest}{isLabel}{d}{e}{arg6} % +% XXXXXXXXXXXXXXX % +% XXXXXXXXXXXXXXX % +% XXXXXXXXXXXXXXX % +% \end{cpar} % +% % +% produces one of two possible results. If isLabel is the letter "T", % +% it produces the following, where [label] is the result of typesetting % +% arg6 in an LR box, and d is is a number representing a distance in % +% points. % +% % +% prevailing |<-- d -->[label]<- e ->XXXXXXXXXXXXXXX % +% left | XXXXXXXXXXXXXXX % +% margin | XXXXXXXXXXXXXXX % +% % +% If isLabel is the letter "F", then it produces % +% % +% prevailing |<-- d -->XXXXXXXXXXXXXXXXXXXXXXX % +% left | <- e ->XXXXXXXXXXXXXXXX % +% margin | XXXXXXXXXXXXXXXX % +% % +% where d and e are numbers representing distances in points. % +% % +% The prevailing left margin is the one in effect before the most recent % +% pop (argument 1) cpar environments with "T" as the nest argument, where % +% pop is a number \geq 0. % +% % +% If the nest argument is the letter "T", then the prevailing left % +% margin is moved to the left of the second (and following) lines of % +% X's. Otherwise, the prevailing left margin is left unchanged. % +% % +% An \unnest{n} command moves the prevailing left margin to where it was % +% before the most recent n cpar environments with "T" as the nesting % +% argument. % +% % +% The environment leaves no vertical space above or below it, or between % +% its paragraphs. (TLATeX inserts the proper amount of vertical space.) % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +\newcounter{pardepth} +\setcounter{pardepth}{0} + +% \setgmargin{txt} defines \gmarginN to be txt, where N is \roman{pardepth}. +% \thegmargin equals \gmarginN, where N is \roman{pardepth}. +\newcommand{\setgmargin}[1]{% + \expandafter\xdef\csname gmargin\roman{pardepth}\endcsname{#1}} +\newcommand{\thegmargin}{\csname gmargin\roman{pardepth}\endcsname} +\newcommand{\gmargin}{0pt} + +\newsavebox{\tempsbox} + +\newlength{\@cparht} +\newlength{\@cpardp} +\newenvironment{cpar}[6]{% + \addtocounter{pardepth}{-#1}% + \ifthenelse{\boolean{shading}}{\par\begin{lrbox}{\tempsbox}% + \begin{minipage}[t]{\linewidth}}{}% + \begin{list}{}{% + \edef\temp{\thegmargin} + \ifthenelse{\equal{#3}{T}}% + {\settowidth{\leftmargin}{\hspace{\temp}\footnotesize #6\hspace{#5pt}}% + \addtolength{\leftmargin}{#4pt}}% + {\setlength{\leftmargin}{#4pt}% + \addtolength{\leftmargin}{#5pt}% + \addtolength{\leftmargin}{\temp}% + \setlength{\itemindent}{-#5pt}}% + \ifthenelse{\equal{#2}{T}}{\addtocounter{pardepth}{1}% + \setgmargin{\the\leftmargin}}{}% + \setlength{\labelwidth}{0pt}% + \setlength{\labelsep}{0pt}% + \setlength{\itemindent}{-\leftmargin}% + \setlength{\topsep}{0pt}% + \setlength{\parsep}{0pt}% + \setlength{\partopsep}{0pt}% + \setlength{\parskip}{0pt}% + \setlength{\itemsep}{0pt} + \setlength{\itemindent}{#4pt}% + \addtolength{\itemindent}{-\leftmargin}}% + \ifthenelse{\equal{#3}{T}}% + {\item[\tstrut\footnotesize \hspace{\temp}{#6}\hspace{#5pt}] + }% + {\item[\tstrut\hspace{\temp}]% + }% + \footnotesize} + {\hspace{-\the\lastskip}\tstrut + \end{list}% + \ifthenelse{\boolean{shading}}% + {\end{minipage}% + \end{lrbox}% + \ifpcalshading + \setlength{\@cparht}{\ht\tempsbox}% + \setlength{\@cpardp}{\dp\tempsbox}% + \addtolength{\@cparht}{.15em}% + \addtolength{\@cpardp}{.2em}% + \addtolength{\@cparht}{\@cpardp}% + % I don't know what's going on here. I want to add a + % \pcalvspace high shaded line, but I don't know how to + % do it. A little trial and error shows that the following + % does a reasonable job approximating that, eliminating + % the line if \pcalvspace is small. + \addtolength{\@cparht}{\pcalvspace}% + \ifdim \pcalvspace > .8em + \addtolength{\pcalvspace}{-.2em}% + \hspace*{-\lcomindent}% + \shadebox{\rule{0pt}{\pcalvspace}\hspace*{\textwidth}}\par + \global\setlength{\pcalvspace}{0pt}% + \fi + \hspace*{-\lcomindent}% + \makebox[0pt][l]{\raisebox{-\@cpardp}[0pt][0pt]{% + \shadebox{\rule{0pt}{\@cparht}\hspace*{\textwidth}}}}% + \hspace*{\lcomindent}\usebox{\tempsbox}% + \par + \else + \shadebox{\usebox{\tempsbox}}\par + \fi}% + {}% + } + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% THE ppar ENVIRONMENT % +% ^^^^^^^^^^^^^^^^^^^^ % +% The environment % +% % +% \begin{ppar} ... \end{ppar} % +% % +% is equivalent to % +% % +% \begin{cpar}{0}{F}{F}{0}{0}{} ... \end{cpar} % +% % +% The environment is put around each line of the output for a PlusCal % +% algorithm. % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%\newenvironment{ppar}{% +% \ifthenelse{\boolean{shading}}{\par\begin{lrbox}{\tempsbox}% +% \begin{minipage}[t]{\linewidth}}{}% +% \begin{list}{}{% +% \edef\temp{\thegmargin} +% \setlength{\leftmargin}{0pt}% +% \addtolength{\leftmargin}{\temp}% +% \setlength{\itemindent}{0pt}% +% \setlength{\labelwidth}{0pt}% +% \setlength{\labelsep}{0pt}% +% \setlength{\itemindent}{-\leftmargin}% +% \setlength{\topsep}{0pt}% +% \setlength{\parsep}{0pt}% +% \setlength{\partopsep}{0pt}% +% \setlength{\parskip}{0pt}% +% \setlength{\itemsep}{0pt} +% \setlength{\itemindent}{0pt}% +% \addtolength{\itemindent}{-\leftmargin}}% +% \item[\tstrut\hspace{\temp}]}% +% {\hspace{-\the\lastskip}\tstrut +% \end{list}% +% \ifthenelse{\boolean{shading}}{\end{minipage} +% \end{lrbox}% +% \shadebox{\usebox{\tempsbox}}\par}{}% +% } + + %%% TESTING + \newcommand{\xtest}[1]{\par + \makebox[0pt][l]{\shadebox{\xtstrut\hspace*{\textwidth}}}% + \mbox{$\mbox{}#1\mbox{}$}} + +% \newcommand{\xxtest}[1]{\par +% \makebox[0pt][l]{\shadebox{\xtstrut{#1}\hspace*{\textwidth}}}% +% \mbox{$\mbox{}#1\mbox{}$}} + +%\newlength{\pcalvspace} +%\setlength{\pcalvspace}{0pt} +% \newlength{\xxtestlen} +% \setlength{\xxtestlen}{0pt} +% \newcommand\xtstrut% +% {\setlength{\xxtestlen}{1.15em}% +% \addtolength{\xxtestlen}{\pcalvspace}% +% \raisebox{\vshadelen}{\raisebox{-.25em}{\rule{0pt}{\xxtestlen}}}% +% \global\setlength{\vshadelen}{0pt}% +% \global\setlength{\pcalvspace}{0pt}} + + %%%% TESTING + + %% The xcpar environment + %% Note: overloaded use of \pcalvspace for testing. + %% +% \newlength{\xcparht}% +% \newlength{\xcpardp}% + +% \newenvironment{xcpar}[6]{% +% \addtocounter{pardepth}{-#1}% +% \ifthenelse{\boolean{shading}}{\par\begin{lrbox}{\tempsbox}% +% \begin{minipage}[t]{\linewidth}}{}% +% \begin{list}{}{% +% \edef\temp{\thegmargin}% +% \ifthenelse{\equal{#3}{T}}% +% {\settowidth{\leftmargin}{\hspace{\temp}\footnotesize #6\hspace{#5pt}}% +% \addtolength{\leftmargin}{#4pt}}% +% {\setlength{\leftmargin}{#4pt}% +% \addtolength{\leftmargin}{#5pt}% +% \addtolength{\leftmargin}{\temp}% +% \setlength{\itemindent}{-#5pt}}% +% \ifthenelse{\equal{#2}{T}}{\addtocounter{pardepth}{1}% +% \setgmargin{\the\leftmargin}}{}% +% \setlength{\labelwidth}{0pt}% +% \setlength{\labelsep}{0pt}% +% \setlength{\itemindent}{-\leftmargin}% +% \setlength{\topsep}{0pt}% +% \setlength{\parsep}{0pt}% +% \setlength{\partopsep}{0pt}% +% \setlength{\parskip}{0pt}% +% \setlength{\itemsep}{0pt}% +% \setlength{\itemindent}{#4pt}% +% \addtolength{\itemindent}{-\leftmargin}}% +% \ifthenelse{\equal{#3}{T}}% +% {\item[\xtstrut\footnotesize \hspace{\temp}{#6}\hspace{#5pt}]% +% }% +% {\item[\xtstrut\hspace{\temp}]% +% }% +% \footnotesize} +% {\hspace{-\the\lastskip}\tstrut +% \end{list}% +% \ifthenelse{\boolean{shading}}{\end{minipage} +% \end{lrbox}% +% \setlength{\xcparht}{\ht\tempsbox}% +% \setlength{\xcpardp}{\dp\tempsbox}% +% \addtolength{\xcparht}{.15em}% +% \addtolength{\xcpardp}{.2em}% +% \addtolength{\xcparht}{\xcpardp}% +% \hspace*{-\lcomindent}% +% \makebox[0pt][l]{\raisebox{-\xcpardp}[0pt][0pt]{% +% \shadebox{\rule{0pt}{\xcparht}\hspace*{\textwidth}}}}% +% \hspace*{\lcomindent}\usebox{\tempsbox}% +% \par}{}% +% } +% +% \newlength{\xmcomlen} +%\newenvironment{xmcom}[1]{% +% \setcounter{pardepth}{0}% +% \hspace{.65em}% +% \begin{lrbox}{\alignbox}\sloppypar% +% \setboolean{shading}{false}% +% \setlength{\boxwidth}{#1pt}% +% \addtolength{\boxwidth}{-.65em}% +% \begin{minipage}[t]{\boxwidth}\footnotesize +% \parskip=0pt\relax}% +% {\end{minipage}\end{lrbox}% +% \setlength{\xmcomlen}{\textwidth}% +% \addtolength{\xmcomlen}{-\wd\alignbox}% +% \settodepth{\alignwidth}{\usebox{\alignbox}}% +% \global\setlength{\multicommentdepth}{\alignwidth}% +% \setlength{\boxwidth}{\alignwidth}% +% \global\addtolength{\alignwidth}{-\maxdepth}% +% \addtolength{\boxwidth}{.1em}% +% \raisebox{0pt}[0pt][0pt]{% +% \ifthenelse{\boolean{shading}}% +% {\hspace*{-\xmcomlen}\shadebox{\rule[-\boxwidth]{0pt}{0pt}% +% \hspace*{\xmcomlen}\usebox{\alignbox}}}% +% {\usebox{\alignbox}}}% +% \vspace*{\alignwidth}\pagebreak[0]\vspace{-\alignwidth}\par} +% % a multi-line comment, whose first argument is its width in points. +% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% THE lcom ENVIRONMENT % +% ^^^^^^^^^^^^^^^^^^^^ % +% A multi-line comment with no text to its left is typeset in an lcom % +% environment, whose argument is a number representing the indentation % +% of the left margin, in points. All the text of the comment should be % +% inside cpar environments. % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\newenvironment{lcom}[1]{% + \setlength{\lcomindent}{#1pt} % Added for PlusCal handling. + \par\vspace{.2em}% + \sloppypar + \setcounter{pardepth}{0}% + \footnotesize + \begin{list}{}{% + \setlength{\leftmargin}{#1pt} + \setlength{\labelwidth}{0pt}% + \setlength{\labelsep}{0pt}% + \setlength{\itemindent}{0pt}% + \setlength{\topsep}{0pt}% + \setlength{\parsep}{0pt}% + \setlength{\partopsep}{0pt}% + \setlength{\parskip}{0pt}} + \item[]}% + {\end{list}\vspace{.3em}\setlength{\lcomindent}{0pt}% + } + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% THE mcom ENVIRONMENT AND \mutivspace COMMAND % +% ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ % +% % +% A part of the spec containing a right-comment of the form % +% % +% xxxx (*************) % +% yyyy (* ccccccccc *) % +% ... (* ccccccccc *) % +% (* ccccccccc *) % +% (* ccccccccc *) % +% (*************) % +% % +% is typeset by % +% % +% XXXX \begin{mcom}{d} % +% CCCC ... CCC % +% \end{mcom} % +% YYYY ... % +% \multivspace{n} % +% % +% where the number d is the width in points of the comment, n is the % +% number of xxxx, yyyy, ... lines to the left of the comment. % +% All the text of the comment should be typeset in cpar environments. % +% % +% This puts the comment into a single box (so no page breaks can occur % +% within it). The entire box is shaded iff the shading flag is true. % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\newlength{\xmcomlen}% +\newenvironment{mcom}[1]{% + \setcounter{pardepth}{0}% + \hspace{.65em}% + \begin{lrbox}{\alignbox}\sloppypar% + \setboolean{shading}{false}% + \setlength{\boxwidth}{#1pt}% + \addtolength{\boxwidth}{-.65em}% + \begin{minipage}[t]{\boxwidth}\footnotesize + \parskip=0pt\relax}% + {\end{minipage}\end{lrbox}% + \setlength{\xmcomlen}{\textwidth}% % For PlusCal shading + \addtolength{\xmcomlen}{-\wd\alignbox}% % For PlusCal shading + \settodepth{\alignwidth}{\usebox{\alignbox}}% + \global\setlength{\multicommentdepth}{\alignwidth}% + \setlength{\boxwidth}{\alignwidth}% % For PlusCal shading + \global\addtolength{\alignwidth}{-\maxdepth}% + \addtolength{\boxwidth}{.1em}% % For PlusCal shading + \raisebox{0pt}[0pt][0pt]{% + \ifthenelse{\boolean{shading}}% + {\ifpcalshading + \hspace*{-\xmcomlen}% + \shadebox{\rule[-\boxwidth]{0pt}{0pt}\hspace*{\xmcomlen}% + \usebox{\alignbox}}% + \else + \shadebox{\usebox{\alignbox}} + \fi + }% + {\usebox{\alignbox}}}% + \vspace*{\alignwidth}\pagebreak[0]\vspace{-\alignwidth}\par} + % a multi-line comment, whose first argument is its width in points. + + +% \multispace{n} produces the vertical space indicated by "|"s in +% this situation +% +% xxxx (*************) +% xxxx (* ccccccccc *) +% | (* ccccccccc *) +% | (* ccccccccc *) +% | (* ccccccccc *) +% | (*************) +% +% where n is the number of "xxxx" lines. +\newcommand{\multivspace}[1]{\addtolength{\multicommentdepth}{-#1\baselineskip}% + \addtolength{\multicommentdepth}{1.2em}% + \ifthenelse{\lengthtest{\multicommentdepth > 0pt}}% + {\par\vspace{\multicommentdepth}\par}{}} + +%\newenvironment{hpar}[2]{% +% \begin{list}{}{\setlength{\leftmargin}{#1pt}% +% \addtolength{\leftmargin}{#2pt}% +% \setlength{\itemindent}{-#2pt}% +% \setlength{\topsep}{0pt}% +% \setlength{\parsep}{0pt}% +% \setlength{\partopsep}{0pt}% +% \setlength{\parskip}{0pt}% +% \addtolength{\labelsep}{0pt}}% +% \item[]\footnotesize}{\end{list}} +% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% % Typesets a sequence of paragraphs like this: % +% % % +% % left |<-- d1 --> XXXXXXXXXXXXXXXXXXXXXXXX % +% % margin | <- d2 -> XXXXXXXXXXXXXXX % +% % | XXXXXXXXXXXXXXX % +% % | % +% % | XXXXXXXXXXXXXXX % +% % | XXXXXXXXXXXXXXX % +% % % +% % where d1 = #1pt and d2 = #2pt, but with no vspace between % +% % paragraphs. % +% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% Commands for repeated characters that produce dashes. % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% \raisedDash{wd}{ht}{thk} makes a horizontal line wd characters wide, +% raised a distance ht ex's above the baseline, with a thickness of +% thk em's. +\newcommand{\raisedDash}[3]{\raisebox{#2ex}{\setlength{\alignwidth}{.5em}% + \rule{#1\alignwidth}{#3em}}} + +% The following commands take a single argument n and produce the +% output for n repeated characters, as follows +% \cdash: - +% \tdash: ~ +% \ceqdash: = +% \usdash: _ +\newcommand{\cdash}[1]{\raisedDash{#1}{.5}{.04}} +\newcommand{\usdash}[1]{\raisedDash{#1}{0}{.04}} +\newcommand{\ceqdash}[1]{\raisedDash{#1}{.5}{.08}} +\newcommand{\tdash}[1]{\raisedDash{#1}{1}{.08}} + +\newlength{\spacewidth} +\setlength{\spacewidth}{.2em} +\newcommand{\e}[1]{\hspace{#1\spacewidth}} +%% \e{i} produces space corresponding to i input spaces. + + +%% Alignment-file Commands + +\newlength{\alignboxwidth} +\newlength{\alignwidth} +\newsavebox{\alignbox} + +% \al{i}{j}{txt} is used in the alignment file to put "%{i}{j}{wd}" +% in the log file, where wd is the width of the line up to that point, +% and txt is the following text. +\newcommand{\al}[3]{% + \typeout{\%{#1}{#2}{\the\alignwidth}}% + \cl{#3}} + +%% \cl{txt} continues a specification line in the alignment file +%% with text txt. +\newcommand{\cl}[1]{% + \savebox{\alignbox}{\mbox{$\mbox{}#1\mbox{}$}}% + \settowidth{\alignboxwidth}{\usebox{\alignbox}}% + \addtolength{\alignwidth}{\alignboxwidth}% + \usebox{\alignbox}} + +% \fl{txt} in the alignment file begins a specification line that +% starts with the text txt. +\newcommand{\fl}[1]{% + \par + \savebox{\alignbox}{\mbox{$\mbox{}#1\mbox{}$}}% + \settowidth{\alignwidth}{\usebox{\alignbox}}% + \usebox{\alignbox}} + + + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% Ordinarily, TeX typesets letters in math mode in a special math italic % +% font. This makes it typeset "it" to look like the product of the % +% variables i and t, rather than like the word "it". The following % +% commands tell TeX to use an ordinary italic font instead. % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +\ifx\documentclass\undefined +\else + \DeclareSymbolFont{tlaitalics}{\encodingdefault}{cmr}{m}{it} + \let\itfam\symtlaitalics +\fi + +\makeatletter +\newcommand{\tlx@c}{\c@tlx@ctr\advance\c@tlx@ctr\@ne} +\newcounter{tlx@ctr} +\c@tlx@ctr=\itfam \multiply\c@tlx@ctr"100\relax \advance\c@tlx@ctr "7061\relax +\mathcode`a=\tlx@c \mathcode`b=\tlx@c \mathcode`c=\tlx@c \mathcode`d=\tlx@c +\mathcode`e=\tlx@c \mathcode`f=\tlx@c \mathcode`g=\tlx@c \mathcode`h=\tlx@c +\mathcode`i=\tlx@c \mathcode`j=\tlx@c \mathcode`k=\tlx@c \mathcode`l=\tlx@c +\mathcode`m=\tlx@c \mathcode`n=\tlx@c \mathcode`o=\tlx@c \mathcode`p=\tlx@c +\mathcode`q=\tlx@c \mathcode`r=\tlx@c \mathcode`s=\tlx@c \mathcode`t=\tlx@c +\mathcode`u=\tlx@c \mathcode`v=\tlx@c \mathcode`w=\tlx@c \mathcode`x=\tlx@c +\mathcode`y=\tlx@c \mathcode`z=\tlx@c +\c@tlx@ctr=\itfam \multiply\c@tlx@ctr"100\relax \advance\c@tlx@ctr "7041\relax +\mathcode`A=\tlx@c \mathcode`B=\tlx@c \mathcode`C=\tlx@c \mathcode`D=\tlx@c +\mathcode`E=\tlx@c \mathcode`F=\tlx@c \mathcode`G=\tlx@c \mathcode`H=\tlx@c +\mathcode`I=\tlx@c \mathcode`J=\tlx@c \mathcode`K=\tlx@c \mathcode`L=\tlx@c +\mathcode`M=\tlx@c \mathcode`N=\tlx@c \mathcode`O=\tlx@c \mathcode`P=\tlx@c +\mathcode`Q=\tlx@c \mathcode`R=\tlx@c \mathcode`S=\tlx@c \mathcode`T=\tlx@c +\mathcode`U=\tlx@c \mathcode`V=\tlx@c \mathcode`W=\tlx@c \mathcode`X=\tlx@c +\mathcode`Y=\tlx@c \mathcode`Z=\tlx@c +\makeatother + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% THE describe ENVIRONMENT % +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% +% +% It is like the description environment except it takes an argument +% ARG that should be the text of the widest label. It adjusts the +% indentation so each item with label LABEL produces +%% LABEL blah blah blah +%% <- width of ARG ->blah blah blah +%% blah blah blah +\newenvironment{describe}[1]% + {\begin{list}{}{\settowidth{\labelwidth}{#1}% + \setlength{\labelsep}{.5em}% + \setlength{\leftmargin}{\labelwidth}% + \addtolength{\leftmargin}{\labelsep}% + \addtolength{\leftmargin}{\parindent}% + \def\makelabel##1{\rm ##1\hfill}}% + \setlength{\topsep}{0pt}}%% + % Sets \topsep to 0 to reduce vertical space above + % and below embedded displayed equations + {\end{list}} + +% For tlatex.TeX +\usepackage{verbatim} +\makeatletter +\def\tla{\let\%\relax% + \@bsphack + \typeout{\%{\the\linewidth}}% + \let\do\@makeother\dospecials\catcode`\^^M\active + \let\verbatim@startline\relax + \let\verbatim@addtoline\@gobble + \let\verbatim@processline\relax + \let\verbatim@finish\relax + \verbatim@} +\let\endtla=\@esphack + +\let\pcal=\tla +\let\endpcal=\endtla +\let\ppcal=\tla +\let\endppcal=\endtla + +% The tlatex environment is used by TLATeX.TeX to typeset TLA+. +% TLATeX.TLA starts its files by writing a \tlatex command. This +% command/environment sets \parindent to 0 and defines \% to its +% standard definition because the writing of the log files is messed up +% if \% is defined to be something else. It also executes +% \@computerule to determine the dimensions for the TLA horizonatl +% bars. +\newenvironment{tlatex}{\@computerule% + \setlength{\parindent}{0pt}% + \makeatletter\chardef\%=`\%}{} + + +% The notla environment produces no output. You can turn a +% tla environment to a notla environment to prevent tlatex.TeX from +% re-formatting the environment. + +\def\notla{\let\%\relax% + \@bsphack + \let\do\@makeother\dospecials\catcode`\^^M\active + \let\verbatim@startline\relax + \let\verbatim@addtoline\@gobble + \let\verbatim@processline\relax + \let\verbatim@finish\relax + \verbatim@} +\let\endnotla=\@esphack + +\let\nopcal=\notla +\let\endnopcal=\endnotla +\let\noppcal=\notla +\let\endnoppcal=\endnotla + +%%%%%%%%%%%%%%%%%%%%%%%% end of tlatex.sty file %%%%%%%%%%%%%%%%%%%%%%% +% last modified on Fri 3 August 2012 at 14:23:49 PST by lamport + +\begin{document} +\tlatex +\setboolean{shading}{true} + \@x{\makebox[0pt][r]{\scriptsize 1\hspace{1em}}}\moduleLeftDash\@xx{ + {\MODULE} JupiterInterface}\moduleRightDash\@xx{}% +\begin{lcom}{0}% +\begin{cpar}{0}{F}{F}{0}{0}{}% +This module declares the parameters and defines the operators that describe + the interface of a family of \ensuremath{Jupiter} specs. +\end{cpar}% +\end{lcom}% + \@x{\makebox[0pt][r]{\scriptsize 6\hspace{1em}} {\EXTENDS} Integers ,\, + SequenceUtils ,\, OT}% +\@x{\makebox[0pt][r]{\scriptsize 7\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 8\hspace{1em}} {\CONSTANTS}}% +\@x{\makebox[0pt][r]{\scriptsize 9\hspace{1em}}\@s{16.4} Char ,\,\@s{24.59}}% +\@y{\@s{0}% + the set of characters +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 10\hspace{1em}}\@s{16.4} Client + ,\,\@s{20.00}}% +\@y{\@s{0}% + the set of client replicas +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 11\hspace{1em}}\@s{16.4} Server + ,\,\@s{18.33}}% +\@y{\@s{0}% + the (unique) server replica +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 12\hspace{1em}}\@s{16.4} + InitState\@s{14.78}}% +\@y{\@s{0}% + the initial state of each replica +}% +\@xx{}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 14\hspace{1em}} {\ASSUME}}% +\@y{\@s{0}% + We assume that all inserted elements are unique. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 15\hspace{1em}}\@s{16.4} \.{\land}\@s{10.73} + Range ( InitState ) \.{\cap} Char \.{=} \{ \}\@s{4.1}}% +\@y{\@s{0}% + due to the uniqueness requirement +}% +\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 16\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 17\hspace{1em}} {\VARIABLES}}% +\@x{\makebox[0pt][r]{\scriptsize 18\hspace{1em}}\@s{16.4} state ,\,\@s{4.1}}% +\@y{\@s{0}% + \ensuremath{state[r]}: state (the list content) of replica \ensuremath{r + \.{\in} Replica +}}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 19\hspace{1em}}\@s{16.4} cincoming + ,\,\@s{4.1}}% +\@y{\@s{0}% + \ensuremath{cincoming[c]}: incoming channel at the client \ensuremath{c + \.{\in} Client +}}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 20\hspace{1em}}\@s{16.4} sincoming + ,\,\@s{4.61}}% +\@y{\@s{0}% + incoming channel at the \ensuremath{Server +}}% +\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 21\hspace{1em}}\@s{16.4} chins\@s{8.2}}% +\@y{\@s{0}% + a set of chars allowed to insert; this is for model checking +}% +\@xx{}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 23\hspace{1em}} intVars \.{\defeq} {\langle} + state ,\, cincoming ,\, sincoming ,\, chins {\rangle}}% +\@x{\makebox[0pt][r]{\scriptsize 24\hspace{1em}}}\midbar\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 25\hspace{1em}} Comm ( Msg ) \.{\defeq} + {\INSTANCE} CSComm}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 27\hspace{1em}} Replica \.{\defeq} Client + \.{\cup} \{ Server \}}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}} List \.{\defeq} Seq ( Char + \.{\cup} Range ( InitState ) )\@s{42.53}}% +\@y{\@s{0}% + all possible lists +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}} MaxLen \.{\defeq} + Cardinality ( Char ) \.{+} Len ( InitState )}% +\@y{\@s{0}% + the max length of lists in any state +}% +\@xx{}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 32\hspace{1em}} ClientNum \.{\defeq} + Cardinality ( Client )}% + \@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}} Priority \.{\defeq} + {\CHOOSE} f \.{\in} [ Client \.{\rightarrow} 1 \.{\dotdot} ClientNum ] \.{:} + Injective ( f )}% +\@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}}\midbar\@xx{}% +\begin{lcom}{0}% +\begin{cpar}{0}{F}{F}{0}{0}{}% +The set of all operations. Note: The positions are indexed from 1. +\end{cpar}% +\end{lcom}% + \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}} Rd \.{\defeq} [ type \.{:} + \{\@w{Rd} \} ]}% + \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}} Del \.{\defeq} [ type \.{:} + \{\@w{Del} \} ,\, pos \.{:} 1 \.{\dotdot} MaxLen ]}% + \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}} Ins\@s{1.35} \.{\defeq} [ + type \.{:} \{\@w{Ins} \} ,\, pos\@s{2.27} \.{:} 1 \.{\dotdot} ( MaxLen \.{+} + 1 ) ,\, ch \.{:} Char ,\, pr \.{:} 1 \.{\dotdot} ClientNum ]}% +\@y{\@s{0}% + \ensuremath{pr}: priority +}% +\@xx{}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}} Op \.{\defeq} Ins \.{\cup} + Del\@s{4.1}}% +\@y{\@s{0}% + Now we don\mbox{'}t consider \ensuremath{Rd} operations +}% +\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 44\hspace{1em}} TypeOKInt \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}}\@s{16.4} \.{\land} state + \.{\in} [ Replica \.{\rightarrow} List ]}% + \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}}\@s{16.4} \.{\land} chins + \.{\subseteq} Char}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}} InitInt \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}}\@s{16.4} \.{\land} + state\@s{2.11} \.{=} [ r \.{\in} Replica \.{\mapsto} InitState ]}% + \@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}}\@s{16.4} \.{\land} chins + \.{=} Char}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}} DoIns ( DoOp ( \_ ,\, \_ ) + ,\, c ) \.{\defeq}}% +\@y{\@s{0}% + Client \ensuremath{c \.{\in} Client} generates an \ensuremath{\@w{Ins}} + operation. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{16.4} \E\, ins \.{\in} \{ + op \.{\in} Ins \.{:}}% + \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{70.50} \.{\land} op . pos + \.{\in} 1 \.{\dotdot} ( Len ( state [ c ] ) \.{+} 1 )}% + \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{70.50} \.{\land} op . ch + \.{\in} chins \.{\land} op . pr \.{=} Priority [ c ] \} \.{:}}% + \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c + ,\, ins )}% + \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{27.72} \.{\land} chins + \.{'} \.{=} chins \.{\,\backslash\,} \{ ins . ch \}}% +\@y{\@s{0}% + We assume that all inserted elements are unique. +}% +\@xx{}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}} DoDel ( DoOp ( \_ ,\, \_ ) + ,\, c ) \.{\defeq}}% +\@y{\@s{0}% + Client \ensuremath{c \.{\in} Client} generates a \ensuremath{\@w{Del}} + operation. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}}\@s{16.4} \E\, del \.{\in} \{ + op \.{\in} Del \.{:} op . pos \.{\in} 1 \.{\dotdot} Len ( state [ c ] ) \} + \.{:}}% + \@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c + ,\, del )}% + \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}}\@s{27.72} \.{\land} + {\UNCHANGED} chins}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}} DoInt ( DoOp ( \_ ,\, \_ ) + ,\, c ) \.{\defeq}}% +\@y{\@s{0}% + Client \ensuremath{c \.{\in} Client} issues an operation. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}}\@s{16.4} \.{\lor} DoIns ( + DoOp ,\, c )}% + \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{16.4} \.{\lor} DoDel ( + DoOp ,\, c )}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}} RevInt ( c ) \.{\defeq}}% +\@y{\@s{0}% + Client \ensuremath{c \.{\in} Client} receives a message from the + \ensuremath{Server}. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{16.4} \.{\land}\@s{2.22} + {\UNCHANGED} chins}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}} SRevInt \.{\defeq}}% +\@y{\@s{0}% + The \ensuremath{Server} receives a message. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{16.4} \.{\land} + {\UNCHANGED} chins}% +\@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}}\bottombar\@xx{}% +\setboolean{shading}{false} +\begin{lcom}{0}% +\begin{cpar}{0}{F}{F}{0}{0}{}% +\ensuremath{\.{\,\backslash\,}\.{*}} Modification History +\end{cpar}% +\begin{cpar}{0}{F}{F}{0}{0}{}% + \ensuremath{\.{\,\backslash\,}\.{*} Last} modified \ensuremath{Mon} + \ensuremath{Dec} 31 20:27:25 \ensuremath{CST} 2018 by \ensuremath{hengxin +}% +\end{cpar}% +\begin{cpar}{0}{F}{F}{0}{0}{}% + \ensuremath{\.{\,\backslash\,}\.{*}} Created \ensuremath{Tue} + \ensuremath{Dec} 04 19:01:01 \ensuremath{CST} 2018 by \ensuremath{hengxin +}% +\end{cpar}% +\end{lcom}% +\end{document} diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.pdf index 234cd30..756d67e 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.tla index eed67c0..19f4c26 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.tla @@ -26,7 +26,7 @@ FairnessH == SpecH == InitH /\ [][NextH]_varsH \* /\ FairnessH ------------------------------------------------------------- -WLSpec == \* the weak list specification +WLSpec == \* The weak list specification Comm(Cop)!EmptyChannel => \A l1, l2 \in list: /\ Injective(l1) @@ -36,5 +36,5 @@ WLSpec == \* the weak list specification THEOREM SpecH => WLSpec ============================================================================= \* Modification History -\* Last modified Mon Dec 31 18:56:37 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:38:09 CST 2018 by hengxin \* Created Sat Dec 15 09:00:46 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/AbsJupiterH.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/AbsJupiterH.pdf index 234cd30..756d67e 100755 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/AbsJupiterH.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/AbsJupiterH.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/AbsJupiterH.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/AbsJupiterH.tex index 37abe35..ee189b0 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/AbsJupiterH.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/AbsJupiterH.tex @@ -985,7 +985,7 @@ \@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}}}\midbar\@xx{}% \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}} WLSpec \.{\defeq}}% \@y{\@s{0}% - the weak list specification + The weak list specification }% \@xx{}% \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{16.4} Comm ( Cop ) @@ -1009,7 +1009,7 @@ \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} - \ensuremath{Dec} 31 18:56:37 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{Dec} 31 20:38:09 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/AbsJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/AbsJupiter.tla old mode 100755 new mode 100644 index 1253bd9..3aaa1b8 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/AbsJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/AbsJupiter.tla @@ -1,22 +1,19 @@ ----------------------------- MODULE AbsJupiter ----------------------------- (* -Abstract Jupiter, inspired by the COT algorithm proposed by Sun and Sun. -See their paper published on TPDS'2009. +Abstract Jupiter, inspired by the COT algorithm proposed by Sun and Sun; see TPDS'2009. *) EXTENDS JupiterSerial ----------------------------------------------------------------------------- VARIABLES - ds, \* ds[r]: document state at replica r \in Replica copss \* copss[r]: the state space (i.e., a set) of Cops maintained at replia r \in Replica -vars == <> +vars == <> ----------------------------------------------------------------------------- TypeOK == /\ TypeOKInt /\ TypeOKCtx /\ TypeOKSerial /\ Comm(Cop)!TypeOK - /\ ds \in [Replica -> SUBSET Oid] /\ copss \in [Replica -> SUBSET Cop] ----------------------------------------------------------------------------- Init == @@ -24,65 +21,45 @@ Init == /\ InitCtx /\ InitSerial /\ Comm(Cop)!Init - /\ ds = [r \in Replica |-> {}] /\ copss = [r \in Replica |-> {}] ----------------------------------------------------------------------------- RECURSIVE xForm(_, _) xForm(cop, r) == LET ctxDiff == ds[r] \ cop.ctx \* THEOREM: cop.ctx \subseteq ds[r] RECURSIVE xFormHelper(_, _, _) - xFormHelper(coph, ctxDiffh, copssr) == \* 'h' stands for "helper" - IF ctxDiffh = {} - THEN <> - ELSE LET foph == CHOOSE op \in ctxDiffh: \* the first op (specifically, oid) in serial - \A opprime \in ctxDiffh: - opprime # op => tb(op, opprime, serial[r]) + xFormHelper(coph, ctxDiffh, copssr) == \* copssr: state space generated during transformation + IF ctxDiffh = {} THEN [xcop |-> coph, xcopss |-> copssr] + ELSE LET foph == CHOOSE op \in ctxDiffh: \* the first op in serial + \A opprime \in ctxDiffh \ {op}: tb(op, opprime, serial[r]) fcophDict == {op \in copssr: op.oid = foph /\ op.ctx = coph.ctx} fcoph == CHOOSE op \in fcophDict: TRUE \* THEOREM: Cardinality(fophDict) = 1 - cophx == COT(coph, fcoph) - fcophx == COT(fcoph, coph) - IN xFormHelper(cophx, ctxDiffh \ {foph}, copssr \cup {cophx, fcophx}) + xcoph == COT(coph, fcoph) + xfcoph == COT(fcoph, coph) + IN xFormHelper(xcoph, ctxDiffh \ {foph}, copssr \cup {xcoph, xfcoph}) IN xFormHelper(cop, ctxDiff, copss[r]) Perform(cop, r) == - LET xform == xForm(cop, r) \* <> - xcop == xform[1] - xcopssr == xform[2] - IN /\ state' = [state EXCEPT ![r] = Apply(xcop.op, @)] - /\ ds' = [ds EXCEPT ![r] = @ \cup {cop.oid}] - /\ copss' = [copss EXCEPT ![r] = xcopssr \cup {cop}] + LET xform == xForm(cop, r) \* [xcop, xcopss] + IN /\ state' = [state EXCEPT ![r] = Apply(xform.xcop.op, @)] + /\ copss' = [copss EXCEPT ![r] = xform.xcopss \cup {cop}] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) -DoOp(c, op) == \* op: the raw operation generated by the client c \in Client - /\ LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] - IN /\ Perform(cop, c) - /\ Comm(Cop)!CSend(cop) - -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins +DoOp(c, op) == \* Client c \in Client processes a locally generated operation op. + LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] + IN /\ Perform(cop, c) + /\ Comm(Cop)!CSend(cop) Do(c) == /\ DoCtx(c) /\ DoSerial(c) - /\ \/ DoIns(c) - \/ DoDel(c) ------------------------------------------------------------------------------ + /\ DoInt(DoOp, c) + Rev(c) == /\ Comm(Cop)!CRev(c) /\ Perform(Head(cincoming[c]), c) /\ RevSerial(c) /\ RevCtx(c) - /\ UNCHANGED chins ------------------------------------------------------------------------------ + /\ RevInt(c) + SRev == /\ Comm(Cop)!SRev /\ LET cop == Head(sincoming) @@ -90,7 +67,7 @@ SRev == /\ Comm(Cop)!SSendSame(cop.oid.c, cop) /\ SRevSerial /\ SRevCtx - /\ UNCHANGED chins + /\ SRevInt ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) @@ -107,5 +84,5 @@ Compactness == THEOREM Spec => Compactness ============================================================================= \* Modification History -\* Last modified Sat Dec 15 17:23:35 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:49 CST 2018 by hengxin \* Created Wed Dec 05 19:55:52 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/AbsJupiterH.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/AbsJupiterH.tla old mode 100755 new mode 100644 index 31270da..eed67c0 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/AbsJupiterH.