Performance issue with :prove #1000
Comments
|
Looking at the SMTLib output from these two prove commands, I don't see any obvious reason these problems would be significantly different. The exact ordering and numbering of subterms differs slightly, but that seems to be about it, from a quick glance. I'm guessing this is down to some details of the solver's search strategy that happens to do better with one formulation over the other. For what it's worth, using |
|
I took a look at the LUP algorithm. I don't see any obvious slam-dunk improvements to this algorithm that immediately jump out. In one of the comments you speculate that using However, I will say that I expect the pivoting steps will be very expensive in the symbolic simulators (for |
|
Thank you for you quick replies. I verified that using w4-z3 is much faster. Amazing. The prove command was extremely useful while debugging the code. It quickly returned useful counterexamples that help me find and fix mistakes. And when it didn't return quickly, I got a good feeling. Since Friday, I had a machine trying to prove 3 X 3 matrix inverse is correct. I killed Z3 and restarted using w4-z3. I noticed that time reported my cryptol process used little CPU time, but a lot of elapse time. Are you sure cryptol is waiting properly when Z3 is killed? Shouldn't cryptol still be changed Z3's CPU time? |
|
I believe that Cryptol spins up z3 as an external process (think C’s |
|
I had this problem with a program I wrote that used Z3 as an external process. I had to patch a module to fix the problem. The end of the source file shows what I did. |
|
Process handling is a complicated topic... but I think this is expected behavior. If I remember correctly, solver processes are started in a separate process group, which is necessary for reliable signal handling, and this causes their CPU time to be accounted separately. That might also be OS-specific, I'm not sure. |
robdockins
added
performance
|
I see, so the code I showed probably didn't create the Z3 process in a separate process group, and that allowed me to collect the missing CPU time using waitForProcess. I tested my code on Linux, and on that platform, I think I remember the CPU time was collected by my Haskell program even when Z3 was killed, but I cannot be sure. I never checked the behavior on any other OS. As you say, handling all OSs is why process handling gets complicated. |
|
Because I was curious, I implemented this LUP module on GF(2) (aka booleans) just to see how the matrix operations could scale on the simplest field. I got reasonable results for proving LUPCorrect up to At any rate, we seem to be climbing a very steep exponential curve. As I mentioned above, I suspect that pivoting is the main culprit here. |
|
This is a very interesting result. Thank you for sharing it. |
robdockins
added
the
What4/SBV
|
I don't think there are any other obvious improvements to be had here. |
I have an odd performance issue with :prove in Cryptol 2.10.0. If I specify a property by negating a boolean and combining it using short cut or with another boolean expression, I get a proof much faster than when I rewrite the property by removing the negation and using short cut implication instead. Logically, these two should be exactly the same. I did the obvious test that in fact short cut implication is in fact short cut in the interpreter, and of course it passes that test. I have enclosed a ZIP file that demonstrates the bug. The README explains the contents.
lup.zip
The text was updated successfully, but these errors were encountered: