Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Super-minimal POC for bounded translation validation #7169

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Super-minimal POC for bounded translation validation #7169

wants to merge 2 commits into from

Conversation

tlively
Copy link
Member

@tlively tlively commented Dec 20, 2024

Given a source and target module, validate that the functions in the
target module are refinements of the corresponding functions in the
source module by translating the function bodies to SMT expressions and
having Z3 either prove that they are equal for all inputs or find a
counterexample showing that they are not.

This minimal proof-of-concept can already prove that this source module:

(func $test (param $x i32) (result i32)
  (i32.mul
    (local.get 0)
    (i32.const 2)
  )
)

Is refined by this target module:

(func $test (param $x i32) (result i32)
  (i32.shl
    (local.get 0)
    (i32.const 1)
  )
)

But not by this target module:

(func $test (param $x i32) (result i32)
  (i32.shl
    (local.get 0)
    (i32.const 2)
  )
)

@tlively
Update GlobalStructInference to handle atomics
26c0252 
GlobalStructInference optimizes gets of immutable fields of structs that
are only ever instantiated to initialize immutable globals. Due to all
the immutability, it's not possible for the optimized reads to
synchronize with any writes via the accessed memory, so we just need to
be careful to replace removed seqcst gets with seqcst fences.

As a drive-by, fix some stale comments in gsi.wast.
@tlively
Super-minimal POC for bounded translation validation
5c2bbb7 
Given a source and target module, validate that the functions in the
target module are refinements of the corresponding functions in the
source module by translating the function bodies to SMT expressions and
having Z3 either prove that they are equal for all inputs or find a
counterexample showing that they are not.

This minimal proof-of-concept can already prove that this source module:

```
(func $test (param $x i32) (result i32)
  (i32.mul
    (local.get 0)
    (i32.const 2)
  )
)
```

Is refined by this target module:

```
(func $test (param $x i32) (result i32)
  (i32.shl
    (local.get 0)
    (i32.const 1)
  )
)
```

But not by this target module:

```
(func $test (param $x i32) (result i32)
  (i32.shl
    (local.get 0)
    (i32.const 2)
  )
)
```
@tlively tlively requested a review from kripken December 20, 2024 06:30
@tlively tlively marked this pull request as draft December 20, 2024 16:49
kripken
kripken reviewed Dec 20, 2024
View reviewed changes
Copy link
Member

@kripken kripken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool! Nice this is so simple.

Base automatically changed from gsi-atomics to main December 20, 2024 20:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kripken kripken kripken left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tlively @kripken