reduce: debug-only audit that interesting times are knowable from inputs#774
Draft
frankmcsherry wants to merge 1 commit into
Draft
reduce: debug-only audit that interesting times are knowable from inputs#774frankmcsherry wants to merge 1 commit into
frankmcsherry wants to merge 1 commit into
Conversation
Adds verification scaffolding (debug builds only) to test whether the reduce operator's interesting times can be determined up front from the inputs, independent of the values produced -- a prerequisite for splitting `compute` into a time-discovery phase and an evaluation phase. The production path is unchanged: the original interleaved algorithm is preserved verbatim as `compute_live`. In debug builds, `compute` also runs a prospective `discover_times` pass as a shadow and compares the times it would enumerate against the times the live logic actually reconsidered, recording the discrepancy in the `audit` counters. `discover_times` deliberately omits the value-dependent `output_produced` joins, so the comparison measures exactly what those contribute. Nothing on the worker path panics, so a divergence surfaces as a counter, not a hang. tests/reduce_audit.rs runs a 200-round incremental SCC and asserts the safety property `missed == 0` (discovery never drops a reconsidered time); on that workload discovered == reconsidered exactly (extra == 0), i.e. the output-seeded synthetic times are redundant with the input-time closure. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Draft / investigation — not a behavior change. The production reduce path is unchanged; this adds debug-only verification scaffolding to test whether reduce's interesting times can be determined up front from the inputs, independent of the values produced. That is the prerequisite for eventually splitting
computeinto a time-discovery phase and an evaluation phase.What's here
computeis now a thin wrapper. The original interleaved algorithm is preserved verbatim ascompute_live(the large diff is mostly relocation), so release builds are byte-for-byte the prior behavior with zero overhead — all new code is#[cfg(debug_assertions)]-gated.computeadditionally runs a prospectivediscover_timespass as a shadow (drives nothing) and compares the times it would enumerate against the times the live logic actually reconsidered, recording the result in theauditcounters. Nothing on the worker path panics, so a divergence shows up as a counter, never a hang.discover_timesdeliberately omits the value-dependentoutput_producedjoins, so the comparison measures exactly what that (value-dependent) source contributes.tests/reduce_audit.rsruns a 200-round incremental SCC and asserts the safety propertymissed == 0(discovery must never drop a time the live logic reconsiders).Finding
On the 200-round incremental SCC (50 nodes, 100 edges, random churn):
reconsidered=13925, discovered=13925, missed=0, extra=0. The shadow reproduces the live interesting set exactly while omitting theoutput_producedjoins — i.e. on this workload the output-seeded synthetic times are redundant with the input-time join-closure, supporting the claim that interesting times are knowable from inputs alone (a statement about which times to reconsider; value-independent, orthogonal to abelian-ness).Status / next steps
🤖 Generated with Claude Code