Skip to content

Commit 9544bf4

Browse files
ruipedro16ruipedro16
committed
some improvements in the proofs
- now the proofs go through with a smaller timeout
1 parent 37c7bf9 commit 9544bf4

File tree

12 files changed

+134
-192
lines changed

12 files changed

+134
-192
lines changed

.gitignore

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,7 @@
11
.vscode
22
venv
33

4-
proof/extraction/*.ec
4+
proof/extraction/*.ec
5+
6+
proof/common/*
7+
!proof/common/Array8.ec

proof/Makefile

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,3 +97,6 @@ distclean:
9797
extraction/:
9898
mkdir -p $@
9999

100+
common/:
101+
mkdir -p $@
102+

proof/config/tests.config

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,4 +24,4 @@ okdirs = extraction
2424

2525
[test-correctness]
2626
okdirs = correctness
27-
options = timeout=20
27+
options = timeout=2

proof/correctness/Correctness_Hash.ec

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -636,7 +636,9 @@ seq 2 0 : (
636636
sp; wp.
637637
outline {1} [1] { (out0, offset1) <@ M(Syscall).memcpy_u8pu8_n____memcpy_u8pu8 (out0, offset1, in_00); }.
638638
ecall {1} (p_write_buf_ptr Glob.mem{1} out0{1} offset1{1} in_00{1}).
639-
skip => /> &hr H0 H1 H2 H3 H4*; smt(@W64 pow2_64).
639+
skip => /> &hr H0 H1 H2 H3 H4*.
640+
have := H0; rewrite n_val /= /valid_ptr_i /= => H.
641+
smt().
640642

