Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/informalsystems/quint

An executable specification language with delightful tooling based on the temporal logic of actions (TLA)
https://github.com/informalsystems/quint

apalache language quint specification tlaplus

Last synced: 2 months ago
JSON representation

An executable specification language with delightful tooling based on the temporal logic of actions (TLA)

Lists

README 

        



  

  Quint Lang





    Installation
    Documentation
    Community






    

        build badge

    

    

        Visual Studio Marketplace Version

    

    

        npm (scoped)

    

    

        telegram group

    






# The Quint specification language



Quint is a modern specification language that is a particularly good fit for

distributed systems, such as blockchain protocols, distributed databases, and

p2p protocols. Quint combines the robust theoretical basis of the [Temporal

Logic of Actions (TLA)][TLA] with state-of-the-art type checking and

development tooling.



### Example code in Quint :mrs_claus: :gift: :santa:



Here is a small, partial, holiday special specification of the [Secret

Santa](https://en.wikipedia.org/wiki/Secret_Santa) game:



``` bluespec

module secret_santa {

  const participants: Set[str]



  /// get(recipient_for_santa, S) is the recipient for secret santa S

  var recipient_for_santa: str -> str



  /// the bowl of participants, containing a paper piece for each participant name

  var bowl: Set[str]



  val santas = recipient_for_santa.keys()

  val recipients = participants.map(p => get(recipient_for_santa, p))



  /// The initial state

  action init = all {

    recipient_for_santa' = Map(), // No santas or recipients

    bowl' = participants,         // Every participant's name in the bowl

  }



  action draw_recipient(santa: str): bool = {

    nondet recipient = oneOf(bowl)

    all {

      recipient_for_santa' = put(recipient_for_santa, santa, recipient),

      bowl' = bowl.exclude(Set(recipient)),

    }

  }



  action step = all {

    bowl.size() > 0,

    nondet next_santa = oneOf(participants.exclude(santas))

    draw_recipient(next_santa)

  }



  val everyone_gets_a_santa = (bowl.size() == 0).implies(participants == recipients)



  val no_person_is_self_santa = santas.forall(person =>

    get(recipient_for_santa, person) != person

  )



  val invariant = everyone_gets_a_santa and no_person_is_self_santa

}



module quint_team_secret_santa {

  import secret_santa(participants = Set("Gabriela", "Igor", "Jure", "Shon", "Thomas")).*

}

```



We can use this specification to check whether certain properties needed for a

good game hold:



Checking if everyone gets a santa



Quint (with the help of [Apalache][apalache]) can check to ensure that after the bowl is

empty, every participant has a santa! No kids crying when the gifts are exchanged :gift:.



``` bluespec

echo '{ "checker": { "no-deadlocks": true } }' > config.json

quint verify quint_team_secret_santa.qnt --invariant=everyone_gets_a_santa --apalache-config=config.json

[ok] No violation found (2119ms).

You may increase --max-steps.

```



Checking if no one gets themself



This specification has no safeguards against people being their own santa! Quint

(with the help of [Apalache][apalache]) can easily find a minimal example where

this happens. Sorry kids, I hope you don't mind buying your own present :cry:!



``` bluespec

quint verify quint_team_secret_santa.qnt --invariant=no_person_is_self_santa

An example execution:



[State 0]

{

  quint_team_secret_santa::secret_santa::bowl: Set("Gabriela", "Igor", "Jure", "Shon", "Thomas"),

  quint_team_secret_santa::secret_santa::recipient_for_santa: Map()

}



[State 1]

{

  quint_team_secret_santa::secret_santa::bowl: Set("Igor", "Jure", "Shon", "Thomas"),

  quint_team_secret_santa::secret_santa::recipient_for_santa: Map("Gabriela" -> "Gabriela")

}



[violation] Found an issue (2047ms).

error: found a counterexample

```



[Apalache]: https://github.com/informalsystems/apalache

[TLA]: https://en.wikipedia.org/wiki/Temporal_logic_of_actions



### Features



  
A simple and familiar syntax



  
to support engineers reading and writing specifications



  
An expressive type system



  
to ensure the domain model is coherent



  
A novel effect system



  
to ensure state updates are coherent



  


IDE support via LSP


  
giving real time feedback when writing specifications



  
A REPL



  
enabling interactive exploration of specifications



  
A simulator



  
enabling tests, trace generation, and exploration of your system



  
A symbolic model checker


  
to verify your specifications via Apalache






### Motivation



Quint is inspired by [TLA+][] (the language) but provides an alternative surface

syntax for specifying systems in TLA (the logic). The most important feature of

our syntax is that it is minimal and regular, making Quint an easy target for

advanced developer tooling and static analysis (see our [design

principles](./doc/design-principles.md) and [previews](./doc/previews.md) of the

tooling).



