The TLA+ Toolbox

• Create and edit your specs, with the locations of parsing errors marked in the modules.
• Run the PlusCal translator, with the locations of translation errors marked in the PlusCal code.
  
• View the pretty-printed versions of your modules.
• Run the TLC model checker.  The Toolbox allows you to explorer an error trace produced by TLC—for example, by evaluating arbitrary formulas at each step in the trace.

• Run the TLA+ proof system.

Users who would prefer a more lightweight IDE for TLA+ may want to try the Visual Studio Code extension for TLA+.  However, it lacks many of the Toolbox's features.

Downloading the Toolbox       [show]

Installing the Toolbox       [show]

Installing pdflatex       [show]

    pdflatex -help

Using the Toolbox       [show]

    The GitHub Repository tlaplus Issues page

Bugs from before 2013, including many that were considered not worth the trouble of fixing, are in:

    The Bugzilla Database

Implementing the Toolbox has involved a lot of work by few people. They were able to build a sophisticated tool in a short time by using Eclipse.  However, this required compromises, and there are some annoying (but not serious) inconveniences in the Toolbox because they either didn't have the time or the Eclipse expertise to fix them.  So, please try to be helpful instead of angry if something doesn't work right.  Report the problem if it's not already in the bug list, and help us fix it if you can.  Thanks.

Version 1.7.0 of 26 April 2020    [details]
- Many features have been added to the Toolbox.
- Various features have been added for running TLC from a command line.
- Many bugs have been fixed, including a TLC bug in reporting liveness checking failure.
There have been too many new features and bug fixes to list here.  See the detailed list.

Version 1.6.0 of 11 July 2019    [details]
- Users can choose to have the Toolbox send us anonymous statistics about how
  they use TLC.  We encourage you to do so.
- The Toolbox's interface for running TLC has been redesigned to make it easier to use.
- Installing the Toolbox now automatically installs Java, so there is no need to install
  it manually.
- Features have been added to make error-trace exploration expressions more
  powerful and easier to write.  Click on ? in the menu for adding an exploration
  expression for details.
- There is now a TLC profiler to help find errors in a spec and to help optimize
  model checking.  See Profiling in the Features section of the TLC Options Page
  help page.

Version 1.5.7 of 18 July 2018    [details]
- 32-bit versions of the Toolbox are no longer available.
- Bugs in the TLC implementation of the standard Bags module have been corrected.
- An experimental standard module Randomization, described here, has been added.
- Numerous improvements have been made to TLC and the Toolbox.

Version 1.5.6 of 30 January 2018    [details]
- Corrects the TLC bug described here.
- Fixes a bug in the Toolbox's update mechanism that would cause it to make TLC
  impossible to run.
- Fixes a TLC bug that caused it to stop with an integer overflow exception after many
  hours of model checking.

Version 1.5.5 of 5 January 2018    [details]
- Provides only a partial fix of the TLC bug fixed in version 1.5.6.

Version 1.5.3 of 14 April 2017    [details]
- Bug fixes include eliminating incorrect error traces in TLC liveness checking.
- Execution by multiple worker threads in TLC has been speeded up.
- The Toolbox can now be set as the default program for running .tla files.
- The built-in PDF viewer is now the default on Windows and Linux.
- TLC can be run on multiple EC2 or Azure instances by button pushing.
- An apt repository is provided for Linux installations.

Version 1.5.2 of 21 December 2015    [details]
- Added a quick access dialog for showing and selecting models and modules.
- The toolbox now maintains backups of previous versions of modules.
- Models now have a field for free-form comments.
- Only one Toolbox instance can now be run at a time.
- A -userFile parameter allows redirecting Print/PrintT output to a file.
- Not all states of very long error traces are displayed initially.
- Ended support for 32-bit Toolbox releases on Mac OSX.
- Several optimizations and bug fixes were made.

Version 1.5.1 of 1 June 2015    [details]
- Fixes several bugs in TLC and a bug in the Toolbox's trace explorer

Version 1.5.0 of 11 May 2015    [details]
- Distributed TLC in the Cloud--significantly improves distributed TLC.
- Significantly speeds ups TLC's liveness checking.
- Improvements to the Decompose Proof Command.
- Improvements to the TLC Errors view, including ability to show trace
   in reverse order.
- Has some changes to the way the Toolbox handles its subwindows.
- Fixes all known bugs in TLC's liveness checking.
- Fixes TLC bug of infinite looping if a recursively defined operator is used
   as an operator argument in its own definition.
- Numerous bug fixes.

