tla-sbuilder 0.1.0

data/src/pet/operator_responses.tla

@@ -0,0 +1,8 @@
+(* ******************************************************************
+
+Status messages
+
+******************************************************************)
+
+\* Error response object created (message left unused)
+ResponseError( code, message ) == [ code |-> code,  message |-> Nil ]

data/src/pet/operator_tag_exists.tla

@@ -0,0 +1,2 @@
+
+ValidTagExists( tag ) == \E entry \in  v_tags: entry.tag = tag /\ ValidOwner( entry.owner ) 

data/src/pet/operator_tag_owner_validated.tla

@@ -0,0 +1,2 @@
+\* Owner is validated if 'ValidOwner' exists having the same name as the 'owner' 
+TagOwnerValidated( owner ) == \E existing_tag \in v_tags: existing_tag.owner.name = owner.name /\ ValidOwner( existing_tag.owner )

data/src/pet/operator_tag_referenced.tla

@@ -0,0 +1,4 @@
+(*
+*  @return TRUE iff 'tag' referenced for some pet in state variable 'v_pets'
+*)
+TagReferenced( tag ) == \E pet \in v_pets : pet.tag = tag

data/src/pet/operator_valid_owner.tla

@@ -0,0 +1,17 @@
+(*
+ *  Valid address defines all fields
+ *)
+
+ValidAddress( address ) == address.street # Nil
+                        /\ address.city # Nil
+
+
+(*
+* Valid owner defines 'name' and has 'ValidAddress'
+*)
+ValidOwner( owner ) == owner.name # Nil /\ ValidAddress( owner.address )
+
+
+
+
+

data/src/pet/operator_valid_pet.tla

@@ -0,0 +1,6 @@
+\* All pets should have a name
+ValidatePetData( pet ) == pet.name # Nil
+
+
+\* All pet entries should have id and valid data
+ValidatePet( pet ) == pet.id # Nil  /\ ValidatePetData( pet )

data/src/pet/operator_valid_tag.tla

@@ -0,0 +1,5 @@
+(*
+   TODO: add rules for validatation
+*)
+ValidateTagData( tag ) == TRUE
+

data/src/pet/possibility

@@ -0,0 +1,18 @@
+{{!
+
+    Define operator possibilities.
+
+    To activate the operators add per setup add name of the operator
+    to 'possibilities' arrays
+
+    setups:
+      - setupDirectory: setup1
+        possibilities:
+          - poss1
+          - poss2
+
+
+}}
+
+{{>possibility_at_least_two_tags.tla}}
+{{>possibility_invalid_tag_address.tla}}

data/src/pet/possibility_at_least_two_tags.tla

@@ -0,0 +1,12 @@
+(*
+
+   Define an operator 'at_least_two_tags' to check that
+   at least two entries are found in state variable 'v_tags'.
+
+   Having more than just one tag makes checking owner address coherence
+   more intersting.
+
+*)
+
+
+at_least_two_tags == Cardinality( v_tags ) > 1

data/src/pet/possibility_invalid_tag_address.tla

@@ -0,0 +1,8 @@
+(*
+
+   TRUE if state variable 'v_tags' has an entry with invalid owner address.
+
+*)
+
+tag_with_invalid_address == \E tag \in v_tags:  ~ValidAddress( tag.owder.address )
+

data/src/pet/service

@@ -0,0 +1,35 @@
+{{!
+
+   Procedures implmenting interface services.
+
+   Notice: Procedure is not necassarily needed if
+   service is fully implemented in interface entry-macro
+   (see interfaces_entry)
+
+
+   For example:
+
+   procedure delete_pet( delete_pet_input ) {
+
+     delete_pet_start:
+
+         \* transaction
+         delete_pet_trans( delete_pet_input );
+
+        return;
+   }
+
+   
+
+}}
+
+{{>service_pet_post.tla}}
+{{>service_pet_get.tla}}
+{{>service_pet_delete.tla}}
+{{>service_tag_post.tla}}
+{{>service_tag_put.tla}}
+
+
+
+
+

data/src/pet/service_pet_delete.tla

@@ -0,0 +1,11 @@
+procedure s_delete_pet( delete_pet_input ) {
+
+delete_pet_start:
+
+  {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}}print <<"Pet delete", delete_pet_input, v_pets >>;
+  
+  \* transaction
+  delete_pet_trans( delete_pet_input );
+
+  return;
+}