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/AbsJupiterH.tla @@ -20,25 +20,21 @@ SRevH == SRev /\ list' = list \cup {state'[Server]} NextH == \/ \E c \in Client: DoH(c) \/ RevH(c) \/ SRevH + FairnessH == WF_varsH(SRevH \/ \E c \in Client: RevH(c)) SpecH == InitH /\ [][NextH]_varsH \* /\ FairnessH ------------------------------------------------------------- -(* -WLSpec: the weak list specification -*) -WLSpec == Comm(Cop)!EmptyChannel - => \A l1, l2 \in list: - /\ Injective(l1) - /\ Injective(l2) - /\ Compatible(l1, l2) +WLSpec == \* the weak list specification + Comm(Cop)!EmptyChannel + => \A l1, l2 \in list: + /\ Injective(l1) + /\ Injective(l2) + /\ Compatible(l1, l2) THEOREM SpecH => WLSpec -(* -SLSpec: the strong list specification -*) ============================================================================= \* Modification History -\* Last modified Sat Dec 15 09:08:53 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:56:37 CST 2018 by hengxin \* Created Sat Dec 15 09:00:46 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/CSComm.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/CSComm.tla old mode 100755 new mode 100644 index 7a0691d..7cd4728 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/CSComm.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/CSComm.tla @@ -5,9 +5,9 @@ Specification of communication in a Client-Server system model. EXTENDS SequenceUtils ----------------------------------------------------------------------------- CONSTANTS - Client, \* the set of clients - Server, \* the (unique) server - Msg \* the set of possible messages + Client, \* the set of clients + Server, \* the (unique) server + Msg \* the set of messages ----------------------------------------------------------------------------- VARIABLES cincoming, \* cincoming[c]: incoming channel at client c \in Client @@ -23,44 +23,32 @@ Init == EmptyChannel == Init ----------------------------------------------------------------------------- -(* -A client sends a message msg to the Server. -*) -CSend(msg) == +CSend(msg) == \* A client sends a message msg to the Server. /\ sincoming' = Append(sincoming, msg) /\ UNCHANGED cincoming -(* -Client c receives a message from the Server. -*) -CRev(c) == + +CRev(c) == \* Client c receives and consumes a message from the Server. /\ cincoming[c] # <<>> - /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] \* consume a message + /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] /\ UNCHANGED sincoming ----------------------------------------------------------------------------- (* SRev/SSend below is often used as a subaction. No UNCHANGED in their definitions. *) -(* -The Server receives a message. -*) -SRev == +SRev == \* The Server receives and consumes a message. /\ sincoming # <<>> - /\ sincoming' = Tail(sincoming) \* consume a message -(* -The Server sents a message cmsg to each client other than c \in Client. -*) -SSend(c, cmsg) == + /\ sincoming' = Tail(sincoming) + +SSend(c, cmsg) == \* The Server sents a message cmsg to each client other than c \in Client. /\ cincoming' = [cl \in Client |-> IF cl = c THEN cincoming[cl] ELSE Append(cincoming[cl], cmsg[cl])] -(* -The Server broadcasts the same message msg to all Clients other than c \in Client. -*) -SSendSame(c, msg) == + +SSendSame(c, msg) == \* The Server broadcasts the message msg to all clients other than c \in Client. /\ SSend(c, [cl \in Client |-> msg]) ============================================================================= \* Modification History -\* Last modified Tue Dec 04 20:49:02 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:04:29 CST 2018 by hengxin \* Created Sun Jun 24 10:25:34 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/FunctionUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/FunctionUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterCtx.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterCtx.tla old mode 100755 new mode 100644 index 10cbfa4..151b007 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterCtx.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterCtx.tla @@ -6,36 +6,42 @@ including AbsJupiter, CJupiter, and XJupiter. EXTENDS JupiterInterface ----------------------------------------------------------------------------- VARIABLES - cseq \* cseq[c]: local sequence number at client c \in Client - \* ds \* ds[r]: document state (a set of Oids) of replica r \in Replica + cseq, \* cseq[c]: local sequence number at client c \in Client + ds \* ds[r]: document state (a set of Oids) of replica r \in Replica -ctxVars == <> +ctxVars == <> ----------------------------------------------------------------------------- -(* -Cop: operation of type Op with context -*) Oid == [c: Client, seq: Nat] \* operation identifier -Cop == [op: Op \cup {Nop}, oid: Oid, ctx: SUBSET Oid] -(* -OT of two operations of type Cop. -*) -COT(lcop, rcop) == [lcop EXCEPT !.op = Xform(lcop.op, rcop.op), !.ctx = @ \cup {rcop.oid}] +Cop == [op: Op \cup {Nop}, oid: Oid, ctx: SUBSET Oid] \* contexted-based op + +ClientOf(cop) == cop.oid.c + +COT(lcop, rcop) == \* OT of two Cop(s). + [lcop EXCEPT !.op = Xform(lcop.op, rcop.op), !.ctx = @ \cup {rcop.oid}] + +UpdateDS(r, oid) == \* update ds[r] to include new oid \in Oid + ds' = [ds EXCEPT ![r] = @ \cup {oid}] ----------------------------------------------------------------------------- TypeOKCtx == /\ cseq \in [Client -> Nat] + /\ ds \in [Replica -> SUBSET Oid] InitCtx == /\ cseq = [c \in Client |-> 0] + /\ ds = [r \in Replica |-> {}] DoCtx(c) == /\ cseq' = [cseq EXCEPT ![c] = @ + 1] + /\ UpdateDS(c, [c |-> c, seq |-> cseq'[c]]) RevCtx(c) == + /\ UpdateDS(c, Head(cincoming[c]).oid) /\ UNCHANGED cseq SRevCtx == + /\ UpdateDS(Server, Head(sincoming).oid) /\ UNCHANGED cseq ============================================================================= \* Modification History -\* Last modified Sat Dec 15 17:20:47 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:52:44 CST 2018 by hengxin \* Created Wed Dec 05 20:03:50 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterInterface.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterInterface.tla old mode 100755 new mode 100644 index d39304a..148bcf2 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterInterface.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterInterface.tla @@ -6,9 +6,9 @@ the interface of a family of Jupiter specs. EXTENDS Integers, SequenceUtils, OT ----------------------------------------------------------------------------- CONSTANTS + Char, \* the set of characters Client, \* the set of client replicas Server, \* the (unique) server replica - Char, \* the set of characters allowed to be inserted InitState \* the initial state of each replica ASSUME \* We assume that all inserted elements are unique. @@ -32,14 +32,6 @@ MaxLen == Cardinality(Char) + Len(InitState) \* the max length of lists in any s ClientNum == Cardinality(Client) Priority == CHOOSE f \in [Client -> 1 .. ClientNum] : Injective(f) ----------------------------------------------------------------------------- -TypeOKInt == - /\ state \in [Replica -> List] - /\ chins \subseteq Char - -InitInt == - /\ state = [r \in Replica |-> InitState] - /\ chins = Char ------------------------------------------------------------------------------ (* The set of all operations. Note: The positions are indexed from 1. *) @@ -48,7 +40,37 @@ Del == [type: {"Del"}, pos: 1 .. MaxLen] Ins == [type: {"Ins"}, pos: 1 .. (MaxLen + 1), ch: Char, pr: 1 .. ClientNum] \* pr: priority Op == Ins \cup Del \* Now we don't consider Rd operations +----------------------------------------------------------------------------- +TypeOKInt == + /\ state \in [Replica -> List] + /\ chins \subseteq Char + +InitInt == + /\ state = [r \in Replica |-> InitState] + /\ chins = Char + +DoIns(DoOp(_, _), c) == \* Client c \in Client generates an "Ins" operation. + \E ins \in {op \in Ins: + /\ op.pos \in 1 .. (Len(state[c]) + 1) + /\ op.ch \in chins /\ op.pr = Priority[c]}: + /\ DoOp(c, ins) + /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. + +DoDel(DoOp(_, _), c) == \* Client c \in Client generates a "Del" operation. + \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: + /\ DoOp(c, del) + /\ UNCHANGED chins + +DoInt(DoOp(_, _), c) == \* Client c \in Client issues an operation. + \/ DoIns(DoOp, c) + \/ DoDel(DoOp, c) + +RevInt(c) == \* Client c \in Client receives a message from the Server. + /\UNCHANGED chins + +SRevInt == \* The Server receives a message. + /\ UNCHANGED chins ============================================================================= \* Modification History -\* Last modified Wed Dec 12 20:20:43 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:25 CST 2018 by hengxin \* Created Tue Dec 04 19:01:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterSerial.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterSerial.tla old mode 100755 new mode 100644 index d766fce..d3bd0bd --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterSerial.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/JupiterSerial.tla @@ -30,7 +30,7 @@ commSerial == INSTANCE CSComm WITH Msg <- Seq(Oid), TypeOKSerial == /\ serial \in [Replica -> Seq(Oid)] /\ commSerial!TypeOK ------------------------------------------------------------------------------ + InitSerial == /\ serial = [r \in Replica |-> <<>>] /\ commSerial!Init @@ -44,10 +44,10 @@ RevSerial(c) == SRevSerial == /\ LET cop == Head(sincoming) - IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] + IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] /\ commSerial!SSendSame(cop.oid.c, serial'[Server]) /\ UNCHANGED <> ============================================================================= \* Modification History -\* Last modified Wed Dec 12 21:04:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:54:56 CST 2018 by hengxin \* Created Wed Dec 05 21:03:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/MC.cfg b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/MC.cfg old mode 100755 new mode 100644 index d06a0f1..b8a9bae --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/MC.cfg +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/MC.cfg @@ -10,22 +10,22 @@ b = b CONSTANT Server = Server \* MV CONSTANT definitions CONSTANT -Client <- const_154486601622223000 +Client <- const_154625934920637000 \* MV CONSTANT definitions CONSTANT -Char <- const_154486601622224000 +Char <- const_154625934920638000 \* SYMMETRY definition -SYMMETRY symm_154486601622225000 +SYMMETRY symm_154625934920639000 \* CONSTANT definitions CONSTANT -InitState <- const_154486601622226000 +InitState <- const_154625934920640000 \* CONSTANT definition CONSTANT Nop = Nop \* SPECIFICATION definition SPECIFICATION -spec_154486601622228000 +spec_154625934920642000 \* INVARIANT definition INVARIANT -inv_154486601622229000 -\* Generated on Sat Dec 15 17:26:56 CST 2018 \ No newline at end of file +inv_154625934920643000 +\* Generated on Mon Dec 31 20:29:09 CST 2018 \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/MC.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/MC.tla old mode 100755 new mode 100644 index d99e9de..a40faa6 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/MC.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/MC.tla @@ -12,33 +12,33 @@ a, b ---- \* MV CONSTANT definitions Client -const_154486601622223000 == +const_154625934920637000 == {c1, c2} ---- \* MV CONSTANT definitions Char -const_154486601622224000 == +const_154625934920638000 == {a, b} ---- \* SYMMETRY definition -symm_154486601622225000 == -Permutations(const_154486601622224000) +symm_154625934920639000 == +Permutations(const_154625934920638000) ---- \* CONSTANT definitions @modelParameterConstants:2InitState -const_154486601622226000 == +const_154625934920640000 == <<>> ---- \* SPECIFICATION definition @modelBehaviorSpec:0 -spec_154486601622228000 == +spec_154625934920642000 == SpecH ---- \* INVARIANT definition @modelCorrectnessInvariants:0 -inv_154486601622229000 == +inv_154625934920643000 == WLSpec ---- ============================================================================= \* Modification History -\* Created Sat Dec 15 17:26:56 CST 2018 by hengxin +\* Created Mon Dec 31 20:29:09 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/OT.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/OT.tla old mode 100755 new mode 100644 index 0290846..4980ff3 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/OT.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/OT.tla @@ -1,21 +1,11 @@ --------------------------------- MODULE OT --------------------------------- -(***************************************************************************) -(* Specification of OT (Operational Transformation) functions. *) -(* It consists of the basic OT functions for two operations and *) -(* more general ones involving operation sequences. *) -(***************************************************************************) +(* +This module contains the basic OT (Operational Transformation) functions +for two operations and general ones involving operation sequences. +*) EXTENDS OpOperators, SetUtils ----------------------------------------------------------------------------- -(***************************************************************************) -(* OT (Operational Transformation) functions. *) -(* *) -(* Naming convention: I for "Ins" and D for "Del". *) -(***************************************************************************) - -(***************************************************************************) -(* The left "Ins" lins transformed against the right "Ins" rins. *) -(***************************************************************************) -XformII(lins, rins) == +XformII(lins, rins) == \* lins is transformed against rins IF lins.pos < rins.pos THEN lins ELSE IF lins.pos > rins.pos @@ -26,89 +16,58 @@ XformII(lins, rins) == THEN [lins EXCEPT !.pos = @+1] ELSE lins -(***************************************************************************) -(* The left "Ins" ins transformed against the right "Del" del. *) -(***************************************************************************) -XformID(ins, del) == +XformID(ins, del) == \* ins is transformed against del IF ins.pos <= del.pos THEN ins ELSE [ins EXCEPT !.pos = @-1] -(***************************************************************************) -(* The left "Del" del transformed against the right "Ins" ins. *) -(***************************************************************************) -XformDI(del, ins) == +XformDI(del, ins) == \* del is transformed against ins IF del.pos < ins.pos THEN del ELSE [del EXCEPT !.pos = @+1] -(***************************************************************************) -(* The left "Del" ldel transformed against the right "Del" rdel. *) -(***************************************************************************) -XformDD(ldel, rdel) == +XformDD(ldel, rdel) == \* ldel is transformed against rdel IF ldel.pos < rdel.pos THEN ldel ELSE IF ldel.pos > rdel.pos THEN [ldel EXCEPT !.pos = @-1] ELSE Nop ------------------------------------------------------------------------------ -(***************************************************************************) -(* Transform the left operation lop against the right operation rop *) -(* with appropriate OT function. *) -(***************************************************************************) -Xform(lop, rop) == + +Xform(lop, rop) == \* lop is transformed against rop CASE lop = Nop \/ rop = Nop -> lop [] lop.type = "Ins" /\ rop.type = "Ins" -> XformII(lop, rop) [] lop.type = "Ins" /\ rop.type = "Del" -> XformID(lop, rop) [] lop.type = "Del" /\ rop.type = "Ins" -> XformDI(lop, rop) [] lop.type = "Del" /\ rop.type = "Del" -> XformDD(lop, rop) ----------------------------------------------------------------------------- -(***************************************************************************) -(* Generalized OT functions on operation sequences. *) -(***************************************************************************) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(***************************************************************************) -RECURSIVE XformOpOps(_,_) -XformOpOps(op, ops) == - IF ops = <<>> - THEN op - ELSE XformOpOps(Xform(op, Head(ops)), Tail(ops)) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(* Being different from XformOpOps, *) -(* XformOpOpsX maintains the intermediate transformed operation *) -(***************************************************************************) -RECURSIVE XformOpOpsX(_,_) -XformOpOpsX(op, ops) == - IF ops = <<>> - THEN <> - ELSE <> \o XformOpOpsX(Xform(op, Head(ops)), Tail(ops)) +(* +Generalized OT functions on operation sequences. +*) +RECURSIVE XformOpOps(_, _, _) +XformOpOps(xform(_,_), op, ops) == \* Transform an operation op against an operation sequence ops. + IF ops = <<>> + THEN op + ELSE XformOpOps(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation sequence ops *) -(* against an operation op. *) -(***************************************************************************) -XformOpsOp(ops, op) == - LET opX == XformOpOpsX(op, ops) - IN [i \in 1 .. Len(ops) |-> Xform(ops[i], opX[i])] +RECURSIVE XformOpOpsX(_, _,_) +XformOpOpsX(xform(_, _), op, ops) == \* Transform an operation op against an operation sequence ops. + IF ops = <<>> + THEN <> \* Maintain and return the intermediate transformed operations. + ELSE <> \o XformOpOpsX(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms an operation sequence ops1 *) -(* against another operation sequence ops2. *) -(* *) -(* See also Definition 2.13 of the paper "Imine @ TCS06". *) -(***************************************************************************) -RECURSIVE XformOpsOps(_,_) -XformOpsOps(ops1, ops2) == +XformOpsOp(xform(_, _), ops, op) == \* Transform an operation sequence ops against an operation op. + LET opX == XformOpOpsX(xform, op, ops) + IN [i \in 1 .. Len(ops) |-> xform(ops[i], opX[i])] +(* +Transforms an operation sequence ops1 against another operation sequence ops2; +see Definition 2.13 of the paper "Imine@TCS06". +*) +RECURSIVE XformOpsOps(_, _,_) +XformOpsOps(xform(_, _), ops1, ops2) == IF ops2 = <<>> THEN ops1 - ELSE XformOpsOps(XformOpsOp(ops1, Head(ops2)), Tail(ops2)) + ELSE XformOpsOps(xform, XformOpsOp(xform, ops1, Head(ops2)), Tail(ops2)) ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:13:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:45:16 CST 2018 by hengxin \* Created Sun Jun 24 15:57:48 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/OpOperators.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/OpOperators.tla old mode 100755 new mode 100644 index 6131506..2989bbe --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/OpOperators.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/OpOperators.tla @@ -1,39 +1,23 @@ ---------------------------- MODULE OpOperators ---------------------------- -(***************************************************************************) -(* Operators for Op. *) -(***************************************************************************) +(* +Operators for Op. +*) EXTENDS Naturals, Sequences, SequenceUtils - -Nop == PickNone(Nat) ----------------------------------------------------------------------------- -(*********************************************************************) -(* The "Apply" operator which applies an operation op on the list l. *) -(* *) -(* Del: If pos > Len(l), the last element of l is deleted. *) -(* This is realized by the DeleteElement operator. *) -(* Ins: If pos > Len(l), the new element is appended to l. *) -(* This is realized by the InsertElement operator. *) -(*********************************************************************) -Apply(op, l) == CASE op = Nop -> l - [] op.type = "Rd" -> l - [] op.type = "Del" -> DeleteElement(l, op.pos) - [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) -(*********************************************************************) -(* The "ApplyOps" operator which applies an operation sequence ops *) -(* on the list l. *) -(*********************************************************************) -RECURSIVE ApplyOps(_, _) +Nop == PickNone(Nat) + +Apply(op, l) == \* Apply an operation op on the list l. + CASE op = Nop -> l + [] op.type = "Rd" -> l + [] op.type = "Del" -> DeleteElement(l, op.pos) \* Last(l) is deleted if pos > Len(l) + [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) \* Append(l, ch) if pos > Len(l) + +RECURSIVE ApplyOps(_, _) \* Apply an operation sequence ops on the list l. ApplyOps(ops, l) == IF ops = <<>> THEN l ELSE Apply(Last(ops), ApplyOps(AllButLast(ops), l)) ------------------------------------------------------------------------------ -(*********************************************************************) -(* Check whether an operation op is legal with respect to the list l.*) -(*********************************************************************) -IsLegalOp(op, l) == CASE op.type = "Del" -> op.pos <= Len(l) - [] op.type = "Ins" -> op.pos <= Len(l) + 1 ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:14:35 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:21:16 CST 2018 by hengxin \* Created Tue Aug 28 14:58:54 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/SequenceUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/SequenceUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/SetUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/AbsJupiterH.toolbox/WLSpec/SetUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.pdf index 4f014a3..aaa5ba1 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.tla index 83889d6..46c06a5 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.tla @@ -48,50 +48,29 @@ xForm(cop, r) == edge |-> {[from |-> vh, to |-> vprime, cop |-> fcop2coph], [from |-> uprime, to |-> vprime, cop |-> coph2fcop]}]) IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) -(* -Perform cop at replica r \in Replica. -*) -Perform(cop, r) == + +Perform(cop, r) == \* Perform cop at replica r \in Replica. LET xform == xForm(cop, r) \* xform: [xcss, xcop] IN /\ css' = [css EXCEPT ![r] = @ (+) xform.xcss] /\ state' = [state EXCEPT ![r] = Apply(xform.xcop.op, @)] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) DoOp(c, op) == /\ LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] IN /\ Perform(cop, c) /\ Comm(Cop)!CSend(cop) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - Do(c) == /\ DoCtx(c) /\ DoSerial(c) - /\ \/ DoIns(c) - \/ DoDel(c) -(* -Client c \in Client receives a message from the Server. -*) + /\ DoInt(DoOp, c) + Rev(c) == /\ Comm(Cop)!CRev(c) /\ Perform(Head(cincoming[c]), c) /\ RevSerial(c) /\ RevCtx(c) - /\ UNCHANGED chins ------------------------------------------------------------------------------ -(* -The Server receives a message. -*) + /\ RevInt(c) + SRev == /\ Comm(Cop)!SRev /\ LET cop == Head(sincoming) @@ -99,7 +78,7 @@ SRev == /\ Comm(Cop)!SSendSame(cop.oid.c, cop) \* broadcast the original operation /\ SRevSerial /\ SRevCtx - /\ UNCHANGED chins + /\ SRevInt ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) @@ -110,11 +89,11 @@ Fairness == \* There is no requirement that the clients ever generate operations Spec == Init /\ [][Next]_vars \* /\ Fairness (We care more about safety.) ----------------------------------------------------------------------------- -Compactness == \* The compactness of CJupiter: the CSSes at all replicas are the same. +Compactness == \* Compactness of CJupiter: the CSSes at all replicas are the same. Comm(Cop)!EmptyChannel => Cardinality(Range(css)) = 1 THEOREM Spec => Compactness ============================================================================= \* Modification History -\* Last modified Mon Dec 31 11:02:07 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:36:31 CST 2018 by hengxin \* Created Sat Sep 01 11:08:00 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/CJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/CJupiter.pdf index 4f014a3..aaa5ba1 100755 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/CJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/CJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/CJupiter.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/CJupiter.tex index a954102..75354a3 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/CJupiter.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/CJupiter.tex @@ -1040,143 +1040,106 @@ \@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}}\@s{20.5} \.{\IN} xFormHelper ( u ,\, v ,\, cop ,\, [ node \.{\mapsto} \{ v \} ,\, edge \.{\mapsto} \{ [ from \.{\mapsto} u ,\, to \.{\mapsto} v ,\, cop \.{\mapsto} cop ] \} ] )}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Perform cop at replica \ensuremath{r \.{\in} Replica}. -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}} Perform ( cop ,\, r ) +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}} Perform ( cop ,\, r ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{16.4} \.{\LET} xform +\@y{\@s{0}% + Perform cop at replica \ensuremath{r \.{\in} Replica}. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{16.4} \.{\LET} xform \.{\defeq} xForm ( cop ,\, r )\@s{4.1}}% \@y{\@s{0}% \ensuremath{xform}: [\ensuremath{xcss}, \ensuremath{xcop}] }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{16.4} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{16.4} \.{\IN} \.{\land} css \.{'} \.{=} [ css {\EXCEPT} {\bang} [ r ] \.{=} @ \.{\oplus} xform . xcss ]}% - \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{36.79} \.{\land} state + \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{36.79} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ r ] \.{=} Apply ( xform . xcop . op ,\, @ ) ]}% -\@x{\makebox[0pt][r]{\scriptsize 58\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Client \ensuremath{c \.{\in} Client} issues an operation \ensuremath{op}. -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}} DoOp ( c ,\, op ) +\@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}}\midbar\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}} DoOp ( c ,\, op ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}}\@s{26.06} \.{\land} \.{\LET} + \@x{\makebox[0pt][r]{\scriptsize 58\hspace{1em}}\@s{26.06} \.{\land} \.{\LET} cop \.{\defeq} [ op \.{\mapsto} op ,\, oid \.{\mapsto} [ c \.{\mapsto} c ,\, seq \.{\mapsto} cseq \.{'} [ c ] ] ,\, ctx \.{\mapsto} ds [ c ] ]}% - \@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}}\@s{37.18} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}}\@s{37.18} \.{\IN} \.{\land} Perform ( cop ,\, c )}% - \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}}\@s{57.58} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}}\@s{57.58} \.{\land} Comm ( Cop ) {\bang} CSend ( cop )}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 67\hspace{1em}} DoIns ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}}\@s{16.4} \E\, ins \.{\in} \{ - op \.{\in} Ins \.{:} op . pos \.{\in} 1 \.{\dotdot} ( Len ( state [ c ] ) - \.{+} 1 ) \.{\land} op . ch \.{\in} chins \.{\land} op . pr \.{=} Priority [ - c ] \} \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, ins )}% - \@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}}\@s{27.72} \.{\land} chins - \.{'} \.{=} chins \.{\,\backslash\,} \{ ins . ch \}}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}} DoDel ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}\@s{16.4} \E\, del \.{\in} \{ - op \.{\in} Del \.{:} op . pos \.{\in} 1 \.{\dotdot} Len ( state [ c ] ) \} - \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 74\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, del )}% - \@x{\makebox[0pt][r]{\scriptsize 75\hspace{1em}}\@s{27.72} \.{\land} - {\UNCHANGED} chins}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}} Do ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 78\hspace{1em}}\@s{22.34} \.{\land} DoCtx ( +\@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}} Do ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}}\@s{22.34} \.{\land} DoCtx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}}\@s{22.34} \.{\land} DoSerial + \@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}}\@s{22.34} \.{\land} DoSerial ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 80\hspace{1em}}\@s{22.34} \.{\land} \.{\lor} - DoIns ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}}\@s{33.45} \.{\lor} DoDel ( c - )}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% - Client \ensuremath{c \.{\in} Client} receives a message from the - \ensuremath{Server}. -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}} Rev ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 86\hspace{1em}}\@s{20.94} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}}\@s{22.34} \.{\land} DoInt ( + DoOp ,\, c )}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 67\hspace{1em}} Rev ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}}\@s{20.94} \.{\land} Comm ( Cop ) {\bang} CRev ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 87\hspace{1em}}\@s{20.94} \.{\land} Perform + \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{20.94} \.{\land} Perform ( Head ( cincoming [ c ] ) ,\, c )}% - \@x{\makebox[0pt][r]{\scriptsize 88\hspace{1em}}\@s{20.94} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}}\@s{20.94} \.{\land} RevSerial ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 89\hspace{1em}}\@s{20.94} \.{\land} RevCtx ( + \@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}\@s{20.94} \.{\land} RevCtx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 90\hspace{1em}}\@s{20.94} \.{\land} - {\UNCHANGED} chins}% -\@x{\makebox[0pt][r]{\scriptsize 91\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -The \ensuremath{Server} receives a message. -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 95\hspace{1em}} SRev \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 96\hspace{1em}}\@s{16.4} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{20.94} \.{\land} RevInt ( + c )}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 74\hspace{1em}} SRev \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 75\hspace{1em}}\@s{16.4} \.{\land} Comm ( Cop ) {\bang} SRev}% - \@x{\makebox[0pt][r]{\scriptsize 97\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} + \@x{\makebox[0pt][r]{\scriptsize 76\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} cop \.{\defeq} Head ( sincoming )}% - \@x{\makebox[0pt][r]{\scriptsize 98\hspace{1em}}\@s{27.51} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}}\@s{27.51} \.{\IN} \.{\land} Perform ( cop ,\, Server )}% - \@x{\makebox[0pt][r]{\scriptsize 99\hspace{1em}}\@s{47.91} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 78\hspace{1em}}\@s{47.91} \.{\land} Comm ( Cop ) {\bang} SSendSame ( cop . oid . c ,\, cop )\@s{4.1}}% \@y{\@s{0}% broadcast the original operation }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 100\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}}\@s{16.4} \.{\land} SRevSerial}% -\@x{\makebox[0pt][r]{\scriptsize 101\hspace{1em}}\@s{16.4} \.{\land} SRevCtx}% - \@x{\makebox[0pt][r]{\scriptsize 102\hspace{1em}}\@s{16.4} \.{\land} - {\UNCHANGED} chins}% -\@x{\makebox[0pt][r]{\scriptsize 103\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 104\hspace{1em}} Next \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 105\hspace{1em}}\@s{16.4} \.{\lor} \E\, c +\@x{\makebox[0pt][r]{\scriptsize 80\hspace{1em}}\@s{16.4} \.{\land} SRevCtx}% +\@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}}\@s{16.4} \.{\land} SRevInt}% +\@x{\makebox[0pt][r]{\scriptsize 82\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 83\hspace{1em}} Next \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 84\hspace{1em}}\@s{16.4} \.{\lor} \E\, c \.{\in} Client \.{:} Do ( c ) \.{\lor} Rev ( c )}% -\@x{\makebox[0pt][r]{\scriptsize 106\hspace{1em}}\@s{16.4} \.{\lor} SRev}% +\@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}}\@s{16.4} \.{\lor} SRev}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 108\hspace{1em}} Fairness \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 87\hspace{1em}} Fairness \.{\defeq}}% \@y{\@s{0}% There is no requirement that the clients ever generate operations. }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 109\hspace{1em}}\@s{16.4} {\WF}_{ vars} ( + \@x{\makebox[0pt][r]{\scriptsize 88\hspace{1em}}\@s{16.4} {\WF}_{ vars} ( SRev \.{\lor} \E\, c \.{\in} Client \.{:} Rev ( c ) )}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 111\hspace{1em}} Spec \.{\defeq} Init + \@x{\makebox[0pt][r]{\scriptsize 90\hspace{1em}} Spec \.{\defeq} Init \.{\land} {\Box} [ Next ]_{ vars}}% \@y{\@s{0}% \ensuremath{\.{\land} Fairness} (We care more about safety.) }% \@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 112\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 113\hspace{1em}} Compactness \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 91\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 92\hspace{1em}} Compactness \.{\defeq}}% \@y{\@s{0}% - The compactness of \ensuremath{CJupiter}: the \ensuremath{CSSes} at all - replicas are the same. + Compactness of \ensuremath{CJupiter}: the \ensuremath{CSSes} at all replicas + are the same. }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 114\hspace{1em}}\@s{16.4} Comm ( Cop ) + \@x{\makebox[0pt][r]{\scriptsize 93\hspace{1em}}\@s{16.4} Comm ( Cop ) {\bang} EmptyChannel \.{\implies} Cardinality ( Range ( css ) ) \.{=} 1}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 116\hspace{1em}} {\THEOREM} Spec - \.