Version 1.4.8 of 25 February 2014
- Added a feature to Renumber Proof command.
- Disallowed <*> and <+> in names of named proof steps.
- Minor bug fixes to Toolbox and TLC.
- Corrected definition of Tail in standard Sequences module.

Version 1.4.7 of 24 April 2013
- Fixes bugs in the Toolbox's Decompose Proof command

Version 1.4.6 of 18 April 2013
- Fixes bug in PlusCal translation of fairness for algorithms with procedures.
- Adds handling of strings to TLC's implementation of Tail and SubSeq.
- Fixes a minor TLATeX bug.

Version 1.4.5 of 22 February 2013
- The Decompose Proof Command has been added to the Toolbox editor.
   It makes it easy to perform the standard hierarchical decompositions of a proof
   based on the structure of the formula to be proved.
- A few minor bugs have been fixed.

Version 1.4.4 of 30 November 2012
- There have been numberous changes to distributed TLC and how to run it.
- Syntax coloring of PlusCal algorithms was added.
- TLATeX now formats PlusCal algorithms.
- Support for library folders required by Version 1.1.1 of TLAPS has been added.

Version 1.4.3.c of 24 May 2012
Version 1.4.3.b of 24 April 2012
Version 1.4.3.a of 17 April 2012
    These are intermediate versions that contain the current version of TLAPS.tla and
       fix mostly minor bugs.
    Version 1.4.3.c fixes a bug that can cause an updated version of the Toolbox
       to use an earlier version of TLC.
    The latest version is available only by updating.  (Select  Check for Updates 
       on the Toolbox's  Help  menu.)

Version 1.4.3 of 10 April 2012
- Adds a "Cardinality of largest enumerable set" TLC parameter.
- Fixed the order of definitions and declarations in the MC.tla file.
- Includes TLC version 2.05 of 7 April 2012, which adds the TLCEval operator to the TLC module.
- Includes PlusCal Verion 1.8 of 30 March 2012.

Version 1.4.2 of 17 February 2012
- Selecting a location in an error report and control-clicking jumps to its source in PlusCal code.
- Supports library folders (directories) for modules used in multiple specs.
- Provides a built-in pdf viewer that can be used for viewing pretty-printed modules.

Version 1.4.1 of 19 January 2012
- Contains a new editor command for jumping from a region in the TLA+ translation
  of a PlusCal algorithm to the region of PlusCal code that generated it.
- Introduces some additional editor commands, including one for parenthesis matching.
- Fixes a number of bugs, including ones that occurred when TLC checked large models.

Version 1.4.0 of 16 September 2011
- Includes a method for obtaining new releases from inside the Toolbox.
- Includes PlusCal Version 1.6, which:
    * Slightly changes the syntax for specifying fairness.
    * Permits using previously declared macros in a macro definition.
- Added the Forget Specification command.
- Includes a first release of the distributed version of TLC.
- Includes a fix to SANY to support binary, octal, and hex numbers.
- Added default overriding of definitions like Foo == CHOOSE v : v \notin S.
- Definition overriding section of advanced model page now opens if there are overrides.
- Fixed a TLC bug in overriding instantiated definitions.
- Displays timeout as a reason for prover failure.

Version 1.3.1 of 5 April 2011
- Includes PlusCal Version 1.5, which adds:
    * Fairness specifation in a PlusCal algorithm.
    * Translation simplifications, including omission of the pc variable when not needed.
- Contains a number of minor bug fixes.

Version 1.2.1 of 2 October 2010
- Added a sophisticated interface for running the TLAPS proof checker.
- Added a command for displaying all globally defined symbols.
- Added commands for displaying all uses of a symbol.
- The Goto Declaration command now works for locally defined symbols.
- Added commands for formatting boxed comments.
- Made some additional minor changes.

Version 1.1.2 of 6 May 2010
- Added trace Explorer, which evaluates expressions on an error trace.
- Added folding of proofs to permit reading them hierarchically.
- Added TLA Proof Manager menu item that currently does nothing.

Version 1.1.1 of 22 Mar 2010
- Fixes TLC bug that made restarting from a checkpoint not work.
- Various minor bug fixes.

Version 1.1.0 of 4 February 2010
- The initial public release.