tla-checker 0.3.9

A TLA+ model checker written in Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

use std::sync::Arc;

use crate::ast::Env;
use crate::ast::{Spec, State, Value};
use crate::checker::format_value;
use crate::eval::{Definitions, eval, make_primed_names};

pub(super) fn eval_repl(
    input: &str,
    current: &State,
    spec: &Spec,
    env: &Env,
    defs: &Definitions,
) -> String {
    let expr = match crate::parser::parse_expr(input) {
        Ok(e) => e,
        Err(e) => return format!("Parse error: {}", e.message),
    };

    let mut eval_env = env.clone();
    for (i, var) in spec.vars.iter().enumerate() {
        if let Some(val) = current.values.get(i) {
            eval_env.insert(var.clone(), val.clone());
        }
    }

    match eval(&expr, &mut eval_env, defs) {
        Ok(val) => format!("= {}", format_value(&val)),
        Err(e) => format!("Error: {:?}", e),
    }
}

pub(super) fn test_hypothesis(
    guard_expr: &str,
    history: &[(State, Option<Arc<str>>)],
    current: &State,
    spec: &Spec,
    env: &Env,
    defs: &Definitions,
) -> String {
    let expr = match crate::parser::parse_expr(guard_expr) {
        Ok(e) => e,
        Err(e) => return format!("Parse error: {}", e.message),
    };

    let mut blocked_transitions: Vec<(usize, String)> = Vec::new();
    let primed_vars = make_primed_names(&spec.vars);

    let mut prev_state = if let Some((first_state, _)) = history.first() {
        first_state.clone()
    } else {
        return "No history to test hypothesis against".to_string();
    };

    for (i, (next_state, action)) in history
        .iter()
        .skip(1)
        .chain(std::iter::once(&(current.clone(), None)))
        .enumerate()
    {
        let mut eval_env = env.clone();
        for (vi, var) in spec.vars.iter().enumerate() {
            if let Some(val) = prev_state.values.get(vi) {
                eval_env.insert(var.clone(), val.clone());
            }
            if let Some(val) = next_state.values.get(vi) {
                eval_env.insert(primed_vars[vi].clone(), val.clone());
            }
        }

        match eval(&expr, &mut eval_env, defs) {
            Ok(Value::Bool(true)) => {}
            Ok(Value::Bool(false)) => {
                let action_name = action
                    .as_ref()
                    .map(|a| a.to_string())
                    .unwrap_or_else(|| "(unnamed)".to_string());
                blocked_transitions.push((i, action_name));
            }
            Ok(other) => return format!("Hypothesis must evaluate to Bool, got {:?}", other),
            Err(e) => return format!("Error evaluating hypothesis: {:?}", e),
        }

        prev_state = next_state.clone();
    }

    if blocked_transitions.is_empty() {
        format!(
            "Hypothesis '{}' would NOT have blocked any transitions",
            guard_expr
        )
    } else {
        let mut result = format!(
            "Hypothesis '{}' would have blocked {} transition(s):\n",
            guard_expr,
            blocked_transitions.len()
        );
        for (i, action) in blocked_transitions.iter().take(5) {
            result.push_str(&format!(
                "  State {} -> {}: {} would be BLOCKED\n",
                i,
                i + 1,
                action
            ));
        }
        if blocked_transitions.len() > 5 {
            result.push_str(&format!(
                "  ... and {} more\n",
                blocked_transitions.len() - 5
            ));
        }
        result.push_str("\nBug might have been prevented!");
        result
    }
}