This page collects known issues that were reported by the users.
Deadlock detection is imprecise. It may report false negatives, see Issue 711.
Affected versions: <= 0.15.x
Planned fix: Issue 712
Given a record with a type declaration specifying n fields, if that record is
given more than n fields and the specification includes an EXCEPT expression
that updates the record, Apalache may be unable to check the specification.
In the following example, the variable m is given the type of a record with
1 field (namely a), but it is then assigned to a record with 2 fields
(namely a and foo).
VARIABLE
\* @type: [a: Int];
m
Init == m = [a |-> 0, foo |-> TRUE]
Next ==
\/ m' = m
\/ m' = [m EXCEPT !.a = 0]Given the current (unsound) typing discipline Apalache uses for records, this
specification is not considered incorrectly typed. However, due to the update
using EXCEPT in the Next operator, the specification cannot be checked.
Affected versions: <= 0.15.x
Planned fix: Issue 401
Add the foo field to the variable's type signature:
VARIABLE
\* @type: [a: Int, foo: Bool];
m
Init == m = [a |-> 0, foo |-> TRUE]
Next ==
\/ m' = m
\/ m' = [m EXCEPT !.a = 0]When using an integer range a..b, where a or b aren't constant
(or cannot be simplified to a constant),
the current encoding fails (see Issue 425):
---------- MODULE Example ----------
EXTENDS Integers
VARIABLE
\* @type: Int;
x
\* @type: (Int) => Set(Int);
1to(n) == 1..n
Init == x = 1
Next == x' = x + 1
Inv == 1 \in { m: a \in 1to(x) }
====================Affected versions: All
Planned fix: Not in the near future
Pick constant bounds Nmin and Nmax, such that Nmin <= a <= b <= Nmax, then use
range(a,b) == { x \in Nmin..Nmax: a <= x /\ x <= b }instead of a..b.
The operator Seq(S) produces an infinite set of unbounded sequences.
Hence, Apalache is not able to do anything about
this set. Consider the following snippet:
\E s \in Seq({ 1, 2, 3 }):
seq' = sAffected versions: All
Planned fix: Not in the near future
If you know an upper bound on the length of sequences you need, which is often the case when checking one model, you can work around this issue by using Apalache.Gen:
EXTENDS Apalache
...
LET s == Gen(10) IN
/\ \A i \in DOMAIN s:
s[i] \in { 1, 2, 3 }
/\ seq' = sIn the above example, we instruct Apalache to introduce an unrestricted sequence
that contains up to 10 elements; this is done with Gen.
We further restrict the sequence to contain the elements of { 1, 2, 3 }.
However, note that our workaround only works for bounded sequences, whereas
Seq({ 1, 2, 3 }) is the set of all sequences whose elements come from { 1, 2, 3 }.