Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC: rounding errors #35

Closed
wants to merge 1 commit into from
Closed

RFC: rounding errors #35

wants to merge 1 commit into from

Conversation

d-xo
Copy link
Collaborator

@d-xo d-xo commented Aug 26, 2020

A little writeup of a proposed syntax for describing properties related to rounding error.

rendered

@d-xo d-xo requested review from leonardoalt and MrChico August 26, 2020 10:19
@d-xo d-xo changed the title examples: rounding: init RFC: rounding errors Aug 26, 2020
@d-xo d-xo force-pushed the rounding-example branch from 30dd8f4 to 251c2cc Compare August 26, 2020 10:25
@MrChico
Copy link
Member

MrChico commented Aug 26, 2020

Nice write up! I agree that this is a very nice thing to be able to express.

The annotations look a little ambiguous in their current location (how do we know that it refers to amt1 here?).
An alternative would be to be a bit more explicit (and flexible) about what the exactness is referring to, by doing explicit conversions to real numbers, maybe along the lines of something like this:

where
    amt0 := (token0.balanceOf[ACCT_ID] * shares) / totalSupply
    amt1 := (token1.balanceOf[ACCT_ID] * shares) / totalSupply

ensures
   amt0 <= toReal(token0.balanceOf[ACCT_ID]) * toReal(shares) / toReal(totalSupply)
   amt1 >= toReal(token1.balanceOf[ACCT_ID]) * toReal(shares) / toReal(totalSupply)

@d-xo
Copy link
Collaborator Author

d-xo commented Aug 26, 2020
edited
Loading

hmmmm yes, good point re: ambiguity. In my head the annotation refered to the whole expresison on the RHS of the storage rewrite, not just amt1 or amt0. I think that I agree that being more explicit would be benficial.

I'm not sure about using ensures, would we be able to provide a toReal for the K and hevm backends? I think it might be confusing if only some of the claims in the postconditions are verified in those backends? We also lose the claims about the bounds of the error in your example.

I also think it would be harder to warn on expressions that do not have rounding annotations if we move them away from the storage writes and into the ensures.

Perhaps a dedicated rounding block at the behaviour level?

where
    amt0 := (token0.balanceOf[ACCT_ID] * shares) / totalSupply
    amt1 := (token1.balanceOf[ACCT_ID] * shares) / totalSupply

rounding
    amt0 <= exact(amt0), bound 1
    amt1 >= exact(amt1), bound 1

@d-xo d-xo mentioned this pull request May 12, 2021
Open
@d-xo
Copy link
Collaborator Author

d-xo commented May 12, 2021

turned this into an issue at #112.

@d-xo d-xo closed this May 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leonardoalt leonardoalt Awaiting requested review from leonardoalt

@MrChico MrChico Awaiting requested review from MrChico

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@d-xo @MrChico