I want to run Raft's TLA+ implementation, so I build a new Module, and set up like the following:
However, TLC generates lots of states, and it seems that it will never stop.
And it occur to me that maybe I should limit the length of messages and some other variables, according to Lamport's Lecture 09.
So I add the following code to "State Constraint"
Len(messages) =< 10
However, it now throws the following error
TLC threw an unexpected exception.
This was probably caused by an error in the spec or model.
See the User Output or TLC Console for clues to what happened.
The exception was a java.lang.RuntimeException
: tlc2.tool.EvalException:
The argument of Len should be a sequence, but instead it is:
( [ mtype |-> RequestVoteRequest,
mterm |-> 2,
mlastLogTerm |-> 0,
mlastLogIndex |-> 0,
msource |-> r2,
mdest |-> r1 ] :>
1 )
The error occurred when TLC was evaluating the nested
expressions at the following positions:
0. /\ Len(messages) =< 10
1. Len(messages) =< 10
2. Len(messages)
And I am confused about this. My question is how can I run TLC on Raft's TLA Spec correctly?
--- UPDATE --- I find a config in Issue 1
CONSTANTS Server = {r1,r2,r3}
Value = {v1,v2}
Follower = Follower
Candidate = Candidate
Leader = Leader
Nil = Nil
RequestVoteRequest = RequestVoteRequest
RequestVoteResponse = RequestVoteResponse
AppendEntriesRequest = AppendEntriesRequest
AppendEntriesResponse = AppendEntriesResponse
TLC_MAX_TERM = 3
TLC_MAX_ENTRY = 1
TLC_MAX_MESSAGE = 1
\* PNat = {1,2,3,4,5}
\* Nat = {0,1,2,3,4,5}
\*SYMMETRY Perms
SPECIFICATION Spec
\*CONSTRAINT TermConstraint
\*CONSTRAINT LogConstraint
\*CONSTRAINT MessageConstraint
\*INVARIANT AtMostOneLeaderPerTerm
\*INVARIANT TermAndIndexDeterminesLogPrefix
\*INVARIANT StateMachineSafety
\*INVARIANT NewLeaderHasCompleteLog
\*INVARIANT CommitInOrder
\*INVARIANT MessageTypeInv
\*INVARIANT TypeInv
However, I don't know how to use it, because I don't have definitions such as TermConstraint and so on.
