Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement :resource_limit attribute #4975

Merged
merged 21 commits into from
Jan 19, 2024

Conversation

atomb
Copy link
Member

@atomb atomb commented Jan 11, 2024

Description

This is an alternative to :rlimit that doesn't multiply by 1000 before sending the value to Z3. With the addition of this new attribute, :rlimit is deprecated.

The --resource-limit flag now also passes through the value unchanged, without a multiplication. This flag is currently not used widely, so the impact of this breaking change is minimal. Verification pipelines that are affected will break immediately, and be easy to fix.

The :resource_limit attribute and --resource-limit flag now accept exponential notation to allow shorter, easier-to-read limits.

Fixes #4962.

How has this been tested?

The integration tests have been updated to use :resource_limit wherever they used :rlimit previously. Some --resource-limit and :resource_limit uses have been updated to use exponential notation.

By submitting this pull request, I confirm that my contribution is made under the terms of the MIT license.

@atomb atomb marked this pull request as ready for review January 12, 2024 18:54
@atomb atomb requested review from alex-chew and robin-aws January 12, 2024 18:54
@atomb atomb enabled auto-merge (squash) January 12, 2024 21:00
@@ -358,6 +358,27 @@ public enum IncludesModes {
).ToArray();
}

public static bool TryParseResourceCount(string value, out uint number) {
uint multiplier = 1;
if (value.EndsWith("G")) {
Copy link
Member

@keyboardDrummer keyboardDrummer Jan 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you considered using C#'s default numeric string parser with exponent notation? The notation would then be nnnExx, like 123E9. I think it might be easier to change the amount of resources using that notation, then if you need to change for example 100M into 1G

uint.TryParse(value, NumberStyles.AllowExponent, null, out var result);

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, that might be nice. Thanks for pointing it out!

@@ -358,6 +358,27 @@ public enum IncludesModes {
).ToArray();
}

public static bool TryParseResourceCount(string value, out uint number) {
Copy link
Member

@keyboardDrummer keyboardDrummer Jan 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you rename the parameter number to result ? number says something that's already known from the type.

Copy link
Member

@robin-aws robin-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Definitely in favor of this cleanup ASAP.

This flag is currently not used widely, so the impact of this breaking change is minimal.

What also makes me okay with this is that it's a hard breakage: if someone upgrades without being aware of it their verification will likely fail because their limit is suddenly 1/1000th what it was. And if it doesn't then yay, they are better protected against brittleness! :)

@@ -0,0 +1 @@
The `{:rlimit N}` attribute, which multiplied `N` by 1000 before sending it to Z3, is deprecated in favor of the `{:resource_limit N}` attribute, which can accept string arguments with exponential notation for brevity.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd also mention the change in behavior of --resource-limit

result.ErrorMessage = $"Cannot parse resource limit: {value}";
return 0;
},
false,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What parameter is this? Consider using a named argument or a comment.

@@ -1959,6 +1959,19 @@ public ExpressionTranslator(ExpressionTranslator etran, Boogie.Expr heap)
BigNum.FromUInt(Boogie.Util.BoundedMultiply((uint)litExpr.asBigNum.ToIntSafe, 1000)),
litExpr.Immutable);
}

// Do this after the above multiplication because :resource_limit should not be multiplied.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably just reject using both attributes at once. At a minimum that check would be here, but perhaps there's a cleaner spot in resolution to catch it earlier?

This is the per-method equivalent of the command-line flag `/rlimit:N`.
`{:resource_limit N}` limits the verifier resource usage to verify the method or function to `N`.

This is the per-method equivalent of the command-line flag `/rlimit:N` or `--resource-limit N`.
If using [`{:vcs_split_on_every_assert}`](#sec-vcs_split_on_every_assert) as well, the limit will be set for each assertion.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey while you're adding attribute aliases, how about {:isolate_assertions}? ;)

(Not literally in this PR of course)

@atomb
Copy link
Member Author

atomb commented Jan 17, 2024

This flag is currently not used widely, so the impact of this breaking change is minimal.

What also makes me okay with this is that it's a hard breakage: if someone upgrades without being aware of it their verification will likely fail because their limit is suddenly 1/1000th what it was. And if it doesn't then yay, they are better protected against brittleness! :)

I'll update the description (and merge message) to mention that. :)

@atomb atomb requested a review from robin-aws January 17, 2024 22:20
@atomb atomb merged commit 8480133 into dafny-lang:master Jan 19, 2024
20 checks passed
atomb added a commit to atomb/dafny that referenced this pull request Jan 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Remove multiplication of resource count by 1000
3 participants