Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

assume is not propagated to Apalache #1450

Open
konnov opened this issue May 29, 2024 · 4 comments
Open

assume is not propagated to Apalache #1450

konnov opened this issue May 29, 2024 · 4 comments

Comments

@konnov
Copy link
Contributor

konnov commented May 29, 2024

Consider assumes.qnt:

module assumes {
    const N: int
    const F: int

    var msgs: Set[str]

    assume Majority = N > 3 * F

    action init = {
        msgs' = Set()
    }

    action step = {
        msgs' = msgs
    }
}

module instance {
    import assumes(N = 2, F = 1).*
}

Running quint verify does not result into any warnings or error messages, even though the assumption of Majority is obviously violated:

$ quint verify --main=instance --invariant=inv assumes.qnt
@romac
Copy link
Member

romac commented Aug 21, 2024
edited
Loading

@bugarela From what I can tell, the Majority assume is present in the typechecked AST but not in the LookupTable returned by parsePhase3importAndNameResolution, and is subsequently lost after flattening.

@bugarela
Copy link
Collaborator

Yes @romac, anything not used is discarded in flattening. Here, init and step are implicitly used, because the default values of --init and --step options match them and therefore we "add" them to the main module for simulation.

I think the problem with assume is actually bigger than this: we don't do anything with assumptions at all, not even in the Quint side. If we implement some assumption checking in the simulator, we will need to make sure it is in the lookup table and flattened modules, and therefore it will end up being sent to Apalache.

@romac
Copy link
Member

romac commented Aug 23, 2024

Yes @romac, anything not used is discarded in flattening. Here, init and step are implicitly used, because the default values of --init and --step options match them and therefore we "add" them to the main module for simulation.

Right, so I guess a potential solution would be to implicitly reference or copy all assumptions from imported modules?

I think the problem with assume is actually bigger than this: we don't do anything with assumptions at all, not even in the Quint side. If we implement some assumption checking in the simulator, we will need to make sure it is in the lookup table and flattened modules, and therefore it will end up being sent to Apalache.

What I would suggest doing is first ensure we do not loseassumptions in the first place, so that they will be passed along to Apalache already. Then we can figure out how to check them during simulation. Would that work for you?

@romac
Copy link
Member

romac commented Aug 23, 2024

I believe I managed to implement assumptions checking in the simulator, but of course right it only works if the assumption is in the main module: #1487

@romac romac mentioned this issue Aug 23, 2024
Draft
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@romac @konnov @bugarela