Support SMV resize and type-conversion operators

[augustomafra]

SMV files generated from Yosys use several bit-vector resize and type conversion operations that are not currently supported by pono.

Also adding test cases for soundness bug on RTS that got exposed when testing Yosys-generated SMV files (see soundness fix PR at #474 ).

[CyanoKobalamyne]

Hi! Thank you for contributing to Pono and sorry for taking so long to review your PR. I have left a couple of comments. :)

[CyanoKobalamyne]

What is the purpose of this change?

[augustomafra]

The SMV parser actually does two passes: the first one generating an AST with SMVnodes whose only purpose is to be dumped as text with all modules flattened in SMVEncoder::preprocess(). Then the second pass reads the flattened stream and does the actual encoding to smt-switch terms.

The first pass is run with enc.module_flat = false, and the second one with enc.module_flat = true, hence the branching on this condition almost everywhere in smvparser.y.

This flow is executed from SMVEncoder's constructor:

pono/frontends/smv_encoder.h

Lines 31 to 38 in 309e07a

	module_flat = false;
	file = filename;
	parse(filename);
	preprocess();
	module_flat = true;
	loc.end.line = 0;
	std::string output = preprocess().str();
	processCase();

Having that in mind, the issue here is that the flattened text had a syntax error: it would dump resize a, 32 instead of resize(a, 32)

[CyanoKobalamyne]

I can't find the associativity of the ternary conditional described anywhere in the NuSMV manual; why did you make this change?

[augustomafra]

It seems NuSMV/NuXmv manuals do not specify that, indeed. I figured out this rule by running the test tests/encoders/inputs/smv/ternary.smv with NuXmv directly, and it would accept it as right-associative whereas pono would raise a syntax error.

I hit this condition because some SMV files generated from Yosys contained right-associative ternaries, e.g. result := a ? 0.0 : b ? 1.0 : c ? 2.0 : d ? 3.0 : 4.0;

[CyanoKobalamyne]

As per the NuSMV manual, mixed-type equality check are not actually allowed.

[augustomafra]

Maybe there's a conceptual definition that I should double check regarding Pono's language frontend.
I see you mention NuSMV's manual (https://nusmv.fbk.eu/userman/v26/nusmv.pdf), however, I was actually following NuXmv's manual (https://nuxmv.fbk.eu/downloads/nuxmv-user-manual.pdf).

I assumed NuXmv was the reference used because real arithmetic was introduced only in it. Also, it introduced the signatures integer * real → boolean and real * integer → boolean for = and !=.

I don't know if Pono should stick strictly to SMV, as indeed there were no SMV tests with real types before my change. Let me know what is your decision here.
In any case, I would need to continue with the NuXmv style on my fork for the purpose of my work, so I could figure out later how to merge the related changes in SMV here.

[CyanoKobalamyne]

Suggested change

	throw PonoException("Word1 word type is uncompatible");
	throw PonoException("word1 can only be applied to booleans");

[CyanoKobalamyne]

I don't think this is necessary. When would res be null? In any case, assertions get compiled out of non-debug builds.

[CyanoKobalamyne]

What does this affect and why is it needed?

[augustomafra]

This complements the change making ternaries right-associative. The %prec directive tells Bison that the associativity of the entire rule follows the associative of the given token (IF_ELSE). The first change is not effective without this extra directive.

[CyanoKobalamyne]

Where is this conversion coming from? As far as I can tell, the current NuSMV manual language description says that "signed" is used for unsigned-to-signed bit vector conversion. There is a separate swconst operator for converting an integer to a signed bit-vector constant.

[augustomafra]

This was another difference introduced in nuXmv. Again, it is fine if Pono would stick to SMV, then I could keep those changes limited to my fork.

[CyanoKobalamyne]

Is there any particular reason for this ordering?

[augustomafra]

None at all, I only appended the new tests at the bottom. Please let me know if any other grouping is preferred (e.g. grouping by TRUE/FALSE results or alphabetical order)

[CyanoKobalamyne]

What are these two variables?

[augustomafra]

For some reason (maybe a bug) Yosys always dumps those dangling variables at the end of the SMV definitions. They don't have any purpose, but I left them in the test only for ensuring that Yosys' output won't be rejected in the future.

[CyanoKobalamyne]

Shouldn't this hold? At least if we assume that the type conversion is mod 8.

[augustomafra]

This test is actually pretty underconstrained because _VIN is a free input. So any real value could propagate into the floor operation.
Maybe a more meaningful test case should have an actual true invariant to check for. My goal at first was just to ensure that the syntax and typing checks would pass.

[augustomafra]

Hi, @CyanoKobalamyne ,

Thanks for the review! No problem with the time at all: actually, I'm pretty much focused on finishing my thesis right now, so I will probably take a while until I'm able to address the changes here. It's great to hear feedback, I will work on the improvements to carry on with the merge request when it's possible.

I'm leaving some notes regarding the reasoning behind some of the changes, so feel free to continue commenting if you have something else in mind.