My Sense Amongst Using Tla+ Inwards Distributed Systems Class
I used TLA+ inward my distributed organisation cast inward Fall 2014. (To larn the backstory on this, read my pre-semester TLA+ post.)
In short, I loved the sense in addition to I am hooked. Integrating TLA+ to the cast gave students a agency to acquire a hands-on sense inward algorithms blueprint in addition to correctness verification. Even for a sophisticated algorithm, such equally Paxos, I tin refer the students to TLA+ to practise in addition to play amongst the algorithm, in addition to then they tin internalize what is going on. Throughout the semester equally I had to a greater extent than jeopardy to operate amongst TLA+, I started growing a library of TLA+ modeling of distributed algorithms. Next fourth dimension I learn the class, I promise to render the students amongst a TLA+ model of each algorithm I embrace inward the class.
The pupil feedback was also positive. The students liked TLA+ since it gave them a agency to experiment in addition to supported them inward reasoning nearly the algorithms. Several students complained of the learning curve. They wanted me to embrace TLA+ inward to a greater extent than item inward the class. (The TLA+ manual tin endure real dense for the students.) Next semester I excogitation to allocate to a greater extent than fourth dimension getting the students acquainted amongst TLA+. (Next fourth dimension around, I volition also operate on devising automated ways to degree the TLA+ projects. My TA had do manual testing of the projects, non a pleasant chore for a cast of threescore students.)
The aim of the kickoff mini-project was to acquire the students started amongst TLA+. I asked the students to model a edible bean tin work (white in addition to dark beans amongst rules to take away beans cast the can). This was uncomplicated in addition to at that topographic point was alone 1 process. But the students got to larn how they tin depository fiscal establishment check security in addition to liveness weather on their program.
The instant mini-project required them to bargain amongst multiple processes. I asked them to model the logical physical clocks nosotros had introduced inward our research. Using TLA+ model checker the students flora the counterexample inward the naive algorithm, where the logical clock gradually but unboundedly gets ahead of the physical clock. This counterexample is difficult to notice in addition to involves xxx steps inward the algorithm. So this was an instance were TLA+ proved its value. (Try to figure out this counterexample amongst unit of measurement tests, I dare you.)
The concluding mini-project gave them to a greater extent than practise on modeling distributed algorithms. I asked them to model Dijkstra's classical stabilizing token telephone algorithm equally good equally Dijkstra's lesser known 4-state stabilizing token telephone algorithm. Students learned nearly self-stabilization in addition to how it deals amongst arbitrary retention corruption.
Learning to model algorithms using TLA+ takes time. The linguistic communication is powerful in addition to real general; it is Math later all. You demand to report many examples to larn nearly the RIGHT ways of doing things. I experienced this equally a novice kickoff hand. I had written a PlusCal code for Paxos within a twosome days. My code worked, but it used procedures, in addition to it was real procedural/operational rather than declarative--the agency Math should be. And in addition to then my code was real dull to model check. Model checking amongst 2 acceptors worked, but I gave upward on model checking amongst 3 acceptors since it took to a greater extent than than an hour. Then I flora Lamport's PlusCal code nearly Byzantine agreement. I rewrote my Paxos implementation, imitating his style. I used macros, instead of procedures. My code decease to a greater extent than declarative than operational. And, for message passing, I used Lamport's fob of using tape typed messages which are written only 1 time to a shared message board; it was the acceptors responsibleness to react to them (by only reading, non consuming them). My novel refactored code translated to 150 LOC TLA+, whereas my kickoff version had translated to 800 LOC TLA. And the novel version model checked inward a infinitesimal for 3 acceptors, leading to a twosome of magnitudes of venture improvement inward efficiency.
While PlusCal is nice, the crutch of using labels inward PlusCal algorithms (for enabling TLA+ translation) is a flake ugly. The labels inward PlusCal are non only aesthetic. They create upward one's take heed the granularity of atomic execution of blocks of code, in addition to then it is critical to house the labels right. If you lot neglect to do this right, you lot volition come across deadlocks due to co-dependent expect weather inward dissimilar blocks of code. Inserting a label reduces the granularity of block of code from atomic to intermission at the label. Labels were a piddling unintuitive for me. But later unopen to practice, I was able to acquire a hang of them.
Another ugly purpose is the lack of information construction back upward for passing messages in addition to parsing them. Using tuples without land names is flexible, but it becomes intractable. Using records help somewhat, but manipulating land names inward records also gets complicated quickly. TLA+ doesn't cause got static/strict typing, in addition to I got stuck amongst runtime errors several times. In 1 case, I realized I had to notice a agency to flatten out a laid upward within of unopen to other set; later a lot of caput banging, I flora nearly the UNION operator, which solved the problem.
Good engineers utilization adept tools. And TLA+ is a neat tool for modeling distributed algorithms. Modeling an algorithm amongst TLA+ is actually rewarding equally it makes you lot "grok" the algorithm.
