Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 17:26
    rv-jenkins synchronize #277
  • 17:26

    rv-jenkins on _update-deps_kframework_k

    deps/k_release: v5.1.20 (compare)

  • May 14 23:27
    rv-jenkins synchronize #277
  • May 14 23:27

    rv-jenkins on _update-deps_kframework_k

    deps/k_release: v5.1.19 (compare)

  • May 13 20:54
    ttuegel review_requested #279
  • May 13 20:54
    ttuegel review_requested #279
  • May 13 20:54
    ttuegel opened #279
  • May 13 20:53

    ttuegel on release-nix

    Build Nix packages in release m… (compare)

  • May 12 22:00
    rv-jenkins synchronize #277
  • May 12 22:00

    rv-jenkins on _update-deps_kframework_k

    deps/k_release: v5.1.17 (compare)

  • May 12 17:19
    dwightguth review_requested #278
  • May 11 23:26
    dependabot[bot] labeled #278
  • May 11 23:26
    dependabot[bot] opened #278
  • May 11 23:26

    dependabot[bot] on npm_and_yarn

    Bump lodash from 4.17.19 to 4.1… (compare)

  • May 10 20:55
    rv-jenkins review_requested #277
  • May 10 20:55
    rv-jenkins labeled #277
  • May 10 20:55
    rv-jenkins assigned #277
  • May 10 20:55
    rv-jenkins opened #277
  • May 10 20:55

    rv-jenkins on _update-deps_kframework_k

    deps/k_release: v5.1.16 (compare)

  • May 06 22:22

    rv-jenkins on gh-pages

    Update dependency: deps/k_relea… gh-pages: Updated the website Merge remote-tracking branch 'o… (compare)

