-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathFileSharing3.tla
More file actions
140 lines (108 loc) · 3.63 KB
/
Copy pathFileSharing3.tla
File metadata and controls
140 lines (108 loc) · 3.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
------------- MODULE FileSharing3 ----------------
VARIABLES action, reactions
error == FALSE
CONSTANTS File, Token
VARIABLES accessible, trashed, urls, revoked, accessed
T == "Trash"
P == "Permalink"
Trash == INSTANCE Trash WITH Item <- File, Trash <- {T}
Permalink == INSTANCE Permalink WITH Permalink <- {P}, Resource <- File, URL <- Token
Actions == Trash!Actions \cup Permalink!Actions
InitAction == action \in Actions
NextAction == action' \in Actions
InitConcepts ==
/\ Trash!Init
/\ Permalink!Init
NextConcepts ==
/\ Trash!Next
/\ Permalink!Next
uploaded == accessible[T] \cup trashed[T]
shared == [ f \in File |-> urls[P][f] \ revoked[P] ]
Invariant ==
/\ trashed[T] = {}
/\ revoked[P] = accessed[P]
/\ \A f \in File: f \in accessible[T] <=> shared[f] # {}
/\ \A f \in File, x, y \in Token: x \in shared[f] /\ y \in shared[f] => x = y
(*
reaction create_share
when
T.create[f]
then
some t : Token | P.share[f,t]
*)
create_share_add == { <<r,f>> \in {"create_share"} \X File : Trash!create(T,f) }
create_share_remove == { <<r,f>> \in {"create_share"} \X File : \E t \in Token : Permalink!share(P,f,t) }
(*
reaction access_revoke
when
P.access[t]
then
P.revoke[t]
*)
access_revoke_add == { <<r,t>> \in {"access_revoke"} \X Token : Permalink!access(P,t) }
access_revoke_remove == { <<r,t>> \in {"access_revoke"} \X Token : Permalink!revoke(P,t) }
(*
reaction access_delete
when
P.access[t]
where
t in f.shared
then
T.delete[f]
*)
access_delete_add == { <<r,f>> \in {"access_delete"} \X File : \E t \in Token : t \in shared[f] /\ Permalink!access(P,t) }
access_delete_remove == { <<r,f>> \in {"access_delete"} \X File : Trash!delete(T,f) }
(*
reaction access_empty
when
P.access[t]
then
T.empty[]
*)
access_empty_add == { <<r>> \in {<<"access_empty">>} : \E t \in Token : Permalink!access(P,t) }
access_empty_remove == { <<r>> \in {<<"access_empty">>} : Trash!empty(T) }
(*
reaction share_error
when
P.share[f,t]
where
f not in uploaded or some f.shared
then
error
*)
share_error_add == { <<r>> \in {<<"share_error">>} : \E f \in File, t \in Token : Permalink!share(P,f,t) /\ (f \notin uploaded \/ shared[f] # {}) }
share_error_remove == { <<r>> \in {<<"share_error">>} : error }
(*
reaction delete_error
when
T.delete[f]
where
some f.shared and f.shared not in P.accessed
then
error
*)
delete_error_add == { <<r>> \in {<<"delete_error">>} : \E f \in File : Trash!delete(T,f) /\ shared[f] # {} /\ \A t \in shared[f] : t \notin accessed[P] }
delete_error_remove == { <<r>> \in {<<"delete_error">>} : error }
(*
reaction revoke_error
when
P.revoke[t]
where
t not in P.accessed
then
error
*)
revoke_error_add == { <<r>> \in {<<"revoke_error">>} : \E t \in Token : Permalink!revoke(P,t) /\ t \notin accessed[P] }
revoke_error_remove == { <<r>> \in {<<"revoke_error">>} : error }
\* Reaction semantics
reactions_to_add == create_share_add \cup access_revoke_add \cup access_delete_add \cup access_empty_add \cup share_error_add \cup delete_error_add \cup revoke_error_add
reactions_to_remove == create_share_remove \cup access_revoke_remove \cup access_delete_remove \cup access_empty_remove \cup share_error_remove \cup delete_error_remove \cup revoke_error_remove
InitReactions ==
/\ reactions = {}
NextReactions ==
/\ reactions # {} => reactions_to_remove \cap reactions # {}
/\ reactions' = (reactions \ reactions_to_remove) \cup reactions_to_add
vars == <<accessible, trashed, urls, revoked, accessed, action, reactions>>
Spec == InitAction /\ InitConcepts /\ InitReactions /\ [][NextAction /\ NextConcepts /\ NextReactions]_vars
Design == reactions = {} <=> Invariant
==================================================