Skip to content

Fix proofs #175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
muenchnerkindl merged 49 commits into from
Jul 14, 2025
Merged

Fix proofs #175

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
5c6ce33
fixed proof in Paxos/Consensus.tla
muenchnerkindl Feb 28, 2025
bb85239
fixed proofs of Bakery-Boulangerie
muenchnerkindl Mar 7, 2025
f3feb88
fixed proofs in lamport_mutex
muenchnerkindl Mar 22, 2025
4b3e413
fixed proofs in byzpaxos
muenchnerkindl Mar 31, 2025
762cf47
more fixed proofs of examples
muenchnerkindl Jun 27, 2025
57e06a6
pass over example proofs
muenchnerkindl Jun 30, 2025
72c4d3f
exclude fewer proofs from CI checking
muenchnerkindl Jun 30, 2025
86d1f1e
fixed proofs also on Linux
muenchnerkindl Jun 30, 2025
d939401
Merge branch 'master' into fixProofs
muenchnerkindl Jun 30, 2025
59c641d
fixed manifest
muenchnerkindl Jun 30, 2025
4ce39a0
Merge branch 'fixProofs' of github.com:tlaplus/Examples into fixProofs
muenchnerkindl Jun 30, 2025
2b43e8f
fixed manifest
muenchnerkindl Jul 1, 2025
3789420
remove unused Functions from lamport_mutex
muenchnerkindl Jul 1, 2025
c88ce21
more manifest errors
muenchnerkindl Jul 1, 2025
63a4533
corrected author attribution for sum_even
muenchnerkindl Jul 1, 2025
0351439
fixed errors detected by SANY but not tlapm
muenchnerkindl Jul 1, 2025
53767a8
fixed state count for MCBakery.cfg (???)
muenchnerkindl Jul 1, 2025
34af65d
excluding EWD840.cfg due to parsing error
muenchnerkindl Jul 1, 2025
350935f
increase timeout for some proof steps
muenchnerkindl Jul 1, 2025
706ebab
longer timeout for another step that failed on two instances of the CI
muenchnerkindl Jul 2, 2025
cfc2d2a
due to seemingly random CI failures, remove individual timeouts but a…
muenchnerkindl Jul 2, 2025
c714c00
fix syntax error
muenchnerkindl Jul 2, 2025
35751ec
fixed proofs also on Linux
muenchnerkindl Jun 30, 2025
3e1fd8d
Fixed (and simplified) proof in byzpaxos/Consensus.tla (#163)
muenchnerkindl Feb 28, 2025
4a01243
Docs: added CONTRIBUTING.md and DEVELOPING.md
ahelwer Feb 27, 2025
6dececd
CI: smoke-test state space script
ahelwer Feb 28, 2025
d84d258
Re-generate manifest from script
ahelwer Feb 28, 2025
1264b86
Removed hyperlink to tlaplus-standard repo
ahelwer Mar 19, 2025
268c8dd
added microwave example as submodule
klaeufer May 20, 2025
dcdce19
pulled latest updates to microwave example
klaeufer May 20, 2025
84b29be
added entry for microwave example to readme and manifest
klaeufer May 20, 2025
35a3a81
Clone submodules for automation to be happy.
lemmy May 21, 2025
cfa366f
This should not be this complicated
lemmy May 21, 2025
81758bd
Moved submodule spec to .ciignore for reproducibility
ahelwer May 21, 2025
4f7cef4
Removed microwave submodule example from manifest.json
ahelwer May 21, 2025
0b8623c
Add a variant of the Prisoner's puzzle
florianschanda Jun 2, 2025
4ec0158
Another puzzle example
florianschanda Jun 6, 2025
fd67493
fixed manifest
muenchnerkindl Jul 1, 2025
a71b441
remove unused Functions from lamport_mutex
muenchnerkindl Jul 1, 2025
bbcfdbb
more manifest errors
muenchnerkindl Jul 1, 2025
bbaa49e
corrected author attribution for sum_even
muenchnerkindl Jul 1, 2025
b058c3c
fixed errors detected by SANY but not tlapm
muenchnerkindl Jul 1, 2025
d15b578
fixed state count for MCBakery.cfg (???)
