Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Sets becoming unconstrained after set minus operation #1152

Closed
rodrigo7491 opened this issue Dec 6, 2021 · 0 comments · Fixed by #1153
Closed

[BUG] Sets becoming unconstrained after set minus operation #1152

rodrigo7491 opened this issue Dec 6, 2021 · 0 comments · Fixed by #1153
Assignees
@rodrigo7491
Labels
bug Farrays Feature: New SMT encoding with arrays
Milestone
X1: Arrays Encoding

Comments

@rodrigo7491
Copy link
Collaborator

Description

In the arrays encoding, when set minus is used it leaves the updated set unconstrained. This is due to a break in the chain of SSA constraints.

Input specification

This bug was found when testing the encoding with SetSndRcv.tla.

The command line parameters used to run the tool

check --inv=Inv --smt-encoding=arrays --length=4 --cinit=CInit4 SetSndRcv.tla

Expected behavior

No invariant violation.

Additional context

Counter-example generated:

---------------------------- MODULE counterexample ----------------------------

EXTENDS SetSndRcv

(* Constant initialization state *)
ConstInit == Values = { 0, 1, 2, 3, 4 }

(* Initial state *)
State0 ==
  Values = { 0, 1, 2, 3, 4 }
    /\ medium = {}
    /\ receiver = {}
    /\ sender = { 0, 1, 2, 3, 4 }

(* Transition 0 to State1 *)
State1 ==
  Values = { 0, 1, 2, 3, 4 }
    /\ medium = {0}
    /\ receiver = {}
    /\ sender = { 1, 2, 3, 4 }

(* Transition 1 to State2 *)
State2 ==
  Values = { 0, 1, 2, 3, 4 }
    /\ medium = {0}
    /\ receiver = {}
    /\ sender = {}

(* Transition 1 to State3 *)
State3 == Values = { 0, 1, 2, 3, 4 }/\ medium = {}/\ receiver = {}/\ sender = {}

(* The following formula holds true in the last state and violates the invariant *)
InvariantViolation == sender = {} /\ medium = {} /\ receiver = {}

================================================================================
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rodrigo7491 rodrigo7491

Labels
bug Farrays Feature: New SMT encoding with arrays
Projects
None yet
Milestone
X1: Arrays Encoding
Development

Successfully merging a pull request may close this issue.

Fix the use of oracles in the arrays encoding apalache-mc/apalache
2 participants
@rodrigo7491 @shonfeder