A Definitional Encoding of TLA* in Isabelle/HOL

We mechanise the logic TLA∗ [8], an extension of Lamport’s Temporal Logic of Actions (TLA) [5] for specifying and reasoning about concurrent and reactive systems. Aiming at a framework for mechanising the verification of TLA (or TLA∗) specifications, this contribution reuses some elements from a previous axiomatic encoding of TLA in Isabelle/HOL by the second author [7], which has been part of the Isabelle distribution. In contrast to that previous work, we give here a shallow, definitional embedding, with the following highlights: ˆ a theory of infinite sequences, including a formalisation of the concepts of stuttering invariance central to TLA and TLA*; ˆ a definition of the semantics of TLA*, which extends TLA by a mutually-recursive definition of formulas and pre-formulas, generalising TLA action formulas; ˆ a substantial set of derived proof rules, including the TLA* axioms and Lamport’s proof rules for system verification; ˆ a set of examples illustrating the usage of Isabelle/TLA* for reasoning about systems. Note that this work is unrelated to the ongoing development of a proof system for the specification language TLA+, which includes an encoding of TLA+ as a new Isabelle object logic [1]. A previous version of this embedding has been used heavily in the work described in [4].