My previous postal service has links to useful documentation for TLA+/PlusCal
Clicking on label "tla" at the halt of the postal service you lot tin accomplish all my posts nearly TLA+
In short, I loved the sense in addition to I am hooked. Integrating TLA+ to the cast gave students a agency to acquire a hands-on sense inward algorithms blueprint in addition to correctness verification. Even for a sophisticated algorithm, such equally Paxos, I tin refer the students to TLA+ to practise in addition to play amongst the algorithm, in addition to then they tin internalize what is going on. Throughout the semester equally I had to a greater extent than jeopardy to operate amongst TLA+, I started growing a library of TLA+ modeling of distributed algorithms. Next fourth dimension I learn the class, I promise to render the students amongst a TLA+ model of each algorithm I embrace inward the class.
The pupil feedback was also positive. The students liked TLA+ since it gave them a agency to experiment in addition to supported them inward reasoning nearly the algorithms. Several students complained of the learning curve. They wanted me to embrace TLA+ inward to a greater extent than item inward the class. (The TLA+ manual tin endure real dense for the students.) Next semester I excogitation to allocate to a greater extent than fourth dimension getting the students acquainted amongst TLA+. (Next fourth dimension around, I volition also operate on devising automated ways to degree the TLA+ projects. My TA had do manual testing of the projects, non a pleasant chore for a cast of threescore students.)
The TLA+ mini-projects I used
Throughout the semester, I assigned 3 TLA+ mini-projects amongst increasing complexity.The aim of the kickoff mini-project was to acquire the students started amongst TLA+. I asked the students to model a edible bean tin work (white in addition to dark beans amongst rules to take away beans cast the can). This was uncomplicated in addition to at that topographic point was alone 1 process. But the students got to larn how they tin depository fiscal establishment check security in addition to liveness weather on their program.
Lessons learned (the good, the bad, in addition to the ugly)
I learned that PlusCal linguistic communication is the right abstraction for modeling distributed algorithms. TLA+ is likewise depression story for writing (and reading) distributed algorithms. PlusCal allows you lot to include TLA+ expressions in addition to definitions, in addition to then you lot do goodness from all the expressive ability of TLA+ without going total TLA+. PlusCal is non a carve upward entity, but only a to a greater extent than convenient agency to write TLA+ code. In the TLA+ toolkit you lot tin write the algorithm inward PlusCal in addition to hitting the "translate to TLA+" to orbit the corresponding TLA+ code. When I utilization the term "modeling an algorithm inward TLA+", I actually hateful writing the model inward PlusCal, auto-translating it to TLA+ in addition to model checking it.Learning to model algorithms using TLA+ takes time. The linguistic communication is powerful in addition to real general; it is Math later all. You demand to report many examples to larn nearly the RIGHT ways of doing things. I experienced this equally a novice kickoff hand. I had written a PlusCal code for Paxos within a twosome days. My code worked, but it used procedures, in addition to it was real procedural/operational rather than declarative--the agency Math should be. And in addition to then my code was real dull to model check. Model checking amongst 2 acceptors worked, but I gave upward on model checking amongst 3 acceptors since it took to a greater extent than than an hour. Then I flora Lamport's PlusCal code nearly Byzantine agreement. I rewrote my Paxos implementation, imitating his style. I used macros, instead of procedures. My code decease to a greater extent than declarative than operational. And, for message passing, I used Lamport's fob of using tape typed messages which are written only 1 time to a shared message board; it was the acceptors responsibleness to react to them (by only reading, non consuming them). My novel refactored code translated to 150 LOC TLA+, whereas my kickoff version had translated to 800 LOC TLA. And the novel version model checked inward a infinitesimal for 3 acceptors, leading to a twosome of magnitudes of venture improvement inward efficiency.
While PlusCal is nice, the crutch of using labels inward PlusCal algorithms (for enabling TLA+ translation) is a flake ugly. The labels inward PlusCal are non only aesthetic. They create upward one's take heed the granularity of atomic execution of blocks of code, in addition to then it is critical to house the labels right. If you lot neglect to do this right, you lot volition come across deadlocks due to co-dependent expect weather inward dissimilar blocks of code. Inserting a label reduces the granularity of block of code from atomic to intermission at the label. Labels were a piddling unintuitive for me. But later unopen to practice, I was able to acquire a hang of them.
Another ugly purpose is the lack of information construction back upward for passing messages in addition to parsing them. Using tuples without land names is flexible, but it becomes intractable. Using records help somewhat, but manipulating land names inward records also gets complicated quickly. TLA+ doesn't cause got static/strict typing, in addition to I got stuck amongst runtime errors several times. In 1 case, I realized I had to notice a agency to flatten out a laid upward within of unopen to other set; later a lot of caput banging, I flora nearly the UNION operator, which solved the problem.
Good engineers utilization adept tools. And TLA+ is a neat tool for modeling distributed algorithms. Modeling an algorithm amongst TLA+ is actually rewarding equally it makes you lot "grok" the algorithm.
Useful Links:
There is a vibrant Google Groups forum for TLA+ : https://groups.google.com/My previous postal service has links to useful documentation for TLA+/PlusCal
Clicking on label "tla" at the halt of the postal service you lot tin accomplish all my posts nearly TLA+
0 Response to "My Sense Amongst Using Tla+ Inwards Distributed Systems Class"
Post a Comment