{\implies} Compactness}% -\@x{\makebox[0pt][r]{\scriptsize 117\hspace{1em}}}\bottombar\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 95\hspace{1em}} {\THEOREM} Spec \.{\implies} + Compactness}% +\@x{\makebox[0pt][r]{\scriptsize 96\hspace{1em}}}\bottombar\@xx{}% \setboolean{shading}{false} \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% @@ -1184,7 +1147,7 @@ \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} - \ensuremath{Dec} 31 11:02:07 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{Dec} 31 20:36:31 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/CJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/CJupiter.tla index 4324e73..46c06a5 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/CJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/CJupiter.tla @@ -33,8 +33,7 @@ xForm(cop, r) == v == u \cup {cop.oid} RECURSIVE xFormHelper(_, _, _, _) xFormHelper(uh, vh, coph, xcss) == \* xcss: eXtra css created during transformation - IF uh = ds[r] - THEN [xcss |-> xcss, xcop |-> coph] + IF uh = ds[r] THEN [xcss |-> xcss, xcop |-> coph] ELSE LET fedge == CHOOSE e \in rcss.edge: /\ e.from = uh /\ \A uhe \in rcss.edge \ {e}: @@ -44,55 +43,34 @@ xForm(cop, r) == coph2fcop == COT(coph, fcop) fcop2coph == COT(fcop, coph) vprime == vh \cup {fcop.oid} - IN xFormHelper(uprime, vprime, coph2fcop, + IN xFormHelper(uprime, vprime, coph2fcop, xcss (+) [node |-> {vprime}, edge |-> {[from |-> vh, to |-> vprime, cop |-> fcop2coph], [from |-> uprime, to |-> vprime, cop |-> coph2fcop]}]) - IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) -(* -Perform cop at replica r \in Replica. -*) -Perform(cop, r) == + IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) + +Perform(cop, r) == \* Perform cop at replica r \in Replica. LET xform == xForm(cop, r) \* xform: [xcss, xcop] IN /\ css' = [css EXCEPT ![r] = @ (+) xform.xcss] /\ state' = [state EXCEPT ![r] = Apply(xform.xcop.op, @)] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) -DoOp(c, op) == \* op: the raw operation generated by the client c \in Client +DoOp(c, op) == /\ LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] IN /\ Perform(cop, c) /\ Comm(Cop)!CSend(cop) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - Do(c) == /\ DoCtx(c) /\ DoSerial(c) - /\ \/ DoIns(c) - \/ DoDel(c) -(* -Client c \in Client receives a message from the Server. -*) + /\ DoInt(DoOp, c) + Rev(c) == /\ Comm(Cop)!CRev(c) /\ Perform(Head(cincoming[c]), c) /\ RevSerial(c) /\ RevCtx(c) - /\ UNCHANGED chins ------------------------------------------------------------------------------ -(* -The Server receives a message. -*) + /\ RevInt(c) + SRev == /\ Comm(Cop)!SRev /\ LET cop == Head(sincoming) @@ -100,27 +78,22 @@ SRev == /\ Comm(Cop)!SSendSame(cop.oid.c, cop) \* broadcast the original operation /\ SRevSerial /\ SRevCtx - /\ UNCHANGED chins + /\ SRevInt ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) \/ SRev -(* -Fairness: There is no requirement that the clients ever generate operations. -*) -Fairness == + +Fairness == \* There is no requirement that the clients ever generate operations. WF_vars(SRev \/ \E c \in Client: Rev(c)) Spec == Init /\ [][Next]_vars \* /\ Fairness (We care more about safety.) ----------------------------------------------------------------------------- -(* -The compactness of CJupiter: the CSSes at all replicas are the same. -*) -Compactness == +Compactness == \* Compactness of CJupiter: the CSSes at all replicas are the same. Comm(Cop)!EmptyChannel => Cardinality(Range(css)) = 1 THEOREM Spec => Compactness ============================================================================= \* Modification History -\* Last modified Mon Dec 31 10:57:39 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:36:31 CST 2018 by hengxin \* Created Sat Sep 01 11:08:00 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/CSComm.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/CSComm.tla index 7a0691d..7cd4728 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/CSComm.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/CSComm.tla @@ -5,9 +5,9 @@ Specification of communication in a Client-Server system model. EXTENDS SequenceUtils ----------------------------------------------------------------------------- CONSTANTS - Client, \* the set of clients - Server, \* the (unique) server - Msg \* the set of possible messages + Client, \* the set of clients + Server, \* the (unique) server + Msg \* the set of messages ----------------------------------------------------------------------------- VARIABLES cincoming, \* cincoming[c]: incoming channel at client c \in Client @@ -23,44 +23,32 @@ Init == EmptyChannel == Init ----------------------------------------------------------------------------- -(* -A client sends a message msg to the Server. -*) -CSend(msg) == +CSend(msg) == \* A client sends a message msg to the Server. /\ sincoming' = Append(sincoming, msg) /\ UNCHANGED cincoming -(* -Client c receives a message from the Server. -*) -CRev(c) == + +CRev(c) == \* Client c receives and consumes a message from the Server. /\ cincoming[c] # <<>> - /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] \* consume a message + /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] /\ UNCHANGED sincoming ----------------------------------------------------------------------------- (* SRev/SSend below is often used as a subaction. No UNCHANGED in their definitions. *) -(* -The Server receives a message. -*) -SRev == +SRev == \* The Server receives and consumes a message. /\ sincoming # <<>> - /\ sincoming' = Tail(sincoming) \* consume a message -(* -The Server sents a message cmsg to each client other than c \in Client. -*) -SSend(c, cmsg) == + /\ sincoming' = Tail(sincoming) + +SSend(c, cmsg) == \* The Server sents a message cmsg to each client other than c \in Client. /\ cincoming' = [cl \in Client |-> IF cl = c THEN cincoming[cl] ELSE Append(cincoming[cl], cmsg[cl])] -(* -The Server broadcasts the same message msg to all Clients other than c \in Client. -*) -SSendSame(c, msg) == + +SSendSame(c, msg) == \* The Server broadcasts the message msg to all clients other than c \in Client. /\ SSend(c, [cl \in Client |-> msg]) ============================================================================= \* Modification History -\* Last modified Tue Dec 04 20:49:02 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:04:29 CST 2018 by hengxin \* Created Sun Jun 24 10:25:34 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/GraphsUtil.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/GraphsUtil.tla index 83ecccd..823e17a 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/GraphsUtil.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/GraphsUtil.tla @@ -1,9 +1,5 @@ ----------------------------- MODULE GraphsUtil ----------------------------- (* -A module that defines graphs and the operations on them. -*) ------------------------------------------------------------------------------ -(* A graph is a pair consisting of a set of nodes and a set of directed edges, each of which is a pair of nodes. It is represented by a record with node field and edge field. @@ -17,5 +13,5 @@ g (+) h == \* A union (in terms of set) of two graphs g and h. [node |-> g.node \cup h.node, edge |-> g.edge \cup h.edge] ============================================================================= \* Modification History -\* Last modified Wed Dec 19 18:22:46 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:47:39 CST 2018 by hengxin \* Created Wed Dec 19 11:11:25 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterCtx.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterCtx.tla index 25e92f5..151b007 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterCtx.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterCtx.tla @@ -19,7 +19,7 @@ ClientOf(cop) == cop.oid.c COT(lcop, rcop) == \* OT of two Cop(s). [lcop EXCEPT !.op = Xform(lcop.op, rcop.op), !.ctx = @ \cup {rcop.oid}] -UpdateDS(r, oid) == \* update ds to include new oid \in Oid +UpdateDS(r, oid) == \* update ds[r] to include new oid \in Oid ds' = [ds EXCEPT ![r] = @ \cup {oid}] ----------------------------------------------------------------------------- TypeOKCtx == @@ -43,5 +43,5 @@ SRevCtx == /\ UNCHANGED cseq ============================================================================= \* Modification History -\* Last modified Fri Dec 28 14:38:39 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:52:44 CST 2018 by hengxin \* Created Wed Dec 05 20:03:50 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterInterface.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterInterface.tla index d39304a..148bcf2 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterInterface.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterInterface.tla @@ -6,9 +6,9 @@ the interface of a family of Jupiter specs. EXTENDS Integers, SequenceUtils, OT ----------------------------------------------------------------------------- CONSTANTS + Char, \* the set of characters Client, \* the set of client replicas Server, \* the (unique) server replica - Char, \* the set of characters allowed to be inserted InitState \* the initial state of each replica ASSUME \* We assume that all inserted elements are unique. @@ -32,14 +32,6 @@ MaxLen == Cardinality(Char) + Len(InitState) \* the max length of lists in any s ClientNum == Cardinality(Client) Priority == CHOOSE f \in [Client -> 1 .. ClientNum] : Injective(f) ----------------------------------------------------------------------------- -TypeOKInt == - /\ state \in [Replica -> List] - /\ chins \subseteq Char - -InitInt == - /\ state = [r \in Replica |-> InitState] - /\ chins = Char ------------------------------------------------------------------------------ (* The set of all operations. Note: The positions are indexed from 1. *) @@ -48,7 +40,37 @@ Del == [type: {"Del"}, pos: 1 .. MaxLen] Ins == [type: {"Ins"}, pos: 1 .. (MaxLen + 1), ch: Char, pr: 1 .. ClientNum] \* pr: priority Op == Ins \cup Del \* Now we don't consider Rd operations +----------------------------------------------------------------------------- +TypeOKInt == + /\ state \in [Replica -> List] + /\ chins \subseteq Char + +InitInt == + /\ state = [r \in Replica |-> InitState] + /\ chins = Char + +DoIns(DoOp(_, _), c) == \* Client c \in Client generates an "Ins" operation. + \E ins \in {op \in Ins: + /\ op.pos \in 1 .. (Len(state[c]) + 1) + /\ op.ch \in chins /\ op.pr = Priority[c]}: + /\ DoOp(c, ins) + /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. + +DoDel(DoOp(_, _), c) == \* Client c \in Client generates a "Del" operation. + \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: + /\ DoOp(c, del) + /\ UNCHANGED chins + +DoInt(DoOp(_, _), c) == \* Client c \in Client issues an operation. + \/ DoIns(DoOp, c) + \/ DoDel(DoOp, c) + +RevInt(c) == \* Client c \in Client receives a message from the Server. + /\UNCHANGED chins + +SRevInt == \* The Server receives a message. + /\ UNCHANGED chins ============================================================================= \* Modification History -\* Last modified Wed Dec 12 20:20:43 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:25 CST 2018 by hengxin \* Created Tue Dec 04 19:01:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterSerial.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterSerial.tla index d766fce..d3bd0bd 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterSerial.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/JupiterSerial.tla @@ -30,7 +30,7 @@ commSerial == INSTANCE CSComm WITH Msg <- Seq(Oid), TypeOKSerial == /\ serial \in [Replica -> Seq(Oid)] /\ commSerial!TypeOK ------------------------------------------------------------------------------ + InitSerial == /\ serial = [r \in Replica |-> <<>>] /\ commSerial!Init @@ -44,10 +44,10 @@ RevSerial(c) == SRevSerial == /\ LET cop == Head(sincoming) - IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] + IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] /\ commSerial!SSendSame(cop.oid.c, serial'[Server]) /\ UNCHANGED <> ============================================================================= \* Modification History -\* Last modified Wed Dec 12 21:04:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:54:56 CST 2018 by hengxin \* Created Wed Dec 05 21:03:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/MC.cfg b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/MC.cfg index 1e1bb7d..fca7653 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/MC.cfg +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/MC.cfg @@ -10,22 +10,22 @@ b = b CONSTANT Server = Server \* MV CONSTANT definitions CONSTANT -Client <- const_15462251297539000 +Client <- const_15462598047882000 \* MV CONSTANT definitions CONSTANT -Char <- const_154622512975310000 +Char <- const_15462598047883000 \* SYMMETRY definition -SYMMETRY symm_154622512975311000 +SYMMETRY symm_15462598047884000 \* CONSTANT definitions CONSTANT -InitState <- const_154622512975312000 +InitState <- const_15462598047885000 \* CONSTANT definition CONSTANT Nop = Nop \* SPECIFICATION definition SPECIFICATION -spec_154622512975314000 +spec_15462598047897000 \* INVARIANT definition INVARIANT -inv_154622512975315000 -\* Generated on Mon Dec 31 10:58:49 CST 2018 \ No newline at end of file +inv_15462598047898000 +\* Generated on Mon Dec 31 20:36:44 CST 2018 \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/MC.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/MC.tla index bd78a88..4952d3a 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/MC.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/MC.tla @@ -12,33 +12,33 @@ a, b ---- \* MV CONSTANT definitions Client -const_15462251297539000 == +const_15462598047882000 == {c1, c2} ---- \* MV CONSTANT definitions Char -const_154622512975310000 == +const_15462598047883000 == {a, b} ---- \* SYMMETRY definition -symm_154622512975311000 == -Permutations(const_154622512975310000) +symm_15462598047884000 == +Permutations(const_15462598047883000) ---- \* CONSTANT definitions @modelParameterConstants:2InitState -const_154622512975312000 == +const_15462598047885000 == <<>> ---- \* SPECIFICATION definition @modelBehaviorSpec:0 -spec_154622512975314000 == +spec_15462598047897000 == Spec ---- \* INVARIANT definition @modelCorrectnessInvariants:0 -inv_154622512975315000 == +inv_15462598047898000 == Compactness ---- ============================================================================= \* Modification History -\* Created Mon Dec 31 10:58:49 CST 2018 by hengxin +\* Created Mon Dec 31 20:36:44 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/OT.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/OT.tla index a8dacd0..4980ff3 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/OT.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/OT.tla @@ -1,21 +1,11 @@ --------------------------------- MODULE OT --------------------------------- -(***************************************************************************) -(* Specification of OT (Operational Transformation) functions. *) -(* It consists of the basic OT functions for two operations and *) -(* more general ones involving operation sequences. *) -(***************************************************************************) +(* +This module contains the basic OT (Operational Transformation) functions +for two operations and general ones involving operation sequences. +*) EXTENDS OpOperators, SetUtils ----------------------------------------------------------------------------- -(***************************************************************************) -(* OT (Operational Transformation) functions. *) -(* *) -(* Naming convention: I for "Ins" and D for "Del". *) -(***************************************************************************) - -(***************************************************************************) -(* The left "Ins" lins transformed against the right "Ins" rins. *) -(***************************************************************************) -XformII(lins, rins) == +XformII(lins, rins) == \* lins is transformed against rins IF lins.pos < rins.pos THEN lins ELSE IF lins.pos > rins.pos @@ -25,84 +15,59 @@ XformII(lins, rins) == ELSE IF lins.pr > rins.pr THEN [lins EXCEPT !.pos = @+1] ELSE lins -(***************************************************************************) -(* The left "Ins" ins transformed against the right "Del" del. *) -(***************************************************************************) -XformID(ins, del) == + +XformID(ins, del) == \* ins is transformed against del IF ins.pos <= del.pos THEN ins ELSE [ins EXCEPT !.pos = @-1] -(***************************************************************************) -(* The left "Del" del transformed against the right "Ins" ins. *) -(***************************************************************************) -XformDI(del, ins) == + +XformDI(del, ins) == \* del is transformed against ins IF del.pos < ins.pos THEN del ELSE [del EXCEPT !.pos = @+1] -(***************************************************************************) -(* The left "Del" ldel transformed against the right "Del" rdel. *) -(***************************************************************************) -XformDD(ldel, rdel) == + +XformDD(ldel, rdel) == \* ldel is transformed against rdel IF ldel.pos < rdel.pos THEN ldel ELSE IF ldel.pos > rdel.pos THEN [ldel EXCEPT !.pos = @-1] ELSE Nop ------------------------------------------------------------------------------ -(***************************************************************************) -(* Transform the left operation lop against the right operation rop *) -(* with appropriate OT function. *) -(***************************************************************************) -Xform(lop, rop) == + +Xform(lop, rop) == \* lop is transformed against rop CASE lop = Nop \/ rop = Nop -> lop [] lop.type = "Ins" /\ rop.type = "Ins" -> XformII(lop, rop) [] lop.type = "Ins" /\ rop.type = "Del" -> XformID(lop, rop) [] lop.type = "Del" /\ rop.type = "Ins" -> XformDI(lop, rop) [] lop.type = "Del" /\ rop.type = "Del" -> XformDD(lop, rop) ----------------------------------------------------------------------------- -(***************************************************************************) -(* Generalized OT functions on operation sequences. *) -(***************************************************************************) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(***************************************************************************) -RECURSIVE XformOpOps(_, _, _) -XformOpOps(xform(_,_), op, ops) == +(* +Generalized OT functions on operation sequences. +*) +RECURSIVE XformOpOps(_, _, _) +XformOpOps(xform(_,_), op, ops) == \* Transform an operation op against an operation sequence ops. IF ops = <<>> THEN op ELSE XformOpOps(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(* Being different from XformOpOps, *) -(* XformOpOpsX maintains the intermediate transformed operation *) -(***************************************************************************) + RECURSIVE XformOpOpsX(_, _,_) -XformOpOpsX(xform(_, _), op, ops) == +XformOpOpsX(xform(_, _), op, ops) == \* Transform an operation op against an operation sequence ops. IF ops = <<>> - THEN <> + THEN <> \* Maintain and return the intermediate transformed operations. ELSE <> \o XformOpOpsX(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation sequence ops *) -(* against an operation op. *) -(***************************************************************************) -XformOpsOp(xform(_, _), ops, op) == + +XformOpsOp(xform(_, _), ops, op) == \* Transform an operation sequence ops against an operation op. LET opX == XformOpOpsX(xform, op, ops) IN [i \in 1 .. Len(ops) |-> xform(ops[i], opX[i])] -(***************************************************************************) -(* Iteratively/recursively transforms an operation sequence ops1 *) -(* against another operation sequence ops2. *) -(* *) -(* See also Definition 2.13 of the paper "Imine @ TCS06". *) -(***************************************************************************) +(* +Transforms an operation sequence ops1 against another operation sequence ops2; +see Definition 2.13 of the paper "Imine@TCS06". +*) RECURSIVE XformOpsOps(_, _,_) -XformOpsOps(xform(_, _), ops1, ops2) == +XformOpsOps(xform(_, _), ops1, ops2) == IF ops2 = <<>> THEN ops1 ELSE XformOpsOps(xform, XformOpsOp(xform, ops1, Head(ops2)), Tail(ops2)) ============================================================================= \* Modification History -\* Last modified Fri Dec 28 14:58:58 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:45:16 CST 2018 by hengxin \* Created Sun Jun 24 15:57:48 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/OpOperators.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/OpOperators.tla index 6131506..2989bbe 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/OpOperators.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiter.toolbox/Compactness/OpOperators.tla @@ -1,39 +1,23 @@ ---------------------------- MODULE OpOperators ---------------------------- -(***************************************************************************) -(* Operators for Op. *) -(***************************************************************************) +(* +Operators for Op. +*) EXTENDS Naturals, Sequences, SequenceUtils - -Nop == PickNone(Nat) ----------------------------------------------------------------------------- -(*********************************************************************) -(* The "Apply" operator which applies an operation op on the list l. *) -(* *) -(* Del: If pos > Len(l), the last element of l is deleted. *) -(* This is realized by the DeleteElement operator. *) -(* Ins: If pos > Len(l), the new element is appended to l. *) -(* This is realized by the InsertElement operator. *) -(*********************************************************************) -Apply(op, l) == CASE op = Nop -> l - [] op.type = "Rd" -> l - [] op.type = "Del" -> DeleteElement(l, op.pos) - [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) -(*********************************************************************) -(* The "ApplyOps" operator which applies an operation sequence ops *) -(* on the list l. *) -(*********************************************************************) -RECURSIVE ApplyOps(_, _) +Nop == PickNone(Nat) + +Apply(op, l) == \* Apply an operation op on the list l. + CASE op = Nop -> l + [] op.type = "Rd" -> l + [] op.type = "Del" -> DeleteElement(l, op.pos) \* Last(l) is deleted if pos > Len(l) + [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) \* Append(l, ch) if pos > Len(l) + +RECURSIVE ApplyOps(_, _) \* Apply an operation sequence ops on the list l. ApplyOps(ops, l) == IF ops = <<>> THEN l ELSE Apply(Last(ops), ApplyOps(AllButLast(ops), l)) ------------------------------------------------------------------------------ -(*********************************************************************) -(* Check whether an operation op is legal with respect to the list l.*) -(*********************************************************************) -IsLegalOp(op, l) == CASE op.type = "Del" -> op.pos <= Len(l) - [] op.type = "Ins" -> op.pos <= Len(l) + 1 ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:14:35 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:21:16 CST 2018 by hengxin \* Created Tue Aug 28 14:58:54 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.pdf index e37fae8..ef8cf96 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.tla index c995283..73a849a 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.tla @@ -26,7 +26,7 @@ FairnessH == SpecH == InitH /\ [][NextH]_varsH \* /\ FairenessH ------------------------------------------------------------- -WLSpec == \* the weak list specification +WLSpec == \* The weak list specification Comm(Cop)!EmptyChannel => \A l1, l2 \in list: /\ Injective(l1) @@ -36,5 +36,5 @@ WLSpec == \* the weak list specification THEOREM SpecH => WLSpec ============================================================================= \* Modification History -\* Last modified Mon Dec 31 18:58:29 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:37:52 CST 2018 by hengxin \* Created Tue Oct 09 09:28:48 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.toolbox/CJupiterH.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.toolbox/CJupiterH.pdf index e37fae8..ef8cf96 100755 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.toolbox/CJupiterH.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.toolbox/CJupiterH.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.toolbox/CJupiterH.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.toolbox/CJupiterH.tex index 8deca35..a2ee389 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.toolbox/CJupiterH.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterH.toolbox/CJupiterH.tex @@ -985,7 +985,7 @@ \@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}}}\midbar\@xx{}% \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}} WLSpec \.{\defeq}}% \@y{\@s{0}% - the weak list specification + The weak list specification }% \@xx{}% \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{16.4} Comm ( Cop ) @@ -1009,7 +1009,7 @@ \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} - \ensuremath{Dec} 31 18:58:29 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{Dec} 31 20:37:52 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.pdf index d80ff49..e24e160 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/.project b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/.project index 0dc30da..dced28a 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/.project +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/.project @@ -43,7 +43,7 @@ GraphsUtil.tla 1 - /home/hengxin/Documents/ubuntu/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/GraphsUtil.tla + PARENT-1-PROJECT_LOC/GraphsUtil.tla JupiterCtx.tla @@ -83,7 +83,7 @@ StateSpace.tla 1 - /home/hengxin/Documents/ubuntu/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/StateSpace.tla + PARENT-1-PROJECT_LOC/StateSpace.tla diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter.pdf index d80ff49..e24e160 100755 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/AbsJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/AbsJupiter.tla old mode 100755 new mode 100644 index 866e369..3aaa1b8 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/AbsJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/AbsJupiter.tla @@ -1,7 +1,6 @@ ----------------------------- MODULE AbsJupiter ----------------------------- (* -Abstract Jupiter, inspired by the COT algorithm proposed by Sun and Sun. -See their paper published on TPDS'2009. +Abstract Jupiter, inspired by the COT algorithm proposed by Sun and Sun; see TPDS'2009. *) EXTENDS JupiterSerial ----------------------------------------------------------------------------- @@ -28,58 +27,39 @@ RECURSIVE xForm(_, _) xForm(cop, r) == LET ctxDiff == ds[r] \ cop.ctx \* THEOREM: cop.ctx \subseteq ds[r] RECURSIVE xFormHelper(_, _, _) - xFormHelper(coph, ctxDiffh, copssr) == \* 'h' stands for "helper" - IF ctxDiffh = {} - THEN <> - ELSE LET foph == CHOOSE op \in ctxDiffh: \* the first op (specifically, oid) in serial - \A opprime \in ctxDiffh: - opprime # op => tb(op, opprime, serial[r]) + xFormHelper(coph, ctxDiffh, copssr) == \* copssr: state space generated during transformation + IF ctxDiffh = {} THEN [xcop |-> coph, xcopss |-> copssr] + ELSE LET foph == CHOOSE op \in ctxDiffh: \* the first op in serial + \A opprime \in ctxDiffh \ {op}: tb(op, opprime, serial[r]) fcophDict == {op \in copssr: op.oid = foph /\ op.ctx = coph.ctx} fcoph == CHOOSE op \in fcophDict: TRUE \* THEOREM: Cardinality(fophDict) = 1 - cophx == COT(coph, fcoph) - fcophx == COT(fcoph, coph) - IN xFormHelper(cophx, ctxDiffh \ {foph}, copssr \cup {cophx, fcophx}) + xcoph == COT(coph, fcoph) + xfcoph == COT(fcoph, coph) + IN xFormHelper(xcoph, ctxDiffh \ {foph}, copssr \cup {xcoph, xfcoph}) IN xFormHelper(cop, ctxDiff, copss[r]) Perform(cop, r) == - LET xform == xForm(cop, r) \* <> - xcop == xform[1] - xcopssr == xform[2] - IN /\ state' = [state EXCEPT ![r] = Apply(xcop.op, @)] - /\ copss' = [copss EXCEPT ![r] = xcopssr \cup {cop}] + LET xform == xForm(cop, r) \* [xcop, xcopss] + IN /\ state' = [state EXCEPT ![r] = Apply(xform.xcop.op, @)] + /\ copss' = [copss EXCEPT ![r] = xform.xcopss \cup {cop}] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) -DoOp(c, op) == \* op: the raw operation generated by the client c \in Client - /\ LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] - IN /\ Perform(cop, c) - /\ UpdateDS(c, cop) - /\ Comm(Cop)!CSend(cop) - -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins +DoOp(c, op) == \* Client c \in Client processes a locally generated operation op. + LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] + IN /\ Perform(cop, c) + /\ Comm(Cop)!CSend(cop) Do(c) == /\ DoCtx(c) /\ DoSerial(c) - /\ \/ DoIns(c) - \/ DoDel(c) ------------------------------------------------------------------------------ + /\ DoInt(DoOp, c) + Rev(c) == /\ Comm(Cop)!CRev(c) /\ Perform(Head(cincoming[c]), c) /\ RevSerial(c) /\ RevCtx(c) - /\ UNCHANGED chins ------------------------------------------------------------------------------ + /\ RevInt(c) + SRev == /\ Comm(Cop)!SRev /\ LET cop == Head(sincoming) @@ -87,7 +67,7 @@ SRev == /\ Comm(Cop)!SSendSame(cop.oid.c, cop) /\ SRevSerial /\ SRevCtx - /\ UNCHANGED chins + /\ SRevInt ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) @@ -104,5 +84,5 @@ Compactness == THEOREM Spec => Compactness ============================================================================= \* Modification History -\* Last modified Tue Dec 18 22:10:07 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:49 CST 2018 by hengxin \* Created Wed Dec 05 19:55:52 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/CJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/CJupiter.tla old mode 100755 new mode 100644 index 5602bb4..46c06a5 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/CJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/CJupiter.tla @@ -2,32 +2,19 @@ (* Model of our own CJupiter protocol. *) -EXTENDS JupiterSerial +EXTENDS StateSpace, JupiterSerial ----------------------------------------------------------------------------- VARIABLES css \* css[r]: the n-ary ordered state space at replica r \in Replica vars == <> ----------------------------------------------------------------------------- -(* -A css is a directed graph with labeled edges, -represented by a record with node field and edge field. -Each node is characterized by its context, a set of oids. -Each edge is labeled with an operation. -*) -IsCSS(G) == - /\ G = [node |-> G.node, edge |-> G.edge] - /\ G.node \subseteq (SUBSET Oid) - /\ G.edge \subseteq [from: G.node, to: G.node, cop: Cop] - -EmptySS == [node |-> {{}}, edge |-> {}] - TypeOK == /\ TypeOKInt /\ TypeOKCtx /\ TypeOKSerial /\ Comm(Cop)!TypeOK - /\ \A r \in Replica: IsCSS(css[r]) + /\ \A r \in Replica: IsSS(css[r]) ----------------------------------------------------------------------------- Init == /\ InitInt @@ -37,14 +24,6 @@ Init == /\ css = [r \in Replica |-> EmptySS] ----------------------------------------------------------------------------- (* -Locate the node in rcss (the css at replica r \in Replica) that matches the context ctx of cop. -*) -Locate(cop, rcss) == CHOOSE n \in rcss.node : n = cop.ctx -(* -Take union of two state spaces ss1 and ss2. -*) -ss1 (+) ss2 == [node |-> ss1.node \cup ss2.node, edge |-> ss1.edge \cup ss2.edge] -(* xForm: Iteratively transform cop with a path through the css at replica r \in Replica, following the first edges. *) @@ -52,73 +31,46 @@ xForm(cop, r) == LET rcss == css[r] u == Locate(cop, rcss) v == u \cup {cop.oid} - RECURSIVE xFormHelper(_, _, _, _, _) - \* 'h' stands for "helper"; xcss: eXtra css created during transformation - xFormHelper(uh, vh, coph, xcss, xcoph) == - IF uh = ds[r] - THEN <> + RECURSIVE xFormHelper(_, _, _, _) + xFormHelper(uh, vh, coph, xcss) == \* xcss: eXtra css created during transformation + IF uh = ds[r] THEN [xcss |-> xcss, xcop |-> coph] ELSE LET fedge == CHOOSE e \in rcss.edge: /\ e.from = uh - /\ \A uhe \in rcss.edge: - (uhe.from = uh /\ uhe # e) => tb(e.cop.oid, uhe.cop.oid, serial[r]) + /\ \A uhe \in rcss.edge \ {e}: + (uhe.from = uh) => tb(e.cop.oid, uhe.cop.oid, serial[r]) uprime == fedge.to fcop == fedge.cop coph2fcop == COT(coph, fcop) fcop2coph == COT(fcop, coph) vprime == vh \cup {fcop.oid} - IN xFormHelper(uprime, vprime, coph2fcop, - [xcss EXCEPT !.node = @ \cup {vprime}, - !.edge = @ \cup {[from |-> vh, to |-> vprime, cop |-> fcop2coph], - [from |-> uprime, to |-> vprime, cop |-> coph2fcop]}], - coph2fcop) - IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}], cop) -(* -Perform cop at replica r \in Replica. -*) -Perform(cop, r) == - LET xform == xForm(cop, r) \* xform: <> - xcss == xform[1] - xcop == xform[2] - IN /\ css' = [css EXCEPT ![r] = @ (+) xcss] - /\ state' = [state EXCEPT ![r] = Apply(xcop.op, @)] + IN xFormHelper(uprime, vprime, coph2fcop, + xcss (+) [node |-> {vprime}, + edge |-> {[from |-> vh, to |-> vprime, cop |-> fcop2coph], + [from |-> uprime, to |-> vprime, cop |-> coph2fcop]}]) + IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) + +Perform(cop, r) == \* Perform cop at replica r \in Replica. + LET xform == xForm(cop, r) \* xform: [xcss, xcop] + IN /\ css' = [css EXCEPT ![r] = @ (+) xform.xcss] + /\ state' = [state EXCEPT ![r] = Apply(xform.xcop.op, @)] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) -DoOp(c, op) == \* op: the raw operation generated by the client c \in Client +DoOp(c, op) == /\ LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] IN /\ Perform(cop, c) - /\ UpdateDS(c, cop) /\ Comm(Cop)!CSend(cop) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - Do(c) == /\ DoCtx(c) /\ DoSerial(c) - /\ \/ DoIns(c) - \/ DoDel(c) -(* -Client c \in Client receives a message from the Server. -*) + /\ DoInt(DoOp, c) + Rev(c) == /\ Comm(Cop)!CRev(c) /\ Perform(Head(cincoming[c]), c) /\ RevSerial(c) /\ RevCtx(c) - /\ UNCHANGED chins ------------------------------------------------------------------------------ -(* -The Server receives a message. -*) + /\ RevInt(c) + SRev == /\ Comm(Cop)!SRev /\ LET cop == Head(sincoming) @@ -126,27 +78,22 @@ SRev == /\ Comm(Cop)!SSendSame(cop.oid.c, cop) \* broadcast the original operation /\ SRevSerial /\ SRevCtx - /\ UNCHANGED chins + /\ SRevInt ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) \/ SRev -(* -Fairness: There is no requirement that the clients ever generate operations. -*) -Fairness == + +Fairness == \* There is no requirement that the clients ever generate operations. WF_vars(SRev \/ \E c \in Client: Rev(c)) Spec == Init /\ [][Next]_vars \* /\ Fairness (We care more about safety.) ----------------------------------------------------------------------------- -(* -The compactness of CJupiter: the CSSes at all replicas are the same. -*) -Compactness == +Compactness == \* Compactness of CJupiter: the CSSes at all replicas are the same. Comm(Cop)!EmptyChannel => Cardinality(Range(css)) = 1 THEOREM Spec => Compactness ============================================================================= \* Modification History -\* Last modified Tue Dec 18 22:31:40 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:36:31 CST 2018 by hengxin \* Created Sat Sep 01 11:08:00 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/CJupiterImplAbsJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/CJupiterImplAbsJupiter.