muenchnerkindl Jul 1, 2025
e459a9b
excluding EWD840.cfg due to parsing error
muenchnerkindl Jul 1, 2025
a8e1e51
increase timeout for some proof steps
muenchnerkindl Jul 1, 2025
5bcb733
longer timeout for another step that failed on two instances of the CI
muenchnerkindl Jul 2, 2025
555e7db
due to seemingly random CI failures, remove individual timeouts but a…
muenchnerkindl Jul 2, 2025
f2756c4
fix syntax error
muenchnerkindl Jul 2, 2025
3cdcf4e
Merge branch 'fixProofs' of github.com:tlaplus/Examples into fixProofs
muenchnerkindl Jul 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .github/scripts/check_proofs.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,8 @@
tlapm = subprocess.run(
[
tlapm_path, module_path,
'-I', module_dir
'-I', module_dir,
'--stretch', '5'
],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
Expand Down
17 changes: 7 additions & 10 deletions .github/workflows/CI.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,9 @@ jobs:
- name: Check small models
run: |
# Need to have a nonempty list to pass as a skip parameter
SKIP=("does/not/exist")
# SKIP=("does/not/exist")
# strange issue with parsing TLC output
SKIP=("specifications/ewd840/EWD840.cfg")
if [ ${{ matrix.unicode }} ]; then
# Apalache does not yet support Unicode
SKIP+=("specifications/EinsteinRiddle/Einstein.cfg")
Expand Down Expand Up @@ -143,21 +145,16 @@ jobs:
if: matrix.os != 'windows-latest' && !matrix.unicode
run: |
SKIP=(
## ATD/EWD require TLAPS' update_enabled_cdot branch
specifications/ewd998/AsyncTerminationDetection_proof.tla
# Long-running; see https://github.com/tlaplus/tlapm/issues/85
specifications/ewd998/EWD998_proof.tla
# Failing; see https://github.com/tlaplus/Examples/issues/67
specifications/Bakery-Boulangerie/Bakery.tla
specifications/Bakery-Boulangerie/Boulanger.tla
specifications/Paxos/Consensus.tla
specifications/PaxosHowToWinATuringAward/Consensus.tla
specifications/lamport_mutex/LamportMutex_proofs.tla
specifications/byzpaxos/VoteProof.tla
# Long-running; see https://github.com/tlaplus/tlapm/issues/85
specifications/LoopInvariance/Quicksort.tla
specifications/LoopInvariance/SumSequence.tla
specifications/lamport_mutex/LamportMutex_proofs.tla
specifications/bcastByz/bcastByz.tla
specifications/MisraReachability/ReachabilityProofs.tla
# specifications/MisraReachability/ReachabilityProofs.tla
specifications/byzpaxos/VoteProof.tla
specifications/byzpaxos/BPConProof.tla # Takes about 30 minutes
)
python $SCRIPT_DIR/check_proofs.py \
Expand Down
6 changes: 3 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ Here is a list of specs included in this repository, with links to the relevant
| [Loop Invariance](specifications/LoopInvariance) | Leslie Lamport | ✔ | ✔ | ✔ | ✔ | |
| [Learn TLA⁺ Proofs](specifications/LearnProofs) | Andrew Helwer | ✔ | ✔ | ✔ | ✔ | |
| [Boyer-Moore Majority Vote](specifications/Majority) | Stephan Merz | ✔ | ✔ | | ✔ | |
| [Proof x+x is Even](specifications/sums_even) | Stephan Merz | ✔ | ✔ | | ✔ | |
| [Proof x+x is Even](specifications/sums_even) | Martin Riener | ✔ | ✔ | | ✔ | |
| [The N-Queens Puzzle](specifications/N-Queens) | Stephan Merz | ✔ | | ✔ | ✔ | |
| [The Dining Philosophers Problem](specifications/DiningPhilosophers) | Jeff Hemphill | ✔ | | ✔ | ✔ | |
| [The Car Talk Puzzle](specifications/CarTalkPuzzle) | Leslie Lamport | ✔ | | | ✔ | |
Expand All @@ -48,11 +48,11 @@ Here is a list of specs included in this repository, with links to the relevant
| [Byzantizing Paxos by Refinement](specifications/byzpaxos) | Leslie Lamport | | ✔ | ✔ | ✔ | |
| [EWD840: Termination Detection in a Ring](specifications/ewd840) | Stephan Merz | | ✔ | | ✔ | |
| [EWD998: Termination Detection in a Ring with Asynchronous Message Delivery](specifications/ewd998) | Stephan Merz, Markus Kuppe | | ✔ | (✔) | ✔ | |
| [The Paxos Protocol](specifications/Paxos) | Leslie Lamport | | | | ✔ | |
| [The Paxos Protocol](specifications/Paxos) | Leslie Lamport | | (✔) | | ✔ | |
| [Asynchronous Reliable Broadcast](specifications/bcastByz) | Thanh Hai Tran, Igor Konnov, Josef Widder | | ✔ | | ✔ | |
| [Distributed Mutual Exclusion](specifications/lamport_mutex) | Stephan Merz | | ✔ | | ✔ | |
| [Two-Phase Handshaking](specifications/TwoPhase) | Leslie Lamport, Stephan Merz | | ✔ | | ✔ | |
| [Paxos (How to Win a Turing Award)](specifications/PaxosHowToWinATuringAward) | Leslie Lamport | | | | ✔ | |
