Make SimpleEventually proof a bit less simple. #135
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lemmy
added
enhancement
lemmy
force-pushed
the
mku-LessSimpleEventually
branch
from
75e3084 to
af4e5fb
Compare
lemmy
force-pushed
the
mku-LessSimpleEventually
branch
from
af4e5fb to
0897ce9
Compare
muenchnerkindl
requested changes
Jun 7, 2024
lemmy
force-pushed
the
mku-LessSimpleEventually
branch
3 times, most recently
from
86cc9b3 to
8a80823
Compare
Please take another look at this PR. I will open an issue for the |
|
It fails (line 63) for me with the |
|
Confirmed to be rejected by @lemmy ➜ /workspaces/tlapm/examples (mku-LessSimpleEventually) $ tlapm --version
102637f-dirty
@lemmy ➜ /workspaces/tlapm/examples (mku-LessSimpleEventually) $ tlapm SimpleEventually.tla
(* created new ".tlacache/TLAPS.tlaps/TLAPS.thy" *)
(* fingerprints written in ".tlacache/TLAPS.tlaps/fingerprints" *)
File "/usr/local/lib/tlapm/stdlib/TLAPS.tla", line 1, character 1 to line 362, character 77:
[INFO]: All 0 obligation proved.
Zenon error: exhausted search space without finding a proof
(* created new ".tlacache/SimpleEventually.tlaps/SimpleEventually.thy" *)
(* fingerprints written in ".tlacache/SimpleEventually.tlaps/fingerprints" *)
File "./SimpleEventually.tla", line 63, characters 3-4:
[ERROR]: Could not prove or check:
ASSUME NEW VARIABLE x,
NEW VARIABLE y,
NEW VARIABLE flip,
vars == <<x, y, flip>>,
A == /\ x = FALSE
/\ x' = TRUE
/\ UNCHANGED <<y, flip>>,
B ==
/\ y = FALSE
/\ y' = TRUE
/\ flip' = (~flip)
/\ UNCHANGED x,
C ==
/\ y = FALSE
/\ y' = TRUE
/\ flip' = (~flip)
/\ UNCHANGED x,
Next == A \/ B \/ C,
ExpandENABLED
PROVE TypeOK /\ ~x = TRUE => ENABLED <<Next>>_vars
File "./SimpleEventually.tla", line 1, character 1 to line 73, character 80:
[ERROR]: 1/18 obligations failed.
There were backend errors processing module `"SimpleEventually"`.
tlapm ending abnormally with (Failure "backend errors: there are unproved obligations")
Raised at file "stdlib.ml", line 29, characters 17-33
Called from file "src/tlapm_lib.ml", line 435, characters 12-77
Called from file "src/tlapm_lib.ml", line 543, characters 23-43
Called from file "list.ml", line 121, characters 24-34
Called from file "src/tlapm_lib.ml", line 546, characters 13-40
Called from file "src/tlapm_lib.ml", line 558, characters 8-33Accepted by https://github.com/tlaplus/tlapm/releases/tag/202210041448 on macOS: markus@avocado [11:49:01] [~/src/TLA/_tlaps/tlapm] [mku-LessSimpleEventually]
-> % tlapm --version
1.5.0
markus@avocado [11:49:06] [~/src/TLA/_tlaps/tlapm] [mku-LessSimpleEventually]
-> % tlapm examples/SimpleEventually.tla
(* created new ".tlacache/TLAPS.tlaps/TLAPS.thy" *)
(* fingerprints written in ".tlacache/TLAPS.tlaps/fingerprints" *)
File "/usr/local/lib/tlaps/TLAPS.tla", line 1, character 1 to line 362, character 77:
[INFO]: All 0 obligation proved.
The operation couldn’t be completed. Unable to locate a Java Runtime.
Please visit http://www.java.com for information on installing Java.
** Unexpanded symbols: ---
** Unexpanded symbols: ---
** Unexpanded symbols: STATE_TypeOK_
** Unexpanded symbols: ---
** Unexpanded symbols: ---
** Unexpanded symbols: ---
(* created new ".tlacache/SimpleEventually.tlaps/SimpleEventually.thy" *)
(* fingerprints written in ".tlacache/SimpleEventually.tlaps/fingerprints" *)
File "./examples/SimpleEventually.tla", line 1, character 1 to line 73, character 80:
[INFO]: All 18 obligations proved. |
|
Stephan's proposed proof already rejected by @lemmy ➜ /workspaces/tlapm/examples (mku-LessSimpleEventually) $ tlapm SimpleEventually.tla
(* created new ".tlacache/TLAPS.tlaps/TLAPS.thy" *)
(* fingerprints written in ".tlacache/TLAPS.tlaps/fingerprints" *)
File "/usr/local/lib/tlapm/stdlib/TLAPS.tla", line 1, character 1 to line 362, character 77:
[INFO]: All 0 obligation proved.
(* loading fingerprints in ".tlacache/SimpleEventually.tlaps/fingerprints" *)
Zenon error: exhausted search space without finding a proof
(* created new ".tlacache/SimpleEventually.tlaps/SimpleEventually.thy" *)
(* fingerprints written in ".tlacache/SimpleEventually.tlaps/fingerprints" *)
File "./SimpleEventually.tla", line 54, characters 3-4:
[ERROR]: Could not prove or check:
ASSUME NEW VARIABLE x,
NEW VARIABLE y,
vars == <<x, y>>,
A == /\ x = FALSE
/\ x' = TRUE
/\ UNCHANGED y,
B == /\ y = FALSE
/\ y' = TRUE
/\ UNCHANGED x,
Next == A \/ B,
ExpandENABLED
PROVE TypeOK /\ ~x = TRUE => ENABLED <<Next>>_vars
File "./SimpleEventually.tla", line 1, character 1 to line 64, character 80:
[ERROR]: 1/18 obligations failed.
There were backend errors processing module `"SimpleEventually"`.
tlapm ending abnormally with (Failure "backend errors: there are unproved obligations")
Raised at file "stdlib.ml", line 29, characters 17-33
Called from file "src/tlapm_lib.ml", line 435, characters 12-77
Called from file "src/tlapm_lib.ml", line 543, characters 23-43
Called from file "list.ml", line 121, characters 24-34
Called from file "src/tlapm_lib.ml", line 546, characters 13-40
Called from file "src/tlapm_lib.ml", line 558, characters 8-33 |
|
TLAPS starts to reject Stephan's proposed proof as well as my extension with the introduction of the new SMT encoding in 3f08478. 581ebd8 is the last commit with which TLAPS accepts the proof. :-( Related: #139 |
Stephan's proof goes through if you simply add
The same fix (on line 63) works for your version. |
Signed-off-by: Markus Alexander Kuppe <[email protected]>
Signed-off-by: Markus Alexander Kuppe <[email protected]>
Signed-off-by: Markus Alexander Kuppe <[email protected]>
lemmy
force-pushed
the
mku-LessSimpleEventually
branch
from
102637f to
c420b7f
Compare
Signed-off-by: Markus Alexander Kuppe <[email protected]>
Signed-off-by: Markus Alexander Kuppe <[email protected]>
Signed-off-by: Markus Alexander Kuppe <[email protected]>
lemmy
force-pushed
the
mku-LessSimpleEventually
branch
from
c420b7f to
b5dbc4b
Compare
|
Nice, thanks for fixing this proof! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Two actions,
AandB, allow for the discussion of the non-distributiveness of (weak) fairness.Happy to remove
Equivagain.