pragmaticformalmodeling icon indicating copy to clipboard operation
pragmaticformalmodeling copied to clipboard

Published 20 hours ago verified publisher icon ElliotSwart

Weak property cacherequirements!DatabaseAndCacheConsistent

Open lemmy opened this issue 2 years ago • 0 comments

https://github.com/ElliotSwart/pragmaticformalmodeling/blob/ea86b1b5852d49d60d82d944e4807774392e1414/caching/naive-model/cacherequirements.tla#L32

Checking the property []<>DatabaseAndCacheConsistent with the definition where cache misses are permissible (above), is satisfied by, e.g., the trivial system of an always empty cache. For example, []<>DatabaseAndCacheConsistent holds with the CacheStartReadThroughFill disjunct removed from cacheinvalidationv3!CacheFairness. However, removing \/ cache[k] \in CacheMiss would obviously make the property too strong, since it would require all keys to be added to the cache.

The following two properties pass for cacheinvalidationv3, and appear to trigger the same counterexamples (please verify) for facebookcacheinvalidation, cacheinvalidationv1, and cacheinvalidationv2:

RepeatedlyCacheUsed ==
    []<>\E k \in DOMAIN cache: cache[k] \in CacheHit

RepeatedlyInSync ==
    []<>\A k \in DOMAIN cache: cache[k] \in CacheHit => cache[k].version = database[k]

PS: Nice real-world tutorial on TLA+!

lemmy avatar Oct 07 '22 01:10 lemmy