Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Thm.SPEC appears to hang in certain degenerate conditions #1300

Open
someplaceguy opened this issue Sep 13, 2024 · 0 comments · May be fixed by #1301
Open

Thm.SPEC appears to hang in certain degenerate conditions #1300

someplaceguy opened this issue Sep 13, 2024 · 0 comments · May be fixed by #1301

Comments

@someplaceguy
Copy link
Contributor

someplaceguy commented Sep 13, 2024
edited
Loading

I've observed Thm.SPEC taking an unreasonable amount of time to complete in certain conditions experienced during the replay of a Z3 proof certificate which contains terms that, while containing a reasonable number of unique sub-terms, do cause a combinatorial explosion in the result of term_size.

The issue can be reproduced with the following artificial minimal example:

val _ = let fun f 0 t = t | f x t = f (x-1) (mk_disj(t, t)) in
  Thm.SPEC T (Thm.SPEC (f 256 T) (Thm.ASSUME ``!x y. x \/ y``)) end;

(Note: val _ = <expr> is used instead of just <expr> or val thm = <expr> to prevent the REPL from trying to print the resulting theorem, which by itself would also cause an apparent hang due to a similar but orthogonal issue affecting the pretty-printing of such degenerate theorems).

In the example above, it's the outer Thm.SPEC which appears to hang, although the remaining expression is required to reproduce the problem.

The underlying slowdown seems to occur due to Thm.SPEC calling beta_conv, which ends up traversing the entire tree of sub-terms in the conclusion of the theorem. This takes exponentially long when performed on such degenerate theorems, i.e. those which have an exponential term_size compared to the number of unique sub-terms.

A potential fix for the standard kernel might be to use lazy_beta_conv instead of beta_conv in the implementation of Thm.SPEC. The former implementation of beta reduction, unlike the latter, appears to delay the application of the reduction by creating (what appears to be) a closure in the underlying term representation.

This potential fix seems to completely solve the observed hang both in the minimal example above and also in the more realistic observed conditions experienced during the replay of the Z3 proof certificate; i.e. after applying the fix, Thm.SPEC finishes instantly instead of appearing to hang.

However, I suspect it might not be as easy to fix the experimental kernel because currently it does not seem to support such closures in the underlying term representation...
someplaceguy added a commit to someplaceguy/HOL that referenced this issue Sep 13, 2024
@someplaceguy
Make Thm.SPEC use lazy_beta_conv instead of beta_conv
ddc00e5 
The former, unlike the latter, avoid traversing the entire term, which
can take exponentially long in certain degenerate conditions observed
while replaying certain Z3 proof certificates.

Fixes HOL-Theorem-Prover#1300
@someplaceguy someplaceguy linked a pull request Sep 13, 2024 that will close this issue
Open
someplaceguy added a commit to someplaceguy/HOL that referenced this issue Sep 13, 2024
@someplaceguy
Make Thm.SPEC use lazy_beta_conv instead of beta_conv
4009eb5 
The former, unlike the latter, avoids traversing the entire term,
which can take exponentially long in certain degenerate conditions
observed while replaying certain Z3 proof certificates.

Fixes HOL-Theorem-Prover#1300
someplaceguy added a commit to someplaceguy/HOL that referenced this issue Sep 13, 2024
@someplaceguy
Make Thm.SPEC use lazy_beta_conv instead of beta_conv
c2d27da 
The former, unlike the latter, avoids traversing the entire term,
which can take exponentially long in certain degenerate conditions
observed while replaying certain Z3 proof certificates.

Unfortunately, this only fixes the issue for the standard kernel. The
experimental kernel does not seem to be amenable to such a
straightforward fix, as it does not seem to support closures in the
term representation.

Fixes HOL-Theorem-Prover#1300
someplaceguy added a commit to someplaceguy/HOL that referenced this issue Sep 13, 2024
@someplaceguy
Make Thm.SPEC use lazy_beta_conv instead of beta_conv
0bc0778 
The former, unlike the latter, avoids traversing the entire term,
which can take exponentially long in certain degenerate conditions
observed while replaying certain Z3 proof certificates.

Unfortunately, this only fixes the issue for the standard kernel. The
experimental kernel does not seem to be amenable to such a
straightforward fix, as it does not seem to support closures in the
underlying term representation.

Fixes HOL-Theorem-Prover#1300
someplaceguy added a commit to someplaceguy/HOL that referenced this issue Sep 13, 2024
@someplaceguy
Make Thm.SPEC use lazy_beta_conv instead of beta_conv
c1a43f2 
The former, unlike the latter, avoids traversing the entire term,
which can take exponentially long in certain degenerate conditions
observed while replaying certain Z3 proof certificates.

Unfortunately, this only fixes the issue for the standard kernel. The
experimental kernel does not seem to be amenable to such a
straightforward fix, as it does not seem to support closures in the
underlying term representation.

Partially fixes HOL-Theorem-Prover#1300
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make Thm.SPEC use lazy_beta_conv instead of beta_conv someplaceguy/HOL
1 participant
@someplaceguy