Basic network modeling prototypes

ahelwer · ahelwer · commit d2926ff15ec1 · 2026-04-05T14:20:00.000-07:00
Signed-off-by: Andrew Helwer &lt;ahelwer@pm.me&gt;
diff --git a/specifications/NetworkModeling/ByzantineGenerals.tla b/specifications/NetworkModeling/ByzantineGenerals.tla
@@ -0,0 +1,104 @@
+------------------------ MODULE ByzantineGenerals ---------------------------
+CONSTANTS Generals
+
+VARIABLES network, confirmations
+
+Vars ≜ ⟨network, connection⟩
+
+CommandMessageType ≜ "Command"
+CommandMessage ≜ [
+  type    : {CommandMessageType},
+  sender  : Node
+]
+
+ConfirmMessageType ≜ "Confirm"
+ConfirmMessage ≜ [
+  type    : {ConfirmMessageType},
+  sender  : Node
+]
+
+MessageType ≜ {CommandMessageType, ConfirmMessageType}
+Message ≜ CommandMessage ∪ ConfirmMessage
+
+INSTANCE Network WITH Ordered ← FALSE, Duplicates ← TRUE, Loss ← TRUE
+
+TypeOK ≜
+  ∧ network ∈ [Node → PendingMessage]
+  ∧ connection ∈ [Node → SUBSET Node]
+
+Termination ≜ ∀ src, dst ∈ Node : dst ∈ connection[src]
+
+Liveness ≜ □◇Termination
+
+SendSynMessage(src, dst) ≜
+  ∧ dst ∉ connection[src]
+  ∧ ∃ success ∈ BOOLEAN :
+    network' = [
+      network EXCEPT
+        ![dst] = SendMessage(@, src, success, [
+          type    ↦ SynMessageType,
+          sender  ↦ src
+        ])
+      ]
+  ∧ UNCHANGED connection
+
+ProcessSynMessage(recipient, sender, msg, success) ≜
+  ∧ msg.type = SynMessageType
+  ∧ ∃ duplicate ∈ BOOLEAN :
+    network' = [
+      network EXCEPT
+        ![recipient] = ReceiveMessage(@, sender, duplicate, msg),
+        ![sender] = SendMessage(@, recipient, success, [
+          type    ↦ AckMessageType,
+          sender  ↦ recipient
+        ])
+      ]
+  ∧ UNCHANGED connection
+
+ProcessAckMessage(recipient, sender, msg) ≜
+  ∧ msg.type = AckMessageType
+  ∧ ∃ duplicate ∈ BOOLEAN :
+    network' = [
+      network EXCEPT
+        ![recipient] = ReceiveMessage(@, sender, duplicate, msg)
+      ]
+  ∧ connection' = [connection EXCEPT ![recipient] = @ ∪ {sender}]
+
+ProcessMessage(recipient, sender, message_type, success) ≜
+  ∃ msg ∈ PeekMessage(network[recipient]) :
+    ∧ msg.type = message_type
+    ∧ msg.sender = sender
+    ∧ ∨ ProcessSynMessage(recipient, sender, msg, success)
+      ∨ ProcessAckMessage(recipient, sender, msg)
+
+Terminate ≜
+  ∧ Termination
+  ∧ UNCHANGED ⟨network, connection⟩
+
+Init ≜
+  ∧ network = [n ∈ Node ↦ NoPendingMessages]
+  ∧ connection = [n ∈ Node ↦ {}]
+
+Next ≜
+  ∨ ∃ src, dst ∈ Node : SendSynMessage(src, dst)
+  ∨ ∃ recipient, sender ∈ Node :
+    ∃ message_type ∈ MessageType :
+      ∃ success ∈ BOOLEAN :
+        ProcessMessage(recipient, sender, message_type, success)
+  ∨ Terminate
+
+Fairness ≜
+  ∧ ∀ src, dst ∈ Node : WF_Vars(SendSynMessage(src, dst))
+  ∧ ∀ recipient, sender ∈ Node :
+    SF_Vars(ProcessMessage(recipient, sender, SynMessageType, TRUE))
+  ∧ ∀ recipient, sender ∈ Node :
+    ∀ success ∈ BOOLEAN :
+      WF_Vars(ProcessMessage(recipient, sender, AckMessageType, success))
+
+Spec ≜
+  ∧ Init
+  ∧ □[Next]_Vars
+  ∧ Fairness
+
+=============================================================================
