TLA+ Spec for the Cure Key-Value Store
- Data Sharding
Shardingis a mapping fromKeytoPartition- Random mapping in each model checking (not
CHOOSE; tryRandomElement) - As a part of model
- Random mapping in each model checking (not
Clock[p][d]Tickas an associated action; executed after each other action?- Tick as a separate action? (Seems Better!!!)
Clock[p][d]pvc[p][d]
- Change
<=in the waiting condition ofUPDATE_REQUESTto<? - Using
JavaTime?- NO! This would introduce a global wall clock.
Value- does not matter
- can be eliminated
- Now:
Value = {v}
- Client-server interaction
- using
msgs - well-formedness of clients
- using
- "wait until"
PMC- not necessary for TLA+
- Message
- +
REPLICATE - +
HEARTBEAT
- +
- Clock
- Tick as a separate action
Clock[p][d]pvc[p][d]
- Change
<=in the waiting condition ofUPDATE_REQUESTto<? tickforHeartbeat
- Tick as a separate action
- Computing CSS
- email
- "latest version"
- FIFO channel for propagating updates
-
UpdateCSS:css[m][d][d]not necessary?
- FIFO channel for propagating updates and heartbeats
incoming[p][d]- one incoming channel for each partition (NOW)
d \in Datacenterincoming channels for each partition
-
UpdateCSS:- Also computing
css[m][d][d], for simplicity
- Also computing
-
i # din Line 3 and Line 8- Delete such conditions, for simplicity
- Fixing one (
pvc)'problem - Fixing
pvcupdating error
- Delete
Clock == Nat - Spec for CM: CausalMemory
- +
L[c]for history- Recording
L[c]inReadRequest&UpdateRequest - +
OpTuple
- Recording
- causality order
-
soorder -
write-intoorder
-
- +
- Module
Relation- +
SeqToRel
- +
- Handling
NotValinCM- Redefine
Valid(s)with initial values for keys
- Redefine
- Testing
CM- +state constraint:
\A c \in Client: Len(L[c]) <= 3
- +state constraint:
- Testing
CM- FIXME:
Range(seq)duplicate elements in sequence- +
c : Client, cnt : NatinOpTuple
- +
- FIXME:
-
CureKV:
-
S[c]for serialization
-
n^5checking algorithm for CM
- CureKV
- Version without Heartbeat
- Check liveness
- Properties
- Safety
TypeOKcvc[c]non-decreasingcss[p][d]non-decreasing- CM
- Liveness
- Safety
- googlegroup: "checking safety upon termination only?"
- CostModel:
CostModel lookup failed for expression
<line 54, col 36 to line 54, col 67 of module Cure>. Reporting costs into<line 52, col 22 to line 54, col 67 of module Cure>instead (Safety and Liveness checking is unaffected. Please report a bug.)