Greg Colvin
@gcolvin
An observation and a question. First, I still worry that the time for memory operations may be non-deterministic, and that a deterministic allocator will waste either time or space. I’d prefer to just not have a free operator. But it’s possible to write a determistic allocator, so that might suffice.
Greg Colvin
@gcolvin
Next, some op results have more bits than their operands. But that is not the semantics of LLVM integers. This could force extra nmemory allocation and a mod operation when the extra bits are unwanted.
Mattia Bradascio
@bredamatt
Hi, I am highly interested in learning more about IELE and VMs for blockchain technology. I am a fast learner, and currently enrolled in a 4 year PhD program in Informatics. However, I have little experience with VMs. My work is primarily in formal modelling, which also is maths-heavy and semantics oriented. I wanted to ask if there are any good resources available to read so I can up my understanding of VMs before I start looking into writing Smart contracts for the Cardano / Ethereum platform. Best wishes, M
Sebastien Guillemot
@SebastienGllmt
I don't understand why in https://github.com/runtimeverification/iele-semantics/blob/master/iele-gas.md
he size of the result register REG for an arithmetic operation log2 is set as the constant 2
rule #memory [ REG = log2 W ] => #registerDelta(REG, 2)
matrixbot
@matrixbot
dwight.guth This rule is setting the estimated size of the result of the operation in words. If we assume that the size in bytes of the operand cannot exceed 2^64 (because that's the size of the address space of a modern machine) then the size in bits of the operand cannot exceed 2^67 (ie 2^64 * 8). Since the log base 2 of an positive integer is always equal to the size in bits of an integer minus 1, then the log base 2 of the operand cannot exceed 2^67 - 1, which is less than 2^127-1, the maximum value of a 2 word register
dwight.guth In practice it's highly unlikely that the result will ever exceed 1 word, so the second word will probably apply automatically to the cost of the next memory increase, but that's the logic
Sebastien Guillemot
@SebastienGllmt
reminder: rename this channel to something other than "semantics" to encourage more people to join
Ghost
@ghost~5668844916b6c7089cbe170a
@SebastienGllmt They do not seem to allow you to rename a Gitter room; the name is given by the name of the Github repo. And it would be too complicated to rename the Github repo, because we have the convention that all language semantics are suffixed with -semantics. I did change the title of the channel to IELE Virtual Machine for the Blockchain, to be the same as the one in Matrix https://riot.im/app/#/room/#IELE:matrix.org. I hope this is good enough for now.
Sebastien Guillemot
@SebastienGllmt
Would love if the compiler displayed well-formed errors and gave messages saying which rule is violated. Does anybody have any hint about how to implement that?
I tried compiling the Remix fork myself but it fails to connect to the compiler :(
matrixbot
@matrixbot
ralph.johnson The Solidity compiler?
matrixbot
@matrixbot
dwight.guth I think he's referring to the iele assembler
dwight.guth specifically, making it so that the contract fails to assemble if the contract is not well-formed, and reports why it's not well formed
matrixbot
@matrixbot
@gcolvin:matrix.org Grigore, or whoever can answer. If I may ask again, as it's starting to matter to my EVM work. If I understand it, IELE registers are unbounded integers--their size changes to match the result of an operation. LLVM registers are bounded--their size is arbitrary but does not change. I'm wondering, Why the discrepancy?
I'm asking because EVM registers are bounded at 256 bits, with a few MOD operations to make it possible to work in a different fixed modulus fairly easily. But our current gas model does account for the size of the operands. I'm thinking that the IELE gas model can adapted to the EVM so that compilers so that compilers can take advantage of operand size and have that reflected in gas costs. That could save us the trouble of introducing new, narrow operations.
@gcolvin:matrix.org "does account" -> "does not account"
matrixbot
@matrixbot
ralph.johnson The design of IELE is inspired by LLVM, but it does not actually use LLVM in its implementation, nor is it a copy. Yes, IELE registers are unbounded integers, and LLVM registers are bounded. A significant part of the effort in proving contracts correct is proving that they have no overflow. By making IELE integers be unbounded, we eliminate those bugs and eliminate that work.
ralph.johnson We have a project where we are implementing K by translating it to LLVM. So, we expect in the future to have a version of IELE (which is defined by a K semantics, i.e. a K program) that runs on top of LLVM, but it will just be an implementation technique. We'll do the same for KEVM.
Sebastien Guillemot
@SebastienGllmt
Yes dwight is right. I was referring to the iele assembler
For example, if you make your @init function public in IELE
It will compile correctly but when you try and submit it to the blockchain you get a well-formed error. It's not obvious at all that the cause of the error was.
In my case I figured it how by having to deploy many contracts -- all slowly removing more lines of code until I figured it out
matrixbot
@matrixbot
@gcolvin:matrix.org Thanks much, Ralph. Things are slowly becoming more clear. Next step. In IELE the gas costs vary with the size of the operands. Are those costs computed at runtime, based on the number of bits the result of an operation actually requires? Or are they computed earlier, based on the maximum number of bits the operation could require?
matrixbot
@matrixbot
ralph.johnson At runtime.
ralph.johnson They are computed each time an instruction executes. You can see exactly how it is done by reading the IELE semantics. It is written in K, which will take some getting used to, but it is quite precise.
Greg Colvin
@gcolvin
Thanks, Ralph. I very much support such precision, but I can’t read K I fear runtime calculation will be too big of a performance hit when code is compiled down to machine registers.
( I joke that I’m a mechanic, not a mathematician. I believe formal specs need to be paralleled with precise natural language to be useful to most computer progrmmers.)
matrixbot
@matrixbot
ralph.johnson To a mechanic, K is just another programming language. A bit unusual syntax, but far from the worst I have seen. When you are looking at the K definitions of IELE, you are looking at the implementation of IELE. And it is much more readable than most VM implementations.
ralph.johnson Runtime calculation of gas is what EVM does. I was going to say "what all the blockchain VMs do" but I don't know about any other than EVM. Calculating gas cost is not a big part of the time in KEVM or IELE, and probably not in EVM either.
matrixbot
@matrixbot
@gcolvin:matrix.org Well, to a mechanic K is very much higher level than assembly and C ;)
matrixbot
@matrixbot
@gcolvin:matrix.org Anyway, the EVM operations mostly charge fixed amount of gas, and are still in a big overhead in the C++ interpreter. I reduced it a lot by avoiding unnecessary computations per instruction, it can reduced further by pushing the computations to the end of basic blocks, and even further by hoisting computations further up the tree. If gas is gas calculated per instruction then what might compile to a single operation on two registers becomes that operation plus a more expensive sequence of operations to calculate the gas.
matrixbot
@matrixbot
grigore.rosu Hi Greg: sorry for not answering earlier, somehow this channel slipped ... too many channels and bridges in my slack. Ralph was right on the spot with his answers. We have suffered a lot with doing formal verification of EVM contracts, lots of errors being indeed due to overflows. So in IELE we decided to favor mathematical clarity, and thus easier formal verification, over gas.
grigore.rosu That being said, note that a smart contract owner who respects his clients can formally verify their contract and as part of that give a provably correct formula for how much gas the contract requires as a function of symbolic inputs.
grigore.rosu so everybody knows at call-time how much gas a transaction takes
matrixbot
@matrixbot
@gcolvin:matrix.org I'm drowning in channels, Grigore. I must turn most of them off if am to get anything else done :(. Fair enough choice for IELE. I'm working in the EVM/eWasm world of fixed-width, power-of-two registers, of course. And not wanting to slow down compiled code anymore than necessary.
matrixbot
@matrixbot
@gcolvin:matrix.org Still, if this gas formula could be part of the required output of the validation of a contract going onto the blockchain, then metering goes away, does it not?
matrixbot
@matrixbot
grigore.rosu Greg: Yes! And that is a very important point, in favor of formal verification.
Greg Colvin
@gcolvin
This is very exciting. Given a formal spec of a VM and program, I got that useful properties of program can be established at validation time. What properties I’m not sure, EVM 615 sets out just a few. I hadn’t considered that constant-time formulas could be created that establish properties of the program at call time, like how much gas it needs. What else?
matrixbot
@matrixbot
ehildenb test
everett.hildenbrandt test
everett.hildenbrandt <@U980VHYGY> looks like th ebridge is working
matrixbot
@matrixbot
iohk_gerard_moroney hello all
matrixbot
@matrixbot
everett.hildenbrandt Hello!
matrixbot
@matrixbot
patrick.mackay Is this mic on?
everett.hildenbrandt I can't hear you <@U980VHYGY>!
everett.hildenbrandt Type louder!
matrixbot
@matrixbot
test user .
matrixbot
@matrixbot
ehildenb test
everett.hildenbrandt test
Greg Colvin
@gcolvin
tset
matrixbot
@matrixbot
everett.hildenbrandt Hey Greg!
Greg Colvin
@gcolvin
Hi Hal! Everyone is moving to Discord. https://discord.gg/N8szq4J8Gt
test user
@dummyuser890user:matrix.org
[m]
hey