fix(detector): catch LAST_CALL_REPLAY via cursor-indexed reference replay#14
Closed
SinatrasC wants to merge 1 commit into
Closed
fix(detector): catch LAST_CALL_REPLAY via cursor-indexed reference replay#14SinatrasC wants to merge 1 commit into
SinatrasC wants to merge 1 commit into
Conversation
…play Targets red #16 (CURSOR_INDEXED_REFERENCE_REPLAY) submitted under 'Direction - Reference precompute replay'. Live KG (kernelguard==0.2.2) classifies it valid because: _REFS = [] _idx = 0 def custom_kernel(data): global _idx if _idx < len(_REFS): out = _REFS[_idx] _idx += 1 return out out = data.clone() _REFS.append(out) _idx += 1 return out has no 'is'-comparison between input and a saved slot, the returned value is a local Name (assigned from a Subscript), and the registry global '_REFS' is mutated via method call ('.append') rather than Assign or AugAssign. The earlier identity-replay passes don't fire. Approach: a fourth pass in detect_last_call_replay that triggers on a narrower-but-deeper shape: * compute the function's *captured* names (referenced but not param or top-level local Name target). 'global X' declarations are exempt from the local-only set. * compute *mutated* captures: AugAssign on a captured name, Assign on a captured name that is also globally declared, OR an attribute-method call on a captured name (so '.append', '.extend', '.popleft' all count as mutation). * walk every If with no real-compute calls in its body and a test that does not reference any input parameter; require the test to name at least one mutated capture. * require the if-body to return a Subscript on a mutated capture, either directly ('return _REFS[_idx]') or via a local that was assigned from such a Subscript ('out = _REFS[_idx]; ...; return out'). Verified: cursor_indexed and cursor_indexed_direct_return are now flagged. Existing classic LAST_CALL_REPLAY still flagged. workspace_lazy, shape_dispatch, plain_kernel, config_lookup_legit, plain_dict_lookup_legit all stay valid - either the if-test references the input parameter, the captured name is read-only, or the if-body has compute calls.
SinatrasC
temporarily deployed
to
kernelguard-api-control-plane
GitHub Actions
Inactive
KernelGuard Blue Evaluation
|
7 tasks
Collaborator
Author
|
Thanks for the KernelGuard Flywheel Campaign contribution. We are not merging this narrow variant separately because the consolidated rule-family implementation in #273 is the merge path for this detector area. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Targets red #16 under "Direction — Reference precompute replay".
Live
kernelguard==0.2.2classifies itvalid:The kernel pretends to populate a list of "reference outputs" on the warmup phase, then serves them on subsequent calls by walking a cursor through that list. The replay decision is a counter test that never looks at the input.
This shape is also a static FN against the open detector PRs:
is-pair → none herecustom_kernel = factory(); doesn't applyApproach
A fourth pass in
detect_last_call_replay, scoped tightly:global Xdeclarations are exempt from the local-only set.AugAssign,Assign(only when the name is alsoglobal-declared), or attribute method call on the name (.append,.extend,.popleft, etc.).Ifwhose body has no real-compute calls and whose test references no input parameter. Require the test to name at least one mutated capture.Subscripton a mutated capture, either directly (return _REFS[_idx]) or via a local assigned from such a Subscript (out = _REFS[_idx]; ...; return out).The "captured" + "mutated via method call" definition is what catches
_REFS.append(out)— the previous flag-only pass treated onlyAssign/AugAssignas mutation, so a list registry filled via.appendwas invisible.KernelGuard-Red-Submission: 16
Test plan
cursor_indexed(red fix(detector): catch function-attribute replay #16) →LAST_CALL_REPLAY,should_filter=Truecursor_indexed_direct_return(sibling shape) → flaggedlast_call_replay(existing test) → still flaggedworkspace_lazy(if _buf is None: _buf = empty_like(data); return _buf + data) — staysvalid(body has calls)shape_dispatch(if data.shape[0] > 1024: ...) — staysvalid(test references input)config_lookup_legit(if data.dtype is _CFG['dtype']: ...) — staysvalid(test references input)plain_dict_lookup_legit(returns from a read-only dict, no mutation) — staysvalid(no mutated captures)plain_kernel— staysvalidtests/test_replay_regressions.pyregressions pass