-
Notifications
You must be signed in to change notification settings - Fork 5
/
hpcha.tla
90 lines (74 loc) · 3.38 KB
/
hpcha.tla
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
------------------------------- MODULE hpcha -------------------------------
EXTENDS Integers, FiniteSets
CONSTANT SERVER
VARIABLE serverState
VARIABLE currentLeader
VARIABLE serverHeartBeat
vars == <<serverState, currentLeader, serverHeartBeat>>
TypeOK ==
/\ serverState \in [SERVER -> {"follower", "leader"}]
/\ serverHeartBeat \in [SERVER -> {"heartbeating", "stopped"}]
/\ currentLeader \subseteq SERVER
Init ==
/\ serverState = [s \in SERVER |-> "follower"]
/\ serverHeartBeat = [s \in SERVER |-> "stopped"]
/\ currentLeader = {}
StartHeartBeat(s) ==
/\ \/ currentLeader = {}
\/ serverState[s] = "leader"
/\ serverHeartBeat' = [serverHeartBeat EXCEPT ![s] = "heartbeating"]
/\ UNCHANGED <<currentLeader, serverState>>
StopHeartBeat(s) ==
/\ currentLeader # {}
/\ s \notin currentLeader
/\ serverHeartBeat' = [serverHeartBeat EXCEPT ![s] = "stopped"]
/\ UNCHANGED <<currentLeader, serverState>>
(***************************************************************************)
(* ServerCrash should always trigger LeaderLost to ensure safety. This *)
(* can be guaranteed in implementation by generate new server ID on *)
(* restart. *)
(***************************************************************************)
ServerCrach(s) ==
/\ serverState' = [serverState EXCEPT ![s] = "follower"]
/\ serverHeartBeat' = [serverHeartBeat EXCEPT ![s] = "stopped"]
/\ currentLeader' = currentLeader \ {s}
StepUp(s) ==
/\ serverState[s] = "follower"
/\ s \in currentLeader
/\ serverState' = [serverState EXCEPT ![s] = "leader"]
/\ UNCHANGED <<currentLeader, serverHeartBeat>>
LeaderLost ==
/\ currentLeader # {}
/\ \E s \in currentLeader:
/\ serverHeartBeat[s] = "stopped"
/\ currentLeader' = currentLeader \ {s}
/\ UNCHANGED <<serverState, serverHeartBeat>>
LeaderElected ==
/\ currentLeader = {}
/\ \E s \in SERVER:
/\ serverHeartBeat[s] = "heartbeating"
/\ currentLeader' = currentLeader \cup {s}
/\ UNCHANGED <<serverHeartBeat, serverState>>
Next ==
\/ LeaderElected \/ LeaderLost
\/ \E s \in SERVER: \/ ServerCrach(s)
\/ StartHeartBeat(s)
\/ StopHeartBeat(s)
\/ StepUp(s)
SingleLeaderElected == Cardinality(currentLeader) <= 1
SingleLeaderStepUp == \/ \E s \in SERVER: /\ serverState[s] = "leader"
/\ \A s2 \in SERVER \ {s}: serverState[s2] = "follower"
\/ \A s \in SERVER: serverState[s] = "follower"
Spec == Init /\ [][Next]_vars
FairSpec == /\ Spec
/\ SF_vars(LeaderElected) /\ WF_vars(LeaderLost)
/\ \A s \in SERVER: /\ SF_vars(StepUp(s))
/\ WF_vars(StartHeartBeat(s))
/\ WF_vars(StopHeartBeat(s))
EventualHeartBeat == currentLeader = {} ~> (\E s \in SERVER: serverHeartBeat[s] = "heartbeating")
EventualElected == (\E s \in SERVER: serverHeartBeat[s] = "heartbeating") ~> currentLeader # {}
EventualStepUp == currentLeader # {} ~> (\E s \in SERVER: serverState[s] = "leader")
=============================================================================
\* Modification History
\* Last modified Mon Jun 17 10:22:28 CST 2019 by zihche
\* Created Wed Jun 12 18:37:17 CST 2019 by zihche