641643
(* toByte(X, 32) || R || root || index || M */ *)
642644
seq 2 0 : (

proof/correctness/Correctness_Mem.ec

Lines changed: 38 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -82,58 +82,40 @@ while
8282
rewrite E => H5 H6.
8383
split => [| /#]; by apply H5.
8484
+ auto => /> &hr H0 H1 H2 H3 H4 H5 H6 H7 H8 H9.
85-
rewrite ultE => H10 *.
86-
do split; last by smt(@W64 pow2_64).
87-
- rewrite to_uintD /#.
88-
- rewrite to_uintD /#.
89-
- ring.
90-
- ring.
91-
- apply (eq_from_nth witness); first by rewrite !size_load_buf //; smt(@W64 pow2_64).
92-
rewrite size_load_buf; first by smt(@W64 pow2_64).
93-
have ->: to_uint (i{hr} + W64.one) = to_uint i{hr} + 1 by smt(@W64 pow2_64).
94-
move => j?.
95-
rewrite /load_buf !nth_mkseq //= !load_store_mem.
96-
rewrite /valid_ptr in H5.
97-
have ->: to_uint (dst_ptr + oo) = to_uint dst_ptr + to_uint oo by smt(@W64 pow2_64).
98-
have ->: to_uint (dst_ptr + (oo + i{hr})) = to_uint dst_ptr + to_uint oo + to_uint i{hr} by smt(@W64 pow2_64).
99-
have ->: to_uint (src_ptr + oi) = to_uint src_ptr + to_uint oi by smt(@W64 pow2_64).
100-
have ->: (to_uint (src_ptr + (oi + i{hr}))) =
101-
to_uint src_ptr + to_uint oi + to_uint i{hr} by smt(@W64 pow2_64).
102-
case (j = to_uint i{hr}) => [/# | Hb].
103-
rewrite ifF 1:/#.
104-
case (
85+
rewrite ultE to_uintD => H10 *.
86+
(do split; 1,2,7: by smt()); 1,2: by ring.
87+
- apply (eq_from_nth witness); rewrite size_load_buf /= 1:/# ?size_load_buf // => [/# | j?].
88+
rewrite /load_buf !nth_mkseq //= !load_store_mem.
89+
rewrite /valid_ptr in H5.
90+
have ->: to_uint (dst_ptr + oo) = to_uint dst_ptr + to_uint oo by rewrite to_uintD_small /#.
91+
have ->: to_uint (dst_ptr + (oo + i{hr})) = to_uint dst_ptr + to_uint oo + to_uint i{hr} by smt(@W64 pow2_64).
92+
have ->: to_uint (src_ptr + oi) = to_uint src_ptr + to_uint oi by rewrite to_uintD_small /#.
93+
have ->: (to_uint (src_ptr + (oi + i{hr}))) =
94+
to_uint src_ptr + to_uint oi + to_uint i{hr} by smt(@W64 pow2_64).
95+
case (j = to_uint i{hr}) => [/# | Hb].
96+
rewrite ifF 1:/#.
97+
case (
10598
to_uint src_ptr + to_uint oi + j =
10699
to_uint dst_ptr + to_uint oo + to_uint i{hr}
107-
) => [Hx | Hy].
108-
* have ->: loadW8 Glob.mem{hr} (to_uint src_ptr + to_uint oi + to_uint i{hr}) =
100+
) => ?.
101+
* have ->: loadW8 Glob.mem{hr} (to_uint src_ptr + to_uint oi + to_uint i{hr}) =
109102
nth witness (load_buf Glob.mem{hr} (src_ptr + oi) (to_uint i{hr})) (to_uint i{hr})
110103
by rewrite nth_load_buf /#.
111104
by rewrite -H8 nth_load_buf /#.
112105
* have ->: Glob.mem{hr}.[to_uint src_ptr + to_uint oi + j] =
113-
nth witness (load_buf Glob.mem{hr} (src_ptr + oi) (to_uint i{hr})) j.
114-
by rewrite nth_load_buf 1:/#; congr; smt(@W64 pow2_64).
115-
rewrite -H8 nth_load_buf 1:/#; congr; smt(@W64 pow2_64).
116-
- move => k??Hk.
117-
rewrite /storeW8 /loadW8 get_setE.
118-
have ->: to_uint (dst_ptr + (oo + i{hr})) = to_uint dst_ptr + to_uint oo + to_uint i{hr} by smt(@W64 pow2_64).
106+
nth witness (load_buf Glob.mem{hr} (src_ptr + oi) (to_uint i{hr})) j
107+
by rewrite nth_load_buf 1:/#; congr; rewrite to_uintD_small /#.
108+
rewrite -H8 nth_load_buf 1:/#; congr; rewrite to_uintD_small /#.
109+
- move => /= k??Hk.
110+
rewrite /storeW8 /loadW8 get_setE.
111+
have ->: to_uint (dst_ptr + (oo + i{hr})) = to_uint dst_ptr + to_uint oo + to_uint i{hr} by smt(@W64 pow2_64).
119112
have ->: (to_uint (src_ptr + (oi + i{hr}))) =
120113
to_uint src_ptr + to_uint oi + to_uint i{hr} by smt(@W64 pow2_64).
121114
case (k = to_uint dst_ptr + to_uint oo + to_uint i{hr}) => [Ha | Hb]; last first.
122115
* rewrite H9 1:/#; smt(@W64 pow2_64).
123116
rewrite -H9 1,2:/# Ha; smt(@W64 pow2_64).
124117
qed.
125118

126-
lemma nth_sub_list_dflt (x : nbytes list) (i l0 l1 : int) :
127-
0 <= l0 =>
128-
0 <= l1 =>
129-
nth witness (sub_list (nbytes_flatten x) l0 l1) i =
130-
if 0 <= i < l1 then nth witness (nbytes_flatten x) (l0 + i) else witness.
131-
proof.
132-
move => ??.
133-
case (0 <= i < l1) => [H_in | H_out].
134-
+ rewrite /sub_list nth_mkseq //=.
135-
+ rewrite /sub_list nth_out // size_mkseq /#.
136-
qed.
137119

138120
(*
139121
`nbytes_witness` is a witness value of type `nbytes`.
@@ -188,11 +170,6 @@ case (0 <= k < n) => [k_in | k_out].
188170
rewrite nth_out // NBytes.valP /#.
189171
qed.
190172

191-
(* If the index is in bounds, the default value passed to nth does not matter *)
192-
(* FIXME: Este lemma ja existe e esta da teoria de listas como nth_change_dfl *)
193-
lemma nth_dflt ['a] (x : 'a list) (dflt1 dflt2 : 'a) (i : int) :
194-
0 <= i < size x =>
195-
nth dflt1 x i = nth dflt2 x i by smt(@List).
196173

197174
(* Obs: Este lema precisa de ser phoare p ser usado na prova do treehash *)
198175
lemma memcpy_treehash_node_2 (_stack_impl : W8.t Array352.t, o : W64.t) (stack_spec : nbytes list) :
@@ -224,19 +201,16 @@ conseq (: _ ==>
224201
).
225202
+ auto => /> &hr H0 H1 H2 out; split => Hout; rewrite Hout.
226203
(** -------------------------------------------------------------------------------------------- **)
227-
have ->: (to_uint (o - W64.one)) = to_uint o - 1 by smt(@W64 pow2_64).
228-
have ->: (to_uint (o - (of_int 2)%W64)) = to_uint o - 2 by smt(@W64 pow2_64).
204+
have ->: (to_uint (o - W64.one)) = to_uint o - 1 by rewrite to_uintB // uleE /=/#.
205+
have ->: (to_uint (o - (of_int 2)%W64)) = to_uint o - 2 by rewrite to_uintB // uleE /=/#.
229206
case (0 <= to_uint o - 1 < size stack_spec) => [H_o_m_1_in | H_o_m_1_out].
230207
(* Cenario normal => tudo in bounds => todos os acessos sao validos *)
231208
- apply (eq_from_nth witness).
232209
+ by rewrite size_sub_list 1:/# size_cat !NBytes.valP n_val.
233210
rewrite size_cat !NBytes.valP n_val /= => i?.
234-
case (0 <= i < 32) => [Hfst | Hsnd];
235-
rewrite nth_cat NBytes.valP n_val; [rewrite ifT 1:/# | rewrite ifF 1:/#].
236-
+ rewrite nth_sub_list 1:/# nth_nbytes_flatten 1:/#.
237-
smt(nth_dflt).
238-
+ rewrite nth_sub_list 1:/# nth_nbytes_flatten 1:/#.
239-
smt(nth_dflt).
211+
(case (0 <= i < 32) => [Hfst | Hsnd]; rewrite nth_cat NBytes.valP n_val; [rewrite ifT 1:/# | rewrite ifF 1:/#]);
212+
rewrite nth_sub_list 1:/# nth_nbytes_flatten 1:/# ;smt(nth_change_dfl).
213+
240214
(* Daqui para a frente, stack_spec[o - 1] = witness *)
241215
have ->: nth nbytes_witness stack_spec (to_uint o - 1) = nbytes_witness
242216
by rewrite nth_out /#.
@@ -247,7 +221,7 @@ conseq (: _ ==>
247221
case (0 <= i < 32) => [Hfst | Hsnd];
248222
rewrite nth_cat NBytes.valP n_val; [rewrite ifT 1:/# | rewrite ifF 1:/#].
249223
+ rewrite nth_sub_list 1:/# nth_nbytes_flatten 1:/#.
250-
smt(nth_dflt).
224+
smt(nth_change_dfl).
251225
+ rewrite nth_nbytes_witness.
252226
rewrite nth_sub_list 1:/#.
253227
rewrite nth_out // size_nbytes_flatten /#.
@@ -265,8 +239,8 @@ conseq (: _ ==>
