Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fault proof part 1 #824

Merged
merged 43 commits into from
Sep 19, 2023
Merged

Fault proof part 1 #824

merged 43 commits into from
Sep 19, 2023

Conversation

SchmErik
Copy link
Contributor

This PR consists of part 1 of what appears in #736 This PR implements a fault checker but does not compute the post image ID. I will follow up with a PR that implements the computation of the post image ID within the fault checker guest.

@SchmErik SchmErik mentioned this pull request Aug 30, 2023
Closed
@SchmErik SchmErik requested review from flaub August 30, 2023 19:28
@SchmErik
Verifier: add proof of fault logic for flat receipts
0e1a0a0
@SchmErik
xtask: add bootstrap-fault command
b3cfea6 
This command generates fault_ids.rs which contains the ELF and Image ID of
the fault checker. When ever the fault checker guest code changes, this command
should be run to re-generate the ELF and Image ID values.
@SchmErik
add fault checker guest crate
f26a403 
This is a WIP commit that's intended to get bootstrap to simply generate an
image ID and elf. The actual guest code will be added in subsequent changes.
@SchmErik
zkvm: expose fault checker elf and image id
e35a168
@SchmErik
Executor: add case for ExitCode::Fault
f89bde2
@SchmErik
add fault checker's image ID and ELF
c9e76a8 
This enables risc0-zkvm to build properly.

TODO: add executor changes, fault checker (without merklization), and tests
@SchmErik
zkvm: add fault checker tests
ddb2590
@SchmErik
monitor: fix panic on unaligned address
d327826 
Rather than panicing, return an Error result.
@SchmErik
Executor: add plumbing to run the fault checker
2e6cc6e 
When rrs encounters an error while trying to run the next instruction, this
change will run the fault checker. Note: the fault checker guest code will be
added in a subsequent change.
@SchmErik
zkvm: Cargo.tml: change rrs-lib so that it can be used in guest code
94cda2e
@SchmErik
add fault checker guest code
ef649dc 
this code is temporary and does not compute the post id
@SchmErik
zkvm: expose fault check monitor
f1f7df1 
expose fault monitor only for std
@SchmErik
executor: pass fault monitor to fault checker guest
2002af1
@SchmErik
add fault monitor code
8918325
@SchmErik
run cargo fmt and cargo sort
217e47c
@SchmErik
update fault_ids
fc1d7ed
@SchmErik
update reproducible build image ID's
337b622
@github-actions
Copy link

Benchmark for Linux-cuda 6747cd1

Click to hide benchmark
Test Base PR %
fib/100/execute 5.2±0.09ms 5.1±0.21ms -1.92%
fib/100/prove 1209.3±10.81ms 753.7±2.64ms -37.67%
fib/100/total 1215.2±6.42ms 754.2±0.88ms -37.94%
fib/1000/execute 5.7±0.12ms 5.7±0.12ms 0.00%
fib/1000/prove 1238.5±6.48ms 785.0±0.60ms -36.62%
fib/1000/total 1241.7±6.67ms 788.7±0.73ms -36.48%
fib/10000/execute 12.0±0.15ms 11.3±0.11ms -5.83%
fib/10000/prove 3.8±0.02s 3.2±0.01s -15.79%
fib/10000/total 3.8±0.02s 3.2±0.01s -15.79%

Benchmark for Linux-default

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for macOS-default 6747cd1

Click to hide benchmark
Test Base PR %
fib/100/execute 2.8±0.08ms 2.6±0.07ms -7.14%
fib/100/prove 3.7±0.06s 3.7±0.08s 0.00%
fib/100/total 3.7±0.06s 3.7±0.05s 0.00%
fib/1000/execute 3.0±0.11ms 2.9±0.06ms -3.33%
fib/1000/prove 3.7±0.07s 3.7±0.07s 0.00%
fib/1000/total 3.7±0.05s 3.7±0.09s 0.00%
fib/10000/execute 5.9±0.17ms 5.9±0.04ms 0.00%
fib/10000/prove 15.2±0.15s 15.2±0.09s 0.00%
fib/10000/total 15.2±0.15s 15.2±0.08s 0.00%

