Faster fixed-input ecmult tests #1049

pull sipa wants to merge 1 commits into bitcoin-core:master from sipa:202112_fastfixtest changing 1 files +78 −3
  1. sipa commented at 1:13 am on December 23, 2021: contributor

    Given how much #920 slowed down the tests with low iteration count, replace it with 3 different similar test:

    • count >= 1: a test with 1024 multiplies that tests any pattern of 6 bits in windows not more than 20 bits wide
    • count >= 3: a test with 2048 multiplies that tests any pattern of 8 consecutive bits
    • count >= 35: the old test (which effectively tests all 2-bit patterns)
  2. real-or-random commented at 9:17 pm on December 23, 2021: contributor

    Is this the first test where we run essentially different checks depending on the count variable?

    I’m slightly concerned that it introduces an “unexpected” element in the tests.

  3. in src/tests.c:4822 in ed939ded6c outdated
    4816+        0x1a, 0xee, 0xe6, 0xb7, 0x6e, 0x05, 0x3f, 0xc6
    4817+    };
    4818+    /* For every combination of 6 bit positions out of 256, restricted to
    4819+     * 20-bit windows (i.e., the first and last bit position are no more than
    4820+     * 19 bits apart), all 64 bit patterns occur in the input scalars used in
    4821+     * this test. */
    


    robot-dreams commented at 9:22 pm on December 23, 2021:

    This condition was a little hard to understand. Do you have a script that confirms it?

    Alternatively, should we replace this with the following easier-to-understand condition, which is analogous to the one below (this script confirms that it holds: https://gist.github.com/robot-dreams/02d27311448bd4cb79bec3ce155bf21a#file-verify_1049_patterns-py):

    0    /* For every combination of 6 consecutive bit positions, all 64 bit
    1     * patterns occur in the input scalars used in this test. */
    
  4. robot-dreams commented at 9:34 pm on December 23, 2021: contributor

    ACK ed939ded6cbe01680086cc3d57643b075a288fba

    I verified the expected hashes with an independent implementation: https://gist.github.com/robot-dreams/02d27311448bd4cb79bec3ce155bf21a

    I also verified on a Linux VM that it’s indeed faster:

    New

    0# time valgrind ./tests 2
    1real	4m48.751s user	3m55.599s sys	0m52.974s
    2
    3# time valgrind ./tests 4
    4real	7m2.431s user	6m1.322s sys	1m0.990s
    

    Old

    0# time valgrind ./tests 2
    1real	11m44.887s user	10m49.579s sys	0m54.015s
    2
    3# time valgrind ./tests 4
    4real	12m25.258s user	11m32.643s sys	0m52.434s
    

    @real-or-random I see your concern. The way I’m thinking about it is, “this test does a bunch of ecmults and checks the result; count just controls how many ecmults are being done”.

    I agree it’d be nicer if the relationship between count and the actual number (and choice) of ecmults were more direct, but I don’t think it’s critical. But if you DO think it’s critical, then as an alternative I might suggest having lower count correspond to a lower maximum value of i in the test_ecmult_constants_2bit.

  5. real-or-random commented at 9:45 pm on December 23, 2021: contributor

    @real-or-random I see your concern. The way I’m thinking about it is, “this test does a bunch of ecmults and checks the result; count just controls how many ecmults are being done”.

    Indeed but your numbers show that it’s really significant on valgrind… Maybe for the paranoid, we should document a number where it’s guaranteed that all tests run? I guess anyway all tests should run at 64 but maybe even lower? For example, is there a reason why you choose 35? (And not 32? Sorry, I don’t want to start bikeshedding over the number, just trying to understand.)

  6. sipa commented at 10:00 pm on December 23, 2021: contributor

    This is indeed somewhat unusual, at least compared to what we had before, where the code paths used never depend on the count variable.

    My justification here is that while the count variable now changes the test code paths, it doesn’t (or at least, shouldn’t) change the code paths being tested. Increasing count just runs it with more (fixed) inputs.

    The reasoning is something like: #920 was probably overkill, but I also don’t want to throw it away for cases where we have enough time to still run it. So replace it with a significantly cheaper test that tests the same code paths (and mostly the same table entries; possibly even more), but also still run the old code if count is high enough.

