Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incompatibility of the Quint simulator with TLA+ on empty sets #1523

Open
konnov opened this issue Oct 3, 2024 · 0 comments
Open

Incompatibility of the Quint simulator with TLA+ on empty sets #1523

konnov opened this issue Oct 3, 2024 · 0 comments
Labels
good first issue A simple issue to start with simulator Quint simulator

Comments

@konnov
Copy link
Contributor

konnov commented Oct 3, 2024
edited
Loading

This may seem a bit exotic, but it actually happens in practical specs. Consider the following MWE:

module t {                                                                                                                       
    var myMap: int -> int

    action init = {
        nondet f = Set(1, 2).setOfMaps(Set(4, 5)).oneOf()
        myMap' = f
    }

    action init1 = {
        nondet f = Set().setOfMaps(Set(4, 5)).oneOf()
        myMap' = f
    }

    action init2 = {
        nondet f = Set(1, 2).setOfMaps(Set()).oneOf()
        myMap' = f
    }

    action init3 = {
        nondet f = Set().setOfMaps(Set()).oneOf()
        myMap' = f
    }

    action step = {
        myMap' = myMap
    }
}

Run all combinations with the simulator v0.22.1:

$ quint run --init=init1 t.qnt
t.qnt:10:20 - error: [QNT501] Empty set of maps
10:         nondet f = Set().setOfMaps(Set(4, 5)).oneOf()
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

error: Runtime error                                                                                                        /0.3s
$ quint run --init=init2 t.qnt
t.qnt:15:20 - error: [QNT509] Applied oneOf to an empty set
15:         nondet f = Set(1, 2).setOfMaps(Set()).oneOf()
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

error: Runtime error                                                                                                        /0.3s
$ quint run --init=init3 t.qnt
t.qnt:20:20 - error: [QNT501] Empty set of maps
20:         nondet f = Set().setOfMaps(Set()).oneOf()
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Now, compare it with the TLC REPL:

$ java -cp tla2tools.jar tlc2.REPL
(tla+) [{} -> {3, 5}]
{<<>>}
(tla+) [{1, 2} -> {}]
{}
(tla+) [{} -> {}]
{<<>>}

Notice that in the cases (1) and (3), TLC does not produce an empty set, but it produces a singleton set that contains a function of the empty domain, which correspond to Map() in Quint.

The behavior of the Quint simulator is stricter than that of TLC. It would be great to have the cases (1) and (3) fixed.
@konnov konnov changed the title Incompatibility of the Quint simulator with TLA+ on empty sets of maps Incompatibility of the Quint simulator with TLA+ on empty sets Oct 3, 2024
@bugarela bugarela added simulator Quint simulator good first issue A simple issue to start with labels Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue A simple issue to start with simulator Quint simulator
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@konnov @bugarela