Improve TLC checker script to be more flexible

[see-quick]

This PR changes a bit of the script where the TLC checker is needed.

./check_with_tlc.sh --files ewd426.qnt,ewd426_3.qnt,ewd426_4.qnt --temporal convergence,closure,persistence --invariant tokenInv
[2025-03-14 09:43:28] [INFO]: Processing ewd426.qnt...
[2025-03-14 09:43:30] [INFO]: Running TLC for ewd426.tla...
[2025-03-14 09:43:41] [INFO]: Model checking succeeded for ewd426.tla
[2025-03-14 09:43:41] [INFO]: Processing ewd426_3.qnt...
[2025-03-14 09:43:43] [INFO]: Running TLC for ewd426_3.tla...
[2025-03-14 09:43:44] [INFO]: Model checking succeeded for ewd426_3.tla
[2025-03-14 09:43:44] [INFO]: Processing ewd426_4.qnt...
[2025-03-14 09:43:46] [INFO]: Running TLC for ewd426_4.tla...
[2025-03-14 09:43:47] [INFO]: Model checking succeeded for ewd426_4.tla
[2025-03-14 09:43:47] [INFO]: All files processed successfully.

Usage:

Usage: ./check_with_tlc.sh --files FILE1.qnt,FILE2.qnt [--invariant INV1,INV2] [--temporal TEMP1,TEMP2] [--apalache-jar JAR_PATH]

Now, one could change the use parameters to provide a better experience.

• Tests added for any new code
• Documentation added for any new functionality
• Entries added to the respective CHANGELOG.md for any new functionality

[bugarela]

This part here is the trickiest to generalize. The EWD426 spec has this init:

  /// Initialize all nodes with non-deterministic states
  action init = all {
    nondet initial = 0.to(N).setOfMaps(0.to(K - 1)).oneOf()
    system' = initial
  }

which in TLA+ becomes:

ewd426_3_self_stabilization_three_state_init ==
  (\E ewd426_3_self_stabilization_three_state_initial \in [(0
      .. ewd426_3_self_stabilization_three_state_N)
      -> (0 .. 2)]:
      ewd426_3_self_stabilization_three_state_system'
        := ewd426_3_self_stabilization_three_state_initial)

Where self_stabilization_three_state is the name of the module that instantiates ewd426.

So this substitution here is very specific to ewd426, which also only has one state variable and therefore requires a single substitution.

It will probably be easier to fix this inside Quint: when compiling to --target=tlaplus, replace assignments inside init with equalities. This will be required for the TLC integration anyway, so it's a more permanent fix.

I feel like I should try and make that change on Quint now, as that fix in combination with this amazing script improvements can get us to a pretty decent TLC integration.

[bugarela]

Ok, I managed to do something: #1613

I rushed this a bit and I'm not yet sure it covers all cases. Will have to write some tests and all. We can then remove this part of the script 😄

[see-quick]

Ok, I managed to do something: #1613. I rushed this a bit and I'm not yet sure it covers all cases. Will have to write some tests and all. We can then remove this part of the script 😄

Sure, no rush, take your time :)).

[bugarela]

I pushed some changes to drop the perl substitution that is no longer needed after #1613 was merged, and moving the new general script to a general folder.

I hope to soon find some time to incorporate this into Quint so we can quint verify --backend=tlc or something like that. Thanks for your contribution!