Benchmark for macOS-metal

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

@github-actions
Copy link

github-actions bot commented Sep 7, 2023

Benchmark for Linux-cuda

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for Linux-default

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for macOS-default

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for macOS-metal

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

@SchmErik
fix verifier logic
6f74185 
Ensure that the fault proof is enabled and that there are more than one
receipts at this point.
@github-actions
Copy link

github-actions bot commented Sep 8, 2023

Benchmark for Linux-cuda 9fc434d

Click to hide benchmark
Test Base PR %
fib/100/execute 5.1±0.09ms 5.1±0.10ms 0.00%
fib/100/prove 862.4±20.72ms 842.8±8.45ms -2.27%
fib/100/total 843.9±16.61ms 842.9±14.87ms -0.12%
fib/1000/execute 5.7±0.12ms 5.7±0.11ms 0.00%
fib/1000/prove 889.4±21.78ms 861.4±12.21ms -3.15%
fib/1000/total 878.1±16.26ms 872.3±12.12ms -0.66%
fib/10000/execute 11.5±0.11ms 11.5±0.11ms 0.00%
fib/10000/prove 3.0±0.02s 3.0±0.02s 0.00%
fib/10000/total 3.0±0.03s 3.0±0.01s 0.00%

Benchmark for Linux-default 9fc434d

Click to hide benchmark
Test Base PR %
fib/100/execute 6.8±0.46ms 6.7±0.50ms -1.47%
fib/100/prove 5.1±0.03s 5.1±0.03s 0.00%
fib/100/total 5.1±0.04s 5.1±0.03s 0.00%
fib/1000/execute 7.9±0.60ms 7.9±0.60ms 0.00%
fib/1000/prove 5.1±0.03s 5.1±0.02s 0.00%
fib/1000/total 5.1±0.04s 5.1±0.05s 0.00%
fib/10000/execute 14.3±0.49ms 14.0±0.45ms -2.10%
fib/10000/prove 21.1±0.07s 21.1±0.09s 0.00%
fib/10000/total 21.2±0.08s 21.1±0.09s -0.47%

Benchmark for macOS-default

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for macOS-metal 9fc434d

Click to hide benchmark
Test Base PR %
fib/100/execute 2.9±0.10ms 2.8±0.10ms -3.45%
fib/100/prove 802.3±4.13ms 797.6±5.03ms -0.59%
fib/100/total 825.0±6.59ms 822.6±7.88ms -0.29%
fib/1000/execute 3.1±0.05ms 3.1±0.10ms 0.00%
fib/1000/prove 820.9±4.07ms 818.1±4.19ms -0.34%
fib/1000/total 847.5±5.87ms 843.9±4.98ms -0.42%
fib/10000/execute 6.0±0.08ms 5.9±0.10ms -1.67%
fib/10000/prove 3.1±0.01s 3.1±0.01s 0.00%
fib/10000/total 3.1±0.01s 3.1±0.01s 0.00%

@SchmErik
verifier: allow the fault checker to span multiple segments
de9cc72 
It's possible for the fault checker to consume multiple segments. Change the
verifier logic to account for a single segment with a pre image id that is the
fault checker and only allow the fault checker to exit with ExitCode::Halted(0)
@github-actions
Copy link

github-actions bot commented Sep 8, 2023

Benchmark for Linux-cuda c0a5a9b

Click to hide benchmark
Test Base PR %
fib/100/execute 5.4±0.13ms 5.1±0.18ms -5.56%
fib/100/prove 853.6±30.45ms 839.6±13.57ms -1.64%
fib/100/total 828.5±12.57ms 825.0±13.06ms -0.42%
fib/1000/execute 6.1±0.07ms 5.9±0.12ms -3.28%
fib/1000/prove 867.4±19.24ms 863.1±11.33ms -0.50%
fib/1000/total 869.1±15.59ms 857.1±7.89ms -1.38%
fib/10000/execute 11.6±0.12ms 11.5±0.15ms -0.86%
fib/10000/prove 3.2±0.01s 3.0±0.01s -6.25%
fib/10000/total 3.2±0.02s 3.0±0.02s -6.25%

Benchmark for Linux-default

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for macOS-default

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for macOS-metal c0a5a9b

Click to hide benchmark
Test Base PR %
fib/100/execute 2.8±0.07ms 2.8±0.11ms 0.00%
fib/100/prove 818.9±4.44ms 801.2±5.05ms -2.16%
fib/100/total 824.5±4.61ms 819.2±6.14ms -0.64%
fib/1000/execute 3.1±0.15ms 3.0±0.14ms -3.23%
fib/1000/prove 839.0±4.75ms 817.2±4.63ms -2.60%
fib/1000/total 847.0±4.23ms 842.4±4.26ms -0.54%
fib/10000/execute 5.9±0.06ms 5.6±0.15ms -5.08%
fib/10000/prove 3.1±0.01s 3.1±0.01s 0.00%
fib/10000/total 3.1±0.01s 3.1±0.01s 0.00%

@github-actions
Copy link

Benchmark for Linux-cuda 4d6d6f4

Click to hide benchmark
Test Base PR %
fib/100/execute 5.1±0.08ms 5.0±0.10ms -1.96%
fib/100/prove 828.8±20.41ms 802.0±26.92ms -3.23%
fib/100/total 795.9±11.64ms 747.1±10.68ms -6.13%
fib/1000/execute 5.7±0.11ms 5.6±0.10ms -1.75%
fib/1000/prove 841.0±10.82ms 810.0±16.46ms -3.69%
fib/1000/total 834.2±9.60ms 783.4±7.37ms -6.09%
fib/10000/execute 11.5±0.12ms 11.4±0.13ms -0.87%
fib/10000/prove 2.9±0.01s 2.9±0.01s 0.00%
fib/10000/total 2.9±0.02s 2.9±0.01s 0.00%

Benchmark for Linux-default 4d6d6f4

Click to hide benchmark
Test Base PR %
fib/100/execute 6.9±0.42ms 6.8±0.50ms -1.45%
fib/100/prove 5.0±0.02s 5.0±0.04s 0.00%
fib/100/total 5.0±0.03s 5.0±0.02s 0.00%
fib/1000/execute 8.0±0.69ms 7.9±0.65ms -1.25%
fib/1000/prove 5.1±0.04s 5.0±0.03s -1.96%
fib/1000/total 5.1±0.02s 5.1±0.03s 0.00%
fib/10000/execute 14.2±0.50ms 14.0±0.52ms -1.41%
fib/10000/prove 21.1±0.33s 20.7±0.07s -1.90%
fib/10000/total 20.9±0.30s 20.7±0.08s -0.96%

Benchmark for macOS-default 4d6d6f4

Click to hide benchmark
Test Base PR %
fib/100/execute 2.8±0.14ms 2.7±0.06ms -3.57%
fib/100/prove 3.7±0.05s 3.6±0.08s -2.70%
fib/100/total 3.7±0.06s 3.7±0.05s 0.00%
fib/1000/execute 3.1±0.15ms 3.0±0.10ms -3.23%
fib/1000/prove 3.7±0.05s 3.7±0.06s 0.00%
fib/1000/total 3.7±0.05s 3.6±0.05s -2.70%
fib/10000/execute 5.9±0.08ms 5.9±0.07ms 0.00%
fib/10000/prove 15.0±0.15s 15.0±0.11s 0.00%
fib/10000/total 15.0±0.15s 15.0±0.13s 0.00%

Benchmark for macOS-metal

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

@SchmErik
Executor: represent fault session as an Err
84f7a37 
We want to make it difficult for users to mistakenly prove a faulted session.
This change encapsulates faulted sessions as a part of an Err object. If the
user wishes to prove a faulted session, they must explicity write code to match
and extract the session from an error.
@SchmErik
prover: return receipt on fault only when enable-fault-proof is on
10b71bc
@SchmErik
Verifier: add to VerificationError enum, update verification logic, a…
db644a0 
…nd tests

This change adds an additional member to the VericiationError enum to represent
a successful verification on a fault receipt. We want to return an Err on
successful verification to ensure that those who do not intend to verifiy fault
proofs do not mistakenly verify fault receipts.
@SchmErik
ExecutorError: add docs
86ee8e8
@github-actions
Copy link

Benchmark for Linux-cuda 4163fc7

Click to hide benchmark
Test Base PR %
fib/100/execute 5.1±0.11ms 5.0±0.10ms -1.96%
fib/100/prove 709.2±5.23ms 700.3±5.44ms -1.25%
fib/100/total 714.5±3.31ms 704.8±3.25ms -1.36%
fib/1000/execute 5.6±0.11ms 5.6±0.09ms 0.00%
fib/1000/prove 746.8±4.51ms 736.4±5.45ms -1.39%
fib/1000/total 748.6±3.91ms 746.9±4.60ms -0.23%
fib/10000/execute 11.7±0.10ms 11.2±0.12ms -4.27%
fib/10000/prove 2.9±0.02s 2.9±0.01s 0.00%
fib/10000/total 2.9±0.02s 2.9±0.02s 0.00%

Benchmark for Linux-default 4163fc7

Click to hide benchmark
Test Base PR %
fib/100/execute 4.7±0.09ms 4.7±0.07ms 0.00%
fib/100/prove 2.5±0.38s 2.1±0.22s -16.00%
fib/100/total 2.4±0.32s 1680.4±124.13ms -29.98%
fib/1000/execute 5.4±0.06ms 5.2±0.10ms -3.70%
fib/1000/prove 2.5±0.56s 2.3±0.27s -8.00%
fib/1000/total 2.4±0.39s 1690.1±89.97ms -29.58%
fib/10000/execute 10.1±0.19ms 9.8±0.14ms -2.97%
fib/10000/prove 7.5±0.60s 6.9±0.81s -8.00%
fib/10000/total 7.4±0.49s 6.3±0.18s -14.86%

Benchmark for macOS-default 4163fc7

Click to hide benchmark
Test Base PR %
fib/100/execute 2.8±0.17ms 2.7±0.07ms -3.57%
fib/100/prove 3.7±0.07s 3.6±0.07s -2.70%
fib/100/total 3.7±0.06s 3.7±0.04s 0.00%
fib/1000/execute 3.0±0.14ms 3.0±0.07ms 0.00%
fib/1000/prove 3.7±0.05s 3.6±0.09s -2.70%
fib/1000/total 3.7±0.08s 3.7±0.07s 0.00%
fib/10000/execute 5.9±0.09ms 5.8±0.09ms -1.69%
fib/10000/prove 15.1±0.07s 15.0±0.09s -0.66%
fib/10000/total 15.1±0.09s 15.0±0.20s -0.66%

Benchmark for macOS-metal 4163fc7

Click to hide benchmark
Test Base PR %
fib/100/execute 2.8±0.11ms 2.6±0.03ms -7.14%
fib/100/prove 801.3±3.74ms 798.5±5.76ms -0.35%
fib/100/total 826.6±4.92ms 822.0±5.23ms -0.56%
fib/1000/execute 3.0±0.19ms 3.0±0.06ms 0.00%
fib/1000/prove 819.0±3.12ms 816.6±5.97ms -0.29%
fib/1000/total 846.4±6.65ms 843.6±5.17ms -0.33%
fib/10000/execute 6.0±0.09ms 5.9±0.06ms -1.67%
fib/10000/prove 3.1±0.02s 3.1±0.01s 0.00%
fib/10000/total 3.1±0.01s 3.1±0.02s 0.00%

