Playing around with the P formal modelling framework.
My cat, Kiki, likes to eat too much and then vomit all over the living room carpet.
Often one human (either me or my wife) will feed her, then the other human will feed her again, unaware that she has already been fed.
What if we put a whiteboard next to her bowl, and we draw a tick on the whiteboard before feeding her? And of course, if there's already a tick on the whiteboard, there's no need to feed her, no matter how much she protests.
- Safety: the cat should never eat twice and vomit on the carpet
- Liveness: the cat should eat at least once
- A single human, no whiteboard needed ✅
- Two humans, not using a whiteboard ❌
- Risk of the cat getting fed twice 🌊
- Two humans, using a whiteboard ✅
- The humans coordinate via the whiteboard to ensure the cat gets fed exactly once
- Two humans, using a whiteboard, with failure ❌
- Use a failure injector to randomly make one of the humans get distracted and wander off halfway through the task
- If this happens between ticking the whiteboard and filling the bowl, the cat will not get fed
Follow the Getting Started instructions on the P website.
I recommend using the VS Code extension (Peasy).
Check out this talk from AWS re:Invent 2023.
