```
MODULE NewLinearSnapshot
```

This module is part of the AfekSimplified example in Section 6 of the paper "Auxiliary Variables in TLA+". It is equivalent to the specification in module LinearSnapshot of a linearizable snapshot algorithm, in the sense that it permits the same behaviors of the externally visible variable interface. You should understand that specification before reading this module.

This specification differs from the one in LinearSnapshot by deferring the choice of a reader's output as long as possible—namely, the choice is made only in the EndRd action. The reader maintains a list of all the values that the memory mem had while the read operation is being performed, and has the EndRd action choose an arbitrary element of that list to return as the output.

The equivalence of the two linearizable snapshot algorithms means that if  $Spec\_NL$  is formula Spec of this module and  $Spec\_L$  is formula Spec of module LinearSnapshot, then  $\exists$  mem, rstate,  $wstate: Spec\_L$ . We only show that the first implies the second, since that is all we need for our example of the simplified Afek et al. snapshot algorithm.

24 EXTENDS Integers, Sequences

1

The declared and defined constants are the same as in module LinearSnapshot.

30 CONSTANTS Readers, Writers, RegVals, InitRegVal

```
32 ASSUME \land Readers \cap Writers = {}
33 \land InitRegVal \in RegVals

35 InitMem \stackrel{\triangle}{=} [i \in Writers \mapsto InitRegVal]
36 MemVals \stackrel{\triangle}{=} [Writers \rightarrow RegVals]
37 NotMemVal \stackrel{\triangle}{=} CHOOSE v : v \notin MemVals
38 NotRegVal \stackrel{\triangle}{=} CHOOSE v : v \notin RegVals
```

The variables mem and interface are the same as in LinearSnapshot. The variable wstate is a function with domain Writers, where wstate[i] assumes the same value as istate[i] does for the LinearSnapshot spec, for all  $i \in Writers$ . The variable rstate is a function with domain Readers such that  $rstate[i] = \langle \rangle$  when reader i is not performing a read operation, and while performing a read it equals the sequence of values that mem has assumed since the BeginRd(i) step.

We will not bother explaining the assertions that the spec makes about mem, interface, and wstate, since they are exactly the same as in LinearSnapshot for mem and interface, and every condition on wstate[i] is the same as the corresponding condition on istate[i] in LinearSnapshot, for  $i \in Writers$ .

```
VARIABLES mem, interface, rstate, wstate
    vars \triangleq \langle mem, interface, rstate, wstate \rangle
     TypeOK \stackrel{\Delta}{=} \land mem \in MemVals
58
                      \land \land DOMAIN interface = Readers \cup Writers
59
                          \land \forall i \in Readers : interface[i] \in MemVals \cup \{NotMemVal\}
60
                          \land \forall i \in Writers : interface[i] \in RegVals \cup \{NotRegVal\}
61
                      \land \land rstate \in [Readers \rightarrow Seq(MemVals)]
62
                          \land \forall i \in Readers:
63
                                (rstate[i] = \langle \rangle) \equiv (interface[i] \in Mem Vals)
64
                       \land wstate \in [Writers \rightarrow RegVals \cup \{NotRegVal\}]
65
```

```
Since no reader is initially executing a read command, rstate[i] initially equals the empty sequence for each reader i.
```

```
71 Init \triangleq \land mem = InitMem

72 \land interface = [i \in Readers \cup Writers \mapsto

73 \qquad \qquad \text{IF } i \in Readers \text{ THEN } InitMem \text{ ELSE } NotRegVal]

74 \land rstate = [i \in Readers \mapsto \langle \rangle]

75 \land wstate = [i \in Writers \mapsto NotRegVal]
```

Since they leave rstate unchanged, BeginWr and EndWr are the same as in LinearSnapshot.

The BeginRd(i) action sets rstate[i] to  $\langle mem \rangle$ , since the current value of mem is the only output value EndRd(i) can return if executed immediately afterwards.

```
91 BeginRd(i) \triangleq \land interface[i] \in MemVals

92 \land interface' = [interface \ EXCEPT \ ![i] = NotMemVal]

93 \land rstate' = [rstate \ EXCEPT \ ![i] = \langle mem \rangle]

94 \land UNCHANGED \ \langle mem, \ wstate \rangle
```

The DoWr(i) action appends the new value of mem to rstate[j] for each reader j currently performing a read operation, since each of those readers can return that value as their output.

```
DoWr(i) \stackrel{\triangle}{=} \land interface[i] \in RegVals
101
102
                        \land wstate[i] = interface[i]
                        \land mem' = [mem \ EXCEPT \ ![i] = interface[i]]
103
                        \land wstate' = [wstate \ EXCEPT \ ![i] = NotRegVal]
104
                        \land rstate' = [j \in Readers \mapsto
105
                                           IF rstate[j] = \langle \rangle
106
                                               THEN \langle \rangle
107
                                               ELSE Append(rstate[j], mem')
108
                        \land interface' = interface
109
```

EndRd(i) can set as its output any element of rstate[i]. It resets rstate[i] to the empty sequence.

```
EndRd(i) \stackrel{\triangle}{=} \land interface[i] = NotMemVal
115
                           \land \exists j \in 1 \dots Len(rstate[i]):
116
                                  interface' = [interface \ EXCEPT \ ![i] = rstate[i][j]]
117
                           \land rstate' = [rstate \ EXCEPT \ ![i] = \langle \rangle]
118
                           \land UNCHANGED \langle mem, wstate \rangle
119
      EndWr(i) \stackrel{\Delta}{=} \wedge interface[i] \in RegVals
121
                           \land wstate[i] = NotRegVal
122
                           \land interface' = [interface \ EXCEPT \ ![i] = wstate[i]]
123
                           \land UNCHANGED \langle mem, rstate, wstate \rangle
124
     Next \stackrel{\Delta}{=} \lor \exists i \in Readers : BeginRd(i) \lor EndRd(i)
```

```
127 \forall \exists i \in Writers : \forall \exists cmd \in RegVals : BeginWr(i, cmd)
128 \forall DoWr(i) \forall EndWr(i)
```

130  $SafeSpec \triangleq Init \wedge \Box [Next]_{vars}$ 

The fairness condition implies that every read or write operation that has begun must eventually finish

```
136 Fairness \stackrel{\triangle}{=} \land \forall i \in Readers : WF_{vars}(EndRd(i))
137 \land \forall i \in Writers : WF_{vars}(DoWr(i)) \land WF_{vars}(EndWr(i))
```

$$139 \quad Spec \stackrel{\triangle}{=} \quad Init \land \Box [Next]_{vars} \land Fairness$$

- $\setminus * \ {\bf Modification} \ {\bf History}$
- \\* Last modified Sat Oct 22 01:41:33 PDT 2016 by lamport
- \\* Created Wed Oct 05 01:23:41 PDT 2016 by lamport