January 2025 Monthly Development Update
You’re reading the TLA⁺ Foundation monthly development update. Here we summarize the past month of development for the benefit of Foundation patrons and interested members of the community. While things did slow down over the holidays compared to the blockbuster December update, we do have some material to cover. If your contribution was missed or some important part of it that wasn’t captured in the summary, worry not! These newsletters will be published monthly so it’s easy to hop on the next train; open an issue here.
If you’re interested in getting involved in the TLA⁺ community:
- Learn TLA⁺ starting here!
- Read the mailing list here!
- Join the monthly virtual community meetings here!
- Start hacking on the tools themselves here!
Let’s start with some interesting non-coding-related developments & announcements:
- The TLA⁺ Community Event 2025 talk submission deadline is coming up soon, on February 7th. The conference will be co-located with ETAPS 2025 in Hamilton, Ontario, Canada on May 4th, 2025. Get your submissions in soon!
- East of the Atlantic, ABZ 2025 - the 11th International Conference on Rigorous State-Based Methods - will take place from June 10th to 13th of 2025 in Düsseldorf, Germany. TLA⁺-related submissions are welcome and the submission deadline is also fast approaching, on February 3rd.
- Murat Demirbas wrote a nice blog post about using tla-web to learn & explore an unfamiliar TLA⁺ spec.
Now on to coding-related community developments:
- Federico Ponzi and Hillel Wayne landed a number of bugfixes in the TLA⁺ VS Code extension, such as fixing reporting of PlusCal labels.
- Karolis Petrauskas wrote some fixes for the TLA⁺ Proof Manager (TLAPM) parser, fixing a bug in the level-checker’s handling of quantifier bounds and another bug in the semantic resolver’s handling of
USE
statements. He also updated the TLA⁺ language server (which uses TLAPM’s parser) to surface proof obligations generated byUSE
steps, and fixed the long-lived updated_enabled_cdot branch to ensure it works with the LSP. - Finn Hackett contributed a fix supporting the emerging use case of validating implementation logging data with TLC, the inverse of model-based testing where TLC generates traces that the system is driven along. This requires efficiently reading structured data into TLC, most often using the binary TLC state format. The community modules expose de/serialization routines for this format. The fix enabled reading arbitrary string values from the state format, not only those that were generated during initial model checking and thus present in the string interning table. Finn also proposed an extension from the current ASCII string format to UTF-8.
- Longtime TLA⁺ Tools maintainer Markus Kuppe collaborated with Andrew Helwer on a PR to support breakpoint expressions in the TLA⁺ debugger, explored finitizing specifications of monotonic systems, and investigated some fingerprint duplication issues arising during long-running model checking (1, 2).
Finally, things Andrew Helwer (author of this post) worked on - all funded by the TLA⁺ Foundation!
- The December community meeting had a long & spirited discussion about the future of the various TLA⁺ parsers (mostly about whether to transition all tools onto a single parser), so I attempted to capture these thoughts in a long RFC. I also opened a RFC to get the ball rolling on standardizing the TLA⁺ file format, which in turn led to questions about the standardization process itself which I tried to summarize here.
- December was all about getting familiar with the semantic part of the Java-based TLA⁺ parser, called SANY; I was already familiar with the syntax part due to past work adding support for Unicode math symbols. To that end I collaborated with Markus Kuppe to add support for breakpoint expressions in the TLA⁺ debugger, which required the novel functionality of adding new expressions to an existing model, at runtime. Beyond the actual value of the feature itself this was very helpful for developing my understanding of SANY’s semantic & level-checking components, and even offered a tantalizing glimpse into the next level - the interpreter!
- I contributed some minor fixes to SANY such as removing some annoying global static state (1, 2, 3) and converting some existing unit test corpuses to use JUnit’s parameterized test functionality (1, 2).
- I started prototyping what a modern SANY API would look like; with the discussion of transitioning TLAPM onto SANY, and with two existing consumers from Apalache and the tlaplus-formatter, the day is dawning where SANY isn’t just something used by the TLC model-checker. There’s even demand from TLC itself for a more flexible SANY API, as we found with the debugger work. This month will be all about building a semantic test corpus to drive the design of this API, which I hope will be finalized shortly thereafter.
Newbie Corner
Here we pick one issue to highlight that would be a good choice for new contributors!
This month it’s fixing the PlusCal CLI -labelRoot
option.
PlusCal is a language that automatically transpiles to TLA⁺.
The CLI exposes a few parameters to control this output, and one of them determines the name of the root next-state relation; this parameter wrongfully accepts arbitrary string input instead of ensuring the given name is a valid TLA⁺ identifier.
The fix would require raising an error in the parameter parsing function if the user provides an invalid identifier.
Last month’s highlighted starter issue has not yet been claimed; it’s also a good choice!