    If this feels all too arbitrary (which I find understandable), I’m also fine with just replacing the whole thing with only the consecutive-8-bits 2048-point test. @robot-dreams

    0patterns = []
    1for i in range(1, 1<<20, 2):
    2    if bin(i).count("1") == 6:
    3        for j in range(256):
    4            if (i << j) >> 256 == 0:
    5                patterns.append(i << j)
    

    then for each pattern in patterns, it should should hold that x & pattern takes on 64 different values as x iterates over the scalars in the test.

  7. real-or-random commented at 7:37 pm on December 26, 2021: contributor

    Concept ACK

    The reasoning is something like: #920 was probably overkill, but I also don’t want to throw it away for cases where we have enough time to still run it.

    This was also my initial intuition and I agree. It’s not elegant but it’s better than throwing tests away. This will also be helpful for other “overkill” tests, e.g., see the discussion about an “million bytes” SHA256 test: #731 (review)

    Maybe this is the time to add a -h / --help and then mention that not all tests may be run when the count is lower than the default.

  8. sipa commented at 6:52 pm on January 7, 2022: contributor

    For example, is there a reason why you choose 35? (And not 32)?

    Specifying count=1 does ~1024 multiplications, count=3 does ~1024×3, count=35 does ~1024×35.

  9. real-or-random approved
  10. real-or-random commented at 11:03 am on January 19, 2022: contributor

    utACK ed939ded6cbe01680086cc3d57643b075a288fba

    Fine with merging this as-is but I wonder if we can improve the “grepability” of such tests. At the moment git grep "count >" -- src/tests.c works but it’s fragile. I wonder if we can introduce a function/macro with a one-line comment to make it sure the skipped tests can be found easily.

    edit: The macro could even print a notice like “Skipping test x due to the low iteration count.”

  11. Faster fixed-input ecmult tests 070e772211
  12. sipa force-pushed on Jan 22, 2022
  13. sipa commented at 11:44 pm on January 22, 2022: contributor
  14. real-or-random approved
  15. real-or-random commented at 10:50 am on January 23, 2022: contributor
    ACK 070e772211b3fcd297577b90b56bbf7a5cfbd0a3
  16. real-or-random commented at 10:54 am on January 23, 2022: contributor
    @robot-dreams quick re-review? :)
  17. robot-dreams commented at 4:31 pm on January 24, 2022: contributor

    ACK 070e772211b3fcd297577b90b56bbf7a5cfbd0a3, the addition of the CONDITIONAL_TEST macro is nice.

    I also searched for \<count\> in tests.c just to make sure there isn’t anything else that should use the macro. The only possible case I found was this one, but I’m okay with leaving it as is because it would always still run at least once (count must be positive).

  18. real-or-random merged this on Jan 24, 2022
  19. real-or-random closed this on Jan 24, 2022

  20. real-or-random cross-referenced this on Jan 24, 2022 from issue Change SHA256 byte counter from size_t to uint64_t by real-or-random
  21. dhruv referenced this in commit 6f7e395acc on Jan 26, 2022
  22. hebasto referenced this in commit 065b6dbf9d on Jan 30, 2022
  23. dhruv referenced this in commit 139d4b881e on Feb 1, 2022
  24. fanquake referenced this in commit 8f8631d826 on Mar 17, 2022
  25. fanquake referenced this in commit 4bb1d7e62a on Mar 17, 2022
  26. fanquake referenced this in commit 465d05253a on Mar 30, 2022
  27. real-or-random referenced this in commit 6c0aecf72b on Apr 1, 2022
  28. stratospher referenced this in commit 4d5afc9767 on Apr 3, 2022
  29. stratospher referenced this in commit 5b18493cfa on Apr 3, 2022
  30. fanquake referenced this in commit afb7a6fe06 on Apr 6, 2022
  31. gwillen referenced this in commit 35d6112a72 on May 25, 2022
  32. patricklodder referenced this in commit 21badcf9d2 on Jul 25, 2022
  33. patricklodder referenced this in commit 03002a9013 on Jul 28, 2022
  34. janus referenced this in commit 3a0652a777 on Aug 4, 2022
  35. str4d referenced this in commit 522190d5c3 on Apr 21, 2023
  36. vmta referenced this in commit e1120c94a1 on Jun 4, 2023
  37. vmta referenced this in commit 8f03457eed on Jul 1, 2023

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 20:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me