In Andy Grove’s High Output Management, on his experiences from management at Intel, he makes a comment about the value of writing “reports” in a business or organizational setting:| William Schultz
There have been many attempts to formalize the zoo of various transaction isolation and consistency concepts over the years. It is not always clear, though, to what extent these attempts have clarified things, especially when each approach has introduced new variations of complexity and formal notation. The rise of distributed storage and database systems and the need to reason about isolation in these contexts has likely worsened the situation.| William Schultz
Formal specifications havebecomea core part of rigorous distributed systems design and verification, but existing tools have still been lacking in providing good interfaces for interacting with, exploring, visualizing and sharing these specifications and models in a portable and effective manner. The TLA+ Web Explorer aims to address this shortcoming by providing a browser-based tool for exploring and visualizing formal specifications written in TLA+. It takes inspiration from past attempts a...| William Schultz
If we want to formally prove that a system satisfies some safety property (i.e. an invariant), we can do this by finding an inductive invariant. An inductive invariant is a particular type of invariant that is at least as strong as the target invariant to be proven, and is also inductive, meaning that it is closed under all transitions of the system.| William Schultz
| Protocols Made Fun
| Protocols Made Fun
In practice we specify a system’s behavior as the conjunction of a safety and liveness property \(S \wedge L\). The safety-liveness decomposition is fundamental, as shown by Alpern and Schneider. Describing a system as a conjunction of arbitrary safety and liveness properties, however, can be dangerous. Motivation Imagine we have a rectangular, two dimensional grid system, with an agent that starts at the bottom left of this rectangle i.e. at point \((0,0)\). The top right corner of the rec...| William Schultz