The syntax also aims to be familiar to engineers:



- At the lexical level, it borrows many principles from C-like languages.

- At the syntax level, it follows many principles found in functional languages.

- At the semantic level, Quint extends the standard programming paradigm with

  non-determinism and temporal formulas, which allow concise specification of

  protocol environments such as networks, faults, and time.



Thanks to its foundation in TLA and its alignment with TLA+, Quint comes with

formal semantics built-in.



An example that highlights differences between Quint and TLA+



Quint:

```bluespec

type Status = Working | Prepared | Committed | Aborted



const ResourceManagers: Set[str]

var statuses: str -> Status



action init = {

  statuses' = ResourceManagers.mapBy(_ => Working)

}



val canCommit: bool = ResourceManagers.forall(rm => statuses.get(rm).in(Set(Prepared, Committed)))

val notCommitted: bool = ResourceManagers.forall(rm => statuses.get(rm) != Committed)



action prepare(rm) = all {

  statuses.get(rm) == Working,

  statuses' = statuses.set(rm, Prepared)

}

```



TLA+:

```tla

CONSTANT ResourceManagers

VARIABLE statuses



TCTypeOK == statuses \in [ResourceManagers -> {"working", "prepared", "committed", "aborted"}]



TCInit == statuses = [rm \in ResourceManagers |-> "working"]



canCommit == \A rm \in ResourceManagers : statuses[rm] \in {"prepared", "committed"}



notCommitted == \A rm \in ResourceManagers : statuses[rm] # "committed"



Prepare(rm) == /\ statuses[rm] = "working"

               /\ statuses' = [statuses EXCEPT ![rm] = "prepared"]

```



To learn more about Quint's motivation and design philosophy, watch this [15

minute presentation](https://youtu.be/OZIX8rs-kOA), delivered at Gateway to

Cosmos in 2023.



[TLA+]: https://lamport.azurewebsites.net/tla/tla.html



## Installation



1. Install the [latest published version from npm](https://www.npmjs.com/package/@informalsystems/quint):



    ``` sh

    npm i @informalsystems/quint -g

    ```



2. Install IDE support for your editor:



    - [VSCode](https://marketplace.visualstudio.com/items?itemName=informal.quint-vscode)

    - [Emacs](./editor-plugins/emacs/README.md)

    - [Vim](./editor-plugins/vim/README.md)



3. _Optionally_, you may also install the [VSCode plugin for visualizing

   traces](https://marketplace.visualstudio.com/items?itemName=informal.itf-trace-viewer).



## Community



- Join the chat in the [Telegram group](https://t.me/quint_lang) or in the [Zulip stream](https://informal-systems.zulipchat.com/#narrow/stream/378959-quint)

- Join the [Quint discussions on GitHub](https://github.com/informalsystems/quint/discussions)

- [Contribute your spell](./examples/spells/contribute-your-spell.md) to the collection of Quint spells

- [Contribute](./CONTRIBUTING.md) to the development of Quint

- Join or co-design meetings: We hold fortnightly meetings with users and those

  interested in contributing to the design and development of Quint. Contact us if

  you would like an invitation.



## Documentation



View the [Quint documentation](./doc#readme).



We aspire to having great, comprehensive documentation. At present, we have a

good start, but still far to go. Please try what we have available and share

with us any needs we have not yet been able to meet.



## On "Quint"



Quint is short for 'quintessence', from alchemy, which refers to the fifth

element. A lot of alchemy is about transmutation and energy, and Quint makes it

possible to transmute specifications into executable assets and empower ideas to

become referenced artifacts.



## Acknowledgments



Quint has been designed and developed by the [Apalache][] team: [Gabriela

Moreira](https://bugarela.com), [Igor Konnov](https://konnov.github.io/),

[Jure Kukovec](https://github.com/Kukovec), [Shon Feder](http://shonfeder.net),

and [Thomas Pani](https://thpani.net/). :heart:



Thanks for notable contributions goes to [Romain Ruetschi](https://romac.me/),

[Philip Offtermatt](https://p-offtermatt.github.io/), [Ivan Gavran](https://ivan-gavran.github.io/),

and, [Ranadeep Biswas](https://ranadeep.in/).



---



Quint is developed at [Informal Systems](https://informal.systems/).



Supported by the Vienna Business Agency.
[Vienna Business Agency](https://viennabusinessagency.at/)