-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bitblasting of multipliers differs wildly between Cryptol and SAW #1788
Comments
Cryptol multiplication gets translated to |
I think I found the issue. Even though the C and Cryptol agree on order of arguments (see here):
The transformation from C -> LLVM -> SAWCore swaps the order to
I don't have |
I wonder if the symbolic execution of |
One can inspect that LLVM bitcode by compiling it with
From this, we know that the multiplication still puts the Your hunch about the reordering occurring during the C -> LLVM -> SAWCore pipeline. More specifically, it happens during the translation from LLVM bitcode to What4 to SAWCore. What4 aggressively optimizes intermediate expressions to put them into a sort of normal form. (Usually, this normal form is amenable to easier treatment by SMT solvers.) This can be seen in this What4 program: {-# LANGUAGE DataKinds #-}
{-# LANGUAGE GADTs #-}
{-# LANGUAGE TypeApplications #-}
module Main where
import qualified Data.BitVector.Sized as BVS
import Data.Foldable (forM_)
import System.IO (FilePath)
import Data.Parameterized.Nonce (newIONonceGenerator)
import Data.Parameterized.Some (Some(..))
import What4.Config
import What4.Expr
import What4.Interface
import What4.Solver
import What4.Protocol.SMTLib2
main :: IO ()
main = do
Some ng <- newIONonceGenerator
sym <- newExprBuilder FloatIEEERepr EmptyExprBuilderState ng
let w = knownNat @32
x <- freshConstant sym (safeSymbol "x") (BaseBVRepr w)
let cBV = BVS.mkBV w 0x85EBCA77
putStrLn $ "c = " ++ show cBV
c <- bvLit sym w cBV
putStrLn "c on the left"
r1 <- bvMul sym c x
print $ printSymExpr r1
putStrLn "c on the right"
r2 <- bvMul sym x c
print $ printSymExpr r2 Regardless of which side of the
On the other hand, Having never really used
|
Thanks for delving into this.
It's not just Also, I'm not 100% sure it's just
|
If that's the case, then why do
Here we use ABC's Boolean Matching command that does PP-equivalence (http://www.eecs.umich.edu/~imarkov/pubs/conf/date10-match.pdf)
|
Yes, having commands like
Very confusingly, I'm not even sure In contrast, I am reasonably certain that
Hah, this turns out to be yet another case of misleadingly named functions! So yes, I do expect that the use of What4 explains much of the difference between the outputs of |
Note that |
#1828 is a related issue that discusses the issue of |
also see #906, which is somewhat related, and I would have sworn there was another issue talking about using what4 to simplify terms but I can't find it now. |
Perhaps you are thinking of #1436? In particular, #927 would also address part (2) of this comment in that issue. |
Yes, I think that must be the one I was thinking of. |
Consider the following C function:
We can compile the code to LLVM like so:
We then create AIGs from this and an identical function in Cryptol like so:
These two AIGs are wildly different, making them very difficult to prove equivalent. We can see their different structure using abc:
The bitblasted AIG from SAW is multiplying via some process I can't identify, whereas the Cryptol AIG seems to be using standard full adder chain (the
17(b,c,d)
is a MUX, and+
is XOR).When I look at the sawscript representation of both I get:
Could it be that
bvMul
andecMul
are using different bitblasting methods?To reach farther - let me strongly suggest bitblasting methods between Cryptol primitives and SAW primitives be synced to make property testing between spec and implementation easier for backend solvers.
The text was updated successfully, but these errors were encountered: