-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fault proof part 1 #824
Fault proof part 1 #824
Conversation
This command generates fault_ids.rs which contains the ELF and Image ID of the fault checker. When ever the fault checker guest code changes, this command should be run to re-generate the ELF and Image ID values.
This is a WIP commit that's intended to get bootstrap to simply generate an image ID and elf. The actual guest code will be added in subsequent changes.
This enables risc0-zkvm to build properly. TODO: add executor changes, fault checker (without merklization), and tests
Rather than panicing, return an Error result.
When rrs encounters an error while trying to run the next instruction, this change will run the fault checker. Note: the fault checker guest code will be added in a subsequent change.
this code is temporary and does not compute the post id
expose fault monitor only for std
ed0c8be
to
337b622
Compare
Benchmark for Linux-cuda 6747cd1Click to hide benchmark
Benchmark for Linux-default
Benchmark for macOS-default 6747cd1Click to hide benchmark
Benchmark for macOS-metal
|
Benchmark for Linux-cuda
Benchmark for Linux-default
Benchmark for macOS-default
Benchmark for macOS-metal
|
Ensure that the fault proof is enabled and that there are more than one receipts at this point.
Benchmark for Linux-cuda 9fc434dClick to hide benchmark
Benchmark for Linux-default 9fc434dClick to hide benchmark
Benchmark for macOS-default
Benchmark for macOS-metal 9fc434dClick to hide benchmark
|
It's possible for the fault checker to consume multiple segments. Change the verifier logic to account for a single segment with a pre image id that is the fault checker and only allow the fault checker to exit with ExitCode::Halted(0)
Benchmark for Linux-cuda c0a5a9bClick to hide benchmark
Benchmark for Linux-default
Benchmark for macOS-default
Benchmark for macOS-metal c0a5a9bClick to hide benchmark
|
Benchmark for Linux-cuda 4d6d6f4Click to hide benchmark
Benchmark for Linux-default 4d6d6f4Click to hide benchmark
Benchmark for macOS-default 4d6d6f4Click to hide benchmark
Benchmark for macOS-metal
|
We want to make it difficult for users to mistakenly prove a faulted session. This change encapsulates faulted sessions as a part of an Err object. If the user wishes to prove a faulted session, they must explicity write code to match and extract the session from an error.
…nd tests This change adds an additional member to the VericiationError enum to represent a successful verification on a fault receipt. We want to return an Err on successful verification to ensure that those who do not intend to verifiy fault proofs do not mistakenly verify fault receipts.
Benchmark for Linux-cuda 4163fc7Click to hide benchmark
Benchmark for Linux-default 4163fc7Click to hide benchmark
Benchmark for macOS-default 4163fc7Click to hide benchmark
Benchmark for macOS-metal 4163fc7Click to hide benchmark
|
Benchmark for Linux-cuda
Benchmark for Linux-default
Benchmark for macOS-default 8cf11acClick to hide benchmark
Benchmark for macOS-metal 8cf11acClick to hide benchmark
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved! I also have a comment that it seems we will end up replacing some of this code in the near future when user recursion is available. I think with the feature flags, we can go ahead and merge as is, but removing the code from this PR that we expect not to be used later would be cleaner.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When we were discussing on Monday, we realized that if/when we rebase fault proofs onto user recursion, the changes to this file will be removed. Do you think we should remove these changes from this PR and keep the other parts, such as the guest and memory monitor code changes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I need to add the computation of the merkle root in the fault checker in a separate PR so I'll leave it in for ease of testing. I'm definitely OK with dropping all of this once we can use user recursion though!
I'm OK with either landing now and removing the verify changes when user recursion lands, or removing it now. |
Co-authored-by: Victor Graf <victor@risczero.com>
Benchmark for Linux-cuda
Benchmark for Linux-default
Benchmark for macOS-default
Benchmark for macOS-metal
|
This PR consists of part 1 of what appears in #736 This PR implements a fault checker but does not compute the post image ID. I will follow up with a PR that implements the computation of the post image ID within the fault checker guest.