Refactor and optimise size to have approximate bound

[TGWDB]

This optimises the size function that was only used when
checking for a bound. The new bounded_size takes an
explicit bound argument and reduces the search when
this bound is (approximately) reached.

Also this fixes a bug in the complexity computation where
the complexity (size) can never be zero, instead check
against one.

• Each commit message has a non-empty body, explaining why the change was made.
• Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[codecov]

Codecov Report

Merging #5914 (ef2f3e1) into develop (1b51a4d) will increase coverage by 1.46%.
The diff coverage is 73.76%.

@@             Coverage Diff             @@
##           develop    #5914      +/-   ##
===========================================
+ Coverage    73.55%   75.02%   +1.46%     
===========================================
  Files         1431     1431              
  Lines       155248   155633     +385     
===========================================
+ Hits        114189   116756    +2567     
+ Misses       41059    38877    -2182     

Impacted Files	Coverage Δ
src/analyses/cfg_dominators.h	100.00% <ø> (ø)
src/analyses/global_may_alias.cpp	0.00% <0.00%> (ø)
src/goto-cc/linker_script_merge.cpp	0.00% <0.00%> (ø)
src/goto-instrument/accelerate/scratch_program.cpp	65.95% <0.00%> (+9.77%)	⬆️
src/goto-instrument/concurrency.cpp	0.00% <0.00%> (ø)
src/goto-instrument/dot.cpp	0.00% <0.00%> (ø)
src/goto-instrument/function_modifies.cpp	0.00% <0.00%> (ø)
src/goto-instrument/rw_set.cpp	41.93% <0.00%> (+41.93%)	⬆️
src/goto-instrument/thread_instrumentation.cpp	0.00% <0.00%> (ø)
src/goto-instrument/undefined_functions.cpp	0.00% <0.00%> (ø)
... and 193 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b7859de...ef2f3e1. Read the comment docs.

[TGWDB]

@peterschrammel @kroening Any chance of a a code owner review/approval?

[peterschrammel]

Are there tests for this?

[TGWDB]

Are there tests for this?

Added unit tests now.

[martin-cs]

In the case of structural sharing this is (unnecessarily) exponential. Maybe use visit?

[thomasspriggs]

Wouldn't visit always do a full traversal, thus removing this optimisation of only doing a partial traversal?

[thomasspriggs]

@TGWDB Side note, please split this commit into the correctly titled optimisation and bug fix commits. I think the current title may already have mislead Martin. So lets get it sorted.

[TGWDB]

@martin-cs I'm afraid I don't fully understand your comment. In particular I don't understand the terminology "structural sharing" here. There are a few things that have come up as possible, and some comments addressing them below.

1. There is a concern that ops is potentially copied. I've pushed a commit to make it clear that ops is never changed and so there should be no issues related to copying of ops.
2. There is some question about the exponential nature of the function? The function is depth first and linear in the size of the exprt up to the bound. Note that the size() call is a constant for this datatype, and then the (depth first) walk of the exprt is linear.
3. There may be a concern that the depth first walk could potentially overflow the stack with many function calls. This was also a (potential) problem in the old version. The version here should reduce this risk in two ways. Firstly, at each call the entire size of the operands is added, thus capturing more of the true size faster and so reducing function calls. Secondly, the bounded nature means this should (particularly when called on large structures) return without traversing the entire exprt.
4. If the concern is writing a custom traversal rather than using a visitor then I guess this could be considered, assuming there is suitable motivation?

[martin-cs]

@TGWDB CPROVER shares irepts where possible. This can result in exponential compression. Consider the following expression:

let b = a + a
let c = b * b
let d = c + c
let e = d * d

CPROVER will store a total of 5 irepts. Four of them will have the same irept appearing twice in the sub.

A naive traversal of the form that you had written will visit a 16 times rather than just once. As the sharing gets larger so the time taken becomes exponential in the size of the data structure rather than linear. This happens. It is A Problem. In the best cases the sharing is linked enough that the pass grinds to a halt and it is obvious that the code needs to be fixed. Worse is when it is an issue but no-one notices the 8* slow down on the average case of one pass. Then at some point we feed in code and ... it just times out somewhere random and without careful and detailed profiling (which you almost certainly can't do with customer code) you will not find the problem.

I say this from bitter personal experience. @tautschnig and @peterschrammel have both done great work on making things sharing aware and sharing conscious.

So, if you want to traverse an expression for an unlimited amount PLEASE do not write for loops and recursion. Use a work queue and a set for what you have seen. Or use the visitor; that is is what it is there for.

Also, in the specific use-case you want, I think you probably want the number of unique exprts, you don't want to count duplicates.

[thomasspriggs]

Thank you for this explanation. The details of this particular sharing issue are useful. However I have just been looking at the implementation details of exprt::visit and I do not see how it could solve the particular issue you describe. The implementation for this function can be found in visit_pre_template. It uses an std::stack as its work queue (it also uses a for loop which you object to). std::stack is a simple LIFO data structure. If the same irept is pushed onto the stack twice, then it will be popped twice and visited twice. It does not offer the duplication removal of std::set or std::unordered_set. The use of the std::stack is still worthwhile here, because storing the working data set on the heap avoids storing it in the call stack as for a recursive implementation. Recursion could overflow the call stack when processing a sufficiently deeply nested data structure. Using the visitor is good, I just don't see how it could offer the particular benefit which you purport that it does. Was there a different visitor implementation which you were thinking of instead?

[martin-cs]

@thomasspriggs apologies. There used to be a visitor that used a set to handle sharing. I would consider this a bug in exprt::visit.

[thomasspriggs]

No problem. I just wanted to get to the bottom of what best practice would actually be.

Changing exprt::visit to not visit shared nodes like that could break existing usages of it. Say for example if it has been used for printing code, where we actually want to print the full tree. The exprt::unique_depth_(begin/end/cbegin/cend) iterators look to offer the functionality you were expecting. But they also seem to be unused.

[thomasspriggs]

Looks fine to me. @peterschrammel Can you re-review?

[peterschrammel]

Certainly an improvement (although I don't know any user of this functionality).