Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relayer TLA+: Support for running Apalache #224

Merged
merged 6 commits into from
Sep 15, 2020
Merged

Relayer TLA+: Support for running Apalache #224

merged 6 commits into from
Sep 15, 2020

Conversation

istoilkovska
Copy link
Contributor

@istoilkovska istoilkovska commented Sep 9, 2020
edited
Loading

Closes: #165

Description

Added support for running Apalache on the relayer spec. Currently, we can check the invariant ICS18Inv up to 9 steps with Apalache, for height 2 and two concurrent relayers.
Most of the changes are done in RelayerDefinitions.tla, where the appropriate types and operators for type annotattions are defined. These are then used in various places throught the spec.

Note: the branch is called ilina/packets, but there isn't any support for packet handling yet.

For contributor use:

  • Unit tests written
  • Added test to CI if applicable
  • Updated CHANGELOG_PENDING.md
  • Linked to Github issue with discussion and accepted design OR link to spec that describes this work.
  • Updated relevant documentation (docs/) and code comments
  • Re-reviewed Files changed in the Github PR explorer

@istoilkovska istoilkovska self-assigned this Sep 9, 2020
konnov
konnov reviewed Sep 9, 2020
View reviewed changes
Copy link

@konnov konnov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow. So you did not have to comment out code in the end? How long does it take apalache to check 10 steps?

adizere
adizere reviewed Sep 10, 2020
View reviewed changes
Copy link
Member

@adizere adizere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The spec looks amazing, but the complexity is above my level, so it's difficult to review.

Maybe it would be a good idea to have a call where Ilina offers a walk-through some parts of the design here, because I don't understand it enough to leave meaningful PR comments.

docs/spec/relayer/PacketHandlers.tla Outdated Show resolved Hide resolved
docs/spec/relayer/RelayerDefinitions.tla Show resolved Hide resolved
docs/spec/relayer/RelayerDefinitions.tla Show resolved Hide resolved
@istoilkovska
Copy link
Contributor Author

Wow. So you did not have to comment out code in the end? How long does it take apalache to check 10 steps?

Apalache gets killed at 10 steps. I'm able to check 9 steps on my machine, in 49 min. TLC checks the spec with the same constant values, up to diameter 38, in 3 min 😐

@konnov
Copy link

konnov commented Sep 10, 2020

Did you try to increase the parameters and see, whether it degrades?

How about proving an inductive invariant with Apalache. Do you think it would be an insane task?

@milosevic
Copy link
Contributor

If we can model check it with TLC, I think that's fine. We should wrap this up and work on packets.

@ebuchman ebuchman mentioned this pull request Sep 11, 2020
Closed
4 tasks
@istoilkovska istoilkovska merged commit 4877ee9 into master Sep 15, 2020
@istoilkovska istoilkovska deleted the ilina/packets branch September 15, 2020 14:56
hu55a1n1 pushed a commit to hu55a1n1/hermes that referenced this pull request Sep 13, 2022
@istoilkovska
Relayer TLA+: Support for running Apalache (informalsystems#224)
d43e560 
* expriments with apalache

* apalache file

* Type annotations for Apalache

* apalache type annotations

* final apalache type annotations

* removed PacketHandlers.tla and dependencies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@konnov konnov konnov left review comments

@adizere adizere adizere left review comments

@milosevic milosevic milosevic approved these changes

@ancazamfir ancazamfir Awaiting requested review from ancazamfir

@romac romac Awaiting requested review from romac

Assignees

@istoilkovska istoilkovska

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Run experiments with APALACHE on the Relayer TLA+ spec
4 participants
@istoilkovska @konnov @milosevic @adizere