Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accelerate some lemmas in rabbitmq proof #352

Merged
merged 12 commits into from
Oct 20, 2023
Merged

Accelerate some lemmas in rabbitmq proof #352

merged 12 commits into from
Oct 20, 2023

Conversation

euclidgame
Copy link
Contributor

@euclidgame euclidgame commented Oct 17, 2023
edited
Loading

This PR tries to accelerate some time-consuming lemmas in the proof of rabbitmq controller. The approaches and observations are as follows:

  • Break down the proof into multiple methods. Suppose we have a lemma_a which runs for $n$ seconds. We can move part of it into a new lemma lemma_b and call lemma_b inside lemma_a. Then lemma_a and lemma_b run for $n'$ and $m$ seconds separately. The interesting thing is that usually $n'+m < n$.
  • Make the lemma simpler. We tend to carry multiple things using one lemma (one spec in most cases) if they can be easily proved together. However, sometimes this makes things worse. We can first prove the part that is independent of the rest and get a simpler lemma first. This lemma can be an illustration.
  • Try to reduce the possible instantiations of each universal quantifiers. When proving a lemma, we use other lemmas to assist. If the lemmas to help contain universal quantifiers, we have weaken their domains to those we actually use (sometimes remove the quantifiers). Here is an example.
  • Take care of the assertions and their ordering. We used to think adding more assertions would help to remind the verifier of some predicates and then make verification faster. But it poses more burden sometimes. And the order of assertions also makes a difference. About the assertions here, I swap the two assertions or change them into
assert(local_step.is_AfterKRequestStep() && local_step.get_AfterKRequestStep_0() == ActionKind::Get);
assert(local_step_prime.is_AfterKRequestStep() && local_step_prime.get_AfterKRequestStep_0() == ActionKind::Update);

or

assert(local_step.is_AfterKRequestStep());
assert(local_step_prime.is_AfterKRequestStep());

, then the time is (greatly) increased. (I don't really know why).

@euclidgame euclidgame changed the title Break down some lemmas in rabbitmq proof Break down and accelerate some lemmas in rabbitmq proof Oct 17, 2023
@euclidgame
Divide some lemmas
f3684a1 
Signed-off-by: Wenjie Ma <[email protected]>
@euclidgame
Break down some lemmas
1b3db59 
Signed-off-by: Wenjie Ma <[email protected]>
@euclidgame
Accelerate no_delete_request
93e4121 
Signed-off-by: Wenjie Ma <[email protected]>
@euclidgame
Add .gitignore
f70d7bb 
Signed-off-by: Wenjie Ma <[email protected]>
@euclidgame
Make some lemmas private
52e3c4a 
Signed-off-by: Wenjie Ma <[email protected]>
@euclidgame
Break down object_in_every_resource_create_or_update_request_msg_only…
d35b737 
…_has_valid_owner_references_helper

Signed-off-by: Wenjie Ma <[email protected]>
@euclidgame euclidgame force-pushed the optimize-rabbitmq-proof branch from 3bd211e to d35b737 Compare October 18, 2023 02:24
@euclidgame
Add spinoff
500d813 
Signed-off-by: Wenjie Ma <[email protected]>
@euclidgame
Delete comments
9baa35e 
Signed-off-by: Wenjie Ma <[email protected]>
@euclidgame
Delete useless spec
fe125db 
Signed-off-by: Wenjie Ma <[email protected]>
@euclidgame euclidgame marked this pull request as ready for review October 18, 2023 02:55
@marshtompsxd
Copy link
Collaborator

@euclidgame could you document how you improve the verification time in the description?

@tianyin
Copy link
Member

tianyin commented Oct 18, 2023

Good point. I think it can even be something to report in the paper.

@euclidgame euclidgame changed the title Break down and accelerate some lemmas in rabbitmq proof Accelerate some lemmas in rabbitmq proof Oct 18, 2023
@tianyin
Copy link
Member

tianyin commented Oct 18, 2023

The summary is fantastic! Good job @euclidgame

Could you also give some quantitative numbers so we know how much time each effort saves?

@euclidgame
Copy link
Contributor Author

@tianyin , I am not sure how to do it. In my view, the saved time is more related to the concrete lemmas rather than the approach (effort) type. Can you elaborate on what you want?

What I can get is the running time of each lemma and the total verification time before and after this PR.

@tianyin
Copy link
Member

tianyin commented Oct 18, 2023

What I can get is the running time of each lemma and the total verification time before and after this PR.

Yes. That's exactly what I was hoping to see! :)

@marshtompsxd
Copy link
Collaborator

@euclidgame Do you have more commits to push? Otherwise I will merge it

@marshtompsxd marshtompsxd added this pull request to the merge queue Oct 19, 2023
@euclidgame euclidgame removed this pull request from the merge queue due to a manual request Oct 19, 2023
@tianyin tianyin added this pull request to the merge queue Oct 20, 2023
Merged via the queue into main with commit b884eef Oct 20, 2023
11 checks passed
@marshtompsxd marshtompsxd mentioned this pull request Oct 30, 2023
Merged
@marshtompsxd marshtompsxd deleted the optimize-rabbitmq-proof branch November 21, 2023 20:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marshtompsxd marshtompsxd Awaiting requested review from marshtompsxd

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@euclidgame @marshtompsxd @tianyin