tlapm icon indicating copy to clipboard operation
tlapm copied to clipboard
verified publisher icon tlaplus

Verify proofs in examples/ directory as part of PR workflow

Open lemmy opened this issue 1 year ago • 6 comments

The prover's build checks a set of tests, and the PR verifies proofs from tlaplus/examples. However, the proofs in examples/ are not verified.

Related: https://github.com/tlaplus/tlapm/pull/135

lemmy avatar Jun 06 '24 00:06 lemmy

I thought we would move these examples to the https://github.com/tlaplus/Examples/ repo. If not, I can add them to the test cases.

kape1395 avatar Jun 06 '24 05:06 kape1395

I don't have an opinion, except that some examples are perhaps too basic for the example repo?!

lemmy avatar Jun 06 '24 05:06 lemmy

I suggest we do this on a case-by-case basis. In particular, I think that Allocator, Euclid, Peterson, and perhaps GraphTheorem could go to the GitHub Examples repo. Bakery, Byzantine and standard Paxos, EWD 840, and LamportMutex are in there already, but we should check if there is anything in tlapm/examples that is worth merging into the existing modules. The other examples look too basic to me, but should probably be added to the tests if they aren't there already.

If you agree, I can take care of that reshuffle.

muenchnerkindl avatar Jun 07 '24 09:06 muenchnerkindl

Sounds like a good way to go.

kape1395 avatar Jun 07 '24 10:06 kape1395

GraphTheorem could be aligned with a moved next to https://github.com/tlaplus/CommunityModules/blob/master/modules/Graphs.tla, like FiniteSetExtTheorem is next to FiniteSetExt in the CommunityModules?

lemmy avatar Jun 07 '24 15:06 lemmy

I've been taking a look at this to compare the examples here with those in the tlaplus/examples repo using kdiff3. Here's what I found:

Example Most-similar tlaplus/examples spec How is tlaplus/examples version different?
ByzPaxos/BPConProof.tla specifications/byzpaxos/BPConProof.tla Minor changes; newer
ByzPaxos/Consensus.tla specifications/byzpaxos/Consensus.tla Identical except for some additional trailing whitespace
ByzPaxos/PConProof.tla specifications/byzpaxos/PConProof.tla Identical except for some additional trailing whitespace
ByzPaxos/VoteProof.tla specifications/byzpaxos/VoteProof.tla Identical except for some additional trailing whitespace
Cantor/Cantor*.tla N/A N/A
Dekker/Dekker.tla N/A N/A
paxos/Paxos.tla specifications/paxos/Paxos.tla Many differences, also lacking a proof
paxos/Consensus.tla specifications/paxos/Consensus.tla Additional comments and proofs
two_phase/TwoPhase.tla specifications/TwoPhase/TwoPhase.tla Lacking comments
two_phase/Alternate.tla specifications/TwoPhase/Alternate.tla Identical
Allocator.tla specifications/Allocator/SimpleAllocator.tla Seems older, lacks proofs
AtomicBakery.tla specifications/Bakery-Boulangerie/Bakery.tla Barely comparable; many differences
AtomicBakeryWithoutSMT.tla specifications/Bakery-Boulangerie/Bakery.tla Barely comparable; many differences
Bakery.tla specifications/Bakery-Boulangerie/Bakery.tla Barely comparable; many differences
BubbleSort.tla N/A N/A
Euclid.tla N/A N/A
EWD840.tla specifications/EWD840/EWD840.tla Numerous differences; proof was split out into EWD840_proof.tla; seems newer?
GraphTheorem.tla N/A N/A
LamportMutex.tla specifications/lamport_mutex/LamportMutex.tla Proof was split into LamportMutex_Proofs.tla; seems newer?
Peterson.tla N/A N/A
SimpleEventually.tla N/A N/A
SimpleEventuallyInt.tla N/A N/A
SimpleMutex.tla N/A N/A
SumAndMax.tla N/A N/A

I propose the following to integrate the specs into tlaplus/examples then delete the examples directory here:

Specs not in tlaplus/examples that should be added

  • Cantor/Cantor*.tla
  • Dekker/Dekker.tla
  • BubbleSort.tla
  • Euclid.tla
  • GraphTheorem.tla
  • Peterson.tla
  • SimpleEventually.tla & SimpleEventuallyInt.tla (could go in specifications/LearnProofs)
  • SimpleMutex.tla
  • SumAndMax.tla (could go in specifications/LearnProofs)

Specs that should overwrite those in tlaplus/examples

  • ByzPaxos/ Consensus.tla, PConProof.tla, VoteProof.tla (get rid of trailing whitespace)
  • two_phase/TwoPhase.tla
  • Allocator.tla

Specs that should just be deleted in favor of their tlaplus/examples counterparts

  • ByzPaxos/BPConProof.tla
  • paxos/Consensus.tla
  • EWD840.tla
  • LamportMutex.tla

Unsure how to integrate

  • Bakery.tla, AtomicBakery.tla, AtomicBakeryWithoutSMT.tla
  • paxos/Paxos.tla

Thoughts? Also, what's the deal with the examples_draft directory?

ahelwer avatar Jul 10 '24 17:07 ahelwer