feat: add --per-depth-timeout option for progressive depth-halving prove#1141
Draft
Stevengre wants to merge 1 commit into
Draft
feat: add --per-depth-timeout option for progressive depth-halving prove#1141Stevengre wants to merge 1 commit into
--per-depth-timeout option for progressive depth-halving prove#1141Stevengre wants to merge 1 commit into
Conversation
Adds a progressive-depth-halving wall-clock timeout to `kontrol prove`. When `--per-depth-timeout S` is set (default 0, off), each prove attempt is given `max_depth * S` seconds; if the budget is exhausted, `max_depth` is halved and the proof resumes from the disk-persisted KCFG state, repeating down to depth=1. The timeout is enforced via the maintenance callback of `advance_proof` / `parallel_advance_proof`, which both invoke it immediately after `proof.write_proof_data()` — so on-disk state is current when the callback raises `_ProgressiveTimeout`. The unwind closes `parallel_advance_proof`'s worker pool and the per-attempt `with select_server()`, leaving no orphan workers or KoreServer processes between halvings. The previous `run_prover` import from kevm-pyk is replaced by a local dispatch (mirrors run_prover) so we can inject the timeout callback. The non-progressive path goes through the same dispatch with the unchanged status-bar callback.
Stevengre
force-pushed
the
progressive-depth-timeout
branch
from
1f0cc6a to
36d97eb
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a new
--per-depth-timeout SECONDSoption tokontrol prove. When set, each prove attempt gets a wall-clock budget ofmax_depth * per_depth_timeoutseconds; on timeout,max_depthis halved and the proof resumes from disk-persisted KCFG state, repeating down todepth = 1. Default0disables the behavior — existing runs are unaffected.Example:
--max-depth 1000 --per-depth-timeout 10runs1000 @ 10000s → 500 @ 5000s → ... → 1 @ 10s.Why
A proof can get stuck when
execute_depthis too coarse to cut at the next branch / terminal point. Halving the depth makes each step shorter and more interruptible, giving the prover more chances to find branch points — without changing proof semantics, since the saved KCFG carries over between attempts.Implementation
--per-depth-timeoutflag incli.pyandProveOptions.per_depth_timeout(default0).init_and_run_proofis restructured so each prove attempt opens its ownwith select_server(). Server-independent prep (cut_point_rules,lemmas_module,terminal_rules) is computed once outside any server; first-timemethod_to_apr_proofuses a short-lived initial server.attempt(depth, callback)mirrorsrun_prover's sequential / parallel dispatch but lets us inject our own callback. The progressive path installs atimed_callbackthat raises_ProgressiveTimeoutoncetime.time() - attempt_start > budget_s.advance_proof/parallel_advance_proofinvoke the callback immediately afterproof.write_proof_data(), on-disk state is current at the moment of abort. The unwind closesparallel_advance_proof's_ProverPool(terminates worker threads) and thewith select_server()(terminates the KoreServer subprocess), so each halving starts from a clean slate.run_proverimport fromkevm-pykis dropped; the local dispatch is the sole path for both progressive and non-progressive runs.Test plan
kontrol prove --helplists--per-depth-timeoutwith documented behavior.Proof <id>: depth=N attempt exhausted Ms budget; halving.lines and the depth halves monotonically.pgrep kore-rpccount returns to baseline between halvings under both--workers 1and--workers >1(withparallel_advance_proof).Follow-up
callbackparameter tokevm-pyk'srun_proverso we can drop the mirrored dispatch inattempt()and callrun_proverdirectly again.🤖 Generated with Claude Code