Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non-determenism in the defintion of minInt #4543

Closed
geo2a opened this issue Jul 23, 2024 · 0 comments · Fixed by #4544
Closed

Non-determenism in the defintion of minInt #4543

geo2a opened this issue Jul 23, 2024 · 0 comments · Fixed by #4544
Assignees
@geo2a
Labels
bug

Comments

@geo2a
Copy link
Contributor

geo2a commented Jul 23, 2024

In a recent K update in KEVM there was a failing proof caused by the differences in term simplification in Booster vs Kore. Booster started using an SMT solver when applying equations, hence it applied more of those than before.

The deeper reason for the disagreement between Booster and Kore here is the non-determinism in the definition of minInt:

  rule minInt(I1:Int, I2:Int) => I1 requires I1 <=Int I2
  rule minInt(I1:Int, I2:Int) => I2 requires I1 >=Int I2

In the proof, a minInt term is produced as a result of applying the range-memUpdate-in-between simplification. Constrains are such that the minInt are actually equal, therefore both equations apply. Kore chooses to apply the second equation and Booster chooses the first. I do not know exactly why this happens this way, but both scenarios are sound.

We should resolve the non-determinism in the definition of minInt. I suggest we choose the first argument if they are equal.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@geo2a geo2a

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Resolve non-determinism in minInt runtimeverification/k
1 participant
@geo2a