Formal Methods

Lab-5
TLA specification of Synchronous Interfaces

Lecturer: Dr. Abdullah Nasser

Dr. Johanna Binti Ahmed
TLA specification of Synchronous Interfaces

 Run TLA+ Toolbox.

 Develop Data transfer protocol TLA specification:
 be sure, you have no errors in your specifications
 don’t forget to comment your specifications;
 submit into Kalam only Four files:
 Lab_5_Code_<Your_ID>: The Source Code
 Lab_5_Screenshot_<Your_ID>: Screenshot of your code and model (pdf or doc)

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang

Data transfer protocol

 A sender and a receiver are connected as

shown here.
 Data is sent on val, and the rdy and ack lines
are used for synchronization. The sender must
wait for an acknowledgment (an Ack) for one
data item before it can send the next. The
interface uses the standard two-phase
handshake protocol, described by the
following sample behavior:

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang

Data transfer protocol

 We can send any value by val data line (e.g. 26, 37, 4, 19…).
 Send is enabled if rdy equals ack
(i.e. the send condition is rdy=ack, e.g. both are 0 or 1).
 The sender wait for an acknowledgment from receiver before it can send the next one
(i.e. wait condition is rdy ≠ ack ).

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang

Data transfer protocol specification

1. Develop TLA specification of

SynchInterface, as shown below
(please use as the module name
Lab_4_<Your_ID>)

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang

Data transfer protocol specification

1. Develop TLA specification of

SynchInterface, as shown below
(please use as the module name
Lab_4_<Your_ID>)

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang

Data transfer protocol

2. Create new model. To run the model you need provide a value for the CONSTANT Data.
Find in the Model Overview page shown below section “Data <” and press “Edit” button
(or double click on the “Data <-”).

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang

Data transfer protocol

3. Specify values of the constant Data as

{d1, d2, d3}, select “Set of models
values”, Leave the values untyped and
press “Finish”.

 As result you will see the Data set of the

model value constants
where {d1, d2, d3} is a set of the messages
to be send via asynchronous / asynchronous
channels.

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang

Data transfer protocol

4. Define the Send action with parameter d, showing an exact

message to be sent by Send(d) Modify the Next action, showing
that there exists d in Data, such that it satisfies Send(d)
Comment you explanations inside the module.

Note. As a reference, use lecture No. 6 “Specification of a Synchronous

and Asynchronous Protocols”.

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang

Data transfer protocol

5. Analyze the amount of distinct states, generated by TLC.

 For it, change the size of the Data set (e.g. delete one element “d3” in the Model
Overview page), run TLC and see results.
 Comment your finings inside the module.

6. What happens, if you will specify AND operation in the Next state predicate,
linking Send and Rcv actions?
 Is such the behavior correct? Check it by TLC. Write corresponding comment in
your code.

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang

Data transfer protocol

7. TLC allows printing values during module checking.

 Operator Print is defined in the standard module with name TLC, so you need include it in your lab by
EXTENDS keyword, i.e. write( EXTENDS TLC )
 To use Print in the formulas as a TRUE assumption you need write something like

Note. The output that appears in

/\ Print(exp, TRUE) the User Output panel is
generated by TLC during its
exploration of the state space.
 In this sample, Print will print exp and return the second parameter - the TRUE value Since TLC does a breadth-first
evaluation, the order in which
print statements are executed
may not be obvious, and it does
Note. To print more than one value put the expressions in the tuple <<>> not correspond to the execution
order of individual runs of the
algorithm. Moreover, whenever
Modify Send and Rcv actions by adding print statements correspondingly: TLC encounters a state that it
has already seen previously, it
/\ Print(<<"Send ", val, ack, rdy >>, TRUE) will not explore the successors of
/\ Print(<<"Rcv ", val, ack, rdy >>, TRUE) that state.

 Analyze the printed output. Copy a small part of the output into your module (inside comments) and
give explanations.

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang

Data transfer protocol

8. Simplify the SyncInterface protocol in order it has only one synchronization line,
modelled by the variable ack. Do it by commenting not needed lines from your
initial specification (but not delete them from the file).
Conditions:
Sender sends a val if ack is 0 (and next sets ack into 1).
Receiver receives a val, if ack is 1 (and next sets ack into 0).
Note, the rdy variable is no longer needed.

9. Do we still model a synchronous interface? Please write commented answer.

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang

Data transfer protocol

 Submit the specification into Kalam for evaluation.

Prepared by Dr. Abdullah Nasser, Universiti Malaysia Pahang