@github-actions
Copy link

Benchmark for Linux-cuda

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for Linux-default

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for macOS-default 8cf11ac

Click to hide benchmark
Test Base PR %
fib/100/execute 2.8±0.19ms 2.8±0.13ms 0.00%
fib/100/prove 3.7±0.07s 3.6±0.04s -2.70%
fib/100/total 3.6±0.06s 3.6±0.07s 0.00%
fib/1000/execute 3.0±0.08ms 3.0±0.12ms 0.00%
fib/1000/prove 3.7±0.07s 3.7±0.05s 0.00%
fib/1000/total 3.7±0.08s 3.6±0.04s -2.70%
fib/10000/execute 5.9±0.05ms 5.9±0.11ms 0.00%
fib/10000/prove 15.1±0.12s 15.0±0.14s -0.66%
fib/10000/total 15.1±0.10s 15.1±0.19s 0.00%

Benchmark for macOS-metal 8cf11ac

Click to hide benchmark
Test Base PR %
fib/100/execute 2.8±0.07ms 2.8±0.20ms 0.00%
fib/100/prove 799.3±4.58ms 798.9±5.41ms -0.05%
fib/100/total 825.1±8.97ms 820.9±7.35ms -0.51%
fib/1000/execute 3.1±0.05ms 3.0±0.12ms -3.23%
fib/1000/prove 821.1±3.60ms 816.1±3.03ms -0.61%
fib/1000/total 844.3±6.07ms 837.8±6.91ms -0.77%
fib/10000/execute 6.0±0.09ms 5.8±0.08ms -3.33%
fib/10000/prove 3.1±0.01s 3.1±0.01s 0.00%
fib/10000/total 3.1±0.01s 3.1±0.01s 0.00%

nategraf
nategraf approved these changes Sep 19, 2023
View reviewed changes
Copy link
Contributor

@nategraf nategraf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved! I also have a comment that it seems we will end up replacing some of this code in the near future when user recursion is available. I think with the feature flags, we can go ahead and merge as is, but removing the code from this PR that we expect not to be used later would be cleaner.

bonsai/rest-api-mock/src/prover.rs Outdated Show resolved Hide resolved
risc0/zkvm/src/host/receipt.rs
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When we were discussing on Monday, we realized that if/when we rebase fault proofs onto user recursion, the changes to this file will be removed. Do you think we should remove these changes from this PR and keep the other parts, such as the guest and memory monitor code changes?

Copy link
Contributor Author

@SchmErik SchmErik Sep 19, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to add the computation of the merkle root in the fault checker in a separate PR so I'll leave it in for ease of testing. I'm definitely OK with dropping all of this once we can use user recursion though!

risc0/zkvm/src/host/server/exec/executor.rs Outdated Show resolved Hide resolved
@flaub
Copy link
Member

flaub commented Sep 19, 2023

I'm OK with either landing now and removing the verify changes when user recursion lands, or removing it now.

@SchmErik SchmErik enabled auto-merge (squash) September 19, 2023 21:05
@SchmErik SchmErik enabled auto-merge (squash) September 19, 2023 21:12
@github-actions
Copy link

Benchmark for Linux-cuda

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for Linux-default

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for macOS-default

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

Benchmark for macOS-metal

    <details open>
      <summary>Click to hide benchmark</summary>
      Benchmarks have changed between the two branches, unable to diff.
    </details>

@SchmErik SchmErik merged commit 9fc1e65 into main Sep 19, 2023
20 checks passed
@SchmErik SchmErik deleted the erik/fault-proof-part-1 branch September 19, 2023 22:03
@SchmErik SchmErik mentioned this pull request Sep 20, 2023
Closed
flaub added a commit that referenced this pull request Sep 21, 2023
@flaub
Revert "Fault proof part 1 (#824)"
c67db9a 
This reverts commit 9fc1e65.
flaub added a commit that referenced this pull request Sep 21, 2023
@flaub
Revert "Fault proof part 1 (#824)" (#902)
fe1d5f6 
This reverts commit 9fc1e65.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flaub flaub flaub left review comments

@nategraf nategraf nategraf approved these changes

Assignees

@SchmErik SchmErik

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@SchmErik @flaub @nategraf