Hunting a 16-year-old SQLite WAL bug with TLA+

(ubuntu.com)

155 points | by peterparker204 3 days ago

8 comments

  • romaaeterna 9 minutes ago
    I don't like the title. The article actually describes the process of proving that dqlite does not have the same bug as SQLite, using a TLA+ specification. The SQLite bug fix was entirely separate from what is described here.
  • hackingonempty 8 hours ago
    TLA+ = formal language for modeling software above the code level and hardware above the circuit level by Leslie Lamport (of vector clock and Paxos fame, among other things.)

    https://lamport.azurewebsites.net/tla/tla.html

    • mike_hock 5 hours ago
      So there's \in, \subseteq and probably many others that are written just like in Latex. Notably \cap and \cup were also copied from Latex, which describe the shape of the symbol instead of its meaning. But not \to, \mapsto, \Vee and \Wedge, they're written as ASCII art ->, |->, \/ and /\.

      Then there's SUBSET, which means power set ... yeah. -_-

      • groovy2shoes 4 hours ago
        Leslie Lamport is also the original creator of LaTeX.
  • letFunny 3 hours ago
    Author of the article here. I am surprised to see the post was submitted and made it to the front page! Happy to answer any questions
    • buggymcbugfix 1 hour ago
      Thanks for the nice article. The SQLite docs that explain this bug are emphatic about how utterly rare, even irreproducible it is. How, then, was it found, one wonders?
      • letFunny 37 minutes ago
        My guess is that they noticed something was not quite right when inspecting the code and then tested their hypothesis manually to see if it was actually a real bug.

        Something similar happened to me when I was working on some code that should clear the state and, by inspection, I noticed some field was not properly cleared under specific circumstances. Then I tested the hypothesis and indeed found a bug. Sometimes intuition and guessing is what it takes.

    • stevekemp 3 hours ago
      "to prevent multiple from" seems to be missing a word.
  • vatsachak 4 hours ago
    Gotta love TLA+

    I wonder if anyone has worked on porting it to Lean and making tactics for it

    • uptodatenews 4 hours ago
      You run into Rices theorem if you try to apply it too heavily.

      I made https://github.com/RCSnyder/tlaplus-process-studio

      https://tlaplus-process-studio.com/

      For local only high level modelling. Its not a full tie into the actual model checker, but its meant to serve as a first step into system modelling for state machine modelling for beginners

    • another_twist 2 hours ago
      i am not sure if a lean port is important. TLA+ could do with a bit more TLC (pun intended) with regards its devEx.

      Also congratulations to the author, I'll try and reproduce this over the weekend.

  • mateenah 2 hours ago
    [flagged]
  • peterparker204 3 days ago
    [flagged]
  • tomiow 1 hour ago
    [flagged]
  • hnloser 2 hours ago
    [flagged]