-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathTCommit.tla
49 lines (32 loc) · 1.94 KB
/
TCommit.tla
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
------------------------------------ MODULE TCommit -------------------------------
CONSTANT RM \* The set of all Resource Managers (e.g. {"r1", "r2", "r3"})
VARIABLE rmState \* rmState[rm] is the state of the Resource Manager rm
TCTypeOK == rmState \in [RM -> {"working", "prepared", "committed", "aborted"}]
TCInit == rmState = [r \in RM |-> "working"]
-----------------------------------------------------------------------------------
Prepare(r) == /\ rmState[r] = "working"
/\ rmState' = [rmState EXCEPT ![r] = "prepared"]
(***********************************************)
(* [s \in RM |-> *)
(* IF s = r THEN "prepared" ELSE rmState[s]] *)
(***********************************************)
canCommit == \A r \in RM: rmState[r] \in {"prepared", "comitted"}
notCommited == \A r \in RM: rmState[r] /= "committed"
DecideToCommit(r) == /\ rmState[r] = "prepared"
/\ canCommit
/\ rmState'= [rmState EXCEPT ![r] = "committed"]
DecideToAbort(r) == /\ rmState[r] \in {"working", "prepared"}
/\ notCommited
/\ rmState'= [rmState EXCEPT ![r] = "aborted"]
Decide(r) == \/ DecideToCommit(r)
\/ DecideToAbort(r)
TCNext == \E r \in RM : Prepare(r) \/ Decide(r)
-----------------------------------------------------------------------------------
TCConsistent == \A r1, r2 \in RM : ~ /\ rmState[r1] = "aborted"
/\ rmState[r2] = "commited"
TCSpec == TCInit /\ [][TCNext]_rmState
THEOREM TCSpec => [](TCTypeOK /\ TCConsistent)
===================================================================================
\* Modification History
\* Last modified Mon Apr 05 00:42:24 BRT 2021 by felipec
\* Created Sat Apr 03 10:13:09 BRT 2021 by felipec