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/CSComm.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/CSComm.tla old mode 100755 new mode 100644 index 7a0691d..7cd4728 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/CSComm.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/CSComm.tla @@ -5,9 +5,9 @@ Specification of communication in a Client-Server system model. EXTENDS SequenceUtils ----------------------------------------------------------------------------- CONSTANTS - Client, \* the set of clients - Server, \* the (unique) server - Msg \* the set of possible messages + Client, \* the set of clients + Server, \* the (unique) server + Msg \* the set of messages ----------------------------------------------------------------------------- VARIABLES cincoming, \* cincoming[c]: incoming channel at client c \in Client @@ -23,44 +23,32 @@ Init == EmptyChannel == Init ----------------------------------------------------------------------------- -(* -A client sends a message msg to the Server. -*) -CSend(msg) == +CSend(msg) == \* A client sends a message msg to the Server. /\ sincoming' = Append(sincoming, msg) /\ UNCHANGED cincoming -(* -Client c receives a message from the Server. -*) -CRev(c) == + +CRev(c) == \* Client c receives and consumes a message from the Server. /\ cincoming[c] # <<>> - /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] \* consume a message + /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] /\ UNCHANGED sincoming ----------------------------------------------------------------------------- (* SRev/SSend below is often used as a subaction. No UNCHANGED in their definitions. *) -(* -The Server receives a message. -*) -SRev == +SRev == \* The Server receives and consumes a message. /\ sincoming # <<>> - /\ sincoming' = Tail(sincoming) \* consume a message -(* -The Server sents a message cmsg to each client other than c \in Client. -*) -SSend(c, cmsg) == + /\ sincoming' = Tail(sincoming) + +SSend(c, cmsg) == \* The Server sents a message cmsg to each client other than c \in Client. /\ cincoming' = [cl \in Client |-> IF cl = c THEN cincoming[cl] ELSE Append(cincoming[cl], cmsg[cl])] -(* -The Server broadcasts the same message msg to all Clients other than c \in Client. -*) -SSendSame(c, msg) == + +SSendSame(c, msg) == \* The Server broadcasts the message msg to all clients other than c \in Client. /\ SSend(c, [cl \in Client |-> msg]) ============================================================================= \* Modification History -\* Last modified Tue Dec 04 20:49:02 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:04:29 CST 2018 by hengxin \* Created Sun Jun 24 10:25:34 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/FunctionUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/FunctionUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/GraphsUtil.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/GraphsUtil.tla new file mode 100644 index 0000000..823e17a --- /dev/null +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/GraphsUtil.tla @@ -0,0 +1,17 @@ +----------------------------- MODULE GraphsUtil ----------------------------- +(* +A graph is a pair consisting of a set of nodes +and a set of directed edges, each of which is a pair of nodes. +It is represented by a record with node field and edge field. +*) +IsGraph(G) == + /\ G = [node |-> G.node, edge |-> G.edge] + +EmptyGraph == [node |-> {{}}, edge |-> {}] + +g (+) h == \* A union (in terms of set) of two graphs g and h. + [node |-> g.node \cup h.node, edge |-> g.edge \cup h.edge] +============================================================================= +\* Modification History +\* Last modified Mon Dec 31 19:47:39 CST 2018 by hengxin +\* Created Wed Dec 19 11:11:25 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterCtx.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterCtx.tla old mode 100755 new mode 100644 index d0f38b6..151b007 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterCtx.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterCtx.tla @@ -14,11 +14,13 @@ ctxVars == <> Oid == [c: Client, seq: Nat] \* operation identifier Cop == [op: Op \cup {Nop}, oid: Oid, ctx: SUBSET Oid] \* contexted-based op +ClientOf(cop) == cop.oid.c + COT(lcop, rcop) == \* OT of two Cop(s). [lcop EXCEPT !.op = Xform(lcop.op, rcop.op), !.ctx = @ \cup {rcop.oid}] -UpdateDS(r, cop) == \* update ds to include new Cop (in terms of oid) - ds' = [ds EXCEPT ![r] = @ \cup {cop.oid}] +UpdateDS(r, oid) == \* update ds[r] to include new oid \in Oid + ds' = [ds EXCEPT ![r] = @ \cup {oid}] ----------------------------------------------------------------------------- TypeOKCtx == /\ cseq \in [Client -> Nat] @@ -30,16 +32,16 @@ InitCtx == DoCtx(c) == /\ cseq' = [cseq EXCEPT ![c] = @ + 1] - \* /\ don't know the generated cop; no way to update ds + /\ UpdateDS(c, [c |-> c, seq |-> cseq'[c]]) RevCtx(c) == - /\ UpdateDS(c, Head(cincoming[c])) + /\ UpdateDS(c, Head(cincoming[c]).oid) /\ UNCHANGED cseq SRevCtx == - /\ UpdateDS(Server, Head(sincoming)) + /\ UpdateDS(Server, Head(sincoming).oid) /\ UNCHANGED cseq ============================================================================= \* Modification History -\* Last modified Tue Dec 18 22:21:38 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:52:44 CST 2018 by hengxin \* Created Wed Dec 05 20:03:50 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterInterface.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterInterface.tla old mode 100755 new mode 100644 index d39304a..148bcf2 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterInterface.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterInterface.tla @@ -6,9 +6,9 @@ the interface of a family of Jupiter specs. EXTENDS Integers, SequenceUtils, OT ----------------------------------------------------------------------------- CONSTANTS + Char, \* the set of characters Client, \* the set of client replicas Server, \* the (unique) server replica - Char, \* the set of characters allowed to be inserted InitState \* the initial state of each replica ASSUME \* We assume that all inserted elements are unique. @@ -32,14 +32,6 @@ MaxLen == Cardinality(Char) + Len(InitState) \* the max length of lists in any s ClientNum == Cardinality(Client) Priority == CHOOSE f \in [Client -> 1 .. ClientNum] : Injective(f) ----------------------------------------------------------------------------- -TypeOKInt == - /\ state \in [Replica -> List] - /\ chins \subseteq Char - -InitInt == - /\ state = [r \in Replica |-> InitState] - /\ chins = Char ------------------------------------------------------------------------------ (* The set of all operations. Note: The positions are indexed from 1. *) @@ -48,7 +40,37 @@ Del == [type: {"Del"}, pos: 1 .. MaxLen] Ins == [type: {"Ins"}, pos: 1 .. (MaxLen + 1), ch: Char, pr: 1 .. ClientNum] \* pr: priority Op == Ins \cup Del \* Now we don't consider Rd operations +----------------------------------------------------------------------------- +TypeOKInt == + /\ state \in [Replica -> List] + /\ chins \subseteq Char + +InitInt == + /\ state = [r \in Replica |-> InitState] + /\ chins = Char + +DoIns(DoOp(_, _), c) == \* Client c \in Client generates an "Ins" operation. + \E ins \in {op \in Ins: + /\ op.pos \in 1 .. (Len(state[c]) + 1) + /\ op.ch \in chins /\ op.pr = Priority[c]}: + /\ DoOp(c, ins) + /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. + +DoDel(DoOp(_, _), c) == \* Client c \in Client generates a "Del" operation. + \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: + /\ DoOp(c, del) + /\ UNCHANGED chins + +DoInt(DoOp(_, _), c) == \* Client c \in Client issues an operation. + \/ DoIns(DoOp, c) + \/ DoDel(DoOp, c) + +RevInt(c) == \* Client c \in Client receives a message from the Server. + /\UNCHANGED chins + +SRevInt == \* The Server receives a message. + /\ UNCHANGED chins ============================================================================= \* Modification History -\* Last modified Wed Dec 12 20:20:43 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:25 CST 2018 by hengxin \* Created Tue Dec 04 19:01:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterSerial.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterSerial.tla old mode 100755 new mode 100644 index d766fce..d3bd0bd --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterSerial.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/JupiterSerial.tla @@ -30,7 +30,7 @@ commSerial == INSTANCE CSComm WITH Msg <- Seq(Oid), TypeOKSerial == /\ serial \in [Replica -> Seq(Oid)] /\ commSerial!TypeOK ------------------------------------------------------------------------------ + InitSerial == /\ serial = [r \in Replica |-> <<>>] /\ commSerial!Init @@ -44,10 +44,10 @@ RevSerial(c) == SRevSerial == /\ LET cop == Head(sincoming) - IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] + IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] /\ commSerial!SSendSame(cop.oid.c, serial'[Server]) /\ UNCHANGED <> ============================================================================= \* Modification History -\* Last modified Wed Dec 12 21:04:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:54:56 CST 2018 by hengxin \* Created Wed Dec 05 21:03:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/MC.cfg b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/MC.cfg old mode 100755 new mode 100644 index 560da28..785dcd6 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/MC.cfg +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/MC.cfg @@ -8,24 +8,24 @@ c1 = c1 c2 = c2 \* MV CONSTANT definitions CONSTANT -Char <- const_154514435688116000 +Char <- const_154626108272630000 \* MV CONSTANT definitions CONSTANT -Client <- const_154514435688117000 +Client <- const_154626108272631000 \* CONSTANT declarations CONSTANT Server = Server \* SYMMETRY definition -SYMMETRY symm_154514435688118000 +SYMMETRY symm_154626108272632000 \* CONSTANT definitions CONSTANT -InitState <- const_154514435688119000 +InitState <- const_154626108272633000 \* CONSTANT definition CONSTANT -Nop <- [OpOperators]def_ov_154514435688120000 def_ov_154514435688120000 = Nop +Nop <- [OpOperators]def_ov_154626108272634000 def_ov_154626108272634000 = Nop \* SPECIFICATION definition SPECIFICATION -spec_154514435688121000 +spec_154626108272635000 \* PROPERTY definition PROPERTY -prop_154514435688122000 -\* Generated on Tue Dec 18 22:45:56 CST 2018 \ No newline at end of file +prop_154626108272636000 +\* Generated on Mon Dec 31 20:58:02 CST 2018 \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/MC.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/MC.tla old mode 100755 new mode 100644 index 317509a..931297e --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/MC.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/MC.tla @@ -12,36 +12,36 @@ c1, c2 ---- \* MV CONSTANT definitions Char -const_154514435688116000 == +const_154626108272630000 == {a, b} ---- \* MV CONSTANT definitions Client -const_154514435688117000 == +const_154626108272631000 == {c1, c2} ---- \* SYMMETRY definition -symm_154514435688118000 == -Permutations(const_154514435688116000) +symm_154626108272632000 == +Permutations(const_154626108272630000) ---- \* CONSTANT definitions @modelParameterConstants:1InitState -const_154514435688119000 == +const_154626108272633000 == <<>> ---- \* CONSTANT definition @modelParameterDefinitions:0 -CONSTANT def_ov_154514435688120000 +CONSTANT def_ov_154626108272634000 ---- \* SPECIFICATION definition @modelBehaviorSpec:0 -spec_154514435688121000 == +spec_154626108272635000 == Spec ---- \* PROPERTY definition @modelCorrectnessProperties:0 -prop_154514435688122000 == +prop_154626108272636000 == AbsJ!Spec ---- ============================================================================= \* Modification History -\* Created Tue Dec 18 22:45:56 CST 2018 by hengxin +\* Created Mon Dec 31 20:58:02 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/OT.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/OT.tla old mode 100755 new mode 100644 index 0290846..4980ff3 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/OT.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/OT.tla @@ -1,21 +1,11 @@ --------------------------------- MODULE OT --------------------------------- -(***************************************************************************) -(* Specification of OT (Operational Transformation) functions. *) -(* It consists of the basic OT functions for two operations and *) -(* more general ones involving operation sequences. *) -(***************************************************************************) +(* +This module contains the basic OT (Operational Transformation) functions +for two operations and general ones involving operation sequences. +*) EXTENDS OpOperators, SetUtils ----------------------------------------------------------------------------- -(***************************************************************************) -(* OT (Operational Transformation) functions. *) -(* *) -(* Naming convention: I for "Ins" and D for "Del". *) -(***************************************************************************) - -(***************************************************************************) -(* The left "Ins" lins transformed against the right "Ins" rins. *) -(***************************************************************************) -XformII(lins, rins) == +XformII(lins, rins) == \* lins is transformed against rins IF lins.pos < rins.pos THEN lins ELSE IF lins.pos > rins.pos @@ -26,89 +16,58 @@ XformII(lins, rins) == THEN [lins EXCEPT !.pos = @+1] ELSE lins -(***************************************************************************) -(* The left "Ins" ins transformed against the right "Del" del. *) -(***************************************************************************) -XformID(ins, del) == +XformID(ins, del) == \* ins is transformed against del IF ins.pos <= del.pos THEN ins ELSE [ins EXCEPT !.pos = @-1] -(***************************************************************************) -(* The left "Del" del transformed against the right "Ins" ins. *) -(***************************************************************************) -XformDI(del, ins) == +XformDI(del, ins) == \* del is transformed against ins IF del.pos < ins.pos THEN del ELSE [del EXCEPT !.pos = @+1] -(***************************************************************************) -(* The left "Del" ldel transformed against the right "Del" rdel. *) -(***************************************************************************) -XformDD(ldel, rdel) == +XformDD(ldel, rdel) == \* ldel is transformed against rdel IF ldel.pos < rdel.pos THEN ldel ELSE IF ldel.pos > rdel.pos THEN [ldel EXCEPT !.pos = @-1] ELSE Nop ------------------------------------------------------------------------------ -(***************************************************************************) -(* Transform the left operation lop against the right operation rop *) -(* with appropriate OT function. *) -(***************************************************************************) -Xform(lop, rop) == + +Xform(lop, rop) == \* lop is transformed against rop CASE lop = Nop \/ rop = Nop -> lop [] lop.type = "Ins" /\ rop.type = "Ins" -> XformII(lop, rop) [] lop.type = "Ins" /\ rop.type = "Del" -> XformID(lop, rop) [] lop.type = "Del" /\ rop.type = "Ins" -> XformDI(lop, rop) [] lop.type = "Del" /\ rop.type = "Del" -> XformDD(lop, rop) ----------------------------------------------------------------------------- -(***************************************************************************) -(* Generalized OT functions on operation sequences. *) -(***************************************************************************) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(***************************************************************************) -RECURSIVE XformOpOps(_,_) -XformOpOps(op, ops) == - IF ops = <<>> - THEN op - ELSE XformOpOps(Xform(op, Head(ops)), Tail(ops)) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(* Being different from XformOpOps, *) -(* XformOpOpsX maintains the intermediate transformed operation *) -(***************************************************************************) -RECURSIVE XformOpOpsX(_,_) -XformOpOpsX(op, ops) == - IF ops = <<>> - THEN <> - ELSE <> \o XformOpOpsX(Xform(op, Head(ops)), Tail(ops)) +(* +Generalized OT functions on operation sequences. +*) +RECURSIVE XformOpOps(_, _, _) +XformOpOps(xform(_,_), op, ops) == \* Transform an operation op against an operation sequence ops. + IF ops = <<>> + THEN op + ELSE XformOpOps(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation sequence ops *) -(* against an operation op. *) -(***************************************************************************) -XformOpsOp(ops, op) == - LET opX == XformOpOpsX(op, ops) - IN [i \in 1 .. Len(ops) |-> Xform(ops[i], opX[i])] +RECURSIVE XformOpOpsX(_, _,_) +XformOpOpsX(xform(_, _), op, ops) == \* Transform an operation op against an operation sequence ops. + IF ops = <<>> + THEN <> \* Maintain and return the intermediate transformed operations. + ELSE <> \o XformOpOpsX(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms an operation sequence ops1 *) -(* against another operation sequence ops2. *) -(* *) -(* See also Definition 2.13 of the paper "Imine @ TCS06". *) -(***************************************************************************) -RECURSIVE XformOpsOps(_,_) -XformOpsOps(ops1, ops2) == +XformOpsOp(xform(_, _), ops, op) == \* Transform an operation sequence ops against an operation op. + LET opX == XformOpOpsX(xform, op, ops) + IN [i \in 1 .. Len(ops) |-> xform(ops[i], opX[i])] +(* +Transforms an operation sequence ops1 against another operation sequence ops2; +see Definition 2.13 of the paper "Imine@TCS06". +*) +RECURSIVE XformOpsOps(_, _,_) +XformOpsOps(xform(_, _), ops1, ops2) == IF ops2 = <<>> THEN ops1 - ELSE XformOpsOps(XformOpsOp(ops1, Head(ops2)), Tail(ops2)) + ELSE XformOpsOps(xform, XformOpsOp(xform, ops1, Head(ops2)), Tail(ops2)) ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:13:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:45:16 CST 2018 by hengxin \* Created Sun Jun 24 15:57:48 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/OpOperators.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/OpOperators.tla old mode 100755 new mode 100644 index 6131506..2989bbe --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/OpOperators.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/OpOperators.tla @@ -1,39 +1,23 @@ ---------------------------- MODULE OpOperators ---------------------------- -(***************************************************************************) -(* Operators for Op. *) -(***************************************************************************) +(* +Operators for Op. +*) EXTENDS Naturals, Sequences, SequenceUtils - -Nop == PickNone(Nat) ----------------------------------------------------------------------------- -(*********************************************************************) -(* The "Apply" operator which applies an operation op on the list l. *) -(* *) -(* Del: If pos > Len(l), the last element of l is deleted. *) -(* This is realized by the DeleteElement operator. *) -(* Ins: If pos > Len(l), the new element is appended to l. *) -(* This is realized by the InsertElement operator. *) -(*********************************************************************) -Apply(op, l) == CASE op = Nop -> l - [] op.type = "Rd" -> l - [] op.type = "Del" -> DeleteElement(l, op.pos) - [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) -(*********************************************************************) -(* The "ApplyOps" operator which applies an operation sequence ops *) -(* on the list l. *) -(*********************************************************************) -RECURSIVE ApplyOps(_, _) +Nop == PickNone(Nat) + +Apply(op, l) == \* Apply an operation op on the list l. + CASE op = Nop -> l + [] op.type = "Rd" -> l + [] op.type = "Del" -> DeleteElement(l, op.pos) \* Last(l) is deleted if pos > Len(l) + [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) \* Append(l, ch) if pos > Len(l) + +RECURSIVE ApplyOps(_, _) \* Apply an operation sequence ops on the list l. ApplyOps(ops, l) == IF ops = <<>> THEN l ELSE Apply(Last(ops), ApplyOps(AllButLast(ops), l)) ------------------------------------------------------------------------------ -(*********************************************************************) -(* Check whether an operation op is legal with respect to the list l.*) -(*********************************************************************) -IsLegalOp(op, l) == CASE op.type = "Del" -> op.pos <= Len(l) - [] op.type = "Ins" -> op.pos <= Len(l) + 1 ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:14:35 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:21:16 CST 2018 by hengxin \* Created Tue Aug 28 14:58:54 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/SequenceUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/SequenceUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/SetUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/SetUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/StateSpace.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/StateSpace.tla new file mode 100644 index 0000000..0e6c4bf --- /dev/null +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CJupiterImplAbsJupiter.toolbox/CJupiterImplAbsJupiter/StateSpace.tla @@ -0,0 +1,64 @@ +----------------------------- MODULE StateSpace ----------------------------- +(* +The graph representation of n-ary ordered state spaces and 2D state spaces +used in CJupiter and XJupiter, respectively. +*) +EXTENDS JupiterCtx, GraphsUtil +----------------------------------------------------------------------------- +(* +A state space is a directed graph with labeled edges. +Each node is characterized by its context, a set of operations. +Each edge is labeled with an operation. +*) +IsSS(G) == + /\ IsGraph(G) + /\ G.node \subseteq (SUBSET Oid) + /\ G.edge \subseteq [from: G.node, to: G.node, cop: Cop] + +EmptySS == EmptyGraph +(* +Locate the node in a state space that matches the context ctx of cop. +*) +Locate(cop, ss) == CHOOSE n \in ss.node : n = cop.ctx +(* +Do transformation on state space. +Return the extra state space. +*) +xFormSS(cop, copprime) == + LET u == cop.ctx + v == u \cup {cop.oid} + uprime == u \cup {copprime.oid} + vprime == u \cup {cop.oid, copprime.oid} + cop2copprime == COT(cop, copprime) + copprime2cop == COT(copprime, cop) + IN [node |-> {u, v, uprime, vprime}, + edge |-> {[from |-> u, to |-> v, cop |-> cop], + [from |-> u, to |-> uprime, cop |-> copprime], + [from |-> v, to |-> vprime, cop |-> copprime2cop], + [from |-> uprime, to |-> vprime, cop |-> cop2copprime]}] +(* +Transform cop against cops (a sequence of cops) on state space. +Return the extra state space. +*) +xFormCopCopsSS(cop, cops) == + LET RECURSIVE xFormCopCopsSSHelper(_, _, _) + xFormCopCopsSSHelper(coph, copsh, xss) == \* xss: the eXtra state space + LET u == coph.ctx + v == u \cup {coph.oid} + uvSS == [node |-> {u, v}, edge |-> {[from |-> u, to |-> v, cop |-> coph]}] + IN IF copsh = <<>> THEN [lss |-> uvSS, xss |-> xss (+) uvSS] + ELSE LET copprimeh == Head(copsh) + uprime == u \cup {copprimeh.oid} + vprime == u \cup {coph.oid, copprimeh.oid} + coph2copprimeh == COT(coph, copprimeh) + copprimeh2coph == COT(copprimeh, coph) + IN xFormCopCopsSSHelper(coph2copprimeh, Tail(copsh), + xss (+) [node |-> {u, v}, + edge |-> {[from |-> u, to |-> v, cop |-> coph], + [from |-> u, to |-> uprime, cop |-> copprimeh], + [from |-> v, to |-> vprime, cop |-> copprimeh2coph]}]) + IN xFormCopCopsSSHelper(cop, cops, EmptySS) +============================================================================= +\* Modification History +\* Last modified Sun Dec 30 17:18:32 CST 2018 by hengxin +\* Created Wed Dec 19 18:15:25 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.pdf index c5315df..69a240b 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.tla index 9eacafd..148bcf2 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.tla @@ -32,14 +32,6 @@ MaxLen == Cardinality(Char) + Len(InitState) \* the max length of lists in any s ClientNum == Cardinality(Client) Priority == CHOOSE f \in [Client -> 1 .. ClientNum] : Injective(f) ----------------------------------------------------------------------------- -TypeOKInt == - /\ state \in [Replica -> List] - /\ chins \subseteq Char - -InitInt == - /\ state = [r \in Replica |-> InitState] - /\ chins = Char ------------------------------------------------------------------------------ (* The set of all operations. Note: The positions are indexed from 1. *) @@ -48,7 +40,37 @@ Del == [type: {"Del"}, pos: 1 .. MaxLen] Ins == [type: {"Ins"}, pos: 1 .. (MaxLen + 1), ch: Char, pr: 1 .. ClientNum] \* pr: priority Op == Ins \cup Del \* Now we don't consider Rd operations +----------------------------------------------------------------------------- +TypeOKInt == + /\ state \in [Replica -> List] + /\ chins \subseteq Char + +InitInt == + /\ state = [r \in Replica |-> InitState] + /\ chins = Char + +DoIns(DoOp(_, _), c) == \* Client c \in Client generates an "Ins" operation. + \E ins \in {op \in Ins: + /\ op.pos \in 1 .. (Len(state[c]) + 1) + /\ op.ch \in chins /\ op.pr = Priority[c]}: + /\ DoOp(c, ins) + /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. + +DoDel(DoOp(_, _), c) == \* Client c \in Client generates a "Del" operation. + \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: + /\ DoOp(c, del) + /\ UNCHANGED chins + +DoInt(DoOp(_, _), c) == \* Client c \in Client issues an operation. + \/ DoIns(DoOp, c) + \/ DoDel(DoOp, c) + +RevInt(c) == \* Client c \in Client receives a message from the Server. + /\UNCHANGED chins + +SRevInt == \* The Server receives a message. + /\ UNCHANGED chins ============================================================================= \* Modification History -\* Last modified Mon Dec 31 18:51:58 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:25 CST 2018 by hengxin \* Created Tue Dec 04 19:01:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.toolbox/JupiterInterface.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.toolbox/JupiterInterface.pdf index c5315df..c3c6328 100755 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.toolbox/JupiterInterface.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.toolbox/JupiterInterface.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.toolbox/JupiterInterface.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.toolbox/JupiterInterface.tex index 623965b..b5d0924 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.toolbox/JupiterInterface.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.toolbox/JupiterInterface.tex @@ -1041,28 +1041,16 @@ {\CHOOSE} f \.{\in} [ Client \.{\rightarrow} 1 \.{\dotdot} ClientNum ] \.{:} Injective ( f )}% \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}} TypeOKInt \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}}\@s{16.4} \.{\land} state - \.{\in} [ Replica \.{\rightarrow} List ]}% - \@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}}\@s{16.4} \.{\land} chins - \.{\subseteq} Char}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}} InitInt \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}}\@s{16.4} \.{\land} - state\@s{2.11} \.{=} [ r \.{\in} Replica \.{\mapsto} InitState ]}% - \@x{\makebox[0pt][r]{\scriptsize 41\hspace{1em}}\@s{16.4} \.{\land} chins - \.{=} Char}% -\@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}}}\midbar\@xx{}% \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% The set of all operations. Note: The positions are indexed from 1. \end{cpar}% \end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}} Rd \.{\defeq} [ type \.{:} + \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}} Rd \.{\defeq} [ type \.{:} \{\@w{Rd} \} ]}% - \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}} Del \.{\defeq} [ type \.{:} + \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}} Del \.{\defeq} [ type \.{:} \{\@w{Del} \} ,\, pos \.{:} 1 \.{\dotdot} MaxLen ]}% - \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}} Ins\@s{1.35} \.{\defeq} [ + \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}} Ins\@s{1.35} \.{\defeq} [ type \.{:} \{\@w{Ins} \} ,\, pos\@s{2.27} \.{:} 1 \.{\dotdot} ( MaxLen \.{+} 1 ) ,\, ch \.{:} Char ,\, pr \.{:} 1 \.{\dotdot} ClientNum ]}% \@y{\@s{0}% @@ -1070,26 +1058,103 @@ }% \@xx{}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}} Op \.{\defeq} Ins \.{\cup} + \@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}} Op \.{\defeq} Ins \.{\cup} Del\@s{4.1}}% \@y{\@s{0}% Now we don\mbox{'}t consider \ensuremath{Rd} operations }% \@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}}\bottombar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 44\hspace{1em}} TypeOKInt \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}}\@s{16.4} \.{\land} state + \.{\in} [ Replica \.{\rightarrow} List ]}% + \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}}\@s{16.4} \.{\land} chins + \.{\subseteq} Char}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}} InitInt \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}}\@s{16.4} \.{\land} + state\@s{2.11} \.{=} [ r \.{\in} Replica \.{\mapsto} InitState ]}% + \@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}}\@s{16.4} \.{\land} chins + \.{=} Char}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}} DoIns ( DoOp ( \_ ,\, \_ ) + ,\, c ) \.{\defeq}}% +\@y{\@s{0}% + Client \ensuremath{c \.{\in} Client} generates an \ensuremath{\@w{Ins}} + operation. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{16.4} \E\, ins \.{\in} \{ + op \.{\in} Ins \.{:}}% + \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{70.50} \.{\land} op . pos + \.{\in} 1 \.{\dotdot} ( Len ( state [ c ] ) \.{+} 1 )}% + \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{70.50} \.{\land} op . ch + \.{\in} chins \.{\land} op . pr \.{=} Priority [ c ] \} \.{:}}% + \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c + ,\, ins )}% + \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{27.72} \.{\land} chins + \.{'} \.{=} chins \.{\,\backslash\,} \{ ins . ch \}}% +\@y{\@s{0}% + We assume that all inserted elements are unique. +}% +\@xx{}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}} DoDel ( DoOp ( \_ ,\, \_ ) + ,\, c ) \.{\defeq}}% +\@y{\@s{0}% + Client \ensuremath{c \.{\in} Client} generates a \ensuremath{\@w{Del}} + operation. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}}\@s{16.4} \E\, del \.{\in} \{ + op \.{\in} Del \.{:} op . pos \.{\in} 1 \.{\dotdot} Len ( state [ c ] ) \} + \.{:}}% + \@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c + ,\, del )}% + \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}}\@s{27.72} \.{\land} + {\UNCHANGED} chins}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}} DoInt ( DoOp ( \_ ,\, \_ ) + ,\, c ) \.{\defeq}}% +\@y{\@s{0}% + Client \ensuremath{c \.{\in} Client} issues an operation. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}}\@s{16.4} \.{\land} DoIns ( + DoOp ,\, c )}% + \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{16.4} \.{\land} DoDel ( + DoOp ,\, c )}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}} CRevInt ( c ) \.{\defeq}}% +\@y{\@s{0}% + Client \ensuremath{c \.{\in} Client} receives a message from the + \ensuremath{Server}. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{16.4} \.{\land} + {\UNCHANGED} chins}% +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}} SRevInt \.{\defeq}}% +\@y{\@s{0}% + The \ensuremath{Server} receives a message. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{16.4} \.{\land} + {\UNCHANGED} chins}% +\@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}}\bottombar\@xx{}% \setboolean{shading}{false} \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% -\ensuremath{\.{\,\backslash\,}}* Modification History +\ensuremath{\.{\,\backslash\,}\.{*}} Modification History \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} - \ensuremath{Dec} 31 18:51:58 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}\.{*} Last} modified \ensuremath{Mon} + \ensuremath{Dec} 31 20:19:23 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Created \ensuremath{Tue} \ensuremath{Dec} 04 - 19:01:01 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}\.{*}} Created \ensuremath{Tue} + \ensuremath{Dec} 04 19:01:01 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \end{lcom}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.pdf index a536fb8..90d34e3 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.tla index 7387569..cf2d58a 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.tla @@ -25,11 +25,7 @@ Init == /\ c2ss = [c \in Client |-> EmptySS] /\ s2ss = [c \in Client |-> EmptySS] ----------------------------------------------------------------------------- -(* -xForm: iteratively transform cop with a path -through the 2D state space ss at some client. -*) -xForm(cop, ss, cur) == +xForm(cop, ss, cur) == \* Transform cop with a path (i.e., operation sequence) through 2D state space ss. LET u == Locate(cop, ss) v == u \cup {cop.oid} RECURSIVE xFormHelper(_, _, _, _) @@ -47,72 +43,49 @@ xForm(cop, ss, cur) == [from |-> uprime, to |-> vprime, cop |-> coph2copprime]}]) IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) ----------------------------------------------------------------------------- -(* -Client c \in Client perform operation cop. -*) -ClientPerform(cop, c) == +ClientPerform(cop, c) == \* Client c \in Client perform operation cop. LET xform == xForm(cop, c2ss[c], ds[c]) \* xform: [xss, xcop] IN /\ c2ss' = [c2ss EXCEPT ![c] = @ (+) xform.xss] /\ state' = [state EXCEPT ![c] = Apply(xform.xcop.op, @)] -(* -Client c \in Client generates an operation op. -*) + DoOp(c, op) == LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] IN /\ ClientPerform(cop, c) /\ Comm(Cop)!CSend(cop) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - Do(c) == /\ DoCtx(c) - /\ \/ DoIns(c) - \/ DoDel(c) + /\ DoInt(DoOp, c) /\ UNCHANGED s2ss -(* -Client c \in Client receives a message from the Server. -*) + Rev(c) == /\ Comm(Cop)!CRev(c) - /\ LET cop == Head(cincoming[c]) - IN ClientPerform(cop, c) + /\ ClientPerform(Head(cincoming[c]), c) /\ RevCtx(c) - /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -The Server performs operation cop. -*) + /\ RevInt(c) + /\ UNCHANGED s2ss + ServerPerform(cop) == LET c == ClientOf(cop) scur == ds[Server] xform == xForm(cop, s2ss[c], scur) \* xform: [xss, xcop] xcop == xform.xcop xcur == scur \cup {cop.oid} - IN /\ s2ss' = [cl \in Client |-> + IN /\ s2ss' = [cl \in Client |-> IF cl = c THEN s2ss[cl] (+) xform.xss ELSE s2ss[cl] (+) [node |-> {xcur}, - edge |-> {[from |-> scur, to |-> xcur, cop |-> xcop]}] - ] - /\ state' = [state EXCEPT ![Server] = Apply(xcop.op, @)] - /\ Comm(Cop)!SSendSame(c, xcop) -(* -The Server receives a message. -*) + edge |-> {[from |-> scur, to |-> xcur, cop |-> xcop]}] + ] + /\ state' = [state EXCEPT ![Server] = Apply(xcop.op, @)] + /\ Comm(Cop)!SSendSame(c, xcop) + SRev == /\ Comm(Cop)!SRev - /\ LET cop == Head(sincoming) - IN ServerPerform(cop) + /\ ServerPerform(Head(sincoming)) /\ SRevCtx - /\ UNCHANGED <> + /\ SRevInt + /\ UNCHANGED c2ss ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) @@ -129,5 +102,5 @@ CSSync == \* Each client c \in Client is synchonized with the Server. THEOREM Spec => []CSSync ============================================================================= \* Modification History -\* Last modified Mon Dec 31 11:05:08 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:46:54 CST 2018 by hengxin \* Created Tue Oct 09 16:33:18 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/CSComm.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/CSComm.tla index 7a0691d..7cd4728 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/CSComm.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/CSComm.tla @@ -5,9 +5,9 @@ Specification of communication in a Client-Server system model. EXTENDS SequenceUtils ----------------------------------------------------------------------------- CONSTANTS - Client, \* the set of clients - Server, \* the (unique) server - Msg \* the set of possible messages + Client, \* the set of clients + Server, \* the (unique) server + Msg \* the set of messages ----------------------------------------------------------------------------- VARIABLES cincoming, \* cincoming[c]: incoming channel at client c \in Client @@ -23,44 +23,32 @@ Init == EmptyChannel == Init ----------------------------------------------------------------------------- -(* -A client sends a message msg to the Server. -*) -CSend(msg) == +CSend(msg) == \* A client sends a message msg to the Server. /\ sincoming' = Append(sincoming, msg) /\ UNCHANGED cincoming -(* -Client c receives a message from the Server. -*) -CRev(c) == + +CRev(c) == \* Client c receives and consumes a message from the Server. /\ cincoming[c] # <<>> - /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] \* consume a message + /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] /\ UNCHANGED sincoming ----------------------------------------------------------------------------- (* SRev/SSend below is often used as a subaction. No UNCHANGED in their definitions. *) -(* -The Server receives a message. -*) -SRev == +SRev == \* The Server receives and consumes a message. /\ sincoming # <<>> - /\ sincoming' = Tail(sincoming) \* consume a message -(* -The Server sents a message cmsg to each client other than c \in Client. -*) -SSend(c, cmsg) == + /\ sincoming' = Tail(sincoming) + +SSend(c, cmsg) == \* The Server sents a message cmsg to each client other than c \in Client. /\ cincoming' = [cl \in Client |-> IF cl = c THEN cincoming[cl] ELSE Append(cincoming[cl], cmsg[cl])] -(* -The Server broadcasts the same message msg to all Clients other than c \in Client. -*) -SSendSame(c, msg) == + +SSendSame(c, msg) == \* The Server broadcasts the message msg to all clients other than c \in Client. /\ SSend(c, [cl \in Client |-> msg]) ============================================================================= \* Modification History -\* Last modified Tue Dec 04 20:49:02 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:04:29 CST 2018 by hengxin \* Created Sun Jun 24 10:25:34 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/GraphsUtil.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/GraphsUtil.tla index 83ecccd..823e17a 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/GraphsUtil.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/GraphsUtil.tla @@ -1,9 +1,5 @@ ----------------------------- MODULE GraphsUtil ----------------------------- (* -A module that defines graphs and the operations on them. -*) ------------------------------------------------------------------------------ -(* A graph is a pair consisting of a set of nodes and a set of directed edges, each of which is a pair of nodes. It is represented by a record with node field and edge field. @@ -17,5 +13,5 @@ g (+) h == \* A union (in terms of set) of two graphs g and h. [node |-> g.node \cup h.node, edge |-> g.edge \cup h.edge] ============================================================================= \* Modification History -\* Last modified Wed Dec 19 18:22:46 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:47:39 CST 2018 by hengxin \* Created Wed Dec 19 11:11:25 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/JupiterCtx.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/JupiterCtx.tla index 25e92f5..151b007 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/JupiterCtx.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/JupiterCtx.tla @@ -19,7 +19,7 @@ ClientOf(cop) == cop.oid.c COT(lcop, rcop) == \* OT of two Cop(s). [lcop EXCEPT !.op = Xform(lcop.op, rcop.op), !.ctx = @ \cup {rcop.oid}] -UpdateDS(r, oid) == \* update ds to include new oid \in Oid +UpdateDS(r, oid) == \* update ds[r] to include new oid \in Oid ds' = [ds EXCEPT ![r] = @ \cup {oid}] ----------------------------------------------------------------------------- TypeOKCtx == @@ -43,5 +43,5 @@ SRevCtx == /\ UNCHANGED cseq ============================================================================= \* Modification History -\* Last modified Fri Dec 28 14:38:39 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:52:44 CST 2018 by hengxin \* Created Wed Dec 05 20:03:50 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/JupiterInterface.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/JupiterInterface.tla index d39304a..148bcf2 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/JupiterInterface.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/JupiterInterface.tla @@ -6,9 +6,9 @@ the interface of a family of Jupiter specs. EXTENDS Integers, SequenceUtils, OT ----------------------------------------------------------------------------- CONSTANTS + Char, \* the set of characters Client, \* the set of client replicas Server, \* the (unique) server replica - Char, \* the set of characters allowed to be inserted InitState \* the initial state of each replica ASSUME \* We assume that all inserted elements are unique. @@ -32,14 +32,6 @@ MaxLen == Cardinality(Char) + Len(InitState) \* the max length of lists in any s ClientNum == Cardinality(Client) Priority == CHOOSE f \in [Client -> 1 .. ClientNum] : Injective(f) ----------------------------------------------------------------------------- -TypeOKInt == - /\ state \in [Replica -> List] - /\ chins \subseteq Char - -InitInt == - /\ state = [r \in Replica |-> InitState] - /\ chins = Char ------------------------------------------------------------------------------ (* The set of all operations. Note: The positions are indexed from 1. *) @@ -48,7 +40,37 @@ Del == [type: {"Del"}, pos: 1 .. MaxLen] Ins == [type: {"Ins"}, pos: 1 .. (MaxLen + 1), ch: Char, pr: 1 .. ClientNum] \* pr: priority Op == Ins \cup Del \* Now we don't consider Rd operations +----------------------------------------------------------------------------- +TypeOKInt == + /\ state \in [Replica -> List] + /\ chins \subseteq Char + +InitInt == + /\ state = [r \in Replica |-> InitState] + /\ chins = Char + +DoIns(DoOp(_, _), c) == \* Client c \in Client generates an "Ins" operation. + \E ins \in {op \in Ins: + /\ op.pos \in 1 .. (Len(state[c]) + 1) + /\ op.ch \in chins /\ op.pr = Priority[c]}: + /\ DoOp(c, ins) + /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. + +DoDel(DoOp(_, _), c) == \* Client c \in Client generates a "Del" operation. + \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: + /\ DoOp(c, del) + /\ UNCHANGED chins + +DoInt(DoOp(_, _), c) == \* Client c \in Client issues an operation. + \/ DoIns(DoOp, c) + \/ DoDel(DoOp, c) + +RevInt(c) == \* Client c \in Client receives a message from the Server. + /\UNCHANGED chins + +SRevInt == \* The Server receives a message. + /\ UNCHANGED chins ============================================================================= \* Modification History -\* Last modified Wed Dec 12 20:20:43 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:25 CST 2018 by hengxin \* Created Tue Dec 04 19:01:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/MC.cfg b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/MC.cfg index f222f8a..fb68bcb 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/MC.cfg +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/MC.cfg @@ -8,24 +8,24 @@ a = a b = b \* MV CONSTANT definitions CONSTANT -Client <- const_154622553561516000 +Client <- const_15462604381139000 \* MV CONSTANT definitions CONSTANT -Char <- const_154622553561517000 +Char <- const_154626043811310000 \* CONSTANT declarations CONSTANT Server = Server \* SYMMETRY definition -SYMMETRY symm_154622553561518000 +SYMMETRY symm_154626043811311000 \* CONSTANT definitions CONSTANT -InitState <- const_154622553561519000 +InitState <- const_154626043811312000 \* CONSTANT definition CONSTANT Nop = Nop \* SPECIFICATION definition SPECIFICATION -spec_154622553561521000 +spec_154626043811414000 \* INVARIANT definition INVARIANT -inv_154622553561522000 -\* Generated on Mon Dec 31 11:05:35 CST 2018 \ No newline at end of file +inv_154626043811415000 +\* Generated on Mon Dec 31 20:47:18 CST 2018 \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/MC.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/MC.tla index a193cb1..85b74fa 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/MC.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/MC.tla @@ -12,33 +12,33 @@ a, b ---- \* MV CONSTANT definitions Client -const_154622553561516000 == +const_15462604381139000 == {c1, c2} ---- \* MV CONSTANT definitions Char -const_154622553561517000 == +const_154626043811310000 == {a, b} ---- \* SYMMETRY definition -symm_154622553561518000 == -Permutations(const_154622553561517000) +symm_154626043811311000 == +Permutations(const_154626043811310000) ---- \* CONSTANT definitions @modelParameterConstants:2InitState -const_154622553561519000 == +const_154626043811312000 == <<>> ---- \* SPECIFICATION definition @modelBehaviorSpec:0 -spec_154622553561521000 == +spec_154626043811414000 == Spec ---- \* INVARIANT definition @modelCorrectnessInvariants:0 -inv_154622553561522000 == +inv_154626043811415000 == CSSync ---- ============================================================================= \* Modification History -\* Created Mon Dec 31 11:05:35 CST 2018 by hengxin +\* Created Mon Dec 31 20:47:18 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/OT.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/OT.tla index a8dacd0..4980ff3 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/OT.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/OT.tla @@ -1,21 +1,11 @@ --------------------------------- MODULE OT --------------------------------- -(***************************************************************************) -(* Specification of OT (Operational Transformation) functions. *) -(* It consists of the basic OT functions for two operations and *) -(* more general ones involving operation sequences. *) -(***************************************************************************) +(* +This module contains the basic OT (Operational Transformation) functions +for two operations and general ones involving operation sequences. +*) EXTENDS OpOperators, SetUtils ----------------------------------------------------------------------------- -(***************************************************************************) -(* OT (Operational Transformation) functions. *) -(* *) -(* Naming convention: I for "Ins" and D for "Del". *) -(***************************************************************************) - -(***************************************************************************) -(* The left "Ins" lins transformed against the right "Ins" rins. *) -(***************************************************************************) -XformII(lins, rins) == +XformII(lins, rins) == \* lins is transformed against rins IF lins.pos < rins.pos THEN lins ELSE IF lins.pos > rins.pos @@ -25,84 +15,59 @@ XformII(lins, rins) == ELSE IF lins.pr > rins.pr THEN [lins EXCEPT !.pos = @+1] ELSE lins -(***************************************************************************) -(* The left "Ins" ins transformed against the right "Del" del. *) -(***************************************************************************) -XformID(ins, del) == + +XformID(ins, del) == \* ins is transformed against del IF ins.pos <= del.pos THEN ins ELSE [ins EXCEPT !.pos = @-1] -(***************************************************************************) -(* The left "Del" del transformed against the right "Ins" ins. *) -(***************************************************************************) -XformDI(del, ins) == + +XformDI(del, ins) == \* del is transformed against ins IF del.pos < ins.pos THEN del ELSE [del EXCEPT !.pos = @+1] -(***************************************************************************) -(* The left "Del" ldel transformed against the right "Del" rdel. *) -(***************************************************************************) -XformDD(ldel, rdel) == + +XformDD(ldel, rdel) == \* ldel is transformed against rdel IF ldel.pos < rdel.pos THEN ldel ELSE IF ldel.pos > rdel.pos THEN [ldel EXCEPT !.pos = @-1] ELSE Nop ------------------------------------------------------------------------------ -(***************************************************************************) -(* Transform the left operation lop against the right operation rop *) -(* with appropriate OT function. *) -(***************************************************************************) -Xform(lop, rop) == + +Xform(lop, rop) == \* lop is transformed against rop CASE lop = Nop \/ rop = Nop -> lop [] lop.type = "Ins" /\ rop.type = "Ins" -> XformII(lop, rop) [] lop.type = "Ins" /\ rop.type = "Del" -> XformID(lop, rop) [] lop.type = "Del" /\ rop.type = "Ins" -> XformDI(lop, rop) [] lop.type = "Del" /\ rop.type = "Del" -> XformDD(lop, rop) ----------------------------------------------------------------------------- -(***************************************************************************) -(* Generalized OT functions on operation sequences. *) -(***************************************************************************) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(***************************************************************************) -RECURSIVE XformOpOps(_, _, _) -XformOpOps(xform(_,_), op, ops) == +(* +Generalized OT functions on operation sequences. +*) +RECURSIVE XformOpOps(_, _, _) +XformOpOps(xform(_,_), op, ops) == \* Transform an operation op against an operation sequence ops. IF ops = <<>> THEN op ELSE XformOpOps(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(* Being different from XformOpOps, *) -(* XformOpOpsX maintains the intermediate transformed operation *) -(***************************************************************************) + RECURSIVE XformOpOpsX(_, _,_) -XformOpOpsX(xform(_, _), op, ops) == +XformOpOpsX(xform(_, _), op, ops) == \* Transform an operation op against an operation sequence ops. IF ops = <<>> - THEN <> + THEN <> \* Maintain and return the intermediate transformed operations. ELSE <> \o XformOpOpsX(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation sequence ops *) -(* against an operation op. *) -(***************************************************************************) -XformOpsOp(xform(_, _), ops, op) == + +XformOpsOp(xform(_, _), ops, op) == \* Transform an operation sequence ops against an operation op. LET opX == XformOpOpsX(xform, op, ops) IN [i \in 1 .. Len(ops) |-> xform(ops[i], opX[i])] -(***************************************************************************) -(* Iteratively/recursively transforms an operation sequence ops1 *) -(* against another operation sequence ops2. *) -(* *) -(* See also Definition 2.13 of the paper "Imine @ TCS06". *) -(***************************************************************************) +(* +Transforms an operation sequence ops1 against another operation sequence ops2; +see Definition 2.13 of the paper "Imine@TCS06". +*) RECURSIVE XformOpsOps(_, _,_) -XformOpsOps(xform(_, _), ops1, ops2) == +XformOpsOps(xform(_, _), ops1, ops2) == IF ops2 = <<>> THEN ops1 ELSE XformOpsOps(xform, XformOpsOp(xform, ops1, Head(ops2)), Tail(ops2)) ============================================================================= \* Modification History -\* Last modified Fri Dec 28 14:58:58 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:45:16 CST 2018 by hengxin \* Created Sun Jun 24 15:57:48 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/OpOperators.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/OpOperators.tla index 6131506..2989bbe 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/OpOperators.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/OpOperators.tla @@ -1,39 +1,23 @@ ---------------------------- MODULE OpOperators ---------------------------- -(***************************************************************************) -(* Operators for Op. *) -(***************************************************************************) +(* +Operators for Op. +*) EXTENDS Naturals, Sequences, SequenceUtils - -Nop == PickNone(Nat) ----------------------------------------------------------------------------- -(*********************************************************************) -(* The "Apply" operator which applies an operation op on the list l. *) -(* *) -(* Del: If pos > Len(l), the last element of l is deleted. *) -(* This is realized by the DeleteElement operator. *) -(* Ins: If pos > Len(l), the new element is appended to l. *) -(* This is realized by the InsertElement operator. *) -(*********************************************************************) -Apply(op, l) == CASE op = Nop -> l - [] op.type = "Rd" -> l - [] op.type = "Del" -> DeleteElement(l, op.pos) - [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) -(*********************************************************************) -(* The "ApplyOps" operator which applies an operation sequence ops *) -(* on the list l. *) -(*********************************************************************) -RECURSIVE ApplyOps(_, _) +Nop == PickNone(Nat) + +Apply(op, l) == \* Apply an operation op on the list l. + CASE op = Nop -> l + [] op.type = "Rd" -> l + [] op.type = "Del" -> DeleteElement(l, op.pos) \* Last(l) is deleted if pos > Len(l) + [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) \* Append(l, ch) if pos > Len(l) + +RECURSIVE ApplyOps(_, _) \* Apply an operation sequence ops on the list l. ApplyOps(ops, l) == IF ops = <<>> THEN l ELSE Apply(Last(ops), ApplyOps(AllButLast(ops), l)) ------------------------------------------------------------------------------ -(*********************************************************************) -(* Check whether an operation op is legal with respect to the list l.*) -(*********************************************************************) -IsLegalOp(op, l) == CASE op.type = "Del" -> op.pos <= Len(l) - [] op.type = "Ins" -> op.pos <= Len(l) + 1 ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:14:35 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:21:16 CST 2018 by hengxin \* Created Tue Aug 28 14:58:54 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/XJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/XJupiter.tla index 7387569..cf2d58a 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/XJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/CSSync/XJupiter.tla @@ -25,11 +25,7 @@ Init == /\ c2ss = [c \in Client |-> EmptySS] /\ s2ss = [c \in Client |-> EmptySS] ----------------------------------------------------------------------------- -(* -xForm: iteratively transform cop with a path -through the 2D state space ss at some client. -*) -xForm(cop, ss, cur) == +xForm(cop, ss, cur) == \* Transform cop with a path (i.e., operation sequence) through 2D state space ss. LET u == Locate(cop, ss) v == u \cup {cop.oid} RECURSIVE xFormHelper(_, _, _, _) @@ -47,72 +43,49 @@ xForm(cop, ss, cur) == [from |-> uprime, to |-> vprime, cop |-> coph2copprime]}]) IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) ----------------------------------------------------------------------------- -(* -Client c \in Client perform operation cop. -*) -ClientPerform(cop, c) == +ClientPerform(cop, c) == \* Client c \in Client perform operation cop. LET xform == xForm(cop, c2ss[c], ds[c]) \* xform: [xss, xcop] IN /\ c2ss' = [c2ss EXCEPT ![c] = @ (+) xform.xss] /\ state' = [state EXCEPT ![c] = Apply(xform.xcop.op, @)] -(* -Client c \in Client generates an operation op. -*) + DoOp(c, op) == LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] IN /\ ClientPerform(cop, c) /\ Comm(Cop)!CSend(cop) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - Do(c) == /\ DoCtx(c) - /\ \/ DoIns(c) - \/ DoDel(c) + /\ DoInt(DoOp, c) /\ UNCHANGED s2ss -(* -Client c \in Client receives a message from the Server. -*) + Rev(c) == /\ Comm(Cop)!CRev(c) - /\ LET cop == Head(cincoming[c]) - IN ClientPerform(cop, c) + /\ ClientPerform(Head(cincoming[c]), c) /\ RevCtx(c) - /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -The Server performs operation cop. -*) + /\ RevInt(c) + /\ UNCHANGED s2ss + ServerPerform(cop) == LET c == ClientOf(cop) scur == ds[Server] xform == xForm(cop, s2ss[c], scur) \* xform: [xss, xcop] xcop == xform.xcop xcur == scur \cup {cop.oid} - IN /\ s2ss' = [cl \in Client |-> + IN /\ s2ss' = [cl \in Client |-> IF cl = c THEN s2ss[cl] (+) xform.xss ELSE s2ss[cl] (+) [node |-> {xcur}, - edge |-> {[from |-> scur, to |-> xcur, cop |-> xcop]}] - ] - /\ state' = [state EXCEPT ![Server] = Apply(xcop.op, @)] - /\ Comm(Cop)!SSendSame(c, xcop) -(* -The Server receives a message. -*) + edge |-> {[from |-> scur, to |-> xcur, cop |-> xcop]}] + ] + /\ state' = [state EXCEPT ![Server] = Apply(xcop.op, @)] + /\ Comm(Cop)!SSendSame(c, xcop) + SRev == /\ Comm(Cop)!SRev - /\ LET cop == Head(sincoming) - IN ServerPerform(cop) + /\ ServerPerform(Head(sincoming)) /\ SRevCtx - /\ UNCHANGED <> + /\ SRevInt + /\ UNCHANGED c2ss ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) @@ -129,5 +102,5 @@ CSSync == \* Each client c \in Client is synchonized with the Server. THEOREM Spec => []CSSync ============================================================================= \* Modification History -\* Last modified Mon Dec 31 11:05:08 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:46:54 CST 2018 by hengxin \* Created Tue Oct 09 16:33:18 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/XJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/XJupiter.pdf index a536fb8..90d34e3 100755 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/XJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/XJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/XJupiter.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/XJupiter.tex index b6956bd..d3264b5 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/XJupiter.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.toolbox/XJupiter.tex @@ -991,222 +991,180 @@ \@x{\makebox[0pt][r]{\scriptsize 26\hspace{1em}}\@s{16.4} \.{\land} s2ss\@s{0.25} \.{=} [ c \.{\in} Client \.{\mapsto} EmptySS ]}% \@x{\makebox[0pt][r]{\scriptsize 27\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -\ensuremath{xForm}: iteratively transform cop with a path - through the \ensuremath{2D} state space \ensuremath{ss} at some client. -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 32\hspace{1em}} xForm ( cop ,\, ss ,\, cur ) + \@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}} xForm ( cop ,\, ss ,\, cur ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}}\@s{16.4} \.{\LET} u +\@y{\@s{0}% + Transform cop with a path (\ensuremath{i.e}., operation sequence) through + \ensuremath{2D} state space \ensuremath{ss}. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}}\@s{16.4} \.{\LET} u \.{\defeq} Locate ( cop ,\, ss )}% - \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{36.79} v\@s{0.45} + \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{36.79} v\@s{0.45} \.{\defeq} u \.{\cup} \{ cop . oid \}}% - \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}}\@s{36.79} {\RECURSIVE} + \@x{\makebox[0pt][r]{\scriptsize 31\hspace{1em}}\@s{36.79} {\RECURSIVE} xFormHelper ( \_ ,\, \_ ,\, \_ ,\, \_ )}% - \@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}}\@s{40.89} xFormHelper ( uh + \@x{\makebox[0pt][r]{\scriptsize 32\hspace{1em}}\@s{40.89} xFormHelper ( uh ,\, vh ,\, coph ,\, xss ) \.{\defeq}}% \@y{\@s{0}% \ensuremath{xss}: \ensuremath{eXtra} \ensuremath{ss} created during transformation }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}}\@s{57.29} {\IF} uh \.{=} cur + \@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}}\@s{57.29} {\IF} uh \.{=} cur \.{\THEN} [ xss \.{\mapsto} xss ,\, xcop \.{\mapsto} coph ]}% - \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}}\@s{57.29} \.{\ELSE} \.{\LET} + \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{57.29} \.{\ELSE} \.{\LET} e \.{\defeq} {\CHOOSE} e \.{\in} ss . edge \.{:} e . from \.{=} uh \.{\land} ClientOf ( e . cop ) \.{\neq} ClientOf ( cop )}% - \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}}\@s{109.01} copprime + \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}}\@s{109.01} copprime \.{\defeq} e . cop}% - \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}}\@s{109.01} uprime \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}}\@s{109.01} uprime \.{\defeq} e . to}% - \@x{\makebox[0pt][r]{\scriptsize 41\hspace{1em}}\@s{109.01} vprime\@s{0.76} + \@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}}\@s{109.01} vprime\@s{0.76} \.{\defeq} vh \.{\cup} \{ copprime . oid \}}% - \@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}}\@s{109.01} + \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}}\@s{109.01} coph2copprime\@s{4.10} \.{\defeq} COT ( coph ,\, copprime )}% - \@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{113.11} copprime2coph + \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}}\@s{113.11} copprime2coph \.{\defeq} COT ( copprime ,\, coph )}% - \@x{\makebox[0pt][r]{\scriptsize 44\hspace{1em}}\@s{92.71} \.{\IN} + \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}}\@s{92.71} \.{\IN} xFormHelper ( uprime ,\, vprime ,\, coph2copprime ,\,}% - \@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}}\@s{125.41} xss \.{\oplus} [ + \@x{\makebox[0pt][r]{\scriptsize 41\hspace{1em}}\@s{125.41} xss \.{\oplus} [ node \.{\mapsto} \{ vprime \} ,\,}% - \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}}\@s{154.04} edge\@s{1.53} + \@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}}\@s{154.04} edge\@s{1.53} \.{\mapsto} \{ [ from \.{\mapsto} vh ,\, to \.{\mapsto} vprime ,\, cop \.{\mapsto} copprime2coph ] ,\,}% - \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{195.28} [ from + \@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{195.28} [ from \.{\mapsto} uprime ,\, to \.{\mapsto} vprime ,\, cop \.{\mapsto} coph2copprime ] \} ] )}% - \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{20.5} \.{\IN} xFormHelper + \@x{\makebox[0pt][r]{\scriptsize 44\hspace{1em}}\@s{20.5} \.{\IN} xFormHelper ( u ,\, v ,\, cop ,\, [ node \.{\mapsto} \{ v \} ,\, edge \.{\mapsto} \{ [ from \.{\mapsto} u ,\, to \.{\mapsto} v ,\, cop \.{\mapsto} cop ] \} ] )}% -\@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Client \ensuremath{c \.{\in} Client} perform operation cop. -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}} ClientPerform ( cop ,\, c ) +\@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}}}\midbar\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}} ClientPerform ( cop ,\, c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{16.4} \.{\LET} xform +\@y{\@s{0}% + Client \ensuremath{c \.{\in} Client} perform operation cop. +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{16.4} \.{\LET} xform \.{\defeq} xForm ( cop ,\, c2ss [ c ] ,\, ds [ c ] )}% \@y{\@s{0}% \ensuremath{xform}: [\ensuremath{xss}, \ensuremath{xcop}] }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{16.4} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{16.4} \.{\IN} \.{\land} c2ss \.{'} \.{=} [ c2ss {\EXCEPT} {\bang} [ c ] \.{=} @ \.{\oplus} xform . xss ]}% - \@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}}\@s{36.79} \.{\land} state + \@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}}\@s{36.79} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ c ] \.{=} Apply ( xform . xcop . op ,\, @ ) ]}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Client \ensuremath{c \.{\in} Client} generates an operation \ensuremath{op}. -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 60\hspace{1em}} DoOp ( c ,\, op )\@s{5.43} +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}} DoOp ( c ,\, op )\@s{5.43} \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}}\@s{26.06} \.{\LET} cop + \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}}\@s{26.06} \.{\LET} cop \.{\defeq} [ op \.{\mapsto} op ,\, oid \.{\mapsto} [ c \.{\mapsto} c ,\, seq \.{\mapsto} cseq \.{'} [ c ] ] ,\, ctx \.{\mapsto} ds [ c ] ]}% - \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}}\@s{46.46} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{46.46} \.{\IN} \.{\land} ClientPerform ( cop ,\, c )}% - \@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}}\@s{66.86} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}\@s{66.86} \.{\land} Comm ( Cop ) {\bang} CSend ( cop )}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}} DoIns ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{16.4} \E\, ins \.{\in} \{ - op \.{\in} Ins \.{:} op . pos \.{\in} 1 \.{\dotdot} ( Len ( state [ c ] ) - \.{+} 1 ) \.{\land} op . ch \.{\in} chins \.{\land} op . pr \.