Tutorial on the Executable ASM Specification of the AB Protocol and Comparison with TLA^+
share
The main aim of this report is to provide an introductory tutorial on the Abstract State Machines (ASM) specification method for software engineering to an audience already familiar with the Temporal Logic of Actions (TLA^+) method. The report asks to what extent the ASM and TLA^+ methods are complementary in checking specifications against stated requirements and proposes some answers. A second aim is to provide a comparison between different executable frameworks that have been developed for the same specification languages. Thus, the ASM discussion is complemented by executable Corinthian ASM (CASM) and CoreASM models. Similarly, the two TLA^+ specifications presented, which rely on the TLC and Apalache model checkers, respectively, are complemented by a Quint specification, a new language developed by Informal Systems to serve as a user-friendly syntax layer for TLA^+. For the basis of comparison we use the specification of the Alternating Bit (AB) protocol because it is a simple and well-understood protocol already extensively analysed in the literature. While the models reported here and developed with the two methods are semantically equivalent, ASMs and Quint are better suited for top-down specification from abstract requirements by iterative refinement. TLA^+ seems to be more easily used bottom-up, to build abstractions on top of verified components in spite of the fact that it, too, emphasizes iterative refinement. In the final section, the report begins to scope out the possibility of a homomorphism between the specification of the AB protocol and its finite-state machine (FSM) through state space visualizations, motivated by a search for a formal decomposition method.
READ FULL TEXT
