Hunting a 16-year-old SQLite WAL bug with TLA+

(ubuntu.com)

201 points | by peterparker204 3 days ago

9 comments

  • hackingonempty 16 hours ago
    TLA+ = formal language for modeling software above the code level and hardware above the circuit level by Leslie Lamport (of vector clock and Paxos fame, among other things.)

    https://lamport.azurewebsites.net/tla/tla.html

  • letFunny 12 hours ago
    Author of the article here. I am surprised to see the post was submitted and made it to the front page! Happy to answer any questions
    • sennalen 7 hours ago
      You’re in a desert walking along in the sand when all of the sudden you look down, and you see a tortoise, it’s crawling toward you. You reach down, you flip the tortoise over on its back. The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over, but it can’t, not without your help. But you’re not helping. Why is that?
      • Groxx 5 hours ago
        Because that would reverse flipping it over the first time, and our universe's physics are not reversible. Thermodynamics demands the turtle stay flipped.
      • _doctor_love 4 hours ago
        What’s a tortoise?
        • erikerikson 1 hour ago
          A turtle-like animal that only lives on land.
        • wowczarek 2 hours ago
          You know what a turtle is? Same thing, Leon.
    • buggymcbugfix 9 hours ago
      Thanks for the nice article. The SQLite docs that explain this bug are emphatic about how utterly rare, even irreproducible it is. How, then, was it found, one wonders?
      • bradfitz 4 hours ago
        We found it at Tailscale and bought an enterprise support contract from SQLite to debug it for us. Worth every penny.

        We should probably blog about it.

        • doctorpangloss 4 hours ago
          What mission critical purpose does sqlite provide at Tailscale exactly? Why use it at all?
          • akoboldfrying 42 minutes ago
            It's in Chrome, Firefox, Safari, Windows 10, macOS because it efficiently solves a huge number of use cases while giving plenty of headroom for flexible querying.

            If you have data more complicated than a single CSV or tab-separated text file that you will only ever process in sequential order, and you don't need inter-process interaction, you should be asking why not use SQLite.

      • letFunny 8 hours ago
        My guess is that they noticed something was not quite right when inspecting the code and then tested their hypothesis manually to see if it was actually a real bug.

        Something similar happened to me when I was working on some code that should clear the state and, by inspection, I noticed some field was not properly cleared under specific circumstances. Then I tested the hypothesis and indeed found a bug. Sometimes intuition and guessing is what it takes.

    • stevekemp 11 hours ago
      "to prevent multiple from" seems to be missing a word.
    • keynha 4 hours ago
      [dead]
  • romaaeterna 8 hours ago
    I don't like the title. The article actually describes the process of proving that dqlite does not have the same bug as SQLite, using a TLA+ specification. The SQLite bug fix was entirely separate from what is described here.
  • vatsachak 12 hours ago
    Gotta love TLA+

    I wonder if anyone has worked on porting it to Lean and making tactics for it

    • uptodatenews 12 hours ago
      You run into Rices theorem if you try to apply it too heavily.

      I made https://github.com/RCSnyder/tlaplus-process-studio

      https://tlaplus-process-studio.com/

      For local only high level modelling. Its not a full tie into the actual model checker, but its meant to serve as a first step into system modelling for state machine modelling for beginners

    • another_twist 11 hours ago
      i am not sure if a lean port is important. TLA+ could do with a bit more TLC (pun intended) with regards its devEx.

      Also congratulations to the author, I'll try and reproduce this over the weekend.

  • mempko 3 hours ago
    This is so cool and I wonder how effective it would be using this technique when using LLMs to generate code. Have the llm generate code and a TLA+ model. Use the TLA+ model as the test bed of the code (instead of writing tests in the original language).
  • mateenah 10 hours ago
    [flagged]
  • tomiow 10 hours ago
    [flagged]
  • peterparker204 3 days ago
    [flagged]
  • hnloser 10 hours ago
    [flagged]