data/src/pet/service_pet_get.tla

@@ -0,0 +1,27 @@
+(******************************************************************
+ Read pet by id
+
+ Data returned is validate. A system error is raised if validation
+ not successfull.
+
+******************************************************************)
+
+
+procedure s_get_pet( get_pet_input ) {
+
+  get_pet_start:
+
+  {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}}print <<"Pet get", get_pet_input >>;
+
+  if ( \A pet \in PetStore_GetPetById( get_pet_input.id ): ValidatePet(  pet ) ) {
+      {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}}print <<"--> get ok", PetStore_GetPetById( get_pet_input.id )>>;
+      skip; 
+  }
+  else {
+      pet_system_error( "Data integrity violated" );
+  };
+
+  get_pet_ret:
+
+  return;
+}

data/src/pet/service_pet_post.tla

@@ -0,0 +1,78 @@
+(* ******************************************************************
+   Petstore post_pet: creates a new pet entry
+
+   - validate input
+      - validation ok    --> enter_pet to database
+      - validation error --> raise an application error "pet input not valid"
+
+ * ******************************************************************)
+procedure s_post_pet( input ) {
+
+  pet_post_start:
+
+       {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}} print <<"Pet post, input=", input >>;
+
+       (* Valid input received *)
+       if ( ~ValidatePetData( input.pet ) ) {
+           pet_application_error( "Invalid input" );
+       	  return;
+       };
+
+  pet_post_data_valid:
+
+       (* Referential integrity pet.tag --> tag.tag *)
+       if (  ~ValidTagExists( input.pet.tag ) ) {
+           {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}} print <<"Pet post, v_tags=", v_tags >>;
+           pet_application_error( "Tag not found" );
+       	   return;
+       };
+
+
+  pet_post_tag_exist:
+
+       if (  PetStore_GetPetByTag( input.pet.tag ) # {} ) {
+
+           {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}} print <<"Pet post, tag-not free, v_pets=", v_pets >>;
+           pet_application_error( "Tag not free" );
+       	   return;
+       };
+
+
+  pet_post_tag_valid_and_used:
+
+
+  
+
+       (* Generate id using infrastructure service /id/{type}(get) *)
+       call infrastructure_id_get( "pet" );
+       
+  post_pet_id_generated:
+
+      (* Id generation failure? *)
+      if ( InfrastructureServiceGetStatus( "/id/{type}(get)" ) # "status_200" ) {
+
+           {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}} print <<"Pet post, v_ids=", v_ids >>;
+
+           pet_application_error( "no id " );
+	   return;
+
+      };
+
+  post_pet_ok:
+
+      assert(     InfrastructureServiceGetStatus( "/id/{type}(get)" ) = "status_200"
+	           /\  ValidatePet( New_Pet( input.pet, InfrastructureServiceGetResponse( "/id/{type}(get)" ).id ) )
+       );
+
+
+        (* Database transaction: create pet *) 
+       enter_pet( New_Pet( input.pet, InfrastructureServiceGetResponse( "/id/{type}(get)" ).id ));
+
+       {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}} print <<"Pet post, SUCCESS!!, v_pets=", v_pets >>;
+      
+  pet_post_done:
+  
+       return;
+  
+}; \* post_pet
+

data/src/pet/service_tag_post.tla

@@ -0,0 +1,53 @@
+(*
+ * @param input.tag: t_Owner: of the new tag.
+ *
+ * Notice: owner name invalid if 'Nil'
+ *         owner address invalid if any fields 'Nil'
+ *)
+procedure s_post_tag( input ) {
+
+  post_tag_start:
+
+       {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}} print <<"Tag post, input=", input >>;
+
+       (* Validata input *)
+       if ( ~ValidateTagData( input.tag ) ) {
+             pet_application_error( "tag data not valid" );
+             return;
+       };
+
+  post_tag_validated_input:
+
+       (* Owner invalidation now allowed if Owner has already been validated  *)
+       if ( TagOwnerValidated( input.tag ) /\ ~ValidOwner( input.tag ) ) {
+
+             {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}} print <<"Tag post, existing owners=", FindTagsByOwnerName( input.tag ) >>;
+             pet_application_error( "Owner invalidation not allowed" );
+             return;
+       };
+
+  post_tag_data_validated:
+
+       (* Generate id using infrastructure service /id/{type}(get) *)
+       call infrastructure_id_get( "tag" );
+
+  post_tag_id_generated:
+  
+       (* Id generation failure? *)
+       if ( InfrastructureServiceGetStatus( "/id/{type}(get)" ) # "status_200" ) {
+    
+              {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}} print <<"Tag post, v_ids=", v_ids >>;
+              pet_application_error( "no id " );
+              return;
+       };
+
+
+  post_tag_ok:
+
+       (* All checks passed: enter into database *) 
+       enter_tag( New_Tag( input.tag, InfrastructureServiceGetResponse( "/id/{type}(get)" ).id ) );
+
+  post_tag_done:
+
+       return;
+}

data/src/pet/service_tag_put.tla

@@ -0,0 +1,82 @@
+(*
+ * @param input.tag: t_Owner: of the tag
+ *)
+procedure s_put_tag( input ) {
+
+  put_tag_start:
+
+       {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}} print <<"Tag put, input=", input >>;
+
+       (* Ensure that tag exists in the database *)
+       if ( Cardinality( GetTagtByIdentity( input.tag.tag ) ) # 1  ) {
+
+          pet_application_error( "unkown tag updated" );
+       	  return;
+	  
+       };
+
+  put_tag_exists:
+
+       (* Validate input *)
+       if ( ~ValidateTagData( input.tag ) ) {
+             pet_application_error( "tag data not valid" );
+	     return;
+       };
+
+
+  put_tag_validated_input:
+
+       (* Tag is referenced in pets --> not allowed to invalidate (set to Nil) name *)
+       
+       {{#PREFERENCES.error-invalidate-name}}
+
+       \* replace correct code will null operation
+       skip;
+
+
+       (* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+          ERRROR
+
+        Invariant ValidReferecendTag is violated because we do not check
+	whether tag  is referenced by some pet, when we are invalidating
+	owner name i.e. setting it to nil
+        pet to Nil
+
+       {{/PREFERENCES.error-invalidate-name}}
+
+       if ( input.tag.owner.name = Nil /\ TagReferenced( input.tag.tag ) ) {
+	     
+             pet_application_error( "Name invalidation not allowed" );
+	     return;
+       };
+
+       {{#PREFERENCES.error-invalidate-name}}
+       
+       !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! *)
+
+       {{/PREFERENCES.error-invalidate-name}}
+
+
+
+  put_tag_not_invalidating_name:
+
+       if ( TagOwnerValidated( input.tag.owner ) /\ ~ValidOwner( input.tag.owner ) ) {
+
+             (* Tag owner is referenced in some tag --> address invalidation not allowed *)
+
+             {{^PREFERENCES.debug-output}}\* {{/PREFERENCES.debug-output}} print <<"Tag put, existing owners=", FindTagsByOwnerName( input.tag.owner ) >>;
+             pet_application_error( "Owner invalidation not allowed" );
+	     return;
+       };
+
+  put_tag_ok:
+
+        (* Database transaction: update addresses & update existing tag *) 
+        enter_tag( input.tag );
+
+  put_tag_done:
+
+        (* Assert that tag was changed *)
+	assert( { tag \in v_tags: tag.tag = input.tag.tag } = { input.tag } );
+        return;
+}

data/src/pet/state

@@ -0,0 +1,16 @@
+{{!
+
+     Application variables and initial value
+
+
+     For example:
+
+     \* pet entiries of type t_Pet, initially empty
+     v_pets = {}; 
+
+
+}}
+
+{{>state_pet.tla}}
+{{>state_infra.tla}}
+{{>state_tag_id.tla}}

data/src/pet/state_infra.tla

@@ -0,0 +1,6 @@
+\* Unique identifers for pet entries. Identifier cannot be nil
+
+v_ids = [ pet |-> d_id \ {Nil},
+          tag |-> d_id \ {Nil}
+	];
+

data/src/pet/state_pet.tla

@@ -0,0 +1,5 @@
+
+
+v_pets = {};     \* pets of type t_Pet, initially empty
+
+v_tags = {};     \* tags of type t_Tag, initiall empty

data/src/pet/state_tag_id.tla

@@ -0,0 +1,2 @@
+\* Unique identifers for tags. Identifier cannot be nil
+\* v_tag_ids = d_pet_tag \ {Nil};

data/src/pet/transaction

@@ -0,0 +1,23 @@
+{{!
+
+      Place to define macros modifying application state.
+
+      For example:
+
+        macro enter_pet( new_pet ) {
+        
+          v_pets := v_pets \union { new_pet };
+        
+        }
+
+}}
+
+
+{{>transaction_error.tla}}
+{{>transaction_enter_pet.tla}}
+{{>transaction_delete_pet.tla}}
+{{>transaction_enter_tag.tla}}
+
+
+
+