{=} Priority [ - c ] \} \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 67\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, ins )}% - \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}}\@s{27.72} \.{\land} chins - \.{'} \.{=} chins \.{\,\backslash\,} \{ ins . ch \}}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}} DoDel ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}\@s{16.4} \E\, del \.{\in} \{ - op \.{\in} Del \.{:} op . pos \.{\in} 1 \.{\dotdot} Len ( state [ c ] ) \} - \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{27.72} \.{\land} DoOp ( c - ,\, del )}% - \@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}\@s{27.72} \.{\land} - {\UNCHANGED} chins}% -\@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 75\hspace{1em}} Do ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 76\hspace{1em}}\@s{22.34} \.{\land} DoCtx ( +\@x{\makebox[0pt][r]{\scriptsize 56\hspace{1em}} Do ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}}\@s{22.34} \.{\land} DoCtx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}}\@s{22.34} \.{\land} \.{\lor} - DoIns ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 78\hspace{1em}}\@s{33.45} \.{\lor} DoDel ( c - )}% - \@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}}\@s{22.34} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 58\hspace{1em}}\@s{22.34} \.{\land} DoInt ( + DoOp ,\, c )}% + \@x{\makebox[0pt][r]{\scriptsize 59\hspace{1em}}\@s{22.34} \.{\land} {\UNCHANGED} s2ss}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% - Client \ensuremath{c \.{\in} Client} receives a message from the - \ensuremath{Server}. -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 83\hspace{1em}} Rev ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 84\hspace{1em}}\@s{20.94} \.{\land} Comm ( +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 61\hspace{1em}} Rev ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 62\hspace{1em}}\@s{20.94} \.{\land} Comm ( Cop ) {\bang} CRev ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}}\@s{20.94} \.{\land} \.{\LET} - cop \.{\defeq} Head ( cincoming [ c ] )}% - \@x{\makebox[0pt][r]{\scriptsize 86\hspace{1em}}\@s{36.15} \.{\IN} - ClientPerform ( cop ,\, c )}% - \@x{\makebox[0pt][r]{\scriptsize 87\hspace{1em}}\@s{20.94} \.{\land} RevCtx ( + \@x{\makebox[0pt][r]{\scriptsize 63\hspace{1em}}\@s{20.94} \.{\land} + ClientPerform ( Head ( cincoming [ c ] ) ,\, c )}% + \@x{\makebox[0pt][r]{\scriptsize 64\hspace{1em}}\@s{20.94} \.{\land} RevCtx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 88\hspace{1em}}\@s{20.94} \.{\land} - {\UNCHANGED} {\langle} chins ,\, s2ss {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 89\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -The \ensuremath{Server} performs operation cop. -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 93\hspace{1em}} ServerPerform ( cop ) + \@x{\makebox[0pt][r]{\scriptsize 65\hspace{1em}}\@s{20.94} \.{\land} RevInt ( + c )}% + \@x{\makebox[0pt][r]{\scriptsize 66\hspace{1em}}\@s{20.94} \.{\land} + {\UNCHANGED} s2ss}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 68\hspace{1em}} ServerPerform ( cop ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 94\hspace{1em}}\@s{16.4} \.{\LET} c\@s{0.41} + \@x{\makebox[0pt][r]{\scriptsize 69\hspace{1em}}\@s{16.4} \.{\LET} c\@s{0.41} \.{\defeq} ClientOf ( cop )}% - \@x{\makebox[0pt][r]{\scriptsize 95\hspace{1em}}\@s{20.5} scur\@s{2.52} + \@x{\makebox[0pt][r]{\scriptsize 70\hspace{1em}}\@s{20.5} scur\@s{2.52} \.{\defeq} ds [ Server ]}% - \@x{\makebox[0pt][r]{\scriptsize 96\hspace{1em}}\@s{16.4} xform \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 71\hspace{1em}}\@s{16.4} xform \.{\defeq} xForm ( cop ,\, s2ss [ c ] ,\, scur )}% \@y{\@s{0}% \ensuremath{xform}: [\ensuremath{xss}, \ensuremath{xcop}] }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 97\hspace{1em}}\@s{20.5} xcop\@s{2.29} + \@x{\makebox[0pt][r]{\scriptsize 72\hspace{1em}}\@s{20.5} xcop\@s{2.29} \.{\defeq} xform . xcop}% - \@x{\makebox[0pt][r]{\scriptsize 98\hspace{1em}}\@s{20.5} xcur\@s{1.97} + \@x{\makebox[0pt][r]{\scriptsize 73\hspace{1em}}\@s{20.5} xcur\@s{1.97} \.{\defeq} scur \.{\cup} \{ cop . oid \}}% - \@x{\makebox[0pt][r]{\scriptsize 99\hspace{1em}}\@s{16.4} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 74\hspace{1em}}\@s{20.5} \.{\IN} \.{\land} s2ss \.{'} \.{=} [ cl \.{\in} Client \.{\mapsto}}% -\@x{\makebox[0pt][r]{\scriptsize 100\hspace{1em}}\@s{89.83} {\IF} cl \.{=} c}% - \@x{\makebox[0pt][r]{\scriptsize 101\hspace{1em}}\@s{89.83} \.{\THEN} s2ss [ +\@x{\makebox[0pt][r]{\scriptsize 75\hspace{1em}}\@s{89.83} {\IF} cl \.{=} c}% + \@x{\makebox[0pt][r]{\scriptsize 76\hspace{1em}}\@s{89.83} \.{\THEN} s2ss [ cl ] \.{\oplus} xform . xss}% - \@x{\makebox[0pt][r]{\scriptsize 102\hspace{1em}}\@s{89.83} \.{\ELSE} s2ss [ + \@x{\makebox[0pt][r]{\scriptsize 77\hspace{1em}}\@s{89.83} \.{\ELSE} s2ss [ cl ] \.{\oplus} [ node \.{\mapsto} \{ xcur \} ,\,}% - \@x{\makebox[0pt][r]{\scriptsize 103\hspace{1em}}\@s{102.13} edge \.{\mapsto} + \@x{\makebox[0pt][r]{\scriptsize 78\hspace{1em}}\@s{106.23} edge \.{\mapsto} \{ [ from \.{\mapsto} scur ,\, to \.{\mapsto} xcur ,\, cop \.{\mapsto} xcop ] \} ]}% -\@x{\makebox[0pt][r]{\scriptsize 104\hspace{1em}}\@s{82.95} ]}% - \@x{\makebox[0pt][r]{\scriptsize 105\hspace{1em}}\@s{36.79} \.{\land} state +\@x{\makebox[0pt][r]{\scriptsize 79\hspace{1em}}\@s{87.05} ]}% + \@x{\makebox[0pt][r]{\scriptsize 80\hspace{1em}}\@s{40.89} \.{\land} state \.{'} \.{=} [ state {\EXCEPT} {\bang} [ Server ] \.{=} Apply ( xcop . op ,\, @ ) ]}% - \@x{\makebox[0pt][r]{\scriptsize 106\hspace{1em}}\@s{36.79} \.{\land} Comm ( + \@x{\makebox[0pt][r]{\scriptsize 81\hspace{1em}}\@s{40.89} \.{\land} Comm ( Cop ) {\bang} SSendSame ( c ,\, xcop )}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -The \ensuremath{Server} receives a message. -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 110\hspace{1em}} SRev \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 111\hspace{1em}}\@s{16.4} \.{\land} Comm ( +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 83\hspace{1em}} SRev \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 84\hspace{1em}}\@s{16.4} \.{\land} Comm ( Cop ) {\bang} SRev}% - \@x{\makebox[0pt][r]{\scriptsize 112\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} - cop \.{\defeq} Head ( sincoming )}% - \@x{\makebox[0pt][r]{\scriptsize 113\hspace{1em}}\@s{31.61} \.{\IN} - ServerPerform ( cop )}% -\@x{\makebox[0pt][r]{\scriptsize 114\hspace{1em}}\@s{16.4} \.{\land} SRevCtx}% - \@x{\makebox[0pt][r]{\scriptsize 115\hspace{1em}}\@s{16.4} \.{\land} - {\UNCHANGED} {\langle} chins ,\, c2ss {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 116\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 117\hspace{1em}} Next \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 118\hspace{1em}}\@s{16.4} \.{\lor} \E\, c + \@x{\makebox[0pt][r]{\scriptsize 85\hspace{1em}}\@s{16.4} \.{\land} + ServerPerform ( Head ( sincoming ) )}% +\@x{\makebox[0pt][r]{\scriptsize 86\hspace{1em}}\@s{16.4} \.{\land} SRevCtx}% +\@x{\makebox[0pt][r]{\scriptsize 87\hspace{1em}}\@s{16.4} \.{\land} SRevInt}% + \@x{\makebox[0pt][r]{\scriptsize 88\hspace{1em}}\@s{16.4} \.{\land} + {\UNCHANGED} c2ss}% +\@x{\makebox[0pt][r]{\scriptsize 89\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 90\hspace{1em}} Next \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 91\hspace{1em}}\@s{16.4} \.{\lor} \E\, c \.{\in} Client \.{:} Do ( c ) \.{\lor} Rev ( c )}% -\@x{\makebox[0pt][r]{\scriptsize 119\hspace{1em}}\@s{16.4} \.{\lor} SRev}% +\@x{\makebox[0pt][r]{\scriptsize 92\hspace{1em}}\@s{16.4} \.{\lor} SRev}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 121\hspace{1em}} Fairness \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 94\hspace{1em}} Fairness \.{\defeq}}% \@y{\@s{0}% There is no requirement that the clients ever generate operations. }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 122\hspace{1em}}\@s{16.4} {\WF}_{ vars} ( + \@x{\makebox[0pt][r]{\scriptsize 95\hspace{1em}}\@s{16.4} {\WF}_{ vars} ( SRev \.{\lor} \E\, c \.{\in} Client \.{:} Rev ( c ) )}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 124\hspace{1em}} Spec \.{\defeq} Init + \@x{\makebox[0pt][r]{\scriptsize 97\hspace{1em}} Spec \.{\defeq} Init \.{\land} {\Box} [ Next ]_{ vars}}% \@y{\@s{0}% \ensuremath{\.{\land} Fairness }}% \@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 125\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 126\hspace{1em}} CSSync \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 98\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 99\hspace{1em}} CSSync \.{\defeq}}% \@y{\@s{0}% Each client \ensuremath{c \.{\in} Client} is synchonized with the \ensuremath{Server}. }% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 127\hspace{1em}}\@s{16.4} \forall\, c + \@x{\makebox[0pt][r]{\scriptsize 100\hspace{1em}}\@s{16.4} \forall\, c \.{\in} Client \.{:} ( ds [ c ] \.{=} ds [ Server ] ) \.{\implies} c2ss [ c ] \.{=} s2ss [ c ]}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 129\hspace{1em}} {\THEOREM} Spec + \@x{\makebox[0pt][r]{\scriptsize 102\hspace{1em}} {\THEOREM} Spec \.{\implies} {\Box} CSSync}% -\@x{\makebox[0pt][r]{\scriptsize 130\hspace{1em}}}\bottombar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 103\hspace{1em}}}\bottombar\@xx{}% \setboolean{shading}{false} \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% @@ -1214,7 +1172,7 @@ \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} - \ensuremath{Dec} 31 11:05:08 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{Dec} 31 20:46:54 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.pdf index 0c4f845..a23ec27 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.tla index 9e1a5c3..bbf39e6 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.tla @@ -1,21 +1,17 @@ -------------------------- MODULE XJupiterExtended -------------------------- (* -XJupiter extended with serial views. -This is used to show that XJupiter implements CJupiter. +XJupiter extended with serial views. This is used to show that XJupiter implements CJupiter. *) EXTENDS XJupiter, JupiterSerial ----------------------------------------------------------------------------- -VARIABLES - (* - Simulating the behavior of propagating original operations in CJupiter. - *) +VARIABLES \* Simulate the behavior of propagating original operations in CJupiter. cincomingCJ, \* cincoming for CJupiter which contains original operations \* instead of transformed ones in XJupiter sincomingCJ \* (not used) commCJVars == <> varsEx == <> ------------------------------------------------------------------------------ + commCJ == INSTANCE CSComm WITH Msg <- Seq(Cop), cincoming <- cincomingCJ, sincoming <- sincomingCJ ----------------------------------------------------------------------------- @@ -23,7 +19,7 @@ TypeOKEx == /\ TypeOK /\ commCJ!TypeOK /\ TypeOKSerial ------------------------------------------------------------------------------ + InitEx == /\ Init /\ commCJ!Init @@ -42,7 +38,7 @@ RevEx(c) == SRevEx == /\ SRev /\ LET cop == Head(sincoming) - c == cop.oid.c + c == ClientOf(cop) IN /\ commCJ!SSendSame(c, cop) /\ SRevSerial /\ UNCHANGED sincomingCJ @@ -57,5 +53,5 @@ FairnessEx == SpecEx == InitEx /\ [][NextEx]_varsEx \* /\ FairnessEx ============================================================================= \* Modification History -\* Last modified Sat Dec 15 18:01:37 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:52:00 CST 2018 by hengxin \* Created Tue Oct 30 20:32:27 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/.project b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/.project index 48f9f68..3525e73 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/.project +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/.project @@ -28,7 +28,7 @@ GraphsUtil.tla 1 - /home/hengxin/Documents/ubuntu/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/GraphsUtil.tla + PARENT-1-PROJECT_LOC/GraphsUtil.tla JupiterCtx.tla @@ -68,7 +68,7 @@ StateSpace.tla 1 - /home/hengxin/Documents/ubuntu/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/StateSpace.tla + PARENT-1-PROJECT_LOC/StateSpace.tla XJupiter.tla diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/CSComm.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/CSComm.tla old mode 100755 new mode 100644 index 7a0691d..7cd4728 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/CSComm.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/CSComm.tla @@ -5,9 +5,9 @@ Specification of communication in a Client-Server system model. EXTENDS SequenceUtils ----------------------------------------------------------------------------- CONSTANTS - Client, \* the set of clients - Server, \* the (unique) server - Msg \* the set of possible messages + Client, \* the set of clients + Server, \* the (unique) server + Msg \* the set of messages ----------------------------------------------------------------------------- VARIABLES cincoming, \* cincoming[c]: incoming channel at client c \in Client @@ -23,44 +23,32 @@ Init == EmptyChannel == Init ----------------------------------------------------------------------------- -(* -A client sends a message msg to the Server. -*) -CSend(msg) == +CSend(msg) == \* A client sends a message msg to the Server. /\ sincoming' = Append(sincoming, msg) /\ UNCHANGED cincoming -(* -Client c receives a message from the Server. -*) -CRev(c) == + +CRev(c) == \* Client c receives and consumes a message from the Server. /\ cincoming[c] # <<>> - /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] \* consume a message + /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] /\ UNCHANGED sincoming ----------------------------------------------------------------------------- (* SRev/SSend below is often used as a subaction. No UNCHANGED in their definitions. *) -(* -The Server receives a message. -*) -SRev == +SRev == \* The Server receives and consumes a message. /\ sincoming # <<>> - /\ sincoming' = Tail(sincoming) \* consume a message -(* -The Server sents a message cmsg to each client other than c \in Client. -*) -SSend(c, cmsg) == + /\ sincoming' = Tail(sincoming) + +SSend(c, cmsg) == \* The Server sents a message cmsg to each client other than c \in Client. /\ cincoming' = [cl \in Client |-> IF cl = c THEN cincoming[cl] ELSE Append(cincoming[cl], cmsg[cl])] -(* -The Server broadcasts the same message msg to all Clients other than c \in Client. -*) -SSendSame(c, msg) == + +SSendSame(c, msg) == \* The Server broadcasts the message msg to all clients other than c \in Client. /\ SSend(c, [cl \in Client |-> msg]) ============================================================================= \* Modification History -\* Last modified Tue Dec 04 20:49:02 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:04:29 CST 2018 by hengxin \* Created Sun Jun 24 10:25:34 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/FunctionUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/FunctionUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/GraphsUtil.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/GraphsUtil.tla old mode 100755 new mode 100644 index 4c3ee57..823e17a --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/GraphsUtil.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/GraphsUtil.tla @@ -1,14 +1,10 @@ ----------------------------- MODULE GraphsUtil ----------------------------- (* -A module that defines graphs and the operations on them. -*) ------------------------------------------------------------------------------ -(* -A directed graph is a pair consisting of a set of nodes +A graph is a pair consisting of a set of nodes and a set of directed edges, each of which is a pair of nodes. It is represented by a record with node field and edge field. *) -IsDirectedGraph(G) == +IsGraph(G) == /\ G = [node |-> G.node, edge |-> G.edge] EmptyGraph == [node |-> {{}}, edge |-> {}] @@ -17,5 +13,5 @@ g (+) h == \* A union (in terms of set) of two graphs g and h. [node |-> g.node \cup h.node, edge |-> g.edge \cup h.edge] ============================================================================= \* Modification History -\* Last modified Wed Dec 19 11:36:22 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:47:39 CST 2018 by hengxin \* Created Wed Dec 19 11:11:25 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterCtx.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterCtx.tla old mode 100755 new mode 100644 index d0f38b6..151b007 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterCtx.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterCtx.tla @@ -14,11 +14,13 @@ ctxVars == <> Oid == [c: Client, seq: Nat] \* operation identifier Cop == [op: Op \cup {Nop}, oid: Oid, ctx: SUBSET Oid] \* contexted-based op +ClientOf(cop) == cop.oid.c + COT(lcop, rcop) == \* OT of two Cop(s). [lcop EXCEPT !.op = Xform(lcop.op, rcop.op), !.ctx = @ \cup {rcop.oid}] -UpdateDS(r, cop) == \* update ds to include new Cop (in terms of oid) - ds' = [ds EXCEPT ![r] = @ \cup {cop.oid}] +UpdateDS(r, oid) == \* update ds[r] to include new oid \in Oid + ds' = [ds EXCEPT ![r] = @ \cup {oid}] ----------------------------------------------------------------------------- TypeOKCtx == /\ cseq \in [Client -> Nat] @@ -30,16 +32,16 @@ InitCtx == DoCtx(c) == /\ cseq' = [cseq EXCEPT ![c] = @ + 1] - \* /\ don't know the generated cop; no way to update ds + /\ UpdateDS(c, [c |-> c, seq |-> cseq'[c]]) RevCtx(c) == - /\ UpdateDS(c, Head(cincoming[c])) + /\ UpdateDS(c, Head(cincoming[c]).oid) /\ UNCHANGED cseq SRevCtx == - /\ UpdateDS(Server, Head(sincoming)) + /\ UpdateDS(Server, Head(sincoming).oid) /\ UNCHANGED cseq ============================================================================= \* Modification History -\* Last modified Tue Dec 18 22:21:38 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:52:44 CST 2018 by hengxin \* Created Wed Dec 05 20:03:50 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterInterface.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterInterface.tla old mode 100755 new mode 100644 index d39304a..148bcf2 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterInterface.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterInterface.tla @@ -6,9 +6,9 @@ the interface of a family of Jupiter specs. EXTENDS Integers, SequenceUtils, OT ----------------------------------------------------------------------------- CONSTANTS + Char, \* the set of characters Client, \* the set of client replicas Server, \* the (unique) server replica - Char, \* the set of characters allowed to be inserted InitState \* the initial state of each replica ASSUME \* We assume that all inserted elements are unique. @@ -32,14 +32,6 @@ MaxLen == Cardinality(Char) + Len(InitState) \* the max length of lists in any s ClientNum == Cardinality(Client) Priority == CHOOSE f \in [Client -> 1 .. ClientNum] : Injective(f) ----------------------------------------------------------------------------- -TypeOKInt == - /\ state \in [Replica -> List] - /\ chins \subseteq Char - -InitInt == - /\ state = [r \in Replica |-> InitState] - /\ chins = Char ------------------------------------------------------------------------------ (* The set of all operations. Note: The positions are indexed from 1. *) @@ -48,7 +40,37 @@ Del == [type: {"Del"}, pos: 1 .. MaxLen] Ins == [type: {"Ins"}, pos: 1 .. (MaxLen + 1), ch: Char, pr: 1 .. ClientNum] \* pr: priority Op == Ins \cup Del \* Now we don't consider Rd operations +----------------------------------------------------------------------------- +TypeOKInt == + /\ state \in [Replica -> List] + /\ chins \subseteq Char + +InitInt == + /\ state = [r \in Replica |-> InitState] + /\ chins = Char + +DoIns(DoOp(_, _), c) == \* Client c \in Client generates an "Ins" operation. + \E ins \in {op \in Ins: + /\ op.pos \in 1 .. (Len(state[c]) + 1) + /\ op.ch \in chins /\ op.pr = Priority[c]}: + /\ DoOp(c, ins) + /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. + +DoDel(DoOp(_, _), c) == \* Client c \in Client generates a "Del" operation. + \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: + /\ DoOp(c, del) + /\ UNCHANGED chins + +DoInt(DoOp(_, _), c) == \* Client c \in Client issues an operation. + \/ DoIns(DoOp, c) + \/ DoDel(DoOp, c) + +RevInt(c) == \* Client c \in Client receives a message from the Server. + /\UNCHANGED chins + +SRevInt == \* The Server receives a message. + /\ UNCHANGED chins ============================================================================= \* Modification History -\* Last modified Wed Dec 12 20:20:43 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:25 CST 2018 by hengxin \* Created Tue Dec 04 19:01:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterSerial.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterSerial.tla old mode 100755 new mode 100644 index d766fce..d3bd0bd --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterSerial.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/JupiterSerial.tla @@ -30,7 +30,7 @@ commSerial == INSTANCE CSComm WITH Msg <- Seq(Oid), TypeOKSerial == /\ serial \in [Replica -> Seq(Oid)] /\ commSerial!TypeOK ------------------------------------------------------------------------------ + InitSerial == /\ serial = [r \in Replica |-> <<>>] /\ commSerial!Init @@ -44,10 +44,10 @@ RevSerial(c) == SRevSerial == /\ LET cop == Head(sincoming) - IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] + IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] /\ commSerial!SSendSame(cop.oid.c, serial'[Server]) /\ UNCHANGED <> ============================================================================= \* Modification History -\* Last modified Wed Dec 12 21:04:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:54:56 CST 2018 by hengxin \* Created Wed Dec 05 21:03:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/MC.cfg b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/MC.cfg old mode 100755 new mode 100644 index a4faf8b..0561a84 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/MC.cfg +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/MC.cfg @@ -10,22 +10,22 @@ b = b CONSTANT Server = Server \* MV CONSTANT definitions CONSTANT -Client <- const_154519102421130000 +Client <- const_154626078801016000 \* MV CONSTANT definitions CONSTANT -Char <- const_154519102421131000 +Char <- const_154626078801017000 \* SYMMETRY definition -SYMMETRY symm_154519102421132000 +SYMMETRY symm_154626078801018000 \* CONSTANT definitions CONSTANT -InitState <- const_154519102421133000 +InitState <- const_154626078801119000 \* CONSTANT definition CONSTANT Nop = Nop \* SPECIFICATION definition SPECIFICATION -spec_154519102421235000 +spec_154626078801121000 \* INVARIANT definition INVARIANT -inv_154519102421236000 -\* Generated on Wed Dec 19 11:43:44 CST 2018 \ No newline at end of file +inv_154626078801122000 +\* Generated on Mon Dec 31 20:53:08 CST 2018 \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/MC.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/MC.tla old mode 100755 new mode 100644 index 80f45c3..a0941e1 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/MC.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/MC.tla @@ -12,33 +12,33 @@ a, b ---- \* MV CONSTANT definitions Client -const_154519102421130000 == +const_154626078801016000 == {c1, c2} ---- \* MV CONSTANT definitions Char -const_154519102421131000 == +const_154626078801017000 == {a, b} ---- \* SYMMETRY definition -symm_154519102421132000 == -Permutations(const_154519102421131000) +symm_154626078801018000 == +Permutations(const_154626078801017000) ---- \* CONSTANT definitions @modelParameterConstants:2InitState -const_154519102421133000 == +const_154626078801119000 == <<>> ---- \* SPECIFICATION definition @modelBehaviorSpec:0 -spec_154519102421235000 == +spec_154626078801121000 == SpecEx ---- \* INVARIANT definition @modelCorrectnessInvariants:0 -inv_154519102421236000 == +inv_154626078801122000 == CSSync ---- ============================================================================= \* Modification History -\* Created Wed Dec 19 11:43:44 CST 2018 by hengxin +\* Created Mon Dec 31 20:53:08 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/OT.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/OT.tla old mode 100755 new mode 100644 index 0290846..4980ff3 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/OT.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/OT.tla @@ -1,21 +1,11 @@ --------------------------------- MODULE OT --------------------------------- -(***************************************************************************) -(* Specification of OT (Operational Transformation) functions. *) -(* It consists of the basic OT functions for two operations and *) -(* more general ones involving operation sequences. *) -(***************************************************************************) +(* +This module contains the basic OT (Operational Transformation) functions +for two operations and general ones involving operation sequences. +*) EXTENDS OpOperators, SetUtils ----------------------------------------------------------------------------- -(***************************************************************************) -(* OT (Operational Transformation) functions. *) -(* *) -(* Naming convention: I for "Ins" and D for "Del". *) -(***************************************************************************) - -(***************************************************************************) -(* The left "Ins" lins transformed against the right "Ins" rins. *) -(***************************************************************************) -XformII(lins, rins) == +XformII(lins, rins) == \* lins is transformed against rins IF lins.pos < rins.pos THEN lins ELSE IF lins.pos > rins.pos @@ -26,89 +16,58 @@ XformII(lins, rins) == THEN [lins EXCEPT !.pos = @+1] ELSE lins -(***************************************************************************) -(* The left "Ins" ins transformed against the right "Del" del. *) -(***************************************************************************) -XformID(ins, del) == +XformID(ins, del) == \* ins is transformed against del IF ins.pos <= del.pos THEN ins ELSE [ins EXCEPT !.pos = @-1] -(***************************************************************************) -(* The left "Del" del transformed against the right "Ins" ins. *) -(***************************************************************************) -XformDI(del, ins) == +XformDI(del, ins) == \* del is transformed against ins IF del.pos < ins.pos THEN del ELSE [del EXCEPT !.pos = @+1] -(***************************************************************************) -(* The left "Del" ldel transformed against the right "Del" rdel. *) -(***************************************************************************) -XformDD(ldel, rdel) == +XformDD(ldel, rdel) == \* ldel is transformed against rdel IF ldel.pos < rdel.pos THEN ldel ELSE IF ldel.pos > rdel.pos THEN [ldel EXCEPT !.pos = @-1] ELSE Nop ------------------------------------------------------------------------------ -(***************************************************************************) -(* Transform the left operation lop against the right operation rop *) -(* with appropriate OT function. *) -(***************************************************************************) -Xform(lop, rop) == + +Xform(lop, rop) == \* lop is transformed against rop CASE lop = Nop \/ rop = Nop -> lop [] lop.type = "Ins" /\ rop.type = "Ins" -> XformII(lop, rop) [] lop.type = "Ins" /\ rop.type = "Del" -> XformID(lop, rop) [] lop.type = "Del" /\ rop.type = "Ins" -> XformDI(lop, rop) [] lop.type = "Del" /\ rop.type = "Del" -> XformDD(lop, rop) ----------------------------------------------------------------------------- -(***************************************************************************) -(* Generalized OT functions on operation sequences. *) -(***************************************************************************) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(***************************************************************************) -RECURSIVE XformOpOps(_,_) -XformOpOps(op, ops) == - IF ops = <<>> - THEN op - ELSE XformOpOps(Xform(op, Head(ops)), Tail(ops)) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(* Being different from XformOpOps, *) -(* XformOpOpsX maintains the intermediate transformed operation *) -(***************************************************************************) -RECURSIVE XformOpOpsX(_,_) -XformOpOpsX(op, ops) == - IF ops = <<>> - THEN <> - ELSE <> \o XformOpOpsX(Xform(op, Head(ops)), Tail(ops)) +(* +Generalized OT functions on operation sequences. +*) +RECURSIVE XformOpOps(_, _, _) +XformOpOps(xform(_,_), op, ops) == \* Transform an operation op against an operation sequence ops. + IF ops = <<>> + THEN op + ELSE XformOpOps(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation sequence ops *) -(* against an operation op. *) -(***************************************************************************) -XformOpsOp(ops, op) == - LET opX == XformOpOpsX(op, ops) - IN [i \in 1 .. Len(ops) |-> Xform(ops[i], opX[i])] +RECURSIVE XformOpOpsX(_, _,_) +XformOpOpsX(xform(_, _), op, ops) == \* Transform an operation op against an operation sequence ops. + IF ops = <<>> + THEN <> \* Maintain and return the intermediate transformed operations. + ELSE <> \o XformOpOpsX(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms an operation sequence ops1 *) -(* against another operation sequence ops2. *) -(* *) -(* See also Definition 2.13 of the paper "Imine @ TCS06". *) -(***************************************************************************) -RECURSIVE XformOpsOps(_,_) -XformOpsOps(ops1, ops2) == +XformOpsOp(xform(_, _), ops, op) == \* Transform an operation sequence ops against an operation op. + LET opX == XformOpOpsX(xform, op, ops) + IN [i \in 1 .. Len(ops) |-> xform(ops[i], opX[i])] +(* +Transforms an operation sequence ops1 against another operation sequence ops2; +see Definition 2.13 of the paper "Imine@TCS06". +*) +RECURSIVE XformOpsOps(_, _,_) +XformOpsOps(xform(_, _), ops1, ops2) == IF ops2 = <<>> THEN ops1 - ELSE XformOpsOps(XformOpsOp(ops1, Head(ops2)), Tail(ops2)) + ELSE XformOpsOps(xform, XformOpsOp(xform, ops1, Head(ops2)), Tail(ops2)) ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:13:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:45:16 CST 2018 by hengxin \* Created Sun Jun 24 15:57:48 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/OpOperators.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/OpOperators.tla old mode 100755 new mode 100644 index 6131506..2989bbe --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/OpOperators.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/OpOperators.tla @@ -1,39 +1,23 @@ ---------------------------- MODULE OpOperators ---------------------------- -(***************************************************************************) -(* Operators for Op. *) -(***************************************************************************) +(* +Operators for Op. +*) EXTENDS Naturals, Sequences, SequenceUtils - -Nop == PickNone(Nat) ----------------------------------------------------------------------------- -(*********************************************************************) -(* The "Apply" operator which applies an operation op on the list l. *) -(* *) -(* Del: If pos > Len(l), the last element of l is deleted. *) -(* This is realized by the DeleteElement operator. *) -(* Ins: If pos > Len(l), the new element is appended to l. *) -(* This is realized by the InsertElement operator. *) -(*********************************************************************) -Apply(op, l) == CASE op = Nop -> l - [] op.type = "Rd" -> l - [] op.type = "Del" -> DeleteElement(l, op.pos) - [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) -(*********************************************************************) -(* The "ApplyOps" operator which applies an operation sequence ops *) -(* on the list l. *) -(*********************************************************************) -RECURSIVE ApplyOps(_, _) +Nop == PickNone(Nat) + +Apply(op, l) == \* Apply an operation op on the list l. + CASE op = Nop -> l + [] op.type = "Rd" -> l + [] op.type = "Del" -> DeleteElement(l, op.pos) \* Last(l) is deleted if pos > Len(l) + [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) \* Append(l, ch) if pos > Len(l) + +RECURSIVE ApplyOps(_, _) \* Apply an operation sequence ops on the list l. ApplyOps(ops, l) == IF ops = <<>> THEN l ELSE Apply(Last(ops), ApplyOps(AllButLast(ops), l)) ------------------------------------------------------------------------------ -(*********************************************************************) -(* Check whether an operation op is legal with respect to the list l.*) -(*********************************************************************) -IsLegalOp(op, l) == CASE op.type = "Del" -> op.pos <= Len(l) - [] op.type = "Ins" -> op.pos <= Len(l) + 1 ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:14:35 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:21:16 CST 2018 by hengxin \* Created Tue Aug 28 14:58:54 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/SequenceUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/SequenceUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/SetUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/SetUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/StateSpace.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/StateSpace.tla new file mode 100644 index 0000000..0e6c4bf --- /dev/null +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/StateSpace.tla @@ -0,0 +1,64 @@ +----------------------------- MODULE StateSpace ----------------------------- +(* +The graph representation of n-ary ordered state spaces and 2D state spaces +used in CJupiter and XJupiter, respectively. +*) +EXTENDS JupiterCtx, GraphsUtil +----------------------------------------------------------------------------- +(* +A state space is a directed graph with labeled edges. +Each node is characterized by its context, a set of operations. +Each edge is labeled with an operation. +*) +IsSS(G) == + /\ IsGraph(G) + /\ G.node \subseteq (SUBSET Oid) + /\ G.edge \subseteq [from: G.node, to: G.node, cop: Cop] + +EmptySS == EmptyGraph +(* +Locate the node in a state space that matches the context ctx of cop. +*) +Locate(cop, ss) == CHOOSE n \in ss.node : n = cop.ctx +(* +Do transformation on state space. +Return the extra state space. +*) +xFormSS(cop, copprime) == + LET u == cop.ctx + v == u \cup {cop.oid} + uprime == u \cup {copprime.oid} + vprime == u \cup {cop.oid, copprime.oid} + cop2copprime == COT(cop, copprime) + copprime2cop == COT(copprime, cop) + IN [node |-> {u, v, uprime, vprime}, + edge |-> {[from |-> u, to |-> v, cop |-> cop], + [from |-> u, to |-> uprime, cop |-> copprime], + [from |-> v, to |-> vprime, cop |-> copprime2cop], + [from |-> uprime, to |-> vprime, cop |-> cop2copprime]}] +(* +Transform cop against cops (a sequence of cops) on state space. +Return the extra state space. +*) +xFormCopCopsSS(cop, cops) == + LET RECURSIVE xFormCopCopsSSHelper(_, _, _) + xFormCopCopsSSHelper(coph, copsh, xss) == \* xss: the eXtra state space + LET u == coph.ctx + v == u \cup {coph.oid} + uvSS == [node |-> {u, v}, edge |-> {[from |-> u, to |-> v, cop |-> coph]}] + IN IF copsh = <<>> THEN [lss |-> uvSS, xss |-> xss (+) uvSS] + ELSE LET copprimeh == Head(copsh) + uprime == u \cup {copprimeh.oid} + vprime == u \cup {coph.oid, copprimeh.oid} + coph2copprimeh == COT(coph, copprimeh) + copprimeh2coph == COT(copprimeh, coph) + IN xFormCopCopsSSHelper(coph2copprimeh, Tail(copsh), + xss (+) [node |-> {u, v}, + edge |-> {[from |-> u, to |-> v, cop |-> coph], + [from |-> u, to |-> uprime, cop |-> copprimeh], + [from |-> v, to |-> vprime, cop |-> copprimeh2coph]}]) + IN xFormCopCopsSSHelper(cop, cops, EmptySS) +============================================================================= +\* Modification History +\* Last modified Sun Dec 30 17:18:32 CST 2018 by hengxin +\* Created Wed Dec 19 18:15:25 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/XJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/XJupiter.tla old mode 100755 new mode 100644 index 81a2436..cf2d58a --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/XJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/XJupiter.tla @@ -4,37 +4,14 @@ Specification of the Jupiter protocol described in CSCW'2014 by Yi Xu, Chengzheng Sun, and Mo Li. We call it XJupiter, with 'X' for "Xu". *) -EXTENDS JupiterCtx, GraphsUtil +EXTENDS StateSpace ----------------------------------------------------------------------------- VARIABLES - (* - The 2D state spaces (ss, for short). - Each client maintains one 2D state space. - The server maintains n 2D state spaces, one for each client. - *) - c2ss, \* c2ss[c]: the 2D state space at client c \in Client + c2ss, \* c2ss[c]: the 2D state space (2ss, for short) at client c \in Client s2ss \* s2ss[c]: the 2D state space maintained by the Server for client c \in Client vars == <> ----------------------------------------------------------------------------- -(* -Direction flags for edges in 2D state spaces and OT. -*) -Local == 0 -Remote == 1 -(* -A 2D state space is a directed graph with labeled edges. -It is represented by a record with node field and edge field. -Each node is characterized by its context, a set of operations. -Each edge is labeled with an operation -and a direction flag indicating whether this edge is LOCAL or REMOTE. -For clarity, we denote edges by records instead of tuples. -*) -IsSS(G) == - /\ G = [node |-> G.node, edge |-> G.edge] - /\ G.node \subseteq (SUBSET Oid) - /\ G.edge \subseteq [from: G.node, to: G.node, cop: Cop, lr: {Local, Remote}] - TypeOK == /\ TypeOKInt /\ TypeOKCtx @@ -45,127 +22,85 @@ Init == /\ InitInt /\ InitCtx /\ Comm(Cop)!Init - /\ c2ss = [c \in Client |-> EmptyGraph] - /\ s2ss = [c \in Client |-> EmptyGraph] + /\ c2ss = [c \in Client |-> EmptySS] + /\ s2ss = [c \in Client |-> EmptySS] ----------------------------------------------------------------------------- -(* -Locate the node in the 2D state space ss which matches the context ctx of cop. -*) -Locate(cop, ss) == CHOOSE n \in ss.node : n = cop.ctx -(* -xForm: iteratively transform cop with a path -through the 2D state space ss at some client, -following the edges with the direction flag d. -*) -xForm(cop, ss, current, d) == +xForm(cop, ss, cur) == \* Transform cop with a path (i.e., operation sequence) through 2D state space ss. LET u == Locate(cop, ss) v == u \cup {cop.oid} - RECURSIVE xFormHelper(_, _, _, _, _) - \* 'h' stands for "helper"; xss: eXtra ss created during transformation - xFormHelper(uh, vh, coph, xss, xcoph) == - IF uh = current - THEN <> - ELSE LET e == CHOOSE e \in ss.edge: e.from = uh /\ e.lr = d - uprime == e.to + RECURSIVE xFormHelper(_, _, _, _) + xFormHelper(uh, vh, coph, xss) == \* xss: eXtra ss created during transformation + IF uh = cur THEN [xss |-> xss, xcop |-> coph] + ELSE LET e == CHOOSE e \in ss.edge: e.from = uh /\ ClientOf(e.cop) # ClientOf(cop) copprime == e.cop + uprime == e.to + vprime == vh \cup {copprime.oid} coph2copprime == COT(coph, copprime) copprime2coph == COT(copprime, coph) - vprime == vh \cup {copprime.oid} IN xFormHelper(uprime, vprime, coph2copprime, - [node |-> xss.node \cup {vprime}, - edge |-> xss.edge \cup {[from |-> vh, to |-> vprime, cop |-> copprime2coph, lr |-> d], - [from |-> uprime, to |-> vprime, cop |-> coph2copprime, lr |-> 1 - d]}], - coph2copprime) - IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop, lr |-> 1 - d]}], cop) + xss (+) [node |-> {vprime}, + edge |-> {[from |-> vh, to |-> vprime, cop |-> copprime2coph], + [from |-> uprime, to |-> vprime, cop |-> coph2copprime]}]) + IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) ----------------------------------------------------------------------------- -(* -Client c \in Client perform operation cop guided by the direction flag d. -*) -ClientPerform(cop, c, d) == - LET xform == xForm(cop, c2ss[c], ds[c], d) \* xform: <> - xss == xform[1] - xcop == xform[2] - IN /\ c2ss' = [c2ss EXCEPT ![c] = @ (+) xss] - /\ state' = [state EXCEPT ![c] = Apply(xcop.op, @)] -(* -Client c \in Client generates an operation op. -*) +ClientPerform(cop, c) == \* Client c \in Client perform operation cop. + LET xform == xForm(cop, c2ss[c], ds[c]) \* xform: [xss, xcop] + IN /\ c2ss' = [c2ss EXCEPT ![c] = @ (+) xform.xss] + /\ state' = [state EXCEPT ![c] = Apply(xform.xcop.op, @)] + DoOp(c, op) == LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] - IN /\ ClientPerform(cop, c, Remote) - /\ UpdateDS(c, cop) + IN /\ ClientPerform(cop, c) /\ Comm(Cop)!CSend(cop) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - Do(c) == /\ DoCtx(c) - /\ \/ DoIns(c) - \/ DoDel(c) + /\ DoInt(DoOp, c) /\ UNCHANGED s2ss -(* -Client c \in Client receives a message from the Server. -*) + Rev(c) == /\ Comm(Cop)!CRev(c) - /\ LET cop == Head(cincoming[c]) \* the received (transformed) operation - IN ClientPerform(cop, c, Local) + /\ ClientPerform(Head(cincoming[c]), c) /\ RevCtx(c) - /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -The Server performs operation cop. -*) + /\ RevInt(c) + /\ UNCHANGED s2ss + ServerPerform(cop) == - LET c == cop.oid.c + LET c == ClientOf(cop) scur == ds[Server] - xform == xForm(cop, s2ss[c], scur, Remote) \* xform: <> - xss == xform[1] - xcop == xform[2] + xform == xForm(cop, s2ss[c], scur) \* xform: [xss, xcop] + xcop == xform.xcop xcur == scur \cup {cop.oid} - IN /\ s2ss' = [cl \in Client |-> + IN /\ s2ss' = [cl \in Client |-> IF cl = c - THEN s2ss[cl] (+) xss + THEN s2ss[cl] (+) xform.xss ELSE s2ss[cl] (+) [node |-> {xcur}, - edge |-> {[from |-> scur, to |-> xcur, - cop |-> xcop, lr |-> Remote]}] - ] - /\ state' = [state EXCEPT ![Server] = Apply(xcop.op, @)] - /\ Comm(Cop)!SSendSame(c, xcop) \* broadcast the transformed operation -(* -The Server receives a message. -*) + edge |-> {[from |-> scur, to |-> xcur, cop |-> xcop]}] + ] + /\ state' = [state EXCEPT ![Server] = Apply(xcop.op, @)] + /\ Comm(Cop)!SSendSame(c, xcop) + SRev == /\ Comm(Cop)!SRev - /\ LET cop == Head(sincoming) - IN ServerPerform(cop) + /\ ServerPerform(Head(sincoming)) /\ SRevCtx - /\ UNCHANGED <> + /\ SRevInt + /\ UNCHANGED c2ss ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) \/ SRev -Fairness == +Fairness == \* There is no requirement that the clients ever generate operations. WF_vars(SRev \/ \E c \in Client: Rev(c)) Spec == Init /\ [][Next]_vars \* /\ Fairness ----------------------------------------------------------------------------- -(* -In Jupiter (not limited to XJupiter), each client synchronizes with the server. -In XJupiter, this is expressed as the following CSSync property. -*) -CSSync == +CSSync == \* Each client c \in Client is synchonized with the Server. \forall c \in Client: (ds[c] = ds[Server]) => c2ss[c] = s2ss[c] + +THEOREM Spec => []CSSync ============================================================================= \* Modification History -\* Last modified Wed Dec 19 11:41:44 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:46:54 CST 2018 by hengxin \* Created Tue Oct 09 16:33:18 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/XJupiterExtended.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/XJupiterExtended.tla old mode 100755 new mode 100644 index 9e1a5c3..bbf39e6 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/XJupiterExtended.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/CSSync/XJupiterExtended.tla @@ -1,21 +1,17 @@ -------------------------- MODULE XJupiterExtended -------------------------- (* -XJupiter extended with serial views. -This is used to show that XJupiter implements CJupiter. +XJupiter extended with serial views. This is used to show that XJupiter implements CJupiter. *) EXTENDS XJupiter, JupiterSerial ----------------------------------------------------------------------------- -VARIABLES - (* - Simulating the behavior of propagating original operations in CJupiter. - *) +VARIABLES \* Simulate the behavior of propagating original operations in CJupiter. cincomingCJ, \* cincoming for CJupiter which contains original operations \* instead of transformed ones in XJupiter sincomingCJ \* (not used) commCJVars == <> varsEx == <> ------------------------------------------------------------------------------ + commCJ == INSTANCE CSComm WITH Msg <- Seq(Cop), cincoming <- cincomingCJ, sincoming <- sincomingCJ ----------------------------------------------------------------------------- @@ -23,7 +19,7 @@ TypeOKEx == /\ TypeOK /\ commCJ!TypeOK /\ TypeOKSerial ------------------------------------------------------------------------------ + InitEx == /\ Init /\ commCJ!Init @@ -42,7 +38,7 @@ RevEx(c) == SRevEx == /\ SRev /\ LET cop == Head(sincoming) - c == cop.oid.c + c == ClientOf(cop) IN /\ commCJ!SSendSame(c, cop) /\ SRevSerial /\ UNCHANGED sincomingCJ @@ -57,5 +53,5 @@ FairnessEx == SpecEx == InitEx /\ [][NextEx]_varsEx \* /\ FairnessEx ============================================================================= \* Modification History -\* Last modified Sat Dec 15 18:01:37 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:52:00 CST 2018 by hengxin \* Created Tue Oct 30 20:32:27 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/XJupiterExtended.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/XJupiterExtended.pdf index 0c4f845..a23ec27 100755 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/XJupiterExtended.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/XJupiterExtended.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/XJupiterExtended.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/XJupiterExtended.tex index 545ac2d..e3f3942 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/XJupiterExtended.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterExtended.toolbox/XJupiterExtended.tex @@ -943,119 +943,117 @@ {\MODULE} XJupiterExtended}\moduleRightDash\@xx{}% \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% -\ensuremath{XJupiter} extended with serial views. - This is used to show that \ensuremath{XJupiter} implements - \ensuremath{CJupiter}. + \ensuremath{XJupiter} extended with serial views. This is used to show that + \ensuremath{XJupiter} implements \ensuremath{CJupiter}. \end{cpar}% \end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 6\hspace{1em}} {\EXTENDS} XJupiter ,\, + \@x{\makebox[0pt][r]{\scriptsize 5\hspace{1em}} {\EXTENDS} XJupiter ,\, JupiterSerial}% -\@x{\makebox[0pt][r]{\scriptsize 7\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 8\hspace{1em}} {\VARIABLES}}% -\begin{lcom}{15.0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% - Simulating the behavior of propagating original operations in +\@x{\makebox[0pt][r]{\scriptsize 6\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 7\hspace{1em}} {\VARIABLES}\@s{8.2}}% +\@y{\@s{0}% + Simulate the behavior of propagating original operations in \ensuremath{CJupiter}. -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 12\hspace{1em}}\@s{16.4} cincomingCJ ,\,}% +}% +\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 8\hspace{1em}}\@s{16.4} cincomingCJ ,\,}% \@y{\@s{0}% \ensuremath{cincoming} for \ensuremath{CJupiter} which contains original operations }% \@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 13\hspace{1em}}\@s{80.27}}% +\@x{\makebox[0pt][r]{\scriptsize 9\hspace{1em}}\@s{80.27}}% \@y{\@s{0}% instead of transformed ones in \ensuremath{XJupiter }}% \@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 14\hspace{1em}}\@s{16.4} + \@x{\makebox[0pt][r]{\scriptsize 10\hspace{1em}}\@s{16.4} sincomingCJ\@s{6.62}}% \@y{\@s{0}% (not used) }% \@xx{}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 16\hspace{1em}} commCJVars \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 12\hspace{1em}} commCJVars \.{\defeq} {\langle} cincomingCJ ,\, sincomingCJ {\rangle}}% - \@x{\makebox[0pt][r]{\scriptsize 17\hspace{1em}} varsEx \.{\defeq} {\langle} - commCJVars ,\, serialVars ,\, vars {\rangle}}% -\@x{\makebox[0pt][r]{\scriptsize 18\hspace{1em}}}\midbar\@xx{}% - \@x{\makebox[0pt][r]{\scriptsize 19\hspace{1em}} commCJ \.{\defeq} + \@x{\makebox[0pt][r]{\scriptsize 13\hspace{1em}} varsEx\@s{8.72} \.{\defeq} + {\langle} commCJVars ,\, serialVars ,\, vars {\rangle}}% +\@pvspace{8.0pt}% + \@x{\makebox[0pt][r]{\scriptsize 15\hspace{1em}} commCJ \.{\defeq} {\INSTANCE} CSComm {\WITH} Msg \.{\leftarrow} Seq ( Cop ) ,\,}% - \@x{\makebox[0pt][r]{\scriptsize 20\hspace{1em}}\@s{82.85} cincoming + \@x{\makebox[0pt][r]{\scriptsize 16\hspace{1em}}\@s{82.85} cincoming \.{\leftarrow} cincomingCJ ,\, sincoming \.{\leftarrow} sincomingCJ}% -\@x{\makebox[0pt][r]{\scriptsize 21\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 22\hspace{1em}} TypeOKEx \.{\defeq}}% -\@x{\makebox[0pt][r]{\scriptsize 23\hspace{1em}}\@s{16.4} \.{\land} TypeOK}% - \@x{\makebox[0pt][r]{\scriptsize 24\hspace{1em}}\@s{16.4} \.{\land} commCJ +\@x{\makebox[0pt][r]{\scriptsize 17\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 18\hspace{1em}} TypeOKEx \.{\defeq}}% +\@x{\makebox[0pt][r]{\scriptsize 19\hspace{1em}}\@s{16.4} \.{\land} TypeOK}% + \@x{\makebox[0pt][r]{\scriptsize 20\hspace{1em}}\@s{16.4} \.{\land} commCJ {\bang} TypeOK}% - \@x{\makebox[0pt][r]{\scriptsize 25\hspace{1em}}\@s{16.4} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 21\hspace{1em}}\@s{16.4} \.{\land} TypeOKSerial}% -\@x{\makebox[0pt][r]{\scriptsize 26\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 27\hspace{1em}} InitEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} +\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 23\hspace{1em}} InitEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 24\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} Init}% - \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 25\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} commCJ {\bang} Init}% - \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} + \@x{\makebox[0pt][r]{\scriptsize 26\hspace{1em}}\@s{16.4} \.{\land}\@s{0.98} InitSerial}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 32\hspace{1em}} DoEx ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}}\@s{25.28} \.{\land} Do ( c +\@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}} DoEx ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}}\@s{25.28} \.{\land} Do ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{25.28} \.{\land} DoSerial + \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{25.28} \.{\land} DoSerial ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}}\@s{25.28} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 31\hspace{1em}}\@s{25.28} \.{\land} {\UNCHANGED} commCJVars}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}} RevEx ( c ) \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}}\@s{16.4} \.{\land} Rev ( c +\@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}} RevEx ( c ) \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{16.4} \.{\land} Rev ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}}\@s{16.4} \.{\land} commCJ + \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}}\@s{16.4} \.{\land} commCJ {\bang} CRev ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}}\@s{16.4} \.{\land} RevSerial + \@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}}\@s{16.4} \.{\land} RevSerial ( c )}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}} SRevEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} +\@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}} SRevEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 39\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} SRev}% - \@x{\makebox[0pt][r]{\scriptsize 44\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + \@x{\makebox[0pt][r]{\scriptsize 40\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} \.{\LET} cop \.{\defeq} Head ( sincoming )}% - \@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}}\@s{62.83} c\@s{1.57} - \.{\defeq} cop . oid . c}% - \@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}}\@s{34.23} \.{\IN} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 41\hspace{1em}}\@s{62.83} c\@s{1.57} + \.{\defeq} ClientOf ( cop )}% + \@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}}\@s{34.23} \.{\IN} \.{\land} commCJ {\bang} SSendSame ( c ,\, cop )}% - \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + \@x{\makebox[0pt][r]{\scriptsize 43\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} SRevSerial}% - \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} + \@x{\makebox[0pt][r]{\scriptsize 44\hspace{1em}}\@s{16.4} \.{\land}\@s{6.72} {\UNCHANGED} sincomingCJ}% -\@x{\makebox[0pt][r]{\scriptsize 49\hspace{1em}}}\midbar\@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}} NextEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} +\@x{\makebox[0pt][r]{\scriptsize 45\hspace{1em}}}\midbar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 46\hspace{1em}} NextEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 47\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} \E\, c \.{\in} Client \.{:} DoEx ( c ) \.{\lor} RevEx ( c )}% - \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} + \@x{\makebox[0pt][r]{\scriptsize 48\hspace{1em}}\@s{16.4} \.{\lor}\@s{5.10} SRevEx}% \@pvspace{8.0pt}% -\@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}} FairnessEx \.{\defeq}}% - \@x{\makebox[0pt][r]{\scriptsize 55\hspace{1em}}\@s{16.4} \.{\land} {\WF}_{ +\@x{\makebox[0pt][r]{\scriptsize 50\hspace{1em}} FairnessEx \.{\defeq}}% + \@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}\@s{16.4} \.{\land} {\WF}_{ varsEx} ( SRevEx \.{\lor} \E\, c \.{\in} Client \.{:} RevEx ( c ) )}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 57\hspace{1em}} SpecEx \.{\defeq} InitEx + \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}} SpecEx \.{\defeq} InitEx \.{\land} {\Box} [ NextEx ]_{ varsEx}}% \@y{\@s{0}% \ensuremath{\.{\land} FairnessEx }}% \@xx{}% -\@x{\makebox[0pt][r]{\scriptsize 58\hspace{1em}}}\bottombar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 54\hspace{1em}}}\bottombar\@xx{}% \setboolean{shading}{false} \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Modification History \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Last modified Sat \ensuremath{Dec} 15 - 18:01:37 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} + \ensuremath{Dec} 31 20:52:00 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.pdf index 5b1fac5..55110a2 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.tla index 0bc8d5a..49becda 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.tla @@ -26,20 +26,15 @@ FairnessH == SpecH == InitH /\ [][NextH]_varsH \* /\ FairnessH ------------------------------------------------------------- -(* -Weak List Consistency (WLSpec) -*) -WLSpec == Comm(Cop)!EmptyChannel - => \A l1, l2 \in list: - /\ Injective(l1) - /\ Injective(l2) - /\ Compatible(l1, l2) +WLSpec == \* The weak list specification + Comm(Cop)!EmptyChannel + => \A l1, l2 \in list: + /\ Injective(l1) + /\ Injective(l2) + /\ Compatible(l1, l2) THEOREM SpecH => WLSpec -(* -Strong List Consistency (SLSpec) -*) ============================================================================= \* Modification History -\* Last modified Sat Dec 15 17:53:03 CST 2018 by hengxin +\* Last modified Mon Dec 31 21:10:03 CST 2018 by hengxin \* Created Wed Oct 10 15:40:13 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/.project b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/.project index c6d80d0..0c6d45d 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/.project +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/.project @@ -18,52 +18,62 @@ CSComm.tla 1 - /home/hengxin/hfwei/github-projects-public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/CSComm.tla + PARENT-1-PROJECT_LOC/CSComm.tla FunctionUtils.tla 1 - /home/hengxin/hfwei/github-projects-public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/FunctionUtils.tla + PARENT-1-PROJECT_LOC/FunctionUtils.tla + + + GraphsUtil.tla + 1 + /home/hengxin/Git-Projects/github-projects/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/GraphsUtil.tla JupiterCtx.tla 1 - /home/hengxin/hfwei/github-projects-public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterCtx.tla + PARENT-1-PROJECT_LOC/JupiterCtx.tla JupiterInterface.tla 1 - /home/hengxin/hfwei/github-projects-public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/JupiterInterface.tla + PARENT-1-PROJECT_LOC/JupiterInterface.tla OT.tla 1 - /home/hengxin/hfwei/github-projects-public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/OT.tla + PARENT-1-PROJECT_LOC/OT.tla OpOperators.tla 1 - /home/hengxin/hfwei/github-projects-public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/OpOperators.tla + PARENT-1-PROJECT_LOC/OpOperators.tla SequenceUtils.tla 1 - /home/hengxin/hfwei/github-projects-public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/SequenceUtils.tla + PARENT-1-PROJECT_LOC/SequenceUtils.tla SetUtils.tla 1 - /home/hengxin/hfwei/github-projects-public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/SetUtils.tla + PARENT-1-PROJECT_LOC/SetUtils.tla + + + StateSpace.tla + 1 + /home/hengxin/Git-Projects/github-projects/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/StateSpace.tla TLCUtils.tla 1 - /home/hengxin/hfwei/github-projects-public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/TLCUtils.tla + PARENT-1-PROJECT_LOC/TLCUtils.tla XJupiter.tla 1 - /home/hengxin/hfwei/github-projects-public/tlaplus-lamport-projects/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiter.tla + PARENT-1-PROJECT_LOC/XJupiter.tla XJupiterH.tla diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/XJupiterH.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/XJupiterH.pdf index 5b1fac5..55110a2 100755 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/XJupiterH.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/XJupiterH.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/XJupiterH.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/XJupiterH.tex index fb2b241..46af6be 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/XJupiterH.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterH.toolbox/XJupiterH.tex @@ -985,38 +985,33 @@ }}% \@xx{}% \@x{\makebox[0pt][r]{\scriptsize 28\hspace{1em}}}\midbar\@xx{}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Weak \ensuremath{List} Consistency (\ensuremath{WLSpec}) -\end{cpar}% -\end{lcom}% - \@x{\makebox[0pt][r]{\scriptsize 32\hspace{1em}} WLSpec \.{\defeq} Comm ( Cop - ) {\bang} EmptyChannel}% - \@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}}\@s{62.82} \.{\implies} \A\, +\@x{\makebox[0pt][r]{\scriptsize 29\hspace{1em}} WLSpec \.{\defeq}}% +\@y{\@s{0}% + The weak list specification +}% +\@xx{}% + \@x{\makebox[0pt][r]{\scriptsize 30\hspace{1em}}\@s{16.4} Comm ( Cop ) + {\bang} EmptyChannel}% + \@x{\makebox[0pt][r]{\scriptsize 31\hspace{1em}}\@s{45.78} \.{\implies} \A\, l1 ,\, l2 \.{\in} list \.{:}}% - \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{82.48} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 32\hspace{1em}}\@s{65.44} \.{\land} Injective ( l1 )}% - \@x{\makebox[0pt][r]{\scriptsize 35\hspace{1em}}\@s{82.48} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 33\hspace{1em}}\@s{65.44} \.{\land} Injective ( l2 )}% - \@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}}\@s{82.48} \.{\land} + \@x{\makebox[0pt][r]{\scriptsize 34\hspace{1em}}\@s{65.44} \.{\land} Compatible ( l1 ,\, l2 )}% \@pvspace{8.0pt}% - \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}} {\THEOREM} SpecH + \@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}} {\THEOREM} SpecH \.{\implies} WLSpec}% -\begin{lcom}{0}% -\begin{cpar}{0}{F}{F}{0}{0}{}% -Strong \ensuremath{List} Consistency (\ensuremath{SLSpec}) -\end{cpar}% -\end{lcom}% -\@x{\makebox[0pt][r]{\scriptsize 42\hspace{1em}}}\bottombar\@xx{}% +\@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}}}\bottombar\@xx{}% \setboolean{shading}{false} \begin{lcom}{0}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Modification History \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% - \ensuremath{\.{\,\backslash\,}}* Last modified Sat \ensuremath{Dec} 15 - 17:53:03 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} + \ensuremath{Dec} 31 21:10:03 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.pdf index d93452a..0abcafe 100644 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.tla index 244c0e7..e0daa7a 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.tla @@ -15,7 +15,7 @@ TypeOKImpl == /\ TypeOKEx /\ \A oid \in DOMAIN op2ss: oid \in Oid /\ IsSS(op2ss[oid]) /\ \A c \in Client: IsSS(c2ssX[c]) ------------------------------------------------------------------------------ + InitImpl == /\ InitEx /\ op2ss = <<>> @@ -34,7 +34,7 @@ RevImpl(c) == SRevImpl == /\ SRevEx /\ LET cop == Head(sincoming) - c == cop.oid.c + c == ClientOf(cop) xform == xForm(cop, s2ss[c], ds[Server]) \* TODO: performance!!! ss == xform.xss IN op2ss' = op2ss @@ (cop.oid :> [node |-> ss.node, edge |-> ss.edge]) @@ -48,7 +48,7 @@ FairnessImpl == /\ WF_varsImpl(SRevImpl \/ \E c \in Client: RevImpl(c)) SpecImpl == InitImpl /\ [][NextImpl]_varsImpl \* /\ FairnessImpl - +----------------------------------------------------------------------------- CJ == INSTANCE CJupiter WITH cincoming <- cincomingCJ, \* sincoming needs no substitution css <- [r \in Replica |-> @@ -59,5 +59,5 @@ CJ == INSTANCE CJupiter THEOREM SpecImpl => CJ!Spec ============================================================================= \* Modification History -\* Last modified Mon Dec 31 11:09:14 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:55:05 CST 2018 by hengxin \* Created Fri Oct 26 15:00:19 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/CJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/CJupiter.tla old mode 100755 new mode 100644 index a59c78e..46c06a5 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/CJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/CJupiter.tla @@ -32,69 +32,45 @@ xForm(cop, r) == u == Locate(cop, rcss) v == u \cup {cop.oid} RECURSIVE xFormHelper(_, _, _, _) - \* 'h' stands for "helper"; xcss: eXtra css created during transformation - xFormHelper(uh, vh, coph, xcss) == - IF uh = ds[r] - THEN [xcss |-> xcss, xcop |-> coph] + xFormHelper(uh, vh, coph, xcss) == \* xcss: eXtra css created during transformation + IF uh = ds[r] THEN [xcss |-> xcss, xcop |-> coph] ELSE LET fedge == CHOOSE e \in rcss.edge: /\ e.from = uh - /\ \A uhe \in rcss.edge: - (uhe.from = uh /\ uhe # e) => tb(e.cop.oid, uhe.cop.oid, serial[r]) + /\ \A uhe \in rcss.edge \ {e}: + (uhe.from = uh) => tb(e.cop.oid, uhe.cop.oid, serial[r]) uprime == fedge.to fcop == fedge.cop coph2fcop == COT(coph, fcop) fcop2coph == COT(fcop, coph) vprime == vh \cup {fcop.oid} - IN xFormHelper(uprime, vprime, coph2fcop, + IN xFormHelper(uprime, vprime, coph2fcop, xcss (+) [node |-> {vprime}, edge |-> {[from |-> vh, to |-> vprime, cop |-> fcop2coph], [from |-> uprime, to |-> vprime, cop |-> coph2fcop]}]) - IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) -(* -Perform cop at replica r \in Replica. -*) -Perform(cop, r) == + IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) + +Perform(cop, r) == \* Perform cop at replica r \in Replica. LET xform == xForm(cop, r) \* xform: [xcss, xcop] IN /\ css' = [css EXCEPT ![r] = @ (+) xform.xcss] /\ state' = [state EXCEPT ![r] = Apply(xform.xcop.op, @)] ----------------------------------------------------------------------------- -(* -Client c \in Client issues an operation op. -*) -DoOp(c, op) == \* op: the raw operation generated by the client c \in Client +DoOp(c, op) == /\ LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] IN /\ Perform(cop, c) - /\ UpdateDS(c, cop) /\ Comm(Cop)!CSend(cop) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - Do(c) == /\ DoCtx(c) /\ DoSerial(c) - /\ \/ DoIns(c) - \/ DoDel(c) -(* -Client c \in Client receives a message from the Server. -*) + /\ DoInt(DoOp, c) + Rev(c) == /\ Comm(Cop)!CRev(c) /\ Perform(Head(cincoming[c]), c) /\ RevSerial(c) /\ RevCtx(c) - /\ UNCHANGED chins ------------------------------------------------------------------------------ -(* -The Server receives a message. -*) + /\ RevInt(c) + SRev == /\ Comm(Cop)!SRev /\ LET cop == Head(sincoming) @@ -102,27 +78,22 @@ SRev == /\ Comm(Cop)!SSendSame(cop.oid.c, cop) \* broadcast the original operation /\ SRevSerial /\ SRevCtx - /\ UNCHANGED chins + /\ SRevInt ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) \/ SRev -(* -Fairness: There is no requirement that the clients ever generate operations. -*) -Fairness == + +Fairness == \* There is no requirement that the clients ever generate operations. WF_vars(SRev \/ \E c \in Client: Rev(c)) Spec == Init /\ [][Next]_vars \* /\ Fairness (We care more about safety.) ----------------------------------------------------------------------------- -(* -The compactness of CJupiter: the CSSes at all replicas are the same. -*) -Compactness == +Compactness == \* Compactness of CJupiter: the CSSes at all replicas are the same. Comm(Cop)!EmptyChannel => Cardinality(Range(css)) = 1 THEOREM Spec => Compactness ============================================================================= \* Modification History -\* Last modified Mon Dec 24 11:28:51 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:36:31 CST 2018 by hengxin \* Created Sat Sep 01 11:08:00 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/CSComm.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/CSComm.tla old mode 100755 new mode 100644 index 7a0691d..7cd4728 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/CSComm.