Booster Description #4066
Open
Booster Description #4066
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
geo2a
force-pushed
the
booster-docs
branch
2 times, most recently
from
af650a9
to
9e7056e
Compare
jberthold
reviewed
Nov 1, 2024
Comment on lines
+143
to
+144
| - rule matching can be indeterminate. We really do not want this to happen, as it will abort rewriting and cause a fallback to Kore (or a full-stop of using the `booster-dev` server). | ||
| Common cases include unevaluated function symbols. See [match1](https://github.com/runtimeverification/haskell-backend/blob/master/booster/library/Booster/Pattern/Match.hs#L191) and look for `addIndetermiante` for the exhaustive list. |
There was a problem hiding this comment.
Good that you point out unevaluated functions. I think we should add some concrete examples here.
Comment on lines
+152
to
+160
| The requires clause check is encapsulated by the [checkRequires](https://github.com/runtimeverification/haskell-backend/blob/master/booster/library/Booster/Pattern/Rewrite.hs#L496) function defined in the `where`-clause of `applyRul`e. It will: | ||
| 1. substitute the rule's requires clause with the matching substitution | ||
| 2. check if we already have any of the conjuncts verbatim in the pattern's constrains. If so, we filter them out as known truth | ||
| 3. simplify every conjunct individually by applying equations. This is morally equivalent to sending every conjunct as to the `"simplify"` endpoint and will use the same code path, bypassing internalisation. | ||
| 4. filter again, as the simplified conjuncts may not be present verbatim in the known truth | ||
| 5. if any clauses remain, it's time to fire-up Z3 and check them for validity. | ||
| - some rule will be rejected at that point, as their pre-condition P (the `requires` clause) is invalid, which means that the rule is applicable statically, but the dynamic conditions makes it inapplicable. | ||
| - some rules may have an indeterminate pre-condition P, which means that both P and its negation are satisfiable, i.e. the solver said (SAT, SAT) for (P, not P). | ||
| - in this case we can apply this rule conditionally, but add P into the path condition We will call `not P` the _remainder condition_ of this rule and keep track of it too |
There was a problem hiding this comment.
Suggested change
| The requires clause check is encapsulated by the [checkRequires](https://github.com/runtimeverification/haskell-backend/blob/master/booster/library/Booster/Pattern/Rewrite.hs#L496) function defined in the `where`-clause of `applyRul`e. It will: | |
| 1. substitute the rule's requires clause with the matching substitution | |
| 2. check if we already have any of the conjuncts verbatim in the pattern's constrains. If so, we filter them out as known truth | |
| 3. simplify every conjunct individually by applying equations. This is morally equivalent to sending every conjunct as to the `"simplify"` endpoint and will use the same code path, bypassing internalisation. | |
| 4. filter again, as the simplified conjuncts may not be present verbatim in the known truth | |
| 5. if any clauses remain, it's time to fire-up Z3 and check them for validity. | |
| - some rule will be rejected at that point, as their pre-condition P (the `requires` clause) is invalid, which means that the rule is applicable statically, but the dynamic conditions makes it inapplicable. | |
| - some rules may have an indeterminate pre-condition P, which means that both P and its negation are satisfiable, i.e. the solver said (SAT, SAT) for (P, not P). | |
| - in this case we can apply this rule conditionally, but add P into the path condition We will call `not P` the _remainder condition_ of this rule and keep track of it too | |
| The requires clause check is encapsulated by the [checkRequires](https://github.com/runtimeverification/haskell-backend/blob/master/booster/library/Booster/Pattern/Rewrite.hs#L496) function defined in the `where`-clause of `applyRule`. It will: | |
| 1. substitute the rule's requires clause with the matching substitution | |
| 2. check if we already have any of the conjuncts verbatim in the pattern's path condition (`PC`). If so, we filter them out as known truth | |
| 3. simplify every conjunct individually by applying equations. This is morally equivalent to sending every conjunct as to the `"simplify"` endpoint and will use the same code path, bypassing internalisation. | |
| 4. check again whether any of the, now simplified, conjuncts is present verbatim in the path condition | |
| 5. if any clauses remain, check all conjuncts together with Z3 for validity given the path condition. | |
| - some rule will be rejected at that point, as their pre-condition `P` (the `requires` clause) is false given `PC`, which means that the rule is applicable statically, but the dynamic conditions makes it inapplicable. | |
| - some rules may have an indeterminate pre-condition `P`, which means that both `PC /\ P` and `PC /\ not P` are `SAT` in the solver, i.e., neither `P` nor `not P` are implied by `PC` | |
| - in this case we can apply this rule conditionally, but add `P` into the path condition We will call `not P` the _remainder condition_ of this rule and keep track of it too |
| - some rules may have an indeterminate pre-condition P, which means that both P and its negation are satisfiable, i.e. the solver said (SAT, SAT) for (P, not P). | ||
| - in this case we can apply this rule conditionally, but add P into the path condition We will call `not P` the _remainder condition_ of this rule and keep track of it too | ||
| We effectively do the same if we cannot establish the validity of P due to a solver timeout, i.e. we add the predicate as an assumption. This may potentially lead to a vacuous branch as we discover more conditions further into the rewriting process. | ||
| - some rules will have a valid requires clause, which means they definitely do apply and we do need to add anything else into the path condition as an assumption. |
There was a problem hiding this comment.
Suggested change
| - some rules will have a valid requires clause, which means they definitely do apply and we do need to add anything else into the path condition as an assumption. | |
| - some rules will have a valid requires clause, i.e., `PC => P`, which means they definitely apply and we do not need to add anything else into the path condition as an assumption. |
| See the [Booster.SMT.Interface](https://github.com/runtimeverification/haskell-backend/blob/master/booster/library/Booster/SMT/Interface.hs) module to learn more about how `Predicate`s are checked for satisfiable and validity using Z3. | ||
|
|
||
| Bottom line: | ||
| - if `requires` is UNSAT, we do not apply the rule, just if it didn't even match; |
There was a problem hiding this comment.
Suggested change
| - if `requires` is UNSAT, we do not apply the rule, just if it didn't even match; | |
| - if `requires` is found to be false, we do not apply the rule, just as if it didn't even match; |
|
|
||
| During symbolic execution, we keep track of the current path condition --- a conjunction of logical constraints that specify an equivalence class of concrete execution states. In order to prevent state explosion, it is important to only create new symbolic states that are feasible. Priority groups enable a additional mechanism for that by enabling the semantics implementer to partition rules into complete groups, and only applying lower-priority rules under the conditions where higher-priority groups are not applicable. | ||
|
|
||
| A priority group of rules gives raise to a group **coverage condition**, which is defined as a disjunction of the requires clauses of the rules in the group. If the coverage condition is valid, it means that no other rules can possibly apply. The negation of the coverage condition is called the group's coverage condition is called the **remainder condition**. The the remainder condition is unsatisfiable, then the coverage condition is valid, and the group is complete. |
There was a problem hiding this comment.
Suggested change
| A priority group of rules gives raise to a group **coverage condition**, which is defined as a disjunction of the requires clauses of the rules in the group. If the coverage condition is valid, it means that no other rules can possibly apply. The negation of the coverage condition is called the group's coverage condition is called the **remainder condition**. The the remainder condition is unsatisfiable, then the coverage condition is valid, and the group is complete. | |
| A priority group of rules gives rise to a group **coverage condition**, which is defined as a disjunction of the requires clauses of the rules in the group. If the coverage condition is valid, it means that no other rules can possibly apply. The negation of the coverage condition is called the group's **remainder condition**. If the remainder condition is unsatisfiable, then the coverage condition is valid, and the group is complete. |
|
|
||
| ### [Iterating Rules](#rewriting-many-steps) | ||
|
|
||
| Successful rule application does not trigger pattern-wide simplification, i.e. very far and make many steps without simplifying the pattern even ones. |
There was a problem hiding this comment.
Suggested change
| Successful rule application does not trigger pattern-wide simplification, i.e. very far and make many steps without simplifying the pattern even ones. | |
| Successful rule application does not trigger pattern-wide simplification, i.e. rewriting can proceed very far and make many steps without simplifying the pattern even once. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds prose documentation for Booster --- a fast symbolic rewrite engine for K.
Some of the prose and the rewriting diagram have been contributed earlier by Sam Balco.