-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Incorrect rewrite of a simple program #1008
Comments
What is the input that produces incorrect result (what's the input, what is the expected output, and what output do you see instead)? Without having looked too much at your code, it is definitely possible for bounded verification to say the rewrite is equivalent when it is not equivalent for all possible inputs. In particular, as the name suggest, the strategy explores a bounded set of executions, so any execution beyond this bound remain completely unchecked. |
Your verification strategy isn't doing anything -- the bounded verifier
can't look at that loop because it's doing too many iterations.
Berkeley
…On Mon, Nov 4, 2019, 10:57 Stefan Heule ***@***.***> wrote:
What is the input that produces incorrect result (what's the input, what
is the expected output, and what output do you see instead)?
Without having looked too much at your code, it is definitely possible for
bounded verification to say the rewrite is equivalent when it is not
equivalent for all possible inputs. In particular, as the name suggest, the
strategy explores a *bounded* set of executions, so any execution beyond
this bound remain completely unchecked.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1008?email_source=notifications&email_token=AAE4N2N5SLGH3GQ56WCG64TQSBIAFA5CNFSM4JIVR4V2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEC76R6A#issuecomment-549447928>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAE4N2NJQFQZGAMKFXBICETQSBIAFANCNFSM4JIVR4VQ>
.
|
The input to the loop is 10000. I am trying to find out if stoke can optimize cases which look complex to begin with but are actually very simple. In this case, the input program has a loop, but it can be replaced with a simple instruction. |
Any help here? Still got the output "yes" |
I haven't had time to analyze this carefully but my guess is that this
verification problem is one where bounded validators cannot "see" the
difference between the two programs. Bounded verification is inherently
unsound.
What's the smallest input that demonstrates the two programs are
different? My guess is that it's greater than the bounds you've tried, and
hence the validator can't find it. To optimize such a program, I'd suggest
adding more test cases, especially including tests with different bit
patterns.
…On Mon, Nov 11, 2019, 21:38 anuragsiy7504 ***@***.***> wrote:
Any help here?
I even tried the following verification command:
stoke debug verify --def_in "{ %edi }" --live_out "{ %eax }" --target
bins/_Z5counti.s --rewrite result.s --abi_check --strategy bounded --bound
1024
Still got the output "yes"
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1008?email_source=notifications&email_token=AAE4N2JBEFKLZ5Z7RUJAOPLQTI6N5A5CNFSM4JIVR4V2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEDZC6YI#issuecomment-552742753>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAE4N2ODX4X5FHHRB7QVZSLQTI6N5ANCNFSM4JIVR4VQ>
.
|
Any number which is greater than 16bits, leads to a mismatch. |
Exactly -- in order for the bounded verifier to see the programs are not
equivalent, the bound needs to be greater than 2^16. That's because if the
bound is B it only checks inputs that finish withing B loop iterations.
You could try setting the bound to 66,000 or something like that, but
usually that will take too long. Fortunately this is a simple example so
it might actually scale find, but for complex programs sometimes we can't
even push it past bound 2! This is a good example of why the bounded
validator isn't sound.
There's some discussion of this general phenomenon in the ASPLOS 2017
paper: stoke uses test cases to find a fast program on those particular
tests, and this can lead to over fitting. We use a bounded validator to
then find new test cases to add. But, even if the rewrite passes the
bounded validator, we need a sound validator to fully verify equivalence.
…On Sat, Nov 16, 2019, 06:06 anuragsiy7504 ***@***.***> wrote:
Any number which is greater than 16bits, leads to a mismatch.
I used the stoke_tcgen to generate test cases.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1008?email_source=notifications&email_token=AAE4N2IRU2TD3OD5AHV73FDQT747HA5CNFSM4JIVR4V2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEEHSJII#issuecomment-554640545>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAE4N2OYPOZCAYN7KGCQBNLQT747HANCNFSM4JIVR4VQ>
.
|
Hello,
I am trying to optimise the following program:
The Function extracted by stoke is:
The rewrite discovered by stoke is:
The stoke debug verify command :
stoke debug verify --def_in "{ %edi }" --live_out "{ %eax }" --target bins/_Z5counti.s --rewrite result.s --abi_check --strategy bounded --bound 64
Returns : Equivalent: yes
But on incorporating the rewrite into the original program produces incorrect results.
Is my understanding correct here?
The text was updated successfully, but these errors were encountered: