Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to prove SPDM spec #767

Closed
jklmnn opened this issue Sep 8, 2021 · 10 comments
Closed

Unable to prove SPDM spec #767

jklmnn opened this issue Sep 8, 2021 · 10 comments
Labels
bug valid? Check whether the ticket is (still) valid

Comments

@jklmnn
Copy link
Member

jklmnn commented Sep 8, 2021
edited
Loading

I tried to prove our current spec for SPDM. The proof was done with the generated code, spec and project file in spdm.tar.gz. The results are included in spdm.log.
@jklmnn jklmnn added the bug label Sep 8, 2021
@kanigsson
Copy link
Collaborator

I can reproduce this. SPARK just slowly eats all memory. The --memory-limit switch doesn't help because it's SPARK itself (and not the provers) that eats the memory. This requires SPARK work to check where the inefficiencies arise.

@kanigsson kanigsson mentioned this issue Oct 12, 2021
Closed
@kanigsson
Copy link
Collaborator

@jklmnn Could you try again with the change I merged on #811? I would be curious to know if gnatprove proceeds any further.

@jklmnn
Copy link
Member Author

jklmnn commented Nov 5, 2021

I ran the prove again with the commit 0c040681337d4c8a7a9a4dd0231289cc72391c5c from SPDM and dd4eb1b from RecordFlux. This is the result:
spdm.tar.gz.

The general memory usage seems to have improved, with -j48 it's most of the time using ~130GB (instead of >250GB before). However there is a single gnatwhy3 process running eating the whole 1TB until the proof stops.

@kanigsson
Copy link
Collaborator

kanigsson commented Nov 8, 2021
edited
Loading

Great, thanks! I can see that the proofs of the various Reset_Dependent_Fields procedures still take ages. I think we can apply to the body of the procedure the same optimization that I applied to the postcondition - replace the large body by a loop. I will create a new ticket and try that this week.

@kanigsson kanigsson mentioned this issue Nov 8, 2021
Closed
@kanigsson
Copy link
Collaborator

@jklmnn Let's try again :-) The changes on #840 should speed things up, please let me know how this goes.

@jklmnn
Copy link
Member Author

jklmnn commented Nov 11, 2021

spdm.tar.gz
As far as I could tell it took even less memory than the last time. However it also took longer (the reason might also be that it crashes later). The log size is roughly the same, but still full of out of memory errors. Unfortunately I didn't look at the right times so I can't tell you if there was a process eating up all the memory at the end. For most of the time I think we were even in a 1GB/process boundary.

@kanigsson
Copy link
Collaborator

I can still see the old code generation there ... can you please make sure you have RecordFlux commit 9bd0260 and try again?

@jklmnn
Copy link
Member Author

jklmnn commented Nov 16, 2021

I forgot to pull the latest commit. spdm.tar.gz is hopefully up to date now.

@kanigsson
Copy link
Collaborator

Thanks. Forgot to say that I am now able to generate the code myself from the SPDM repo directly.

@kanigsson kanigsson self-assigned this Nov 17, 2021
@treiher treiher mentioned this issue Jan 19, 2022
Closed
31 tasks
@senier senier added the valid? Check whether the ticket is (still) valid label Aug 24, 2022
@senier
Copy link
Member

senier commented Aug 30, 2022

Not a RecordFlux ticket.

@senier senier closed this as not planned Won't fix, can't repro, duplicate, stale Aug 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug valid? Check whether the ticket is (still) valid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kanigsson @senier @jklmnn