-
Notifications
You must be signed in to change notification settings - Fork 656
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[stm] Error resilience behaves strangely with Stm.join
#9204
Comments
The semantics are a bit dubious see coq/coq#9204 and #94. This makes the example provided in #94 fail, we update the test suite.
Thanks for the detailed report. The problem is not in the error resiliency code. The problem is that CoqIDE (and sertop I imagine) reopens the broken proof after the error is returned by join. The code of join was (wrongly) assuming the current branch was master. If you join the safe environment associated to the state in which you are while fixing the proof.. well, such an env does not even contain the broken proof (it is the one after the proof that does). |
See #9206 |
Note that
so in fact sertop doesn't even know that there is a problem in a subproof. Is that supposed to happen? |
Hum, If CoqIDE reopens the proof (via an edit_at) then I believe the exception contains the right metadata. |
34 is the Stateid of the last sentence of the document, Indeed |
Hum, I'm testing without disabling error resiliency. Are you sure you are testing the same? |
Yup, the difference with my test and CoqIDE is that CoqIDE "opens" the failed proof. I don't. I am testing with the default which is is:
|
If I do coqide -debug and then hit the wheels I get this in my terminal:
|
The trace is the result of join, then CoqIDE decides to reopen the proof. |
So CoqIDE does something such as:
So my case is when I don't do |
The exception happens at point 3:
The bug, to me, is that the second time you click the gears join does not raise the same exception. I don't believe that when you call |
@gares the same behavior happens in CoqIDE, if I read the trace correctly no exception is raised the first time join is done, XML returns success indeed. |
Well, it is more subtle than that, with the default setup, finish first returns
However with As I pointed out at first, the problem seems to be in the error recovery code. After doing a little bit more of research my recommendation would be to disable it by default in 8.9, as this seems quite dangerous. cc: @silene |
It is ok that finish says ok and join error. If finish was doing all the job, then there would be no reason for join. |
Il try the other setup to see how it is still buggy. |
You are right about join not giving an error if resiliency is on (and async proofs off). When I've added error resiliency I forgot to add a silly check that no error states are there when one joins. Addressed in the same PR. If proofs are async then it is not error resiliency for command that makes Coq reach the end of the document (even if a proof is wrong) but the usual enclosure of the proof in a future in the env. Hence with async proofs on join was still finding the error. Il tombé en marche. |
I am reopening to keep track of the issues noted above and in #9206 , in particular with regards to missing context about what definitions have been added to the kernel enviroment. |
I will likely open a new bug with a more precise description, then close this one. |
CHANGES: * [general] support Coq 8.9, * [general] SerAPI now uses Dune as a build system, * [opam] install `sertop.el`, * [serlib] support to serialize kernel environments, * [serapi] new query `Env` that tries to print the current kernel environment, * [serlib] correct field names for `CAst`, * [serlib] more robust support for opaque / non-serializable types (rocq-archive/coq-serapi#61, rocq-archive/coq-serapi#68). Thanks to @palmskog, * [serlib] new option `--exn_on_opaque` to raise an exception on non-serializable types; closes rocq-archive/coq-serapi#68, thanks to @palmskog, * [serlib] serialization test-suite from https://github.com/proofengineering/serapi-tests, thanks to @palmskog, * [sercomp] add `--mode` option to better control output, * [sercomp] add `compser` for deserialization (inverse of `sercomp`) (@palmskog), * [serapi] Allow custom document creation using the `NewDoc` call. Use the `--no_init` option to avoid automatic creation on init. (@ejgallego) * [sercomp] Allow compilers to output `.vo` (@ejgallego , suggested by @palmskog) * [sercomp] Serialize top-level vernaculars with their syntactic attributes (such as location) (@ejallego) * [serapi] Add `Assumptions` query, at the suggestion of @Armael (@ejgallego) * [sercomp] Disable error resilience mode in compilers; semantics are a bit dubious see coq/coq#9204 also rocq-archive/coq-serapi#94. (@ejgallego, report by @palmskog) * [sercomp] Add `check` mode to compilers to check all proofs without outputting `.vo`. (@palmskog) * [sercomp] Add "hacky" `--quick` option to skip checking of opaque proofs. (@ejgallego, request by @palmskog) * [sercomp] Add `--async_workers` option to set maximum number of parallel async workers. (@palmskog) * [sertop] Stop linking Coq plugins statically and load `serlib` plugins when Coq plugins are loaded instead (@ejgallego, review by @palmskog) _Version 0.5.7_: * [serlib] Fixed serializers for more tactics data, add support for `ground` plugin (rocq-archive/coq-serapi#68). Thanks again to @palmskog for the report. _Version 0.5.6_: * [serlib] Fixed serializers for some tactics data (rocq-archive/coq-serapi#66) Thanks to @palmskog for the report. _Version 0.5.5_: * [serlib] Be more lenient when parsing back `Id.t` as to accommodate hacks in the Coq AST (rocq-archive/coq-serapi#64) Thanks to @palmskog for the report. _Version 0.5.4_: * [serlib] Fix critical bug in handling of abstract type (rocq-archive/coq-serapi#60) _Version 0.5.3_: * [sertop] Support for `-I` option (`--ml-include-path`). _Version 0.5.2_: * [serlib] Compatibility with OCaml 4.07.0 [problems with `Stdlib` packing] _Version 0.5.1_: * [serlib] (basic) support for serialization of the ssreflect grammar, * [serapi] `(Query () (Ast n))` is now `(Query ((sid n)) Ast)`, * [serapi] remove broken deprecated `SetOpt` and `LibAdd` commands, * [doc] Improved man page. * [js] Miscellaneous improvements on the js build. _Version 0.5.0_: * [general] support Coq 8.8, use improved document API, * [sertop] By default `sertop` will create a new document with `doc_id` 0, * [sertop] new debug options, see `sertop --help`. _Version 0.4_: * [general] support Coq 8.7 , make use of improved upstream API, * [sertop] support `-R` and `-Q` options, note the slightly different syntax wrt Coq upstream: `-R dir,path` in place of `-R dir path`, * [serlib] support serialization of generic arguments [rocq-archive/coq-serapi#41], * [serapi] `(ReadFile file)`: hack to load a completed file. _Version 0.2_: * Better Query/Object system. _Version 0.1_: * Serialization-independent protocol core, * [js] Javascript worker, * [lib] Better Prelude support, * [serlib] Full Serialization of generic arguments, * [proto] Add is not a synchronous call anymore, * [proto] Refactor into a flat command hierarchy, * [proto] More useful queries, * [proto] Guarantee initial state is 1, * [proto] Support for ltac profiling, * [proto] Printing: add depth limiting, * [proto] Better handling of options in the sexp backend. _Version 0.03_: * **[done]** Implicit arguments. * **[done]** Coq Workers support. * **[done]** Advanced Sentence splitting `(Parse (Sentence string))`, which can handle the whole document. _Version 0.02_: * **[done]** Serialization of the `Proof.proof` object. * **[done]** Improve API: add options. * **[done]** Improve and review printing workflow. * **[done]** `(Query ((Prefix "add") (Limit 10) (PpStr)) $ObjectType)` * **[done]** Basic Sentence splitting `(Parse num string))`, retuns the first num end of the sentences _without_ executing them. This has pitfalls as parsing is very stateful. * **[done]** Basic completion-oriented Search support `(Query () Names)` * **[done]** Better command line parsing (`Cmdliner`, `Core` ?) * **[partial]** Print Grammar tactic. `(Query ... (Tactics))`. Still we need to decide on: `Coq.Init.Notations.instantiate` vs `instantiate`, the issue of `Nametab.shortest_qualid_of_global` is a very sensible one for IDEs
CHANGES: * [general] support Coq 8.9, * [general] SerAPI now uses Dune as a build system, * [opam] install `sertop.el`, * [serlib] support to serialize kernel environments, * [serapi] new query `Env` that tries to print the current kernel environment, * [serlib] correct field names for `CAst`, * [serlib] more robust support for opaque / non-serializable types (rocq-archive/coq-serapi#61, rocq-archive/coq-serapi#68). Thanks to @palmskog, * [serlib] new option `--exn_on_opaque` to raise an exception on non-serializable types; closes rocq-archive/coq-serapi#68, thanks to @palmskog, * [serlib] serialization test-suite from https://github.com/proofengineering/serapi-tests, thanks to @palmskog, * [sercomp] add `--mode` option to better control output, * [sercomp] add `compser` for deserialization (inverse of `sercomp`) (@palmskog), * [serapi] Allow custom document creation using the `NewDoc` call. Use the `--no_init` option to avoid automatic creation on init. (@ejgallego) * [sercomp] Allow compilers to output `.vo` (@ejgallego , suggested by @palmskog) * [sercomp] Serialize top-level vernaculars with their syntactic attributes (such as location) (@ejallego) * [serapi] Add `Assumptions` query, at the suggestion of @Armael (@ejgallego) * [sercomp] Disable error resilience mode in compilers; semantics are a bit dubious see coq/coq#9204 also rocq-archive/coq-serapi#94. (@ejgallego, report by @palmskog) * [sercomp] Add `check` mode to compilers to check all proofs without outputting `.vo`. (@palmskog) * [sercomp] Add "hacky" `--quick` option to skip checking of opaque proofs. (@ejgallego, request by @palmskog) * [sercomp] Add `--async_workers` option to set maximum number of parallel async workers. (@palmskog) * [sertop] Stop linking Coq plugins statically and load `serlib` plugins when Coq plugins are loaded instead (@ejgallego, review by @palmskog)
Opening the following file https://github.com/ejgallego/coq-serapi/blob/b62ae5fc928fa2f098df1e2308d6e1244521d99e/tests/fail/assoc.v
in CoqIDE, then go to the end.
The problem is that
Stm.join
/finish
returns successfully even if the bad proof is there; this seems a bad interaction with the error recovery mode. Disabling it fixes the problem.Another variation of the bug is with
-async-proofs off
in CoqIDE, in this case clicking the gear will always report "All proof terms checked by the kernel".The text was updated successfully, but these errors were encountered: