Use sharing_mapt to store propagation map

[tautschnig]

goto-symex copies a state, which contains a propagation map, at each
branching point. The paths originating at that branch point typically
share most of the constants being propagated. Thus the copy is
unnecessarily expensive, and so is the merge at the next join point,
which will also result in one of the propagation maps to be destroyed.
With sharing_mapt, the copy has constant cost, and the cost of
destruction only depends on the size of the delta.

• Each commit message has a non-empty body, explaining why the change was made.
• n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[allredj]

✔️
Passed Diffblue compatibility checks (cbmc commit: 496eb15).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/106435134

[tautschnig]

Some stats for SV-COMP's ReachSafety-ECA:

• goto_statet::goto_statet(goto_symex_statet const&): develop: 1423.62 seconds; this branch: 827.72 seconds (cf. Use sharing_mapt as container in value_sett #4463, which reduces the cost in a different way, and their savings would actually add up)
• Removing entries from the goto_state list: develop: 587.84 seconds; this branch: 372.36 seconds (again, the savings of Use sharing_mapt as container in value_sett #4463 and this one would actually add up)
• L2-renaming: develop: 457.98 seconds; this branch: 494.23 seconds

Lookups in the propagation map are more expensive (as expected), but merging and cloning is a lot cheaper (as intended).

[smowton]

Might want to just give sharing_mapt a primitive set operation to save the double lookup

[tautschnig]

@danpoe maybe?

[danpoe]

I'd recommend to use find(l1_identifier) here and then check that rhs is different from the current value in the map, and only then do the replacement. When using this idiom a separate set() method should be unnecessary.

[tautschnig]

Done.

[danpoe]

I'd recommend to use find(l1_identifier) here and then check that rhs is different from the current value in the map, and only then do the replacement. When using this idiom a separate set() method should be unnecessary.

[danpoe]

Check if rhs is different from the value already in the map (see above).

[tautschnig]

Done.

[smowton]

This one made almost no difference to our Webgoat lesson, I expect because generally the value-set is much bigger, but if we merge #3619 then that will no longer hold and this will be more important.

[danpoe]

Here are some results for the runtime of symex only, with --unwind 1, on several methods from Apache Tika on which symex takes between 5 and 15 sec:

Overall with sharing it was 9% slower, including the changes to apply_condition() and assignment() it was 7% slower. Somewhat unexpectedly, when using sharing in both the value set and the propagation map (i.e., this PR and PR #4463, both including the fixes) overall symex was 8% faster than develop. I would have expected the effects of both to cancel each other out. Does anyone have an idea of why it could behave like this?

[tautschnig]

I'll try to implement the suggestions I have received across the two PRs, and would then tend to merge #4463, which seems to be uniformly better. We can then re-evaluate this one to see whether the somewhat surprising observation made by @danpoe carries on.

[tautschnig]

@danpoe As #4463 is merged I have rebased this one. Would you (and possibly also @romainbrenguier and @smowton) mind doing another benchmarking run to see where we are?

[allredj]

✔️
Passed Diffblue compatibility checks (cbmc commit: be7d917).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/106873800

[danpoe]

Here are some results for the runtime of symex only, with --unwind 1, on several methods from Apache Tika on which symex takes between 5 and 15 sec:

The runtime is essentially the same as on the latest develop (overall with sharing it's 0.3% faster).

[tautschnig]

It's probably best to put this on hold and look at other performance improvements first. It may also become a lot more relevant once we have field sensitivity in place as propagation maps will then likely be larger.

[allredj]

Yep, that's also the conclusion we reached with @danpoe.

[allredj]

⚠️
This PR failed Diffblue compatibility checks (cbmc commit: 3bb8488).
Build URL: https://travis-ci.com/diffblue/test-gen/builds/107164126
Status will be re-evaluated on next push.
Common spurious failures include: the cbmc commit has disappeared in the mean time (e.g. in a force-push); the author is not in the list of contributors (e.g. first-time contributors); compatibility was already broken by an earlier merge.

[smowton]

Needs propagation.erase -> propagation.erase_if_exists in symex_assign.cpp

[smowton]

Benchmark results for a long-running Webgoat analysis:

Develop: 77s
#4464: 57s
#4464 + #4505: 26s

[tautschnig]

Needs propagation.erase -> propagation.erase_if_exists in symex_assign.cpp

Thank you!! Done. Based on @smowton's data I'm inclined to merge this once CI passes.