Unfolding macro definitions

37 views
Skip to first unread message

saksha...@stonybrook.edu

unread,
Mar 31, 2017, 1:14:27 PM3/31/17
to tlaplus
Hi,

I was intrigued by a statement proved by TLAPS 1.5.2 on my Windows 10 machine. If we look at Paxos.tla in the examples directory, the proof of THEOREM Invariant -> <2>1 TypeOK' -> <3>1. PROVE for Phase1a(b), we have, (line 295)

<3>1. ASSUME NEW b \in Ballots, Phase1a(b) PROVE TypeOK'
  BY <3>1 DEF TypeOK, Phase1a, Send, Messages

If I change this to:

<3>1. ASSUME NEW b \in Ballots, Phase1a(b) PROVE TypeOK'
  BY <3>1, PTL DEF TypeOK, Phase1a, Send\*, Messages

I comment out Messages definition and add PTL, the proof goes through. In fact you can comment out the whole DEF. Is this expected behaviour or a bug?

Note that it doesn't prove on my Linux machine.

Thanks,
Saksham Chand

saksha...@stonybrook.edu

unread,
Mar 31, 2017, 1:33:22 PM3/31/17
to tlaplus
I think this is a bug. If I change the definition of Messages to something incorrect, the proof (with PTL) still goes through(marked green).

Stephan Merz

unread,
Apr 1, 2017, 3:35:15 AM4/1/17
to tla...@googlegroups.com
Hi Saksham,

indeed – this is a known bug but apparently it had never been entered in the bug tracker. I just did that as https://github.com/tlaplus/tlaplus/issues/40. For the moment, please make sure that you use PTL only for proving temporal logic formulas, preferably in a context where all assumptions are constant formulas.

Thanks for reporting this.

Regards,
Stephan


--
You received this message because you are subscribed to the Google Groups "tlaplus" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tlaplus+u...@googlegroups.com.
To post to this group, send email to tla...@googlegroups.com.
Visit this group at https://groups.google.com/group/tlaplus.
For more options, visit https://groups.google.com/d/optout.

Annie Liu

unread,
Apr 1, 2017, 9:41:02 AM4/1/17
to tla...@googlegroups.com
Hi Stephan, I wonder why this bug would be tied to the OS used, i.e., showing up in Windows but not Linux.  Thanks.  Annie

Stephan Merz

unread,
Apr 1, 2017, 11:41:46 AM4/1/17
to tla...@googlegroups.com
Hmm ... it should not be OS-dependent, but I'll give it a try. I certainly believe having seen this under Linux. Can you use PTL at all in your Linux installation, i.e. for proving a valid temporal formula?

Stephan


saksha...@stonybrook.edu

unread,
Apr 1, 2017, 12:03:37 PM4/1/17
to tlaplus
PTL invocations seem to work correctly in my Linux client. For instance, if we take the Paxos proof (with the bug reproducing change) and try to discharge it in Linux (Ubuntu 16.04), it proves the QED of THEOREM Invariant which needs PTL rules. However, the bug reproducing part does not go through. My guess was something is incorrectly mapped through in the Windows client but not in the Linux client - may be some kind of mistake with default values.

Saksham
Reply all
Reply to author
Forward
0 new messages