SpecEdit: Projectional Editing for TLA plus Specifications

High quality requirements and specifications are the premises of efficient software system engineering. Formal approaches propose precise and unambiguous requirements amenable to automated reasoning. TLA+, for instance, is used by major companies, such as Microsoft and Amazon, to specify highprofile business critical systems. However, despite its undeniable strengths for the specification of complex distributed systems, TLA+ suffers from the duality of its syntax, which is likely to hamper its large-scale industrial adoption. A system engineer can easily read mathematical specifications in TLA+, produced through LATEX. However, for writing TLA+ specifications, he must learn the discommoding ASCII syntax, which requires unnecessary effort and dedicated learning time. This paper introduces SpecEdit, an IDE for TLA+ with a projectional editor that solves this issue. SpecEdit exposes the mathematical syntax of TLA+ for both reading and writing specifications, without requiring external transformations. This approach minimizes the cognitive effort and streamlines the formal system specification process. We illustrate the benefits of our approach using the specification of the Elasticsearch cluster coordination module. We furthermore emphasize the complementarity with the existing TLA+ tools. Through SpecEdit, TLA+ gains the specification editor that was missing without compromising compatibility with the existing tools.