-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added JSON manifest with CI validation #61
Conversation
Could you please add comments to the python scripts for others to know what they do? |
@lemmy all specs are now automatically parsed by SANY. There were two with problems: ewd998, which runs into a naming collision between the TLAPS and community modules. Specifically Functions.tla; it tries to use operators in the Community version of Functions.tla, while also importing various modules from the TLAPS standard library (which itself includes a Functions.tla that doesn't have those operators). SumSequence.tla, which uses some definitions from the TLAPS SequenceTheorems module that seemingly no longer exist. I hardcoded those as exceptions in the python script, so it continues to parse all the existing specs and will parse any newly-submitted specs until those are fixed. There were two other specs that required small changes to successfully parse, including one from Specifying Systems - although strangely this same error is not present in the book, just the spec downloads. I emailed Leslie about it. |
I can't find the issue, but the name clash with TLAPS is known. IIRC |
I confirm that the name clash between the TLAPS standard theorem library and some of the Community Modules (in particular Functions) is known and should be fixed in the long overdue release of TLAPS. As for SequenceTheorems, they were split into two modules such that SequenceTheorems only contains lemmas about operators defined in the standard Sequences module of TLA+ and SequencesExtTheorems contains lemmas about additional operators, defined in SequencesExt. I made the corresponding change to module SumSequence and also fixed some of the proofs in that module (some that should never have passed and some bit rot). |
Hmmm, maybe it would be a good idea for me to run TLAPS against all the modules with proofs, too. Although perhaps some modules contain proofs written for documentary reasons that are not detailed enough to be formally verified. |
Don't worry, I'll probably be able to fix proofs faster if they are broken. |
I saw something like |
https://github.com/tlaplus/tlaplus/blob/master/general/performance/measure.tla shows how to check different models/specs without any extra dependency such as python. (CommunityModules' json module could be used to read the manifest). This approach could subsume run.sh and check_small_models.py. |
@lemmy this work is now at a point where it would be good to merge. Given the number of commits it seems like a good idea to squash it before merging. |
This repo mainly serves as a "comprehensive example library demonstrating how to specify an algorithm in TLA+". Thus, having correct metadata is a "should," not a "must". This PR raises the bar for contributions by mandating contributors to write JSON and locally install python tooling. Will the automation allow contributors to contribute just a single spec file, or will this cause problems immediately or for subsequent contributors? If yes, I suggest adding a I'm not qualified to review the python code, but I assume the scripts do what they should. |
) | ||
|
||
# All the standard modules available when using TLC | ||
tlc_modules = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The module lists below are not static. What will happen if the lists become outdated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Then you change it, this is a best-effort method of getting the community dependencies. The only alternative is self-reporting.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My question is how we can help whoever will diagnose this problem in the future. Something like a comment that says "if you see error XYZ in the CI output, add Frob to the list of modules below".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There won't be any sort of error, all that will happen is the communityModules
list will be incorrect in the json. This field is for the benefit of humans who might be interested in community module usage and isn't consumed by any tools.
@@ -0,0 +1,66 @@ | |||
""" | |||
Check all models marked as size "small" in the manifest with TLC. Small | |||
models should finish executing in less than ten seconds on the GitHub CI |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How reliable (flaky tests) is this assumption given unpredictable load on shared CI infrastructure?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pretty reliable. It finishes executing in about 2.5 minutes.
@lemmy take it or leave it, I'll maintain a fork otherwise. |
Fortunately, I'm not the only one who can review PRs in this repo. I will unassign myself. |
@lemmy all right I slept on it and it would be acceptable to add a |
I'm still concerned that constraining the length of tests based on wall-clock time could make for brittle tests. Other than that, I would like some of the python scripts to eventually become obsolete once the relevant functionality is available in the tools. At any rate, I'm but one of the reviewers of this repo. |
@lemmy the small model tests are given a timeout of 60 seconds each, but I restricted the "small" models to ones that complete in not much more than 10 seconds on the github CI machines (most complete in about 1 second) so there is plenty of margin for error. I can't make any promises about future work converting the python scripts to TLA⁺ modules. Is the other reviewer @muenchnerkindl? |
It occurred to me that I don't understand why the README has to ask the user to install and run python locally. Won't the CI validation automatically run when they push to their own fork of this repo? |
Minor: I just resolved a merge conflict in .gitignore. The |
@lemmy the CI will validate that the JSON is correct. Users will need to add details about their specs to the JSON. They can do this manually but running the python script will get them most of the way there by filling out whatever it can and setting plausible default values. We could possibly run the python JSON generation script in the CI itself and commit the changes to the branch for the user to then pull and modify, but that might run into write access issues because the PR branch usually lives in the user's fork. |
# Attempted to select nonexistent field "traces" from record | ||
'specifications/ewd426/SimTokenRing.cfg', | ||
# Initial error cannot find TLAPS; if fixed, cannot find property "Stable" | ||
'specifications/ewd998/AsyncTerminationDetection_proof.cfg', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for catching that error: there is no reason to run TLC on AsyncTerminationDetection_proof. I added the properties that were checked here to the configuration file for module AsyncTerminationDetection and removed that configuration file.
# The following are bugs that should be fixed: | ||
|
||
# Attempted to access index 0 of tuple <<>> | ||
'specifications/SpecifyingSystems/AdvancedExamples/MCInnerSerial.cfg', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed the formula that raised the exception during liveness checking.
# Attempted to access index 0 of tuple <<>> | ||
'specifications/SpecifyingSystems/AdvancedExamples/MCInnerSerial.cfg', | ||
# Attempted to select nonexistent field "traces" from record | ||
'specifications/ewd426/SimTokenRing.cfg', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This issue must be due to the evaluation of TLCGet("stats").traces. I couldn't find a documentation of what TLCGet("stats") returns. @lemmy?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@muenchnerkindl f6de57f and fca6a17 have taken care of TLCGet("stats")
, which - by the way - exposes TLC's progress statistics.
@lemmy @muenchnerkindl so if the .ciignore feature is implemented will this be merged? If so I will implement it, but won't spend more time on this otherwise. |
@ahelwer I am afraid we didn't express ourselves clearly enough: we highly welcome your effort to raise the standard of the examples collection, and your work has already found a number of issues in existing contributions. So yes, we'll be happy to accept your PR. Experience will tell if installing the ancillary tools proves to be too burdensome for future contributors: adding the .ciignore feature as suggested by @lemmy will allow them to bail out. Of course, our hope is that not a lot of people will use it. We also hope that you'll be willing to maintain the Python scripts in case of problems. |
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Addresses part of Github issue #65 #65 Also see comment #65 (comment) [Doc] Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
…d spurious configuration file for AsyncTerminationDetection_proof Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: merz <stephan.merz@loria.fr> Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
Signed-off-by: Andrew Helwer <2n8rn1w1f@mozmail.com>
@lemmy @muenchnerkindl added |
What is wrong here?
https://github.com/tlaplus/Examples/actions/runs/4661865936/jobs/8251615026?pr=75 |
@lemmy missing the features property, it says that |
After adding one more empty
|
You added the EWD998 directory to CI ignore but then kept those files in the manifest, that's why it's failing. I don't think adding EWD998 to CI ignore is a good idea btw. It passes basically all the steps except the parse, for which it has a hardcoded exception. |
What is the CWD when TLC is invoked? |
repo root |
Closes #57
Closes #8