| [Paxos (How to Win a Turing Award)](specifications/PaxosHowToWinATuringAward) | Leslie Lamport | | (✔) | | ✔ | |
| [Dijkstra's Mutual Exclusion Algorithm](specifications/dijkstra-mutex) | Leslie Lamport | | | ✔ | ✔ | |
| [The Echo Algorithm](specifications/echo) | Stephan Merz | | | ✔ | ✔ | |
| [The TLC Safety Checking Algorithm](specifications/TLC) | Markus Kuppe | | | ✔ | ✔ | |
Expand Down
112 changes: 37 additions & 75 deletions manifest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@
"ignore deadlock"
],
"result": "success",
"distinctStates": 598608,
"totalStates": 3141768,
"distinctStates": 655200,
"totalStates": 3403584,
"stateDepth": 1
}
]
Expand Down Expand Up @@ -587,6 +587,20 @@
"features": [],
"models": []
},
{
"path": "specifications/FiniteMonotonic/Functions.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [],
"models": []
},
{
"path": "specifications/FiniteMonotonic/Folds.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [],
"models": []
},
{
"path": "specifications/FiniteMonotonic/MCCRDT.tla",
"communityDependencies": [
Expand Down Expand Up @@ -3271,15 +3285,6 @@
}
]
},
{
"path": "specifications/TwoPhase/TLAPS.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [
"proof"
],
"models": []
},
{
"path": "specifications/TwoPhase/TwoPhase.tla",
"communityDependencies": [],
Expand Down Expand Up @@ -4502,7 +4507,8 @@
"size": "small",
"mode": "exhaustive search",
"features": [
"ignore deadlock"
"ignore deadlock",
"liveness"
],
"result": "success",
"distinctStates": 302,
Expand Down Expand Up @@ -4588,12 +4594,10 @@
]
},
{
"path": "specifications/ewd840/TLAPS.tla",
"path": "specifications/ewd840/SyncTerminationDetection_proof.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [
"proof"
],
"features": ["proof"],
"models": []
}
]
Expand Down Expand Up @@ -4645,7 +4649,6 @@
{
"path": "specifications/ewd998/EWD998.tla",
"communityDependencies": [
"Functions",
"SequencesExt"
],
"tlaLanguageVersion": 2,
Expand All @@ -4658,7 +4661,8 @@
"mode": "exhaustive search",
"features": [
"ignore deadlock",
"state constraint"
"state constraint",
"liveness"
],
"result": "success"
},
Expand Down Expand Up @@ -4853,6 +4857,20 @@
],
"models": []
},
{
"path": "specifications/ewd998/Functions.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [],
"models": []
},
{
"path": "specifications/ewd998/Folds.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [],
"models": []
},
{
"path": "specifications/ewd998/SmokeEWD998.tla",
"communityDependencies": [
Expand Down Expand Up @@ -4899,19 +4917,9 @@
}
]
},
{
"path": "specifications/ewd998/TLAPS.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [
"proof"
],
"models": []
},
{
"path": "specifications/ewd998/Utils.tla",
"communityDependencies": [
"Functions",
"SequencesExt"
],
"tlaLanguageVersion": 2,
Expand Down Expand Up @@ -5007,13 +5015,6 @@
],
"tags": [],
"modules": [
{
"path": "specifications/lamport_mutex/Functions.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [],
"models": []
},
{
"path": "specifications/lamport_mutex/LamportMutex.tla",
"communityDependencies": [],
Expand Down Expand Up @@ -5050,36 +5051,6 @@
"stateDepth": 61
}
]
},
{
"path": "specifications/lamport_mutex/NaturalsInduction.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [],
"models": []
},
{
"path": "specifications/lamport_mutex/SequenceTheorems.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [],
"models": []
},
{
"path": "specifications/lamport_mutex/TLAPS.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [
"proof"
],
"models": []
},
{
"path": "specifications/lamport_mutex/WellFoundedInduction.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [],
"models": []
}
]
},
Expand Down Expand Up @@ -5194,7 +5165,7 @@
"description": "Two proofs that x+x is even for every natural number x",
"sources": [],
"authors": [
"Stephan Merz"
"Martin Riener"
],
"tags": [
"beginner"
Expand All @@ -5219,15 +5190,6 @@
}
]
},
{
"path": "specifications/sums_even/TLAPS.tla",
"communityDependencies": [],
"tlaLanguageVersion": 2,
"features": [
"proof"
],
"models": []
},
{
"path": "specifications/sums_even/sums_even.tla",
"communityDependencies": [],
Expand Down
Binary file removed specifications/Bakery-Boulangerie/Bakery.pdf
View file
Open in desktop
Binary file not shown.
Loading