Translating B to TLA+ for validation with TLC

Abstract

The state-based formal methods B and TLA+ share the common base of predicate logic, arithmetic and set theory. However, there are still considerable differences, such as the way to specify state transitions, the different approaches to typing, and the available tool support. In this paper, we present a translation from B to TLA+ so as to validate B specifications using the model checker TLC. The translation includes many adaptations and optimizations to allow for efficient checking by TLC. Moreover, we present a way to validate liveness properties for B specifications under fairness conditions. Our implemented translator, Tlc4B, automatically translates a B specification to TLA+, invokes the model checker TLC, and translates the results back to B. We use ProB to double check the counter examples produced by TLC and replay them in the ProB animator. Tlc4B can also transmit constant values, precalculated by ProB, to TLC. This allows the user to combine the strength of both tools, i.e. ProB's constraint solving abilities and TLC's highly tuned model checking core. Furthermore, we demonstrate an approach to optimize the model checking process by encoding proof information in the translated TLA+ specification. We also present a series of case studies and benchmark tests comparing Tlc4B and ProB.