Possible TLC false positives bug
78 views
Skip to first unread message
Hillel Wayne
Oct 17, 2018, 3:39:29 PM10/17/18
to tlaplus
I think this is a TLC bug, but since it involves fairness and somewhat-unusual temporal properties I want to confirm it's actually a bug and not me misunderstanding temporal logic.
---- MODULE main ----
EXTENDS Naturals
VARIABLE x
A == x' = (x + 1) % 3
B == x' \in 0..2
Init == x = 0
Next == (A \/ B)
Spec == Init /\ [][Next]_x /\ WF_x(A)
====
VARIABLE x
A == x' = (x + 1) % 3
B == x' \in 0..2
Init == x = 0
Next == (A \/ B)
Spec == Init /\ [][Next]_x /\ WF_x(A)
====
There are three temporal properties I checked: Spec, WF_x(A), and []<><<A>>_x. The first two should be tautologically true, the last should be true for this spec. Each of the three fails with the same error trace:
In the first step, both A and B are true. In the second step, A is false and B is true. If we go back to state one, we have an infinite number of steps where A is true, so all three properties should be satisfied. Replacing B with x' \in {0, 1} does not cause a spec failure, even though in the existing spec failure x is never 2.
It seems like it could be one of three things:
- TLC is finding a false positive.
- TLC is finding a true positive, but not outputting the correct error trace.
- I'm misunderstanding how fairness works.
This should be machine-closed (A is a subaction of Next) but there could be another subtle issue I don't know about.
Hillel
Markus Kuppe
Oct 18, 2018, 9:45:20 PM10/18/18
to tla...@googlegroups.com
On 17.10.18 12:39, Hillel Wayne wrote:
> I /think/ this is a TLC bug, but since it involves fairness and
> somewhat-unusual temporal properties I want to confirm it's /actually/ a
> 2. TLC is finding a true positive, but not outputting the correct error
> trace.
> 3. I'm misunderstanding how fairness works.
>
> This /should/ be machine-closed (A is a subaction of Next) but there
can you please open up an issue at GitHub?
Thanks
Markus
> I /think/ this is a TLC bug, but since it involves fairness and
> somewhat-unusual temporal properties I want to confirm it's /actually/ a
> bug and not me misunderstanding temporal logic.
>
> ---- MODULE main ----
> EXTENDS Naturals
> VARIABLE x
>
> A == x' = (x + 1) % 3
> B == x' \in 0..2
>
> Init == x = 0
> Next == (A \/ B)
>
> Spec == Init /\ [][Next]_x /\ WF_x(A)
> ====
>
> There are three temporal properties I checked: Spec, WF_x(A), and
> []<><<A>>_x. The first two should be tautologically true, the last
> should be true for this spec. Each of the three fails with the same
> error trace:
>
>
>
> ---- MODULE main ----
> EXTENDS Naturals
> VARIABLE x
>
> A == x' = (x + 1) % 3
> B == x' \in 0..2
>
> Init == x = 0
> Next == (A \/ B)
>
> Spec == Init /\ [][Next]_x /\ WF_x(A)
> ====
>
> There are three temporal properties I checked: Spec, WF_x(A), and
> []<><<A>>_x. The first two should be tautologically true, the last
> should be true for this spec. Each of the three fails with the same
> error trace:
>
>
> In the first step, both A and B are true. In the second step, A is false
> and B is true. If we go back to state one, we have an infinite number of
> steps where A is true, so all three properties should be satisfied.
> Replacing B with x' \in {0, 1} does /not/ cause a spec failure, even
> and B is true. If we go back to state one, we have an infinite number of
> steps where A is true, so all three properties should be satisfied.
> though in the existing spec failure x is never 2.
>
> It seems like it could be one of three things:
>
> 1. TLC is finding a false positive.
>
> It seems like it could be one of three things:
>
> 2. TLC is finding a true positive, but not outputting the correct error
> trace.
> 3. I'm misunderstanding how fairness works.
>
> This /should/ be machine-closed (A is a subaction of Next) but there
> could be another subtle issue I don't know about.
>
> Hillel
Hi Hillel,
>
> Hillel
can you please open up an issue at GitHub?
Thanks
Markus
Hillel Wayne
Oct 19, 2018, 2:32:31 PM10/19/18
to tlaplus
Thanks
Markus
Reply all
Reply to author
Forward
0 new messages