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/CSComm.tla @@ -5,9 +5,9 @@ Specification of communication in a Client-Server system model. EXTENDS SequenceUtils ----------------------------------------------------------------------------- CONSTANTS - Client, \* the set of clients - Server, \* the (unique) server - Msg \* the set of possible messages + Client, \* the set of clients + Server, \* the (unique) server + Msg \* the set of messages ----------------------------------------------------------------------------- VARIABLES cincoming, \* cincoming[c]: incoming channel at client c \in Client @@ -23,44 +23,32 @@ Init == EmptyChannel == Init ----------------------------------------------------------------------------- -(* -A client sends a message msg to the Server. -*) -CSend(msg) == +CSend(msg) == \* A client sends a message msg to the Server. /\ sincoming' = Append(sincoming, msg) /\ UNCHANGED cincoming -(* -Client c receives a message from the Server. -*) -CRev(c) == + +CRev(c) == \* Client c receives and consumes a message from the Server. /\ cincoming[c] # <<>> - /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] \* consume a message + /\ cincoming' = [cincoming EXCEPT ![c] = Tail(@)] /\ UNCHANGED sincoming ----------------------------------------------------------------------------- (* SRev/SSend below is often used as a subaction. No UNCHANGED in their definitions. *) -(* -The Server receives a message. -*) -SRev == +SRev == \* The Server receives and consumes a message. /\ sincoming # <<>> - /\ sincoming' = Tail(sincoming) \* consume a message -(* -The Server sents a message cmsg to each client other than c \in Client. -*) -SSend(c, cmsg) == + /\ sincoming' = Tail(sincoming) + +SSend(c, cmsg) == \* The Server sents a message cmsg to each client other than c \in Client. /\ cincoming' = [cl \in Client |-> IF cl = c THEN cincoming[cl] ELSE Append(cincoming[cl], cmsg[cl])] -(* -The Server broadcasts the same message msg to all Clients other than c \in Client. -*) -SSendSame(c, msg) == + +SSendSame(c, msg) == \* The Server broadcasts the message msg to all clients other than c \in Client. /\ SSend(c, [cl \in Client |-> msg]) ============================================================================= \* Modification History -\* Last modified Tue Dec 04 20:49:02 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:04:29 CST 2018 by hengxin \* Created Sun Jun 24 10:25:34 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/FunctionUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/FunctionUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/GraphsUtil.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/GraphsUtil.tla old mode 100755 new mode 100644 index 83ecccd..823e17a --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/GraphsUtil.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/GraphsUtil.tla @@ -1,9 +1,5 @@ ----------------------------- MODULE GraphsUtil ----------------------------- (* -A module that defines graphs and the operations on them. -*) ------------------------------------------------------------------------------ -(* A graph is a pair consisting of a set of nodes and a set of directed edges, each of which is a pair of nodes. It is represented by a record with node field and edge field. @@ -17,5 +13,5 @@ g (+) h == \* A union (in terms of set) of two graphs g and h. [node |-> g.node \cup h.node, edge |-> g.edge \cup h.edge] ============================================================================= \* Modification History -\* Last modified Wed Dec 19 18:22:46 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:47:39 CST 2018 by hengxin \* Created Wed Dec 19 11:11:25 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterCtx.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterCtx.tla old mode 100755 new mode 100644 index a4eed49..151b007 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterCtx.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterCtx.tla @@ -19,8 +19,8 @@ ClientOf(cop) == cop.oid.c COT(lcop, rcop) == \* OT of two Cop(s). [lcop EXCEPT !.op = Xform(lcop.op, rcop.op), !.ctx = @ \cup {rcop.oid}] -UpdateDS(r, cop) == \* update ds to include new Cop (in terms of oid) - ds' = [ds EXCEPT ![r] = @ \cup {cop.oid}] +UpdateDS(r, oid) == \* update ds[r] to include new oid \in Oid + ds' = [ds EXCEPT ![r] = @ \cup {oid}] ----------------------------------------------------------------------------- TypeOKCtx == /\ cseq \in [Client -> Nat] @@ -32,16 +32,16 @@ InitCtx == DoCtx(c) == /\ cseq' = [cseq EXCEPT ![c] = @ + 1] - \* /\ don't know the generated cop; no way to update ds + /\ UpdateDS(c, [c |-> c, seq |-> cseq'[c]]) RevCtx(c) == - /\ UpdateDS(c, Head(cincoming[c])) + /\ UpdateDS(c, Head(cincoming[c]).oid) /\ UNCHANGED cseq SRevCtx == - /\ UpdateDS(Server, Head(sincoming)) + /\ UpdateDS(Server, Head(sincoming).oid) /\ UNCHANGED cseq ============================================================================= \* Modification History -\* Last modified Wed Dec 19 18:05:26 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:52:44 CST 2018 by hengxin \* Created Wed Dec 05 20:03:50 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterInterface.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterInterface.tla old mode 100755 new mode 100644 index d39304a..148bcf2 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterInterface.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterInterface.tla @@ -6,9 +6,9 @@ the interface of a family of Jupiter specs. EXTENDS Integers, SequenceUtils, OT ----------------------------------------------------------------------------- CONSTANTS + Char, \* the set of characters Client, \* the set of client replicas Server, \* the (unique) server replica - Char, \* the set of characters allowed to be inserted InitState \* the initial state of each replica ASSUME \* We assume that all inserted elements are unique. @@ -32,14 +32,6 @@ MaxLen == Cardinality(Char) + Len(InitState) \* the max length of lists in any s ClientNum == Cardinality(Client) Priority == CHOOSE f \in [Client -> 1 .. ClientNum] : Injective(f) ----------------------------------------------------------------------------- -TypeOKInt == - /\ state \in [Replica -> List] - /\ chins \subseteq Char - -InitInt == - /\ state = [r \in Replica |-> InitState] - /\ chins = Char ------------------------------------------------------------------------------ (* The set of all operations. Note: The positions are indexed from 1. *) @@ -48,7 +40,37 @@ Del == [type: {"Del"}, pos: 1 .. MaxLen] Ins == [type: {"Ins"}, pos: 1 .. (MaxLen + 1), ch: Char, pr: 1 .. ClientNum] \* pr: priority Op == Ins \cup Del \* Now we don't consider Rd operations +----------------------------------------------------------------------------- +TypeOKInt == + /\ state \in [Replica -> List] + /\ chins \subseteq Char + +InitInt == + /\ state = [r \in Replica |-> InitState] + /\ chins = Char + +DoIns(DoOp(_, _), c) == \* Client c \in Client generates an "Ins" operation. + \E ins \in {op \in Ins: + /\ op.pos \in 1 .. (Len(state[c]) + 1) + /\ op.ch \in chins /\ op.pr = Priority[c]}: + /\ DoOp(c, ins) + /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. + +DoDel(DoOp(_, _), c) == \* Client c \in Client generates a "Del" operation. + \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: + /\ DoOp(c, del) + /\ UNCHANGED chins + +DoInt(DoOp(_, _), c) == \* Client c \in Client issues an operation. + \/ DoIns(DoOp, c) + \/ DoDel(DoOp, c) + +RevInt(c) == \* Client c \in Client receives a message from the Server. + /\UNCHANGED chins + +SRevInt == \* The Server receives a message. + /\ UNCHANGED chins ============================================================================= \* Modification History -\* Last modified Wed Dec 12 20:20:43 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:27:25 CST 2018 by hengxin \* Created Tue Dec 04 19:01:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterSerial.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterSerial.tla old mode 100755 new mode 100644 index d766fce..d3bd0bd --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterSerial.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/JupiterSerial.tla @@ -30,7 +30,7 @@ commSerial == INSTANCE CSComm WITH Msg <- Seq(Oid), TypeOKSerial == /\ serial \in [Replica -> Seq(Oid)] /\ commSerial!TypeOK ------------------------------------------------------------------------------ + InitSerial == /\ serial = [r \in Replica |-> <<>>] /\ commSerial!Init @@ -44,10 +44,10 @@ RevSerial(c) == SRevSerial == /\ LET cop == Head(sincoming) - IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] + IN /\ serial' = [serial EXCEPT ![Server] = Append(@, cop.oid)] /\ commSerial!SSendSame(cop.oid.c, serial'[Server]) /\ UNCHANGED <> ============================================================================= \* Modification History -\* Last modified Wed Dec 12 21:04:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 18:54:56 CST 2018 by hengxin \* Created Wed Dec 05 21:03:01 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/MC.cfg b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/MC.cfg index e0aea46..6864e49 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/MC.cfg +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/MC.cfg @@ -8,24 +8,24 @@ c1 = c1 c2 = c2 \* MV CONSTANT definitions CONSTANT -Char <- const_154562305969851000 +Char <- const_154626095804023000 \* MV CONSTANT definitions CONSTANT -Client <- const_154562305969852000 +Client <- const_154626095804024000 \* CONSTANT declarations CONSTANT Server = Server \* SYMMETRY definition -SYMMETRY symm_154562305969853000 +SYMMETRY symm_154626095804025000 \* CONSTANT definitions CONSTANT -InitState <- const_154562305969954000 +InitState <- const_154626095804026000 \* CONSTANT definition CONSTANT -Nop <- [OpOperators]def_ov_154562305969955000 def_ov_154562305969955000 = Nop +Nop <- [OpOperators]def_ov_154626095804027000 def_ov_154626095804027000 = Nop \* SPECIFICATION definition SPECIFICATION -spec_154562305969956000 +spec_154626095804028000 \* PROPERTY definition PROPERTY -prop_154562305969957000 -\* Generated on Mon Dec 24 11:44:19 CST 2018 \ No newline at end of file +prop_154626095804029000 +\* Generated on Mon Dec 31 20:55:58 CST 2018 \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/MC.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/MC.tla index 2a5491b..7c6dcaa 100644 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/MC.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/MC.tla @@ -12,36 +12,36 @@ c1, c2 ---- \* MV CONSTANT definitions Char -const_154562305969851000 == +const_154626095804023000 == {a, b} ---- \* MV CONSTANT definitions Client -const_154562305969852000 == +const_154626095804024000 == {c1, c2} ---- \* SYMMETRY definition -symm_154562305969853000 == -Permutations(const_154562305969851000) +symm_154626095804025000 == +Permutations(const_154626095804023000) ---- \* CONSTANT definitions @modelParameterConstants:1InitState -const_154562305969954000 == +const_154626095804026000 == <<>> ---- \* CONSTANT definition @modelParameterDefinitions:0 -CONSTANT def_ov_154562305969955000 +CONSTANT def_ov_154626095804027000 ---- \* SPECIFICATION definition @modelBehaviorSpec:0 -spec_154562305969956000 == +spec_154626095804028000 == SpecImpl ---- \* PROPERTY definition @modelCorrectnessProperties:0 -prop_154562305969957000 == +prop_154626095804029000 == CJ!Spec ---- ============================================================================= \* Modification History -\* Created Mon Dec 24 11:44:19 CST 2018 by hengxin +\* Created Mon Dec 31 20:55:58 CST 2018 by hengxin diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/OT.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/OT.tla old mode 100755 new mode 100644 index 0290846..4980ff3 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/OT.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/OT.tla @@ -1,21 +1,11 @@ --------------------------------- MODULE OT --------------------------------- -(***************************************************************************) -(* Specification of OT (Operational Transformation) functions. *) -(* It consists of the basic OT functions for two operations and *) -(* more general ones involving operation sequences. *) -(***************************************************************************) +(* +This module contains the basic OT (Operational Transformation) functions +for two operations and general ones involving operation sequences. +*) EXTENDS OpOperators, SetUtils ----------------------------------------------------------------------------- -(***************************************************************************) -(* OT (Operational Transformation) functions. *) -(* *) -(* Naming convention: I for "Ins" and D for "Del". *) -(***************************************************************************) - -(***************************************************************************) -(* The left "Ins" lins transformed against the right "Ins" rins. *) -(***************************************************************************) -XformII(lins, rins) == +XformII(lins, rins) == \* lins is transformed against rins IF lins.pos < rins.pos THEN lins ELSE IF lins.pos > rins.pos @@ -26,89 +16,58 @@ XformII(lins, rins) == THEN [lins EXCEPT !.pos = @+1] ELSE lins -(***************************************************************************) -(* The left "Ins" ins transformed against the right "Del" del. *) -(***************************************************************************) -XformID(ins, del) == +XformID(ins, del) == \* ins is transformed against del IF ins.pos <= del.pos THEN ins ELSE [ins EXCEPT !.pos = @-1] -(***************************************************************************) -(* The left "Del" del transformed against the right "Ins" ins. *) -(***************************************************************************) -XformDI(del, ins) == +XformDI(del, ins) == \* del is transformed against ins IF del.pos < ins.pos THEN del ELSE [del EXCEPT !.pos = @+1] -(***************************************************************************) -(* The left "Del" ldel transformed against the right "Del" rdel. *) -(***************************************************************************) -XformDD(ldel, rdel) == +XformDD(ldel, rdel) == \* ldel is transformed against rdel IF ldel.pos < rdel.pos THEN ldel ELSE IF ldel.pos > rdel.pos THEN [ldel EXCEPT !.pos = @-1] ELSE Nop ------------------------------------------------------------------------------ -(***************************************************************************) -(* Transform the left operation lop against the right operation rop *) -(* with appropriate OT function. *) -(***************************************************************************) -Xform(lop, rop) == + +Xform(lop, rop) == \* lop is transformed against rop CASE lop = Nop \/ rop = Nop -> lop [] lop.type = "Ins" /\ rop.type = "Ins" -> XformII(lop, rop) [] lop.type = "Ins" /\ rop.type = "Del" -> XformID(lop, rop) [] lop.type = "Del" /\ rop.type = "Ins" -> XformDI(lop, rop) [] lop.type = "Del" /\ rop.type = "Del" -> XformDD(lop, rop) ----------------------------------------------------------------------------- -(***************************************************************************) -(* Generalized OT functions on operation sequences. *) -(***************************************************************************) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(***************************************************************************) -RECURSIVE XformOpOps(_,_) -XformOpOps(op, ops) == - IF ops = <<>> - THEN op - ELSE XformOpOps(Xform(op, Head(ops)), Tail(ops)) - -(***************************************************************************) -(* Iteratively/recursively transforms the operation op *) -(* against an operation sequence ops. *) -(* Being different from XformOpOps, *) -(* XformOpOpsX maintains the intermediate transformed operation *) -(***************************************************************************) -RECURSIVE XformOpOpsX(_,_) -XformOpOpsX(op, ops) == - IF ops = <<>> - THEN <> - ELSE <> \o XformOpOpsX(Xform(op, Head(ops)), Tail(ops)) +(* +Generalized OT functions on operation sequences. +*) +RECURSIVE XformOpOps(_, _, _) +XformOpOps(xform(_,_), op, ops) == \* Transform an operation op against an operation sequence ops. + IF ops = <<>> + THEN op + ELSE XformOpOps(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms the operation sequence ops *) -(* against an operation op. *) -(***************************************************************************) -XformOpsOp(ops, op) == - LET opX == XformOpOpsX(op, ops) - IN [i \in 1 .. Len(ops) |-> Xform(ops[i], opX[i])] +RECURSIVE XformOpOpsX(_, _,_) +XformOpOpsX(xform(_, _), op, ops) == \* Transform an operation op against an operation sequence ops. + IF ops = <<>> + THEN <> \* Maintain and return the intermediate transformed operations. + ELSE <> \o XformOpOpsX(xform, xform(op, Head(ops)), Tail(ops)) -(***************************************************************************) -(* Iteratively/recursively transforms an operation sequence ops1 *) -(* against another operation sequence ops2. *) -(* *) -(* See also Definition 2.13 of the paper "Imine @ TCS06". *) -(***************************************************************************) -RECURSIVE XformOpsOps(_,_) -XformOpsOps(ops1, ops2) == +XformOpsOp(xform(_, _), ops, op) == \* Transform an operation sequence ops against an operation op. + LET opX == XformOpOpsX(xform, op, ops) + IN [i \in 1 .. Len(ops) |-> xform(ops[i], opX[i])] +(* +Transforms an operation sequence ops1 against another operation sequence ops2; +see Definition 2.13 of the paper "Imine@TCS06". +*) +RECURSIVE XformOpsOps(_, _,_) +XformOpsOps(xform(_, _), ops1, ops2) == IF ops2 = <<>> THEN ops1 - ELSE XformOpsOps(XformOpsOp(ops1, Head(ops2)), Tail(ops2)) + ELSE XformOpsOps(xform, XformOpsOp(xform, ops1, Head(ops2)), Tail(ops2)) ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:13:36 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:45:16 CST 2018 by hengxin \* Created Sun Jun 24 15:57:48 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/OpOperators.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/OpOperators.tla old mode 100755 new mode 100644 index 6131506..2989bbe --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/OpOperators.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/OpOperators.tla @@ -1,39 +1,23 @@ ---------------------------- MODULE OpOperators ---------------------------- -(***************************************************************************) -(* Operators for Op. *) -(***************************************************************************) +(* +Operators for Op. +*) EXTENDS Naturals, Sequences, SequenceUtils - -Nop == PickNone(Nat) ----------------------------------------------------------------------------- -(*********************************************************************) -(* The "Apply" operator which applies an operation op on the list l. *) -(* *) -(* Del: If pos > Len(l), the last element of l is deleted. *) -(* This is realized by the DeleteElement operator. *) -(* Ins: If pos > Len(l), the new element is appended to l. *) -(* This is realized by the InsertElement operator. *) -(*********************************************************************) -Apply(op, l) == CASE op = Nop -> l - [] op.type = "Rd" -> l - [] op.type = "Del" -> DeleteElement(l, op.pos) - [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) -(*********************************************************************) -(* The "ApplyOps" operator which applies an operation sequence ops *) -(* on the list l. *) -(*********************************************************************) -RECURSIVE ApplyOps(_, _) +Nop == PickNone(Nat) + +Apply(op, l) == \* Apply an operation op on the list l. + CASE op = Nop -> l + [] op.type = "Rd" -> l + [] op.type = "Del" -> DeleteElement(l, op.pos) \* Last(l) is deleted if pos > Len(l) + [] op.type = "Ins" -> InsertElement(l, op.ch, op.pos) \* Append(l, ch) if pos > Len(l) + +RECURSIVE ApplyOps(_, _) \* Apply an operation sequence ops on the list l. ApplyOps(ops, l) == IF ops = <<>> THEN l ELSE Apply(Last(ops), ApplyOps(AllButLast(ops), l)) ------------------------------------------------------------------------------ -(*********************************************************************) -(* Check whether an operation op is legal with respect to the list l.*) -(*********************************************************************) -IsLegalOp(op, l) == CASE op.type = "Del" -> op.pos <= Len(l) - [] op.type = "Ins" -> op.pos <= Len(l) + 1 ============================================================================= \* Modification History -\* Last modified Mon Dec 03 20:14:35 CST 2018 by hengxin +\* Last modified Mon Dec 31 19:21:16 CST 2018 by hengxin \* Created Tue Aug 28 14:58:54 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/SequenceUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/SequenceUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/SetUtils.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/SetUtils.tla old mode 100755 new mode 100644 diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/StateSpace.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/StateSpace.tla old mode 100755 new mode 100644 index 8d7be2b..0e6c4bf --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/StateSpace.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/StateSpace.tla @@ -16,12 +16,49 @@ IsSS(G) == /\ G.edge \subseteq [from: G.node, to: G.node, cop: Cop] EmptySS == EmptyGraph - (* Locate the node in a state space that matches the context ctx of cop. *) Locate(cop, ss) == CHOOSE n \in ss.node : n = cop.ctx +(* +Do transformation on state space. +Return the extra state space. +*) +xFormSS(cop, copprime) == + LET u == cop.ctx + v == u \cup {cop.oid} + uprime == u \cup {copprime.oid} + vprime == u \cup {cop.oid, copprime.oid} + cop2copprime == COT(cop, copprime) + copprime2cop == COT(copprime, cop) + IN [node |-> {u, v, uprime, vprime}, + edge |-> {[from |-> u, to |-> v, cop |-> cop], + [from |-> u, to |-> uprime, cop |-> copprime], + [from |-> v, to |-> vprime, cop |-> copprime2cop], + [from |-> uprime, to |-> vprime, cop |-> cop2copprime]}] +(* +Transform cop against cops (a sequence of cops) on state space. +Return the extra state space. +*) +xFormCopCopsSS(cop, cops) == + LET RECURSIVE xFormCopCopsSSHelper(_, _, _) + xFormCopCopsSSHelper(coph, copsh, xss) == \* xss: the eXtra state space + LET u == coph.ctx + v == u \cup {coph.oid} + uvSS == [node |-> {u, v}, edge |-> {[from |-> u, to |-> v, cop |-> coph]}] + IN IF copsh = <<>> THEN [lss |-> uvSS, xss |-> xss (+) uvSS] + ELSE LET copprimeh == Head(copsh) + uprime == u \cup {copprimeh.oid} + vprime == u \cup {coph.oid, copprimeh.oid} + coph2copprimeh == COT(coph, copprimeh) + copprimeh2coph == COT(copprimeh, coph) + IN xFormCopCopsSSHelper(coph2copprimeh, Tail(copsh), + xss (+) [node |-> {u, v}, + edge |-> {[from |-> u, to |-> v, cop |-> coph], + [from |-> u, to |-> uprime, cop |-> copprimeh], + [from |-> v, to |-> vprime, cop |-> copprimeh2coph]}]) + IN xFormCopCopsSSHelper(cop, cops, EmptySS) ============================================================================= \* Modification History -\* Last modified Wed Dec 19 18:35:13 CST 2018 by hengxin +\* Last modified Sun Dec 30 17:18:32 CST 2018 by hengxin \* Created Wed Dec 19 18:15:25 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiter.tla old mode 100755 new mode 100644 index 44eca26..cf2d58a --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiter.tla @@ -7,12 +7,7 @@ We call it XJupiter, with 'X' for "Xu". EXTENDS StateSpace ----------------------------------------------------------------------------- VARIABLES - (* - The 2D state spaces (2ss, for short). - Each client maintains one 2D state space. - The server maintains n 2D state spaces, one for each client. - *) - c2ss, \* c2ss[c]: the 2D state space at client c \in Client + c2ss, \* c2ss[c]: the 2D state space (2ss, for short) at client c \in Client s2ss \* s2ss[c]: the 2D state space maintained by the Server for client c \in Client vars == <> @@ -30,11 +25,7 @@ Init == /\ c2ss = [c \in Client |-> EmptySS] /\ s2ss = [c \in Client |-> EmptySS] ----------------------------------------------------------------------------- -(* -xForm: iteratively transform cop with a path -through the 2D state space ss at some client. -*) -xForm(cop, ss, cur) == +xForm(cop, ss, cur) == \* Transform cop with a path (i.e., operation sequence) through 2D state space ss. LET u == Locate(cop, ss) v == u \cup {cop.oid} RECURSIVE xFormHelper(_, _, _, _) @@ -50,92 +41,66 @@ xForm(cop, ss, cur) == xss (+) [node |-> {vprime}, edge |-> {[from |-> vh, to |-> vprime, cop |-> copprime2coph], [from |-> uprime, to |-> vprime, cop |-> coph2copprime]}]) - IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) + IN xFormHelper(u, v, cop, [node |-> {v}, edge |-> {[from |-> u, to |-> v, cop |-> cop]}]) ----------------------------------------------------------------------------- -(* -Client c \in Client perform operation cop. -*) -ClientPerform(cop, c) == +ClientPerform(cop, c) == \* Client c \in Client perform operation cop. LET xform == xForm(cop, c2ss[c], ds[c]) \* xform: [xss, xcop] IN /\ c2ss' = [c2ss EXCEPT ![c] = @ (+) xform.xss] /\ state' = [state EXCEPT ![c] = Apply(xform.xcop.op, @)] -(* -Client c \in Client generates an operation op. -*) + DoOp(c, op) == LET cop == [op |-> op, oid |-> [c |-> c, seq |-> cseq'[c]], ctx |-> ds[c]] IN /\ ClientPerform(cop, c) - /\ UpdateDS(c, cop) /\ Comm(Cop)!CSend(cop) -DoIns(c) == - \E ins \in {op \in Ins: op.pos \in 1 .. (Len(state[c]) + 1) /\ op.ch \in chins /\ op.pr = Priority[c]}: - /\ DoOp(c, ins) - /\ chins' = chins \ {ins.ch} \* We assume that all inserted elements are unique. - -DoDel(c) == - \E del \in {op \in Del: op.pos \in 1 .. Len(state[c])}: - /\ DoOp(c, del) - /\ UNCHANGED chins - Do(c) == /\ DoCtx(c) - /\ \/ DoIns(c) - \/ DoDel(c) + /\ DoInt(DoOp, c) /\ UNCHANGED s2ss -(* -Client c \in Client receives a message from the Server. -*) + Rev(c) == /\ Comm(Cop)!CRev(c) - /\ LET cop == Head(cincoming[c]) \* the received (transformed) operation - IN ClientPerform(cop, c) + /\ ClientPerform(Head(cincoming[c]), c) /\ RevCtx(c) - /\ UNCHANGED <> ------------------------------------------------------------------------------ -(* -The Server performs operation cop. -*) + /\ RevInt(c) + /\ UNCHANGED s2ss + ServerPerform(cop) == LET c == ClientOf(cop) scur == ds[Server] xform == xForm(cop, s2ss[c], scur) \* xform: [xss, xcop] xcop == xform.xcop xcur == scur \cup {cop.oid} - IN /\ s2ss' = [cl \in Client |-> + IN /\ s2ss' = [cl \in Client |-> IF cl = c THEN s2ss[cl] (+) xform.xss ELSE s2ss[cl] (+) [node |-> {xcur}, - edge |-> {[from |-> scur, to |-> xcur, cop |-> xcop]}] - ] - /\ state' = [state EXCEPT ![Server] = Apply(xcop.op, @)] - /\ Comm(Cop)!SSendSame(c, xcop) \* broadcast the transformed operation -(* -The Server receives a message. -*) + edge |-> {[from |-> scur, to |-> xcur, cop |-> xcop]}] + ] + /\ state' = [state EXCEPT ![Server] = Apply(xcop.op, @)] + /\ Comm(Cop)!SSendSame(c, xcop) + SRev == /\ Comm(Cop)!SRev - /\ LET cop == Head(sincoming) - IN ServerPerform(cop) + /\ ServerPerform(Head(sincoming)) /\ SRevCtx - /\ UNCHANGED <> + /\ SRevInt + /\ UNCHANGED c2ss ----------------------------------------------------------------------------- Next == \/ \E c \in Client: Do(c) \/ Rev(c) \/ SRev -Fairness == +Fairness == \* There is no requirement that the clients ever generate operations. WF_vars(SRev \/ \E c \in Client: Rev(c)) Spec == Init /\ [][Next]_vars \* /\ Fairness ----------------------------------------------------------------------------- -(* -In Jupiter (not limited to XJupiter), each client synchronizes with the server. -In XJupiter, this is expressed as the following CSSync property. -*) -CSSync == +CSSync == \* Each client c \in Client is synchonized with the Server. \forall c \in Client: (ds[c] = ds[Server]) => c2ss[c] = s2ss[c] + +THEOREM Spec => []CSSync ============================================================================= \* Modification History -\* Last modified Mon Dec 24 11:38:04 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:46:54 CST 2018 by hengxin \* Created Tue Oct 09 16:33:18 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiterExtended.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiterExtended.tla old mode 100755 new mode 100644 index 9e1a5c3..bbf39e6 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiterExtended.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiterExtended.tla @@ -1,21 +1,17 @@ -------------------------- MODULE XJupiterExtended -------------------------- (* -XJupiter extended with serial views. -This is used to show that XJupiter implements CJupiter. +XJupiter extended with serial views. This is used to show that XJupiter implements CJupiter. *) EXTENDS XJupiter, JupiterSerial ----------------------------------------------------------------------------- -VARIABLES - (* - Simulating the behavior of propagating original operations in CJupiter. - *) +VARIABLES \* Simulate the behavior of propagating original operations in CJupiter. cincomingCJ, \* cincoming for CJupiter which contains original operations \* instead of transformed ones in XJupiter sincomingCJ \* (not used) commCJVars == <> varsEx == <> ------------------------------------------------------------------------------ + commCJ == INSTANCE CSComm WITH Msg <- Seq(Cop), cincoming <- cincomingCJ, sincoming <- sincomingCJ ----------------------------------------------------------------------------- @@ -23,7 +19,7 @@ TypeOKEx == /\ TypeOK /\ commCJ!TypeOK /\ TypeOKSerial ------------------------------------------------------------------------------ + InitEx == /\ Init /\ commCJ!Init @@ -42,7 +38,7 @@ RevEx(c) == SRevEx == /\ SRev /\ LET cop == Head(sincoming) - c == cop.oid.c + c == ClientOf(cop) IN /\ commCJ!SSendSame(c, cop) /\ SRevSerial /\ UNCHANGED sincomingCJ @@ -57,5 +53,5 @@ FairnessEx == SpecEx == InitEx /\ [][NextEx]_varsEx \* /\ FairnessEx ============================================================================= \* Modification History -\* Last modified Sat Dec 15 18:01:37 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:52:00 CST 2018 by hengxin \* Created Tue Oct 30 20:32:27 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiterImplCJupiter.tla b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiterImplCJupiter.tla old mode 100755 new mode 100644 index 372a35b..e0daa7a --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiterImplCJupiter.tla +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XCRefinement/XJupiterImplCJupiter.tla @@ -3,9 +3,7 @@ We show that XJupiter (XJupiterExtended) implements CJupiter. *) EXTENDS XJupiterExtended -(* -Variables for defining refinement mapping from XJupiter to CJupiter. -*) +----------------------------------------------------------------------------- VARIABLES op2ss, \* a function from an operation (represented by its Oid) \* to the part of 2D state space produced while the operation is transformed @@ -17,7 +15,7 @@ TypeOKImpl == /\ TypeOKEx /\ \A oid \in DOMAIN op2ss: oid \in Oid /\ IsSS(op2ss[oid]) /\ \A c \in Client: IsSS(c2ssX[c]) ------------------------------------------------------------------------------ + InitImpl == /\ InitEx /\ op2ss = <<>> @@ -36,7 +34,7 @@ RevImpl(c) == SRevImpl == /\ SRevEx /\ LET cop == Head(sincoming) - c == cop.oid.c + c == ClientOf(cop) xform == xForm(cop, s2ss[c], ds[Server]) \* TODO: performance!!! ss == xform.xss IN op2ss' = op2ss @@ (cop.oid :> [node |-> ss.node, edge |-> ss.edge]) @@ -50,7 +48,7 @@ FairnessImpl == /\ WF_varsImpl(SRevImpl \/ \E c \in Client: RevImpl(c)) SpecImpl == InitImpl /\ [][NextImpl]_varsImpl \* /\ FairnessImpl - +----------------------------------------------------------------------------- CJ == INSTANCE CJupiter WITH cincoming <- cincomingCJ, \* sincoming needs no substitution css <- [r \in Replica |-> @@ -61,5 +59,5 @@ CJ == INSTANCE CJupiter THEOREM SpecImpl => CJ!Spec ============================================================================= \* Modification History -\* Last modified Mon Dec 24 11:38:49 CST 2018 by hengxin +\* Last modified Mon Dec 31 20:55:05 CST 2018 by hengxin \* Created Fri Oct 26 15:00:19 CST 2018 by hengxin \ No newline at end of file diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XJupiterImplCJupiter.pdf b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XJupiterImplCJupiter.pdf index d93452a..0abcafe 100755 Binary files a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XJupiterImplCJupiter.pdf and b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XJupiterImplCJupiter.pdf differ diff --git a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XJupiterImplCJupiter.tex b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XJupiterImplCJupiter.tex index 2805528..f9dce28 100755 --- a/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XJupiterImplCJupiter.tex +++ b/tlaplus-projects/Hengfeng-Wei/Wei-jupiter-tla/XJupiterImplCJupiter.toolbox/XJupiterImplCJupiter.tex @@ -978,7 +978,7 @@ )}% \@x{\makebox[0pt][r]{\scriptsize 17\hspace{1em}}\@s{16.4} \.{\land} \A\, c \.{\in} Client \.{:} IsSS ( c2ssX [ c ] )}% -\@x{\makebox[0pt][r]{\scriptsize 18\hspace{1em}}}\midbar\@xx{}% +\@pvspace{8.0pt}% \@x{\makebox[0pt][r]{\scriptsize 19\hspace{1em}} InitImpl \.{\defeq}}% \@x{\makebox[0pt][r]{\scriptsize 20\hspace{1em}}\@s{16.4} \.{\land} InitEx}% \@x{\makebox[0pt][r]{\scriptsize 21\hspace{1em}}\@s{16.4} \.{\land} @@ -1008,7 +1008,7 @@ \@x{\makebox[0pt][r]{\scriptsize 36\hspace{1em}}\@s{16.4} \.{\land} \.{\LET} cop \.{\defeq} Head ( sincoming )}% \@x{\makebox[0pt][r]{\scriptsize 37\hspace{1em}}\@s{56.11} c\@s{1.57} - \.{\defeq} cop . oid . c}% + \.{\defeq} ClientOf ( cop )}% \@x{\makebox[0pt][r]{\scriptsize 38\hspace{1em}}\@s{35.71} xform\@s{1.16} \.{\defeq} xForm ( cop ,\, s2ss [ c ] ,\, ds [ Server ] )\@s{4.1}}% \@y{\@s{0}% @@ -1038,7 +1038,7 @@ \ensuremath{\.{\land} FairnessImpl }}% \@xx{}% -\@pvspace{8.0pt}% +\@x{\makebox[0pt][r]{\scriptsize 51\hspace{1em}}}\midbar\@xx{}% \@x{\makebox[0pt][r]{\scriptsize 52\hspace{1em}} CJ \.{\defeq} {\INSTANCE} CJupiter}% \@x{\makebox[0pt][r]{\scriptsize 53\hspace{1em}}\@s{40.89} {\WITH} cincoming @@ -1066,7 +1066,7 @@ \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}% \ensuremath{\.{\,\backslash\,}}* Last modified \ensuremath{Mon} - \ensuremath{Dec} 31 11:09:14 \ensuremath{CST} 2018 by \ensuremath{hengxin + \ensuremath{Dec} 31 20:55:05 \ensuremath{CST} 2018 by \ensuremath{hengxin }% \end{cpar}% \begin{cpar}{0}{F}{F}{0}{0}{}%