Team Veridis

Overall Objectives
Scientific Foundations
Application Domains
New Results
Contracts and Grants with Industry
Partnerships and Cooperations
PDF e-pub XML

Section: New Results

Encoding TLA+ proof obligations for SMT solvers

Participants : Stephan Merz, Hernán-Pablo Vanzetto.

The TLA+ proof system TLAPS (see 5.2 ) is being developed within a project at the MSR-INRIA Joint Centre in which we participate. The original release of TLAPS contained an SMT backend that handled quantifier-free proof obligations in linear arithmetic and that was occasionally useful, given that the other backends perform quite poorly on formulas involving arithmetic. However, TLA+ proof obligations usually mix arithmetic with other theories, in particular set theory, functions, records, and tuples. We propose a new encoding of TLA+ sequents in SMT-LIB, the generic input language of SMT solvers. The main challenge has been to design a sound translation from untyped TLA+ to the multi-sorted first-order logic that underlies SMT-LIB. We have developed a type system and a type inference algorithm that assigns SMT-LIB sorts to symbols and terms in the input formula, based on “typing assumptions” among the hypotheses present in the proof obligation.

The translation has been validated over several existing examples, yielding significant reductions in proof sizes. For example, the new backend can automatically verify the main invariant of a parameterized version of the Bakery algorithm, which previously required a few hundred lines of interactive proof. Similarly, an existing proof about a security architecture  [33] has been reduced by about 90%. The backend has been integrated in TLAPS and has been presented at a workshop [19] .