Skip to content

CI: use bash instead of python for proof checking #192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
ahelwer wants to merge 1 commit into
base: master
Choose a base branch
from
Open

CI: use bash instead of python for proof checking #192

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 10 additions & 17 deletions .github/scripts/check_proofs.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,24 +26,21 @@

logging.basicConfig(level = logging.DEBUG if args.verbose else logging.INFO)

proof_module_paths = sorted(
[
(manifest_dir, spec, module, tla_utils.parse_timespan(module['proof']['runtime']))
for manifest_dir, spec in manifest
for module in spec['modules']
if 'proof' in module
and module['path'] not in skip_modules
and (only_modules == [] or module['path'] in only_modules)
],
key = lambda m : m[3]
)
proof_module_paths = [
(manifest_dir, spec, module)
for manifest_dir, spec in manifest
for module in spec['modules']
if 'proof' in module
and module['path'] not in skip_modules
and (only_modules == [] or module['path'] in only_modules)
]

for path in skip_modules:
logging.info(f'Skipping {path}')

success = True
tlapm_path = join(tlapm_path, 'bin', 'tlapm')
for manifest_dir, spec, module, expected_runtime in proof_module_paths:
for manifest_dir, spec, module in proof_module_paths:
module_path = module['path']
logging.info(module_path)
start_time = timer()
Expand All @@ -63,16 +60,12 @@
end_time = timer()
actual_runtime = timedelta(seconds = end_time - start_time)
output = ' '.join(tlapm_result.args) + '\n' + tlapm_result.stdout
logging.info(f'Checked proofs in {tla_utils.format_timespan(actual_runtime)} vs. {tla_utils.format_timespan(expected_runtime)} expected')
logging.info(f'Checked proofs in {tla_utils.format_timespan(actual_runtime)}')
if tlapm_result.returncode != 0:
logging.error(f'Proof checking failed for {module_path}:')
logging.error(output)
success = False
else:
if 'proof' not in module or module['proof']['runtime'] == 'unknown':
module['proof'] = { 'runtime' : tla_utils.format_timespan(actual_runtime) }
manifest_path = join(manifest_dir, 'manifest.json')
tla_utils.write_json(spec, manifest_path)
logging.debug(output)
except subprocess.TimeoutExpired as tlapm_result:
# stdout is a string on Windows, byte array everywhere else
Expand Down
1 change: 1 addition & 0 deletions .github/scripts/linux-setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ main() {
mkdir -p "$DEPS_DIR/community"
wget -nv https://github.com/tlaplus/CommunityModules/releases/latest/download/CommunityModules-deps.jar \
-O "$DEPS_DIR/community/modules.jar"
unzip "$DEPS_DIR/community/modules.jar" -d "$DEPS_DIR/community/"
# Get TLAPS modules
wget -nv https://github.com/tlaplus/tlapm/archive/main.tar.gz -O /tmp/tlapm.tar.gz
tar -xzf /tmp/tlapm.tar.gz --directory "$DEPS_DIR"
Expand Down
37 changes: 34 additions & 3 deletions .github/workflows/CI.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,9 +135,40 @@ jobs:
- name: Check proofs
if: matrix.os != 'windows-latest' && !matrix.unicode
run: |
python $SCRIPT_DIR/check_proofs.py \
--tlapm_path $DEPS_DIR/tlapm \
--examples_root .
# Exempting specs for various reasons:
# - Use of RECURSIVE, which TLAPM cannot currently handle (many)
# - Pre-module text bug (MCDistributedReplicatedLog.tla)
# - Unresolved ToString operator (ewd840)
# - Use of nonstandard TLCExt module (SimKnuthYao.tla)
# - Use of nonstandard Randomization module (SpanTreeTest.tla)
# - Nonstandard multi-module (BufferedRandomAccessFile.tla)
# - Nested module identifier bug (diskpaxos, Composing, RealTime)
# - TLAPM level-checking failure (YoYoPruning.tla)
# - Use of Apalache module (Einstein.tla)
# - Very long-running proof (BPConProof.tla)
find specifications -type f -iname "*.tla" \
\( \
-not -name "Chameneos.tla" \
-and -not -name "ReachabilityTest.tla" \
-and -not -name "MCReachabilityTest.tla" \
-and -not -name "MCDistributedReplicatedLog.tla" \
-and -not -name "SimKnuthYao.tla" \
-and -not -name "SpanTreeTest.tla" \
-and -not -name "TransitiveClosure.tla" \
-and -not -name "BufferedRandomAccessFile.tla" \
-and -not -name "YoYoPruning.tla" \
-and -not -name "MCYoYoPruning.tla" \
-and -not -name "Einstein.tla" \
-and -not -name "BPConProof.tla" \
-and -not -wholename "*/Composing/*" \
-and -not -wholename "*/RealTime/*" \
-and -not -wholename "*/LeastCircularSubstring/*" \
-and -not -wholename "*/diskpaxos/*" \
-and -not -wholename "*/ewd998/*" \
-and -not -wholename "*/ewd840/*" \
Copy link
Collaborator

@muenchnerkindl muenchnerkindl Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I understand correctly, you pass all TLA+ modules to tlapm, except those mentioned here. Up to now, the logic was "positive" in the sense that only specifications that declared containing a proof were checked. For ewd840, the incriminated "ToString" operator is used only in EWD840_anim.tla, whereas as far as I can tell the exception list also contains EWD840_proof.tla, which it would be great to check. Similarly, ewd998/EWD998_proof.tla should pass the check but is excluded here?

Copy link
Collaborator Author

@ahelwer ahelwer Dec 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I think I am leaning against this approach after seeing how large the list will grow (probably at least double this size). There are a lot of examples that use the RECURSIVE keyword. All those EWD directories also have lots of files, most of which fail parsing since they use nonstandard TLC modules.

\) \
-print0 | xargs -0 -n1 -r -t \
time $DEPS_DIR/tlapm/bin/tlapm --cleanfp --stretch 5 -I $DEPS_DIR/community
- name: Smoke-test manifest generation script
run: |
python $SCRIPT_DIR/generate_manifest.py \
Expand Down
4 changes: 2 additions & 2 deletions specifications/CoffeeCan/manifest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"models": [
{
"path": "specifications/CoffeeCan/CoffeeCan1000Beans.cfg",
"runtime": "00:00:15",
"runtime": "00:00:45",
"mode": "exhaustive search",
"result": "success",
"distinctStates": 501500,
Expand All @@ -40,4 +40,4 @@
]
}
]
}
}
Loading