265239
rewrite nth_sub_list //.
266240
rewrite nth_out // size_nbytes_flatten /#.
267241
(** -------------------------------------------------------------------------------------------- **)
268-
have ->: (to_uint (o - W64.one)) = to_uint o - 1 by smt(@W64 pow2_64).
269-
have ->: (to_uint (o - (of_int 2)%W64)) = to_uint o - 2 by smt(@W64 pow2_64).
242+
have ->: (to_uint (o - W64.one)) = to_uint o - 1 by rewrite to_uintB // uleE /#.
243+
have ->: (to_uint (o - (of_int 2)%W64)) = to_uint o - 2 by rewrite to_uintB // uleE /#.
270244
case (0 <= to_uint o - 1 < size stack_spec) => [H_o_m_1_in | H_o_m_1_out].
271245
(* Cenario normal => tudo in bounds => todos os acessos sao validos *)
272246
- apply (eq_from_nth witness).
@@ -275,9 +249,9 @@ conseq (: _ ==>
275249
case (0 <= i < 32) => [Hfst | Hsnd];
276250
rewrite nth_cat NBytes.valP n_val; [rewrite ifT 1:/# | rewrite ifF 1:/#].
277251
+ rewrite nth_sub_list 1:/# nth_nbytes_flatten 1:/#.
278-
smt(nth_dflt).
252+
smt(nth_change_dfl).
279253
+ rewrite nth_sub_list 1:/# nth_nbytes_flatten 1:/#.
280-
smt(nth_dflt).
254+
smt(nth_change_dfl).
281255
(* Daqui para a frente, stack_spec[o - 1] = witness *)
282256
have ->: nth nbytes_witness stack_spec (to_uint o - 1) = nbytes_witness
283257
by rewrite nth_out /#.
@@ -288,7 +262,7 @@ conseq (: _ ==>
288262
case (0 <= i < 32) => [Hfst | Hsnd];
289263
rewrite nth_cat NBytes.valP n_val; [rewrite ifT 1:/# | rewrite ifF 1:/#].
290264
+ rewrite nth_sub_list 1:/# nth_nbytes_flatten 1:/#.
291-
smt(nth_dflt).
265+
smt(nth_change_dfl).
292266
+ rewrite nth_nbytes_witness.
293267
rewrite nth_sub_list 1:/#.
294268
rewrite nth_out // size_nbytes_flatten /#.
@@ -391,7 +365,7 @@ rewrite ultE of_uintK /= => H7.
391365
have E: 2^h = 1048576 by rewrite h_val /#.
392366
do split; 1,2,5: by smt(@W64 pow2_64).
393367
+ ring.
394-
+ have ->: to_uint (i{hr} + W64.one) = to_uint i{hr} + 1 by smt(@W64 pow2_64).
368+
+ have ->: to_uint (i{hr} + W64.one) = to_uint i{hr} + 1 by rewrite to_uintD_small /#.
395369
move => k??.
396370
rewrite get_setE 1:/#.
397371
have E2: to_uint ((o - (of_int 2)%W64) * (of_int 32)%W64) =
@@ -403,7 +377,7 @@ do split; 1,2,5: by smt(@W64 pow2_64).
403377
- rewrite to_uintD E2 /#.
404378
rewrite E2.
405379
case (k = to_uint i{hr}) => [-> // | ?]. (* trivial solves the first goal *)
406-
rewrite H6 1:/#; congr; smt(@W64 pow2_64).
380+
rewrite H6 1:/#; congr; rewrite to_uintM of_uintK /= to_uintB ?of_uintK 2:/# uleE of_uintK /#.
407381
qed.
408382

409383
lemma p_treehash_memcpy_0 (node : W8.t Array32.t) (stack : nbytes list) (_stack : W8.t Array352.t) (offset : W64.t) :
@@ -460,7 +434,7 @@ if 0 <= to_uint out_offset + k < 352 then in_0.[k] else witness) /\
460434
split => [/# |].
461435
move => H4 H5 H6.
462436
have ->: i0 = 32 by smt().
463-
have ->: to_uint (offset * (of_int 32)%W64) = to_uint offset * 32 by smt(@W64 pow2_64).
437+
have ->: to_uint (offset * (of_int 32)%W64) = to_uint offset * 32 by rewrite to_uintM /=/#.
464438
move => H7 H8.
465439
apply (eq_from_nth witness); first by rewrite size_sub 1:/# size_sub_list // /#.
466440
rewrite size_sub 1:/# H2 => i Hi.
@@ -522,17 +496,15 @@ if 0 <= to_uint out_offset + k < 352 then in_0.[k] else witness) /\
522496
(** -------------------------------------------------------------------------------------------- **)
523497
auto => /> &hr H0 H1 H2 H3 H4 H5 H6 H7 H8.
524498

525-
have E: to_uint (offset * (of_int 32)%W64) = to_uint offset * 32 by smt(@W64 pow2_64).
526-
499+
have E: to_uint (offset * (of_int 32)%W64) = to_uint offset * 32 by rewrite to_uintM /=/#.
527500
do split; 1,2,5: by smt().
528-
529501
+ move => k??.
530502
have ->: to_uint (offset * (of_int 32)%W64 + (of_int i{hr})%W64) =
531-
(to_uint offset * 32) + i{hr} by smt(@W64 pow2_64).
503+
(to_uint offset * 32) + i{hr} by rewrite to_uintD to_uintM /= of_uintK /#.
532504
case (0 <= to_uint offset * 32 + i{hr} < 352) => ?; first by rewrite get_setE /#.
533505
by rewrite ifF 1:/# get_out 1:/#.
534506
+ rewrite E => k???.
535-
rewrite -H7 1,2:/# get_set_if ifF //; smt(@W64 pow2_64).
507+
rewrite -H7 1,2:/# get_set_if ifF // to_uintD to_uintM of_uintK /=; smt(@W64 pow2_64).
536508
qed.
537509

538510

proof/correctness/Correctness_WOTS.ec

Lines changed: 29 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -118,27 +118,25 @@ if.
118118
rewrite (: 15 = 2 ^ 4 - 1) 1:/# !and_mod // of_uintK.
119119
smt(modz_small).
120120
+ auto => /> &1 &2 H0 H1 H2 H3 H4 H5 H6 H7 H8 H9 H10.
121-
do split; 1,2: by smt().
122-
* by rewrite size_put.
123-
* rewrite to_uintD /#.
124-
* rewrite to_uintD /#.
125-
* rewrite to_uintD /#.
126-
* rewrite to_uintD /#.
127-
* rewrite logw_val to_uintB // #smt:(@W64 pow2_64 modz_small).
128-
* rewrite logw_val H5 /= #smt:(@W64 pow2_64 modz_small).
129-
* rewrite H6 #smt:(@W64 pow2_64 @IntDiv).
130-
* rewrite to_uintD_small 1:/# /= => j??.
121+
have E : to_uint out{1} %% 2 = 0 \/ to_uint out{1} %% 2 = 1 by smt().
122+
have E2 : to_uint bits{1} = 0 \/ to_uint bits{1} = 4 by smt().
123+
(* TODO: E and E2 are aux, not used anywhere (yet???) *)
124+
rewrite logw_val to_uintD size_put; do split; 1,2,4..7: by smt().
125+
* assumption.
126+
* rewrite to_uintB //= uleE /= H5; smt(@W64).
127+
* rewrite H5; smt(@W64 pow2_64 modz_small).
128+
* rewrite H6; smt(@W64 pow2_64 @IntDiv).
129+
* have ->: (to_uint out{1} + to_uint W64.one) %% W64.modulus = to_uint out{1} + 1 by smt().
130+
move => /= j??.
131131
rewrite nth_put 1:/# get_setE //.
132132
case (j = to_uint out{1}) => [-> |?]; last first.
133133
- rewrite ifF 1:/# H7 //#.
134-
rewrite ifT // logw_val w_val /= (: 15 = 2^4 - 1) 1:/# (: 31 = 2^5 - 1) 1:/# !and_mod // !of_uintK //=.
135-
rewrite to_uint_shr.
136-
- rewrite !of_uintK /#.
137-
rewrite to_uint_shr.
138-
- rewrite !of_uintK /#.
139-
rewrite to_uint_truncateu8 to_uint_zeroextu32 !of_uintK /=.
140-
smt(@IntDiv @W64 pow2_64 modz_small).
141-
* rewrite to_uintD_small 1:/# /= => j??.
134+
rewrite ifT // w_val /= (: 15 = 2^4 - 1) 1:/# (: 31 = 2^5 - 1) 1:/# !and_mod // !of_uintK //=.
135+
do 2! (rewrite to_uint_shr; [rewrite !of_uintK /# |]).
136+
rewrite to_uint_truncateu8 to_uint_zeroextu32 !of_uintK /=.
137+
smt(@IntDiv @W64 pow2_64 modz_small).
138+
* have ->: (to_uint out{1} + to_uint W64.one) %% W64.modulus = to_uint out{1} + 1 by smt().
139+
move => j??.
142140
rewrite (: 31 = 2^5 - 1) 1:/# (: 15 = 2^4 - 1) 1:/# !and_mod //=.
143141
rewrite to_uint_shr.
144142
- rewrite !of_uintK /#.
@@ -212,27 +210,22 @@ if.
212210
rewrite (: 15 = 2 ^ 4 - 1) 1:/# !and_mod // of_uintK.
213211
smt(modz_small).
214212
+ auto => /> &1 &2 H0 H1 H2 H3 H4 H5 H6 H7 H8 H9 H10.
215-
do split; 1,2: by smt().
216-
* by rewrite size_put.
217-
* rewrite to_uintD /#.
218-
* rewrite to_uintD /#.
219-
* rewrite to_uintD /#.
220-
* rewrite to_uintD /#.
221-
* rewrite logw_val to_uintB // #smt:(@W64 pow2_3 modz_small).
222-
* rewrite logw_val H5 //= #smt:(@W64 pow2_32 modz_small @IntDiv).
223-
* rewrite H6 #smt:(@W64 pow2_32 @IntDiv).
224-
* rewrite to_uintD_small 1:/# /= => j??.
213+
rewrite logw_val to_uintD size_put; do split; 1,2,4..7: by smt().
214+
* assumption.
215+
* rewrite to_uintB //= uleE /= H5; smt(@W64).
216+
* rewrite H5 /=; admit. (* smt(@W64 pow2_64 modz_small) *)
217+
* rewrite H6; smt(@W64 pow2_64 @IntDiv).
218+
* have ->: (to_uint out{1} + to_uint W64.one) %% W64.modulus = to_uint out{1} + 1 by smt().
219+
move => /= j??.
225220
rewrite nth_put 1:/# get_setE //.
226221
case (j = to_uint out{1}) => [-> |?]; last first.
227222
- rewrite ifF 1:/# H7 //#.
228-
rewrite ifT // logw_val w_val /= (: 15 = 2^4 - 1) 1:/# (: 31 = 2^5 - 1) 1:/# !and_mod // !of_uintK //=.
229-
rewrite to_uint_shr.
230-
- rewrite !of_uintK /#.
231-
rewrite to_uint_shr.
232-
- rewrite !of_uintK /#.
233-
rewrite to_uint_truncateu8 to_uint_zeroextu32 !of_uintK /=.
234-
smt(@IntDiv @W64 modz_small).
235-
* rewrite to_uintD_small 1:/# /= => j??.
223+
rewrite ifT // w_val /= (: 15 = 2^4 - 1) 1:/# (: 31 = 2^5 - 1) 1:/# !and_mod // !of_uintK //=.
224+
do 2! (rewrite to_uint_shr; [rewrite !of_uintK /# |]).
225+
rewrite to_uint_truncateu8 to_uint_zeroextu32 !of_uintK /=.
226+
smt(@IntDiv @W64 pow2_64 modz_small).
227+
* have ->: (to_uint out{1} + to_uint W64.one) %% W64.modulus = to_uint out{1} + 1 by smt().
228+
move => j??.
236229
rewrite (: 31 = 2^5 - 1) 1:/# (: 15 = 2^4 - 1) 1:/# !and_mod //=.
237230
rewrite to_uint_shr.
238231
- rewrite !of_uintK /#.

0 commit comments

Comments
 (0)