Software is becoming more about proofs. With well written FP code, you can prove at compile time that your software cannot enter certain pathological states.
Well, the world of architecture is moving in that direction, too.
Introducing TLA+
TLA+ is an attempt to help architects and developers to write bullet-proof systems. It's particularly useful in the domain of distributed computing.
"Distributed algorithms and protocols are hard to get right, especially, when they have to tolerate faults. One of the reasons is that distributed algorithms vary in their assumptions about thedistributed system: the communication medium, system synchrony, possible faults, etc. ... [TLA] offers a rich syntaxfor sets, functions, tuples, records, and sequences on top of first-order logic"TLA+ Model Checking Made Symbolic
It's already being used in architecting Kafka.
Propositional Logic
In propositional logic, "there are only two values, TRUE and FALSE. To learn how to compute with these values, all you need to know are the ... definitions of the five Boolean operators"[1]: ∧, ∨, ¬, ≡ and ⇒.
The first four are AND, OR, NOT and EQUALS, so nothing special there. The last one (the implies operator) is tricksy. Its truth table looks like this:
| F | G | F⇒G |
| TRUE | TRUE | TRUE |
| FALSE | TRUE | TRUE |
| FALSE | FALSE | TRUE |
| TRUE | FALSE | FALSE |
To help understand it, let's look at this example formula:
(n > 3) ⇒ (n > 1)
The first three rows of the truth table simply describe n>3, 1<n≤3 and n≤1.
The last row is when n>3 but not n>1 which is clearly wrong, hence FALSE.
Now, say you were asked to prove that:
(F⇒G) ≡ (¬F∨G)
is a tautology. You could write out all the truth tables which would be laborious. "However, computers are better at doing this sort of calculation."[1]
Very nice, but what's the application?
You can find a very nice model of some Kafka functionality here on GitHub. You can open this in the IDE called TLA+ Toolbox. It looks like this:
The language is pretty straight forward. For instance, pre-pending formulas with operators like /\ is syntactic sugar for removing wide parenthesis and EXTENDS seems to be like import in Java and Scala. You can find some blogs to learn more about it here [LearnTLA], here [Anton Sookocheff's blog] and here [Jack Van Lightly's blog].
The Toolbox can turn this into a more readable PDF (more readable for mathematicians anyway):
You can then "run" your model by giving it initial parameters. The Toolbox will then explore its state space. Interestingly, Hillel Wayne in this video descibes the path through the states as a description of the behavious of a system.
Another video can be found here and the transcript to Lamport's own presentation can be found here.
Conclusion
TLA+ looks like it could turn the IT architecture industry into something more than "it feels kinda right" that we see at the moment. One only hopes that its adoption in projects like Kafka will encourage other people to learn it. Me - I've only taken the first few steps.
[1] Specifying Systems, Dr Leslie Lamport
No comments:
Post a Comment