Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Array terms are blasted apart and reassembled inefficiently #420

Open
brianhuffman opened this issue Apr 23, 2019 · 1 comment
Open

Array terms are blasted apart and reassembled inefficiently #420

brianhuffman opened this issue Apr 23, 2019 · 1 comment
Labels
performance Issues that involve or include performance problems subsystem: crucible-jvm Issues related to Java verification with crucible-jvm subsystem: crucible-llvm Issues related to LLVM bitcode verification with crucible-llvm subsystem: crucible-mir Issues related to Rust verification with crucible-mir and/or mir-json type: bug Issues reporting bugs or unexpected/unwanted behavior
Milestone
Someday

Comments

@brianhuffman
Copy link
Contributor

Proof goals are often seen in saw-script with subterms that look like [x@0, x@1, x@2, x@3, x@4, x@5, x@6, x@7]. These arise when we use overrides that have inputs and outputs of array types. When this expansion happens repeatedly the terms get rather large and slow.

Here is an example that shows the problem in crucible-llvm:

#include <stdint.h>

void next (int len, uint32_t *x) {
	for (int i = len-1; i > 0; i--) {
		x[i] += x[i-1];
	}
}

void nextn (int n, int len, uint32_t *x) {
	for (int i = 0; i < n; i++) {
		next(len, x);
	}
}

bc <- llvm_load_module "arrayoverride.bc";

let len = 20;
let i32 = llvm_int 32;
let arr = llvm_array len i32;
let l = crucible_term {{ `len:[32] }};

let {{
  next : [len][32] -> [len][32]
  next x = x + (x >> 1)
}};

next_ov <- crucible_llvm_verify bc "next" [] false
  do {
    x <- crucible_fresh_var "x" arr;
    px <- crucible_alloc arr;
    crucible_points_to px (crucible_term x);
    crucible_execute_func [l, px];
    crucible_points_to px (crucible_term {{ next x }});
  }
  z3;

let nextn_ov num =
  crucible_llvm_verify bc "nextn" [next_ov] false
  do {
    x <- crucible_fresh_var "x" arr;
    px <- crucible_alloc arr;
    crucible_points_to px (crucible_term x);
    let n = {{ `num:[32] }};
    crucible_execute_func [crucible_term n, l, px];
    crucible_points_to px (crucible_term {{ iterate next x @ n }});
  }
  do {
    print_goal;
    unint_z3 ["next"];
    //assume_unsat;
  };

time (nextn_ov 10);
time (nextn_ov 20);
time (nextn_ov 40);

The problem also shows up various subgoals (e.g. mul) in the crucible-jvm version of the ecdsa proof, whereas the old-style jss proof doesn't have this problem. (See also #399.)
brianhuffman pushed a commit that referenced this issue Apr 24, 2019
Use scVectorReduced when resolving array values in crucible_llvm_ve…
dba90fc 
…rify.

This fixes part of #420: The problem is fixed for crucible_llvm_verify,
but does not help with crucible_jvm_verify.
This was referenced Apr 24, 2019
Merged
Closed
@atomb atomb added this to the 1.0 milestone Apr 30, 2019
@brianhuffman brianhuffman added the subsystem: crucible-jvm Issues related to Java verification with crucible-jvm label Jun 6, 2019
@atomb atomb modified the milestones: 1.0, 0.4 Oct 1, 2019
@atomb atomb modified the milestones: 0.4, 1.0 Oct 18, 2019
@atomb atomb modified the milestones: 0.5, 0.6 Apr 16, 2020
@atomb atomb modified the milestones: 0.6, 0.7 Aug 6, 2020
@brianhuffman
Copy link
Contributor Author

Issue #863 seems related to this.

@brianhuffman brianhuffman self-assigned this Oct 16, 2020
@brianhuffman brianhuffman added the subsystem: crucible-llvm Issues related to LLVM bitcode verification with crucible-llvm label Oct 16, 2020
@atomb atomb modified the milestones: 0.7, 0.8 Dec 14, 2020
@atomb atomb modified the milestones: 0.8, 0.9 Apr 19, 2021
@atomb atomb removed this from the 0.9 milestone Sep 14, 2021
@sauclovian-g sauclovian-g added type: bug Issues reporting bugs or unexpected/unwanted behavior performance Issues that involve or include performance problems subsystem: crucible-mir Issues related to Rust verification with crucible-mir and/or mir-json labels Oct 29, 2024
@sauclovian-g sauclovian-g added this to the Someday milestone Oct 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
performance Issues that involve or include performance problems subsystem: crucible-jvm Issues related to Java verification with crucible-jvm subsystem: crucible-llvm Issues related to LLVM bitcode verification with crucible-llvm subsystem: crucible-mir Issues related to Rust verification with crucible-mir and/or mir-json type: bug Issues reporting bugs or unexpected/unwanted behavior
Projects
None yet
Milestone
Someday
Development

No branches or pull requests
3 participants
@atomb @brianhuffman @sauclovian-g