RequirementMachine: Add more limits to catch runaway computation, and fix a bug #82321
+198
−38
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
slavapestov
requested review from
hborla,
artemcm,
tshortli,
DougGregor and
xedin
as code owners
…ncrete type requirements The concrete nesting limit, which defaults to 30, catches things like A == G<A>. However, with something like A == (A, A), you end up with an exponential problem size before you hit the limit. Add two new limits. The first is the total size of the concrete type, counting all leaves, which defaults to 4000. It can be set with the -requirement-machine-max-concrete-size= frontend flag. The second avoids an assertion in addTypeDifference() which can be hit if a certain counter overflows before any other limit is breached. This also defaults to 4000 and can be set with the -requirement-machine-max-type-differences= frontend flag.
The implementation of Knuth-Bendix completion has had a subtle bookkeeping bug since I first wrote the code in 2021. It is possible for two rules to overlap in more than one position, but the ResolvedOverlaps set was a set of pairs (i, j), where i and j are the index of the two rules. So overlaps other than the first were not considered. Fix this by changing ResolvedOverlaps to a set of triples (i, j, k), where k is the position in the left-hand side of the first rule. The end result is that we would incorrectly accept the protocol M3 shown in the test case. I'm pretty sure the monoid that M3 encodes does not have a complete presentation over any alphabet, so of course it should not be accepted here.
|
@swift-ci Please smoke test |
|
@swift-ci Please test source compatibility |
|
@swift-ci Please smoke test macOS |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The fuzzer found a couple of issues where we were missing termination limits to prevent runaway computation.
Also, we incorrectly accepted this protocol below, and proceeded to prove nonsense about it, because of a book-keeping bug in Knuth-Bendix completion. If two rules overlap at more than one position, we would only resolve the critical pair at the first position. Oops!
In a hypothetical world where this protocol is accepted, all of the same() calls should also be accepted because each equivalence holds under the protocol's same-type requirements. (You can work this out by hand even). Today, we diagnose that the last three calls to same() have mismatched argument types.
The correct behavior is to reject M3 because it doesn't actually have a finite complete presentation over any alphabet: