Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Interpretation of exists (not(*)) conditions #12

Open
deepsrc opened this issue Aug 21, 2023 · 5 comments
Open

Interpretation of exists (not(*)) conditions #12

deepsrc opened this issue Aug 21, 2023 · 5 comments

Comments

@deepsrc
Copy link

deepsrc commented Aug 21, 2023

Hi,
I need some help with understanding how the exists (not(*)) conditions at the end of the test needs to be interpreted.

Let's consider this test as an example.

======================================
LITMUS_FILE : non-mixed-size/HAND/CoRR-cleaninit.litmus
======================================
RISCV CoRR-cleaninit
(* adapted from HAND/CoRR.litmus, initialising 0:x5 instead of using an extra instruction*)
(* why is the final condition so complex? *)
{
0:x6=x;
0:x5=1;
1:x6=x;
}
 P0          | P1          ;
 sw x5,0(x6) | lw x5,0(x6) ;
             | lw x7,0(x6) ;
exists (not (x=1 /\ (1:x5=0 /\ (1:x7=0 \/ 1:x7=1) \/ 1:x5=1 /\ 1:x7=1)))

Does this mean that one of the values outside x=1 /\ (1:x5=0 /\ (1:x7=0 \/ 1:x7=1) \/ 1:x5=1 /\ 1:x7=1) this set may exist?

Isn't that incorrect as x is always supposed to contain 1 as a result of the store on P0?
@hernanponcedeleon
Copy link

You should interpret the final condition as a question rather than as a statement. Then a tool can say that it is not true such an execution exists

Condition exists (!x==1int && (1:x5==0int && (1:x7==0int || 1:x7==1int) || 1:x5==1int && 1:x7==1int))
No

@fshaked
Copy link
Contributor

fshaked commented Aug 29, 2023

Hi @deepsrc,

In addition to what @hernanponcedeleon wrote, you shouldn't think of the assertion as part of any kind of specification. It's mostly a hint for why the litmus test might be interesting.

If you are testing H/W, you should use the litmus tool (or a similar tool) to collect results from the H/W under testing (you can find such results in the hw-results folder, for example). Those results are lists of exhibited final states, regardless of whether they satisfy the assertion or not. The H/W results should be compared, using the mcompare tool, to exhaustive executions of the model you are interested in (you can find those in the model-results folder). mcompare will tell you exactly which states in the H/W don't match the model. Those can be states that the H/W exhibit but the model did not (i.e. H/W is not sound), or states that the model allows but the H/W did not exhibit (this is expected, as usually H/W is not as relaxed as the model allows it to be).

All this mostly ignores the litmus assertion. Just to confuse you a bit, the litmus tool and the exhaustive executions of the model, both report which states satisfy the assertion, but this is not important.

Best,
Shaked

@PeterSewell
Copy link
Contributor

PeterSewell commented Aug 29, 2023 via email

@deepsrc
Copy link
Author

deepsrc commented Aug 29, 2023

Hi @fshaked @PeterSewell

Thanks for the clarification. I have one last question. In case the hardware produces a state outside of the states present in model-results/flag.logs for a given test, could that be considered as a possible violation?

@fshaked
Copy link
Contributor

fshaked commented Aug 30, 2023

Yes, this indicates the H/W is exhibiting behaviour that the Flat model does not allow. Can you share the test and H/W states?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@deepsrc @PeterSewell @fshaked @hernanponcedeleon