Open ghost opened 10 years ago
That's an interesting request. I think your high level goal is to be able to check if this implementation is correct with respect to the protocol description. Assuming you get a spec, are you planning on checking with the model checker? Are you after a spec of zab so that you can use for a refine mapping? Just writing a spec might help to catch some bugs, but it isn't going to tell you for sure whether it is right or wrong.
I was originally thinking to specify our implementation and check it against the model checker. It would also be interesting to have a spec for zab itself.
We try to follow the zab paper carefully, but we might make wrong assumptions that impact the correctness of our implementation. It would be nice to have a TLA+ specification for javazab.
http://research.microsoft.com/en-us/um/people/lamport/tla/tla.html https://ramcloud.stanford.edu/~ongaro/raft.tla