Skip to main content
SpringerLink
Log in
Book cover

International Conference on Abstract State Machines, Alloy, B, TLA, VDM, and Z

ABZ 2014: Abstract State Machines, Alloy, B, TLA, VDM, and Z pp 25–39Cite as

Why Amazon Chose TLA + 

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8477))

Abstract

Since 2011, engineers at Amazon have been using TLA +  to help solve difficult design problems in critical systems. This paper describes the reasons why we chose TLA +  instead of other methods, and areas in which we would welcome further progress.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abrial, J.-R.: Formal methods in industry: achievements, problems, future. In: 28th Intl. Conf. Software Engineering (ICSE), Shanghai, China, pp. 761–768. ACM (2006)

    Google Scholar 

  2. Abrial, J.-R.: Modeling in Event-B. Cambridge University Press (2010)

    Google Scholar 

  3. Abrial, J.-R., et al.: Rodin: an open toolset for modelling and reasoning in Event-B. STTT 12(6), 447–466 (2010)

    Article  Google Scholar 

  4. Alloy online tutorial: How to think about an alloy model: 3 levels, http://alloy.mit.edu/alloy/tutorials/online/sidenote-levels-of-understanding.html

  5. Event-B wiki: Industrial projects, http://wiki.event-b.org/index.php/Industrial_Projects

  6. Barr, J.: Amazon S3 – the first trillion objects. Amazon Web Services Blog (June 2012), http://aws.typepad.com/aws/2012/06/amazon-s3-the-first-trillion-objects.html

  7. Barr, J.: Amazon S3 – two trillion objects, 1.1 million requests per second. Amazon Web Services Blog (March 2013), http://aws.typepad.com/aws/2013/04/amazon-s3-two-trillion-objects-11-million-requests-second.html

  8. Batson, B., Lamport, L.: High-level specifications: Lessons from industry. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2002. LNCS, vol. 2852, pp. 242–261. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Bolosky, W.J., Douceur, J.R., Howell, J.: The Farsite project: a retrospective. Operating Systems Reviews 41(2), 17–26 (2007)

    Article  Google Scholar 

  10. Cohen, E., Moskal, M., Schulte, W., Tobies, S.: Local verification of global invariants in concurrent programs. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 480–494. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  11. Douceur, J., et al.: Memoir: Formal specs and correctness proof (2011), http://research.microsoft.com/pubs/144962/memoir-proof.pdf

  12. Hall, A.: Seven myths of formal methods. IEEE Software 7(5), 11–19 (1990)

    Article  Google Scholar 

  13. Holzmann, G.: Design and Validation of Computer Protocols. Prentice Hall, New Jersey (1991)

    Google Scholar 

  14. Jackson, D.: Personal communication (2014)

    Google Scholar 

  15. Jackson, D.: Software Abstractions, revised edition. MIT Press (2012), http://www.softwareabstractions.org/

  16. Lamport, L.: Comment on the history of the TLC model checker, http://research.microsoft.com/en-us/um/people/lamport/pubs/pubs.html#yuanyu-model-checking

  17. Lamport, L.: Summary of TLA + , http://research.microsoft.com/en-us/um/people/lamport/tla/summary.pdf

  18. Lamport, L.: The TLA +  Hyperbook, http://research.microsoft.com/en-us/um/people/lamport/tla/hyperbook.html

  19. Lamport, L.: The Temporal Logic of Actions. ACM Trans. Prog. Lang. Syst. 16(3), 872–923 (1994)

    Article  Google Scholar 

  20. Lamport, L.: Specifying Systems. Addison-Wesley (2002), http://research.microsoft.com/en-us/um/people/lamport/tla/book-02-08-08.pdf

  21. Lamport, L.: Fast Paxos. Distributed Computing 19(2), 79–103 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  22. Lamport, L.: Byzantizing Paxos by refinement. In: Peleg, D. (ed.) DISC 2011. LNCS, vol. 6950, pp. 211–224. Springer, Heidelberg (2011)

    Google Scholar 

  23. Lamport, L.: How to write a 21st century proof. Fixed Point Theory and Applications (2012)

    Google Scholar 

  24. Lamport, L., Merz, S.: Specifying and verifying fault-tolerant systems. In: Langmaack, H., de Roever, W.-P., Vytopil, J. (eds.) FTRTFT 1994 and ProCoS 1994. LNCS, vol. 863, pp. 41–76. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  25. Lamport, L., Sharma, M., Tuttle, M., Yu, Y.: The wildfire challenge problem (2001), http://research.microsoft.com/en-us/um/people/lamport/pubs/wildfire-challenge.pdf

  26. Lamport, L., Tuttle, M., Yu, Y.: The wildfire verification challenge problem [example of a specification from industry], http://research.microsoft.com/en-us/um/people/lamport/tla/wildfire-challenge.html

  27. Leinenbach, D., Santen, T.: Verifying the Microsoft Hyper-V Hypervisor with VCC. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 806–809. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  28. Lu, T., Merz, S., Weidenbach, C.: Towards verification of the Pastry protocol using TLA + . In: Bruni, R., Dingel, J. (eds.) FORTE 2011 and FMOODS 2011. LNCS, vol. 6722, pp. 244–258. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  29. Newcombe, C.: Debugging designs. Presented at the 14th Intl. Wsh. High-Performance Transaction Systems (2011), http://hpts.ws/papers/2011/sessions_2011/Debugging.pdf and associated specifications: http://hpts.ws/papers/2011/sessions_2011/amazonbundle.tar.gz

  30. Owre, S., et al.: Combining specification, proof checking, and model checking. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 411–414. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  31. Schwartz, B.: The paradox of choice, http://www.ted.com/talks/barry_schwartz_on_the_paradox_of_choice.html

  32. Zave, P.: Using lightweight modeling to understand Chord. Comp. Comm. Reviews 42(2), 49–57 (2012)

    Article  Google Scholar 

  33. Zave, P.: A practical comparison of Alloy and Spin. Formal Aspects of Computing (to appear, 2014), http://www2.research.att.com/~pamela/compare.pdf

Download references

Author information

Authors and Affiliations

  1. Amazon, Inc., USA

    Chris Newcombe

Authors
  1. Chris Newcombe
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. INP-ENSEEIHT/IRIT, 2 Rue Charles Camichel, BP 7122, 31071, Toulouse Cedex 7, France

    Yamine Ait Ameur

  2. Software Competence Center Hagenberg, Softwarepark 21, 4232, Hagenberg, Austria

    Klaus-Dieter Schewe

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Newcombe, C. (2014). Why Amazon Chose TLA +  . In: Ait Ameur, Y., Schewe, KD. (eds) Abstract State Machines, Alloy, B, TLA, VDM, and Z. ABZ 2014. Lecture Notes in Computer Science, vol 8477. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-43652-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-43652-3_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-43651-6

  • Online ISBN: 978-3-662-43652-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation