Re-defined constants are not "in-lined" but re-evaluated on *every*

invocation
(needs more aggressive constant propagation).

Addresses Github issue #648
#648

[Feature][TLC]

general/performance/PaxosMadeSimple/MC.tla

@@ -28,7 +28,7 @@ Permutations(const_144139943710210000) \union Permutations(const_144139943711311
 
 \* CONSTANT definitions @modelParameterConstants:2Quorum
 const_144139943713313000 == 
-{Q \in SUBSET Acceptor : Cardinality(Q) > Cardinality(Acceptor)\div 2}
+TLCEval({Q \in SUBSET Acceptor : Cardinality(Q) > Cardinality(Acceptor)\div 2})
 ----
 
 \* CONSTANT definition @modelParameterDefinitions:1

general/performance/stats.R

@@ -6,6 +6,10 @@ data <- read.csv(header=TRUE, sep = "#", file = here("out_run-stats.csv"))
 ## a commit only changes auxiliary files.
 ## Replace git commit short-hash f91... with df1...
 data[data == "f91c7b0"] <- "df144c5"
+data[data == "46de326"] <- "df144c5"
+
+
+data[data == "0f6a80b"] <- "1eb600d"
 data[data == "0b93602"] <- "1eb600d"
 
 ## Convert epoch to date.
@@ -30,6 +34,7 @@ s <- scatterD3(data = data,
                xlab = "RevTag", ylab = "log(Time&Throughput)", 
                col_var=Spec
                )
+plot(s)
 
 library(htmlwidgets)
 saveWidget(s, file="index.html")

tlatools/org.lamport.tlatools/src/tlc2/module/TLC.java

@@ -444,18 +444,19 @@ public static Value Any()
      * @param val
      * @return
      */
-    public static Value  TLCEval(Value val) {
-        Value  evalVal = val.toSetEnum();
-        if (evalVal != null) {
-            return evalVal;
-        }
-        evalVal = val.toFcnRcd();
-        if (evalVal != null) {
-            return evalVal;
-        }
-        // System.out.println("TLCEval gets no conversion");
-        return val;
-    }
+//    public static Value  TLCEval(Value val) {
+//        Value  evalVal = val.toSetEnum();
+//        if (evalVal != null) {
+//            return evalVal;
+//        }
+//        evalVal = val.toFcnRcd();
+//        if (evalVal != null) {
+//            return evalVal;
+//        }
+//        // System.out.println("TLCEval gets no conversion");
+//        return val;
+//    }
+
     /*
     public static Value FApply(Value f, Value op, Value base) {
       FcnRcdValue fcn = f.toFcnRcd();

tlatools/org.lamport.tlatools/src/tlc2/module/TLCBuiltInOverrides.java

@@ -34,6 +34,6 @@ public class TLCBuiltInOverrides implements ITLCOverrides {
 	@SuppressWarnings("rawtypes")
 	@Override
 	public Class[] get() {		
-		return new Class[] { TLCGetSet.class, TLCExt.class, Json.class };
+		return new Class[] { TLCGetSet.class, TLCEval.class, TLCExt.class, Json.class };
 	}
 }

tlatools/org.lamport.tlatools/src/tlc2/module/TLCEval.java

@@ -0,0 +1,131 @@
+/*******************************************************************************
+ * Copyright (c) 2022 Microsoft Research. All rights reserved.
+ *
+ * The MIT License (MIT)
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is furnished to do
+ * so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+ * AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * Contributors:
+ *   Markus Alexander Kuppe - initial API and implementation
+ ******************************************************************************/
+package tlc2.module;
+
+import java.util.concurrent.locks.ReadWriteLock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+
+import tla2sany.semantic.ExprOrOpArgNode;
+import tla2sany.semantic.LevelConstants;
+import tlc2.overrides.Evaluation;
+import tlc2.tool.TLCState;
+import tlc2.tool.coverage.CostModel;
+import tlc2.tool.impl.Tool;
+import tlc2.tool.impl.WorkerValue;
+import tlc2.util.Context;
+import tlc2.value.ValueConstants;
+import tlc2.value.impl.Value;
+
+public class TLCEval implements ValueConstants {
+
+	public static final long serialVersionUID = 20220105L;
+
+	private static final ReadWriteLock lock = new ReentrantReadWriteLock();
+
+	private static Value convert(final Value eval) {
+		// Legacy implementation of TLCEval taken from TLC.java
+		Value evalVal = eval.toSetEnum();
+		if (evalVal != null) {
+			return evalVal;
+		}
+		evalVal = eval.toFcnRcd();
+		if (evalVal != null) {
+			return evalVal;
+		}
+		return eval;
+	}
+
+	/**
+	 * Implements TLCEval, which causes TLC to eagerly evaluate the value. Useful
+	 * for preventing inefficiency caused by lazy evaluation defeating efforts at
+	 * common subexpression elimination.
+	 */
+	@Evaluation(definition = "TLCEval", module = "TLC", warn = false, silent = true)
+	public static Value tlcEval(final Tool tool, final ExprOrOpArgNode[] args, final Context c, final TLCState s0,
+			final TLCState s1, final int control, final CostModel cm) {
+		// TLCEval has a single parameter:
+		final ExprOrOpArgNode arg = args[0];
+
+		if (arg.getLevel() > LevelConstants.ConstantLevel) {
+			// For a non-constant expression, all we can do is to evaluate
+			// and convert the value according to the old implementation
+			// of TLCEval.
+			// Since there is no sharing going on, there is no need to deal
+			// with WorkerValue here.
+
+			// The value that a constant-level expression evaluates to is stored in the
+			// semantic graph. 
+			// For a state-level formula, the value could be kept in a transient member
+			// of the state.  This effort doesn't seem worth it, though.
+			return convert(tool.eval(arg, c, s0, s1, control, cm));
+		} else if (!c.isEmpty()) {
+			// If a constant expression has a context, e.g. a parameter, we
+			// cannot cache the value.
+			return convert(tool.eval(arg, c, s0, s1, control, cm));
+		}
+
+		return tlcEvalConst(tool, arg, cm);
+	}
+
+	private static Value tlcEvalConst(Tool tool, ExprOrOpArgNode arg, CostModel cm) {
+		assert arg.getLevel() == LevelConstants.ConstantLevel;
+
+		lock.readLock().lock();
+
+		// Read with ReadLock
+		Object obj = WorkerValue.mux(arg.getToolObject(tool.getId()));
+		if (obj != null) {
+			// Return the cached value.
+			try {
+				return (Value) obj;
+			} finally {
+				lock.readLock().unlock();
+			}
+		}
+
+		// Slow-path below. Note that ReentrantRWLock deadlocks when
+		// upgrading a read to a write-lock, but we don't need this here.
+		lock.readLock().unlock();
+
+		lock.writeLock().lock();
+		try {
+			// Re-read with WriteLock in case another thread obtained
+			// the write lock while this thread waited.
+			obj = WorkerValue.mux(arg.getToolObject(tool.getId()));
+			if (obj != null) {
+				return (Value) obj;
+			}
+
+			// Create/Write the value!
+			Value eval = (Value) WorkerValue.demux(tool, arg, cm);
+			eval = convert(eval);
+			arg.setToolObject(tool.getId(), eval);
+			return eval;
+		} finally {
+			lock.writeLock().unlock();
+		}
+	}
+}

tlatools/org.lamport.tlatools/src/tlc2/tool/impl/SpecProcessor.java

@@ -247,8 +247,42 @@ else if (val != null && val instanceof OpDefNode) {
           if (opDef.getArity() == 0) {
             try {
             	Object defVal = WorkerValue.demux(opDefEvaluator, opDef.getBody());
-                opDef.setToolObject(toolId, defVal);
-                constantDefns.computeIfAbsent(mod, key -> new HashMap<OpDefOrDeclNode, Object>()).put(opDef, defVal);
+            	opDef.setToolObject(toolId, defVal);
+            	// https://github.com/tlaplus/tlaplus/issues/648
+            	//
+            	// Without consts[i].setTool... below, TLC re-evaluates CONSTANT definitions on
+            	// every invocation.  With consts[i].setTool..., TLC caches values.  Here is the
+            	// reason why consts[i].setTool... is commented:
+            	//
+            	// A) For "cheap" definitions such as CONSTANT N = 4, caching values makes no 
+            	//    difference.
+            	//
+            	// B) For more expensive expressions, such as PaxosMadeSimple.tla the performance
+            	//    gain is around 10%.
+            	//
+            	//    Quorum == {i \in SUBSET(Server) : Cardinality(i) * 2 > Cardinality(Server)}
+            	//
+            	//    CONSTANT Q <- Quorum
+            	//    
+            	// C) However, half of our user base expects the following spec to probabilistically
+            	//    have 2 to 4 distinct states:
+            	//
+            	//    EXTENDS TLC
+            	//    R == RandomElement({1,2,3})
+            	//    CONSTANT C
+            	//    VARIABLE x
+            	//    Spec == x = 0 /\ [][x' = C]_x
+            	//
+            	//    CONSTANT C <- R
+            	// 
+            	// Therefore, we let the user decide by giving her TLC!TLCEval to wrap expressive 
+            	// constant definitions when necessary:
+            	//
+            	//    R == TLCEval(RandomElement({1,2,3}))
+            	// 
+//            	consts[i].setToolObject(toolId, defVal);
+
+            	constantDefns.computeIfAbsent(mod, key -> new HashMap<OpDefOrDeclNode, Object>()).put(opDef, defVal);
             } catch (Assert.TLCRuntimeException | EvalException e) {
               final String addendum = (e instanceof EvalException) ? "" : (" - specifically: " + e.getMessage());
               Assert.fail(EC.TLC_CONFIG_SUBSTITUTION_NON_CONSTANT,

tlatools/org.lamport.tlatools/src/tlc2/tool/impl/WorkerValue.java

@@ -103,12 +103,18 @@ Under these two assumptions, both Workers will race to enumerate (fingerprint) `
 2) [Value#deepCopy](https://github.com/tlaplus/tlaplus/blob/63bab42e79e750b7ac033cfe7196d8f0b53e861e/tlatools/src/tlc2/value/IValue.java#L104)  - required to create the copies of V<sub>SG</sub> - is [broken for most value types](https://github.com/tlaplus/tlaplus/blob/63bab42e79e750b7ac033cfe7196d8f0b53e861e/tlatools/src/tlc2/value/impl/SubsetValue.java#L232) (can probably be fixed).
 */
 public class WorkerValue {
-
 	/*
 	 * Demuxing is supposed to be called only once per sn/opDef whereas muxing is called many many times.
 	 */    
     public static Object demux(final OpDefEvaluator spec, final ExprOrOpArgNode en) {
-        final IValue defVal = spec.eval(en, Context.Empty, TLCState.Empty, CostModel.DO_NOT_RECORD);
+    	return demux(spec, en, CostModel.DO_NOT_RECORD);
+    }
+
+	/*
+	 * Demuxing is supposed to be called only once per sn/opDef whereas muxing is called many many times.
+	 */    
+    public static Object demux(final OpDefEvaluator spec, final ExprOrOpArgNode en, final CostModel cm) {
+        final IValue defVal = spec.eval(en, Context.Empty, TLCState.Empty, cm);
     	defVal.deepNormalize();
 
     	if (defVal.mutates() && TLCGlobals.getNumWorkers() > 1) {
@@ -118,7 +124,7 @@ public static Object demux(final OpDefEvaluator spec, final ExprOrOpArgNode en)
     		for (int i = 1; i < values.length; i++) {
     			// Ideally, we could invoke IValue#deepCopy here instead of evaluating opDef again.  However,
     			// IValue#deepCopy doesn't create copies for most values.
-    			values[i] = spec.eval(en, Context.Empty, TLCState.Empty, CostModel.DO_NOT_RECORD);
+    			values[i] = spec.eval(en, Context.Empty, TLCState.Empty, cm);
     			values[i].deepNormalize();
     		}
 

tlatools/org.lamport.tlatools/test-model/Github648.cfg

@@ -0,0 +1,4 @@
+INIT Init
+NEXT Next
+INVARIANT Inv
+CONSTANT Graph <- TestGraph

tlatools/org.lamport.tlatools/test-model/Github648.tla

@@ -0,0 +1,51 @@
+	--------------------- MODULE Github648 -----------------------------
+EXTENDS TLC, Naturals, Sequences, FiniteSets
+
+BoundedSeqTLCEval(S, n) ==
+  \* The TLCEval here must not cache the value, because it depends on the
+  \* context, ie. S and n.
+  UNION {TLCEval([1..m -> S]) : m \in 0..n}
+
+ASSUME Cardinality(BoundedSeqTLCEval(BoundedSeqTLCEval({1,2}, 2), 2)) = 57
+
+-----------------------------------------------------------------------------
+BoundedSeq(S, n) ==
+  UNION {[1..m -> S] : m \in 0..n}
+
+-----------------------------------------------------------------------------
+DirectedGraphs(nodes) ==
+    [edge : SUBSET (nodes \X nodes)]
+
+TestGraph ==
+    \* The definition of TestGraph is evaluated multiple times.  If the def.
+    \* involves TLC!RandomElement or Randomization!* the invariant Inv below
+    \* will be violated *without* the TLCEval.
+    TLCEval(
+    	LET g == RandomElement(DirectedGraphs(1..3)) 
+    	IN [ edge |-> g.edge \cup {<<1,1>>} ]
+    )
+
+-----------------------------------------------------------------------------
+CONSTANT Graph
+
+VARIABLE v, w
+vars == <<v, w>>
+
+Init ==
+    /\ v \in Graph.edge
+    /\ w \in Graph.edge
+
+Next ==
+    /\ v' \in Graph.edge
+    /\ w' \in Graph.edge
+
+Inv ==
+    /\ v \in Graph.edge
+    /\ v \in TestGraph.edge
+    /\ w \in Graph.edge
+    /\ w \in TestGraph.edge
+    /\ TLCEval(Cardinality(
+    	TLCEval(BoundedSeq(
+    		TLCEval(BoundedSeq({1,2,3}, 3)), 3)))) = 65641
+
+=============================================================================