+
diff --git a/specifications/NetworkModeling/CommunicatingSequentialProcesses.cfg b/specifications/NetworkModeling/CommunicatingSequentialProcesses.cfg
@@ -0,0 +1,5 @@
+CONSTANT Node = {n1, n2}
+INVARIANT TypeOK
+PROPERTY Liveness
+SPECIFICATION Spec
+
diff --git a/specifications/NetworkModeling/CommunicatingSequentialProcesses.tla b/specifications/NetworkModeling/CommunicatingSequentialProcesses.tla
@@ -0,0 +1,104 @@
+----------------- MODULE CommunicatingSequentialProcesses -------------------
+CONSTANTS Node
+
+VARIABLES network, connection
+
+Vars ≜ ⟨network, connection⟩
+
+SynMessageType ≜ "SYN"
+SynMessage ≜ [
+  type    : {SynMessageType},
+  sender  : Node
+]
+
+AckMessageType ≜ "ACK"
+AckMessage ≜ [
+  type    : {AckMessageType},
+  sender  : Node
+]
+
+MessageType ≜ {SynMessageType, AckMessageType}
+Message ≜ SynMessage ∪ AckMessage
+
+INSTANCE Network WITH Ordered ← FALSE, Duplicates ← TRUE, Loss ← TRUE
+
+TypeOK ≜
+  ∧ network ∈ [Node → PendingMessage]
+  ∧ connection ∈ [Node → SUBSET Node]
+
+Termination ≜ ∀ src, dst ∈ Node : dst ∈ connection[src]
+
+Liveness ≜ □◇Termination
+
+SendSynMessage(src, dst) ≜
+  ∧ dst ∉ connection[src]
+  ∧ ∃ success ∈ BOOLEAN :
+    network' = [
+      network EXCEPT
+        ![dst] = SendMessage(@, src, success, [
+          type    ↦ SynMessageType,
+          sender  ↦ src
+        ])
+      ]
+  ∧ UNCHANGED connection
+
+ProcessSynMessage(recipient, sender, msg, success) ≜
+  ∧ msg.type = SynMessageType
+  ∧ ∃ duplicate ∈ BOOLEAN :
+    network' = [
+      network EXCEPT
+        ![recipient] = ReceiveMessage(@, sender, duplicate, msg),
+        ![sender] = SendMessage(@, recipient, success, [
+          type    ↦ AckMessageType,
+          sender  ↦ recipient
+        ])
+      ]
+  ∧ UNCHANGED connection
+
+ProcessAckMessage(recipient, sender, msg) ≜
+  ∧ msg.type = AckMessageType
+  ∧ ∃ duplicate ∈ BOOLEAN :
+    network' = [
+      network EXCEPT
+        ![recipient] = ReceiveMessage(@, sender, duplicate, msg)
+      ]
+  ∧ connection' = [connection EXCEPT ![recipient] = @ ∪ {sender}]
+
+ProcessMessage(recipient, sender, message_type, success) ≜
+  ∃ msg ∈ PeekMessage(network[recipient]) :
+    ∧ msg.type = message_type
+    ∧ msg.sender = sender
+    ∧ ∨ ProcessSynMessage(recipient, sender, msg, success)
+      ∨ ProcessAckMessage(recipient, sender, msg)
+
+Terminate ≜
+  ∧ Termination
+  ∧ UNCHANGED ⟨network, connection⟩
+
+Init ≜
+  ∧ network = [n ∈ Node ↦ NoPendingMessages]
+  ∧ connection = [n ∈ Node ↦ {}]
+
+Next ≜
+  ∨ ∃ src, dst ∈ Node : SendSynMessage(src, dst)
+  ∨ ∃ recipient, sender ∈ Node :
+    ∃ message_type ∈ MessageType :
+      ∃ success ∈ BOOLEAN :
+        ProcessMessage(recipient, sender, message_type, success)
+  ∨ Terminate
+
+Fairness ≜
+  ∧ ∀ src, dst ∈ Node : WF_Vars(SendSynMessage(src, dst))
+  ∧ ∀ recipient, sender ∈ Node :
+    SF_Vars(ProcessMessage(recipient, sender, SynMessageType, TRUE))
+  ∧ ∀ recipient, sender ∈ Node :
+    ∀ success ∈ BOOLEAN :
+      WF_Vars(ProcessMessage(recipient, sender, AckMessageType, success))
+
+Spec ≜
+  ∧ Init
+  ∧ □[Next]_Vars
+  ∧ Fairness
+
+=============================================================================
+
diff --git a/specifications/NetworkModeling/Network.tla b/specifications/NetworkModeling/Network.tla
@@ -0,0 +1,86 @@
+------------------------------ MODULE Network -------------------------------
+(***************************************************************************)
+(* NETWORKING OPERATIONS                                                   *)
+(*                                                                         *)
+(* Various network-related operations (send & receiving messages, etc.)    *)
+(* and their adaptations for sequential vs. unordered messaging models.    *)
+(*                                                                         *)
+(***************************************************************************)
+
+LOCAL INSTANCE Naturals
+LOCAL INSTANCE Sequences
+
+CONSTANTS
+  Node,
+  Message,
+  Ordered,
+  Duplicates,
+  Loss
+
+ASSUME
+  ∧ Node ≠ {}
+  ∧ Message ≠ {}
+  ∧ Ordered ∈ BOOLEAN
+  ∧ Duplicates ∈ BOOLEAN
+  ∧ Loss ∈ BOOLEAN
+
+\* Converts a sequence into an unordered set of unique elements
+SeqToSet(seq) ≜ {seq[i] : i ∈ 1 ‥ Len(seq)}
+
+\* Transforms every element of a sequence with some operator
+MapSeq(seq, f(_)) ≜ [i ∈ 1 ‥ Len(seq) ↦ f(seq[i])]
+
+\* The set of all possible pending messages; useful for type invariants
+PendingMessage ≜
+  IF Ordered
+  THEN [Node → Seq(Message)]
+  ELSE SUBSET Message
+
+\* The set of messages currently pending at a node
+CurrentlyPendingMessages(pending) ≜
+  IF Ordered
+  THEN UNION {SeqToSet(pending[n]) : n ∈ Node}
+  ELSE pending
+
+\* Transforms all pending messages with some operator
+MapPendingMessages(pending, f(_)) ≜
+  IF Ordered
+  THEN [n ∈ Node ↦ MapSeq(pending[n], f)]
+  ELSE {f(msg) : msg ∈ pending}
+
+\* The state of having no pending messages; useful for initial states
+NoPendingMessages ≜
+  IF Ordered
+  THEN [n ∈ Node ↦ ⟨⟩]
+  ELSE {}
+
+\* Add a message to the pending messages at the recipient node
+SendMessage(pending, sender, success, msg) ≜
+  IF Loss ∧ ¬success
+  THEN pending
+  ELSE IF Ordered
+    THEN [pending EXCEPT ![sender] = Append(@, msg)]
+    ELSE pending ∪ {msg}
+
+\* Get the next message to be received
+PeekMessage(pending) ≜
+  IF Ordered
+  THEN {Head(pending[n]) : n ∈ {n ∈ Node : pending[n] ≠ ⟨⟩}}
+  ELSE pending
+
+\* Mark a message as having been received
+ReceiveMessage(pending, sender, duplicate, msg) ≜
+  IF Duplicates ∧ duplicate
+  THEN pending
+  ELSE IF Ordered
+    THEN [pending EXCEPT ![sender] = Tail(@)]
+    ELSE pending \ {msg}
+
+\* Re-enqueue a message to be processed at a later time
+ReEnqueueMessage(pending, sender, msg) ≜
+  IF Ordered
+  THEN [pending EXCEPT ![sender] = Append(Tail(@), msg)]
+  ELSE pending
+
+=============================================================================
+
diff --git a/specifications/NetworkModeling/check/CommunicatingSequentialProcesses.cfg b/specifications/NetworkModeling/check/CommunicatingSequentialProcesses.cfg
@@ -0,0 +1,5 @@
+CONSTANT Node = {n1, n2}
+INVARIANT TypeOK
+PROPERTY Liveness
+SPECIFICATION Spec
+
