Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace struct impl of Invariant by Arbitrary #1401

Merged
merged 3 commits into from
Jul 27, 2022
Merged

Replace struct impl of Invariant by Arbitrary #1401

merged 3 commits into from
Jul 27, 2022

Conversation

celinval
Copy link
Contributor

@celinval celinval commented Jul 22, 2022
edited
Loading

Description of changes:

We have recently realized that implementing Invariant of Option, Result and array has a limitation. This is not sufficient to generate arbitrary values of types that only implements Arbitrary.

Thus, implement Arbitrary instead.

Resolved issues:

N/A. Related to #1394

Call-outs:

Testing:

  • How is this change tested? New tests

  • Is this a refactor change?

Checklist

  • Each commit message has a non-empty body, explaining why the change was made
  • Methods or procedures are documented
  • Regression or unit tests are included, or existing tests cover the modified code
  • My PR is restricted to a single feature or bugfix

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

@celinval
Replace struct impl of Invariant by Arbitrary
98915b1 
We have recently realized that implementing Invariant of Option, Result
and array has a limitation. This is not sufficient to generate arbitrary
values of types that only implements Arbitrary.

Thus, implement Arbitrary instead.
@celinval celinval requested a review from a team as a code owner July 22, 2022 21:31
@celinval celinval mentioned this pull request Jul 22, 2022
Merged
4 tasks
@celinval
Copy link
Contributor Author

celinval commented Jul 22, 2022
edited
Loading

I forgot to mention that I did a few experiments with check_both test that I added. I changed the test to create an array with 100 elements instead.

For the arbitrary array, the performance impact with the changes in this PR was small. I tried a different implementation using MaybeUninit (similar to this example: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#initializing-an-array-element-by-element) since this would be the safest, and there was a significant penalty on the verification time. Here is the data I collected:

Verification Time:

Before Changes After Changes MaybeUninit
10.0s 10.7s 12.7s

tedinski
tedinski approved these changes Jul 26, 2022
View reviewed changes
Copy link
Contributor

@tedinski tedinski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess I don't object after sleeping on it. I think we'll reverse course later, but it's probably not important.

Please hold off on merging until after today's release maybe?

@celinval celinval merged commit 48bb306 into model-checking:main Jul 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tedinski tedinski tedinski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@celinval @tedinski