From 244679b7e341eba77fd6330be9095897a687f742 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 09:40:28 +0200 Subject: [PATCH 01/29] Leftover Makefile improvements --- .gitignore | 12 ++-- fstar-helpers/Makefile.base | 5 ++ .../{Makefile.template => Makefile.generic} | 56 ++++++++++++------- fstar-helpers/README.md | 5 ++ .../proofs/fstar/extraction/Makefile | 1 - .../proofs/fstar/extraction/Makefile | 3 +- libcrux-ml-kem/proofs/fstar/spec/Makefile | 2 +- 7 files changed, 55 insertions(+), 29 deletions(-) create mode 100644 fstar-helpers/Makefile.base rename fstar-helpers/{Makefile.template => Makefile.generic} (79%) create mode 100644 fstar-helpers/README.md delete mode 100644 fstar-helpers/proofs/fstar/extraction/Makefile diff --git a/.gitignore b/.gitignore index 982c75cf3..203671906 100644 --- a/.gitignore +++ b/.gitignore @@ -2,16 +2,18 @@ .vscode .DS_Store benches/boringssl/build -proofs/fstar/extraction/.depend -proofs/fstar/extraction/#*# -proofs/fstar/extraction/.#* -hax.fst.config.json fuzz/corpus fuzz/artifacts -proofs/fstar/extraction/.cache __pycache__ kyber-crate/ *.llbc # When using sed *.bak + +# F* +.fstar-cache +**/proofs/fstar/*/.depend +**/proofs/fstar/*/#*# +**/proofs/fstar/*/.#* +hax.fst.config.json diff --git a/fstar-helpers/Makefile.base b/fstar-helpers/Makefile.base new file mode 100644 index 000000000..adf2b5895 --- /dev/null +++ b/fstar-helpers/Makefile.base @@ -0,0 +1,5 @@ +# Base Makefile for F* in libcrux. +# This inherits from Makefile.generic, and adds the `specs` folder from HACL and the `libcrux-ml-kem/proofs/fstar/spec` folder. + +FSTAR_INCLUDE_DIRS_EXTRA = $(HACL_HOME)/specs $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.generic diff --git a/fstar-helpers/Makefile.template b/fstar-helpers/Makefile.generic similarity index 79% rename from fstar-helpers/Makefile.template rename to fstar-helpers/Makefile.generic index 217e6140c..ce340b346 100644 --- a/fstar-helpers/Makefile.template +++ b/fstar-helpers/Makefile.generic @@ -31,6 +31,9 @@ # (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) # +PATH_TO_CHILD_MAKEFILE := "$(abspath $(firstword $(MAKEFILE_LIST)))" +PATH_TO_TEMPLATE_MAKEFILE := "$(abspath $(lastword $(MAKEFILE_LIST)))" + HACL_HOME ?= $(HOME)/.hax/hacl_home # Expand variable FSTAR_BIN_DETECT now, so that we don't run this over and over @@ -61,7 +64,6 @@ export ANSI_COLOR_BLUE= export ANSI_COLOR_RED= export ANSI_COLOR_BBLUE= export ANSI_COLOR_GRAY= -export ANSI_COLOR_BOLD_BLUE= export ANSI_COLOR_TONE= export ANSI_COLOR_RESET= endif @@ -100,8 +102,9 @@ define FINDLIBS endef export FINDLIBS +FSTAR_INCLUDE_DIRS_EXTRA ?= FINDLIBS_OUTPUT := $(shell bash -c '${FINDLIBS}') -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(FSTAR_INCLUDE_DIRS_EXTRA) $(FINDLIBS_OUTPUT) +FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(FSTAR_INCLUDE_DIRS_EXTRA) $(FINDLIBS_OUTPUT) # Make sure FSTAR_INCLUDE_DIRS has the `proof-libs`, print hints and # an error message otherwise @@ -122,11 +125,11 @@ endif all: $(Q)rm -f .depend - $(Q)$(MAKE) .depend vscode verify + $(Q)$(MAKE) .depend hax.fst.config.json verify all-keep-going: $(Q)rm -f .depend - $(Q)$(MAKE) --keep-going .depend vscode verify + $(Q)$(MAKE) --keep-going .depend hax.fst.config.json verify # If $HACL_HOME doesn't exist, clone it ${HACL_HOME}: @@ -144,6 +147,8 @@ endif ROOTS ?= $(wildcard *.fst *fsti) ADMIT_MODULES ?= +ADMIT_MODULE_FLAGS ?= --admit_smt_queries true + # Can be useful for debugging purposes FINDLIBS.sh: $(Q)echo '${FINDLIBS}' > FINDLIBS.sh @@ -177,7 +182,7 @@ function target() { target "all" "Verify every F* files (stops whenever an F* fails first)" target "all-keep-going" "Verify every F* files (tries as many F* module as possible)" target "" "" -target "run:${ANSI_COLOR_TONE} " 'Runs F* on `MyModule.fst` only' +target "run/${ANSI_COLOR_TONE} " 'Runs F* on `MyModule.fst` only' target "" "" target "vscode" 'Generates a `hax.fst.config.json` file' target "${ANSI_COLOR_TONE}${ANSI_COLOR_BLUE}-in " 'Useful for Emacs, outputs the F* prefix command to be used' @@ -185,37 +190,47 @@ target "" "" target "clean" 'Cleanup the target' target "include-dirs" 'List the F* include directories' target "" "" -target "roots" 'List the F* root modules.' +target "describe" 'List the F* root modules, and describe the environment.' echo "" -echo "Environment variables:" +echo "Variables:" target "NO_COLOR" "Set to anything to disable colors" +target "ADMIT_MODULES" "List of modules where F* will assume every SMT query" +target "FSTAR_INCLUDE_DIRS_EXTRA" "List of extra include F* dirs" endef export HELPMESSAGE -roots: +describe: + @printf '${ANSI_COLOR_BBLUE}F* roots:${ANSI_COLOR_RESET}\n' @for root in ${ROOTS}; do \ filename=$$(basename -- "$$root") ;\ ext="$${filename##*.}" ;\ noext="$${filename%.*}" ;\ - printf "${ANSI_COLOR_GRAY}$$(dirname -- "$$root")/${ANSI_COLOR_RESET}%s${ANSI_COLOR_GRAY}.${ANSI_COLOR_TONE}%s${ANSI_COLOR_RESET}\n" "$$noext" "$$ext"; \ + printf "${ANSI_COLOR_GRAY}$$(dirname -- "$$root")/${ANSI_COLOR_RESET}%s${ANSI_COLOR_GRAY}.${ANSI_COLOR_TONE}%s${ANSI_COLOR_RESET}%b\n" "$$noext" "$$ext" $$([[ "${ADMIT_MODULES}" =~ (^| )$$root($$| ) ]] && echo '${ANSI_COLOR_RED}\t[ADMITTED]${ANSI_COLOR_RESET}'); \ done + @printf '\n${ANSI_COLOR_BBLUE}Environment:${ANSI_COLOR_RESET}\n' + @printf ' - ${ANSI_COLOR_BLUE}HACL_HOME${ANSI_COLOR_RESET} = %s\n' '${HACL_HOME}' + @printf ' - ${ANSI_COLOR_BLUE}FSTAR_BIN${ANSI_COLOR_RESET} = %s\n' '${FSTAR_BIN}' + @printf ' - ${ANSI_COLOR_BLUE}GIT_ROOT_DIR${ANSI_COLOR_RESET} = %s\n' '${GIT_ROOT_DIR}' + @printf ' - ${ANSI_COLOR_BLUE}CACHE_DIR${ANSI_COLOR_RESET} = %s\n' '${CACHE_DIR}' + @printf ' - ${ANSI_COLOR_BLUE}HINT_DIR${ANSI_COLOR_RESET} = %s\n' '${HINT_DIR}' + @printf ' - ${ANSI_COLOR_BLUE}ADMIT_MODULE_FLAGS${ANSI_COLOR_RESET} = %s\n' '${ADMIT_MODULE_FLAGS}' + @printf ' - ${ANSI_COLOR_BLUE}FSTAR_INCLUDE_DIRS_EXTRA${ANSI_COLOR_RESET} = %s\n' '${FSTAR_INCLUDE_DIRS_EXTRA}' help: ;@bash -c "$$HELPMESSAGE" h: ;@bash -c "$$HELPMESSAGE" HEADER = $(Q)printf '${ANSI_COLOR_BBLUE}[CHECK] %s ${ANSI_COLOR_RESET}\n' "$(basename $(notdir $@))" -run:%: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) +run/%: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) ${HEADER} - $(Q)$(FSTAR) $(OTHERFLAGS) $(@:run:%=%) - + $(Q)$(FSTAR) $(OTHERFLAGS) $(@:run/%=%) VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(ROOTS))) -ADMIT_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,${ADMIT_MODULES})) +ADMIT_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(ADMIT_MODULES))) $(ADMIT_CHECKED): $(Q)printf '${ANSI_COLOR_BBLUE}[${ANSI_COLOR_TONE}ADMIT${ANSI_COLOR_BBLUE}] %s ${ANSI_COLOR_RESET}\n' "$(basename $(notdir $@))" - $(Q)$(FSTAR) $(OTHERFLAGS) --admit_smt_queries true $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ + $(Q)$(FSTAR) $(OTHERFLAGS) $(ADMIT_MODULE_FLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ echo "" ; \ exit 1 ; \ } @@ -232,8 +247,7 @@ $(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) verify: $(VERIFIED_CHECKED) $(ADMIT_CHECKED) -# Targets for interactive mode - +# Targets for Emacs %.fst-in: $(info $(FSTAR_FLAGS) \ $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) @@ -242,13 +256,15 @@ verify: $(VERIFIED_CHECKED) $(ADMIT_CHECKED) $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) # Targets for VSCode -hax.fst.config.json: - $(Q)echo "$(FSTAR_INCLUDE_DIRS)" | jq --arg fstar "$(FSTAR_BIN)" -R 'split(" ") | {fstar_exe: $$fstar, includes: .}' > $@ -vscode: hax.fst.config.json +hax.fst.config.json: .depend + $(Q)echo "$(FSTAR_INCLUDE_DIRS)" | jq --arg fstar "$(FSTAR_BIN)" -R 'split(" ") | {fstar_exe: $$fstar | gsub("^\\s+|\\s+$$";""), include_dirs: .}' > $@ +vscode: + $(Q)rm -f .depend + $(Q)$(MAKE) hax.fst.config.json SHELL=bash # Clean target clean: rm -rf $(CACHE_DIR)/* - rm *.fst \ No newline at end of file + rm *.fst diff --git a/fstar-helpers/README.md b/fstar-helpers/README.md new file mode 100644 index 000000000..a9a2450ff --- /dev/null +++ b/fstar-helpers/README.md @@ -0,0 +1,5 @@ +This folder provides F* helpers, notably it provides a `Makefile.base` +that should serve as base for any F*-related makefile in libcrux. + + - `Makefile.generic` is the generic hax Makefile, available here: https://gist.github.com/W95Psp/4c304132a1f85c5af4e4959dd6b356c3 + - `Makefile.base` is the base file that adds a couple of include folders that are useful generally in the scope of libcrux verification with F* diff --git a/fstar-helpers/proofs/fstar/extraction/Makefile b/fstar-helpers/proofs/fstar/extraction/Makefile deleted file mode 100644 index ec420d509..000000000 --- a/fstar-helpers/proofs/fstar/extraction/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index adcc6529f..b4e574fce 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -30,5 +30,4 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ Libcrux_ml_kem.Vector.Traits.fst -FSTAR_INCLUDE_DIRS_EXTRA = $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec -include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base diff --git a/libcrux-ml-kem/proofs/fstar/spec/Makefile b/libcrux-ml-kem/proofs/fstar/spec/Makefile index ec420d509..b4ce70a38 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Makefile +++ b/libcrux-ml-kem/proofs/fstar/spec/Makefile @@ -1 +1 @@ -include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base From 4e17c4d3ad6155ac76beee87604da9417d29d2aa Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 10:00:51 +0200 Subject: [PATCH 02/29] chore: update hax-lib in lockfile --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1ff148870..871b50375 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros", "num-bigint", @@ -711,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros-types", "paste", @@ -724,7 +724,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "proc-macro2", "quote", From 1e50e63a0cbf3ff853f1ff7409d05ceb4566101b Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 10:01:36 +0200 Subject: [PATCH 03/29] ignore any `.depend` file --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 203671906..259daf560 100644 --- a/.gitignore +++ b/.gitignore @@ -13,7 +13,7 @@ kyber-crate/ # F* .fstar-cache -**/proofs/fstar/*/.depend +.depend **/proofs/fstar/*/#*# **/proofs/fstar/*/.#* hax.fst.config.json From cdcde149393d6d8e97c97d7624791a4608dc6ea4 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 10:03:23 +0200 Subject: [PATCH 04/29] add `fstar-bitvec` --- fstar-helpers/Makefile.base | 2 +- fstar-helpers/README.md | 8 +- fstar-helpers/fstar-bitvec/BitVecEq.fst | 12 + fstar-helpers/fstar-bitvec/BitVecEq.fsti | 294 +++++++++++++++++++++++ fstar-helpers/fstar-bitvec/MkSeq.fst | 59 +++++ 5 files changed, 370 insertions(+), 5 deletions(-) create mode 100644 fstar-helpers/fstar-bitvec/BitVecEq.fst create mode 100644 fstar-helpers/fstar-bitvec/BitVecEq.fsti create mode 100644 fstar-helpers/fstar-bitvec/MkSeq.fst diff --git a/fstar-helpers/Makefile.base b/fstar-helpers/Makefile.base index adf2b5895..e7c57847f 100644 --- a/fstar-helpers/Makefile.base +++ b/fstar-helpers/Makefile.base @@ -1,5 +1,5 @@ # Base Makefile for F* in libcrux. # This inherits from Makefile.generic, and adds the `specs` folder from HACL and the `libcrux-ml-kem/proofs/fstar/spec` folder. -FSTAR_INCLUDE_DIRS_EXTRA = $(HACL_HOME)/specs $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec +FSTAR_INCLUDE_DIRS_EXTRA = $(HACL_HOME)/specs $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec $(shell git rev-parse --show-toplevel)/fstar-helpers/fstar-bitvec include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.generic diff --git a/fstar-helpers/README.md b/fstar-helpers/README.md index a9a2450ff..122ed5b03 100644 --- a/fstar-helpers/README.md +++ b/fstar-helpers/README.md @@ -1,5 +1,5 @@ -This folder provides F* helpers, notably it provides a `Makefile.base` -that should serve as base for any F*-related makefile in libcrux. +This folder provides F* helpers: - - `Makefile.generic` is the generic hax Makefile, available here: https://gist.github.com/W95Psp/4c304132a1f85c5af4e4959dd6b356c3 - - `Makefile.base` is the base file that adds a couple of include folders that are useful generally in the scope of libcrux verification with F* + - `Makefile.generic` is the generic hax Makefile, available here: https://gist.github.com/W95Psp/4c304132a1f85c5af4e4959dd6b356c3. `Makefile.generic` is not supposed to be edited. + - `Makefile.base` is the base file that adds a couple of include folders that are useful generally in the scope of libcrux verification with F*. + - `fstar-bitvec` F* modules related to bitvectors. diff --git a/fstar-helpers/fstar-bitvec/BitVecEq.fst b/fstar-helpers/fstar-bitvec/BitVecEq.fst new file mode 100644 index 000000000..c89f2fe35 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVecEq.fst @@ -0,0 +1,12 @@ +module BitVecEq + +open Core +open FStar.Mul +open FStar.FunctionalExtensionality + +let bit_vec_equal #n bv1 bv2 = forall i. bv1 i == bv2 i + +let bit_vec_equal_intro bv1 bv2 = () +let bit_vec_equal_elim bv1 bv2 = assert (feq bv1 bv2) + + diff --git a/fstar-helpers/fstar-bitvec/BitVecEq.fsti b/fstar-helpers/fstar-bitvec/BitVecEq.fsti new file mode 100644 index 000000000..13c9a2272 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVecEq.fsti @@ -0,0 +1,294 @@ +module BitVecEq +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul +open MkSeq +open FStar.FunctionalExtensionality + +val bit_vec_equal (#n: nat) (bv1 bv2: bit_vec n): Type0 +val bit_vec_equal_intro (#n: nat) (bv1 bv2: bit_vec n) + : Lemma (requires forall i. bv1 i == bv2 i) + (ensures bit_vec_equal bv1 bv2) +val bit_vec_equal_elim (#n: nat) (bv1 bv2: bit_vec n) + : Lemma (requires bit_vec_equal #n bv1 bv2) + (ensures bv1 == bv2) + [SMTPat (bit_vec_equal #n bv1 bv2)] + +let bit_vec_equal_intro_principle () + : Lemma (forall n (bv1 bv2: bit_vec n). (forall i. bv1 i == bv2 i) ==> bit_vec_equal #n bv1 bv2) + = introduce forall n (bv1 bv2: bit_vec n). _ + with introduce (forall i. bv1 i == bv2 i) ==> bit_vec_equal #n bv1 bv2 + with _. bit_vec_equal_intro #n bv1 bv2 + +let bit_vec_equal_elim_principle () + : Lemma (forall n (bv1 bv2: bit_vec n). bit_vec_equal #n bv1 bv2 ==> (forall i. bv1 i == bv2 i)) + = introduce forall n (bv1 bv2: bit_vec n). _ + with introduce bit_vec_equal #n bv1 bv2 ==> (forall i. bv1 i == bv2 i) + with _. bit_vec_equal_elim #n bv1 bv2 + +let bit_vec_equal_trivial (bv1 bv2: bit_vec 0): Lemma (bv1 == bv2) + [SMTPat (eq2 #(bit_vec 0) bv1 bv2)] + = bit_vec_equal_intro bv1 bv2 + +let bit_vec_sub #n (bv: bit_vec n) (start: nat) (len: nat {start + len <= n}) + : bit_vec len + = on (i: nat {i < len}) + (fun i -> bv (start + i)) + +let bit_vec_equal_trivial_sub_smtpat (bv1: bit_vec 'n) + : Lemma (forall (bv2: bit_vec 0). bit_vec_sub bv1 0 0 == bv2) + [SMTPat (bit_vec_sub bv1 0 0)] + = introduce forall (bv2: bit_vec 0). bit_vec_sub bv1 0 0 == bv2 + with bit_vec_equal_trivial (bit_vec_sub bv1 0 0) bv2 + +unfold let retype #a #b (#_:unit{a == b}) + (x: a): b + = x + +let bit_vec_sub_all_lemma #n (bv: bit_vec n) + : Lemma (bit_vec_sub bv 0 n == bv) + [SMTPat (bit_vec_sub bv 0 n)] + = bit_vec_equal_intro (bit_vec_sub bv 0 n) bv + +let int_t_array_bitwise_eq' + #t1 #t2 #n1 #n2 + (arr1: t_Array (int_t t1) n1) (d1: num_bits t1) + (arr2: t_Array (int_t t2) n2) (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = bit_vec_equal (bit_vec_of_int_t_array arr1 d1) + (retype (bit_vec_of_int_t_array arr2 d2)) + +let int_t_array_bitwise_eq + #t1 #t2 #n1 #n2 + (arr1: t_Array (int_t t1) n1) (d1: num_bits t1) + (arr2: t_Array (int_t t2) n2) (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = bit_vec_of_int_t_array arr1 d1 + == bit_vec_of_int_t_array arr2 d2 + +// let get_bit_intro () +// : Lemma (forall (#n: inttype) (x: int_t n) (nth: usize {v nth < bits n}). +// get_bit #n x nth == ( if v x >= 0 then get_bit_nat (v x) (v nth) +// else get_bit_nat (pow2 (bits n) + v x) (v nth))) +// = introduce forall (n: inttype) (x: int_t n) (nth: usize {v nth < bits n}). +// get_bit #n x nth == ( if v x >= 0 then get_bit_nat (v x) (v nth) +// else get_bit_nat (pow2 (bits n) + v x) (v nth)) +// with get_bit_intro #n x nth + +#push-options "--fuel 0 --ifuel 0 --z3rlimit 80" +/// Rewrite a `bit_vec_of_int_t_array (Seq.slice arr ...)` into a `bit_vec_sub ...` +let int_t_seq_slice_to_bv_sub_lemma #t #n + (arr: t_Array (int_t t) n) + (start: nat) (len: usize {start + v len <= v n}) + (d: num_bits t) + : Lemma ( bit_vec_of_int_t_array (Seq.slice arr start (start + v len) <: t_Array _ len) d + `bit_vec_equal` bit_vec_sub (bit_vec_of_int_t_array arr d) (start * d) (v len * d)) + [SMTPat (bit_vec_sub (bit_vec_of_int_t_array arr d) (start * d) (v len * d))] + = let bv1 = bit_vec_of_int_t_array #_ #len (Seq.slice arr start (start + v len)) d in + let bv2 = bit_vec_sub (bit_vec_of_int_t_array arr d) (start * d) (v len * d) in + introduce forall i. bv1 i == bv2 i + with ( Seq.lemma_index_slice arr start (start + v len) (i / d); + Math.Lemmas.lemma_div_plus i start d; + Math.Lemmas.lemma_mod_plus i start d); + bit_vec_equal_intro bv1 bv2 + +#push-options "--split_queries always" +let int_t_eq_seq_slice_bv_sub_lemma #t #n1 #n2 + (arr1: t_Array (int_t t) n1) (arr2: t_Array (int_t t) n2) (d: num_bits t) + (start1 start2: nat) (len: nat {start1 + len <= v n1 /\ start2 + len <= v n2}) + : Lemma (requires Seq.slice arr1 start1 (start1 + len) == Seq.slice arr2 start2 (start2 + len)) + (ensures bit_vec_equal + (bit_vec_sub (bit_vec_of_int_t_array arr1 d) (start1 * d) (len * d)) + (bit_vec_sub (bit_vec_of_int_t_array arr2 d) (start2 * d) (len * d))) + [SMTPat ((bit_vec_sub (bit_vec_of_int_t_array arr1 d) (start1 * d) (len * d)) == + (bit_vec_sub (bit_vec_of_int_t_array arr2 d) (start2 * d) (len * d)))] + = let len = sz len in + int_t_seq_slice_to_bv_sub_lemma arr1 start1 len d; + int_t_seq_slice_to_bv_sub_lemma arr2 start2 len d; + // bit_vec_equal_elim_principle (); + bit_vec_equal_intro_principle () +#pop-options + +let bit_vec_equal_extend #n1 #n2 + (bv1: bit_vec n1) (bv2: bit_vec n2) (start1 start2: nat) + (len1: nat) + (len2: nat { start1 + len1 + len2 <= n1 /\ start2 + len1 + len2 <= n2}) + : Lemma + (requires + bit_vec_sub bv1 start1 len1 == bit_vec_sub bv2 start2 len1 + /\ bit_vec_sub bv1 (start1 + len1) len2 == bit_vec_sub bv2 (start2 + len1) len2) + (ensures bit_vec_sub bv1 start1 (len1+len2) == bit_vec_sub bv2 start2 (len1+len2)) + // [SMTPat (bit_vec_sub bv1 start1 len1 == bit_vec_sub bv2 start2 len1); + // SMTPat () + // ] + // SMTPat (bit_vec_sub bv1 (start1 + len1) len2 == bit_vec_sub bv2 (start2 + len1) len2)] + = let left1 = bit_vec_sub bv1 start1 len1 in + let left2 = bit_vec_sub bv2 start2 len1 in + let right1 = bit_vec_sub bv1 (start1 + len1) len2 in + let right2 = bit_vec_sub bv2 (start2 + len1) len2 in + // () + // bit_vec_equal_elim left1 left2 ; + // bit_vec_equal_elim right1 right2; + let entire1 = bit_vec_sub bv1 start1 (len1 + len2) in + let entire2 = bit_vec_sub bv2 start2 (len1 + len2) in + assert (forall (i:nat). i < len1 ==> left1 i == left2 i); + assert (forall (i:nat). i < len2 ==> right1 i == right2 i); + introduce forall (i:nat). i < len1 + len2 ==> entire1 i == entire2 i + with introduce i < len1 + len2 ==> entire1 i == entire2 i + with _. if i < len1 then assert (left1 i == left2 i) + else assert (entire1 i == right1 (i - len1)); + bit_vec_equal_intro entire1 entire2 +#pop-options + +// let bit_vec_equal_trans (#n: nat) (bv1 bv2 bv3: bit_vec n) +// : Lemma (requires bv1 `bit_vec_equal` bv2 /\ bv2 `bit_vec_equal` bv3) +// (ensures bv1 `bit_vec_equal` bv3) +// = bit_vec_equal_elim_principle (); +// bit_vec_equal_intro_principle () + +(* +let int_arr_bitwise_eq_range + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement2 x}) n2) + (d2: num_bits t2) + (offset1 offset2: nat) + (bits: nat { + offset1 + bits <= v n1 * d1 + /\ offset2 + bits <= v n2 * d2 + }) + = bit_vec_equal #bits (fun i -> bit_vec_of_int_t_array arr1 d1 (i + offset1)) + = forall (k: nat). k < bits ==> + bit_vec_of_int_t_array arr1 d1 (offset1 + k) + == bit_vec_of_int_t_array arr2 d2 (offset2 + k) + +let int_arr_bitwise_eq_range_comm + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement2 x}) n2) + (d2: num_bits t2) + (offset1 offset2: nat) + (bits: nat { + offset1 + bits <= v n1 * d1 + /\ offset2 + bits <= v n2 * d2 + }) + : Lemma (requires int_arr_bitwise_eq_range arr1 d1 arr2 d2 offset1 offset2 bits) + (ensures int_arr_bitwise_eq_range arr2 d2 arr1 d1 offset2 offset1 bits) + = () + +// kill that function in favor of range +let int_arr_bitwise_eq_up_to + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + (max: nat {max <= v n1 * d1}) + + = forall i. i < max + ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i + +let int_arr_bitwise_eq_ + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = int_arr_bitwise_eq_up_to arr1 d1 arr2 d2 (v n1 * d1) + +// move to fsti +let bit_vec_equal #n (bv1 bv2: bit_vec n) + = forall i. i < n ==> bv1 i == bv2 i + +let int_arr_bitwise_eq + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = forall i. i < v n1 * d1 + ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i + +let int_arr_bitwise_eq_range_transitivity + #t1 #t2 #t3 #n1 #n2 #n3 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement2 x}) n2) + (d2: num_bits t2) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement3: int_t t3 -> Type0) + (arr3: t_Array (x: int_t t3 {refinement3 x}) n3) + (d3: num_bits t3) + (offset1 offset2 offset3: nat) + (bits: nat { + offset1 + bits <= v n1 * d1 + /\ offset2 + bits <= v n2 * d2 + /\ offset3 + bits <= v n3 * d3 + }) + : Lemma + (requires int_arr_bitwise_eq_range #t1 #t2 #n1 #n2 arr1 d1 arr2 d2 offset1 offset2 bits + /\ int_arr_bitwise_eq_range #t2 #t3 #n2 #n3 arr2 d2 arr3 d3 offset2 offset3 bits) + (ensures int_arr_bitwise_eq_range #t1 #t3 #n1 #n3 arr1 d1 arr3 d3 offset1 offset3 bits) + = () + + +let int_arr_bitwise_eq_range_intro + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + : Lemma + (requires int_arr_bitwise_eq arr1 d1 arr2 d2) + (ensures int_arr_bitwise_eq_range arr1 d1 arr2 d2 0 0 (v n1 * d1)) + = admit () + +let int_arr_bitwise_eq_range_intro_eq_slice + #t #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t -> Type0) + (arr1: t_Array (x: int_t t {refinement x}) n1) + (arr2: t_Array (x: int_t t {refinement x}) n2) + (d: num_bits t) + (offset1 offset2: nat) + (n: nat {offset1 + n < v n1 /\ offset2 + n < v n2}) + (bits: nat { + offset1 + bits <= v n1 * d + /\ offset2 + bits <= v n2 * d + /\ bits <= n * d + }) + : Lemma (requires Seq.slice arr1 offset1 (offset1 + n) == Seq.slice arr2 offset2 (offset2 + n)) + (ensures int_arr_bitwise_eq_range arr1 d arr2 d offset1 offset2 bits) + = admit () + +let int_arr_bitwise_eq_range_intro_eq + #t #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t -> Type0) + (arr1: t_Array (x: int_t t {refinement1 x}) n1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t -> Type0) + (arr2: t_Array (x: int_t t {refinement2 x}) n2) + (d: num_bits t) + (n_offset1 n_offset2: nat) + (n: nat {n_offset1 + n <= v n1 /\ n_offset2 + n <= v n2}) + // (offset1 offset2: nat) + (bits: nat { + n_offset1 * d + bits <= v n1 * d + /\ n_offset2 * d + bits <= v n2 * d + /\ bits <= n * d + }) + : Lemma (requires forall (i: nat). i < n ==> Seq.index arr1 (i + n_offset1) == Seq.index arr2 (i + n_offset2)) + (ensures int_arr_bitwise_eq_range arr1 d arr2 d (n_offset1 * d) (n_offset2 * d) bits) + = admit () +*) diff --git a/fstar-helpers/fstar-bitvec/MkSeq.fst b/fstar-helpers/fstar-bitvec/MkSeq.fst new file mode 100644 index 000000000..89c8e0216 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/MkSeq.fst @@ -0,0 +1,59 @@ +module MkSeq +open Core + +open FStar.Tactics.V2 + +private let init (len: nat) (f: (i:nat{i < len}) -> Tac 'a): Tac (list 'a) + = let rec h (i: nat {i <= len}): Tac (list 'a) + = if i = len then [] else f i :: h (i + 1) + in h 0 + +private let tuple_proj (n: nat) (i: nat): Tac term + = if n = 1 then `(id) else + let name = "__proj__Mktuple" ^ string_of_int n ^ "__item___" ^ string_of_int (i + 1) in + Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name]) + +private let tuple_type (n: nat): Tac term + = if n = 1 then `(id) else + let name = "tuple" ^ string_of_int n in + Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name]) + +open Rust_primitives.Integers + +private let create_gen_tac (n: nat): Tac sigelt + = let typ_bd = {fresh_binder_named "t" (`Type0) with qual = FStar.Reflection.V2.Q_Implicit} in + let typ = binder_to_term typ_bd in + let input_typ = mk_e_app (tuple_type n) (init n (fun _ -> typ)) in + let input_bd = fresh_binder_named "tup" input_typ in + let output_type = `t_Array (`#typ) (sz (`@n)) in + let nth i = `((`#(tuple_proj n i)) (`#input_bd)) in + let mk_and: term -> term -> Tac term = fun t u -> `(`#t /\ `#u) in + let post = + let mk_inv s i = `(Seq.index (`#s) (`@i) == (`#(tuple_proj n i)) (`#input_bd)) in + let invs s = Tactics.fold_left mk_and (`(Seq.length (`#s) == (`@n))) (init n (mk_inv s)) in + let bd = fresh_binder_named "s" output_type in + mk_abs [bd] (invs bd) + in + let comp = C_Eff [] ["Prims"; "Pure"] + (`t_Array (`#typ) (sz (`@n))) + [ (`(requires True), Q_Explicit); (post, Q_Explicit)] [] + in + let args = [typ_bd; input_bd] in + let l = Tactics.fold_right (fun hd tl -> `((`#hd)::(`#tl))) (init n nth) (`[]) in + let indexes = + let f i = `((`#(nth i)) == List.Tot.index (`#l) (`@i)) in + Tactics.fold_left mk_and (`True) (init n f) + in + let lb_def = mk_abs args (`( + let l = `#l in + let s = Seq.createL l <: t_Array (`#typ) (sz (`@n)) in + FStar.Classical.forall_intro (Seq.lemma_index_is_nth s); + assert (`#indexes) by (Tactics.norm [primops; iota; delta; zeta]); + s + )) in + let lb_typ = mk_arr args (pack_comp comp) in + let open FStar.List.Tot in + let lb_fv = pack_fv (cur_module () @ ["create" ^ string_of_int n]) in + Sg_Let { isrec = false; lbs = [{ lb_fv; lb_us = []; lb_typ; lb_def }] } + +%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) From 967e3c74bd09504c77626fb742c11fe954d426de Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 10:05:48 +0200 Subject: [PATCH 05/29] mlkem/proofs: serialize: add lax and one proof --- .../src/vector/portable/serialize.rs | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index e0818dc28..d33d48838 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -15,6 +15,7 @@ use super::vector_type::*; use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { let mut result = [0u8; 2]; @@ -27,6 +28,7 @@ pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { let mut result = zero(); @@ -39,6 +41,7 @@ pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { let result0 = ((v[1] as u8) << 4) | (v[0] as u8); @@ -48,6 +51,7 @@ pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { (result0, result1, result2, result3) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] { let result0_3 = serialize_4_int(&v.elements[0..8]); @@ -64,6 +68,7 @@ pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x0F) as i16; @@ -77,6 +82,7 @@ pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (v0, v1, v2, v3, v4, v5, v6, v7) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_4(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_4_int(&bytes[0..4]); @@ -101,6 +107,7 @@ pub(crate) fn deserialize_4(bytes: &[u8]) -> PortableVector { v } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r0 = (v[0] | v[1] << 5) as u8; @@ -111,6 +118,7 @@ pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { (r0, r1, r2, r3, r4) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { let r0_4 = serialize_5_int(&v.elements[0..8]); @@ -129,6 +137,7 @@ pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x1F) as i16; @@ -142,6 +151,7 @@ pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (v0, v1, v2, v3, v4, v5, v6, v7) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_5_int(&bytes[0..5]); @@ -167,15 +177,23 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 480 --split_queries always")] +#[hax_lib::requires(v.len() == 4)] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array i16 (sz 4)) 10 + (MkSeq.create5 $tuple) 8 +"#))] pub(crate) fn serialize_10_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r0 = (v[0] & 0xFF) as u8; let r1 = ((v[1] & 0x3F) as u8) << 2 | ((v[0] >> 8) & 0x03) as u8; let r2 = ((v[2] & 0x0F) as u8) << 4 | ((v[1] >> 6) & 0x0F) as u8; let r3 = ((v[3] & 0x03) as u8) << 6 | ((v[2] >> 4) & 0x3F) as u8; let r4 = ((v[3] >> 2) & 0xFF) as u8; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { let r0_4 = serialize_10_int(&v.elements[0..4]); @@ -212,6 +230,7 @@ pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = ((bytes[1] as i16 & 0x03) << 8 | (bytes[0] as i16 & 0xFF)) as i16; @@ -225,6 +244,7 @@ pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (r0, r1, r2, r3, r4, r5, r6, r7) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_10_int(&bytes[0..10]); @@ -250,6 +270,7 @@ pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8, u8, u8) { let r0 = v[0] as u8; let r1 = ((v[1] & 0x1F) as u8) << 3 | ((v[0] >> 8) as u8); @@ -265,6 +286,7 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8 (r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] { let r0_10 = serialize_11_int(&v.elements[0..8]); @@ -295,6 +317,7 @@ pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = ((bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16) as i16; @@ -310,6 +333,7 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (r0, r1, r2, r3, r4, r5, r6, r7) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_11_int(&bytes[0..11]); @@ -334,6 +358,7 @@ pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { v } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_12_int(v: &[i16]) -> (u8, u8, u8) { let r0 = (v[0] & 0xFF) as u8; @@ -342,6 +367,7 @@ pub(crate) fn serialize_12_int(v: &[i16]) -> (u8, u8, u8) { (r0, r1, r2) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] { let r0_2 = serialize_12_int(&v.elements[0..2]); @@ -380,6 +406,7 @@ pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) { let byte0 = bytes[0] as i16; @@ -390,6 +417,7 @@ pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) { (r0, r1) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_12(bytes: &[u8]) -> PortableVector { let v0_1 = deserialize_12_int(&bytes[0..3]); From 46db2fd74911ef08447db6df3ee966dca18dc938 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 10:22:56 +0200 Subject: [PATCH 06/29] refresh F* extraction --- .../Libcrux_ml_kem.Constant_time_ops.fst | 34 +-- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 64 ++--- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 62 ++--- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 205 +++++--------- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 81 +++--- .../extraction/Libcrux_ml_kem.Matrix.fst | 213 +++++---------- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 95 +++---- .../extraction/Libcrux_ml_kem.Polynomial.fst | 120 ++++---- .../extraction/Libcrux_ml_kem.Sampling.fst | 132 ++++----- .../extraction/Libcrux_ml_kem.Serialize.fst | 256 +++++++----------- .../extraction/Libcrux_ml_kem.Types.fsti | 6 +- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 8 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 5 +- .../Libcrux_ml_kem.Vector.Neon.Ntt.fst | 24 +- .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 32 +-- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 136 ++++------ ...ibcrux_ml_kem.Vector.Portable.Compress.fst | 51 ++-- ...ibcrux_ml_kem.Vector.Portable.Sampling.fst | 17 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 217 ++++++++------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 7 +- 20 files changed, 705 insertions(+), 1060 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 92f263cc6..018593ecd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -16,17 +16,12 @@ let is_non_zero (value: u8) = Core.Hint.black_box #u8 (inz value <: u8) let compare (lhs rhs: t_Slice u8) = let (r: u8):u8 = 0uy in let r:u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Core.Slice.impl__len #u8 lhs <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #u8 lhs <: usize) + (fun r temp_1_ -> + let r:u8 = r in + let _:usize = temp_1_ in + true) r (fun r i -> let r:u8 = r in @@ -42,17 +37,12 @@ let select_ct (lhs rhs: t_Slice u8) (selector: u8) = let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let out:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + (fun out temp_1_ -> + let out:t_Array u8 (sz 32) = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_Array u8 (sz 32) = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index 94b75e85b..f81e0bc75 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -26,7 +26,7 @@ let encapsulate_unpacked (randomness: t_Array u8 (sz 32)) = let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -39,7 +39,7 @@ let encapsulate_unpacked Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize public_key.f_public_key_hash <: t_Slice u8) + (public_key.f_public_key_hash <: t_Slice u8) <: t_Slice u8) in @@ -47,11 +47,11 @@ let encapsulate_unpacked Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = @@ -96,7 +96,7 @@ let decapsulate_unpacked ciphertext.Libcrux_ml_kem.Types.f_value in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -109,7 +109,7 @@ let decapsulate_unpacked Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize key_pair.f_public_key.f_public_key_hash <: t_Slice u8) + (key_pair.f_public_key.f_public_key_hash <: t_Slice u8) <: t_Slice u8) in @@ -117,17 +117,17 @@ let decapsulate_unpacked Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - (Rust_primitives.unsize key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) + (key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) in let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -154,7 +154,7 @@ let decapsulate_unpacked #v_K #FStar.Tactics.Typeclasses.solve (sz 32) - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE @@ -170,10 +170,10 @@ let decapsulate_unpacked ciphertext <: t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + (expected_ciphertext <: t_Slice u8) in Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) selector let generate_keypair_unpacked @@ -229,14 +229,15 @@ let generate_keypair_unpacked t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let _:usize = temp_1_ in + true) v_A (fun v_A i -> let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -244,14 +245,15 @@ let generate_keypair_unpacked v_A in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let _:usize = temp_1_ in + true) v_A (fun v_A j -> let v_A:t_Array @@ -295,15 +297,13 @@ let generate_keypair_unpacked v_PUBLIC_KEY_SIZE #v_Vector ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (Rust_primitives.unsize ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A - <: - t_Slice u8) + (ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) in let public_key_hash:t_Array u8 (sz 32) = Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize pk_serialized <: t_Slice u8) + (pk_serialized <: t_Slice u8) in let (implicit_rejection_value: t_Array u8 (sz 32)):t_Array u8 (sz 32) = Core.Result.impl__unwrap #(t_Array u8 (sz 32)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index a86c331ae..9ab226abf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -86,12 +86,10 @@ let serialize_kem_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - public_key - <: - t_Array u8 (sz 32)) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + public_key <: t_Slice u8) <: @@ -209,7 +207,7 @@ let decapsulate = let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) + (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) v_CPA_SECRET_KEY_SIZE in let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = @@ -229,7 +227,7 @@ let decapsulate ciphertext.Libcrux_ml_kem.Types.f_value in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -250,11 +248,11 @@ let decapsulate Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 @@ -287,7 +285,7 @@ let decapsulate #v_K #FStar.Tactics.Typeclasses.solve (sz 32) - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE @@ -301,7 +299,7 @@ let decapsulate v_K v_CIPHERTEXT_SIZE #v_Hasher - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) ciphertext in let shared_secret:t_Array u8 (sz 32) = @@ -321,9 +319,9 @@ let decapsulate ciphertext <: t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - (Rust_primitives.unsize shared_secret <: t_Slice u8) - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + (expected_ciphertext <: t_Slice u8) + (shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) in let result:t_Array u8 (sz 32) = shared_secret in let _:Prims.unit = admit () (* Panic freedom *) in @@ -352,10 +350,10 @@ let encapsulate #FStar.Tactics.Typeclasses.solve v_K #v_Hasher - (Rust_primitives.unsize randomness <: t_Slice u8) + (randomness <: t_Slice u8) in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -368,17 +366,10 @@ let encapsulate Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE - public_key - <: - t_Array u8 v_PUBLIC_KEY_SIZE) - <: - t_Slice u8) - <: - t_Array u8 (sz 32)) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) <: t_Slice u8) <: @@ -388,22 +379,19 @@ let encapsulate Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key - <: - t_Array u8 v_PUBLIC_KEY_SIZE) - <: - t_Slice u8) randomness pseudorandomness + (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) randomness + pseudorandomness in let ciphertext:Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE = Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) @@ -473,8 +461,8 @@ let generate_keypair serialize_kem_secret_key v_K v_PRIVATE_KEY_SIZE #v_Hasher - (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8) - (Rust_primitives.unsize public_key <: t_Slice u8) + (ind_cpa_private_key <: t_Slice u8) + (public_key <: t_Slice u8) implicit_rejection_value in let (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE):Libcrux_ml_kem.Types.t_MlKemPrivateKey diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 2dc3193fa..459755197 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -33,14 +33,12 @@ let sample_ring_element_cbd in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in @@ -68,14 +66,14 @@ let sample_ring_element_cbd prf_inputs in let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun error_1_ temp_1_ -> + let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + error_1_ + in + let _:usize = temp_1_ in + true) error_1_ (fun error_1_ i -> let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -86,9 +84,7 @@ let sample_ring_element_cbd i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 #v_Vector - (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA2_RANDOMNESS_SIZE) - <: - t_Slice u8) + (prf_outputs.[ i ] <: t_Slice u8) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -121,14 +117,12 @@ let sample_vector_cbd_then_ntt in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in @@ -156,14 +150,14 @@ let sample_vector_cbd_then_ntt prf_inputs in let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun re_as_ntt temp_1_ -> + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + re_as_ntt + in + let _:usize = temp_1_ in + true) re_as_ntt (fun re_as_ntt i -> let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -175,9 +169,7 @@ let sample_vector_cbd_then_ntt i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA #v_Vector - (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA_RANDOMNESS_SIZE) - <: - t_Slice u8) + (prf_outputs.[ i ] <: t_Slice u8) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -205,28 +197,11 @@ let compress_then_serialize_u (out: t_Slice u8) = let out:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - input - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - )) + Rust_primitives.Hax.Folds.fold_enumerated_slice input + (fun out temp_1_ -> + let out:t_Slice u8 = out in + let _:usize = temp_1_ in + true) out (fun out temp_1_ -> let out:t_Slice u8 = out in @@ -251,13 +226,10 @@ let compress_then_serialize_u Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u - v_COMPRESSION_FACTOR - v_BLOCK_LEN - #v_Vector - re - <: - t_Array u8 v_BLOCK_LEN) + (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u v_COMPRESSION_FACTOR + v_BLOCK_LEN + #v_Vector + re <: t_Slice u8) <: @@ -286,26 +258,20 @@ let deserialize_then_decompress_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - (Rust_primitives.unsize ciphertext <: t_Slice u8) - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! - v_U_COMPRESSION_FACTOR - <: - usize) /! - sz 8 - <: - usize) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! + v_U_COMPRESSION_FACTOR + <: + usize) /! + sz 8 <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + usize) + (ciphertext <: t_Slice u8) + (fun u_as_ntt temp_1_ -> + let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + u_as_ntt + in + let _:usize = temp_1_ in + true) u_as_ntt (fun u_as_ntt temp_1_ -> let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -352,20 +318,15 @@ let deserialize_secret_key Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - secret_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + secret_key + (fun secret_as_ntt temp_1_ -> + let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K + = + secret_as_ntt + in + let _:usize = temp_1_ in + true) secret_as_ntt (fun secret_as_ntt temp_1_ -> let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K @@ -394,24 +355,11 @@ let serialize_secret_key = let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - key - <: - Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice key + (fun out temp_1_ -> + let out:t_Array u8 v_OUT_LEN = out in + let _:usize = temp_1_ in + true) out (fun out temp_1_ -> let out:t_Array u8 v_OUT_LEN = out in @@ -444,11 +392,7 @@ let serialize_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element - #v_Vector - re - <: - t_Array u8 (sz 384)) + (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re <: t_Slice u8) <: @@ -484,12 +428,7 @@ let serialize_public_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (serialize_secret_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - #v_Vector - tt_as_ntt - <: - t_Array u8 v_RANKED_BYTES_PER_RING_ELEMENT) + (serialize_secret_key v_K v_RANKED_BYTES_PER_RING_ELEMENT #v_Vector tt_as_ntt <: t_Slice u8) <: @@ -611,12 +550,12 @@ let encrypt_unpacked #v_K #FStar.Tactics.Typeclasses.solve v_ETA2_RANDOMNESS_SIZE - (Rust_primitives.unsize prf_input <: t_Slice u8) + (prf_input <: t_Slice u8) in let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 #v_Vector - (Rust_primitives.unsize prf_output <: t_Slice u8) + (prf_output <: t_Slice u8) in let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Matrix.compute_vector_u v_K @@ -748,7 +687,7 @@ let generate_keypair_unpacked key_generation_seed in let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) + Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = @@ -835,7 +774,7 @@ let generate_keypair v_PUBLIC_KEY_SIZE #v_Vector pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (Rust_primitives.unsize pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + (pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = serialize_secret_key v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index fe53b5ec3..c8c456676 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -39,14 +39,14 @@ let invert_ntt_at_layer_1_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -100,14 +100,14 @@ let invert_ntt_at_layer_2_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -153,14 +153,14 @@ let invert_ntt_at_layer_3_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -202,14 +202,14 @@ let invert_ntt_at_layer_4_plus = let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -223,17 +223,12 @@ let invert_ntt_at_layer_4_plus in let step_vec:usize = step /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index c6c53893c..8c4fed099 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -31,30 +31,15 @@ let compute_As_plus_e Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize matrix_A - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (matrix_A <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -65,29 +50,16 @@ let compute_As_plus_e temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (Rust_primitives.unsize row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (row <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -144,14 +116,12 @@ let compute_ring_element_v Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -194,30 +164,15 @@ let compute_vector_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize a_as_ntt - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (a_as_ntt <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -228,29 +183,16 @@ let compute_vector_u temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (Rust_primitives.unsize row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (row <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -317,14 +259,12 @@ let compute_message Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -377,14 +317,15 @@ let sample_matrix_A in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose i -> let v_A_transpose:t_Array @@ -394,14 +335,12 @@ let sample_matrix_A let i:usize = i in let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in let seeds:t_Array (t_Array u8 (sz 34)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun seeds temp_1_ -> + let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in + let _:usize = temp_1_ in + true) seeds (fun seeds j -> let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in @@ -433,28 +372,14 @@ let sample_matrix_A let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - sampled - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + Rust_primitives.Hax.Folds.fold_enumerated_slice sampled + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose temp_1_ -> let v_A_transpose:t_Array diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 3eae8cab8..46dfb217a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -36,14 +36,14 @@ let ntt_at_layer_1_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -97,14 +97,14 @@ let ntt_at_layer_2_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -150,14 +150,14 @@ let ntt_at_layer_3_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -205,14 +205,14 @@ let ntt_at_layer_4_plus in let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -224,17 +224,12 @@ let ntt_at_layer_4_plus let offset_vec:usize = offset /! sz 16 in let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -289,14 +284,12 @@ let ntt_at_layer_7_ = let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = step } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + step + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index f56e0f64e..3cb84c2ef 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -37,14 +37,12 @@ let impl__add_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -89,14 +87,12 @@ let impl__add_message_error_reduce (self message result: t_PolynomialRingElement v_Vector) = let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -147,14 +143,12 @@ let impl__add_standard_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -198,22 +192,12 @@ let impl__add_to_ring_element (self rhs: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #v_Vector - (Rust_primitives.unsize self.f_coefficients <: t_Slice v_Vector) - <: - usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize) + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -248,14 +232,12 @@ let impl__from_i16_array = let result:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -295,14 +277,12 @@ let impl__ntt_multiply = let out:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun out temp_1_ -> + let out:t_PolynomialRingElement v_Vector = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_PolynomialRingElement v_Vector = out in @@ -351,14 +331,12 @@ let impl__poly_barrett_reduce (self: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -391,14 +369,12 @@ let impl__subtract_reduce (self b: t_PolynomialRingElement v_Vector) = let b:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun b temp_1_ -> + let b:t_PolynomialRingElement v_Vector = b in + let _:usize = temp_1_ in + true) b (fun b i -> let b:t_PolynomialRingElement v_Vector = b in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 20253a46c..a52b29042 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -21,28 +21,29 @@ let sample_from_uniform_distribution_next (out: t_Array (t_Array i16 (sz 272)) v_K) = let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ i -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = temp_0_ in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_N /! sz 24 <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (v_N /! sz 24 <: usize) + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & + t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ r -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & @@ -114,14 +115,12 @@ let sample_from_uniform_distribution_next in let done:bool = true in let done, sampled_coefficients:(bool & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (done, sampled_coefficients <: (bool & t_Array usize v_K)) (fun temp_0_ i -> let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in @@ -154,18 +153,12 @@ let sample_from_binomial_distribution_2_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + randomness + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -183,22 +176,13 @@ let sample_from_binomial_distribution_2_ let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range u32)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range u32) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = 0ul; - Core.Ops.Range.f_end = Core.Num.impl__u32__BITS - } - <: - Core.Ops.Range.t_Range u32) - (sz 4) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) + Rust_primitives.Hax.Folds.fold_range_step_by 0ul + Core.Num.impl__u32__BITS + (sz 4) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:u32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -219,8 +203,7 @@ let sample_from_binomial_distribution_2_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector - (Rust_primitives.unsize sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution_3_ (#v_Vector: Type0) @@ -231,18 +214,12 @@ let sample_from_binomial_distribution_3_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 3) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 3) + randomness + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -258,19 +235,13 @@ let sample_from_binomial_distribution_3_ let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range i32)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range i32) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l } - <: - Core.Ops.Range.t_Range i32) - (sz 6) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) + Rust_primitives.Hax.Folds.fold_range_step_by 0l + 24l + (sz 6) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:i32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -291,8 +262,7 @@ let sample_from_binomial_distribution_3_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector - (Rust_primitives.unsize sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution (v_ETA: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index aed7b3675..4f1553136 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -19,17 +19,12 @@ let compress_then_serialize_10_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -65,7 +60,7 @@ let compress_then_serialize_10_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -83,17 +78,12 @@ let compress_then_serialize_11_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -129,7 +119,7 @@ let compress_then_serialize_11_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -146,17 +136,12 @@ let compress_then_serialize_4_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Slice u8 = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -192,7 +177,7 @@ let compress_then_serialize_4_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -210,17 +195,12 @@ let compress_then_serialize_5_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Slice u8 = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -256,7 +236,7 @@ let compress_then_serialize_5_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -274,14 +254,12 @@ let compress_then_serialize_message = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let serialized:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 32) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in @@ -317,7 +295,7 @@ let compress_then_serialize_message Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -377,18 +355,12 @@ let deserialize_then_decompress_10_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 20) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 20) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -431,18 +403,12 @@ let deserialize_then_decompress_11_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 22) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 22) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -485,18 +451,12 @@ let deserialize_then_decompress_4_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 8) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 8) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -539,18 +499,12 @@ let deserialize_then_decompress_5_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 10) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 10) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -605,14 +559,12 @@ let deserialize_then_decompress_message Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -693,18 +645,12 @@ let deserialize_to_reduced_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -753,20 +699,15 @@ let deserialize_ring_elements_reduced Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - public_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + public_key + (fun deserialized_pk temp_1_ -> + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + deserialized_pk + in + let _:usize = temp_1_ in + true) deserialized_pk (fun deserialized_pk temp_1_ -> let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -795,18 +736,12 @@ let deserialize_to_uncompressed_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -840,17 +775,12 @@ let serialize_uncompressed_ring_element = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in let serialized:t_Array u8 (sz 384) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 384) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in @@ -881,7 +811,7 @@ let serialize_uncompressed_ring_element Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 8c8b5545e..4216d3c89 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -23,7 +23,7 @@ let impl (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Sl { f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -72,7 +72,7 @@ let impl_6 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_ { f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -121,7 +121,7 @@ let impl_12 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_ { f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index 89351a259..33c894793 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -22,9 +22,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = usize ] in let lower_shuffles:u8 = - Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (Rust_primitives.unsize lower_shuffles - <: - t_Slice u8) + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (lower_shuffles <: t_Slice u8) in let lower_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 potential_coefficients @@ -46,9 +44,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = usize ] in let upper_shuffles:u8 = - Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (Rust_primitives.unsize upper_shuffles - <: - t_Slice u8) + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 3faac2293..a7fa366a9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -492,8 +492,7 @@ let deserialize_11_ (bytes: t_Slice u8) = #FStar.Tactics.Typeclasses.solve output in - Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 (Rust_primitives.unsize array <: t_Slice i16 - ) + Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 (array <: t_Slice i16) let serialize_11_ (vector: u8) = let array:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in @@ -503,7 +502,7 @@ let serialize_11_ (vector: u8) = let input:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize array <: t_Slice i16) + (array <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst index cf6dd3074..dc8d03610 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst @@ -12,9 +12,7 @@ let inv_ntt_layer_1_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s32 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s32 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s32_s16 v @@ -84,9 +82,7 @@ let inv_ntt_layer_2_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s64 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s64 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s64_s16 v @@ -184,9 +180,7 @@ let ntt_layer_1_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let dup_a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s32 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s32 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s32_s16 v @@ -252,9 +246,7 @@ let ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let dup_a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s64 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s64 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s64_s16 v @@ -363,9 +355,7 @@ let ntt_multiply FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a0:u8 = Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high @@ -476,9 +466,7 @@ let ntt_multiply FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list in - let index:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize indexes <: t_Slice u8) - in + let index:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (indexes <: t_Slice u8) in let low2:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u8 (Libcrux_intrinsics.Arm64_extract.v__vqtbl1q_u8 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u8_s16 low1 <: u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst index 437f01c03..aa783010c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst @@ -18,9 +18,7 @@ let deserialize_1_ (a: t_Slice u8) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let low:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 low shift in let high:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 high shift in { @@ -42,17 +40,13 @@ let deserialize_12_ (v: t_Slice u8) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list in - let index_vec:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize indexes <: t_Slice u8) - in + let index_vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (indexes <: t_Slice u8) in let (shifts: t_Array i16 (sz 8)):t_Array i16 (sz 8) = let list = [0s; (-4s); 0s; (-4s); 0s; (-4s); 0s; (-4s)] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift_vec:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifts <: t_Slice i16) - in + let shift_vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifts <: t_Slice i16) in let mask12:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_u16 4095us in let input0:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let input0:t_Array u8 (sz 16) = @@ -74,9 +68,7 @@ let deserialize_12_ (v: t_Slice u8) = <: t_Slice u8) in - let input_vec0:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize input0 <: t_Slice u8) - in + let input_vec0:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (input0 <: t_Slice u8) in let input1:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let input1:t_Array u8 (sz 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range input1 @@ -97,9 +89,7 @@ let deserialize_12_ (v: t_Slice u8) = <: t_Slice u8) in - let input_vec1:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize input1 <: t_Slice u8) - in + let input_vec1:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (input1 <: t_Slice u8) in let moved0:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_u8 (Libcrux_intrinsics.Arm64_extract.v__vqtbl1q_u8 input_vec0 @@ -143,9 +133,7 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let low:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low shift @@ -516,9 +504,7 @@ let serialize_4_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let lowt:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_u16 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low @@ -728,7 +714,7 @@ let serialize_11_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize out_i16s <: t_Slice i16) + (out_i16s <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve @@ -739,7 +725,7 @@ let serialize_5_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize out_i16s <: t_Slice i16) + (out_i16s <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_5_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index c7e8f4fdb..3eb5abd35 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -35,17 +35,12 @@ let montgomery_multiply_fe_by_fer (fe fer: i16) = let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -71,17 +66,12 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -111,17 +101,12 @@ let bitwise_and_with_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -144,17 +129,12 @@ let bitwise_and_with_constant let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -199,17 +179,12 @@ let montgomery_multiply_by_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -238,17 +213,12 @@ let montgomery_multiply_by_constant let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -271,17 +241,12 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portab let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -306,17 +271,12 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index fc5eed14e..4a470d7d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -27,17 +27,12 @@ let compress (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -65,17 +60,12 @@ let compress let compress_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -110,17 +100,12 @@ let decompress_ciphertext_coefficient (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst index 400e0026d..aec49a64f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst @@ -6,17 +6,12 @@ open FStar.Mul let rej_sample (a: t_Slice u8) (result: t_Slice i16) = let sampled:usize = sz 0 in let result, sampled:(t_Slice i16 & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize) + (fun temp_0_ temp_1_ -> + let result, sampled:(t_Slice i16 & usize) = temp_0_ in + let _:usize = temp_1_ in + true) (result, sampled <: (t_Slice i16 & usize)) (fun temp_0_ i -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 1c580dafd..be88dd52e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -3,6 +3,8 @@ module Libcrux_ml_kem.Vector.Portable.Serialize open Core open FStar.Mul +#push-options "--admit_smt_queries true" + let deserialize_10_int (bytes: t_Slice u8) = let r0:i16 = (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 4l <: i16) &. 15s <: i16) in r0, r1 <: (i16 & i16) +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_4_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in let v1:i16 = cast (((bytes.[ sz 0 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in @@ -98,6 +112,10 @@ let deserialize_4_int (bytes: t_Slice u8) = let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_5_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in let v1:i16 = @@ -137,6 +155,10 @@ let deserialize_5_int (bytes: t_Slice u8) = let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +#pop-options + +#push-options "--z3rlimit 480 --split_queries always" + let serialize_10_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in let r1:u8 = @@ -152,8 +174,13 @@ let serialize_10_int (v: t_Slice i16) = (cast (((v.[ sz 2 ] <: i16) >>! 4l <: i16) &. 63s <: i16) <: u8) in let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_11_int (v: t_Slice i16) = let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in let r1:u8 = @@ -191,6 +218,10 @@ let serialize_11_int (v: t_Slice i16) = <: (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_12_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in let r1:u8 = @@ -203,6 +234,10 @@ let serialize_12_int (v: t_Slice i16) = let r2:u8 = cast (((v.[ sz 1 ] <: i16) >>! 4l <: i16) &. 255s <: i16) <: u8 in r0, r1, r2 <: (u8 & u8 & u8) +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_4_int (v: t_Slice i16) = let result0:u8 = ((cast (v.[ sz 1 ] <: i16) <: u8) < + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -272,14 +313,12 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector t_Array u8 (sz 2)) in let result:t_Array u8 (sz 2) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + (sz 16) + (fun result temp_1_ -> + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -298,6 +337,10 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in result +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_4_:(u8 & u8 & u8 & u8 & u8) = serialize_10_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { @@ -339,68 +382,19 @@ let serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto <: t_Slice i16) in - let result:t_Array u8 (sz 20) = Rust_primitives.Hax.repeat 0uy (sz 20) in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 0) r0_4_._1 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 1) r0_4_._2 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 2) r0_4_._3 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 3) r0_4_._4 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 4) r0_4_._5 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 5) r5_9_._1 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 6) r5_9_._2 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 7) r5_9_._3 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 8) r5_9_._4 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 9) r5_9_._5 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 10) r10_14_._1 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 11) r10_14_._2 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 12) r10_14_._3 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 13) r10_14_._4 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 14) r10_14_._5 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 15) r15_19_._1 + let list = + [ + r0_4_._1; r0_4_._2; r0_4_._3; r0_4_._4; r0_4_._5; r5_9_._1; r5_9_._2; r5_9_._3; r5_9_._4; + r5_9_._5; r10_14_._1; r10_14_._2; r10_14_._3; r10_14_._4; r10_14_._5; r15_19_._1; r15_19_._2; + r15_19_._3; r15_19_._4; r15_19_._5 + ] in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 16) r15_19_._2 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 17) r15_19_._3 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 18) r15_19_._4 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 19) r15_19_._5 - in - result + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 20); + Rust_primitives.Hax.array_of_list 20 list + +#pop-options + +#push-options "--admit_smt_queries true" let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = @@ -492,6 +486,10 @@ let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto in result +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_2_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { @@ -648,6 +646,10 @@ let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto in result +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0_3_:(u8 & u8 & u8 & u8) = serialize_4_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { @@ -696,6 +698,10 @@ let serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in result +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_4_:(u8 & u8 & u8 & u8 & u8) = serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { @@ -750,19 +756,21 @@ let serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in result +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_1_ (v: t_Slice u8) = let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.zero () in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 8) + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in @@ -782,17 +790,12 @@ let deserialize_1_ (v: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in @@ -813,6 +816,10 @@ let deserialize_1_ (v: t_Slice u8) = in result +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_10_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } @@ -1041,6 +1048,10 @@ let deserialize_10_ (bytes: t_Slice u8) = in v +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_11_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } @@ -1269,6 +1280,10 @@ let deserialize_11_ (bytes: t_Slice u8) = in v +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_12_ (bytes: t_Slice u8) = let v0_1_:(i16 & i16) = deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } @@ -1539,6 +1554,10 @@ let deserialize_12_ (bytes: t_Slice u8) = in re +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_4_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } @@ -1767,6 +1786,10 @@ let deserialize_4_ (bytes: t_Slice u8) = in v +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_5_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } @@ -1994,3 +2017,5 @@ let deserialize_5_ (bytes: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in v + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 978699fa8..5b1a3297f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -27,7 +27,12 @@ val deserialize_5_int (bytes: t_Slice u8) (fun _ -> Prims.l_True) val serialize_10_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8 & u8 & u8) + (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 4)) 10 (MkSeq.create5 tuple) 8) val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) From cae2b3c0c0907bd23362f3e57cde5db6170e4c07 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 11:47:07 +0200 Subject: [PATCH 07/29] mlkem/proofs: serialize: panic free --- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 97 ++++++------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 78 +++++++++-- .../proofs/fstar/extraction/Makefile | 1 - .../src/vector/portable/serialize.rs | 132 +++++++++++++----- 4 files changed, 206 insertions(+), 102 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index be88dd52e..092aa2781 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -3,8 +3,6 @@ module Libcrux_ml_kem.Vector.Portable.Serialize open Core open FStar.Mul -#push-options "--admit_smt_queries true" - let deserialize_10_int (bytes: t_Slice u8) = let r0:i16 = (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 6l <: i16) in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_11_int (bytes: t_Slice u8) = let r0:i16 = @@ -83,11 +82,12 @@ let deserialize_11_int (bytes: t_Slice u8) = ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_12_int (bytes: t_Slice u8) = let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in @@ -95,11 +95,10 @@ let deserialize_12_int (bytes: t_Slice u8) = let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in - r0, r1 <: (i16 & i16) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16) = r0, r1 <: (i16 & i16) in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_4_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in @@ -110,11 +109,12 @@ let deserialize_4_int (bytes: t_Slice u8) = let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_5_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in @@ -153,9 +153,11 @@ let deserialize_5_int (bytes: t_Slice u8) = i16 in let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -#pop-options + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result #push-options "--z3rlimit 480 --split_queries always" @@ -175,12 +177,12 @@ let serialize_10_int (v: t_Slice i16) = in let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) + let result:(u8 & u8 & u8 & u8 & u8) = r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options -#push-options "--admit_smt_queries true" - let serialize_11_int (v: t_Slice i16) = let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in let r1:u8 = @@ -214,13 +216,14 @@ let serialize_11_int (v: t_Slice i16) = (cast ((v.[ sz 6 ] <: i16) >>! 6l <: i16) <: u8) in let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 + <: + (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let serialize_12_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in @@ -232,11 +235,10 @@ let serialize_12_int (v: t_Slice i16) = u8 in let r2:u8 = cast (((v.[ sz 1 ] <: i16) >>! 4l <: i16) &. 255s <: i16) <: u8 in - r0, r1, r2 <: (u8 & u8 & u8) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(u8 & u8 & u8) = r0, r1, r2 <: (u8 & u8 & u8) in + let _:Prims.unit = admit () (* Panic freedom *) in + result let serialize_4_int (v: t_Slice i16) = let result0:u8 = @@ -251,11 +253,10 @@ let serialize_4_int (v: t_Slice i16) = let result3:u8 = ((cast (v.[ sz 7 ] <: i16) <: u8) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) < Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 10) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 10)) 8 (MkSeq.create8 tuple) 10 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 10)) val deserialize_11_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 11) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 11)) 8 (MkSeq.create8 tuple) 11 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 11)) val deserialize_12_int (bytes: t_Slice u8) - : Prims.Pure (i16 & i16) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (i16 & i16) + (requires Core.Slice.impl__len #u8 bytes =. sz 3) + (ensures + fun tuple -> + let tuple:(i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 3)) 8 (MkSeq.create2 tuple) 12 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create2 tuple) i) 12)) val deserialize_4_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 4) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 4)) 8 (MkSeq.create8 tuple) 4 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) val deserialize_5_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 5) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 5)) 8 (MkSeq.create8 tuple) 5 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) val serialize_10_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) @@ -32,21 +54,47 @@ val serialize_10_int (v: t_Slice i16) (ensures fun tuple -> let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 4)) 10 (MkSeq.create5 tuple) 8) + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 4)) 10 (MkSeq.create5 tuple) 8) val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Core.Slice.impl__len #i16 v =. sz 8 /\ + (forall i. Rust_primitives.bounded (Seq.index v i) 11)) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 11 (MkSeq.create11 tuple) 8) val serialize_12_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8) + (requires + Core.Slice.impl__len #i16 v =. sz 2 /\ + (forall i. Rust_primitives.bounded (Seq.index v i) 12)) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 2)) 12 (MkSeq.create3 tuple) 8) val serialize_4_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8 & u8) + (requires + Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) + ) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 4 (MkSeq.create4 tuple) 8) val serialize_5_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8 & u8 & u8) + (requires + Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 5) + ) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 5 (MkSeq.create5 tuple) 8) val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index b4e574fce..9cbf41f87 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -26,7 +26,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ - Libcrux_ml_kem.Vector.Portable.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ Libcrux_ml_kem.Vector.Traits.fst diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index d33d48838..fb608ca89 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -41,13 +41,22 @@ pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { result } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${v.len() == 8} + /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 4 + (MkSeq.create4 $tuple) 8 +"#))] pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { let result0 = ((v[1] as u8) << 4) | (v[0] as u8); let result1 = ((v[3] as u8) << 4) | (v[2] as u8); let result2 = ((v[5] as u8) << 4) | (v[4] as u8); let result3 = ((v[7] as u8) << 4) | (v[6] as u8); + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (result0, result1, result2, result3) } @@ -68,8 +77,16 @@ pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] { result } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 4} +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 4)) 8 + (MkSeq.create8 $tuple) 4 + /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 4) +"#))] pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x0F) as i16; let v1 = ((bytes[0] >> 4) & 0x0F) as i16; @@ -79,6 +96,7 @@ pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, let v5 = ((bytes[2] >> 4) & 0x0F) as i16; let v6 = (bytes[3] & 0x0F) as i16; let v7 = ((bytes[3] >> 4) & 0x0F) as i16; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (v0, v1, v2, v3, v4, v5, v6, v7) } @@ -107,8 +125,16 @@ pub(crate) fn deserialize_4(bytes: &[u8]) -> PortableVector { v } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${v.len() == 8} + /\ (forall i. Rust_primitives.bounded (Seq.index v i) 5) +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 5 + (MkSeq.create5 $tuple) 8 +"#))] pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r0 = (v[0] | v[1] << 5) as u8; let r1 = (v[1] >> 3 | v[2] << 2 | v[3] << 7) as u8; @@ -137,8 +163,16 @@ pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { result } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 5} +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 5)) 8 + (MkSeq.create4 $tuple) 5 + /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 4) +"#))] pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x1F) as i16; let v1 = ((bytes[1] & 0x3) << 3 | (bytes[0] >> 5)) as i16; @@ -177,10 +211,11 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::fstar::options("--z3rlimit 480 --split_queries always")] #[hax_lib::requires(v.len() == 4)] #[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array i16 (sz 4)) 10 + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 4)) 10 (MkSeq.create5 $tuple) 8 "#))] pub(crate) fn serialize_10_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { @@ -200,38 +235,22 @@ pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { let r5_9 = serialize_10_int(&v.elements[4..8]); let r10_14 = serialize_10_int(&v.elements[8..12]); let r15_19 = serialize_10_int(&v.elements[12..16]); - // Here we could also do, the following, but it slows F* down: - // [r0_4.0, r0_4.1, r0_4.2, r0_4.3, r0_4.4, - // r5_9.0, r5_9.1, r5_9.2, r5_9.3, r5_9.4, - // r10_14.0, r10_14.1, r10_14.2, r10_14.3, r10_14.4, - // r15_19.0, r15_19.1, r15_19.2, r15_19.3, r15_19.4 ] - // If we can fix the F* for this, the code would be more compact. - let mut result = [0u8; 20]; - result[0] = r0_4.0; - result[1] = r0_4.1; - result[2] = r0_4.2; - result[3] = r0_4.3; - result[4] = r0_4.4; - result[5] = r5_9.0; - result[6] = r5_9.1; - result[7] = r5_9.2; - result[8] = r5_9.3; - result[9] = r5_9.4; - result[10] = r10_14.0; - result[11] = r10_14.1; - result[12] = r10_14.2; - result[13] = r10_14.3; - result[14] = r10_14.4; - result[15] = r15_19.0; - result[16] = r15_19.1; - result[17] = r15_19.2; - result[18] = r15_19.3; - result[19] = r15_19.4; - result + [ + r0_4.0, r0_4.1, r0_4.2, r0_4.3, r0_4.4, r5_9.0, r5_9.1, r5_9.2, r5_9.3, r5_9.4, r10_14.0, + r10_14.1, r10_14.2, r10_14.3, r10_14.4, r15_19.0, r15_19.1, r15_19.2, r15_19.3, r15_19.4, + ] } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 10} +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 10)) 8 + (MkSeq.create8 $tuple) 10 + /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 10) +"#))] pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = ((bytes[1] as i16 & 0x03) << 8 | (bytes[0] as i16 & 0xFF)) as i16; let r1 = ((bytes[2] as i16 & 0x0F) << 6 | (bytes[1] as i16 >> 2)) as i16; @@ -241,6 +260,7 @@ pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, let r5 = ((bytes[7] as i16 & 0x0F) << 6 | (bytes[6] as i16 >> 2)) as i16; let r6 = ((bytes[8] as i16 & 0x3F) << 4 | (bytes[7] as i16 >> 4)) as i16; let r7 = (((bytes[9] as i16) << 2) | (bytes[8] as i16 >> 6)) as i16; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7) } @@ -270,7 +290,15 @@ pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${v.len() == 8} + /\ (forall i. Rust_primitives.bounded (Seq.index v i) 11) +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 11 + (MkSeq.create11 $tuple) 8 +"#))] pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8, u8, u8) { let r0 = v[0] as u8; let r1 = ((v[1] & 0x1F) as u8) << 3 | ((v[0] >> 8) as u8); @@ -283,6 +311,7 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8 let r8 = ((v[6] & 0x3F) as u8) << 2 | (v[5] >> 9) as u8; let r9 = ((v[7] & 0x7) as u8) << 5 | (v[6] >> 6) as u8; let r10 = (v[7] >> 3) as u8; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10) } @@ -317,8 +346,16 @@ pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] { result } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 11} +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 11)) 8 + (MkSeq.create8 $tuple) 11 + /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 11) +"#))] pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = ((bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16) as i16; let r1 = ((bytes[2] as i16 & 0x3F) << 5 | (bytes[1] as i16 >> 3)) as i16; @@ -330,6 +367,7 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, ((bytes[8] as i16 & 0x3) << 9 | ((bytes[7] as i16) << 1) | ((bytes[6] as i16) >> 7)) as i16; let r6 = ((bytes[9] as i16 & 0x1F) << 6 | (bytes[8] as i16 >> 2)) as i16; let r7 = (((bytes[10] as i16) << 3) | (bytes[9] as i16 >> 5)) as i16; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7) } @@ -358,12 +396,21 @@ pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { v } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${v.len() == 2} + /\ (forall i. Rust_primitives.bounded (Seq.index v i) 12) +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 2)) 12 + (MkSeq.create3 $tuple) 8 +"#))] pub(crate) fn serialize_12_int(v: &[i16]) -> (u8, u8, u8) { let r0 = (v[0] & 0xFF) as u8; let r1 = ((v[0] >> 8) | ((v[1] & 0x0F) << 4)) as u8; let r2 = ((v[1] >> 4) & 0xFF) as u8; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2) } @@ -406,14 +453,23 @@ pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] { result } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 3} +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 3)) 8 + (MkSeq.create2 $tuple) 12 + /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create2 $tuple) i) 12) +"#))] pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) { let byte0 = bytes[0] as i16; let byte1 = bytes[1] as i16; let byte2 = bytes[2] as i16; let r0 = (byte1 & 0x0F) << 8 | (byte0 & 0xFF); let r1 = (byte2 << 4) | ((byte1 >> 4) & 0x0F); + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1) } From a20f576080e108d6d405a8f841f0c79d54a7d0c9 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 18:23:05 +0200 Subject: [PATCH 08/29] wip --- Cargo.toml | 1 + fstar-helpers/fstar-bitvec/Makefile | 32 + fstar-helpers/fstar-bitvec/RwLemmas.fst | 485 ++++ fstar-helpers/fstar-bitvec/RwLemmas.js | 43 + .../proofs/fstar/extraction/Hello.fst | 390 +++ ...l_kem.Vector.Portable.Serialize.Edited.fst | 2334 +++++++++++++++++ ..._kem.Vector.Portable.Serialize.Edited.fsti | 100 + .../fstar/extraction/Tactic.RwLemmas.fst | 0 .../proofs/fstar/extraction/TacticTest.fst | 15 + .../src/vector/portable/serialize.rs | 20 +- libcrux-sha3/proofs/fstar/extraction/Makefile | 1 + 11 files changed, 3410 insertions(+), 11 deletions(-) create mode 100644 fstar-helpers/fstar-bitvec/Makefile create mode 100644 fstar-helpers/fstar-bitvec/RwLemmas.fst create mode 100644 fstar-helpers/fstar-bitvec/RwLemmas.js create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Hello.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst create mode 100644 libcrux-sha3/proofs/fstar/extraction/Makefile diff --git a/Cargo.toml b/Cargo.toml index 5ecbea800..26e8c50da 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,6 +77,7 @@ wasm-bindgen = { version = "0.2.87", optional = true } # This is only required when doing proofs. # [target.'cfg(hax)'.workspace.dependencies] [workspace.dependencies] +# hax-lib = { path = "/home/lucas/repos/hax/lib-proofs-bitvectors-additions/hax-lib" } hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [dev-dependencies] diff --git a/fstar-helpers/fstar-bitvec/Makefile b/fstar-helpers/fstar-bitvec/Makefile new file mode 100644 index 000000000..9cbf41f87 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Makefile @@ -0,0 +1,32 @@ +ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ + Libcrux_ml_kem.Ind_cca.fst \ + Libcrux_ml_kem.Ind_cpa.fst \ + Libcrux_ml_kem.Ind_cpa.fsti \ + Libcrux_ml_kem.Invert_ntt.fst \ + Libcrux_ml_kem.Matrix.fst \ + Libcrux_ml_kem.Ntt.fst \ + Libcrux_ml_kem.Polynomial.fst \ + Libcrux_ml_kem.Sampling.fst \ + Libcrux_ml_kem.Serialize.fst \ + Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ + Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Avx2.Compress.fst \ + Libcrux_ml_kem.Vector.Avx2.fst \ + Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ + Libcrux_ml_kem.Vector.Avx2.Portable.fst \ + Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ + Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ + Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Neon.Compress.fst \ + Libcrux_ml_kem.Vector.Neon.fst \ + Libcrux_ml_kem.Vector.Neon.Ntt.fst \ + Libcrux_ml_kem.Vector.Neon.Serialize.fst \ + Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ + Libcrux_ml_kem.Vector.Portable.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Portable.Compress.fst \ + Libcrux_ml_kem.Vector.Portable.Ntt.fst \ + Libcrux_ml_kem.Vector.Portable.Sampling.fst \ + Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ + Libcrux_ml_kem.Vector.Traits.fst + +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.fst b/fstar-helpers/fstar-bitvec/RwLemmas.fst new file mode 100644 index 000000000..21d64c63d --- /dev/null +++ b/fstar-helpers/fstar-bitvec/RwLemmas.fst @@ -0,0 +1,485 @@ +module RwLemmas + +open Core +module L = FStar.List.Tot +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul + +let rw_seq_index_list #t (l: list t) i + : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) + = () + +// START TEMPLATE +let rw_u8_mk_int x: Lemma (mk_int #u8_inttype x == UInt8.uint_to_t x) = mk_int_equiv_lemma #u8_inttype x +let rw_u8_v_int_to x: Lemma (UInt8.v (UInt8.uint_to_t x) == x) = () +let rw_u8_int_to_v x: Lemma (UInt8.uint_to_t (UInt8.v x) == x) = () +let rw_u8_v x: Lemma (v #u8_inttype x == UInt8.v x) = () +// END TEMPLATE + +// START GENERATED +let rw_i8_mk_int x: Lemma (mk_int #i8_inttype x == Int8.int_to_t x) = mk_int_equiv_lemma #i8_inttype x +let rw_i8_v_int_to x: Lemma (Int8.v (Int8.int_to_t x) == x) = () +let rw_i8_int_to_v x: Lemma (Int8.int_to_t (Int8.v x) == x) = () +let rw_i8_v x: Lemma (v #i8_inttype x == Int8.v x) = () +let rw_u16_mk_int x: Lemma (mk_int #u16_inttype x == UInt16.uint_to_t x) = mk_int_equiv_lemma #u16_inttype x +let rw_u16_v_int_to x: Lemma (UInt16.v (UInt16.uint_to_t x) == x) = () +let rw_u16_int_to_v x: Lemma (UInt16.uint_to_t (UInt16.v x) == x) = () +let rw_u16_v x: Lemma (v #u16_inttype x == UInt16.v x) = () +let rw_i16_mk_int x: Lemma (mk_int #i16_inttype x == Int16.int_to_t x) = mk_int_equiv_lemma #i16_inttype x +let rw_i16_v_int_to x: Lemma (Int16.v (Int16.int_to_t x) == x) = () +let rw_i16_int_to_v x: Lemma (Int16.int_to_t (Int16.v x) == x) = () +let rw_i16_v x: Lemma (v #i16_inttype x == Int16.v x) = () +let rw_u32_mk_int x: Lemma (mk_int #u32_inttype x == UInt32.uint_to_t x) = mk_int_equiv_lemma #u32_inttype x +let rw_u32_v_int_to x: Lemma (UInt32.v (UInt32.uint_to_t x) == x) = () +let rw_u32_int_to_v x: Lemma (UInt32.uint_to_t (UInt32.v x) == x) = () +let rw_u32_v x: Lemma (v #u32_inttype x == UInt32.v x) = () +let rw_i32_mk_int x: Lemma (mk_int #i32_inttype x == Int32.int_to_t x) = mk_int_equiv_lemma #i32_inttype x +let rw_i32_v_int_to x: Lemma (Int32.v (Int32.int_to_t x) == x) = () +let rw_i32_int_to_v x: Lemma (Int32.int_to_t (Int32.v x) == x) = () +let rw_i32_v x: Lemma (v #i32_inttype x == Int32.v x) = () +let rw_u64_mk_int x: Lemma (mk_int #u64_inttype x == UInt64.uint_to_t x) = mk_int_equiv_lemma #u64_inttype x +let rw_u64_v_int_to x: Lemma (UInt64.v (UInt64.uint_to_t x) == x) = () +let rw_u64_int_to_v x: Lemma (UInt64.uint_to_t (UInt64.v x) == x) = () +let rw_u64_v x: Lemma (v #u64_inttype x == UInt64.v x) = () +let rw_i64_mk_int x: Lemma (mk_int #i64_inttype x == Int64.int_to_t x) = mk_int_equiv_lemma #i64_inttype x +let rw_i64_v_int_to x: Lemma (Int64.v (Int64.int_to_t x) == x) = () +let rw_i64_int_to_v x: Lemma (Int64.int_to_t (Int64.v x) == x) = () +let rw_i64_v x: Lemma (v #i64_inttype x == Int64.v x) = () +let rw_integers_list0 = [ + `rw_u8_mk_int;`rw_u8_v_int_to;`rw_u8_int_to_v;`rw_u8_v + // ;`rw_i8_mk_int;`rw_i8_v_int_to;`rw_i8_int_to_v;`rw_i8_v;`rw_u16_mk_int;`rw_u16_v_int_to;`rw_u16_int_to_v;`rw_u16_v + ;`rw_i16_mk_int;`rw_i16_v_int_to;`rw_i16_int_to_v;`rw_i16_v + // ;`rw_u32_mk_int;`rw_u32_v_int_to;`rw_u32_int_to_v;`rw_u32_v;`rw_i32_mk_int;`rw_i32_v_int_to;`rw_i32_int_to_v;`rw_i32_v;`rw_u64_mk_int;`rw_u64_v_int_to;`rw_u64_int_to_v;`rw_u64_v;`rw_i64_mk_int;`rw_i64_v_int_to;`rw_i64_int_to_v;`rw_i64_v + ] +// END GENERATED + +let rw_generic_v_mk_int t (x: int {Rust_primitives.Integers.range x t}) + : Lemma (v (mk_int #t x) == x) + = () +let rw_usize_v_mk_int x: Lemma (v #usize_inttype (mk_int #usize_inttype x) == x) = () +let rw_v_mk_int_usize x: Lemma (mk_int #usize_inttype (v #usize_inttype x) == x) = () + +let rw_integers_list = L.append rw_integers_list0 [ + `rw_generic_v_mk_int; + `rw_usize_v_mk_int; + `rw_v_mk_int_usize; +] + +let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) + = match x with + | Some x -> f x + | None -> None + +let expect_int_literal (t: term): Tac (option int) = + match inspect_unascribe t with + | Tv_Const (C_Int n) -> Some n + | _ -> None +let expect_fvar (t: term): Tac (option string) = + match t with + | Tv_UInst fv _ + | Tv_FVar fv -> Some (implode_qn (inspect_fv fv)) + | _ -> None +let expect_free_var (t: term) (fv: string): Tac (option unit) = + let?# fv' = expect_fvar t in + if fv = fv' then Some () else None +let expect_cur_formula_comp () = + match FStar.Tactics.V2.Logic.cur_formula () with + | Comp _ lhs _ -> Some lhs + | _ -> None +let expect_app_n t n: Tac (option (term & (l: list _ {L.length l == n}))) = + let (head, args) = collect_app t in + if L.length args = n + then Some (head, args) + else None + +exception DoRefl +let fast_l_to_r_integers (): Tac unit = + pointwise (fun () -> + try + match let?# t = expect_cur_formula_comp () in + let (f, args) = collect_app t in + let?# _ = if Cons? args then Some () else None in + let?# fv = expect_fvar f in + let fv = explode_qn fv in + if Cons? fv then + (match L.last fv with + | "v" | "mk_int" | "int_to_t" | "uint_to_t" + -> fold_left (fun k l () -> (fun () -> apply_lemma_rw l) `or_else` k) + trefl rw_integers_list () + | _ -> raise DoRefl + ) else raise DoRefl; + Some () + with None -> raise DoRefl | _ -> () + with | DoRefl -> trefl () + | e -> raise e + ) + +#push-options "--compat_pre_core 0" + +let expect_pow2_literal t: Tac (option int) + = let?# (f, [x, _]) = expect_app_n t 1 in + let?# () = expect_free_var f (`%pow2) in + expect_int_literal x + +/// Fully normalize a term of the shape `pow2 n`, where `n` is a literal +let norm_pow2 (): Tac unit = + pointwise (fun () -> + let _ = let?# t = expect_cur_formula_comp () in + let?# n = expect_pow2_literal t in + debug ("Normalized `pow2 " ^ string_of_int n ^ "`"); + Some (norm [iota; zeta_full; reify_; delta; primops; unmeta]) in + trefl ()) + +let rec log2 (n: nat): Tot (option (m: nat {pow2 m == n})) (decreases n) + = if n = 0 then None + else if n = 1 then Some 0 + else if n % 2 <> 0 then None + else match log2 (n / 2) with + | Some n -> Some (1 + n) + | None -> None + +let lemma_of_refinement #t #p (n: t {p n}): Lemma (p n) = () + +let rewrite_pow2_minus_one () = + pointwise (fun () -> + match let?# t = expect_cur_formula_comp () in + let?# n = expect_int_literal t in + if n >= 0 then + match log2 (n + 1) with + | Some e -> + let rw_lemma (): Lemma (n == pow2 e - 1) = () in + apply_lemma_rw (quote rw_lemma); + Some () + | _ -> None + else None + with None -> trefl () | _ -> () + ) + +let _ = fun (i: nat) -> assert (pow2 (i + 3) + pow2 10 == pow2 (i + 3) + 1024) + by (norm_pow2 (); trefl ()) + +private +let unfold_index_lemma (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) + : Lemma ( FStar.List.Tot.index #a l i + == Pervasives.norm [iota; primops] (let hd::tl = l in + if i = 0 then hd else List.Tot.index tl (i - 1))) + = () + + +let rec repeatWhile (f: unit -> Tac bool): Tac unit + = if f () then repeatWhile f + +exception StopNormIndex +let norm_index (): Tac unit = + let _ = repeat (fun _ -> + lset "found" false; + pointwise (fun _ -> + (fun () -> + match let?# t = expect_cur_formula_comp () in + let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%FStar.List.Tot.index) in + let?# n = expect_int_literal index in + apply_lemma_rw (`unfold_index_lemma); + lset "found" true; + Some () + with | Some () -> () | _ -> raise DoRefl + ) `or_else` trefl); + if lget "found" then () else raise StopNormIndex) in () + +let _ = assert (L.index [1;2;3;4;5;6] 3 == 4) by (norm_index(); trefl ()) + +#push-options "--z3rlimit 40" +let deserialize_10_int (bytes: t_Array u8 (sz 10)) = + let r0:i16 = + (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + in + let r2:i16 = + (((cast (bytes.[ sz 3 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + in + let r3:i16 = + ((cast (bytes.[ sz 4 ] <: u8) <: i16) <>! 6l <: i16) + in + let r4:i16 = + (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + in + let r6:i16 = + (((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + in + let r7:i16 = + ((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) + in + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + result +let split_forall_nat + (#upper_bound: pos) + (p: (i:nat{i <= upper_bound}) -> Type0) + : Lemma (requires (if upper_bound = 0 then True else (forall (i:nat{i <= upper_bound - 1}). p i)) + /\ p upper_bound + ) + (ensures forall (i:nat{i <= upper_bound}). p i) + = () +#pop-options + +// #push-options "--z3rlimit 60" +let rw_bit_or (b1 b2: bit) result: + Lemma + (requires ( + (b1 = 0 ==> b2 = 0 ==> result = 0) + /\ (b1 = 0 ==> b2 = 1 ==> result = 1) + /\ (b1 = 1 ==> b2 = 0 ==> result = 1) + /\ (b1 = 1 ==> b2 = 1 ==> result = 0) + )) + (ensures (bit_or b1 b2 == result)) + = () + +let deserialize_10_int' (bytes: t_Array u8 (sz 10)): t_Array i16 (sz 8) + = MkSeq.create8 (deserialize_10_int bytes) + +exception StopCompute +let compute'' (): Tac unit + = lset "goal" (cur_goal ()); + let _ = repeat (fun () -> + dump "A"; + norm [ iota; zeta; reify_ + ; delta_namespace ["FStar"; "RwLemmas"; "MkSeq"] + // ; delta_only [ + // `%( +! ); `%( -! ); `%( *! ); `%( /! ); + // `%add; `%mul; `%div; `%sub + // ] + ; primops; unmeta]; + dump "B"; + norm_pow2 (); + dump "C"; + l_to_r [`rw_seq_index_list]; + fast_l_to_r_integers (); + dump "D"; + norm_index (); + dump "E"; + + let goal0 = lget "goal" in + let goal1 = cur_goal () in + if term_eq goal0 goal1 then raise StopCompute; + lset "goal" goal1 + ) in () + +// (((cast (bytes.[ sz 2 ] <: u8) <: i16) &. 15s <: i16) <>! 2l <: i16) + +// let _ = assert ((4s +! 5s) <= 0 /\ b < bits t}) = +// let x:range_t t = (v a * pow2 b) @%. t in +// mk_int #t x + +// let rw_shift_left_to_nat +// #t #u (x: int_t t) (y: int_t u {v y >= 0 /\ v y < bits t}) +// : Lemma ((x <>! 4l +// ) (sz 3) == 0 + +// let _ = +// get_bit ( ((cast bytes.[ sz 1 ] &. 3s ) <= relevant_bits + shift || i < shift then get_bit lhs (sz i) else full) + ) + = if i >= relevant_bits + shift then ( + let i' = i - shift in + let mask: int_t t = mk_int (pow2 relevant_bits - 1) in + let a = rhs &. mask in + if i' < bits t then ( + get_bit_pow2_minus_one #t relevant_bits (sz i'); + get_bit_and rhs (mk_int (pow2 relevant_bits - 1)) (sz i') + ) else get_bit_cast_extend #t #u a (sz i'); + let a: int_t u = cast a in + get_bit_shl #u #shift_t a (mk_int shift) (sz i') + ) else if i < shift then () else () +#pop-options + +#push-options "--z3rlimit 80" +let rw_rhs_bit_or_no_mask #t #u #shift_t + (lhs: int_t u) (rhs: int_t t) + (i: nat {i < bits u}) + (shift: nat {shift < bits u /\ Rust_primitives.Integers.range shift shift_t}) + : Lemma ( + let full = get_bit ( + lhs |. ((cast rhs <: int_t u) <= shift then ( + let i' = i - shift in + let a = rhs in + let a: int_t u = cast a in + get_bit_shl #u #shift_t a (mk_int shift) (sz i') + ) else () +#pop-options + +#push-options "--z3rlimit 150" +let add_shift_zero #t #shift_t (x: int_t t) + : Lemma (x < Lemma (a x == b x))) (x: t): Lemma (b x == a x) + = f x + +let r_to_l (lems:list term) : Tac unit = + let first_or_trefl () : Tac unit = + fold_left (fun k l () -> + (fun () -> apply_lemma_rw (`(invert (`#l)))) + `or_else` k) + trefl lems () in + pointwise first_or_trefl + +let make_integers_generic () = + pointwise (fun _ -> + dump "X"; + match let?# t = expect_cur_formula_comp () in + let?# n = expect_int_literal t in + // let is_int = + // try let x = tc (top_env ()) (`(3 + (`#t))) in + // print ("tc -> -> " ^ term_to_string x); + // true + // with | _ -> false + // in + let ty = tc (cur_env ()) t in + let ty = norm_term [iota; zeta; reify_; delta; primops; unmeta] ty in + let ty = inspect_unascribe ty in + let is_int = term_eq ty (`int) || term_eq ty (`nat) in + fail ("unify=" ^ string_of_bool is_int); + None + // fail ("ty=" ^ term_to_string ty); + // if unify ty `int + // then + // unify + // match?# expect_fvar ty with + // | "Prims.int" -> None + // | _ -> Some n + with + | Some n -> + let n = n + 1 in + trefl () + // fail (string_of_int n) + | _ -> trefl () + ) + + +// let _ = FStar.Int16.__int_to_t +let _ = fun x -> assert (2s == x) + by ( + norm [iota; primops]; make_integers_generic (); fail "x") + +#push-options "--compat_pre_core 0" +let asdsd (bytes: t_Array u8 (sz 10)) + = let cast: u8 -> i16 = cast in + assert ( + get_bit ((cast bytes.[ sz 3 ] &. 63s <: i16) <>! 4l) (sz 3) == 0 + ) by ( + r_to_l rw_integers_list; + fail "x"; + // l_to_r [`resugar_integer]; + // apply_lemma_rw (`rw_rhs_bit_or_no_mask); + // compute (); + // apply_lemma_rw (`rw_rhs_bit_or_no_mask); + pointwise' (fun _ -> + // let _ = let?# t = expect_cur_formula_comp () in + // let?# (f, _) = expect_app_n t 3 in + // let?# () = expect_free_var f (`%get_bit) in + // apply_lemma_rw (`rw_rhs_bit_or_no_mask); + // invert (); + // Some (dump "heey") + // in + trefl () + // let _ = repeat clear_top in + // dump "X"; + // (fun _ -> apply_lemma_rw (`rw_rhs_bit_or_no_mask)) `or_else` trefl; + // let _ = repeat clear_top in + // dump "Y" + ); + fail "x" + ) + +let fff bytes x: unit = + assert ( + get_bit (Seq.index (deserialize_10_int' bytes) 2) (sz 3) == 0 + ) by ( + compute'' (); + // l_to_r [`rewrite_to_zero]; + // compute'' (); + // apply_lemma_rw + // l_to_r [`rw_rhs_bit_or_no_mask]; + fail "DONE"; + focus (tadmit) + ); + () + diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.js b/fstar-helpers/fstar-bitvec/RwLemmas.js new file mode 100644 index 000000000..787c179ed --- /dev/null +++ b/fstar-helpers/fstar-bitvec/RwLemmas.js @@ -0,0 +1,43 @@ +const fs = require('fs'); + +let lemmas = fs.readFileSync('RwLemmas.fst').toString(); +let template_lines = + lemmas + .split('// START TEMPLATE')[1] + .split('// END TEMPLATE')[0] + .split('\n').map(x => x.trim()); + +let template = template_lines.join('\n'); + +let sizes = ['8', '16', '32', '64']; + +let replace = (str, from_size, to_sign, to_size) => + str + .replaceAll(`u${from_size}`, `${to_sign ? 'u' : 'i'}${to_size}`) + .replaceAll(`UInt${from_size}`, `${to_sign ? 'U' : ''}Int${to_size}`) + .replaceAll(`uint_to`, `${to_sign ? 'u' : ''}int_to`); + +let all = ""; +for(let n1 of sizes) { + for(let s1 of [true, false]) { + let s = template; + console.log({n1, s1}); + s = replace(s, 8, s1, n1); + all += s; + } +} + +let generated_lines = [...new Set(all.split('\n'))]; +let names = generated_lines.map(x => x.split(' ')[1]).filter(x => x); +let generated = generated_lines.filter(x => !template_lines.includes(x)).join('\n'); + +generated += '\nlet rw_integers_list0 = [' + names.map(n => '`' + n).join(';') + ']'; + +let before = lemmas + .split('// START GENERATED')[0]; + +let after = lemmas + .split('// END GENERATED')[1]; + +fs.writeFileSync('RwLemmas.fst', before + '// START GENERATED\n' + generated + '\n// END GENERATED' + after); + diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst b/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst new file mode 100644 index 000000000..5178c4c54 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst @@ -0,0 +1,390 @@ +module Hello + +open Core +open FStar.Mul +open FStar.Tactics.V2 + +// module _ = BitVecEq +// module _ = Rust_primitives.BitVectors + +// // val ( >>! ) #t #t': int_t -> int + +// #push-options "--admit_smt_queries true" +// val serialize_10_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8 & u8 & u8) +// (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) +// (ensures fun _ -> True) +// let serialize_10_int (v: t_Slice i16) = +// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in +// let r1:u8 = +// ((cast ((v.[ sz 1 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s <: i16) <: u8) +// in +// let r2:u8 = +// ((cast ((v.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s <: i16) <: u8) +// in +// let r3:u8 = +// ((cast ((v.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s <: i16) <: u8) +// in +// let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in +// //let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in +// r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) +// #pop-options + +// let wrapped (v: t_Array i16 (sz 4)): t_Array u8 (sz 5) = +// MkSeq.create5 (serialize_10_int v) + +// let norm_seq #t (l: list t) i +// : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) +// = () + +// let split_forall_nat +// (#upper_bound: pos) +// (p: (i:nat{i <= upper_bound}) -> Type0) +// : Lemma (requires (if upper_bound = 0 then True else (forall (i:nat{i <= upper_bound - 1}). p i)) +// /\ p upper_bound +// ) +// (ensures forall (i:nat{i <= upper_bound}). p i) +// = () + +// let rw_simplify_v_mk_int t (x: int {Rust_primitives.Integers.range x t}) +// : Lemma (v (mk_int #t x) == x) +// = () + + +// let rw_simplify_v_mk_intu8 +// (x: int {Rust_primitives.Integers.range x u8_inttype}) +// (t: _ {t == u8_inttype}) +// : Lemma (UInt8.v (mk_int #t x) == x) +// = assert (UInt8.v (mk_int #t x) == v (mk_int #u8_inttype x)) + + +// let conv_mk_int_u8 x: Lemma (mk_int #u8_inttype x == UInt8.uint_to_t x) = admit () +// let rw_v_uint_to_t_u8 x: Lemma (UInt8.v (UInt8.uint_to_t x) == x) = () +// let rw_v_uint_to_t_u8' x: Lemma (UInt8.uint_to_t (UInt8.v x) == x) = () +// let rw_v_u8 x: Lemma (v #u8_inttype x == UInt8.v x) = () + +// let conv_mk_int_i16 x: Lemma (mk_int #i16_inttype x == Int16.int_to_t x) = admit () +// let rw_v_uint_to_t_i16 x: Lemma (Int16.v (Int16.int_to_t x) == x) = () +// let rw_v_uint_to_t_i16' x: Lemma (Int16.int_to_t (Int16.v x) == x) = () +// let rw_v_i16 x: Lemma (v #i16_inttype x == Int16.v x) = () + +// let conv_mk_int_i32 x: Lemma (mk_int #i32_inttype x == Int32.int_to_t x) = admit () +// let rw_v_uint_to_t_i32 x: Lemma (Int32.v (Int32.int_to_t x) == x) = () +// let rw_v_uint_to_t_i32' x: Lemma (Int32.int_to_t (Int32.v x) == x) = () +// let rw_v_i32 x: Lemma (v #i32_inttype x == Int32.v x) = () + +// let usize_v_mk_int x: Lemma (v #usize_inttype (mk_int #usize_inttype x) == x) = () + +// let rw_ints = [ +// `conv_mk_int_u8; +// `rw_v_uint_to_t_u8; +// `rw_v_uint_to_t_u8'; +// `rw_v_u8; +// `conv_mk_int_i16; +// `rw_v_uint_to_t_i16; +// `rw_v_uint_to_t_i16'; +// `rw_v_i16; +// `conv_mk_int_i32; +// `rw_v_uint_to_t_i32; +// `rw_v_uint_to_t_i32'; +// `rw_v_i32; +// `usize_v_mk_int; +// ] + +// let rw_v_mk_int t x: Lemma (v (mk_int #t x) == x) = () + +// // let lemma_gt_0 x: Lemma ( +// // (Int16.v (logand #Lib.IntTypes.S16 x 255s) @%. Lib.IntTypes.U8 >= 0) +// // == (Int16.v x >= 0) +// // ) = () + +// let rw = [ +// `norm_seq +// ; `rw_simplify_v_mk_int +// ; `conv_mk_int_u8; `rw_v_uint_to_t_u8; `rw_v_uint_to_t_u8' +// ; `conv_mk_int_i16; `rw_v_uint_to_t_i16; `rw_v_uint_to_t_i16' +// ; `rw_v_mk_int +// // ; `lemma_gt_0 +// ] + +// #push-options "--z3rlimit 60" +// let rw_bit_or (b1 b2: bit) result: +// Lemma +// (requires ( +// (b1 = 0 ==> b2 = 0 ==> result = 0) +// /\ (b1 = 0 ==> b2 = 1 ==> result = 1) +// /\ (b1 = 1 ==> b2 = 0 ==> result = 1) +// /\ (b1 = 1 ==> b2 = 1 ==> result = 0) +// )) +// (ensures (bit_or b1 b2 == result)) +// = () + +// type nn = { +// x_bits: nat; +// y_bits: int; +// x_shift: nat; +// } + +// #push-options "--z3rlimit 260" +// let numbers +// t (u: inttype {bits t > bits u}) +// (d1: num_bits t) (d2: num_bits u) +// (arr2_term_idx: nat) = +// // let t (arr2_term_idx: nat {arr2_term_idx > 0 /\ arr2_term_idx < 4}) = +// let first_bit = arr2_term_idx * d2 in +// let arr1_idx = first_bit / d1 in +// let x_shift = first_bit % d1 in +// // How many bits are left from `x` in the result? +// let x_bits: nat = d1 - x_shift in +// // How many bits are left from `y` in the result? +// let y_bits: int = d2 - x_bits in +// // let x_mask = pow2 x_bits - 1 in +// // let y_mask = pow2 y_bits - 1 in +// {x_bits; y_bits; x_shift; } +// #pop-options + +// let config = numbers i16_inttype u8_inttype 10 8 2 + +// #push-options "--z3rlimit 260" +// // #push-options "--z3rlimit 260 --admit_smt_queries true" +// let compute_term +// t (u: inttype {bits t > bits u}) +// (d1: num_bits t) (d2: num_bits u) +// (n1: nat) (n2: nat {n2 * d2 == n1 * d1}) +// (arr1: Seq.seq (int_t t) {Seq.length arr1 == n1}) +// (arr2: Seq.seq (int_t u) {Seq.length arr2 == n2}) +// (arr2_term_idx: nat {arr2_term_idx < n2}): int_t u = +// // let t (arr2_term_idx: nat {arr2_term_idx > 0 /\ arr2_term_idx < 4}) = +// let first_bit = arr2_term_idx * d2 in +// let arr1_idx = first_bit / d1 in +// let x = Seq.index arr1 arr1_idx in +// let x_shift = first_bit % d1 in +// // How many bits are left from `x` in the result? +// let x_bits = d1 - x_shift in +// // How many bits are left from `y` in the result? +// let y_bits = d2 - x_bits in +// Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) x_bits; +// let x_mask = pow2 x_bits - 1 in +// let x': int_t u = cast ((x >>! mk_int #i32_inttype x_shift) &. mk_int #t x_mask) in +// if arr1_idx + 1 < n1 && y_bits > 0 +// then ( +// Math.Lemmas.pow2_le_compat (bits u - (if unsigned u then 0 else 1)) y_bits; +// let y_mask = pow2 y_bits - 1 in +// let y = Seq.index arr1 (arr1_idx + 1) in +// let y': int_t u = cast (y &. mk_int #t y_mask) in +// let y_shift = x_bits in +// let y': int_t u = y' < bits u}) +// (d1: num_bits t) (d2: num_bits u) +// (n1: nat) (n2: nat {n2 * d2 == n1 * d1}) +// (arr1: Seq.seq (int_t t) {Seq.length arr1 == n1}) +// (arr2: Seq.seq (int_t u) {Seq.length arr2 == n2}) +// (arr2_term_idx: nat {arr2_term_idx < n2}) +// (i: nat { i < d2 }) +// : Lemma ( +// let first_bit = arr2_term_idx * d2 in +// let x_bits = d1 - first_bit % d1 in +// let arr1_idx = first_bit / d1 in +// get_bit (compute_term t u d1 d2 n1 n2 arr1 arr2 arr2_term_idx) (sz i) +// == ( if i < x_bits +// // ICI C'EST PAS OKAY +// then get_bit (Seq.index arr1 arr1_idx ) (sz i) +// else get_bit (Seq.index arr1 (arr1_idx + 1)) (sz (i - x_bits)) +// ) +// // let j = i - +// // bv1 i == get_bit (compute_term t u d1 d2 n1 n2 arr1 arr2 arr2_term_idx) j +// ) = admit () +// #pop-options + +// let norm_pow2 (): Tac unit = +// pointwise (fun () -> +// begin match FStar.Tactics.V2.Logic.cur_formula () with +// | Comp _eq lhs _rhs -> +// let (head, args) = collect_app lhs in +// ( match (inspect head, args) with +// | (Tv_FVar fv, [_]) -> +// if implode_qn (inspect_fv fv) = `%pow2 +// then norm [iota; zeta_full; reify_; delta; primops; unmeta] +// else () +// | _ -> ()) +// | _ -> () +// end; +// trefl ()) + +// let unfold_index (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) +// : Lemma ( FStar.List.Tot.index #a l i +// == (let hd::tl = l in +// if i = 0 then hd else List.Tot.index tl (i - 1))) +// = () + +// exception StopNormIndex + +// let norm_index (): Tac unit = +// let _ = repeat (fun _ -> +// lset "found" false; +// pointwise (fun _ -> +// (fun () -> +// apply_lemma_rw (`unfold_index); +// lset "found" true +// ) `or_else` trefl); +// if lget "found" then () else raise StopNormIndex) in () + +// // #push-options "--fuel 0 --ifuel 0 --z3rlimit 60" +// // let xx (x0 x1: i16) = +// // get_bit_pow2_minus_one_i16 63 (sz 3); +// // assert (get_bit (mk_int #i16_inttype 63) (sz 3) == 1) + +// // // get_bit_pow2_minus_one_i16 63 (sz 3); +// // assert ( +// // get_bit x1 (mk_int #usize_inttype 3) +// // == +// // // get_bit ((cast (x1 &. mk_int #i16_inttype 63) <: u8) <>! mk_int #i16_inttype 8 &. mk_int #i16_inttype 3) <: u8) (mk_int 5)) +// // ) + +// // let shift_right_simplify_0 t (x: int_t t): Lemma (shift_right x 0l == x) +// // = () + +// #push-options "--compat_pre_core 0" +// #push-options "--z3rlimit 60" +// let lemma (arr1: t_Array i16 (sz 4)) = +// let arr2 = wrapped arr1 in +// let d1 = 10 in +// let d2 = 8 in +// let bv1 = bit_vec_of_int_t_array arr1 d1 in +// let bv2 = bit_vec_of_int_t_array arr2 d2 in +// let mk = compute_term +// i16_inttype u8_inttype +// 10 8 +// 4 5 +// arr1 arr2 +// in +// let mk_lemma = lemma_compute_term +// i16_inttype u8_inttype +// 10 8 +// 4 5 +// arr1 arr2 +// in +// let i = 13 in +// assert (forall (i: nat {i <= 19}). bv1 i == bv2 i) by ( +// let rec round (i: nat): Tac _ = +// apply_lemma (`split_forall_nat); +// norm [iota; reify_; primops; unmeta; delta_only [`%op_Subtraction]]; +// let deep_norm () = +// norm [iota; zeta; reify_; delta; primops; unmeta]; +// norm_index (); +// l_to_r (rw_ints `List.Tot.append` [`norm_index; `norm_seq]) +// in +// split (); +// flip (); +// focus (fun () -> +// dump "x"; +// let t = quote (get_bit (mk (i / d2)) (sz (i % d2))) in +// // let bv2_eq_t = tcut (`((`@bv2) (`@i) == (`#t))) in +// grewrite (quote (bv2 i)) t; +// dump "after grewrite 1"; +// flip (); +// focus (fun _ -> +// let _ = repeatn 3 deep_norm in +// trefl `or_else` (fun () -> +// dump "Not refl after norm, SMT?"; +// smt_sync (); +// dump "SMT ok" +// ) +// ); +// // let bv1_eq_t = tcut (`((`@bv1) (`@i) == (`#t))) in +// grewrite (quote (bv1 i)) t; +// dump "after grewrite 2"; +// flip (); +// focus (fun () -> +// dump "dunm"; +// l_to_r [quote mk_lemma]; +// compute (); +// trefl `or_else` (fun () -> +// dump "Not refl, SMT?"; +// smt_sync (); +// dump "SMT ok" +// ) +// ); +// dump "Just before the end of the round"; +// deep_norm (); +// dump "Just before the end of the round (+norm)"; +// trefl () +// ); +// dump ("finished round" ^ string_of_int i); +// if i = 0 +// then () +// else round (i - 1) +// in +// let _ = round 19 in +// () +// ); +// // assert (bv2 i == get_bit (mk (i / d2)) (sz (i % d2))) by ( +// // ); +// // assert ( +// // bv2 8 == get_bit t (sz 0) +// // ) by ( +// // compute (); +// // l_to_r [`norm_seq]; +// // ); +// admit(); +// () + +// let _ = +// assume (Int16.v (Seq.Base.index arr1 (i / d1)) >= 0); +// assume (Int16.v (Seq.Base.index arr1 (i / d2)) >= 0); +// // assert (bv2 13 == ); +// assert ( +// bv2 13 +// == bv1 13 +// // == get_bit (Seq.index bv1 0) (sz 0) +// // == get_bit (Seq.index arr2 0) (sz 0) +// //get_bit (Seq.index arr2 0) (sz 0) +// ) by ( + +// compute (); +// l_to_r rw; +// compute (); +// l_to_r rw; +// norm [iota; simplify; zeta_full; reify_; delta; primops; unmeta]; +// l_to_r rw; +// l_to_r [`Math.Lemmas.modulo_distributivity]; +// l_to_r [`get_bit_or; `get_bit_and]; +// // l_to_r [`rw_bit_or]; +// apply_lemma (`rw_bit_or); +// l_to_r rw; +// fail "x"; +// let _ = repeat split in +// iterAll (fun _ -> +// l_to_r rw; +// norm [iota; simplify; zeta_full; reify_; delta; primops; simplify; unmeta]; +// () +// ); +// fail "x"; +// iterAll ( +// fun _ -> +// dump "SMT for:"; +// smt_sync () +// ) +// // let _ = iterAll (fun _ -> let _ = l_intros () in ()) in +// // fail "x" +// // tadmit () +// ) + + + diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst new file mode 100644 index 000000000..785f57dd7 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst @@ -0,0 +1,2334 @@ +module Libcrux_ml_kem.Vector.Portable.Serialize.Edited +// #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +// open Core +// open FStar.Mul + +// #push-options "--admit_smt_queries true" + +// let deserialize_10_int (bytes: t_Slice u8) = +// let r0:i16 = +// (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) +// in +// let r2:i16 = +// (((cast (bytes.[ sz 3 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) +// in +// let r3:i16 = +// ((cast (bytes.[ sz 4 ] <: u8) <: i16) <>! 6l <: i16) +// in +// let r4:i16 = +// (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) +// in +// let r6:i16 = +// (((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) +// in +// let r7:i16 = +// ((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) +// in +// r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_11_int (bytes: t_Slice u8) = +// let r0:i16 = +// (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) +// in +// let r2:i16 = +// ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) +// in +// let r3:i16 = +// (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) +// in +// let r4:i16 = +// (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) +// in +// let r5:i16 = +// ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) +// in +// let r6:i16 = +// (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) +// in +// let r7:i16 = +// ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) +// in +// r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_12_int (bytes: t_Slice u8) = +// let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in +// let byte1:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in +// let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in +// let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in +// r0, r1 <: (i16 & i16) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_4_int (bytes: t_Slice u8) = +// let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in +// let v1:i16 = cast (((bytes.[ sz 0 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in +// let v2:i16 = cast ((bytes.[ sz 1 ] <: u8) &. 15uy <: u8) <: i16 in +// let v3:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in +// let v4:i16 = cast ((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <: i16 in +// let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in +// let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in +// let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in +// v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_5_int (bytes: t_Slice u8) = +// let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in +// let v1:i16 = +// cast ((((bytes.[ sz 1 ] <: u8) &. 3uy <: u8) <>! 5l <: u8) +// <: +// u8) +// <: +// i16 +// in +// let v2:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 2l <: u8) &. 31uy <: u8) <: i16 in +// let v3:i16 = +// cast ((((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <>! 7l <: u8) +// <: +// u8) +// <: +// i16 +// in +// let v4:i16 = +// cast ((((bytes.[ sz 3 ] <: u8) &. 1uy <: u8) <>! 4l <: u8) +// <: +// u8) +// <: +// i16 +// in +// let v5:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 1l <: u8) &. 31uy <: u8) <: i16 in +// let v6:i16 = +// cast ((((bytes.[ sz 4 ] <: u8) &. 7uy <: u8) <>! 6l <: u8) +// <: +// u8) +// <: +// i16 +// in +// let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in +// v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +// #pop-options + +// #push-options "--z3rlimit 480 --split_queries always" + +// let serialize_10_int (v: t_Slice i16) = +// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in +// let r1:u8 = +// ((cast ((v.[ sz 1 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s <: i16) <: u8) +// in +// let r2:u8 = +// ((cast ((v.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s <: i16) <: u8) +// in +// let r3:u8 = +// ((cast ((v.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s <: i16) <: u8) +// in +// let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in +// let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in +// r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) + +// #pop-options + +// // #push-options "--ifuel 1 --z3rlimit 1600 " + +// unfold let (.[]) (x: t_Slice i16) (i: usize {v i < Seq.length x}): i16 = Seq.index x (v i) + +// // val serialize_11_int' (v: t_Slice i16) +// // : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +// // (requires Seq.length v == 8 +// // /\ Rust_primitives.bounded (v.[sz 0] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 1] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 2] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 3] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 4] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 5] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 6] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 7] <: i16) 11 +// // ) +// // (ensures +// // fun tuple -> +// // let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in +// // BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 8)) 11 (MkSeq.create11 tuple) 8) + +// #push-options "--ifuel 1 --z3rlimit 600 --split_queries always" + +// val compress_coefficients_11_ +// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: +// int_t_d i16_inttype 11) +// : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +// (requires True) +// (ensures fun tuple -> +// True +// // BitVecEq.int_t_array_bitwise_eq' +// // (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 +// // (MkSeq.create11 tuple) 8 +// ) + +// #pop-options + +// // #push-options "--z3rlimit 90" +// // let rightmost_bits #t u +// // (coef: int_t t) (n_bits: nat {n_bits <= bits t - (if unsigned t then 0 else 1)}) +// // (shift: nat {shift > 0 /\ shift < bits u}) +// // : result: int_t u {forall i. get_bit result i == } +// // = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n_bits; +// // (cast (coef &. mk_int (pow2 n_bits - 1)) <: int_t u) +// // <= bits u}) +// // (coef: int_t t) +// // (n_bits: nat {n_bits <= bits t - (if unsigned t then 0 else 1)}) +// // (shift: nat {shift > 0 /\ shift < (bits u - n_bits)}) +// // // : result: int_t u +// // // {forall (i: nat). i < n_bits ==> get_bit result (sz i) == get_bit coef (sz (i - shift)) } +// // // : result: int_t u {forall i. (i >= shift /\ i < shift + n_bits) +// // // ==> get_bit result (sz i) == get_bit coef (sz (i - shift)) +// // // } +// // = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n_bits; +// // let x = (cast (coef &. mk_int (pow2 n_bits - 1)) <: int_t u) in +// // let y: int_t u = mk_int shift in +// // let result = x < 0 +// // // // ==> +// // // // (get_bit result (sz 0) == get_bit x (sz shift)) +// // // // ); +// // // // admit (); +// // result + +// // let leftmost_bits #t u (coef: int_t t) (shift: nat {shift > 0 /\ shift < bits t}) +// // = (cast (coef >>! (mk_int shift <: int_t t)) <: int_t u) + +// let is_num_bits t (d:nat) = d > 0 /\ d <= bits t /\ (signed t ==> d < bits t) + +// #push-options "--fuel 0 --ifuel 0 --z3rlimit 900" +// [@@"opaque_to_smt"] +// let mix_two_ints t (u:inttype {bits t > bits u}) +// (d1: num_bits t) (d2: num_bits u) +// (x1: int_t t) (x2: int_t t) +// (offset1: pos { offset1 < d1 /\ offset1 > d1 - d2}) +// : r: int_t u { +// forall i. i < d2 +// ==> get_bit r (sz i) +// = ( if i >= d1 - offset1 (* offset2 *) +// then +// // get_bit r (sz i) +// get_bit x2 (sz (i - (d1 - offset1))) +// else +// // get_bit r (sz i) +// get_bit x1 (sz (offset1 + i)) +// ) +// } +// = +// let offset2 = d1 - offset1 in +// Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) (d2 - offset2); +// let power = d2 - offset2 in +// FStar.Classical.forall_intro (get_bit_pow2_minus_one #t power); +// let mask: int_t t = mk_int (pow2 power - 1) in +// admit (); +// ((cast (x2 &. mask <: int_t t) <: int_t u) <>! mk_int #t offset1 <: int_t t) <: int_t u) +// // let a = cast (x1 >>! mk_int #t offset1 <: int_t t) <: int_t u in +// // let b' = cast (x2 &. mask <: int_t t) <: int_t u in +// // let b = b' <= offset2 /\ i < d2}). get_bit b (sz i) == get_bit x2 (sz (i - offset2)) +// // with ( +// // get_bit_pow2_minus_one #t power (sz (i - offset2)); +// // get_bit_and x2 mask (sz i) +// // ); +// // let proof (i: nat {i >= offset2 /\ i < d2}) = +// // // assert (get_bit b (sz i) == get_bit b' (sz (i - offset2))); +// // get_bit_pow2_minus_one #t power (sz (i - offset2)); +// // // assert (get_bit mask (sz (i - offset2)) == 1); +// // get_bit_and x2 mask (sz i); +// // // assert (get_bit b' (sz (i - offset2)) == get_bit x2 (sz (i - offset2))); +// // assert (get_bit b (sz i) == get_bit x2 (sz (i - offset2))); +// // () +// // in +// // // assert (forall (i: nat {i < offset2}). get_bit b (sz i) == 0); +// // // let proof (i: nat {i < offset2}) = + +// // // calc (==) { +// // // get_bit r (sz i); +// // // == { +// // // assert (get_bit b (sz i) == 0); +// // // get_bit_or a b (sz i) +// // // } get_bit a (sz i); +// // // // == { +// // // // get_bit_shr x1 (mk_int #t offset1) (sz i) +// // // // } get_bit x1 (sz (offset1 + i)); +// // // }; +// // // // assert (get_bit b (sz i) == 0); +// // // // assert (get_bit (b |. a) (sz i) == get_bit a (sz i)); +// // // // assert (get_bit a (sz i) == get_bit x1 (sz (offset1 + i))); +// // // // assert (get_bit (b |. a) (sz i) == get_bit x1 (sz (offset1 + i))); +// // // () +// // // // assert (get_bit r (a |. b) == get_bit a (sz i)); +// // // in +// // r +// #pop-options + +// let mask_inv_opt_in_range #t (mask: int_t t {Some? (mask_inv_opt (v mask))}) +// : Lemma (Rust_primitives.Integers.range (Some?.v (mask_inv_opt (v mask))) t) +// [SMTPat (Rust_primitives.Integers.range (Some?.v (mask_inv_opt (v mask))) t)] +// = let n = (Some?.v (mask_inv_opt (v mask))) in +// assert (pow2 n - 1 == v mask) + +// #push-options "--z3rlimit 90 --split_queries always" +// let rw_mix_two_ints +// t u +// (x1: int_t t) (x2: int_t t) +// (mask: int_t t {Some? (mask_inv_opt (v mask))}) +// (shl: int_t t {v shl > 0 /\ v shl < bits u}) +// (shr: int_t t {v shr > 0 /\ v shr < bits t}) +// : Lemma +// (requires ( +// let d1 = v shl + v shr in +// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in +// let offset1 = v shr in +// bits t > bits u +// /\ is_num_bits t d1 +// /\ is_num_bits u d2 +// /\ offset1 < d1 +// /\ offset1 > d1 - d2 +// )) +// (ensures +// ( ((cast (x2 &. mask <: int_t t) <: int_t u) <>! shr <: int_t t) <: int_t u) +// ) +// == ( +// let d1 = v shl + v shr in +// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in +// let offset1 = v shr in +// mix_two_ints t u d1 d2 x1 x2 offset1 +// ) +// ) +// = let d1 = v shl + v shr in +// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in +// let offset1 = v shr in +// reveal_opaque (`%mix_two_ints) (mix_two_ints t u d1 d2 x1 x2 offset1); +// admit () +// #pop-options + +// open FStar.Tactics.V2 + +// let tau () +// = let first_or_trefl () : Tac unit = +// if try apply_lemma_rw (`rw_mix_two_ints); true +// with | _ -> false +// then begin +// FStar.Tactics.V1.dump "Before norm"; +// norm [iota; zeta_full; reify_; delta; primops; simplify; unmeta]; +// FStar.Tactics.V1.dump "After norm"; +// trivial () +// end else trefl () +// in +// pointwise first_or_trefl; +// FStar.Tactics.V1.dump "xx"; +// trefl () + +// #push-options "--compat_pre_core 2" + +// #push-options "--z3rlimit 90" +// // [@@"opaque_to_smt"] +// [@@postprocess_with tau] +// let compress_coefficients_11_ +// coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 = +// let coef1:u8 = cast (coefficient1 <: i16) <: u8 in +// // assert (get_bit ) +// // coefficient1 +// let coef2:u8 = +// ((cast (coefficient2 &. 31s <: i16) <: u8) <>! 8s <: i16) <: u8) +// in +// let coef3:u8 = +// ((cast (coefficient3 &. 3s <: i16) <: u8) <>! 5s <: i16) <: u8) +// in +// let coef4:u8 = cast ((coefficient3 >>! 2s <: i16) &. 255s <: i16) <: u8 in +// let coef5:u8 = +// ((cast (coefficient4 &. 127s <: i16) <: u8) <>! 10s <: i16) <: u8) +// in +// let coef6:u8 = +// ((cast (coefficient5 &. 15s <: i16) <: u8) <>! 7s <: i16) <: u8) +// in +// let coef7:u8 = +// ((cast (coefficient6 &. 1s <: i16) <: u8) <>! 4s <: i16) <: u8) +// in +// let coef8:u8 = cast ((coefficient6 >>! 1s <: i16) &. 255s <: i16) <: u8 in +// let coef9:u8 = +// ((cast (coefficient7 &. 63s <: i16) <: u8) <>! 9s <: i16) <: u8) +// in +// let coef10:u8 = +// ((cast (coefficient8 &. 7s <: i16) <: u8) <>! 6s <: i16) <: u8) +// in +// let coef11:u8 = cast (coefficient8 >>! 3s <: i16) <: u8 in +// // admit (); +// // BitVecEq.bit_vec_equal_intro_principle (); +// coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 +// <: +// (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +// #pop-options + +// #push-options "--fuel 5 --ifuel 0 --z3rlimit 800 --split_queries always" +// let compress_coefficients_11_lemma +// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: +// int_t_d i16_inttype 11) +// = BitVecEq.bit_vec_equal_intro_principle (); +// // let arr1 = MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8) in +// // let arr2 = (MkSeq.create11 (compress_coefficients_11_ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8)) in +// // let bv1 = bit_vec_of_int_t_array arr1 11 in +// // let bv2 = bit_vec_of_int_t_array arr2 8 in +// // let d1 = 11 in +// // let d2 = 8 in +// // let i = 27 in +// // let coef_number_input = i / d1 in +// // let mixed = mix_two_ints i16_inttype u8_inttype +// // 11 8 +// // (Seq.index arr1 coef_number_input ) +// // (Seq.index arr1 (coef_number_input + 1)) +// // (i % d2) in +// assert ( +// // bv1 i == get_bit (Seq.index arr1 (coef_number_input)) (sz (i % d1)) +// // bv2 i == get_bit mixed (sz (i % d2)) +// // get_bit (Seq.index arr1 (coef_number_input)) (sz (i % d1)) +// // bv1 27 == bv2 27 +// BitVecEq.int_t_array_bitwise_eq' +// (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 +// (MkSeq.create11 (compress_coefficients_11_ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8)) 8 +// ) +// #pop-options + +// // bv2 i == bit_vec (Seq.index arr1 ()) + +// let eee +// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: +// int_t_d i32_inttype 11) +// = let arr1 = MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8) in +// let tuple = compress_coefficients_11_ +// coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 in +// let arr2 = MkSeq.create11 tuple in +// let bv1 = bit_vec_of_int_t_array arr1 11 in +// let bv2 = bit_vec_of_int_t_array (MkSeq.create11 tuple) 8 in +// let i = 0 in +// let d = 11 in +// assert ( +// // bv2 i == get_bit (Seq.index arr2 (i / 11)) (sz (i % 11)) +// bv2 i == (cast (coefficient1 <: i32) <: u8) +// ) by (FStar.Tactics.compute (); FStar.Tactics.trefl (); FStar.Tactics.fail "x"); +// // assert ( +// // bv1 i == get_bit (Seq.index arr1 (i / 11)) (sz (i % 11)) +// // ) by (FStar.Tactics.compute (); FStar.Tactics.fail "x"); +// admit () +// // : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +// // (requires True) +// // (ensures fun tuple -> +// // BitVecEq.int_t_array_bitwise_eq' +// // (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 +// // (MkSeq.create11 tuple) 8 +// // ) + +// #push-options "--ifuel 1 --z3rlimit 200" + +// #push-options "--z3rlimit 1600 --split_queries always" + +// let serialize_11_int' (v: t_Slice i16) = +// let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in +// let r1:u8 = +// ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) +// in +// let r2:u8 = +// ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) +// in +// let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in +// let r4:u8 = +// ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) +// in +// let r5:u8 = +// ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) +// in +// let r6:u8 = +// ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) +// in +// let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in +// let r8:u8 = +// ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) +// in +// let r9:u8 = +// ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) +// in +// let r10: u8 = (cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8) in +// let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in +// r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 +// <: +// (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let serialize_12_int (v: t_Slice i16) = +// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in +// let r1:u8 = +// cast (((v.[ sz 0 ] <: i16) >>! 8l <: i16) |. (((v.[ sz 1 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s <: i16) <: u8 in +// r0, r1, r2 <: (u8 & u8 & u8) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let serialize_4_int (v: t_Slice i16) = +// let result0:u8 = +// ((cast (v.[ sz 1 ] <: i16) <: u8) <>! 3l <: i16) |. ((v.[ sz 2 ] <: i16) <>! 1l <: i16) |. ((v.[ sz 4 ] <: i16) <>! 4l <: i16) |. ((v.[ sz 5 ] <: i16) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) < +// let result:t_Array u8 (sz 2) = result in +// let _:usize = temp_1_ in +// true) +// result +// (fun result i -> +// let result:t_Array u8 (sz 2) = result in +// let i:usize = i in +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result +// (sz 0) +// ((result.[ sz 0 ] <: u8) |. +// ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < +// let result:t_Array u8 (sz 2) = result in +// let _:usize = temp_1_ in +// true) +// result +// (fun result i -> +// let result:t_Array u8 (sz 2) = result in +// let i:usize = i in +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result +// (sz 1) +// ((result.[ sz 1 ] <: u8) |. +// ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < +// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in +// let _:usize = temp_1_ in +// true) +// result +// (fun result i -> +// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in +// let i:usize = i in +// { +// result with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// i +// (cast (((v.[ sz 0 ] <: u8) >>! i <: u8) &. 1uy <: u8) <: i16) +// <: +// t_Array i16 (sz 16) +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// in +// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Rust_primitives.Hax.Folds.fold_range (sz 8) +// Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR +// (fun result temp_1_ -> +// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in +// let _:usize = temp_1_ in +// true) +// result +// (fun result i -> +// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in +// let i:usize = i in +// { +// result with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// i +// (cast (((v.[ sz 1 ] <: u8) >>! (i -! sz 8 <: usize) <: u8) &. 1uy <: u8) <: i16) +// <: +// t_Array i16 (sz 16) +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// in +// result + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_10_ (bytes: t_Slice u8) = +// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 20 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 0) +// v0_7_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 1) +// v0_7_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 2) +// v0_7_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 3) +// v0_7_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 4) +// v0_7_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 5) +// v0_7_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 6) +// v0_7_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 7) +// v0_7_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 8) +// v8_15_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 9) +// v8_15_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 10) +// v8_15_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 11) +// v8_15_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 12) +// v8_15_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 13) +// v8_15_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 14) +// v8_15_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 15) +// v8_15_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// v + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_11_ (bytes: t_Slice u8) = +// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 0) +// v0_7_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 1) +// v0_7_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 2) +// v0_7_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 3) +// v0_7_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 4) +// v0_7_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 5) +// v0_7_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 6) +// v0_7_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 7) +// v0_7_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 8) +// v8_15_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 9) +// v8_15_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 10) +// v8_15_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 11) +// v8_15_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 12) +// v8_15_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 13) +// v8_15_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 14) +// v8_15_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 15) +// v8_15_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// v + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_12_ (bytes: t_Slice u8) = +// let v0_1_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v2_3_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 6 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v4_5_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 6; Core.Ops.Range.f_end = sz 9 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v6_7_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 12 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v8_9_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 12; Core.Ops.Range.f_end = sz 15 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v10_11_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 15; Core.Ops.Range.f_end = sz 18 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v12_13_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 18; Core.Ops.Range.f_end = sz 21 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v14_15_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 21; Core.Ops.Range.f_end = sz 24 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 0) +// v0_1_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 1) +// v0_1_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 2) +// v2_3_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 3) +// v2_3_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 4) +// v4_5_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 5) +// v4_5_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 6) +// v6_7_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 7) +// v6_7_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 8) +// v8_9_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 9) +// v8_9_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 10) +// v10_11_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 11) +// v10_11_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 12) +// v12_13_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 13) +// v12_13_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 14) +// v14_15_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 15) +// v14_15_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// re + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_4_ (bytes: t_Slice u8) = +// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 4; Core.Ops.Range.f_end = sz 8 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 0) +// v0_7_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 1) +// v0_7_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 2) +// v0_7_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 3) +// v0_7_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 4) +// v0_7_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 5) +// v0_7_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 6) +// v0_7_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 7) +// v0_7_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 8) +// v8_15_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 9) +// v8_15_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 10) +// v8_15_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 11) +// v8_15_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 12) +// v8_15_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 13) +// v8_15_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 14) +// v8_15_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 15) +// v8_15_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// v + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_5_ (bytes: t_Slice u8) = +// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 0) +// v0_7_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 1) +// v0_7_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 2) +// v0_7_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 3) +// v0_7_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 4) +// v0_7_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 5) +// v0_7_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 6) +// v0_7_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 7) +// v0_7_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 8) +// v8_15_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 9) +// v8_15_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 10) +// v8_15_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 11) +// v8_15_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 12) +// v8_15_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 13) +// v8_15_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 14) +// v8_15_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 15) +// v8_15_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// v + +// #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti new file mode 100644 index 000000000..4ed69770d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti @@ -0,0 +1,100 @@ +module Libcrux_ml_kem.Vector.Portable.Serialize.Edited +// #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +// open Core +// open FStar.Mul + +// val deserialize_10_int (bytes: t_Slice u8) +// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_11_int (bytes: t_Slice u8) +// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_12_int (bytes: t_Slice u8) +// : Prims.Pure (i16 & i16) Prims.l_True (fun _ -> Prims.l_True) + +// val deserialize_4_int (bytes: t_Slice u8) +// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_5_int (bytes: t_Slice u8) +// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val serialize_10_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8 & u8 & u8) +// (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) +// (ensures +// fun tuple -> +// let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in +// BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 4)) 10 (MkSeq.create5 tuple) 8) + +// val serialize_11_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +// (requires Seq.length v == 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 11)) +// (ensures +// fun tuple -> +// let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in +// BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 8)) 11 (MkSeq.create11 tuple) 8) + +// val serialize_12_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_4_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_5_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + +// val deserialize_1_ (v: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_10_ (bytes: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_11_ (bytes: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_12_ (bytes: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_4_ (bytes: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_5_ (bytes: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst b/libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst new file mode 100644 index 000000000..e69de29bb diff --git a/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst b/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst new file mode 100644 index 000000000..e2e480052 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst @@ -0,0 +1,15 @@ +module TacticTest + +open Core +open FStar.Mul +open FStar.Tactics.V2 + +module _ = BitVecEq +module _ = Rust_primitives.BitVectors + + +/// Rewrite lemmas + + + + diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index fb608ca89..c18e35239 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -170,7 +170,7 @@ pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { "#))] #[hax_lib::ensures(|tuple| fstar!(r#" BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 5)) 8 - (MkSeq.create4 $tuple) 5 + (MkSeq.create8 $tuple) 5 /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 4) "#))] pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { @@ -357,16 +357,14 @@ pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] { /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 11) "#))] pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { - let r0 = ((bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16) as i16; - let r1 = ((bytes[2] as i16 & 0x3F) << 5 | (bytes[1] as i16 >> 3)) as i16; - let r2 = ((bytes[4] as i16 & 0x1) << 10 | ((bytes[3] as i16) << 2) | ((bytes[2] as i16) >> 6)) - as i16; - let r3 = ((bytes[5] as i16 & 0xF) << 7 | (bytes[4] as i16 >> 1)) as i16; - let r4 = ((bytes[6] as i16 & 0x7F) << 4 | (bytes[5] as i16 >> 4)) as i16; - let r5 = - ((bytes[8] as i16 & 0x3) << 9 | ((bytes[7] as i16) << 1) | ((bytes[6] as i16) >> 7)) as i16; - let r6 = ((bytes[9] as i16 & 0x1F) << 6 | (bytes[8] as i16 >> 2)) as i16; - let r7 = (((bytes[10] as i16) << 3) | (bytes[9] as i16 >> 5)) as i16; + let r0 = (bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16; + let r1 = (bytes[2] as i16 & 0x3F) << 5 | (bytes[1] as i16 >> 3); + let r2 = (bytes[4] as i16 & 0x1) << 10 | ((bytes[3] as i16) << 2) | ((bytes[2] as i16) >> 6); + let r3 = (bytes[5] as i16 & 0xF) << 7 | (bytes[4] as i16 >> 1); + let r4 = (bytes[6] as i16 & 0x7F) << 4 | (bytes[5] as i16 >> 4); + let r5 = (bytes[8] as i16 & 0x3) << 9 | ((bytes[7] as i16) << 1) | ((bytes[6] as i16) >> 7); + let r6 = (bytes[9] as i16 & 0x1F) << 6 | (bytes[8] as i16 >> 2); + let r7 = ((bytes[10] as i16) << 3) | (bytes[9] as i16 >> 5); hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7) } diff --git a/libcrux-sha3/proofs/fstar/extraction/Makefile b/libcrux-sha3/proofs/fstar/extraction/Makefile new file mode 100644 index 000000000..ec420d509 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Makefile @@ -0,0 +1 @@ +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template From e326838bc14451475be53ad07cf992ce112214c3 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Mon, 26 Aug 2024 18:57:19 +0200 Subject: [PATCH 09/29] wip --- fstar-helpers/fstar-bitvec/RwLemmas.fst | 634 +++++++++--------- .../fstar-bitvec/Tactics.MachineInts.fst | 244 +++++++ fstar-helpers/fstar-bitvec/Tactics.Pow2.fst | 54 ++ fstar-helpers/fstar-bitvec/Tactics.Seq.fst | 49 ++ fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 67 ++ 5 files changed, 731 insertions(+), 317 deletions(-) create mode 100644 fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Pow2.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Seq.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Utils.fst diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.fst b/fstar-helpers/fstar-bitvec/RwLemmas.fst index 21d64c63d..8d86baa9a 100644 --- a/fstar-helpers/fstar-bitvec/RwLemmas.fst +++ b/fstar-helpers/fstar-bitvec/RwLemmas.fst @@ -6,189 +6,13 @@ open FStar.Tactics.V2 open FStar.Tactics.V2.SyntaxHelpers open FStar.Class.Printable open FStar.Mul +open FStar.Option -let rw_seq_index_list #t (l: list t) i - : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) - = () - -// START TEMPLATE -let rw_u8_mk_int x: Lemma (mk_int #u8_inttype x == UInt8.uint_to_t x) = mk_int_equiv_lemma #u8_inttype x -let rw_u8_v_int_to x: Lemma (UInt8.v (UInt8.uint_to_t x) == x) = () -let rw_u8_int_to_v x: Lemma (UInt8.uint_to_t (UInt8.v x) == x) = () -let rw_u8_v x: Lemma (v #u8_inttype x == UInt8.v x) = () -// END TEMPLATE - -// START GENERATED -let rw_i8_mk_int x: Lemma (mk_int #i8_inttype x == Int8.int_to_t x) = mk_int_equiv_lemma #i8_inttype x -let rw_i8_v_int_to x: Lemma (Int8.v (Int8.int_to_t x) == x) = () -let rw_i8_int_to_v x: Lemma (Int8.int_to_t (Int8.v x) == x) = () -let rw_i8_v x: Lemma (v #i8_inttype x == Int8.v x) = () -let rw_u16_mk_int x: Lemma (mk_int #u16_inttype x == UInt16.uint_to_t x) = mk_int_equiv_lemma #u16_inttype x -let rw_u16_v_int_to x: Lemma (UInt16.v (UInt16.uint_to_t x) == x) = () -let rw_u16_int_to_v x: Lemma (UInt16.uint_to_t (UInt16.v x) == x) = () -let rw_u16_v x: Lemma (v #u16_inttype x == UInt16.v x) = () -let rw_i16_mk_int x: Lemma (mk_int #i16_inttype x == Int16.int_to_t x) = mk_int_equiv_lemma #i16_inttype x -let rw_i16_v_int_to x: Lemma (Int16.v (Int16.int_to_t x) == x) = () -let rw_i16_int_to_v x: Lemma (Int16.int_to_t (Int16.v x) == x) = () -let rw_i16_v x: Lemma (v #i16_inttype x == Int16.v x) = () -let rw_u32_mk_int x: Lemma (mk_int #u32_inttype x == UInt32.uint_to_t x) = mk_int_equiv_lemma #u32_inttype x -let rw_u32_v_int_to x: Lemma (UInt32.v (UInt32.uint_to_t x) == x) = () -let rw_u32_int_to_v x: Lemma (UInt32.uint_to_t (UInt32.v x) == x) = () -let rw_u32_v x: Lemma (v #u32_inttype x == UInt32.v x) = () -let rw_i32_mk_int x: Lemma (mk_int #i32_inttype x == Int32.int_to_t x) = mk_int_equiv_lemma #i32_inttype x -let rw_i32_v_int_to x: Lemma (Int32.v (Int32.int_to_t x) == x) = () -let rw_i32_int_to_v x: Lemma (Int32.int_to_t (Int32.v x) == x) = () -let rw_i32_v x: Lemma (v #i32_inttype x == Int32.v x) = () -let rw_u64_mk_int x: Lemma (mk_int #u64_inttype x == UInt64.uint_to_t x) = mk_int_equiv_lemma #u64_inttype x -let rw_u64_v_int_to x: Lemma (UInt64.v (UInt64.uint_to_t x) == x) = () -let rw_u64_int_to_v x: Lemma (UInt64.uint_to_t (UInt64.v x) == x) = () -let rw_u64_v x: Lemma (v #u64_inttype x == UInt64.v x) = () -let rw_i64_mk_int x: Lemma (mk_int #i64_inttype x == Int64.int_to_t x) = mk_int_equiv_lemma #i64_inttype x -let rw_i64_v_int_to x: Lemma (Int64.v (Int64.int_to_t x) == x) = () -let rw_i64_int_to_v x: Lemma (Int64.int_to_t (Int64.v x) == x) = () -let rw_i64_v x: Lemma (v #i64_inttype x == Int64.v x) = () -let rw_integers_list0 = [ - `rw_u8_mk_int;`rw_u8_v_int_to;`rw_u8_int_to_v;`rw_u8_v - // ;`rw_i8_mk_int;`rw_i8_v_int_to;`rw_i8_int_to_v;`rw_i8_v;`rw_u16_mk_int;`rw_u16_v_int_to;`rw_u16_int_to_v;`rw_u16_v - ;`rw_i16_mk_int;`rw_i16_v_int_to;`rw_i16_int_to_v;`rw_i16_v - // ;`rw_u32_mk_int;`rw_u32_v_int_to;`rw_u32_int_to_v;`rw_u32_v;`rw_i32_mk_int;`rw_i32_v_int_to;`rw_i32_int_to_v;`rw_i32_v;`rw_u64_mk_int;`rw_u64_v_int_to;`rw_u64_int_to_v;`rw_u64_v;`rw_i64_mk_int;`rw_i64_v_int_to;`rw_i64_int_to_v;`rw_i64_v - ] -// END GENERATED - -let rw_generic_v_mk_int t (x: int {Rust_primitives.Integers.range x t}) - : Lemma (v (mk_int #t x) == x) - = () -let rw_usize_v_mk_int x: Lemma (v #usize_inttype (mk_int #usize_inttype x) == x) = () -let rw_v_mk_int_usize x: Lemma (mk_int #usize_inttype (v #usize_inttype x) == x) = () +open Tactics.Utils +open Tactics.Pow2 -let rw_integers_list = L.append rw_integers_list0 [ - `rw_generic_v_mk_int; - `rw_usize_v_mk_int; - `rw_v_mk_int_usize; -] -let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) - = match x with - | Some x -> f x - | None -> None - -let expect_int_literal (t: term): Tac (option int) = - match inspect_unascribe t with - | Tv_Const (C_Int n) -> Some n - | _ -> None -let expect_fvar (t: term): Tac (option string) = - match t with - | Tv_UInst fv _ - | Tv_FVar fv -> Some (implode_qn (inspect_fv fv)) - | _ -> None -let expect_free_var (t: term) (fv: string): Tac (option unit) = - let?# fv' = expect_fvar t in - if fv = fv' then Some () else None -let expect_cur_formula_comp () = - match FStar.Tactics.V2.Logic.cur_formula () with - | Comp _ lhs _ -> Some lhs - | _ -> None -let expect_app_n t n: Tac (option (term & (l: list _ {L.length l == n}))) = - let (head, args) = collect_app t in - if L.length args = n - then Some (head, args) - else None - -exception DoRefl -let fast_l_to_r_integers (): Tac unit = - pointwise (fun () -> - try - match let?# t = expect_cur_formula_comp () in - let (f, args) = collect_app t in - let?# _ = if Cons? args then Some () else None in - let?# fv = expect_fvar f in - let fv = explode_qn fv in - if Cons? fv then - (match L.last fv with - | "v" | "mk_int" | "int_to_t" | "uint_to_t" - -> fold_left (fun k l () -> (fun () -> apply_lemma_rw l) `or_else` k) - trefl rw_integers_list () - | _ -> raise DoRefl - ) else raise DoRefl; - Some () - with None -> raise DoRefl | _ -> () - with | DoRefl -> trefl () - | e -> raise e - ) - -#push-options "--compat_pre_core 0" - -let expect_pow2_literal t: Tac (option int) - = let?# (f, [x, _]) = expect_app_n t 1 in - let?# () = expect_free_var f (`%pow2) in - expect_int_literal x - -/// Fully normalize a term of the shape `pow2 n`, where `n` is a literal -let norm_pow2 (): Tac unit = - pointwise (fun () -> - let _ = let?# t = expect_cur_formula_comp () in - let?# n = expect_pow2_literal t in - debug ("Normalized `pow2 " ^ string_of_int n ^ "`"); - Some (norm [iota; zeta_full; reify_; delta; primops; unmeta]) in - trefl ()) - -let rec log2 (n: nat): Tot (option (m: nat {pow2 m == n})) (decreases n) - = if n = 0 then None - else if n = 1 then Some 0 - else if n % 2 <> 0 then None - else match log2 (n / 2) with - | Some n -> Some (1 + n) - | None -> None - -let lemma_of_refinement #t #p (n: t {p n}): Lemma (p n) = () - -let rewrite_pow2_minus_one () = - pointwise (fun () -> - match let?# t = expect_cur_formula_comp () in - let?# n = expect_int_literal t in - if n >= 0 then - match log2 (n + 1) with - | Some e -> - let rw_lemma (): Lemma (n == pow2 e - 1) = () in - apply_lemma_rw (quote rw_lemma); - Some () - | _ -> None - else None - with None -> trefl () | _ -> () - ) - -let _ = fun (i: nat) -> assert (pow2 (i + 3) + pow2 10 == pow2 (i + 3) + 1024) - by (norm_pow2 (); trefl ()) - -private -let unfold_index_lemma (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) - : Lemma ( FStar.List.Tot.index #a l i - == Pervasives.norm [iota; primops] (let hd::tl = l in - if i = 0 then hd else List.Tot.index tl (i - 1))) - = () - - -let rec repeatWhile (f: unit -> Tac bool): Tac unit - = if f () then repeatWhile f - -exception StopNormIndex -let norm_index (): Tac unit = - let _ = repeat (fun _ -> - lset "found" false; - pointwise (fun _ -> - (fun () -> - match let?# t = expect_cur_formula_comp () in - let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in - let?# () = expect_free_var f (`%FStar.List.Tot.index) in - let?# n = expect_int_literal index in - apply_lemma_rw (`unfold_index_lemma); - lset "found" true; - Some () - with | Some () -> () | _ -> raise DoRefl - ) `or_else` trefl); - if lget "found" then () else raise StopNormIndex) in () - -let _ = assert (L.index [1;2;3;4;5;6] 3 == 4) by (norm_index(); trefl ()) +let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) #push-options "--z3rlimit 40" let deserialize_10_int (bytes: t_Array u8 (sz 10)) = @@ -260,18 +84,13 @@ let compute'' (): Tac unit dump "A"; norm [ iota; zeta; reify_ ; delta_namespace ["FStar"; "RwLemmas"; "MkSeq"] - // ; delta_only [ - // `%( +! ); `%( -! ); `%( *! ); `%( /! ); - // `%add; `%mul; `%div; `%sub - // ] ; primops; unmeta]; dump "B"; norm_pow2 (); dump "C"; - l_to_r [`rw_seq_index_list]; - fast_l_to_r_integers (); - dump "D"; - norm_index (); + Tactics.Seq.norm_list_index (); + norm_machine_int (); + Tactics.Seq.simplify_index_seq_of_list (); dump "E"; let goal0 = lget "goal" in @@ -280,46 +99,326 @@ let compute'' (): Tac unit lset "goal" goal1 ) in () -// (((cast (bytes.[ sz 2 ] <: u8) <: i16) &. 15s <: i16) <>! 2l <: i16) -// let _ = assert ((4s +! 5s) < Some contents + | _ -> None + in + let?# y = expect_pow2_minus_one_literal y in + Some () -// let ( << ) (#t:inttype) (a:int_t t) (b:nat {b >= 0 /\ b < bits t}) = -// let x:range_t t = (v a * pow2 b) @%. t in -// mk_int #t x +let simplify_via_mask () + = rewrite_pow2_minus_one (); + pointwise (fun _ -> + match _simplify_via_mask () with + | Some () -> () + | _ -> trefl () + ) -// let rw_shift_left_to_nat -// #t #u (x: int_t t) (y: int_t u {v y >= 0 /\ v y < bits t}) -// : Lemma ((x < () + +// let _ = op_Bar_Dot + +noeq type bit_expr = + | Term: term -> bit_expr + | Int: int -> bit_expr + | And: x:bit_expr -> y:bit_expr -> bit_expr + | Or: x:bit_expr -> y:bit_expr -> bit_expr + | Shl: x:bit_expr -> shift:int -> bit_expr + | Shr: x:bit_expr -> shift:int -> bit_expr + | Cast: x:bit_expr -> bit_expr + +let rec bit_expr_eq a b = + match (a, b) with + | Term a, Term b -> term_eq a b + | Int a, Int b -> a = b + | And xa ya, And xb yb + | Or xa ya, Or xb yb -> bit_expr_eq xa xb && bit_expr_eq ya yb + | Shl a sa, Shl b sb + | Shr a sa, Shr b sb -> bit_expr_eq a b && sa = sb + | Cast a, Cast b -> bit_expr_eq a b + | _ -> false + +let rec bit_expr_contains needle haystack = + let recurse = bit_expr_contains needle in + bit_expr_eq needle haystack + || ( match haystack with + | And l r | Or l r -> recurse l || recurse r + | Cast x | Shl x _ | Shr x _ -> recurse x + | _ -> false) + +let expect_machine_int_lit t: Tac _ = + let open Tactics.MachineInts in + let?# expr = term_to_machine_int_term t in + match expr with + | Op {op = MkInt; contents = Lit n} -> Some n + | _ -> None + +let rec term_to_bit_expr' t: Tac _ + = match expect_machine_int_lit t with + | Some n -> Int n + | _ -> match let?# (f, args) = collect_app_hd t in + let?# (x, y) = match args with + | [_; x,_; y,_] | [_; _; x,_; y,_] + | [_; _; _; x,_; y,_] -> Some (x, y) | _ -> None in + match f with + | `%logand | `%( &. ) + -> Some (And (term_to_bit_expr' x) (term_to_bit_expr' y)) + | `%logor | `%( |. ) + -> Some (Or (term_to_bit_expr' x) (term_to_bit_expr' y)) + | `%shift_left | `%( < let?# y = expect_machine_int_lit y in + Some (Shl (term_to_bit_expr' x) y) + | `%shift_right | `%( >>! ) + -> let?# y = expect_machine_int_lit y in + Some (Shr (term_to_bit_expr' x) y) + | `%cast -> Some (Cast (term_to_bit_expr' y)) + | _ -> None + with + | Some t -> t + | None -> Term t + +let term_to_bit_expr t: Tac (option (x: bit_expr {~(Term? x)})) + = match term_to_bit_expr' t with + | Term _ -> None + | t -> Some t + +let expect_get_bit_expr t: Tac _ + = let?# (expr, index) = expect_get_bit t in + let?# index = expect_machine_int_lit index in + let expr = term_to_bit_expr' expr in + Some (expr, index) + +let fail' msg = dump msg; fail msg + +let expect (msg: string) (x: option 'a): Tac 'a + = match x with + | None -> + dump' ("Expected " ^ msg); + fail ("Expected " ^ msg) + | Some x -> x + +let op_Bar_GreaterThan (x: 'a) (f: 'a -> Tac 'b): Tac 'b = f x + +let get_bit_shl_zero #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) + : Lemma (requires v y >= 0 /\ v y < bits t /\ v i < v y) + (ensures get_bit (x <= 0 /\ v y < bits t /\ v i >= bits t - v y /\ (if signed t then (get_bit x (mk_int (bits t - 1)) == 0) else true)) + (ensures get_bit (x >>! y) i == 0) + = get_bit_shr x y i + +let get_bit_shl_one #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) + : Lemma (requires v y >= 0 /\ v y < bits t /\ v i >= v y) + (ensures get_bit (x < expect "a goal ` == ` (rewrite_lhs)" in + let uvar = fresh_uvar (Some (tc (cur_env ()) lhs)) in + tcut (`squash (`#lhs == `#uvar)) + +/// Proves that `get_bit .. ..` is zero +let rec solve_get_bit_zero (): Tac _ = + let (lhs, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (solve_get_bit_zero)" in + print ("solve_get_bit_zero: " ^ term_to_string lhs); + let (lhs, i) = expect_get_bit_expr lhs |> expect "LHS to be `get_bit .. ..`" in + let rhs' = expect_int_literal rhs |> expect ("RHS to be a int literal, got " ^ term_to_string rhs) in + let _ = match rhs' with | 0 -> () | _ -> fail "RHS should be zero" in + match lhs with + | Term _ -> fail ("LHS is an arbitrary term, I cannot prove it is " ^ string_of_int rhs') + | Int _ -> (compute (); trefl ()) + | Shl _ _ -> + apply_lemma (`get_bit_shl_zero); + (fun _ -> + norm_machine_int (); compute (); norm [simplify]; + trivial () )`or_else` (fun _ -> fail' "Shl: tried to prove it was zero") + | Shr _ _ -> + apply_lemma (`get_bit_shr_zero); + focus (fun _ -> + let _ = repeat split in + iterAll (fun _ -> + match expect_lhs_eq_rhs () with + | Some _ -> print "solve_get_bit_zero: recurse"; + solve_get_bit_zero () + | _ -> (fun _ -> norm_machine_int (); + compute (); + norm [simplify]; + trivial ()) `or_else` (fun _ -> fail' "Shr: tried to prove it was zero") + ) + ) + | Cast _ -> + (try + if rhs' = 0 then apply_lemma (`get_bit_cast_extend) else (); + compute (); norm [simplify]; + trivial `or_else` (fun _ -> fail' "Cast: tried to prove it was zero") + with | _ -> ( + apply_lemma (`get_bit_cast); + compute (); norm [simplify]; + trivial `or_else` (fun _ -> fail' "Cast: tried to prove it was zero [second path]") + )) + | And x y -> fail "And: unsupported" + | _ -> fail "unsupported" + + +let rw_get_bit_and_one_right (x y: int_t 't) i + : Lemma (requires get_bit x i == 1) + (ensures get_bit (y &. x) i == get_bit y i) + = get_bit_and x y i + +let _solve_get_bit_equality lhs i rhs j: Tac _ = + match lhs with + | Term x -> trefl `or_else` (fun _ -> fail' "solve_get_bit_equality: expected terms to be equal at this point") + | And x y -> + let _ = rewrite_lhs () in + flip (); + apply_lemma_rw (`rw_get_bit_and_one_right); + fail "xxx"; + () + | Or x y -> + print ("We are looking at `x |. y`"); + print ("x=" ^ term_to_string (quote x)); + print ("y=" ^ term_to_string (quote y)); + print ("RHS=" ^ term_to_string (quote rhs)); + (match bit_expr_contains rhs x, bit_expr_contains rhs y with + | false, false -> + fail' "RHS was expected to be on the LHS or RHS of the logor!" + | true, true -> fail' "RHS was expected to be on the LHS or RHS of the logor, not both!" + | true, false -> + let rw = rewrite_lhs () in + flip (); + apply_lemma_rw (norm_term [] (`rw_get_bit_or_right)); + print "solve_get_bit_equality: LEFT"; + solve_get_bit_zero () + | false, true -> + let rw = rewrite_lhs () in + flip (); + print "solve_get_bit_equality: RIGHT"; + apply_lemma_rw (norm_term [] (`rw_get_bit_or_left)); + solve_get_bit_zero () + ) + | _ -> fail' "xxxpppppp" + +let solve_get_bit_equality (): Tac _ = + let (lhs, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == `" in + print ("solve_get_bit_equality: (" ^ term_to_string lhs ^ ") == (" ^ term_to_string rhs ^ ")"); + let (lhs, i) = expect_get_bit_expr lhs |> expect "LHS to be `get_bit .. ..`" in + let (rhs, j) = expect_get_bit_expr rhs |> expect "RHS to be `get_bit .. ..`" in + if bit_expr_contains rhs lhs |> not + then fail "was expected the bit expression on RHS to be included in the one of LHS"; + _solve_get_bit_equality lhs i rhs j; + () -// let _ = get_bit ( -// ( cast bytes.[ sz 3 ] &. 63s) <>! 4l -// ) (sz 3) == 0 +#push-options "--compat_pre_core 0" +let asdsd (bytes: t_Array u8 (sz 10)) + = let cast: u8 -> i16 = cast in + assert ( + get_bit ( + ((cast bytes.[ sz 3 ] <: i16) &. 63s <: i16) <>! 4l + ) (sz 5) + == get_bit (cast bytes.[ sz 3 ] <: i16) (sz 0) + ) by ( + Tactics.MachineInts.(transform norm_generic_machine_int_term); + solve_get_bit_equality (); + // dump "XXXX"; + // simplify_via_mask (); + // fail "-------"; + // pointwise' (fun _ -> + // let _ = let?# (t, _) = expect_lhs_eq_uvar () in + + // let?# (f, _) = expect_app_n t 3 in + // let?# () = expect_free_var f (`%get_bit) in + // // norm [ iota; zeta; reify_ + // // ; primops; unmeta]; + // dump' "xxxxx"; + // // apply_lemma_rw (`(rw_rhs_bit_or_no_mask #Lib.IntTypes.U8 #Lib.IntTypes.S16 #Lib.IntTypes.S32 ((`@cast) (`@bytes).[ sz 3 ] &. 63s <: i16))); + // // invert (); + // Some () + // in + // trefl () + // // let _ = repeat clear_top in + // // dump "X"; + // // (fun _ -> apply_lemma_rw (`rw_rhs_bit_or_no_mask)) `or_else` trefl; + // // let _ = repeat clear_top in + // // dump "Y" + // ); + fail "done" + ) + + + +let fff bytes x: unit = + assert ( + get_bit (Seq.index (deserialize_10_int' bytes) 0) (sz 3) + == get_bit (Seq.index bytes 0) (sz 3) + ) by ( + compute'' (); + smt_sync (); + // l_to_r [`rewrite_to_zero]; + // compute'' (); + // apply_lemma_rw + // l_to_r [`rw_rhs_bit_or_no_mask]; + fail "DONE"; + focus (tadmit) + ); + () + -// let _ = -// get_bit ( ((cast bytes.[ sz 1 ] &. 3s ) < Lemma (a x == b x))) (x: t): Lemma (b x == a x) - = f x - -let r_to_l (lems:list term) : Tac unit = - let first_or_trefl () : Tac unit = - fold_left (fun k l () -> - (fun () -> apply_lemma_rw (`(invert (`#l)))) - `or_else` k) - trefl lems () in - pointwise first_or_trefl - -let make_integers_generic () = - pointwise (fun _ -> - dump "X"; - match let?# t = expect_cur_formula_comp () in - let?# n = expect_int_literal t in - // let is_int = - // try let x = tc (top_env ()) (`(3 + (`#t))) in - // print ("tc -> -> " ^ term_to_string x); - // true - // with | _ -> false - // in - let ty = tc (cur_env ()) t in - let ty = norm_term [iota; zeta; reify_; delta; primops; unmeta] ty in - let ty = inspect_unascribe ty in - let is_int = term_eq ty (`int) || term_eq ty (`nat) in - fail ("unify=" ^ string_of_bool is_int); - None - // fail ("ty=" ^ term_to_string ty); - // if unify ty `int - // then - // unify - // match?# expect_fvar ty with - // | "Prims.int" -> None - // | _ -> Some n - with - | Some n -> - let n = n + 1 in - trefl () - // fail (string_of_int n) - | _ -> trefl () - ) - - -// let _ = FStar.Int16.__int_to_t -let _ = fun x -> assert (2s == x) - by ( - norm [iota; primops]; make_integers_generic (); fail "x") - -#push-options "--compat_pre_core 0" -let asdsd (bytes: t_Array u8 (sz 10)) - = let cast: u8 -> i16 = cast in - assert ( - get_bit ((cast bytes.[ sz 3 ] &. 63s <: i16) <>! 4l) (sz 3) == 0 - ) by ( - r_to_l rw_integers_list; - fail "x"; - // l_to_r [`resugar_integer]; - // apply_lemma_rw (`rw_rhs_bit_or_no_mask); - // compute (); - // apply_lemma_rw (`rw_rhs_bit_or_no_mask); - pointwise' (fun _ -> - // let _ = let?# t = expect_cur_formula_comp () in - // let?# (f, _) = expect_app_n t 3 in - // let?# () = expect_free_var f (`%get_bit) in - // apply_lemma_rw (`rw_rhs_bit_or_no_mask); - // invert (); - // Some (dump "heey") - // in - trefl () - // let _ = repeat clear_top in - // dump "X"; - // (fun _ -> apply_lemma_rw (`rw_rhs_bit_or_no_mask)) `or_else` trefl; - // let _ = repeat clear_top in - // dump "Y" - ); - fail "x" - ) - -let fff bytes x: unit = - assert ( - get_bit (Seq.index (deserialize_10_int' bytes) 2) (sz 3) == 0 - ) by ( - compute'' (); - // l_to_r [`rewrite_to_zero]; - // compute'' (); - // apply_lemma_rw - // l_to_r [`rw_rhs_bit_or_no_mask]; - fail "DONE"; - focus (tadmit) - ); - () - diff --git a/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst new file mode 100644 index 000000000..8306cbf99 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst @@ -0,0 +1,244 @@ +module Tactics.MachineInts + +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Option + +open Tactics.Utils +module RI = Rust_primitives.Integers + +/// The size of a machine int. +type size = + | PtrSize + | Size of n:nat {match n with | 8 | 16 | 32 | 64 | 128 -> true | _ -> false} +type signedness = | Signed | Unsigned + +type machine_int_op = | MkInt | V + +noeq type machine_int_term = + | Op { op: machine_int_op; native: bool; size: size; signedness: signedness; contents: machine_int_term } + | Lit of int + | Term of term + +let x = `%FStar.UInt8.uint_to_t + +/// Expect `n` to be a definition in a machine int namespace +let expect_native_machine_int_ns (n: string): (option (signedness & size & string)) + = match explode_qn n with + | "FStar"::int_module::[def_name] -> + let? (sign, size) = match int_module with + | "Int8" -> Some (Signed, Size 8) + | "Int16" -> Some (Signed, Size 16) + | "Int32" -> Some (Signed, Size 32) + | "Int64" -> Some (Signed, Size 64) + | "Int128" -> Some (Signed, Size 128) + | "UInt8" -> Some (Unsigned, Size 8) + | "UInt16" -> Some (Unsigned, Size 16) + | "UInt32" -> Some (Unsigned, Size 32) + | "UInt64" -> Some (Unsigned, Size 64) + | "UInt18" -> Some (Unsigned, Size 128) + | _ -> None + in Some (sign, size, def_name) + | _ -> None + +let mk_native_machine_int_ns (sign: signedness) (size: size): option (list string) + = let sign = match sign with | Signed -> "" | Unsigned -> "U" in + let? size = match size with | PtrSize -> None | Size n -> Some (string_of_int n) in + Some ["FStar"; sign ^ "Int" ^ size] + +let expect_inttype t: Tac (option (signedness & size)) + = let t = norm_term [iota; reify_; delta_namespace ["Rust_primitives.Integers"; "Lib.IntTypes"]; primops; unmeta] t in + let?# t = expect_fvar t in + match t with + | `%RI.i8_inttype | `%Lib.IntTypes.S8 -> Some ( Signed, Size 8) + | `%RI.i16_inttype | `%Lib.IntTypes.S16 -> Some ( Signed, Size 16) + | `%RI.i32_inttype | `%Lib.IntTypes.S32 -> Some ( Signed, Size 32) + | `%RI.i64_inttype | `%Lib.IntTypes.S64 -> Some ( Signed, Size 64) + | `%RI.i128_inttype | `%Lib.IntTypes.S128 -> Some ( Signed, Size 128) + | `%RI.u8_inttype | `%Lib.IntTypes.U8 -> Some (Unsigned, Size 8) + | `%RI.u16_inttype | `%Lib.IntTypes.U16 -> Some (Unsigned, Size 16) + | `%RI.u32_inttype | `%Lib.IntTypes.U32 -> Some (Unsigned, Size 32) + | `%RI.u64_inttype | `%Lib.IntTypes.U64 -> Some (Unsigned, Size 64) + | `%RI.u128_inttype | `%Lib.IntTypes.U128 -> Some (Unsigned, Size 128) + | `%RI.isize_inttype -> Some (Signed, PtrSize) + | `%RI.usize_inttype -> Some (Unsigned, PtrSize) + | _ -> None + +let mk_inttype_name (sign: signedness) (size: size): name = + let sign = match sign with | Signed -> "i" | Unsigned -> "u" in + let size = match size with | PtrSize -> "size" | Size n -> string_of_int n in + ["Rust_primitives"; "Integers"; sign ^ size ^ "_inttype"] + +let mk_inttype (sign: signedness) (size: size): Tac term = + pack (Tv_FVar (pack_fv (mk_inttype_name sign size))) + +let rec term_to_machine_int_term'' (t: term): Tac (option machine_int_term) = + let t = norm_term [delta_only [(`%RI.sz); (`%RI.isz)]] t in + match t with + | Tv_Const (C_Int n) -> Some (Lit n) + | _ -> + let?# (hd, args) = collect_app_hd t in + match expect_native_machine_int_ns hd, args with + | (Some (signedness, size, def_name), [arg, _]) -> begin + let native = true in + let contents = term_to_machine_int_term' arg in + let?# op = match def_name with + | "__uint_to_t" | "__int_to_t" | "uint_to_t" | "int_to_t" -> Some MkInt + | "v" -> Some V | _ -> None in + Some (Op {op; native; size; signedness; contents}) + end + | (None, [inttype, _; contents, _]) -> begin + let?# (signedness, size) = expect_inttype inttype in + let contents = term_to_machine_int_term' contents in + let?# op = match hd with | `%RI.mk_int -> Some MkInt + | `%RI.v -> Some V + | _ -> None in + Some (Op {op; native = false; size; signedness; contents}) + end + | _ -> None + +and term_to_machine_int_term' (t: term): Tac machine_int_term = + match term_to_machine_int_term'' t with | Some t -> t | None -> Term t + +let term_to_machine_int_term (t: term): Tac (option (t: machine_int_term {~(Term? t)})) + = match term_to_machine_int_term' t with + | Term _ -> None | t -> Some t + +let rec machine_int_term_to_term (t: machine_int_term): Tac (option term) = + match t with + | Term t -> Some t + | Op {native = false; op; size; signedness; contents} -> + let inttype = mk_inttype signedness size in + let?# contents = machine_int_term_to_term contents in + let op = match op with | V -> `RI.v + | MkInt -> `RI.mk_int in + Some (`((`#op) #(`#inttype) (`#contents))) + | Op {native = true; op; size; signedness; contents} -> + let?# ns = mk_native_machine_int_ns signedness size in + let f = FStar.List.Tot.append ns [ + match op with + | MkInt -> (match signedness with | Signed -> "" | Unsigned -> "u") ^ "int_to_t" + | V -> "v" + ] in + let f = pack (Tv_FVar (pack_fv f)) in + let?# contents = machine_int_term_to_term contents in + Some (mk_e_app f [contents]) + | Lit n -> Some (pack (Tv_Const (C_Int n))) + +type operation = machine_int_term -> option machine_int_term + +/// Removes `mk_int (v ...)` or `v (mk_int ...)` when it's the same type +let rec flatten_machine_int_term: operation = function + | Op x -> begin match x.contents with + | Op y -> if x.op <> y.op && x.size = y.size && x.signedness = y.signedness + then Some (match flatten_machine_int_term y.contents with + | Some result -> result + | None -> y.contents) + else let? y = flatten_machine_int_term (Op y) in + Some (Op {x with contents = y}) + | _ -> None + end + | _ -> None + +let rec change_native_machine_int_term (native: bool): operation = function + | Op x -> let contents = change_native_machine_int_term native x.contents in + if x.native = native + then None + else Some (Op { x with native + ; contents = match contents with + | Some contents -> contents + | None -> x.contents}) + | _ -> None + +let combine: operation -> operation -> operation = + fun f g t -> match f t with + | Some t -> (match g t with | Some t -> Some t | None -> Some t) + | None -> g t + +/// We call `x` a normal machine integer if `x` has no `mk_int (v +/// ...)` or `v (mk_int ...)` sequence and if all `mk_int` and `v` are +/// native (aka `FStar.[U]Int*.*`, not +/// `Rust_primitives.Integer.*`). Note `usize` is an exception, +/// `mk_int` and `v` alone one usizes (and isizes) cannot be reduced +/// further. +let norm_machine_int_term = combine flatten_machine_int_term (change_native_machine_int_term true) + +/// We call `x` a normal generic machine integer if `x` has no +/// `FStar.[U]Int*.[u]int_to_t/v`, and no `mk_int (v ...)` or `v +/// (mk_int ...)`. +let norm_generic_machine_int_term = combine flatten_machine_int_term (change_native_machine_int_term false) + +let rw_v_mk_int_usize x + : Lemma (eq2 (RI.v #RI.usize_inttype (RI.mk_int #RI.usize_inttype x)) x) = () +let rw_mk_int_v_usize x + : Lemma (eq2 (RI.mk_int #RI.usize_inttype (RI.v #RI.usize_inttype x)) x) = () + +/// Unfolds `mk_int` using `mk_int_equiv_lemma` +let norm_mk_int () = + let?# (lhs, _) = expect_lhs_eq_uvar () in + let lhs' = term_to_machine_int_term lhs in + match?# lhs' with + | Op {op = MkInt; native = false; size; signedness; contents} -> + let inttype = mk_inttype signedness size in + let lemma = `(RI.mk_int_equiv_lemma #(`#inttype)) in + let lemma = norm_term [primops; iota; delta; zeta] lemma in + focus (fun _ -> + apply_lemma_rw lemma + // iterAllSMT (fun () -> smt_sync `or_else` (fun _ -> dump "norm_mk_int: Could not solve SMT here")) + ); + Some () + | _ -> None + +/// Rewrites `goal_lhs` into `machine_int`. This function expects the +/// goal to be of the shape ` == (?...)`, where `` +/// is a machine int. Do not call this function directly. +let _rewrite_to (goal_lhs: term) (eq_type: typ) (machine_int: machine_int_term): Tac (option unit) + = let?# t_term = machine_int_term_to_term machine_int in + Some (focus (fun _ -> + let rw = tcut (`squash (eq2 #(`#eq_type) (`#goal_lhs) (`#t_term))) in + // This tcut will generate simple verification conditions, we + // discharge them right away + // iterAllSMT (fun () -> smt_sync `or_else` (fun _ -> dump "norm_mk_int: Could not solve SMT here")); + flip (); + pointwise' (fun () -> match norm_mk_int () with + | Some _ -> () + | None -> // special case for usize + (fun () -> (fun () -> apply_lemma_rw (`rw_v_mk_int_usize)) + `or_else` (fun () -> apply_lemma_rw (`rw_mk_int_v_usize))) + `or_else` trefl + ); + compute (); + trefl (); + apply_lemma_rw rw + )) + +let transform (f: machine_int_term -> option machine_int_term): Tac unit + = pointwise' (fun _ -> + match revert_if_none (fun _ -> + let?# (lhs, eq_type) = expect_lhs_eq_uvar () in + let?# machine_int = term_to_machine_int_term lhs in + let?# machine_int' = f machine_int in + let?# _ = _rewrite_to lhs eq_type machine_int' in + Some () + ) + with + | None -> trefl () + | _ -> () + ) + +open Rust_primitives.Integers +let _ = fun x -> assert (v (mk_int #usize_inttype x) == x) + by (transform norm_machine_int_term; trefl ()) +let _ = assert (mk_int #u8_inttype 3 == 3uy) + by (transform norm_machine_int_term; trefl ()) +let _ = fun x -> assert (mk_int #u8_inttype x == FStar.UInt8.uint_to_t x) + by (transform norm_machine_int_term) +let _ = assert (v (mk_int #usize_inttype 3) == 3) + by (transform norm_machine_int_term; trefl ()) +let _ = fun x -> assert (v (mk_int #usize_inttype x) == x) + by (transform norm_machine_int_term; trefl ()) +let _ = assert (mk_int #u8_inttype 3 == 3uy) + by (transform norm_generic_machine_int_term; trefl ()) +let _ = fun x -> assert (mk_int #u8_inttype x == FStar.UInt8.uint_to_t x) + by (transform norm_generic_machine_int_term; trefl ()) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst b/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst new file mode 100644 index 000000000..0bd0c5918 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst @@ -0,0 +1,54 @@ +module Tactics.Pow2 + +open Core +open Tactics.Utils +open FStar.Tactics.V2 + +let expect_pow2_literal t: Tac (option int) + = let?# (f, [x, _]) = expect_app_n t 1 in + let?# () = expect_free_var f (`%pow2) in + expect_int_literal x + +let expect_pow2_minus_one_literal t: Tac (option int) + = let?# (f, [x, _; y, _]) = expect_app_n t 2 in + let?# () = expect_free_var f (`%op_Subtraction) in + let?# y = expect_int_literal y in + let?? () = y = 1 in + expect_pow2_literal x + +/// Fully normalize a term of the shape `pow2 n`, where `n` is a literal +let norm_pow2 (): Tac unit = + pointwise (fun () -> + let _ = let?# (t, _) = expect_lhs_eq_uvar () in + let?# n = expect_pow2_literal t in + debug ("Normalized `pow2 " ^ string_of_int n ^ "`"); + Some (norm [iota; zeta_full; reify_; delta; primops; unmeta]) in + trefl ()) + +let rec log2 (n: nat): Tot (option (m: nat {pow2 m == n})) (decreases n) + = if n = 0 then None + else if n = 1 then Some 0 + else if n % 2 <> 0 then None + else match log2 (n / 2) with + | Some n -> Some (1 + n) + | None -> None + +let lemma_of_refinement #t #p (n: t {p n}): Lemma (p n) = () + +let rewrite_pow2_minus_one () = + pointwise (fun () -> + match let?# (t, _) = expect_lhs_eq_uvar () in + let?# n = expect_int_literal t in + if n >= 0 then + match log2 (n + 1) with + | Some e -> + let rw_lemma (): Lemma (n == pow2 e - 1) = () in + apply_lemma_rw (quote rw_lemma); + Some () + | _ -> None + else None + with None -> trefl () | _ -> () + ) + +let _ = fun (i: nat) -> assert (pow2 (i + 3) + pow2 10 == pow2 (i + 3) + 1024) + by (norm_pow2 (); trefl ()) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst new file mode 100644 index 000000000..36468f63d --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst @@ -0,0 +1,49 @@ +module Tactics.Seq + +open Core +module L = FStar.List.Tot +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + +open Tactics.Utils +open Tactics.Pow2 + +let rw_seq_index_list #t (l: list t) i + : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) + = () + +private let unfold_index_lemma (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) + : Lemma ( FStar.List.Tot.index #a l i + == Pervasives.norm [iota; primops] (let hd::tl = l in + if i = 0 then hd else List.Tot.index tl (i - 1))) + = () + +private exception DoRefl +private exception StopNormIndex +let norm_list_index (): Tac unit = + let _ = repeat (fun _ -> + lset "found" false; + pointwise (fun _ -> + (fun () -> + match let?# (t, _) = expect_lhs_eq_uvar () in + let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%FStar.List.Tot.index) in + let?# n = expect_int_literal index in + apply_lemma_rw (`unfold_index_lemma); + lset "found" true; + Some () + with | Some () -> () | _ -> raise DoRefl + ) `or_else` trefl); + if lget "found" then () else raise StopNormIndex) in () + +let _ = assert (L.index [1;2;3;4;5;6] 3 == 4) by (norm_list_index(); trefl ()) + +let simplify_index_seq_of_list () = l_to_r [`rw_seq_index_list] + +let norm_index (): Tac unit + = norm_list_index (); + simplify_index_seq_of_list () + diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst new file mode 100644 index 000000000..9cb52203c --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -0,0 +1,67 @@ +module Tactics.Utils + +open Core +module L = FStar.List.Tot +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + + +let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) + = match x with + | Some x -> f x + | None -> None + +let ( let?? ) (x: bool) (f: unit -> Tac (option 'a)): Tac (option 'a) + = if x then f () else None + +let expect_int_literal (t: term): Tac (option int) = + match inspect_unascribe t with + | Tv_Const (C_Int n) -> Some n + | _ -> None + +let expect_fvar (t: term): Tac (option string) = + match t with + | Tv_UInst fv _ + | Tv_FVar fv -> Some (implode_qn (inspect_fv fv)) + | _ -> None + +let expect_free_var (t: term) (fv: string): Tac (option unit) = + let?# fv' = expect_fvar t in + if fv = fv' then Some () else None + +let expect_lhs_eq_rhs () = + match FStar.Tactics.V2.Logic.cur_formula () with + | Comp (Eq typ) lhs rhs -> + let typ = match typ with | None -> `_ | Some typ -> typ in + Some (lhs, rhs, typ) + | _ -> None + +let expect_lhs_eq_uvar () = + match expect_lhs_eq_rhs () with + | Some (lhs, rhs, typ) -> + ( match rhs with | Tv_Uvar _ _ -> Some (lhs, typ) | _ -> None ) + | _ -> None + +let expect_app_n t n: Tac (option (term & (l: list _ {L.length l == n}))) = + let (head, args) = collect_app t in + if L.length args = n + then Some (head, args) + else None + +private exception ForceRevert +let revert_if_none (f: unit -> Tac (option 'a)): Tac (option 'a) + = try match f () with Some x -> Some x + | None -> raise ForceRevert + with | ForceRevert -> None | e -> raise e + +/// Collects an application whose head is a free variable +let collect_app_hd t: Tac (option (string & list argv)) + = let (hd, args) = collect_app t in + let?# fv = expect_fvar hd in + Some (fv, args) + +let rec repeatWhile (f: unit -> Tac bool): Tac unit + = if f () then repeatWhile f From 57b2977a85588a5cd5e8993e8a4b5b053d6e8a27 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 27 Aug 2024 13:49:13 +0200 Subject: [PATCH 10/29] wip --- fstar-helpers/fstar-bitvec/RwLemmas.fst | 206 ++++++++++++++----- fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 77 ++++++- 2 files changed, 229 insertions(+), 54 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.fst b/fstar-helpers/fstar-bitvec/RwLemmas.fst index 8d86baa9a..178ed4cd7 100644 --- a/fstar-helpers/fstar-bitvec/RwLemmas.fst +++ b/fstar-helpers/fstar-bitvec/RwLemmas.fst @@ -11,6 +11,7 @@ open FStar.Option open Tactics.Utils open Tactics.Pow2 +open BitVecEq {} let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) @@ -64,7 +65,7 @@ let split_forall_nat // #push-options "--z3rlimit 60" let rw_bit_or (b1 b2: bit) result: - Lemma + Lemma (requires ( (b1 = 0 ==> b2 = 0 ==> result = 0) /\ (b1 = 0 ==> b2 = 1 ==> result = 1) @@ -108,10 +109,12 @@ let rw_get_bit_and (x y: int_t 't) i let rw_get_bit_and_left (x y: int_t 't) i : Lemma (requires get_bit x i == 0) (ensures get_bit (x &. y) i == 0) + [SMTPat (get_bit (x &. y) i)] = get_bit_and x y i let rw_get_bit_and_right (x y: int_t 't) i : Lemma (requires get_bit x i == 0) (ensures get_bit (y &. x) i == 0) + [SMTPat (get_bit (y &. x) i)] = get_bit_and x y i let rw_get_bit_or_left (x y: int_t 't) i : Lemma (requires get_bit x i == 0) @@ -162,10 +165,6 @@ let pow2_in_range t (n: nat {n < bits t - (if unsigned t then 0 else 1)}) [SMTPat (Rust_primitives.Integers.range (pow2 n - 1) t)] = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n -exception Restore -let dump' (msg: string): Tac unit - = try let _ = repeat clear_top in set_smt_goals []; dump msg with | _ -> () - // let _ = op_Bar_Dot noeq type bit_expr = @@ -177,9 +176,61 @@ noeq type bit_expr = | Shr: x:bit_expr -> shift:int -> bit_expr | Cast: x:bit_expr -> bit_expr +let rec term_eq'' a b (n: nat): Tot _ (decreases n) = + let open FStar.Stubs.Reflection.V2.Data in + if n = 0 then term_eq a b else + match (inspect_ln a, inspect_ln b) with + | (Tv_FVar a, Tv_FVar b) + | (Tv_FVar a, Tv_UInst b _) + | (Tv_UInst a _, Tv_FVar b) + | (Tv_UInst a _, Tv_UInst b _) -> inspect_fv a = inspect_fv b + | (Tv_Var _, Tv_Var _) -> term_eq a b + | (Tv_App _ _, Tv_App _ _) -> + let a, a_args = collect_app_ln a in + let b, b_args = collect_app_ln b in + let a_args = L.filter (fun (_, x) -> Q_Explicit? x) a_args in + let b_args = L.filter (fun (_, x) -> Q_Explicit? x) b_args in + L.length a_args = L.length b_args + && ( + let rec h a_args (b_args: _ {L.length a_args == L.length b_args}) = + match a_args, b_args with + | ((ahd,_)::atl), ((bhd,_)::btl) -> + term_eq'' ahd bhd (n - 1) && h atl btl + | [], [] -> true + in h a_args b_args + ) + | (Tv_AscribedT a _ _ _, _) + | (Tv_AscribedC a _ _ _, _) -> term_eq'' a b (n-1) + | (_, Tv_AscribedT b _ _ _) + | (_, Tv_AscribedC b _ _ _) -> term_eq'' a b (n-1) + | (Tv_Type _, Tv_Type _) -> true + | (Tv_Refine _ a, _) -> term_eq'' a b (n - 1) + | (_, Tv_Refine _ b) -> term_eq'' a b (n - 1) + // && term_eq' a b && L.fold_left (fun i a -> L.index b_args i `term_eq'` a) + // | Tv_Var : v:namedv -> named_term_view + // | Tv_BVar : v:bv -> named_term_view + // | Tv_FVar : v:fv -> named_term_view + // | Tv_UInst : v:fv -> us:universes -> named_term_view + // | Tv_App : hd:term -> a:argv -> named_term_view + // | Tv_Abs : b:binder -> body:term -> named_term_view + // | Tv_Arrow : b:binder -> c:comp -> named_term_view + // | Tv_Type : universe -> named_term_view + // | Tv_Refine : b:simple_binder -> ref:term -> named_term_view + // | Tv_Const : vconst -> named_term_view + // | Tv_Uvar : nat -> ctx_uvar_and_subst -> named_term_view + // | Tv_Let : recf:bool -> attrs:(list term) -> b:simple_binder -> def:term -> body:term -> named_term_view + // | Tv_Match : scrutinee:term -> ret:option match_returns_ascription -> brs:(list branch) -> named_term_view + // | Tv_AscribedT : e:term -> t:term -> tac:option term -> use_eq:bool -> named_term_view + // | Tv_AscribedC : e:term -> c:comp -> tac:option term -> use_eq:bool -> named_term_view + // | Tv_Unknown : named_term_view // An underscore: _ + // | Tv_Unsupp : named_term_view // failed to inspect, not supported + | _ -> term_eq a b + +let term_eq' a b = term_eq'' a b 99999 + let rec bit_expr_eq a b = match (a, b) with - | Term a, Term b -> term_eq a b + | Term a, Term b -> term_eq' a b | Int a, Int b -> a = b | And xa ya, And xb yb | Or xa ya, Or xb yb -> bit_expr_eq xa xb && bit_expr_eq ya yb @@ -238,14 +289,6 @@ let expect_get_bit_expr t: Tac _ let expr = term_to_bit_expr' expr in Some (expr, index) -let fail' msg = dump msg; fail msg - -let expect (msg: string) (x: option 'a): Tac 'a - = match x with - | None -> - dump' ("Expected " ^ msg); - fail ("Expected " ^ msg) - | Some x -> x let op_Bar_GreaterThan (x: 'a) (f: 'a -> Tac 'b): Tac 'b = f x @@ -255,7 +298,7 @@ let get_bit_shl_zero #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) = get_bit_shl x y i let get_bit_shr_zero #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) - : Lemma (requires v y >= 0 /\ v y < bits t /\ v i >= bits t - v y /\ (if signed t then (get_bit x (mk_int (bits t - 1)) == 0) else true)) + : Lemma (requires v y >= 0 /\ v y < bits t /\ (v i >= bits t - v y /\ (if signed t then (get_bit x (mk_int (bits t - 1)) == 0) else true))) (ensures get_bit (x >>! y) i == 0) = get_bit_shr x y i @@ -264,10 +307,22 @@ let get_bit_shl_one #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) (ensures get_bit (x < expect "a goal ` == ` (rewrite_lhs)" in - let uvar = fresh_uvar (Some (tc (cur_env ()) lhs)) in - tcut (`squash (`#lhs == `#uvar)) +let get_bit_shr #t #u (x: int_t t) (y: int_t u {v y >= 0 /\ v y < bits t}) (i: usize {v i < bits t}) + : Lemma (ensures get_bit (shift_right x y) i + == 1) + // == (if v i < bits t - v y + // then get_bit x (mk_int (v i + v y)) + // else if signed t + // then get_bit x (mk_int (bits t - 1)) + // else 0)) + // (ensures get_bit (x >>! y) i + // == (if v i < bits t - v y + // then get_bit x (mk_int (v i + v y)) + // else if signed t + // then get_bit x (mk_int (bits t - 1)) + // else 0)) + [SMTPat (get_bit (x >>! y) i)] + = admit () /// Proves that `get_bit .. ..` is zero let rec solve_get_bit_zero (): Tac _ = @@ -280,12 +335,16 @@ let rec solve_get_bit_zero (): Tac _ = | Term _ -> fail ("LHS is an arbitrary term, I cannot prove it is " ^ string_of_int rhs') | Int _ -> (compute (); trefl ()) | Shl _ _ -> - apply_lemma (`get_bit_shl_zero); + let _ = rewrite_lhs () in + flip (); + apply_lemma_rw (`get_bit_shl); (fun _ -> norm_machine_int (); compute (); norm [simplify]; trivial () )`or_else` (fun _ -> fail' "Shl: tried to prove it was zero") | Shr _ _ -> - apply_lemma (`get_bit_shr_zero); + let _ = rewrite_lhs () in + flip (); + apply_lemma_rw_eqtype (`get_bit_shr); focus (fun _ -> let _ = repeat split in iterAll (fun _ -> @@ -338,7 +397,9 @@ let _solve_get_bit_equality lhs i rhs j: Tac _ = | true, false -> let rw = rewrite_lhs () in flip (); + dump' "solve_get_bit_equality: LEFT (BEFORE)"; apply_lemma_rw (norm_term [] (`rw_get_bit_or_right)); + dump' "solve_get_bit_equality: LEFT (AFTE RLEMMA)"; print "solve_get_bit_equality: LEFT"; solve_get_bit_zero () | false, true -> @@ -350,56 +411,97 @@ let _solve_get_bit_equality lhs i rhs j: Tac _ = ) | _ -> fail' "xxxpppppp" -let solve_get_bit_equality (): Tac _ = +let swap_eq2_goal p q: Lemma (requires eq2 p q) (ensures eq2 q p) = () + +let rec solve_get_bit_equality' can_invert: Tac _ = let (lhs, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == `" in print ("solve_get_bit_equality: (" ^ term_to_string lhs ^ ") == (" ^ term_to_string rhs ^ ")"); let (lhs, i) = expect_get_bit_expr lhs |> expect "LHS to be `get_bit .. ..`" in let (rhs, j) = expect_get_bit_expr rhs |> expect "RHS to be `get_bit .. ..`" in if bit_expr_contains rhs lhs |> not - then fail "was expected the bit expression on RHS to be included in the one of LHS"; - _solve_get_bit_equality lhs i rhs j; - () + then if can_invert + then (apply_lemma (`swap_eq2_goal); solve_get_bit_equality' false) + else fail "was expected the bit expression on RHS to be included in the one of LHS" + else _solve_get_bit_equality lhs i rhs j +let solve_get_bit_equality (): Tac _ = + solve_get_bit_equality' true + +let rec term_to_string'' (t: term): Tac string + = match t with + | Tv_App f (x, Q_Meta _) -> term_to_string'' f + | Tv_App f (x, aqualv) -> + let qual = match aqualv with | Q_Implicit -> "#" | Q_Explicit -> "" in + term_to_string' f ^ " " ^ qual ^ "(" ^ term_to_string' x ^ ")" + | Tv_UInst v _ | Tv_FVar v -> + let v = implode_qn (inspect_fv v) in + (match v with + | `%get_bit -> "get_bit" + | `%bit -> "bit" + | `%eq2 -> "eq2" + | `%u8 -> "u8" + | `%u16 -> "u16" + | `%i16 -> "i16" + | `%i32 -> "i32" + | `%sz -> "sz" + | `%usize -> "usize" + | _ -> v + ) + | _ -> term_to_string t +and term_to_string' t: Tac _ = term_to_string'' t + +// get_bit (Seq.Base.index bytes 2) (sz 1) == +// get_bit ((cast bytes.[ sz 2 ] &. 15s) <>! 2l) (sz 7) +let opts = "--using_facts_from '-* +Rust_primitives.BitVectors ++Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers.get_bit_and +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend'" + +#push-options "--z3rlimit 80" +let fff_ bytes x: unit = + let bv1 = bit_vec_of_int_t_array bytes 8 in + let out = deserialize_10_int' bytes in + let bv2 = bit_vec_of_int_t_array out 10 in + let i = 77 in + if false then + assert (bv1 i == bv2 i) by ( + norm [ + iota; primops; + delta_only [`%bit_vec_of_int_t_array; `%FunctionalExtensionality.on]; + ]; + compute'' (); + set_options opts; + dump "SMT NOW"; + smt_sync (); + // squash_intro (); + // print (term_to_string' (cur_goal())); + fail "DONE" + ) +#pop-options #push-options "--compat_pre_core 0" +#push-options "--z3rlimit 80" +#push-options "--print_implicits" let asdsd (bytes: t_Array u8 (sz 10)) = let cast: u8 -> i16 = cast in assert ( - get_bit ( - ((cast bytes.[ sz 3 ] <: i16) &. 63s <: i16) <>! 4l - ) (sz 5) - == get_bit (cast bytes.[ sz 3 ] <: i16) (sz 0) + eq2 #(bit) (get_bit #(Lib.IntTypes.U8) (FStar.Seq.Base.index #(Rust_primitives.Integers.int_t (Lib.IntTypes.U8)) (bytes) (2)) (sz (1))) (get_bit #(Lib.IntTypes.S16) (Rust_primitives.Integers.op_Bar_Dot #(Lib.IntTypes.S16) (Rust_primitives.Integers.op_Less_Less_Bang #(Lib.IntTypes.S16) #(Lib.IntTypes.S32) (Rust_primitives.Integers.op_Amp_Dot #(Lib.IntTypes.S16) (Rust_primitives.cast #(u8) #(i16) #(Rust_primitives.cast_tc_integers (Lib.IntTypes.U8) (Lib.IntTypes.S16)) (Core.Ops.op_String_Access #(Rust_primitives.Arrays.t_Array (u8) (sz (10))) #(usize) #(Rust_primitives.Hax.impl__index (u8) (sz (10)) (Rust_primitives.Integers.usize_inttype)) (bytes) (sz (2)))) (FStar.Int16.int_to_t (15))) (FStar.Int32.int_to_t (6))) (Rust_primitives.Integers.op_Greater_Greater_Bang #(Lib.IntTypes.S16) #(Lib.IntTypes.S32) (Rust_primitives.cast #(u8) #(i16) #(Rust_primitives.cast_tc_integers (Lib.IntTypes.U8) (Lib.IntTypes.S16)) (Core.Ops.op_String_Access #(Rust_primitives.Arrays.t_Array (u8) (sz (10))) #(usize) #(Rust_primitives.Hax.impl__index (u8) (sz (10)) (Rust_primitives.Integers.usize_inttype)) (bytes) (sz (1)))) (FStar.Int32.int_to_t (2)))) (sz (7))) + // get_bit ( + // ((cast bytes.[ sz 3 ] <: i16) &. 63s <: i16) <>! 4l + // ) (sz 5) + // == get_bit (cast bytes.[ sz 3 ] <: i16) (sz 0) ) by ( + norm [iota; delta_only [`%( .[] ); `%Core.Ops.Index.Mkt_Index; `%Rust_primitives.Hax.impl__index; `%Core.Ops.Index.f_index]]; Tactics.MachineInts.(transform norm_generic_machine_int_term); solve_get_bit_equality (); - // dump "XXXX"; - // simplify_via_mask (); - // fail "-------"; - // pointwise' (fun _ -> - // let _ = let?# (t, _) = expect_lhs_eq_uvar () in - - // let?# (f, _) = expect_app_n t 3 in - // let?# () = expect_free_var f (`%get_bit) in - // // norm [ iota; zeta; reify_ - // // ; primops; unmeta]; - // dump' "xxxxx"; - // // apply_lemma_rw (`(rw_rhs_bit_or_no_mask #Lib.IntTypes.U8 #Lib.IntTypes.S16 #Lib.IntTypes.S32 ((`@cast) (`@bytes).[ sz 3 ] &. 63s <: i16))); - // // invert (); - // Some () - // in - // trefl () - // // let _ = repeat clear_top in - // // dump "X"; - // // (fun _ -> apply_lemma_rw (`rw_rhs_bit_or_no_mask)) `or_else` trefl; - // // let _ = repeat clear_top in - // // dump "Y" - // ); + // print (term_to_string' (cur_goal())); + // smt_sync (); fail "done" ) + + let fff bytes x: unit = assert ( get_bit (Seq.index (deserialize_10_int' bytes) 0) (sz 3) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst index 9cb52203c..1ef093426 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -32,13 +32,16 @@ let expect_free_var (t: term) (fv: string): Tac (option unit) = let?# fv' = expect_fvar t in if fv = fv' then Some () else None -let expect_lhs_eq_rhs () = - match FStar.Tactics.V2.Logic.cur_formula () with +let expect_lhs_eq_rhs_term t = + match term_as_formula t with | Comp (Eq typ) lhs rhs -> let typ = match typ with | None -> `_ | Some typ -> typ in Some (lhs, rhs, typ) | _ -> None +let expect_lhs_eq_rhs () = + expect_lhs_eq_rhs_term (cur_goal ()) + let expect_lhs_eq_uvar () = match expect_lhs_eq_rhs () with | Some (lhs, rhs, typ) -> @@ -65,3 +68,73 @@ let collect_app_hd t: Tac (option (string & list argv)) let rec repeatWhile (f: unit -> Tac bool): Tac unit = if f () then repeatWhile f + + +let fail' msg = dump msg; fail msg + +exception Restore +let dump' (msg: string): Tac unit + = try set_smt_goals []; + iterAll (fun _ -> let _ = repeat clear_top in ()); + dump msg; + raise Restore + with | _ -> () + +let expect (msg: string) (x: option 'a): Tac 'a + = match x with + | None -> + dump' ("Expected " ^ msg); + fail ("Expected " ^ msg) + | Some x -> x + + +let statement_of_lemma (lemma: term) = + let _, comp = collect_arr (tc (cur_env ()) lemma) in + match inspect_comp comp with + | C_Total x + | C_Lemma _ x _ -> ( + match x with + | Tv_Abs _ x -> `(squash (`#x)) + | _ -> `(squash (`#x)) + ) + | _ -> fail "statement_of_lemma: supports only Tot and Lemma" + +let weaken_eq2_lemma (u: Type) (t: Type {subtype_of t u}) (p q: t) () + : Lemma (requires ( == ) #u p q) + (ensures ( == ) #t p q) + = () + +let apply_lemma_rw_eqtype (lemma: term): Tac unit + = try + apply_lemma_rw lemma + with + | e -> match + let stmt = statement_of_lemma lemma in + let?# (lemma_lhs, lemma_rhs, type_lemma') = expect_lhs_eq_rhs_term stmt in + let?# (goal_lhs, goal_rhs, type_goal') = expect_lhs_eq_rhs () in + let type_lemma = norm_term [delta; iota; primops] type_lemma' in + let type_goal = norm_term [delta; iota; primops] type_goal' in + if term_eq type_lemma type_goal + then None + else + ( print "######## Warning: apply_lemma_rw, rewrite equalities with different type"; + print ("######## Your lemma has eq over type " ^ term_to_string type_lemma); + print ("######## Your goal has eq over type " ^ term_to_string type_goal); + print ("######## Trying to weaken the type of the goal."); + apply_lemma ( + `weaken_eq2_lemma + (`#type_lemma') (`#type_goal') + (`#goal_lhs) (`#goal_rhs) + ); + apply_lemma_rw lemma; + Some () + ) + with | None -> raise e + | Some () -> () + + +let rewrite_lhs (): Tac _ = + let (lhs, _, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (rewrite_lhs)" in + let uvar = fresh_uvar (Some (tc (cur_env ()) lhs)) in + tcut (`squash (`#lhs == `#uvar)) + From 2a5a84eba41ba7704e30b26699f93a2f05f4f0a0 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 27 Aug 2024 16:52:05 +0200 Subject: [PATCH 11/29] wip, working tactic --- fstar-helpers/fstar-bitvec/RwLemmas.fst | 484 ++++--------------- fstar-helpers/fstar-bitvec/Tactics.Seq.fst | 20 +- fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 7 + 3 files changed, 107 insertions(+), 404 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.fst b/fstar-helpers/fstar-bitvec/RwLemmas.fst index 178ed4cd7..a623c1a22 100644 --- a/fstar-helpers/fstar-bitvec/RwLemmas.fst +++ b/fstar-helpers/fstar-bitvec/RwLemmas.fst @@ -53,427 +53,111 @@ let deserialize_10_int (bytes: t_Array u8 (sz 10)) = r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) in result -let split_forall_nat - (#upper_bound: pos) - (p: (i:nat{i <= upper_bound}) -> Type0) - : Lemma (requires (if upper_bound = 0 then True else (forall (i:nat{i <= upper_bound - 1}). p i)) - /\ p upper_bound - ) - (ensures forall (i:nat{i <= upper_bound}). p i) - = () #pop-options -// #push-options "--z3rlimit 60" -let rw_bit_or (b1 b2: bit) result: - Lemma - (requires ( - (b1 = 0 ==> b2 = 0 ==> result = 0) - /\ (b1 = 0 ==> b2 = 1 ==> result = 1) - /\ (b1 = 1 ==> b2 = 0 ==> result = 1) - /\ (b1 = 1 ==> b2 = 1 ==> result = 0) - )) - (ensures (bit_or b1 b2 == result)) - = () - let deserialize_10_int' (bytes: t_Array u8 (sz 10)): t_Array i16 (sz 8) = MkSeq.create8 (deserialize_10_int bytes) -exception StopCompute -let compute'' (): Tac unit - = lset "goal" (cur_goal ()); - let _ = repeat (fun () -> - dump "A"; - norm [ iota; zeta; reify_ - ; delta_namespace ["FStar"; "RwLemmas"; "MkSeq"] - ; primops; unmeta]; - dump "B"; - norm_pow2 (); - dump "C"; - Tactics.Seq.norm_list_index (); - norm_machine_int (); - Tactics.Seq.simplify_index_seq_of_list (); - dump "E"; - - let goal0 = lget "goal" in +let compute_one_round (): Tac _ = + norm [ iota; zeta; reify_ + ; delta_namespace ["FStar"; "RwLemmas"; "MkSeq"] + ; primops; unmeta]; + print "compute_one_round: light norm done"; + norm_pow2 (); + print "compute_one_round: norm_pow2 done"; + Tactics.Seq.simplify_index_seq_of_list (); + print "compute_one_round: simplify_index_seq_of_list done"; + norm_machine_int (); + print "compute_one_round: norm_machine_int done"; + Tactics.Seq.norm_list_index (); + print "compute_one_round: norm_list_index done" + +let compute' (): Tac unit + = + let rec fixpoint (): Tac _ = + dump' "compute"; + let goal0 = cur_goal () in + compute_one_round (); let goal1 = cur_goal () in - if term_eq goal0 goal1 then raise StopCompute; - lset "goal" goal1 - ) in () - - -let rw_get_bit_and (x y: int_t 't) i - : Lemma (get_bit (x &. y) i == (if get_bit x i = 0 then 0 else get_bit y i)) - [SMTPat (get_bit (x &. y) i)] - = get_bit_and x y i - -let rw_get_bit_and_left (x y: int_t 't) i - : Lemma (requires get_bit x i == 0) - (ensures get_bit (x &. y) i == 0) - [SMTPat (get_bit (x &. y) i)] - = get_bit_and x y i -let rw_get_bit_and_right (x y: int_t 't) i - : Lemma (requires get_bit x i == 0) - (ensures get_bit (y &. x) i == 0) - [SMTPat (get_bit (y &. x) i)] - = get_bit_and x y i -let rw_get_bit_or_left (x y: int_t 't) i + if not (term_eq goal0 goal1) then fixpoint () + in + print "compute': start"; + fixpoint (); + print "compute': done" + +let opts = "--using_facts_from '-* +Rust_primitives.BitVectors ++Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers.get_bit_and +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend' --fuel 0 --ifuel 0" + +let _split_forall_nat + (upper_bound: pos) + ($p: (i:nat{i < upper_bound}) -> Type0) + : Lemma (requires (if upper_bound = 0 then True + else p (upper_bound - 1) /\ (forall (i:nat{i < upper_bound - 1}). p i))) + (ensures forall (i:nat{i < upper_bound}). p i) + = () + +let rec prove_forall_pointwise (tactic: unit -> Tac unit): Tac unit + = print ("prove_forall_pointwise: " ^ term_to_string (cur_goal ())); + apply_lemma (`_split_forall_nat); + trivial `or_else` (fun _ -> + if try norm [primops]; + split (); + true + with | e -> false + then ( + tactic (); + prove_forall_pointwise tactic + ) + ) + +// #push-options "--using_facts_from '+ -FStar.Seq +Rust_primitives -Core -Lib +Rust_primitives.BitVectors +Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers +Lib.IntTypes +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend +FStar'" +#restart-solver + + +let get_bit_or_zero_left #t (x y: int_t t) (i: nat) : Lemma (requires get_bit x i == 0) - (ensures get_bit (x |. y) i == get_bit y i) + (ensures get_bit (x |. y) i == get_bit y i) [SMTPat (get_bit (x |. y) i)] = get_bit_or x y i -let rw_get_bit_or_right (x y: int_t 't) i +let get_bit_or_zero_right #t (x y: int_t t) (i: nat) : Lemma (requires get_bit y i == 0) - (ensures get_bit (x |. y) i == get_bit x i) + (ensures get_bit (x |. y) i == get_bit x i) [SMTPat (get_bit (x |. y) i)] = get_bit_or x y i -let expect_get_bit t: Tac (option (term & term)) = - let?# (f, [_typ; bit_value, _; i, _]) = expect_app_n t 3 in - let?# () = expect_free_var f (`%get_bit) in - Some (bit_value, i) - -let expect_logand t: Tac (option (term & term)) = - let?# (f, [_typ; x, _; y, _]) = expect_app_n t 3 in - let?# () = expect_free_var f (`%logand) in - Some (x, y) - -let _simplify_via_mask () = - let?# (t, _) = expect_lhs_eq_uvar () in - let?# (bit_expr, i) = expect_get_bit t in - let?# (x, y) = expect_logand bit_expr in - let?# y = Tactics.MachineInts.term_to_machine_int_term y in - let?# y = - let open Tactics.MachineInts in - match y with - | Op {op = MkInt; contents = Term contents} -> Some contents - | _ -> None - in - let?# y = expect_pow2_minus_one_literal y in - Some () - -let simplify_via_mask () - = rewrite_pow2_minus_one (); - pointwise (fun _ -> - match _simplify_via_mask () with - | Some () -> () - | _ -> trefl () - ) - - -let pow2_in_range t (n: nat {n < bits t - (if unsigned t then 0 else 1)}) - : Lemma (Rust_primitives.Integers.range (pow2 n - 1) t) - [SMTPat (Rust_primitives.Integers.range (pow2 n - 1) t)] - = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n - -// let _ = op_Bar_Dot - -noeq type bit_expr = - | Term: term -> bit_expr - | Int: int -> bit_expr - | And: x:bit_expr -> y:bit_expr -> bit_expr - | Or: x:bit_expr -> y:bit_expr -> bit_expr - | Shl: x:bit_expr -> shift:int -> bit_expr - | Shr: x:bit_expr -> shift:int -> bit_expr - | Cast: x:bit_expr -> bit_expr - -let rec term_eq'' a b (n: nat): Tot _ (decreases n) = - let open FStar.Stubs.Reflection.V2.Data in - if n = 0 then term_eq a b else - match (inspect_ln a, inspect_ln b) with - | (Tv_FVar a, Tv_FVar b) - | (Tv_FVar a, Tv_UInst b _) - | (Tv_UInst a _, Tv_FVar b) - | (Tv_UInst a _, Tv_UInst b _) -> inspect_fv a = inspect_fv b - | (Tv_Var _, Tv_Var _) -> term_eq a b - | (Tv_App _ _, Tv_App _ _) -> - let a, a_args = collect_app_ln a in - let b, b_args = collect_app_ln b in - let a_args = L.filter (fun (_, x) -> Q_Explicit? x) a_args in - let b_args = L.filter (fun (_, x) -> Q_Explicit? x) b_args in - L.length a_args = L.length b_args - && ( - let rec h a_args (b_args: _ {L.length a_args == L.length b_args}) = - match a_args, b_args with - | ((ahd,_)::atl), ((bhd,_)::btl) -> - term_eq'' ahd bhd (n - 1) && h atl btl - | [], [] -> true - in h a_args b_args - ) - | (Tv_AscribedT a _ _ _, _) - | (Tv_AscribedC a _ _ _, _) -> term_eq'' a b (n-1) - | (_, Tv_AscribedT b _ _ _) - | (_, Tv_AscribedC b _ _ _) -> term_eq'' a b (n-1) - | (Tv_Type _, Tv_Type _) -> true - | (Tv_Refine _ a, _) -> term_eq'' a b (n - 1) - | (_, Tv_Refine _ b) -> term_eq'' a b (n - 1) - // && term_eq' a b && L.fold_left (fun i a -> L.index b_args i `term_eq'` a) - // | Tv_Var : v:namedv -> named_term_view - // | Tv_BVar : v:bv -> named_term_view - // | Tv_FVar : v:fv -> named_term_view - // | Tv_UInst : v:fv -> us:universes -> named_term_view - // | Tv_App : hd:term -> a:argv -> named_term_view - // | Tv_Abs : b:binder -> body:term -> named_term_view - // | Tv_Arrow : b:binder -> c:comp -> named_term_view - // | Tv_Type : universe -> named_term_view - // | Tv_Refine : b:simple_binder -> ref:term -> named_term_view - // | Tv_Const : vconst -> named_term_view - // | Tv_Uvar : nat -> ctx_uvar_and_subst -> named_term_view - // | Tv_Let : recf:bool -> attrs:(list term) -> b:simple_binder -> def:term -> body:term -> named_term_view - // | Tv_Match : scrutinee:term -> ret:option match_returns_ascription -> brs:(list branch) -> named_term_view - // | Tv_AscribedT : e:term -> t:term -> tac:option term -> use_eq:bool -> named_term_view - // | Tv_AscribedC : e:term -> c:comp -> tac:option term -> use_eq:bool -> named_term_view - // | Tv_Unknown : named_term_view // An underscore: _ - // | Tv_Unsupp : named_term_view // failed to inspect, not supported - | _ -> term_eq a b - -let term_eq' a b = term_eq'' a b 99999 - -let rec bit_expr_eq a b = - match (a, b) with - | Term a, Term b -> term_eq' a b - | Int a, Int b -> a = b - | And xa ya, And xb yb - | Or xa ya, Or xb yb -> bit_expr_eq xa xb && bit_expr_eq ya yb - | Shl a sa, Shl b sb - | Shr a sa, Shr b sb -> bit_expr_eq a b && sa = sb - | Cast a, Cast b -> bit_expr_eq a b - | _ -> false - -let rec bit_expr_contains needle haystack = - let recurse = bit_expr_contains needle in - bit_expr_eq needle haystack - || ( match haystack with - | And l r | Or l r -> recurse l || recurse r - | Cast x | Shl x _ | Shr x _ -> recurse x - | _ -> false) - -let expect_machine_int_lit t: Tac _ = - let open Tactics.MachineInts in - let?# expr = term_to_machine_int_term t in - match expr with - | Op {op = MkInt; contents = Lit n} -> Some n - | _ -> None - -let rec term_to_bit_expr' t: Tac _ - = match expect_machine_int_lit t with - | Some n -> Int n - | _ -> match let?# (f, args) = collect_app_hd t in - let?# (x, y) = match args with - | [_; x,_; y,_] | [_; _; x,_; y,_] - | [_; _; _; x,_; y,_] -> Some (x, y) | _ -> None in - match f with - | `%logand | `%( &. ) - -> Some (And (term_to_bit_expr' x) (term_to_bit_expr' y)) - | `%logor | `%( |. ) - -> Some (Or (term_to_bit_expr' x) (term_to_bit_expr' y)) - | `%shift_left | `%( < let?# y = expect_machine_int_lit y in - Some (Shl (term_to_bit_expr' x) y) - | `%shift_right | `%( >>! ) - -> let?# y = expect_machine_int_lit y in - Some (Shr (term_to_bit_expr' x) y) - | `%cast -> Some (Cast (term_to_bit_expr' y)) - | _ -> None - with - | Some t -> t - | None -> Term t - -let term_to_bit_expr t: Tac (option (x: bit_expr {~(Term? x)})) - = match term_to_bit_expr' t with - | Term _ -> None - | t -> Some t - -let expect_get_bit_expr t: Tac _ - = let?# (expr, index) = expect_get_bit t in - let?# index = expect_machine_int_lit index in - let expr = term_to_bit_expr' expr in - Some (expr, index) - - -let op_Bar_GreaterThan (x: 'a) (f: 'a -> Tac 'b): Tac 'b = f x - -let get_bit_shl_zero #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) - : Lemma (requires v y >= 0 /\ v y < bits t /\ v i < v y) - (ensures get_bit (x <= 0 /\ v y < bits t /\ (v i >= bits t - v y /\ (if signed t then (get_bit x (mk_int (bits t - 1)) == 0) else true))) - (ensures get_bit (x >>! y) i == 0) - = get_bit_shr x y i - -let get_bit_shl_one #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) - : Lemma (requires v y >= 0 /\ v y < bits t /\ v i >= v y) - (ensures get_bit (x <= 0 /\ v y < bits t}) (i: usize {v i < bits t}) - : Lemma (ensures get_bit (shift_right x y) i - == 1) - // == (if v i < bits t - v y - // then get_bit x (mk_int (v i + v y)) - // else if signed t - // then get_bit x (mk_int (bits t - 1)) - // else 0)) - // (ensures get_bit (x >>! y) i - // == (if v i < bits t - v y - // then get_bit x (mk_int (v i + v y)) - // else if signed t - // then get_bit x (mk_int (bits t - 1)) - // else 0)) - [SMTPat (get_bit (x >>! y) i)] - = admit () - -/// Proves that `get_bit .. ..` is zero -let rec solve_get_bit_zero (): Tac _ = - let (lhs, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (solve_get_bit_zero)" in - print ("solve_get_bit_zero: " ^ term_to_string lhs); - let (lhs, i) = expect_get_bit_expr lhs |> expect "LHS to be `get_bit .. ..`" in - let rhs' = expect_int_literal rhs |> expect ("RHS to be a int literal, got " ^ term_to_string rhs) in - let _ = match rhs' with | 0 -> () | _ -> fail "RHS should be zero" in - match lhs with - | Term _ -> fail ("LHS is an arbitrary term, I cannot prove it is " ^ string_of_int rhs') - | Int _ -> (compute (); trefl ()) - | Shl _ _ -> - let _ = rewrite_lhs () in - flip (); - apply_lemma_rw (`get_bit_shl); - (fun _ -> - norm_machine_int (); compute (); norm [simplify]; - trivial () )`or_else` (fun _ -> fail' "Shl: tried to prove it was zero") - | Shr _ _ -> - let _ = rewrite_lhs () in - flip (); - apply_lemma_rw_eqtype (`get_bit_shr); - focus (fun _ -> - let _ = repeat split in - iterAll (fun _ -> - match expect_lhs_eq_rhs () with - | Some _ -> print "solve_get_bit_zero: recurse"; - solve_get_bit_zero () - | _ -> (fun _ -> norm_machine_int (); - compute (); - norm [simplify]; - trivial ()) `or_else` (fun _ -> fail' "Shr: tried to prove it was zero") - ) - ) - | Cast _ -> - (try - if rhs' = 0 then apply_lemma (`get_bit_cast_extend) else (); - compute (); norm [simplify]; - trivial `or_else` (fun _ -> fail' "Cast: tried to prove it was zero") - with | _ -> ( - apply_lemma (`get_bit_cast); - compute (); norm [simplify]; - trivial `or_else` (fun _ -> fail' "Cast: tried to prove it was zero [second path]") - )) - | And x y -> fail "And: unsupported" - | _ -> fail "unsupported" - - -let rw_get_bit_and_one_right (x y: int_t 't) i - : Lemma (requires get_bit x i == 1) - (ensures get_bit (y &. x) i == get_bit y i) - = get_bit_and x y i - -let _solve_get_bit_equality lhs i rhs j: Tac _ = - match lhs with - | Term x -> trefl `or_else` (fun _ -> fail' "solve_get_bit_equality: expected terms to be equal at this point") - | And x y -> - let _ = rewrite_lhs () in - flip (); - apply_lemma_rw (`rw_get_bit_and_one_right); - fail "xxx"; - () - | Or x y -> - print ("We are looking at `x |. y`"); - print ("x=" ^ term_to_string (quote x)); - print ("y=" ^ term_to_string (quote y)); - print ("RHS=" ^ term_to_string (quote rhs)); - (match bit_expr_contains rhs x, bit_expr_contains rhs y with - | false, false -> - fail' "RHS was expected to be on the LHS or RHS of the logor!" - | true, true -> fail' "RHS was expected to be on the LHS or RHS of the logor, not both!" - | true, false -> - let rw = rewrite_lhs () in - flip (); - dump' "solve_get_bit_equality: LEFT (BEFORE)"; - apply_lemma_rw (norm_term [] (`rw_get_bit_or_right)); - dump' "solve_get_bit_equality: LEFT (AFTE RLEMMA)"; - print "solve_get_bit_equality: LEFT"; - solve_get_bit_zero () - | false, true -> - let rw = rewrite_lhs () in - flip (); - print "solve_get_bit_equality: RIGHT"; - apply_lemma_rw (norm_term [] (`rw_get_bit_or_left)); - solve_get_bit_zero () - ) - | _ -> fail' "xxxpppppp" - -let swap_eq2_goal p q: Lemma (requires eq2 p q) (ensures eq2 q p) = () - -let rec solve_get_bit_equality' can_invert: Tac _ = - let (lhs, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == `" in - print ("solve_get_bit_equality: (" ^ term_to_string lhs ^ ") == (" ^ term_to_string rhs ^ ")"); - let (lhs, i) = expect_get_bit_expr lhs |> expect "LHS to be `get_bit .. ..`" in - let (rhs, j) = expect_get_bit_expr rhs |> expect "RHS to be `get_bit .. ..`" in - if bit_expr_contains rhs lhs |> not - then if can_invert - then (apply_lemma (`swap_eq2_goal); solve_get_bit_equality' false) - else fail "was expected the bit expression on RHS to be included in the one of LHS" - else _solve_get_bit_equality lhs i rhs j -let solve_get_bit_equality (): Tac _ = - solve_get_bit_equality' true - -let rec term_to_string'' (t: term): Tac string - = match t with - | Tv_App f (x, Q_Meta _) -> term_to_string'' f - | Tv_App f (x, aqualv) -> - let qual = match aqualv with | Q_Implicit -> "#" | Q_Explicit -> "" in - term_to_string' f ^ " " ^ qual ^ "(" ^ term_to_string' x ^ ")" - | Tv_UInst v _ | Tv_FVar v -> - let v = implode_qn (inspect_fv v) in - (match v with - | `%get_bit -> "get_bit" - | `%bit -> "bit" - | `%eq2 -> "eq2" - | `%u8 -> "u8" - | `%u16 -> "u16" - | `%i16 -> "i16" - | `%i32 -> "i32" - | `%sz -> "sz" - | `%usize -> "usize" - | _ -> v - ) - | _ -> term_to_string t -and term_to_string' t: Tac _ = term_to_string'' t - -// get_bit (Seq.Base.index bytes 2) (sz 1) == -// get_bit ((cast bytes.[ sz 2 ] &. 15s) <>! 2l) (sz 7) - -let opts = "--using_facts_from '-* +Rust_primitives.BitVectors -+Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers.get_bit_and +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend'" +#push-options "--compat_pre_core 0" +// #push-options "--z3rlimit 100 --fuel 0 --ifuel 0" #push-options "--z3rlimit 80" -let fff_ bytes x: unit = +let fff_ (bytes: t_Array u8 (sz 10)) x: unit = let bv1 = bit_vec_of_int_t_array bytes 8 in let out = deserialize_10_int' bytes in let bv2 = bit_vec_of_int_t_array out 10 in - let i = 77 in - if false then - assert (bv1 i == bv2 i) by ( + // let lhs = ((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) < + Tactics.Seq.norm_list_index (); + dump' "Send to SMT"; + set_rlimit 80; + let _ = repeat clear_top in + focus smt_sync; + dump' "solved!"; + () + ) ) #pop-options diff --git a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst index 36468f63d..5e6b9f66e 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst @@ -41,9 +41,21 @@ let norm_list_index (): Tac unit = let _ = assert (L.index [1;2;3;4;5;6] 3 == 4) by (norm_list_index(); trefl ()) -let simplify_index_seq_of_list () = l_to_r [`rw_seq_index_list] +let expect_seq_of_list t + = let?# (f, [_; _]) = expect_app_n t 2 in + expect_free_var f (`%Seq.Base.seq_of_list) + +let simplify_index_seq_of_list () = + pointwise (fun _ -> + match let?# (t, _) = expect_lhs_eq_uvar () in + let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%Seq.Base.index) in + let?# _ = expect_seq_of_list l in + (fun _ -> apply_lemma_rw (`rw_seq_index_list)) `or_else` trefl; + Some () + with | None -> trefl () | _ -> () + ) let norm_index (): Tac unit - = norm_list_index (); - simplify_index_seq_of_list () - + = simplify_index_seq_of_list (); + norm_list_index () diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst index 1ef093426..12f8e5383 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -38,6 +38,13 @@ let expect_lhs_eq_rhs_term t = let typ = match typ with | None -> `_ | Some typ -> typ in Some (lhs, rhs, typ) | _ -> None + +// let expect_forall t = +// match term_as_formula t with +// | Comp (Eq typ) lhs rhs -> +// let typ = match typ with | None -> `_ | Some typ -> typ in +// Some (lhs, rhs, typ) +// | _ -> None let expect_lhs_eq_rhs () = expect_lhs_eq_rhs_term (cur_goal ()) From b934c24a10d55d801fd94a85abd96b1b3407b0a0 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 28 Aug 2024 13:49:57 +0200 Subject: [PATCH 12/29] wip --- Cargo.lock | 3 - Cargo.toml | 4 +- fstar-helpers/fstar-bitvec/RwLemmas.fst | 204 +----------------- fstar-helpers/fstar-bitvec/RwLemmas.js | 43 ---- fstar-helpers/fstar-bitvec/Tactics.Folds.fst | 82 +++++++ fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 58 +++++ .../fstar-bitvec/Tactics.MachineInts.fst | 57 +++-- fstar-helpers/fstar-bitvec/Tactics.Pow2.fst | 8 +- fstar-helpers/fstar-bitvec/Tactics.Seq.fst | 148 +++++++++---- fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 148 ++++++++++--- .../src/vector/portable/serialize.rs | 15 ++ 11 files changed, 429 insertions(+), 341 deletions(-) delete mode 100644 fstar-helpers/fstar-bitvec/RwLemmas.js create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Folds.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.GetBit.fst diff --git a/Cargo.lock b/Cargo.lock index 871b50375..c96329dd6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -701,7 +701,6 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros", "num-bigint", @@ -711,7 +710,6 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros-types", "paste", @@ -724,7 +722,6 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index 26e8c50da..bbaf94942 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,8 +77,8 @@ wasm-bindgen = { version = "0.2.87", optional = true } # This is only required when doing proofs. # [target.'cfg(hax)'.workspace.dependencies] [workspace.dependencies] -# hax-lib = { path = "/home/lucas/repos/hax/lib-proofs-bitvectors-additions/hax-lib" } -hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib = { path = "/home/lucas/repos/hax/lib-proofs-bitvectors-additions/hax-lib" } +# hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.fst b/fstar-helpers/fstar-bitvec/RwLemmas.fst index a623c1a22..1fc1e00de 100644 --- a/fstar-helpers/fstar-bitvec/RwLemmas.fst +++ b/fstar-helpers/fstar-bitvec/RwLemmas.fst @@ -57,215 +57,15 @@ let deserialize_10_int (bytes: t_Array u8 (sz 10)) = let deserialize_10_int' (bytes: t_Array u8 (sz 10)): t_Array i16 (sz 8) = MkSeq.create8 (deserialize_10_int bytes) - -let compute_one_round (): Tac _ = - norm [ iota; zeta; reify_ - ; delta_namespace ["FStar"; "RwLemmas"; "MkSeq"] - ; primops; unmeta]; - print "compute_one_round: light norm done"; - norm_pow2 (); - print "compute_one_round: norm_pow2 done"; - Tactics.Seq.simplify_index_seq_of_list (); - print "compute_one_round: simplify_index_seq_of_list done"; - norm_machine_int (); - print "compute_one_round: norm_machine_int done"; - Tactics.Seq.norm_list_index (); - print "compute_one_round: norm_list_index done" - -let compute' (): Tac unit - = - let rec fixpoint (): Tac _ = - dump' "compute"; - let goal0 = cur_goal () in - compute_one_round (); - let goal1 = cur_goal () in - if not (term_eq goal0 goal1) then fixpoint () - in - print "compute': start"; - fixpoint (); - print "compute': done" - -let opts = "--using_facts_from '-* +Rust_primitives.BitVectors -+Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers.get_bit_and +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend' --fuel 0 --ifuel 0" - -let _split_forall_nat - (upper_bound: pos) - ($p: (i:nat{i < upper_bound}) -> Type0) - : Lemma (requires (if upper_bound = 0 then True - else p (upper_bound - 1) /\ (forall (i:nat{i < upper_bound - 1}). p i))) - (ensures forall (i:nat{i < upper_bound}). p i) - = () - -let rec prove_forall_pointwise (tactic: unit -> Tac unit): Tac unit - = print ("prove_forall_pointwise: " ^ term_to_string (cur_goal ())); - apply_lemma (`_split_forall_nat); - trivial `or_else` (fun _ -> - if try norm [primops]; - split (); - true - with | e -> false - then ( - tactic (); - prove_forall_pointwise tactic - ) - ) - -// #push-options "--using_facts_from '+ -FStar.Seq +Rust_primitives -Core -Lib +Rust_primitives.BitVectors +Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers +Lib.IntTypes +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend +FStar'" -#restart-solver - - -let get_bit_or_zero_left #t (x y: int_t t) (i: nat) - : Lemma (requires get_bit x i == 0) - (ensures get_bit (x |. y) i == get_bit y i) - [SMTPat (get_bit (x |. y) i)] - = get_bit_or x y i -let get_bit_or_zero_right #t (x y: int_t t) (i: nat) - : Lemma (requires get_bit y i == 0) - (ensures get_bit (x |. y) i == get_bit x i) - [SMTPat (get_bit (x |. y) i)] - = get_bit_or x y i - - + #push-options "--compat_pre_core 0" -// #push-options "--z3rlimit 100 --fuel 0 --ifuel 0" #push-options "--z3rlimit 80" let fff_ (bytes: t_Array u8 (sz 10)) x: unit = let bv1 = bit_vec_of_int_t_array bytes 8 in let out = deserialize_10_int' bytes in let bv2 = bit_vec_of_int_t_array out 10 in - // let lhs = ((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) < - Tactics.Seq.norm_list_index (); - dump' "Send to SMT"; - set_rlimit 80; - let _ = repeat clear_top in - focus smt_sync; - dump' "solved!"; - () - ) + Tactics.GetBit.prove_bit_vector_equality () ) #pop-options -#push-options "--compat_pre_core 0" -#push-options "--z3rlimit 80" -#push-options "--print_implicits" -let asdsd (bytes: t_Array u8 (sz 10)) - = let cast: u8 -> i16 = cast in - assert ( - eq2 #(bit) (get_bit #(Lib.IntTypes.U8) (FStar.Seq.Base.index #(Rust_primitives.Integers.int_t (Lib.IntTypes.U8)) (bytes) (2)) (sz (1))) (get_bit #(Lib.IntTypes.S16) (Rust_primitives.Integers.op_Bar_Dot #(Lib.IntTypes.S16) (Rust_primitives.Integers.op_Less_Less_Bang #(Lib.IntTypes.S16) #(Lib.IntTypes.S32) (Rust_primitives.Integers.op_Amp_Dot #(Lib.IntTypes.S16) (Rust_primitives.cast #(u8) #(i16) #(Rust_primitives.cast_tc_integers (Lib.IntTypes.U8) (Lib.IntTypes.S16)) (Core.Ops.op_String_Access #(Rust_primitives.Arrays.t_Array (u8) (sz (10))) #(usize) #(Rust_primitives.Hax.impl__index (u8) (sz (10)) (Rust_primitives.Integers.usize_inttype)) (bytes) (sz (2)))) (FStar.Int16.int_to_t (15))) (FStar.Int32.int_to_t (6))) (Rust_primitives.Integers.op_Greater_Greater_Bang #(Lib.IntTypes.S16) #(Lib.IntTypes.S32) (Rust_primitives.cast #(u8) #(i16) #(Rust_primitives.cast_tc_integers (Lib.IntTypes.U8) (Lib.IntTypes.S16)) (Core.Ops.op_String_Access #(Rust_primitives.Arrays.t_Array (u8) (sz (10))) #(usize) #(Rust_primitives.Hax.impl__index (u8) (sz (10)) (Rust_primitives.Integers.usize_inttype)) (bytes) (sz (1)))) (FStar.Int32.int_to_t (2)))) (sz (7))) - // get_bit ( - // ((cast bytes.[ sz 3 ] <: i16) &. 63s <: i16) <>! 4l - // ) (sz 5) - // == get_bit (cast bytes.[ sz 3 ] <: i16) (sz 0) - ) by ( - norm [iota; delta_only [`%( .[] ); `%Core.Ops.Index.Mkt_Index; `%Rust_primitives.Hax.impl__index; `%Core.Ops.Index.f_index]]; - Tactics.MachineInts.(transform norm_generic_machine_int_term); - solve_get_bit_equality (); - // print (term_to_string' (cur_goal())); - // smt_sync (); - fail "done" - ) - - - - - -let fff bytes x: unit = - assert ( - get_bit (Seq.index (deserialize_10_int' bytes) 0) (sz 3) - == get_bit (Seq.index bytes 0) (sz 3) - ) by ( - compute'' (); - smt_sync (); - // l_to_r [`rewrite_to_zero]; - // compute'' (); - // apply_lemma_rw - // l_to_r [`rw_rhs_bit_or_no_mask]; - fail "DONE"; - focus (tadmit) - ); - () - - - - - - -#push-options "--z3rlimit 80" -let rw_rhs_bit_or #t #u #shift_t - (lhs: int_t u) (rhs: int_t t) - (relevant_bits: nat {relevant_bits < bits t - (if unsigned t then 0 else 1)}) - (i: nat {i < bits u}) - (shift: nat {shift < bits u /\ Rust_primitives.Integers.range shift shift_t}) - : Lemma ( - let full = get_bit ( - lhs |. - ((cast (rhs &. mk_int (pow2 relevant_bits - 1)) <: int_t u) <= relevant_bits + shift || i < shift then get_bit lhs (sz i) else full) - ) - = if i >= relevant_bits + shift then ( - let i' = i - shift in - let mask: int_t t = mk_int (pow2 relevant_bits - 1) in - let a = rhs &. mask in - if i' < bits t then ( - get_bit_pow2_minus_one #t relevant_bits (sz i'); - get_bit_and rhs (mk_int (pow2 relevant_bits - 1)) (sz i') - ) else get_bit_cast_extend #t #u a (sz i'); - let a: int_t u = cast a in - get_bit_shl #u #shift_t a (mk_int shift) (sz i') - ) else if i < shift then () else () -#pop-options - -#push-options "--z3rlimit 80" -let rw_rhs_bit_or_no_mask #t #u #shift_t - (lhs: int_t u) (rhs: int_t t) - (i: nat {i < bits u}) - (shift: nat {shift < bits u /\ Rust_primitives.Integers.range shift shift_t}) - : Lemma ( - let full = get_bit ( - lhs |. ((cast rhs <: int_t u) <= shift then ( - let i' = i - shift in - let a = rhs in - let a: int_t u = cast a in - get_bit_shl #u #shift_t a (mk_int shift) (sz i') - ) else () -#pop-options - -#push-options "--z3rlimit 150" -let add_shift_zero #t #shift_t (x: int_t t) - : Lemma (x < x.trim()); - -let template = template_lines.join('\n'); - -let sizes = ['8', '16', '32', '64']; - -let replace = (str, from_size, to_sign, to_size) => - str - .replaceAll(`u${from_size}`, `${to_sign ? 'u' : 'i'}${to_size}`) - .replaceAll(`UInt${from_size}`, `${to_sign ? 'U' : ''}Int${to_size}`) - .replaceAll(`uint_to`, `${to_sign ? 'u' : ''}int_to`); - -let all = ""; -for(let n1 of sizes) { - for(let s1 of [true, false]) { - let s = template; - console.log({n1, s1}); - s = replace(s, 8, s1, n1); - all += s; - } -} - -let generated_lines = [...new Set(all.split('\n'))]; -let names = generated_lines.map(x => x.split(' ')[1]).filter(x => x); -let generated = generated_lines.filter(x => !template_lines.includes(x)).join('\n'); - -generated += '\nlet rw_integers_list0 = [' + names.map(n => '`' + n).join(';') + ']'; - -let before = lemmas - .split('// START GENERATED')[0]; - -let after = lemmas - .split('// END GENERATED')[1]; - -fs.writeFileSync('RwLemmas.fst', before + '// START GENERATED\n' + generated + '\n// END GENERATED' + after); - diff --git a/fstar-helpers/fstar-bitvec/Tactics.Folds.fst b/fstar-helpers/fstar-bitvec/Tactics.Folds.fst new file mode 100644 index 000000000..c5ead30b0 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Folds.fst @@ -0,0 +1,82 @@ +module Tactics.Folds + +open Core +module L = FStar.List.Tot +module S = FStar.Seq.Base +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + +open Rust_primitives.Hax.Folds + +open Tactics.Utils + +// let unfold_fold_range +// (#acc_t: Type0) (#u: Lib.IntTypes.inttype) +// (start_: int_t u) +// (end_: int_t u) +// (inv: acc_t -> (i:int_t u{fold_range_wf_index start_ end_ false (v i)}) -> Type0) +// (init: acc_t {inv init start_}) +// (f: (acc:acc_t -> i:int_t u {v i <= v end_ /\ fold_range_wf_index start_ end_ true (v i) /\ inv acc i} +// -> acc':acc_t {(inv acc' (mk_int (v i + 1)))})) +// = if v start_ < v end_ +// then fold_range (start_ +! mk_int 1) end_ inv (f init start_) f +// else init + + +// #push-options "--z3rlimit 100" +// let unfold_fold_range +// (#acc_t: Type0) (#u: Lib.IntTypes.inttype) +// (start_: int_t u) +// (end_: int_t u) +// (inv: acc_t -> (i:int_t u{fold_range_wf_index start_ end_ false (v i)}) -> Type0) +// (init: acc_t {inv init start_}) +// (f: (acc:acc_t -> i:int_t u {v i <= v end_ /\ fold_range_wf_index start_ end_ true (v i) /\ inv acc i} +// -> acc':acc_t {(inv acc' (mk_int (v i + 1)))})) +// : Lemma ( fold_range start_ end_ inv init f +// == ( if v start_ < v end_ +// then +// fold_range (start_ +! mk_int 1) end_ inv (f init start_) f +// else init ) +// ) +// = admit () +// #pop-options + +// let expect_fold_range t +// = let?# (fr, [acc_t,_;u,_;start_,_;end_,_;inv,_;init,_;f,_]) = expect_app_n t 7 in +// let _ = expect_free_var fr (`%fold_range) in +// Some (acc_t, u, start_, end_, inv, init, f) + +// let make_fold_range_lemma (start_: nat) (end_: nat): Tac _ = +// let _ = tcut (quote (squash (forall acc_t u inv init f. +// fold_range #acc_t #u start_ end_ inv init f +// == fold_range #acc_t #u start_ end_ inv init f +// ))) in +// flip (); +// let acc_t = forall_intro () in +// let u = forall_intro () in +// let inv = forall_intro () in +// let init = forall_intro () in +// let f = forall_intro () in +// fail "xx"; +// let _ = rewrite_rhs () in +// flip (); +// focus (fun _ -> +// fail "xx"; +// apply_lemma_rw (`unfold_fold_range) +// ); +// () +// // rewrite_lhs +// // let aux start_ = + +// jlet _ = +// assert true by (make_fold_range_lemma 1 10) + +// in + + +// let tactic_fold_range t +// = let?# expect_fold_range _ = + diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst new file mode 100644 index 000000000..c1f191e01 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -0,0 +1,58 @@ +/// Provides tactics around `get_bit _ _ == get_bit _ _` goals +module Tactics.GetBit + +open Core +module L = FStar.List.Tot +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + +open Tactics.Utils +open Tactics.Pow2 + +open BitVecEq {} +open Tactics.Seq {norm_index, tactic_list_index} + + +let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) + +/// Does one round of computation +let compute_one_round (): Tac _ = + norm [ iota; zeta; reify_ + ; delta_namespace ["FStar"; implode_qn (cur_module ()); "MkSeq"] + ; primops; unmeta]; + trace "compute_one_round: norm_pow2" norm_pow2; + trace "compute_one_round: norm_machine_int" norm_machine_int; + trace "compute_one_round: norm_index" norm_index + +/// Normalizes up to `get_bit` +let compute': unit -> Tac unit = goal_fixpoint compute_one_round + +private let time_tactic_ms (t: 'a -> Tac 'b) (x: 'a): Tac ('b & int) + = let time0 = curms () in + let result = t x in + let time1 = curms () in + (result, time1 - time0) + +private let print_time prefix (t: 'a -> Tac 'b) (x: 'a): Tac 'b + = let (result, time) = time_tactic_ms t x in + print (prefix ^ string_of_int (time / 1000) ^ "." ^ string_of_int ((time/100)%10) ^ "s"); + result + +/// Proves a goal of the shape `forall (i:nat{i < N}). get_bit ... i == get_bit ... i` (`N` is expected to be a literal) +let prove_bit_vector_equality' (): Tac unit = + norm [iota; primops; delta_only [`%bit_vec_of_int_t_array; `%FunctionalExtensionality.on]]; + norm [iota; primops; delta_namespace [implode_qn (cur_module ())]]; + compute_one_round (); + prove_forall_nat_pointwise (print_time "SMT solved the goal in " (fun _ -> + Tactics.Seq.norm_index_minimal (); + print ("Ask SMT: " ^ term_to_string (cur_goal ())); + set_rlimit 80; + let _ = repeat clear_top in + focus smt_sync + )) +let prove_bit_vector_equality (): Tac unit = + with_compat_pre_core 2 prove_bit_vector_equality' + diff --git a/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst index 8306cbf99..85bb0bb78 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst @@ -1,3 +1,7 @@ +/// This module interprets machine integers terms that comes from +/// `FStar.[U]Int*` modules or from `Rust_primtiives.Integers` module. +/// It can then convert from and back those two representation, +/// normalize them, etc. module Tactics.MachineInts open FStar.Tactics.V2 @@ -8,21 +12,31 @@ open FStar.Option open Tactics.Utils module RI = Rust_primitives.Integers -/// The size of a machine int. +/// The size of a machine int type size = | PtrSize | Size of n:nat {match n with | 8 | 16 | 32 | 64 | 128 -> true | _ -> false} +/// The signedness of a machine int type signedness = | Signed | Unsigned +/// The operations we recognize on machine ints type machine_int_op = | MkInt | V +/// The AST of a machine int expression noeq type machine_int_term = - | Op { op: machine_int_op; native: bool; size: size; signedness: signedness; contents: machine_int_term } + /// Operations `mk_int` (aka `FStar.[U]Int*.[u]int_to_t`) and `v` + | Op { /// Which operation is it? + op: machine_int_op + /// Is that a generic (Rust_primitives.Integers) operation or a native one (FStar.[U]Int*)? + ; native: bool + ; size: size + ; signedness: signedness + ; contents: machine_int_term } + /// A (math) integer literal | Lit of int + /// An arbitrary term | Term of term -let x = `%FStar.UInt8.uint_to_t - /// Expect `n` to be a definition in a machine int namespace let expect_native_machine_int_ns (n: string): (option (signedness & size & string)) = match explode_qn n with @@ -42,11 +56,13 @@ let expect_native_machine_int_ns (n: string): (option (signedness & size & strin in Some (sign, size, def_name) | _ -> None +/// Given a sign and a size, produces the correct namespace `FStar.[U]Int*` let mk_native_machine_int_ns (sign: signedness) (size: size): option (list string) = let sign = match sign with | Signed -> "" | Unsigned -> "U" in let? size = match size with | PtrSize -> None | Size n -> Some (string_of_int n) in Some ["FStar"; sign ^ "Int" ^ size] +/// Interpret HACL*'s `inttype`s let expect_inttype t: Tac (option (signedness & size)) = let t = norm_term [iota; reify_; delta_namespace ["Rust_primitives.Integers"; "Lib.IntTypes"]; primops; unmeta] t in let?# t = expect_fvar t in @@ -65,15 +81,23 @@ let expect_inttype t: Tac (option (signedness & size)) | `%RI.usize_inttype -> Some (Unsigned, PtrSize) | _ -> None +/// Given a signedness and a size, creates a name `[ui]*_inttype` let mk_inttype_name (sign: signedness) (size: size): name = let sign = match sign with | Signed -> "i" | Unsigned -> "u" in let size = match size with | PtrSize -> "size" | Size n -> string_of_int n in ["Rust_primitives"; "Integers"; sign ^ size ^ "_inttype"] +/// Given a signedness and a size, creates a term `[ui]*_inttype` let mk_inttype (sign: signedness) (size: size): Tac term = pack (Tv_FVar (pack_fv (mk_inttype_name sign size))) -let rec term_to_machine_int_term'' (t: term): Tac (option machine_int_term) = +/// Interprets a term as a machine int. This function always returns +/// something: when `t` is not a machine int expression we recognize, +/// it returns `Term t`. Below, `term_to_machine_int_term` returns an +/// option. +let rec term_to_machine_int_term' (t: term): Tac machine_int_term = + match term_to_machine_int_term'' t with | Some t -> t | None -> Term t +and term_to_machine_int_term'' (t: term): Tac (option machine_int_term) = let t = norm_term [delta_only [(`%RI.sz); (`%RI.isz)]] t in match t with | Tv_Const (C_Int n) -> Some (Lit n) @@ -98,13 +122,13 @@ let rec term_to_machine_int_term'' (t: term): Tac (option machine_int_term) = end | _ -> None -and term_to_machine_int_term' (t: term): Tac machine_int_term = - match term_to_machine_int_term'' t with | Some t -> t | None -> Term t - +/// Tries to interpret a term as a machine int let term_to_machine_int_term (t: term): Tac (option (t: machine_int_term {~(Term? t)})) = match term_to_machine_int_term' t with | Term _ -> None | t -> Some t +/// Transform a machine int AST into a term. Note that this doesn't +/// support native usize/isize (aka `FStar.SizeT`), whence the option. let rec machine_int_term_to_term (t: machine_int_term): Tac (option term) = match t with | Term t -> Some t @@ -126,6 +150,7 @@ let rec machine_int_term_to_term (t: machine_int_term): Tac (option term) = Some (mk_e_app f [contents]) | Lit n -> Some (pack (Tv_Const (C_Int n))) +/// An operation on a machine_int_term type operation = machine_int_term -> option machine_int_term /// Removes `mk_int (v ...)` or `v (mk_int ...)` when it's the same type @@ -141,6 +166,7 @@ let rec flatten_machine_int_term: operation = function end | _ -> None +/// Makes a machine int native or not let rec change_native_machine_int_term (native: bool): operation = function | Op x -> let contents = change_native_machine_int_term native x.contents in if x.native = native @@ -151,6 +177,7 @@ let rec change_native_machine_int_term (native: bool): operation = function | None -> x.contents}) | _ -> None +/// Combines two operation together let combine: operation -> operation -> operation = fun f g t -> match f t with | Some t -> (match g t with | Some t -> Some t | None -> Some t) @@ -169,11 +196,6 @@ let norm_machine_int_term = combine flatten_machine_int_term (change_native_mach /// (mk_int ...)`. let norm_generic_machine_int_term = combine flatten_machine_int_term (change_native_machine_int_term false) -let rw_v_mk_int_usize x - : Lemma (eq2 (RI.v #RI.usize_inttype (RI.mk_int #RI.usize_inttype x)) x) = () -let rw_mk_int_v_usize x - : Lemma (eq2 (RI.mk_int #RI.usize_inttype (RI.v #RI.usize_inttype x)) x) = () - /// Unfolds `mk_int` using `mk_int_equiv_lemma` let norm_mk_int () = let?# (lhs, _) = expect_lhs_eq_uvar () in @@ -185,11 +207,16 @@ let norm_mk_int () = let lemma = norm_term [primops; iota; delta; zeta] lemma in focus (fun _ -> apply_lemma_rw lemma - // iterAllSMT (fun () -> smt_sync `or_else` (fun _ -> dump "norm_mk_int: Could not solve SMT here")) ); Some () | _ -> None +/// Lemmas to deal with the special case of usize +let rw_v_mk_int_usize x + : Lemma (eq2 (RI.v #RI.usize_inttype (RI.mk_int #RI.usize_inttype x)) x) = () +let rw_mk_int_v_usize x + : Lemma (eq2 (RI.mk_int #RI.usize_inttype (RI.v #RI.usize_inttype x)) x) = () + /// Rewrites `goal_lhs` into `machine_int`. This function expects the /// goal to be of the shape ` == (?...)`, where `` /// is a machine int. Do not call this function directly. @@ -213,6 +240,8 @@ let _rewrite_to (goal_lhs: term) (eq_type: typ) (machine_int: machine_int_term): apply_lemma_rw rw )) +/// Rewrites a goal deeply, replacing every machine integer expression +/// `x` by `f x` (when it is `Some _`). let transform (f: machine_int_term -> option machine_int_term): Tac unit = pointwise' (fun _ -> match revert_if_none (fun _ -> diff --git a/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst b/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst index 0bd0c5918..9f6ee1f0f 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst @@ -1,14 +1,17 @@ +/// Provides tools to normalize `pow2` module Tactics.Pow2 open Core open Tactics.Utils open FStar.Tactics.V2 +/// Expects `t` to be of the shape `pow2 n`, with `n` a literal, returns n let expect_pow2_literal t: Tac (option int) = let?# (f, [x, _]) = expect_app_n t 1 in let?# () = expect_free_var f (`%pow2) in expect_int_literal x +/// Expects `t` to be of the shape `pow2 n - 1`, with `n` a literal, returns n let expect_pow2_minus_one_literal t: Tac (option int) = let?# (f, [x, _; y, _]) = expect_app_n t 2 in let?# () = expect_free_var f (`%op_Subtraction) in @@ -25,6 +28,7 @@ let norm_pow2 (): Tac unit = Some (norm [iota; zeta_full; reify_; delta; primops; unmeta]) in trefl ()) +/// Inverse of `pow2` let rec log2 (n: nat): Tot (option (m: nat {pow2 m == n})) (decreases n) = if n = 0 then None else if n = 1 then Some 0 @@ -33,8 +37,7 @@ let rec log2 (n: nat): Tot (option (m: nat {pow2 m == n})) (decreases n) | Some n -> Some (1 + n) | None -> None -let lemma_of_refinement #t #p (n: t {p n}): Lemma (p n) = () - +/// Rewrite integers in the goal into `pow2 _ - 1` whenever possible let rewrite_pow2_minus_one () = pointwise (fun () -> match let?# (t, _) = expect_lhs_eq_uvar () in @@ -50,5 +53,6 @@ let rewrite_pow2_minus_one () = with None -> trefl () | _ -> () ) +// Test let _ = fun (i: nat) -> assert (pow2 (i + 3) + pow2 10 == pow2 (i + 3) + 1024) by (norm_pow2 (); trefl ()) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst index 5e6b9f66e..1e8ba7372 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst @@ -2,6 +2,7 @@ module Tactics.Seq open Core module L = FStar.List.Tot +module S = FStar.Seq.Base open FStar.Tactics.V2 open FStar.Tactics.V2.SyntaxHelpers open FStar.Class.Printable @@ -11,51 +12,112 @@ open FStar.Option open Tactics.Utils open Tactics.Pow2 -let rw_seq_index_list #t (l: list t) i - : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) +(*** Rewrite lemmas *) +private let rw_seq_index_list #t (l: list t) i + : Lemma (S.index (S.seq_of_list l) i == FStar.List.Tot.index l i) = () - -private let unfold_index_lemma (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) - : Lemma ( FStar.List.Tot.index #a l i - == Pervasives.norm [iota; primops] (let hd::tl = l in - if i = 0 then hd else List.Tot.index tl (i - 1))) +private let rw_index_slice #typ (s: S.seq typ) i j n: Lemma (S.index (S.slice s i j) n == S.index s (normalize_term (i + n))) + = () +private let rw_index_upd s n v i + : Lemma (S.index (S.upd s n v) i == (if n = i then v else S.index s i)) = () -private exception DoRefl -private exception StopNormIndex -let norm_list_index (): Tac unit = - let _ = repeat (fun _ -> - lset "found" false; - pointwise (fun _ -> - (fun () -> - match let?# (t, _) = expect_lhs_eq_uvar () in - let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in - let?# () = expect_free_var f (`%FStar.List.Tot.index) in - let?# n = expect_int_literal index in - apply_lemma_rw (`unfold_index_lemma); - lset "found" true; - Some () - with | Some () -> () | _ -> raise DoRefl - ) `or_else` trefl); - if lget "found" then () else raise StopNormIndex) in () - -let _ = assert (L.index [1;2;3;4;5;6] 3 == 4) by (norm_list_index(); trefl ()) - -let expect_seq_of_list t - = let?# (f, [_; _]) = expect_app_n t 2 in - expect_free_var f (`%Seq.Base.seq_of_list) - -let simplify_index_seq_of_list () = - pointwise (fun _ -> - match let?# (t, _) = expect_lhs_eq_uvar () in - let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in - let?# () = expect_free_var f (`%Seq.Base.index) in - let?# _ = expect_seq_of_list l in - (fun _ -> apply_lemma_rw (`rw_seq_index_list)) `or_else` trefl; - Some () - with | None -> trefl () | _ -> () - ) +/// A version of `L.index` to mark specific instances we want to normalize. +let rec index_to_normalize #a (l: list a) (i:nat{i < L.length l}): Tot a + = let hd::tl = l in + if i = 0 then hd else index_to_normalize tl (i - 1) + +private let rec rw_index_to_index_to_normalize #a (l: list a) (i:nat{i < L.length l}) + : Lemma (L.index #a l i == index_to_normalize #a l i) + = if i = 0 then () else rw_index_to_index_to_normalize (L.tl l) (i - 1) + + +(*** Tactics that apply those lemmas only if needed *) +let tactic_list_index () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%FStar.List.Tot.index) in + let?# n = expect_int_literal index in + apply_lemma_rw (`rw_index_to_index_to_normalize); + Some () + +/// Expects `t` to be of the shape `seq_of_list #_ _` +let expect_seq_of_list (t: term): Tac (option (term & term)) + = let?# (f, [t,_; index,_]) = expect_app_n t 2 in + let?# _ = expect_free_var f (`%S.seq_of_list) in + Some (t, index) + +/// Expects `t` to be of the shape `index #_ _` +let expect_seq_index (t: term): Tac (option (term & term & term)) + = let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%S.index) in + Some (typ, l, index) + +/// Expects `t` to be of the shape `slice #_ _` +let expect_seq_slice (t: term): Tac (option (term & term & term & term)) + = let?# (f, [typ, _; s, _; i, _; j, _]) = expect_app_n t 4 in + let?# () = expect_free_var f (`%S.slice) in + Some (typ, s, i, j) + +/// Expects `t` to be of the shape `upd #_ _` +let expect_seq_upd (t: term): Tac (option (term & term & term & term)) + = let?# (f, [typ, _; s, _; i, _; v, _]) = expect_app_n t 4 in + let?# () = expect_free_var f (`%S.upd) in + Some (typ, s, i, v) + +let tactic_seq_index_of_list () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (_, l, _) = expect_seq_index t in + let?# _ = expect_seq_of_list l in + apply_lemma_rw (`rw_seq_index_list); + Some () + +let tactic_rw_index_slice () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (typ, s, index) = expect_seq_index t in + let?# (_, s, i, j) = expect_seq_slice s in + apply_lemma_rw (`rw_index_slice #(`#typ) (`#s) (`#i) (`#j)); + Some () + +let tactic_rw_index_upd () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (typ, s, index) = expect_seq_index t in + let?# (_, s, i, v) = expect_seq_upd s in + apply_lemma_rw (`rw_index_upd #(`#typ) (`#s) (`#i) (`#v)); + Some () + +(*** Final tactics *) +let norm_zeta_full_list_index (): Tac unit + = norm [iota; primops; zeta_full; delta_only [`%index_to_normalize]] + + +let norm_index_minimal (): Tac unit + = pointwise ((unwrap ∘ tactic_list_index) ||> trefl); + norm_zeta_full_list_index () + +let norm_index' (): Tac unit + = pointwise ( (unwrap ∘ tactic_seq_index_of_list) + ||> (unwrap ∘ tactic_list_index) + ||> (unwrap ∘ tactic_rw_index_slice) + ||> (unwrap ∘ tactic_rw_index_upd) + ||> trefl) let norm_index (): Tac unit - = simplify_index_seq_of_list (); - norm_list_index () + = goal_fixpoint norm_index' (); + norm_zeta_full_list_index () + + +(*** Tests *) +let _ = assert ( + let s = S.seq_of_list [1;2;3;4;5;6] in + let s = S.slice s 2 4 in + S.index s 1 == 4 +) by (norm []; norm_index (); trefl ()) + +let _ = assert ( + L.index [L.index [1;2;3;4;5;6] (L.index [1;2;3;4;3;3] 2)] 0 == 4 +) by (norm_index(); trefl ()) +let _ = assert ( + S.index (S.seq_of_list [1;2;3;(S.index (S.seq_of_list [1;2;3;(S.index (S.seq_of_list [1;2;3;4;1]) 3);1]) 3);1]) 3 == 4 +) by (norm_index(); trefl ()) + diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst index 12f8e5383..c4fe4c624 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -8,7 +8,7 @@ open FStar.Class.Printable open FStar.Mul open FStar.Option - +(*** Let operators *) let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) = match x with | Some x -> f x @@ -17,6 +17,81 @@ let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) let ( let?? ) (x: bool) (f: unit -> Tac (option 'a)): Tac (option 'a) = if x then f () else None +(*** Debug helpers *) +/// Dump before failing (in some cases, exception cathing messes with +/// `fail`) +let fail' msg = dump msg; fail msg + +exception Restore +/// Dumps a goal with a minimal number of binders in the environment +let dump' (msg: string): Tac unit + = try set_smt_goals []; + iterAll (fun _ -> let _ = repeat clear_top in ()); + dump msg; + raise Restore + with | _ -> () + +(*** `option _` helpers *) +/// Executes `f`, if it fails, execute `g`. Like `or_else`, but returns +/// a chunk. +let ( ||> ) (f: 'a -> Tac 'b) (g: 'a -> Tac 'b) (a: 'a): Tac 'b + = try f a with | _ -> g a + +exception ExpectedSome +/// Unwraps an option, throws `ExpectedSome` if the option is `None` +let unwrap (x: option 'a): Tac 'a + = match x with + | Some x -> x + | None -> raise ExpectedSome + +/// Expects an option to be `None`, otherwise throws an error +let expect (msg: string) (x: option 'a): Tac 'a + = match x with + | None -> dump' ("Expected " ^ msg); + fail ("Expected " ^ msg) + | Some x -> x + +(*** misc. utils *) +/// Reverse function composition (in Tac) +unfold let (>>>) (f: 'a -> Tac 'b) (g: 'b -> Tac 'c) (x: 'a): Tac 'c + = g (f x) +/// Function composition (in Tac) +unfold let (∘) (f: 'b -> Tac 'c) (g: 'a -> Tac 'b): 'a -> Tac 'c + = g >>> f + + +let trace (fun_name: string) (t: unit -> Tac 'b) = + print (fun_name ^ ": enter"); + let result = + try t () + with | e -> (print (fun_name ^ ": exit (with an exception!)"); raise e) + in + print (fun_name ^ ": exit"); + result + +(*** control utils *) +/// Repeats a tactic `f` until the goal is stable +let goal_fixpoint (f: unit -> Tac unit): unit -> Tac unit + = let rec aux (): Tac _ = + let goal0 = cur_goal () in + f (); + let goal1 = cur_goal () in + if not (term_eq goal0 goal1) then aux () + in aux + +private exception DoRefl +let some_or_refl (f: unit -> Tac (option unit)) + = or_else (fun _ -> match f () with | None -> raise DoRefl | _ -> ()) trefl + +/// Runs `f` on each subterms for rewrite. If `f` is `None` or raises +/// an error, applies `trefl`. +let pointwise_or_refl (f: unit -> Tac (option unit)) + = pointwise (fun _ -> some_or_refl f) + +let rec repeatWhile (f: unit -> Tac bool): Tac unit + = if f () then repeatWhile f + +(*** `expect_*` combinators *) let expect_int_literal (t: term): Tac (option int) = match inspect_unascribe t with | Tv_Const (C_Int n) -> Some n @@ -38,13 +113,6 @@ let expect_lhs_eq_rhs_term t = let typ = match typ with | None -> `_ | Some typ -> typ in Some (lhs, rhs, typ) | _ -> None - -// let expect_forall t = -// match term_as_formula t with -// | Comp (Eq typ) lhs rhs -> -// let typ = match typ with | None -> `_ | Some typ -> typ in -// Some (lhs, rhs, typ) -// | _ -> None let expect_lhs_eq_rhs () = expect_lhs_eq_rhs_term (cur_goal ()) @@ -61,6 +129,7 @@ let expect_app_n t n: Tac (option (term & (l: list _ {L.length l == n}))) = then Some (head, args) else None +(*** Rewrite utils *) private exception ForceRevert let revert_if_none (f: unit -> Tac (option 'a)): Tac (option 'a) = try match f () with Some x -> Some x @@ -73,28 +142,6 @@ let collect_app_hd t: Tac (option (string & list argv)) let?# fv = expect_fvar hd in Some (fv, args) -let rec repeatWhile (f: unit -> Tac bool): Tac unit - = if f () then repeatWhile f - - -let fail' msg = dump msg; fail msg - -exception Restore -let dump' (msg: string): Tac unit - = try set_smt_goals []; - iterAll (fun _ -> let _ = repeat clear_top in ()); - dump msg; - raise Restore - with | _ -> () - -let expect (msg: string) (x: option 'a): Tac 'a - = match x with - | None -> - dump' ("Expected " ^ msg); - fail ("Expected " ^ msg) - | Some x -> x - - let statement_of_lemma (lemma: term) = let _, comp = collect_arr (tc (cur_env ()) lemma) in match inspect_comp comp with @@ -110,7 +157,8 @@ let weaken_eq2_lemma (u: Type) (t: Type {subtype_of t u}) (p q: t) () : Lemma (requires ( == ) #u p q) (ensures ( == ) #t p q) = () - + +/// `apply_lemma_rw` doesn't work if the goal is `(==) #t ... (?u ...)` while the lemma is `(==) #u .. (?u ....)`. `apply_lemma_rw_eqtype` fixes some of those case, and warns about it. let apply_lemma_rw_eqtype (lemma: term): Tac unit = try apply_lemma_rw lemma @@ -139,9 +187,45 @@ let apply_lemma_rw_eqtype (lemma: term): Tac unit with | None -> raise e | Some () -> () - +/// Rewrites LHS of an equality: on goal `squash (x == y)`, it will add `squash (x == (?u ...))`. let rewrite_lhs (): Tac _ = let (lhs, _, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (rewrite_lhs)" in let uvar = fresh_uvar (Some (tc (cur_env ()) lhs)) in tcut (`squash (`#lhs == `#uvar)) +/// Rewrites RHS of an equality: on goal `squash (x == y)`, it will add `squash (y == (?u ...))`. +let rewrite_rhs (): Tac _ = + let (_, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (rewrite_rhs)" in + let uvar = fresh_uvar (Some (tc (cur_env ()) rhs)) in + tcut (`squash (`#rhs == `#uvar)) + + +(*** Unroll forall goals *) +let _split_forall_nat + (upper_bound: pos) + ($p: (i:nat{i < upper_bound}) -> Type0) + : Lemma (requires (if upper_bound = 0 then True + else p (upper_bound - 1) /\ (forall (i:nat{i < upper_bound - 1}). p i))) + (ensures forall (i:nat{i < upper_bound}). p i) + = () + +/// Proves `forall (i:nat{i < bound})` for `bound` being a concrete int +let rec prove_forall_nat_pointwise (tactic: unit -> Tac unit): Tac unit + = let _ = + (* hacky way of printing the progress *) + let goal = term_to_string (cur_goal ()) in + let goal = match String.split ['\n'] goal with + | s::_ -> s | _ -> "" in + print ("prove_forall_pointwise: " ^ goal ^ "...") + in + apply_lemma (`_split_forall_nat); + trivial `or_else` (fun _ -> + if try norm [primops]; + split (); + true + with | e -> false + then ( + tactic (); + prove_forall_nat_pointwise tactic + ) + ) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index c18e35239..d03ccfbcf 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -15,6 +15,21 @@ use super::vector_type::*; use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; +fn bitwise_equal(length: usize, d1: usize, d2: usize, inputs: &[T], outputs: &[U]) -> bool { + false +} + +#[hax::lemma] +pub fn serialize_4_int( + v: &[i16], +) -> Proof< + { + let (x1, x2, x3, x4) = serialize_4_int(v); + bitwise_equal(length, 4, 8, v, &[x1, x2, x3, x4]) + }, +> { +} + #[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { From 48fad7e8559664650a0b5e345539c7a1b9c5c395 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 28 Aug 2024 14:41:49 +0200 Subject: [PATCH 13/29] more --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 6 +-- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 10 +++++ ...crux_ml_kem.Vector.Portable.Serialize.fsti | 5 +-- .../src/vector/portable/serialize.rs | 38 +++++++++---------- 4 files changed, 32 insertions(+), 27 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index c1f191e01..8d1b9dfab 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -49,10 +49,8 @@ let prove_bit_vector_equality' (): Tac unit = prove_forall_nat_pointwise (print_time "SMT solved the goal in " (fun _ -> Tactics.Seq.norm_index_minimal (); print ("Ask SMT: " ^ term_to_string (cur_goal ())); - set_rlimit 80; - let _ = repeat clear_top in focus smt_sync )) let prove_bit_vector_equality (): Tac unit = - with_compat_pre_core 2 prove_bit_vector_equality' - + set_rlimit 100; + with_compat_pre_core 0 prove_bit_vector_equality' diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 092aa2781..685335f6e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -258,6 +258,16 @@ let serialize_4_int (v: t_Slice i16) = let _:Prims.unit = admit () (* Panic freedom *) in result +let serialize_4_int_lemma (inputs: t_Array i16 (sz 8)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index inputs i) 4)) + : squash ( + let outputs = serialize_4_int inputs in + let outputs = MkSeq.create4 outputs in + let inputs = bit_vec_of_int_t_array inputs 4 in + let outputs = bit_vec_of_int_t_array outputs 8 in + (forall (i: nat {i < 32}). inputs i == outputs i) + ) = _ by (Tactics.GetBit.prove_bit_vector_equality ()) + let serialize_5_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) |. ((v.[ sz 1 ] <: i16) < - let tuple:(u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 4 (MkSeq.create4 tuple) 8) + (fun _ -> Prims.l_True) val serialize_5_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index d03ccfbcf..5f73f1926 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -15,21 +15,6 @@ use super::vector_type::*; use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; -fn bitwise_equal(length: usize, d1: usize, d2: usize, inputs: &[T], outputs: &[U]) -> bool { - false -} - -#[hax::lemma] -pub fn serialize_4_int( - v: &[i16], -) -> Proof< - { - let (x1, x2, x3, x4) = serialize_4_int(v); - bitwise_equal(length, 4, 8, v, &[x1, x2, x3, x4]) - }, -> { -} - #[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { @@ -56,16 +41,31 @@ pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { result } +#[hax_lib::fstar::replace( + " +let serialize_4_int_lemma (inputs: t_Array i16 (sz 8)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index inputs i) 4)) + : squash ( + let outputs = ${serialize_4_int} inputs in + let outputs = MkSeq.create4 outputs in + let inputs = bit_vec_of_int_t_array inputs 4 in + let outputs = bit_vec_of_int_t_array outputs 8 in + (forall (i: nat {i < 32}). inputs i == outputs i) + ) = _ by (Tactics.GetBit.prove_bit_vector_equality ()) +" +)] +fn serialize_4_int_lemma(_inputs: &[i16]) {} + #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${v.len() == 8} /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 4 - (MkSeq.create4 $tuple) 8 -"#))] +// #[hax_lib::ensures(|tuple| fstar!(r#" +// BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 4 +// (MkSeq.create4 $tuple) 8 +// "#))] pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { let result0 = ((v[1] as u8) << 4) | (v[0] as u8); let result1 = ((v[3] as u8) << 4) | (v[2] as u8); From aaafdfc4c48cb20219044fd848b047ab5f86f9b3 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 29 Aug 2024 16:03:53 +0200 Subject: [PATCH 14/29] norm array_of_list --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index 8d1b9dfab..5ea5036a2 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -21,7 +21,12 @@ let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) /// Does one round of computation let compute_one_round (): Tac _ = norm [ iota; zeta; reify_ - ; delta_namespace ["FStar"; implode_qn (cur_module ()); "MkSeq"] + ; delta_namespace [ + "FStar" + ; implode_qn (cur_module ()) + ; "MkSeq" + ; `%Rust_primitives.Hax.array_of_list + ] ; primops; unmeta]; trace "compute_one_round: norm_pow2" norm_pow2; trace "compute_one_round: norm_machine_int" norm_machine_int; From d1bbc2abd6f8dca21343b7923914b80e2fe24cf9 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 11:55:31 +0200 Subject: [PATCH 15/29] reduce f_elements --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 1 + 1 file changed, 1 insertion(+) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index 5ea5036a2..24797065c 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -26,6 +26,7 @@ let compute_one_round (): Tac _ = ; implode_qn (cur_module ()) ; "MkSeq" ; `%Rust_primitives.Hax.array_of_list + ; `%Libcrux_ml_kem.Vector.Portable.Vector_type.__proj__Mkt_PortableVector__item__f_elements ] ; primops; unmeta]; trace "compute_one_round: norm_pow2" norm_pow2; From 84795a28600d663a3111089c94f858de41311d72 Mon Sep 17 00:00:00 2001 From: mamonet Date: Fri, 30 Aug 2024 13:52:56 +0000 Subject: [PATCH 16/29] Update serialize.rs --- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 647 +++--------------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 88 +-- .../src/vector/portable/serialize.rs | 380 +++++----- 3 files changed, 339 insertions(+), 776 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 685335f6e..cc53f10b0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -1,8 +1,10 @@ module Libcrux_ml_kem.Vector.Portable.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 1500" open Core open FStar.Mul +#push-options "--admit_smt_queries true" + let deserialize_10_int (bytes: t_Slice u8) = let r0:i16 = (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 6l <: i16) in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_11_int (bytes: t_Slice u8) = let r0:i16 = @@ -82,12 +79,7 @@ let deserialize_11_int (bytes: t_Slice u8) = ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_12_int (bytes: t_Slice u8) = let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in @@ -95,10 +87,7 @@ let deserialize_12_int (bytes: t_Slice u8) = let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16) = r0, r1 <: (i16 & i16) in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1 <: (i16 & i16) let deserialize_4_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in @@ -109,12 +98,7 @@ let deserialize_4_int (bytes: t_Slice u8) = let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_5_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in @@ -153,13 +137,7 @@ let deserialize_5_int (bytes: t_Slice u8) = i16 in let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result - -#push-options "--z3rlimit 480 --split_queries always" + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let serialize_10_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in @@ -176,12 +154,7 @@ let serialize_10_int (v: t_Slice i16) = (cast (((v.[ sz 2 ] <: i16) >>! 4l <: i16) &. 63s <: i16) <: u8) in let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(u8 & u8 & u8 & u8 & u8) = r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) in - let _:Prims.unit = admit () (* Panic freedom *) in - result - -#pop-options + r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) let serialize_11_int (v: t_Slice i16) = let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in @@ -216,14 +189,9 @@ let serialize_11_int (v: t_Slice i16) = (cast ((v.[ sz 6 ] <: i16) >>! 6l <: i16) <: u8) in let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 + <: + (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) let serialize_12_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in @@ -235,10 +203,7 @@ let serialize_12_int (v: t_Slice i16) = u8 in let r2:u8 = cast (((v.[ sz 1 ] <: i16) >>! 4l <: i16) &. 255s <: i16) <: u8 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(u8 & u8 & u8) = r0, r1, r2 <: (u8 & u8 & u8) in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2 <: (u8 & u8 & u8) let serialize_4_int (v: t_Slice i16) = let result0:u8 = @@ -253,20 +218,7 @@ let serialize_4_int (v: t_Slice i16) = let result3:u8 = ((cast (v.[ sz 7 ] <: i16) <: u8) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) < - let result:t_Array u8 (sz 2) = result in + (fun result0 temp_1_ -> + let result0:u8 = result0 in let _:usize = temp_1_ in true) - result - (fun result i -> - let result:t_Array u8 (sz 2) = result in + result0 + (fun result0 i -> + let result0:u8 = result0 in let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 0) - ((result.[ sz 0 ] <: u8) |. - ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < - let result:t_Array u8 (sz 2) = result in + (fun result1 temp_1_ -> + let result1:u8 = result1 in let _:usize = temp_1_ in true) - result - (fun result i -> - let result:t_Array u8 (sz 2) = result in + result1 + (fun result1 i -> + let result1:u8 = result1 in let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 1) - ((result.[ sz 1 ] <: u8) |. - ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 10)) 8 (MkSeq.create8 tuple) 10 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 10)) + (fun _ -> Prims.l_True) val deserialize_11_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) (requires Core.Slice.impl__len #u8 bytes =. sz 11) - (ensures - fun tuple -> - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 11)) 8 (MkSeq.create8 tuple) 11 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 11)) + (fun _ -> Prims.l_True) val deserialize_12_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16) (requires Core.Slice.impl__len #u8 bytes =. sz 3) - (ensures - fun tuple -> - let tuple:(i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 3)) 8 (MkSeq.create2 tuple) 12 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create2 tuple) i) 12)) + (fun _ -> Prims.l_True) val deserialize_4_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) (requires Core.Slice.impl__len #u8 bytes =. sz 4) - (ensures - fun tuple -> - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 4)) 8 (MkSeq.create8 tuple) 4 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) + (fun _ -> Prims.l_True) val deserialize_5_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) (requires Core.Slice.impl__len #u8 bytes =. sz 5) - (ensures - fun tuple -> - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 5)) 8 (MkSeq.create8 tuple) 5 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) + (fun _ -> Prims.l_True) val serialize_10_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 4)) 10 (MkSeq.create5 tuple) 8) + (requires Core.Slice.impl__len #i16 v =. sz 4) + (fun _ -> Prims.l_True) val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 8 /\ - (forall i. Rust_primitives.bounded (Seq.index v i) 11)) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 11 (MkSeq.create11 tuple) 8) + (requires Core.Slice.impl__len #i16 v =. sz 8) + (fun _ -> Prims.l_True) val serialize_12_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 2 /\ - (forall i. Rust_primitives.bounded (Seq.index v i) 12)) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 2)) 12 (MkSeq.create3 tuple) 8) + (requires Core.Slice.impl__len #i16 v =. sz 2) + (fun _ -> Prims.l_True) val serialize_4_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) - ) + (requires Core.Slice.impl__len #i16 v =. sz 8) (fun _ -> Prims.l_True) val serialize_5_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 5) - ) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 5 (MkSeq.create5 tuple) 8) + (requires Core.Slice.impl__len #i16 v =. sz 8) + (fun _ -> Prims.l_True) + +val deserialize_4_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires Core.Slice.impl__len #u8 bytes =. sz 8) + (fun _ -> Prims.l_True) val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) @@ -113,30 +78,25 @@ val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector val deserialize_1_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Core.Slice.impl__len #u8 v =. sz 2) (fun _ -> Prims.l_True) val deserialize_10_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Core.Slice.impl__len #u8 bytes =. sz 20) (fun _ -> Prims.l_True) val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Core.Slice.impl__len #u8 bytes =. sz 22) (fun _ -> Prims.l_True) val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) - -val deserialize_4_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Core.Slice.impl__len #u8 bytes =. sz 24) (fun _ -> Prims.l_True) val deserialize_5_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Core.Slice.impl__len #u8 bytes =. sz 10) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index 5f73f1926..af5503a0b 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -15,21 +15,51 @@ use super::vector_type::*; use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma +// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) +// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_1} inputs) 8 inputs.f_elements 1) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let serialize_1_lemma inputs = +// serialize_1_bit_vec_lemma inputs (); +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_1} inputs) 8) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 1)) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2\" + +// let serialize_1_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 1)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v.f_elements 1 in +// let outputs = bit_vec_of_int_t_array (${serialize_1} v) 8 in +// (forall (i: nat {i < 16}). inputs i == outputs i) +// ) = +// admit() + +// #pop-options +// "))] #[inline(always)] pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { - let mut result = [0u8; 2]; + let mut result0 = 0u8; + let mut result1 = 0u8; for i in 0..8 { - result[0] |= (v.elements[i] as u8) << i; + result0 |= (v.elements[i] as u8) << i; } for i in 8..16 { - result[1] |= (v.elements[i] as u8) << (i - 8); + result1 |= (v.elements[i] as u8) << (i - 8); } - result + [ + result0, + result1 + ] } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::requires(fstar!(r#" + ${v.len() == 2} +"#))] pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { let mut result = zero(); for i in 0..8 { @@ -41,67 +71,48 @@ pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { result } -#[hax_lib::fstar::replace( - " -let serialize_4_int_lemma (inputs: t_Array i16 (sz 8)) - (_: squash (forall i. Rust_primitives.bounded (Seq.index inputs i) 4)) - : squash ( - let outputs = ${serialize_4_int} inputs in - let outputs = MkSeq.create4 outputs in - let inputs = bit_vec_of_int_t_array inputs 4 in - let outputs = bit_vec_of_int_t_array outputs 8 in - (forall (i: nat {i < 32}). inputs i == outputs i) - ) = _ by (Tactics.GetBit.prove_bit_vector_equality ()) -" -)] -fn serialize_4_int_lemma(_inputs: &[i16]) {} - #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${v.len() == 8} - /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) "#))] -// #[hax_lib::ensures(|tuple| fstar!(r#" -// BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 4 -// (MkSeq.create4 $tuple) 8 -// "#))] pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { let result0 = ((v[1] as u8) << 4) | (v[0] as u8); let result1 = ((v[3] as u8) << 4) | (v[2] as u8); let result2 = ((v[5] as u8) << 4) | (v[4] as u8); let result3 = ((v[7] as u8) << 4) | (v[6] as u8); - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (result0, result1, result2, result3) } -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let serialize_4_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 4)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v.f_elements 4 in +// let outputs = bit_vec_of_int_t_array (${serialize_4} v) 8 in +// (forall (i: nat {i < 64}). inputs i == outputs i) +// ) = +// _ by (Tactics.GetBit.prove_bit_vector_equality ()) +// "))] #[inline(always)] pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] { let result0_3 = serialize_4_int(&v.elements[0..8]); let result4_7 = serialize_4_int(&v.elements[8..16]); - let mut result = [0u8; 8]; - result[0] = result0_3.0; - result[1] = result0_3.1; - result[2] = result0_3.2; - result[3] = result0_3.3; - result[4] = result4_7.0; - result[5] = result4_7.1; - result[6] = result4_7.2; - result[7] = result4_7.3; - result + [ + result0_3.0, + result0_3.1, + result0_3.2, + result0_3.3, + result4_7.0, + result4_7.1, + result4_7.2, + result4_7.3, + ] } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 4} "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 4)) 8 - (MkSeq.create8 $tuple) 4 - /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 4) -"#))] pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x0F) as i16; let v1 = ((bytes[0] >> 4) & 0x0F) as i16; @@ -111,44 +122,62 @@ pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, let v5 = ((bytes[2] >> 4) & 0x0F) as i16; let v6 = (bytes[3] & 0x0F) as i16; let v7 = ((bytes[3] >> 4) & 0x0F) as i16; - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (v0, v1, v2, v3, v4, v5, v6, v7) } -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma +// (ensures BitVecEq.int_t_array_bitwise_eq' (${deserialize_4} inputs).f_elements 4 inputs 8) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let deserialize_4_lemma inputs = +// deserialize_4_bit_vec_lemma inputs; +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_4} inputs).f_elements 4) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2\" + +// let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v 8 in +// let outputs = bit_vec_of_int_t_array (${deserialize_4} v).f_elements 4 in +// (forall (i: nat {i < 64}). inputs i == outputs i) +// ) = +// admit() + +// #pop-options +// "))] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 8} +"#))] #[inline(always)] pub(crate) fn deserialize_4(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_4_int(&bytes[0..4]); let v8_15 = deserialize_4_int(&bytes[4..8]); - let mut v = zero(); - v.elements[0] = v0_7.0; - v.elements[1] = v0_7.1; - v.elements[2] = v0_7.2; - v.elements[3] = v0_7.3; - v.elements[4] = v0_7.4; - v.elements[5] = v0_7.5; - v.elements[6] = v0_7.6; - v.elements[7] = v0_7.7; - v.elements[8] = v8_15.0; - v.elements[9] = v8_15.1; - v.elements[10] = v8_15.2; - v.elements[11] = v8_15.3; - v.elements[12] = v8_15.4; - v.elements[13] = v8_15.5; - v.elements[14] = v8_15.6; - v.elements[15] = v8_15.7; - v + PortableVector { elements: [ + v0_7.0, + v0_7.1, + v0_7.2, + v0_7.3, + v0_7.4, + v0_7.5, + v0_7.6, + v0_7.7, + v8_15.0, + v8_15.1, + v8_15.2, + v8_15.3, + v8_15.4, + v8_15.5, + v8_15.6, + v8_15.7, + ] } } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${v.len() == 8} - /\ (forall i. Rust_primitives.bounded (Seq.index v i) 5) -"#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 5 - (MkSeq.create5 $tuple) 8 "#))] pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r0 = (v[0] | v[1] << 5) as u8; @@ -159,7 +188,6 @@ pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { (r0, r1, r2, r3, r4) } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { let r0_4 = serialize_5_int(&v.elements[0..8]); @@ -179,15 +207,9 @@ pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 5} "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 5)) 8 - (MkSeq.create8 $tuple) 5 - /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 4) -"#))] pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x1F) as i16; let v1 = ((bytes[1] & 0x3) << 3 | (bytes[0] >> 5)) as i16; @@ -200,8 +222,10 @@ pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (v0, v1, v2, v3, v4, v5, v6, v7) } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 10} +"#))] pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_5_int(&bytes[0..5]); let v8_15 = deserialize_5_int(&bytes[5..10]); @@ -226,12 +250,8 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::fstar::options("--z3rlimit 480 --split_queries always")] -#[hax_lib::requires(v.len() == 4)] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 4)) 10 - (MkSeq.create5 $tuple) 8 +#[hax_lib::requires(fstar!(r#" + ${v.len() == 4} "#))] pub(crate) fn serialize_10_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r0 = (v[0] & 0xFF) as u8; @@ -239,11 +259,34 @@ pub(crate) fn serialize_10_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r2 = ((v[2] & 0x0F) as u8) << 4 | ((v[1] >> 6) & 0x0F) as u8; let r3 = ((v[3] & 0x03) as u8) << 6 | ((v[2] >> 4) & 0x3F) as u8; let r4 = ((v[3] >> 2) & 0xFF) as u8; - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4) } -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma +// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) +// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_10} inputs) 8 inputs.f_elements 10) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let serialize_10_lemma inputs = +// serialize_10_bit_vec_lemma inputs (); +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_10} inputs) 8) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 10)) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2\" + +// let serialize_10_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 10)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v.f_elements 10 in +// let outputs = bit_vec_of_int_t_array (${serialize_10} v) 8 in +// (forall (i: nat {i < 160}). inputs i == outputs i) +// ) = +// admit() + +// #pop-options +// "))] #[inline(always)] pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { let r0_4 = serialize_10_int(&v.elements[0..4]); @@ -257,15 +300,9 @@ pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 10} "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 10)) 8 - (MkSeq.create8 $tuple) 10 - /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 10) -"#))] pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = ((bytes[1] as i16 & 0x03) << 8 | (bytes[0] as i16 & 0xFF)) as i16; let r1 = ((bytes[2] as i16 & 0x0F) << 6 | (bytes[1] as i16 >> 2)) as i16; @@ -275,12 +312,13 @@ pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, let r5 = ((bytes[7] as i16 & 0x0F) << 6 | (bytes[6] as i16 >> 2)) as i16; let r6 = ((bytes[8] as i16 & 0x3F) << 4 | (bytes[7] as i16 >> 4)) as i16; let r7 = (((bytes[9] as i16) << 2) | (bytes[8] as i16 >> 6)) as i16; - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7) } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 20} +"#))] pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_10_int(&bytes[0..10]); let v8_15 = deserialize_10_int(&bytes[10..20]); @@ -305,14 +343,8 @@ pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${v.len() == 8} - /\ (forall i. Rust_primitives.bounded (Seq.index v i) 11) -"#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 11 - (MkSeq.create11 $tuple) 8 "#))] pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8, u8, u8) { let r0 = v[0] as u8; @@ -326,51 +358,48 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8 let r8 = ((v[6] & 0x3F) as u8) << 2 | (v[5] >> 9) as u8; let r9 = ((v[7] & 0x7) as u8) << 5 | (v[6] >> 6) as u8; let r10 = (v[7] >> 3) as u8; - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10) } -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val serialize_11_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma +// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 11)) +// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_11} inputs) 8 inputs.f_elements 11) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let serialize_11_lemma inputs = +// serialize_11_bit_vec_lemma inputs (); +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_11} inputs) 8) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 11)) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2\" + +// let serialize_11_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 11)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v.f_elements 11 in +// let outputs = bit_vec_of_int_t_array (${serialize_11} v) 8 in +// (forall (i: nat {i < 176}). inputs i == outputs i) +// ) = +// admit() + +// #pop-options +// "))] #[inline(always)] pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] { let r0_10 = serialize_11_int(&v.elements[0..8]); let r11_21 = serialize_11_int(&v.elements[8..16]); - let mut result = [0u8; 22]; - result[0] = r0_10.0; - result[1] = r0_10.1; - result[2] = r0_10.2; - result[3] = r0_10.3; - result[4] = r0_10.4; - result[5] = r0_10.5; - result[6] = r0_10.6; - result[7] = r0_10.7; - result[8] = r0_10.8; - result[9] = r0_10.9; - result[10] = r0_10.10; - result[11] = r11_21.0; - result[12] = r11_21.1; - result[13] = r11_21.2; - result[14] = r11_21.3; - result[15] = r11_21.4; - result[16] = r11_21.5; - result[17] = r11_21.6; - result[18] = r11_21.7; - result[19] = r11_21.8; - result[20] = r11_21.9; - result[21] = r11_21.10; - result + [ + r0_10.0, r0_10.1, r0_10.2, r0_10.3, r0_10.4, r0_10.5, r0_10.6, r0_10.7, r0_10.8, r0_10.9, r0_10.10, + r11_21.0, r11_21.1, r11_21.2, r11_21.3, r11_21.4, r11_21.5, r11_21.6, r11_21.7, r11_21.8, r11_21.9, r11_21.10, + ] } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 11} "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 11)) 8 - (MkSeq.create8 $tuple) 11 - /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 11) -"#))] pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = (bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16; let r1 = (bytes[2] as i16 & 0x3F) << 5 | (bytes[1] as i16 >> 3); @@ -380,12 +409,13 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, let r5 = (bytes[8] as i16 & 0x3) << 9 | ((bytes[7] as i16) << 1) | ((bytes[6] as i16) >> 7); let r6 = (bytes[9] as i16 & 0x1F) << 6 | (bytes[8] as i16 >> 2); let r7 = ((bytes[10] as i16) << 3) | (bytes[9] as i16 >> 5); - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7) } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 22} +"#))] pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_11_int(&bytes[0..11]); let v8_15 = deserialize_11_int(&bytes[11..22]); @@ -410,24 +440,41 @@ pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${v.len() == 2} - /\ (forall i. Rust_primitives.bounded (Seq.index v i) 12) -"#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 2)) 12 - (MkSeq.create3 $tuple) 8 "#))] pub(crate) fn serialize_12_int(v: &[i16]) -> (u8, u8, u8) { let r0 = (v[0] & 0xFF) as u8; let r1 = ((v[0] >> 8) | ((v[1] & 0x0F) << 4)) as u8; let r2 = ((v[1] >> 4) & 0xFF) as u8; - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2) } -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma +// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) +// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_12} inputs) 8 inputs.f_elements 12) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let serialize_12_lemma inputs = +// serialize_12_bit_vec_lemma inputs (); +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_12} inputs) 8) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 12)) +// "))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2\" + +let serialize_12_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 12)) + : squash ( + let inputs = bit_vec_of_int_t_array v.f_elements 12 in + let outputs = bit_vec_of_int_t_array (${serialize_12} v) 8 in + (forall (i: nat {i < 192}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[inline(always)] pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] { let r0_2 = serialize_12_int(&v.elements[0..2]); @@ -438,56 +485,35 @@ pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] { let r15_17 = serialize_12_int(&v.elements[10..12]); let r18_20 = serialize_12_int(&v.elements[12..14]); let r21_23 = serialize_12_int(&v.elements[14..16]); - let mut result = [0u8; 24]; - result[0] = r0_2.0; - result[1] = r0_2.1; - result[2] = r0_2.2; - result[3] = r3_5.0; - result[4] = r3_5.1; - result[5] = r3_5.2; - result[6] = r6_8.0; - result[7] = r6_8.1; - result[8] = r6_8.2; - result[9] = r9_11.0; - result[10] = r9_11.1; - result[11] = r9_11.2; - result[12] = r12_14.0; - result[13] = r12_14.1; - result[14] = r12_14.2; - result[15] = r15_17.0; - result[16] = r15_17.1; - result[17] = r15_17.2; - result[18] = r18_20.0; - result[19] = r18_20.1; - result[20] = r18_20.2; - result[21] = r21_23.0; - result[22] = r21_23.1; - result[23] = r21_23.2; - result + [ + r0_2.0, r0_2.1, r0_2.2, + r3_5.0, r3_5.1, r3_5.2, + r6_8.0, r6_8.1, r6_8.2, + r9_11.0, r9_11.1, r9_11.2, + r12_14.0, r12_14.1, r12_14.2, + r15_17.0, r15_17.1, r15_17.2, + r18_20.0, r18_20.1, r18_20.2, + r21_23.0, r21_23.1, r21_23.2, + ] } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 3} "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 3)) 8 - (MkSeq.create2 $tuple) 12 - /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create2 $tuple) i) 12) -"#))] pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) { let byte0 = bytes[0] as i16; let byte1 = bytes[1] as i16; let byte2 = bytes[2] as i16; let r0 = (byte1 & 0x0F) << 8 | (byte0 & 0xFF); let r1 = (byte2 << 4) | ((byte1 >> 4) & 0x0F); - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1) } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 24} +"#))] pub(crate) fn deserialize_12(bytes: &[u8]) -> PortableVector { let v0_1 = deserialize_12_int(&bytes[0..3]); let v2_3 = deserialize_12_int(&bytes[3..6]); From 8a8e8065e174c85ac3482adf6901b130173f13ac Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 31 Aug 2024 14:53:43 +0000 Subject: [PATCH 17/29] Add lemmas for Portable serialize/deserialize functions --- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 1522 +++++------------ ...crux_ml_kem.Vector.Portable.Serialize.fsti | 74 +- .../src/vector/portable/serialize.rs | 642 ++++--- 3 files changed, 930 insertions(+), 1308 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index cc53f10b0..001466fff 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -1,10 +1,8 @@ module Libcrux_ml_kem.Vector.Portable.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 1500" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul -#push-options "--admit_smt_queries true" - let deserialize_10_int (bytes: t_Slice u8) = let r0:i16 = (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 1l <: u8) &. 1uy <: u8) <: i16 in + let result2:i16 = cast (((v.[ sz 0 ] <: u8) >>! 2l <: u8) &. 1uy <: u8) <: i16 in + let result3:i16 = cast (((v.[ sz 0 ] <: u8) >>! 3l <: u8) &. 1uy <: u8) <: i16 in + let result4:i16 = cast (((v.[ sz 0 ] <: u8) >>! 4l <: u8) &. 1uy <: u8) <: i16 in + let result5:i16 = cast (((v.[ sz 0 ] <: u8) >>! 5l <: u8) &. 1uy <: u8) <: i16 in + let result6:i16 = cast (((v.[ sz 0 ] <: u8) >>! 6l <: u8) &. 1uy <: u8) <: i16 in + let result7:i16 = cast (((v.[ sz 0 ] <: u8) >>! 7l <: u8) &. 1uy <: u8) <: i16 in + let result8:i16 = cast ((v.[ sz 1 ] <: u8) &. 1uy <: u8) <: i16 in + let result9:i16 = cast (((v.[ sz 1 ] <: u8) >>! 1l <: u8) &. 1uy <: u8) <: i16 in + let result10:i16 = cast (((v.[ sz 1 ] <: u8) >>! 2l <: u8) &. 1uy <: u8) <: i16 in + let result11:i16 = cast (((v.[ sz 1 ] <: u8) >>! 3l <: u8) &. 1uy <: u8) <: i16 in + let result12:i16 = cast (((v.[ sz 1 ] <: u8) >>! 4l <: u8) &. 1uy <: u8) <: i16 in + let result13:i16 = cast (((v.[ sz 1 ] <: u8) >>! 5l <: u8) &. 1uy <: u8) <: i16 in + let result14:i16 = cast (((v.[ sz 1 ] <: u8) >>! 6l <: u8) &. 1uy <: u8) <: i16 in + let result15:i16 = cast (((v.[ sz 1 ] <: u8) >>! 7l <: u8) &. 1uy <: u8) <: i16 in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + result0; result1; result2; result3; result4; result5; result6; result7; result8; result9; + result10; result11; result12; result13; result14; result15 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +#push-options "--compat_pre_core 2 --z3rlimit 300" + +let deserialize_1_bit_vec_lemma (v: t_Array u8 (sz 2)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (deserialize_1_ v).f_elements 1 in + (forall (i: nat {i < 16}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options + +#push-options "--z3rlimit 300" + +let deserialize_1_lemma inputs = + deserialize_1_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_1_ inputs).f_elements 1) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options + +let deserialize_10_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 20 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +#push-options "--compat_pre_core 2 --z3rlimit 300" + +let deserialize_10_bit_vec_lemma (v: t_Array u8 (sz 20)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (deserialize_10_ v).f_elements 10 in + (forall (i: nat {i < 160}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options + +#push-options "--z3rlimit 300" + +let deserialize_10_lemma inputs = + deserialize_10_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options + +let deserialize_11_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let deserialize_12_ (bytes: t_Slice u8) = + let v0_1_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v2_3_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 6 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v4_5_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 6; Core.Ops.Range.f_end = sz 9 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v6_7_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 12 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_9_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 12; Core.Ops.Range.f_end = sz 15 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v10_11_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 15; Core.Ops.Range.f_end = sz 18 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v12_13_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 18; Core.Ops.Range.f_end = sz 21 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v14_15_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 21; Core.Ops.Range.f_end = sz 24 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_1_._1; v0_1_._2; v2_3_._1; v2_3_._2; v4_5_._1; v4_5_._2; v6_7_._1; v6_7_._2; v8_9_._1; + v8_9_._2; v10_11_._1; v10_11_._2; v12_13_._1; v12_13_._2; v14_15_._1; v14_15_._2 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +#push-options "--compat_pre_core 2 --z3rlimit 300" + +let deserialize_12_bit_vec_lemma (v: t_Array u8 (sz 24)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (deserialize_12_ v).f_elements 12 in + (forall (i: nat {i < 192}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options + +#push-options "--z3rlimit 300" + +let deserialize_12_lemma inputs = + deserialize_12_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_12_ inputs).f_elements 12) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options + let deserialize_4_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } @@ -276,50 +501,174 @@ let deserialize_4_ (bytes: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +#push-options "--compat_pre_core 2 --z3rlimit 300" + +let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (deserialize_4_ v).f_elements 4 in + (forall (i: nat {i < 64}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options + +#push-options "--z3rlimit 300" + +let deserialize_4_lemma inputs = + deserialize_4_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options + +let deserialize_5_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let result0:u8 = 0uy in - let result1:u8 = 0uy in let result0:u8 = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 8) - (fun result0 temp_1_ -> - let result0:u8 = result0 in - let _:usize = temp_1_ in - true) - result0 - (fun result0 i -> - let result0:u8 = result0 in - let i:usize = i in - result0 |. - ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < - let result1:u8 = result1 in - let _:usize = temp_1_ in - true) - result1 - (fun result1 i -> - let result1:u8 = result1 in - let i:usize = i in - result1 |. - ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - let _:usize = temp_1_ in - true) - result - (fun result i -> - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - let i:usize = i in - { - result with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (cast (((v.[ sz 0 ] <: u8) >>! i <: u8) &. 1uy <: u8) <: i16) - <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 8) - Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun result temp_1_ -> - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - let _:usize = temp_1_ in - true) - result - (fun result i -> - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - let i:usize = i in - { - result with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (cast (((v.[ sz 1 ] <: u8) >>! (i -! sz 8 <: usize) <: u8) &. 1uy <: u8) <: i16) - <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - in - result - -let deserialize_10_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 20 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Vector.Portable.Vector_type.zero () - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 0) - v0_7_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 1) - v0_7_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 2) - v0_7_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 3) - v0_7_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 4) - v0_7_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 5) - v0_7_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 6) - v0_7_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 7) - v0_7_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 8) - v8_15_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 9) - v8_15_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 10) - v8_15_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 11) - v8_15_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 12) - v8_15_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 13) - v8_15_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 14) - v8_15_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 15) - v8_15_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - v - -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Vector.Portable.Vector_type.zero () - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 0) - v0_7_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 1) - v0_7_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 2) - v0_7_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 3) - v0_7_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 4) - v0_7_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 5) - v0_7_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 6) - v0_7_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 7) - v0_7_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 8) - v8_15_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 9) - v8_15_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 10) - v8_15_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 11) - v8_15_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 12) - v8_15_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 13) - v8_15_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 14) - v8_15_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 15) - v8_15_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - v - -let deserialize_12_ (bytes: t_Slice u8) = - let v0_1_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v2_3_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 6 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v4_5_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 6; Core.Ops.Range.f_end = sz 9 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v6_7_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 12 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_9_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 12; Core.Ops.Range.f_end = sz 15 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v10_11_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 15; Core.Ops.Range.f_end = sz 18 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v12_13_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 18; Core.Ops.Range.f_end = sz 21 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v14_15_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 21; Core.Ops.Range.f_end = sz 24 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Vector.Portable.Vector_type.zero () - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 0) - v0_1_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 1) - v0_1_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 2) - v2_3_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 3) - v2_3_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 4) - v4_5_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 5) - v4_5_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 6) - v6_7_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 7) - v6_7_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 8) - v8_9_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 9) - v8_9_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 10) - v10_11_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 11) - v10_11_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 12) - v12_13_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 13) - v12_13_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 14) - v14_15_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 15) - v14_15_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - re - -let deserialize_5_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Vector.Portable.Vector_type.zero () - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 0) - v0_7_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 1) - v0_7_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 2) - v0_7_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 3) - v0_7_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 4) - v0_7_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 5) - v0_7_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 6) - v0_7_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 7) - v0_7_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 8) - v8_15_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 9) - v8_15_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 10) - v8_15_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 11) - v8_15_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 12) - v8_15_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 13) - v8_15_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 14) - v8_15_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 15) - v8_15_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + let list = + [ + r0_4_._1; r0_4_._2; r0_4_._3; r0_4_._4; r0_4_._5; r5_9_._1; r5_9_._2; r5_9_._3; r5_9_._4; + r5_9_._5 + ] in - v + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 10); + Rust_primitives.Hax.array_of_list 10 list diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index f032ee103..1456b37d8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -53,39 +53,22 @@ val serialize_5_int (v: t_Slice i16) (requires Core.Slice.impl__len #i16 v =. sz 8) (fun _ -> Prims.l_True) -val deserialize_4_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Core.Slice.impl__len #u8 bytes =. sz 8) - (fun _ -> Prims.l_True) - -val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) - val deserialize_1_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 v =. sz 2) (fun _ -> Prims.l_True) +val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_1_ inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8) + val deserialize_10_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 20) (fun _ -> Prims.l_True) +val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) + val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 22) @@ -96,7 +79,52 @@ val deserialize_12_ (bytes: t_Slice u8) (requires Core.Slice.impl__len #u8 bytes =. sz 24) (fun _ -> Prims.l_True) +val deserialize_12_lemma (inputs: t_Array u8 (sz 24)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_12_ inputs).f_elements 12 == bit_vec_of_int_t_array inputs 8) + +val deserialize_4_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires Core.Slice.impl__len #u8 bytes =. sz 8) + (fun _ -> Prims.l_True) + +val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) + val deserialize_5_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 10) (fun _ -> Prims.l_True) + +val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) + (ensures bit_vec_of_int_t_array (serialize_1_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 1) + +val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) + (ensures bit_vec_of_int_t_array (serialize_10_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) + +val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) + (ensures bit_vec_of_int_t_array (serialize_12_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 12) + +val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) + (ensures bit_vec_of_int_t_array (serialize_4_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4) + +val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index af5503a0b..5a9947fb2 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -13,62 +13,118 @@ // and code that updates arrays (in the outer functions). use super::vector_type::*; -use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; -// #[cfg_attr(hax, hax_lib::fstar::after(interface, " -// val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma -// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) -// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_1} inputs) 8 inputs.f_elements 1) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// let serialize_1_lemma inputs = -// serialize_1_bit_vec_lemma inputs (); -// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_1} inputs) 8) -// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 1)) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2\" +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) + (ensures bit_vec_of_int_t_array (${serialize_1} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 1) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" -// let serialize_1_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 1)) -// : squash ( -// let inputs = bit_vec_of_int_t_array v.f_elements 1 in -// let outputs = bit_vec_of_int_t_array (${serialize_1} v) 8 in -// (forall (i: nat {i < 16}). inputs i == outputs i) -// ) = -// admit() +let serialize_1_lemma inputs = + serialize_1_bit_vec_lemma inputs.f_elements (); + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_1} inputs) 8) + (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 1)) -// #pop-options -// "))] +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let serialize_1_bit_vec_lemma (v: t_Array i16 (sz 16)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 1)) + : squash ( + let inputs = bit_vec_of_int_t_array v 1 in + let outputs = bit_vec_of_int_t_array (${serialize_1} ({ f_elements = v })) 8 in + (forall (i: nat {i < 16}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[inline(always)] pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { - let mut result0 = 0u8; - let mut result1 = 0u8; - for i in 0..8 { - result0 |= (v.elements[i] as u8) << i; - } - for i in 8..16 { - result1 |= (v.elements[i] as u8) << (i - 8); - } + let result0 = (v.elements[0] as u8) | ((v.elements[1] as u8) << 1) | + ((v.elements[2] as u8) << 2) | ((v.elements[3] as u8) << 3) | + ((v.elements[4] as u8) << 4) | ((v.elements[5] as u8) << 5) | + ((v.elements[6] as u8) << 6) | ((v.elements[7] as u8) << 7); + let result1 = (v.elements[8] as u8) | ((v.elements[9] as u8) << 1) | + ((v.elements[10] as u8) << 2) | ((v.elements[11] as u8) << 3) | + ((v.elements[12] as u8) << 4) | ((v.elements[13] as u8) << 5) | + ((v.elements[14] as u8) << 6) | ((v.elements[15] as u8) << 7); [ result0, result1 ] } -#[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma + (ensures bit_vec_of_int_t_array (${deserialize_1} inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" + +let deserialize_1_lemma inputs = + deserialize_1_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_1} inputs).f_elements 1) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let deserialize_1_bit_vec_lemma (v: t_Array u8 (sz 2)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (${deserialize_1} v).f_elements 1 in + (forall (i: nat {i < 16}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[hax_lib::requires(fstar!(r#" ${v.len() == 2} "#))] +#[inline(always)] pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { - let mut result = zero(); - for i in 0..8 { - result.elements[i] = ((v[0] >> i) & 0x1) as i16; - } - for i in 8..FIELD_ELEMENTS_IN_VECTOR { - result.elements[i] = ((v[1] >> (i - 8)) & 0x1) as i16; - } - result + let result0 = (v[0] & 0x1) as i16; + let result1 = ((v[0] >> 1) & 0x1) as i16; + let result2 = ((v[0] >> 2) & 0x1) as i16; + let result3 = ((v[0] >> 3) & 0x1) as i16; + let result4 = ((v[0] >> 4) & 0x1) as i16; + let result5 = ((v[0] >> 5) & 0x1) as i16; + let result6 = ((v[0] >> 6) & 0x1) as i16; + let result7 = ((v[0] >> 7) & 0x1) as i16; + let result8 = (v[1] & 0x1) as i16; + let result9 = ((v[1] >> 1) & 0x1) as i16; + let result10 = ((v[1] >> 2) & 0x1) as i16; + let result11 = ((v[1] >> 3) & 0x1) as i16; + let result12 = ((v[1] >> 4) & 0x1) as i16; + let result13 = ((v[1] >> 5) & 0x1) as i16; + let result14 = ((v[1] >> 6) & 0x1) as i16; + let result15 = ((v[1] >> 7) & 0x1) as i16; + PortableVector { elements: [ + result0, + result1, + result2, + result3, + result4, + result5, + result6, + result7, + result8, + result9, + result10, + result11, + result12, + result13, + result14, + result15, + ] } } #[inline(always)] @@ -83,16 +139,35 @@ pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { (result0, result1, result2, result3) } -// #[cfg_attr(hax, hax_lib::fstar::after(" -// let serialize_4_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 4)) -// : squash ( -// let inputs = bit_vec_of_int_t_array v.f_elements 4 in -// let outputs = bit_vec_of_int_t_array (${serialize_4} v) 8 in -// (forall (i: nat {i < 64}). inputs i == outputs i) -// ) = -// _ by (Tactics.GetBit.prove_bit_vector_equality ()) -// "))] +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) + (ensures bit_vec_of_int_t_array (${serialize_4} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" + +let serialize_4_lemma inputs = + serialize_4_bit_vec_lemma inputs.f_elements (); + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_4} inputs) 8) + (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 4)) + +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let serialize_4_bit_vec_lemma (v: t_Array i16 (sz 16)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 4)) + : squash ( + let inputs = bit_vec_of_int_t_array v 4 in + let outputs = bit_vec_of_int_t_array (${serialize_4} ({ f_elements = v })) 8 in + (forall (i: nat {i < 64}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[inline(always)] pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] { let result0_3 = serialize_4_int(&v.elements[0..8]); @@ -125,29 +200,33 @@ pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (v0, v1, v2, v3, v4, v5, v6, v7) } -// #[cfg_attr(hax, hax_lib::fstar::after(interface, " -// val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma -// (ensures BitVecEq.int_t_array_bitwise_eq' (${deserialize_4} inputs).f_elements 4 inputs 8) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// let deserialize_4_lemma inputs = -// deserialize_4_bit_vec_lemma inputs; -// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_4} inputs).f_elements 4) -// (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2\" +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma + (ensures bit_vec_of_int_t_array (${deserialize_4} inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" -// let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) -// : squash ( -// let inputs = bit_vec_of_int_t_array v 8 in -// let outputs = bit_vec_of_int_t_array (${deserialize_4} v).f_elements 4 in -// (forall (i: nat {i < 64}). inputs i == outputs i) -// ) = -// admit() +let deserialize_4_lemma inputs = + deserialize_4_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_4} inputs).f_elements 4) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) -// #pop-options -// "))] +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (${deserialize_4} v).f_elements 4 in + (forall (i: nat {i < 64}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 8} "#))] @@ -188,22 +267,51 @@ pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { (r0, r1, r2, r3, r4) } +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val serialize_5_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma +// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 5)) +// (ensures bit_vec_of_int_t_array (${serialize_5} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 5) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--z3rlimit 300\" + +// let serialize_5_lemma inputs = +// serialize_5_bit_vec_lemma inputs.f_elements (); +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_5} inputs) 8) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 5)) + +// #pop-options +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2 --z3rlimit 300\" + +// let serialize_5_bit_vec_lemma (v: t_Array i16 (sz 16)) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 5)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v 5 in +// let outputs = bit_vec_of_int_t_array (${serialize_5} ({ f_elements = v })) 8 in +// (forall (i: nat {i < 80}). inputs i == outputs i) +// ) = +// _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +// #pop-options +// "))] #[inline(always)] pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { let r0_4 = serialize_5_int(&v.elements[0..8]); let r5_9 = serialize_5_int(&v.elements[8..16]); - let mut result = [0u8; 10]; - result[0] = r0_4.0; - result[1] = r0_4.1; - result[2] = r0_4.2; - result[3] = r0_4.3; - result[4] = r0_4.4; - result[5] = r5_9.0; - result[6] = r5_9.1; - result[7] = r5_9.2; - result[8] = r5_9.3; - result[9] = r5_9.4; - result + [ + r0_4.0, + r0_4.1, + r0_4.2, + r0_4.3, + r0_4.4, + r5_9.0, + r5_9.1, + r5_9.2, + r5_9.3, + r5_9.4, + ] } #[inline(always)] @@ -222,31 +330,58 @@ pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (v0, v1, v2, v3, v4, v5, v6, v7) } -#[inline(always)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val deserialize_5_lemma (inputs: t_Array u8 (sz 10)) : Lemma +// (ensures bit_vec_of_int_t_array (${deserialize_5} inputs).f_elements 5 == bit_vec_of_int_t_array inputs 8) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--z3rlimit 300\" + +// let deserialize_5_lemma inputs = +// deserialize_5_bit_vec_lemma inputs; +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_5} inputs).f_elements 5) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +// #pop-options +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2 --z3rlimit 300\" + +// let deserialize_5_bit_vec_lemma (v: t_Array u8 (sz 10)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v 8 in +// let outputs = bit_vec_of_int_t_array (${deserialize_5} v).f_elements 5 in +// (forall (i: nat {i < 80}). inputs i == outputs i) +// ) = +// _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +// #pop-options +// "))] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 10} "#))] +#[inline(always)] pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_5_int(&bytes[0..5]); let v8_15 = deserialize_5_int(&bytes[5..10]); - let mut v = zero(); - v.elements[0] = v0_7.0; - v.elements[1] = v0_7.1; - v.elements[2] = v0_7.2; - v.elements[3] = v0_7.3; - v.elements[4] = v0_7.4; - v.elements[5] = v0_7.5; - v.elements[6] = v0_7.6; - v.elements[7] = v0_7.7; - v.elements[8] = v8_15.0; - v.elements[9] = v8_15.1; - v.elements[10] = v8_15.2; - v.elements[11] = v8_15.3; - v.elements[12] = v8_15.4; - v.elements[13] = v8_15.5; - v.elements[14] = v8_15.6; - v.elements[15] = v8_15.7; - v + PortableVector { elements: [ + v0_7.0, + v0_7.1, + v0_7.2, + v0_7.3, + v0_7.4, + v0_7.5, + v0_7.6, + v0_7.7, + v8_15.0, + v8_15.1, + v8_15.2, + v8_15.3, + v8_15.4, + v8_15.5, + v8_15.6, + v8_15.7, + ] } } #[inline(always)] @@ -262,31 +397,35 @@ pub(crate) fn serialize_10_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { (r0, r1, r2, r3, r4) } -// #[cfg_attr(hax, hax_lib::fstar::after(interface, " -// val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma -// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) -// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_10} inputs) 8 inputs.f_elements 10) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// let serialize_10_lemma inputs = -// serialize_10_bit_vec_lemma inputs (); -// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_10} inputs) 8) -// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 10)) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2\" +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) + (ensures bit_vec_of_int_t_array (${serialize_10} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" -// let serialize_10_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 10)) -// : squash ( -// let inputs = bit_vec_of_int_t_array v.f_elements 10 in -// let outputs = bit_vec_of_int_t_array (${serialize_10} v) 8 in -// (forall (i: nat {i < 160}). inputs i == outputs i) -// ) = -// admit() +let serialize_10_lemma inputs = + serialize_10_bit_vec_lemma inputs.f_elements (); + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_10} inputs) 8) + (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 10)) -// #pop-options -// "))] +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let serialize_10_bit_vec_lemma (v: t_Array i16 (sz 16)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 10)) + : squash ( + let inputs = bit_vec_of_int_t_array v 10 in + let outputs = bit_vec_of_int_t_array (${serialize_10} ({ f_elements = v })) 8 in + (forall (i: nat {i < 160}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[inline(always)] pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { let r0_4 = serialize_10_int(&v.elements[0..4]); @@ -315,31 +454,58 @@ pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (r0, r1, r2, r3, r4, r5, r6, r7) } -#[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma + (ensures bit_vec_of_int_t_array (${deserialize_10} inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" + +let deserialize_10_lemma inputs = + deserialize_10_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_10} inputs).f_elements 10) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let deserialize_10_bit_vec_lemma (v: t_Array u8 (sz 20)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (${deserialize_10} v).f_elements 10 in + (forall (i: nat {i < 160}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 20} "#))] +#[inline(always)] pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_10_int(&bytes[0..10]); let v8_15 = deserialize_10_int(&bytes[10..20]); - let mut v = zero(); - v.elements[0] = v0_7.0; - v.elements[1] = v0_7.1; - v.elements[2] = v0_7.2; - v.elements[3] = v0_7.3; - v.elements[4] = v0_7.4; - v.elements[5] = v0_7.5; - v.elements[6] = v0_7.6; - v.elements[7] = v0_7.7; - v.elements[8] = v8_15.0; - v.elements[9] = v8_15.1; - v.elements[10] = v8_15.2; - v.elements[11] = v8_15.3; - v.elements[12] = v8_15.4; - v.elements[13] = v8_15.5; - v.elements[14] = v8_15.6; - v.elements[15] = v8_15.7; - v + PortableVector { elements: [ + v0_7.0, + v0_7.1, + v0_7.2, + v0_7.3, + v0_7.4, + v0_7.5, + v0_7.6, + v0_7.7, + v8_15.0, + v8_15.1, + v8_15.2, + v8_15.3, + v8_15.4, + v8_15.5, + v8_15.6, + v8_15.7, + ] } } #[inline(always)] @@ -364,25 +530,29 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8 // #[cfg_attr(hax, hax_lib::fstar::after(interface, " // val serialize_11_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma // (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 11)) -// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_11} inputs) 8 inputs.f_elements 11) +// (ensures bit_vec_of_int_t_array (${serialize_11} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 11) // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--z3rlimit 300\" + // let serialize_11_lemma inputs = -// serialize_11_bit_vec_lemma inputs (); +// serialize_11_bit_vec_lemma inputs.f_elements (); // BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_11} inputs) 8) // (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 11)) + +// #pop-options // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2\" +// #push-options \"--compat_pre_core 2 --z3rlimit 300\" -// let serialize_11_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 11)) +// let serialize_11_bit_vec_lemma (v: t_Array i16 (sz 16)) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 11)) // : squash ( -// let inputs = bit_vec_of_int_t_array v.f_elements 11 in -// let outputs = bit_vec_of_int_t_array (${serialize_11} v) 8 in +// let inputs = bit_vec_of_int_t_array v 11 in +// let outputs = bit_vec_of_int_t_array (${serialize_11} ({ f_elements = v })) 8 in // (forall (i: nat {i < 176}). inputs i == outputs i) // ) = -// admit() +// _ by (Tactics.GetBit.prove_bit_vector_equality' ()) // #pop-options // "))] @@ -412,31 +582,58 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (r0, r1, r2, r3, r4, r5, r6, r7) } -#[inline(always)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val deserialize_11_lemma (inputs: t_Array u8 (sz 22)) : Lemma +// (ensures bit_vec_of_int_t_array (${deserialize_11} inputs).f_elements 11 == bit_vec_of_int_t_array inputs 8) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--z3rlimit 300\" + +// let deserialize_11_lemma inputs = +// deserialize_11_bit_vec_lemma inputs; +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_11} inputs).f_elements 11) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +// #pop-options +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2 --z3rlimit 300\" + +// let deserialize_11_bit_vec_lemma (v: t_Array u8 (sz 22)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v 8 in +// let outputs = bit_vec_of_int_t_array (${deserialize_11} v).f_elements 11 in +// (forall (i: nat {i < 176}). inputs i == outputs i) +// ) = +// _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +// #pop-options +// "))] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 22} "#))] +#[inline(always)] pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_11_int(&bytes[0..11]); let v8_15 = deserialize_11_int(&bytes[11..22]); - let mut v = zero(); - v.elements[0] = v0_7.0; - v.elements[1] = v0_7.1; - v.elements[2] = v0_7.2; - v.elements[3] = v0_7.3; - v.elements[4] = v0_7.4; - v.elements[5] = v0_7.5; - v.elements[6] = v0_7.6; - v.elements[7] = v0_7.7; - v.elements[8] = v8_15.0; - v.elements[9] = v8_15.1; - v.elements[10] = v8_15.2; - v.elements[11] = v8_15.3; - v.elements[12] = v8_15.4; - v.elements[13] = v8_15.5; - v.elements[14] = v8_15.6; - v.elements[15] = v8_15.7; - v + PortableVector { elements: [ + v0_7.0, + v0_7.1, + v0_7.2, + v0_7.3, + v0_7.4, + v0_7.5, + v0_7.6, + v0_7.7, + v8_15.0, + v8_15.1, + v8_15.2, + v8_15.3, + v8_15.4, + v8_15.5, + v8_15.6, + v8_15.7, + ] } } #[inline(always)] @@ -450,25 +647,29 @@ pub(crate) fn serialize_12_int(v: &[i16]) -> (u8, u8, u8) { (r0, r1, r2) } -// #[cfg_attr(hax, hax_lib::fstar::after(interface, " -// val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma -// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) -// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_12} inputs) 8 inputs.f_elements 12) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// let serialize_12_lemma inputs = -// serialize_12_bit_vec_lemma inputs (); -// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_12} inputs) 8) -// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 12)) -// "))] +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) + (ensures bit_vec_of_int_t_array (${serialize_12} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 12) +"))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2\" +#push-options \"--z3rlimit 300\" -let serialize_12_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 12)) +let serialize_12_lemma inputs = + serialize_12_bit_vec_lemma inputs.f_elements (); + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_12} inputs) 8) + (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 12)) + +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let serialize_12_bit_vec_lemma (v: t_Array i16 (sz 16)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 12)) : squash ( - let inputs = bit_vec_of_int_t_array v.f_elements 12 in - let outputs = bit_vec_of_int_t_array (${serialize_12} v) 8 in + let inputs = bit_vec_of_int_t_array v 12 in + let outputs = bit_vec_of_int_t_array (${serialize_12} ({ f_elements = v })) 8 in (forall (i: nat {i < 192}). inputs i == outputs i) ) = _ by (Tactics.GetBit.prove_bit_vector_equality' ()) @@ -510,10 +711,37 @@ pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) { (r0, r1) } -#[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_12_lemma (inputs: t_Array u8 (sz 24)) : Lemma + (ensures bit_vec_of_int_t_array (${deserialize_12} inputs).f_elements 12 == bit_vec_of_int_t_array inputs 8) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" + +let deserialize_12_lemma inputs = + deserialize_12_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_12} inputs).f_elements 12) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let deserialize_12_bit_vec_lemma (v: t_Array u8 (sz 24)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (${deserialize_12} v).f_elements 12 in + (forall (i: nat {i < 192}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 24} "#))] +#[inline(always)] pub(crate) fn deserialize_12(bytes: &[u8]) -> PortableVector { let v0_1 = deserialize_12_int(&bytes[0..3]); let v2_3 = deserialize_12_int(&bytes[3..6]); @@ -523,22 +751,22 @@ pub(crate) fn deserialize_12(bytes: &[u8]) -> PortableVector { let v10_11 = deserialize_12_int(&bytes[15..18]); let v12_13 = deserialize_12_int(&bytes[18..21]); let v14_15 = deserialize_12_int(&bytes[21..24]); - let mut re = zero(); - re.elements[0] = v0_1.0; - re.elements[1] = v0_1.1; - re.elements[2] = v2_3.0; - re.elements[3] = v2_3.1; - re.elements[4] = v4_5.0; - re.elements[5] = v4_5.1; - re.elements[6] = v6_7.0; - re.elements[7] = v6_7.1; - re.elements[8] = v8_9.0; - re.elements[9] = v8_9.1; - re.elements[10] = v10_11.0; - re.elements[11] = v10_11.1; - re.elements[12] = v12_13.0; - re.elements[13] = v12_13.1; - re.elements[14] = v14_15.0; - re.elements[15] = v14_15.1; - re + PortableVector { elements: [ + v0_1.0, + v0_1.1, + v2_3.0, + v2_3.1, + v4_5.0, + v4_5.1, + v6_7.0, + v6_7.1, + v8_9.0, + v8_9.1, + v10_11.0, + v10_11.1, + v12_13.0, + v12_13.1, + v14_15.0, + v14_15.1, + ] } } From 0ad4043d187093bf8f10286f1132d00e452a1400 Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 2 Sep 2024 12:00:02 +0000 Subject: [PATCH 18/29] Use z3refresh on tactic calls for serialize.rs --- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 16 ++++++------- .../src/vector/portable/serialize.rs | 24 +++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 001466fff..4f479ac21 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -276,7 +276,7 @@ let deserialize_1_ (v: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let deserialize_1_bit_vec_lemma (v: t_Array u8 (sz 2)) : squash ( @@ -327,7 +327,7 @@ let deserialize_10_ (bytes: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let deserialize_10_bit_vec_lemma (v: t_Array u8 (sz 20)) : squash ( @@ -450,7 +450,7 @@ let deserialize_12_ (bytes: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let deserialize_12_bit_vec_lemma (v: t_Array u8 (sz 24)) : squash ( @@ -501,7 +501,7 @@ let deserialize_4_ (bytes: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) : squash ( @@ -647,7 +647,7 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); Rust_primitives.Hax.array_of_list 2 list -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let serialize_1_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 1)) @@ -720,7 +720,7 @@ let serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 20); Rust_primitives.Hax.array_of_list 20 list -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let serialize_10_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 10)) @@ -864,7 +864,7 @@ let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 24); Rust_primitives.Hax.array_of_list 24 list -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let serialize_12_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 12)) @@ -922,7 +922,7 @@ let serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let serialize_4_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 4)) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index 5a9947fb2..e10194a40 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -30,7 +30,7 @@ let serialize_1_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let serialize_1_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 1)) @@ -74,7 +74,7 @@ let deserialize_1_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let deserialize_1_bit_vec_lemma (v: t_Array u8 (sz 2)) : squash ( @@ -155,7 +155,7 @@ let serialize_4_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let serialize_4_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 4)) @@ -215,7 +215,7 @@ let deserialize_4_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) : squash ( @@ -283,7 +283,7 @@ pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { // #pop-options // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2 --z3rlimit 300\" +// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" // let serialize_5_bit_vec_lemma (v: t_Array i16 (sz 16)) // (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 5)) @@ -345,7 +345,7 @@ pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, // #pop-options // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2 --z3rlimit 300\" +// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" // let deserialize_5_bit_vec_lemma (v: t_Array u8 (sz 10)) // : squash ( @@ -413,7 +413,7 @@ let serialize_10_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let serialize_10_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 10)) @@ -469,7 +469,7 @@ let deserialize_10_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let deserialize_10_bit_vec_lemma (v: t_Array u8 (sz 20)) : squash ( @@ -543,7 +543,7 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8 // #pop-options // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2 --z3rlimit 300\" +// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" // let serialize_11_bit_vec_lemma (v: t_Array i16 (sz 16)) // (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 11)) @@ -597,7 +597,7 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, // #pop-options // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2 --z3rlimit 300\" +// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" // let deserialize_11_bit_vec_lemma (v: t_Array u8 (sz 22)) // : squash ( @@ -663,7 +663,7 @@ let serialize_12_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let serialize_12_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 12)) @@ -726,7 +726,7 @@ let deserialize_12_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let deserialize_12_bit_vec_lemma (v: t_Array u8 (sz 24)) : squash ( From 37d4f52ecd6348bee53feae7e4270f9849633f47 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Mon, 2 Sep 2024 14:50:15 +0200 Subject: [PATCH 19/29] makefile: add a `SLOW_MODULES` variable --- fstar-helpers/Makefile.base | 11 ++++++- fstar-helpers/Makefile.generic | 1 + fstar-helpers/fstar-bitvec/Makefile | 31 ------------------- .../proofs/fstar/extraction/Makefile | 4 ++- 4 files changed, 14 insertions(+), 33 deletions(-) diff --git a/fstar-helpers/Makefile.base b/fstar-helpers/Makefile.base index e7c57847f..b4e0d962b 100644 --- a/fstar-helpers/Makefile.base +++ b/fstar-helpers/Makefile.base @@ -1,5 +1,14 @@ # Base Makefile for F* in libcrux. # This inherits from Makefile.generic, and adds the `specs` folder from HACL and the `libcrux-ml-kem/proofs/fstar/spec` folder. -FSTAR_INCLUDE_DIRS_EXTRA = $(HACL_HOME)/specs $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec $(shell git rev-parse --show-toplevel)/fstar-helpers/fstar-bitvec +VERIFY_SLOW_MODULES ?= no +ifeq (${VERIFY_SLOW_MODULES},no) + ADMIT_MODULES += ${SLOW_MODULES} +endif + +EXTRA_HELPMESSAGE += printf "Libcrux specifics:\n"; +EXTRA_HELPMESSAGE += target SLOW_MODULES 'a list of modules to verify fully only when `VERIFY_SLOW_MODULES` is set to `yes`. When `VERIFY_SLOW_MODULES`, those modules are admitted.'; +EXTRA_HELPMESSAGE += target VERIFY_SLOW_MODULES '`yes` or `no`, defaults to `no`'; + +FSTAR_INCLUDE_DIRS_EXTRA += $(HACL_HOME)/specs $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec $(shell git rev-parse --show-toplevel)/fstar-helpers/fstar-bitvec include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.generic diff --git a/fstar-helpers/Makefile.generic b/fstar-helpers/Makefile.generic index ce340b346..0a40da2d8 100644 --- a/fstar-helpers/Makefile.generic +++ b/fstar-helpers/Makefile.generic @@ -196,6 +196,7 @@ echo "Variables:" target "NO_COLOR" "Set to anything to disable colors" target "ADMIT_MODULES" "List of modules where F* will assume every SMT query" target "FSTAR_INCLUDE_DIRS_EXTRA" "List of extra include F* dirs" +${EXTRA_HELPMESSAGE} endef export HELPMESSAGE diff --git a/fstar-helpers/fstar-bitvec/Makefile b/fstar-helpers/fstar-bitvec/Makefile index 9cbf41f87..b4ce70a38 100644 --- a/fstar-helpers/fstar-bitvec/Makefile +++ b/fstar-helpers/fstar-bitvec/Makefile @@ -1,32 +1 @@ -ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ - Libcrux_ml_kem.Ind_cca.fst \ - Libcrux_ml_kem.Ind_cpa.fst \ - Libcrux_ml_kem.Ind_cpa.fsti \ - Libcrux_ml_kem.Invert_ntt.fst \ - Libcrux_ml_kem.Matrix.fst \ - Libcrux_ml_kem.Ntt.fst \ - Libcrux_ml_kem.Polynomial.fst \ - Libcrux_ml_kem.Sampling.fst \ - Libcrux_ml_kem.Serialize.fst \ - Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ - Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Avx2.Compress.fst \ - Libcrux_ml_kem.Vector.Avx2.fst \ - Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ - Libcrux_ml_kem.Vector.Avx2.Portable.fst \ - Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ - Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ - Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Neon.Compress.fst \ - Libcrux_ml_kem.Vector.Neon.fst \ - Libcrux_ml_kem.Vector.Neon.Ntt.fst \ - Libcrux_ml_kem.Vector.Neon.Serialize.fst \ - Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ - Libcrux_ml_kem.Vector.Portable.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Portable.Compress.fst \ - Libcrux_ml_kem.Vector.Portable.Ntt.fst \ - Libcrux_ml_kem.Vector.Portable.Sampling.fst \ - Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ - Libcrux_ml_kem.Vector.Traits.fst - include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 9cbf41f87..286a23206 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,4 +1,6 @@ -ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ +SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst + +ADMIT_MODULES += Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Ind_cca.fst \ Libcrux_ml_kem.Ind_cpa.fst \ Libcrux_ml_kem.Ind_cpa.fsti \ From 65df9ca4cc33dfcf5ce00113d32d62925b4f5710 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 08:41:56 +0000 Subject: [PATCH 20/29] Add pre/post-conditions for portable serialize/deserialize --- .../Libcrux_ml_kem.Vector.Portable.fsti | 68 +++++++++++------ .../Libcrux_ml_kem.Vector.Traits.fsti | 74 ++++++++++++++----- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 27 ++++++- .../proofs/fstar/spec/Spec.Utils.fst | 2 +- libcrux-ml-kem/src/vector/portable.rs | 34 +++++++++ libcrux-ml-kem/src/vector/traits.rs | 30 +++++--- 6 files changed, 179 insertions(+), 56 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 312bea76b..ccc333409 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -441,46 +441,58 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Ntt.ntt_multiply lhs rhs zeta0 zeta1 zeta2 zeta3); f_serialize_1_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Spec.MLKEM.serialize_pre 1 (impl.f_repr a)); f_serialize_1_post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: t_Array u8 (sz 2)) -> - true); + Spec.MLKEM.serialize_pre 1 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 1 (impl.f_repr a) out); f_serialize_1_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a); - f_deserialize_1_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_1_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 2); f_deserialize_1_post = - (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out)); f_deserialize_1_ = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a); + (fun (a: t_Slice u8) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a); f_serialize_4_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Spec.MLKEM.serialize_pre 4 (impl.f_repr a)); f_serialize_4_post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: t_Array u8 (sz 8)) -> - true); + Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 4 (impl.f_repr a) out); f_serialize_4_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a); - f_deserialize_4_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_4_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 8); f_deserialize_4_post = - (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out)); f_deserialize_4_ = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a); + (fun (a: t_Slice u8) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a); f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -495,7 +507,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a); - f_deserialize_5_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_5_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 10); f_deserialize_5_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -504,25 +516,31 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_5_ a); f_serialize_10_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Spec.MLKEM.serialize_pre 10 (impl.f_repr a)); f_serialize_10_post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: t_Array u8 (sz 20)) -> - true); + Spec.MLKEM.serialize_pre 10 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 10 (impl.f_repr a) out); f_serialize_10_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_ a); - f_deserialize_10_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_10_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 20); f_deserialize_10_post = - (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out)); f_deserialize_10_ = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a); + (fun (a: t_Slice u8) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a); f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -537,7 +555,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Libcrux_ml_kem.Vector.Portable.Serialize.serialize_11_ a); - f_deserialize_11_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_11_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 22); f_deserialize_11_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -546,25 +564,31 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_11_ a); f_serialize_12_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Spec.MLKEM.serialize_pre 12 (impl.f_repr a)); f_serialize_12_post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: t_Array u8 (sz 24)) -> - true); + Spec.MLKEM.serialize_pre 12 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 12 (impl.f_repr a) out); f_serialize_12_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_ a); - f_deserialize_12_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_12_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 24); f_deserialize_12_post = - (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out)); f_deserialize_12_ = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a); + (fun (a: t_Slice u8) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a); f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> true); f_rej_sample_post = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 3b7aa112e..657dd56d5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -176,64 +176,98 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); - f_serialize_1_pre:a: v_Self -> pred: Type0{true ==> pred}; - f_serialize_1_post:v_Self -> t_Array u8 (sz 2) -> Type0; + f_serialize_1_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 1 (f_repr a) ==> pred}; + f_serialize_1_post:a: v_Self -> result: t_Array u8 (sz 2) + -> pred: + Type0 + { pred ==> + Spec.MLKEM.serialize_pre 1 (f_repr a) ==> Spec.MLKEM.serialize_post 1 (f_repr a) result }; f_serialize_1_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 2)) (f_serialize_1_pre x0) (fun result -> f_serialize_1_post x0 result); - f_deserialize_1_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; - f_deserialize_1_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_1_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 2 ==> pred}; + f_deserialize_1_post:a: t_Slice u8 -> result: v_Self + -> pred: + Type0{pred ==> sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (f_repr result)}; f_deserialize_1_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); - f_serialize_4_pre:a: v_Self -> pred: Type0{true ==> pred}; - f_serialize_4_post:v_Self -> t_Array u8 (sz 8) -> Type0; + f_serialize_4_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 4 (f_repr a) ==> pred}; + f_serialize_4_post:a: v_Self -> result: t_Array u8 (sz 8) + -> pred: + Type0 + { pred ==> + Spec.MLKEM.serialize_pre 4 (f_repr a) ==> Spec.MLKEM.serialize_post 4 (f_repr a) result }; f_serialize_4_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 8)) (f_serialize_4_pre x0) (fun result -> f_serialize_4_post x0 result); - f_deserialize_4_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; - f_deserialize_4_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_4_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 8 ==> pred}; + f_deserialize_4_post:a: t_Slice u8 -> result: v_Self + -> pred: + Type0{pred ==> sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (f_repr result)}; f_deserialize_4_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); - f_serialize_5_pre:a: v_Self -> pred: Type0{true ==> pred}; + f_serialize_5_pre:v_Self -> Type0; f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> Type0; f_serialize_5_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 10)) (f_serialize_5_pre x0) (fun result -> f_serialize_5_post x0 result); - f_deserialize_5_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; + f_deserialize_5_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 10 ==> pred}; f_deserialize_5_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_5_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); - f_serialize_10_pre:a: v_Self -> pred: Type0{true ==> pred}; - f_serialize_10_post:v_Self -> t_Array u8 (sz 20) -> Type0; + f_serialize_10_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 10 (f_repr a) ==> pred}; + f_serialize_10_post:a: v_Self -> result: t_Array u8 (sz 20) + -> pred: + Type0 + { pred ==> + Spec.MLKEM.serialize_pre 10 (f_repr a) ==> Spec.MLKEM.serialize_post 10 (f_repr a) result + }; f_serialize_10_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 20)) (f_serialize_10_pre x0) (fun result -> f_serialize_10_post x0 result); - f_deserialize_10_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; - f_deserialize_10_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_10_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 20 ==> pred}; + f_deserialize_10_post:a: t_Slice u8 -> result: v_Self + -> pred: + Type0 + {pred ==> sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (f_repr result)}; f_deserialize_10_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); - f_serialize_11_pre:a: v_Self -> pred: Type0{true ==> pred}; + f_serialize_11_pre:v_Self -> Type0; f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> Type0; f_serialize_11_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 22)) (f_serialize_11_pre x0) (fun result -> f_serialize_11_post x0 result); - f_deserialize_11_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; + f_deserialize_11_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 22 ==> pred}; f_deserialize_11_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_11_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); - f_serialize_12_pre:a: v_Self -> pred: Type0{true ==> pred}; - f_serialize_12_post:v_Self -> t_Array u8 (sz 24) -> Type0; + f_serialize_12_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 12 (f_repr a) ==> pred}; + f_serialize_12_post:a: v_Self -> result: t_Array u8 (sz 24) + -> pred: + Type0 + { pred ==> + Spec.MLKEM.serialize_pre 12 (f_repr a) ==> Spec.MLKEM.serialize_post 12 (f_repr a) result + }; f_serialize_12_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 24)) (f_serialize_12_pre x0) (fun result -> f_serialize_12_post x0 result); - f_deserialize_12_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; - f_deserialize_12_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_12_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 24 ==> pred}; + f_deserialize_12_post:a: t_Slice u8 -> result: v_Self + -> pred: + Type0 + {pred ==> sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (f_repr result)}; f_deserialize_12_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0{true ==> pred}; diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index a1b9d71ac..083681ebf 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -257,4 +257,29 @@ let compress_then_byte_encode (d: dT {d <> 12}) (coefficients: polynomial): t_Ar let byte_decode_then_decompress (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial = map_array (decompress_d d) (byte_decode d b) - + +(**** Definitions to move or to rework *) +let serialize_pre + (d1: dT) + (coefficients: t_Array i16 (sz 16)) + = forall i. i < 16 ==> bounded (Seq.index coefficients i) d1 + +// TODO: this is an alternative version of byte_encode +// rename to encoded bytes +#push-options "--z3rlimit 80 --split_queries always" +let serialize_post + (d1: dT) + (coefficients: t_Array i16 (sz 16) { serialize_pre d1 coefficients }) + (output: t_Array u8 (sz (d1 * 2))) + = BitVecEq.int_t_array_bitwise_eq coefficients d1 + output 8 + +// TODO: this is an alternative version of byte_decode +// rename to decoded bytes +let deserialize_post + (d1: dT) + (bytes: t_Array u8 (sz (d1 * 2))) + (output: t_Array i16 (sz 16)) + = BitVecEq.int_t_array_bitwise_eq bytes 8 + output d1 +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 671f5d46e..586195aed 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -22,7 +22,7 @@ let map2 #a #b #c (#len:usize{v len < pow2 32}) let repeati #acc (l:usize) (f:(i:usize{v i < v l}) -> acc -> acc) acc0 : acc = Lib.LoopCombinators.repeati (v l) (fun i acc -> f (sz i) acc) acc0 -#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" +#push-options "--z3rlimit 500" let flatten #t #n (#m: usize {range (v n * v m) usize_inttype}) (x: t_Array (t_Array t m) n) diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index cf05ab802..59315d962 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -131,19 +131,35 @@ impl Operations for PortableVector { ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3) } + #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))] fn serialize_1(a: Self) -> [u8; 2] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a"); serialize_1(a) } + #[requires(a.len() == 2)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))] fn deserialize_1(a: &[u8]) -> Self { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a"); deserialize_1(a) } + #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))] fn serialize_4(a: Self) -> [u8; 8] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a"); serialize_4(a) } + #[requires(a.len() == 8)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))] fn deserialize_4(a: &[u8]) -> Self { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a"); deserialize_4(a) } @@ -151,15 +167,24 @@ impl Operations for PortableVector { serialize_5(a) } + #[requires(a.len() == 10)] fn deserialize_5(a: &[u8]) -> Self { deserialize_5(a) } + #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))] fn serialize_10(a: Self) -> [u8; 20] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a"); serialize_10(a) } + #[requires(a.len() == 20)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))] fn deserialize_10(a: &[u8]) -> Self { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a"); deserialize_10(a) } @@ -167,15 +192,24 @@ impl Operations for PortableVector { serialize_11(a) } + #[requires(a.len() == 22)] fn deserialize_11(a: &[u8]) -> Self { deserialize_11(a) } + #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))] fn serialize_12(a: Self) -> [u8; 24] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a"); serialize_12(a) } + #[requires(a.len() == 24)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))] fn deserialize_12(a: &[u8]) -> Self { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a"); deserialize_12(a) } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 56ff9cf27..0b0c28899 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -92,34 +92,40 @@ pub trait Operations: Copy + Clone + Repr { -> Self; // Serialization and deserialization - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a) ==> Spec.MLKEM.serialize_post 1 (f_repr $a) $result"))] fn serialize_1(a: Self) -> [u8; 2]; - #[requires(true)] + #[requires(a.len() == 2)] + #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (f_repr $result)"))] fn deserialize_1(a: &[u8]) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a) ==> Spec.MLKEM.serialize_post 4 (f_repr $a) $result"))] fn serialize_4(a: Self) -> [u8; 8]; - #[requires(true)] + #[requires(a.len() == 8)] + #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (f_repr $result)"))] fn deserialize_4(a: &[u8]) -> Self; - #[requires(true)] fn serialize_5(a: Self) -> [u8; 10]; - #[requires(true)] + #[requires(a.len() == 10)] fn deserialize_5(a: &[u8]) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a) ==> Spec.MLKEM.serialize_post 10 (f_repr $a) $result"))] fn serialize_10(a: Self) -> [u8; 20]; - #[requires(true)] + #[requires(a.len() == 20)] + #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (f_repr $result)"))] fn deserialize_10(a: &[u8]) -> Self; - #[requires(true)] fn serialize_11(a: Self) -> [u8; 22]; - #[requires(true)] + #[requires(a.len() == 22)] fn deserialize_11(a: &[u8]) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a) ==> Spec.MLKEM.serialize_post 12 (f_repr $a) $result"))] fn serialize_12(a: Self) -> [u8; 24]; - #[requires(true)] + #[requires(a.len() == 24)] + #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (f_repr $result)"))] fn deserialize_12(a: &[u8]) -> Self; #[requires(true)] From b7b237fb9caa82f39a38c8ef86c72edd985f69d5 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 10:47:06 +0000 Subject: [PATCH 21/29] Update vector/avx2.rs --- .../Libcrux_ml_kem.Vector.Avx2.fsti | 92 +++++++++++++++---- libcrux-ml-kem/src/vector/avx2.rs | 34 +++++++ 2 files changed, 108 insertions(+), 18 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 08c285c87..35de3d65c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -366,31 +366,57 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_serialize_1_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_1_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) -> true); + f_serialize_1_pre + = + (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector)); + f_serialize_1_post + = + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) -> + Spec.MLKEM.serialize_pre 1 (impl.f_repr vector) ==> + Spec.MLKEM.serialize_post 1 (impl.f_repr vector) out); f_serialize_1_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements); - f_deserialize_1_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_1_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_1_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2); + f_deserialize_1_post + = + (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> + sz (Seq.length bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 bytes (impl.f_repr out)); f_deserialize_1_ = (fun (bytes: t_Slice u8) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes } <: t_SIMD256Vector); - f_serialize_4_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_4_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) -> true); + f_serialize_4_pre + = + (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector)); + f_serialize_4_post + = + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) -> + Spec.MLKEM.serialize_pre 4 (impl.f_repr vector) ==> + Spec.MLKEM.serialize_post 4 (impl.f_repr vector) out); f_serialize_4_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_4_ vector.f_elements); - f_deserialize_4_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_4_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_4_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8); + f_deserialize_4_post + = + (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> + sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (impl.f_repr out)); f_deserialize_4_ = (fun (bytes: t_Slice u8) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_4_ bytes } <: t_SIMD256Vector); @@ -400,7 +426,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements); - f_deserialize_5_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_5_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 10); f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_5_ = @@ -408,17 +436,30 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_5_ bytes } <: t_SIMD256Vector); - f_serialize_10_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_10_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) -> true); + f_serialize_10_pre + = + (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector)); + f_serialize_10_post + = + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) -> + Spec.MLKEM.serialize_pre 10 (impl.f_repr vector) ==> + Spec.MLKEM.serialize_post 10 (impl.f_repr vector) out); f_serialize_10_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_10_ vector.f_elements); - f_deserialize_10_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_10_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_10_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20); + f_deserialize_10_post + = + (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> + sz (Seq.length bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 bytes (impl.f_repr out)); f_deserialize_10_ = (fun (bytes: t_Slice u8) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_10_ bytes } <: t_SIMD256Vector); @@ -428,7 +469,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_11_ vector.f_elements); - f_deserialize_11_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_11_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 22); f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_11_ = @@ -436,17 +479,30 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_11_ bytes } <: t_SIMD256Vector); - f_serialize_12_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_12_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) -> true); + f_serialize_12_pre + = + (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector)); + f_serialize_12_post + = + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) -> + Spec.MLKEM.serialize_pre 12 (impl.f_repr vector) ==> + Spec.MLKEM.serialize_post 12 (impl.f_repr vector) out); f_serialize_12_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_12_ vector.f_elements); - f_deserialize_12_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_12_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_12_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24); + f_deserialize_12_post + = + (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> + sz (Seq.length bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 bytes (impl.f_repr out)); f_deserialize_12_ = (fun (bytes: t_Slice u8) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes } <: t_SIMD256Vector); diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 9d2fb3c62..93cd2812b 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -200,21 +200,37 @@ impl Operations for SIMD256Vector { } } + #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $vector) $out"))] fn serialize_1(vector: Self) -> [u8; 2] { + hax_lib::fstar!("admit()"); serialize::serialize_1(vector.elements) } + #[requires(bytes.len() == 2)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (impl.f_repr $out)"))] fn deserialize_1(bytes: &[u8]) -> Self { + hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_1(bytes), } } + #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $vector) $out"))] fn serialize_4(vector: Self) -> [u8; 8] { + hax_lib::fstar!("admit()"); serialize::serialize_4(vector.elements) } + #[requires(bytes.len() == 8)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (impl.f_repr $out)"))] fn deserialize_4(bytes: &[u8]) -> Self { + hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_4(bytes), } @@ -224,17 +240,26 @@ impl Operations for SIMD256Vector { serialize::serialize_5(vector.elements) } + #[requires(bytes.len() == 10)] fn deserialize_5(bytes: &[u8]) -> Self { Self { elements: serialize::deserialize_5(bytes), } } + #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $vector) $out"))] fn serialize_10(vector: Self) -> [u8; 20] { + hax_lib::fstar!("admit()"); serialize::serialize_10(vector.elements) } + #[requires(bytes.len() == 20)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (impl.f_repr $out)"))] fn deserialize_10(bytes: &[u8]) -> Self { + hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_10(bytes), } @@ -244,17 +269,26 @@ impl Operations for SIMD256Vector { serialize::serialize_11(vector.elements) } + #[requires(bytes.len() == 22)] fn deserialize_11(bytes: &[u8]) -> Self { Self { elements: serialize::deserialize_11(bytes), } } + #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $vector) $out"))] fn serialize_12(vector: Self) -> [u8; 24] { + hax_lib::fstar!("admit()"); serialize::serialize_12(vector.elements) } + #[requires(bytes.len() == 24)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (impl.f_repr $out)"))] fn deserialize_12(bytes: &[u8]) -> Self { + hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_12(bytes), } From 481b7dc6bce618c2b7836e28b84a58954a47b124 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 14:30:07 +0000 Subject: [PATCH 22/29] Update MLKEM Makefile --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 286a23206..ffda0cd45 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -21,6 +21,7 @@ ADMIT_MODULES += Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ Libcrux_ml_kem.Vector.Neon.Compress.fst \ Libcrux_ml_kem.Vector.Neon.fst \ + Libcrux_ml_kem.Vector.Neon.fsti \ Libcrux_ml_kem.Vector.Neon.Ntt.fst \ Libcrux_ml_kem.Vector.Neon.Serialize.fst \ Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ From e945931259eeca1fcd7b4445189cdc02787b0a21 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 14:52:49 +0000 Subject: [PATCH 23/29] Update Cargo.lock --- Cargo.lock | 77 +++++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 38 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 71330f9eb..0da78d60b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.74", + "syn 2.0.77", "which", ] @@ -191,12 +191,13 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.10" +version = "1.1.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9e8aabfac534be767c909e0690571677d49f41bd8465ae876fe043d52ba5292" +checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" dependencies = [ "jobserver", "libc", + "shlex", ] [[package]] @@ -289,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.15" +version = "4.5.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11d8838454fda655dafd3accb2b6e2bea645b9e4078abe84a22ceb947235c5cc" +checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" dependencies = [ "clap_builder", "clap_derive", @@ -318,7 +319,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -482,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -718,7 +719,7 @@ dependencies = [ "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -741,9 +742,9 @@ checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" -version = "0.3.9" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" +checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" [[package]] name = "hex" @@ -798,9 +799,9 @@ dependencies = [ [[package]] name = "is-terminal" -version = "0.4.12" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" +checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b" dependencies = [ "hermit-abi", "libc", @@ -888,9 +889,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.155" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libcrux" @@ -1204,7 +1205,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -1366,12 +1367,12 @@ dependencies = [ [[package]] name = "prettyplease" -version = "0.2.20" +version = "0.2.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" +checksum = "479cf940fbbb3426c32c5d5176f62ad57549a0bb84773423ba8be9d089f5faba" dependencies = [ "proc-macro2", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -1440,9 +1441,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -1559,18 +1560,18 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustc_version" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" dependencies = [ "semver", ] [[package]] name = "rustix" -version = "0.38.34" +version = "0.38.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f" dependencies = [ "bitflags", "errno", @@ -1622,29 +1623,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.207" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" +checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.207" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" +checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] name = "serde_json" -version = "1.0.124" +version = "1.0.127" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" +checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" dependencies = [ "itoa", "memchr", @@ -1736,9 +1737,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.74" +version = "2.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fceb41e3d546d0bd83421d3409b1460cc7444cd389341a4c880fe7a042cb3d7" +checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" dependencies = [ "proc-macro2", "quote", @@ -1857,7 +1858,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", "wasm-bindgen-shared", ] @@ -1891,7 +1892,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1925,7 +1926,7 @@ checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -2083,7 +2084,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -2103,5 +2104,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] From 5bd655e976f5c41e7fc48c243fcb2ff9e71bde04 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 14:58:08 +0000 Subject: [PATCH 24/29] Remove unnecessary files --- .../proofs/fstar/extraction/Hello.fst | 390 --- .../Libcrux_ml_kem.Vector.Avx2.Portable.fst | 351 --- ...l_kem.Vector.Portable.Serialize.Edited.fst | 2334 ----------------- .../fstar/extraction/Tactic.RwLemmas.fst | 0 .../proofs/fstar/extraction/TacticTest.fst | 15 - .../fstar/spec/ML.KEM.Spec.fst.config.json | 25 - 6 files changed, 3115 deletions(-) delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Hello.fst delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst delete mode 100644 libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst b/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst deleted file mode 100644 index 5178c4c54..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst +++ /dev/null @@ -1,390 +0,0 @@ -module Hello - -open Core -open FStar.Mul -open FStar.Tactics.V2 - -// module _ = BitVecEq -// module _ = Rust_primitives.BitVectors - -// // val ( >>! ) #t #t': int_t -> int - -// #push-options "--admit_smt_queries true" -// val serialize_10_int (v: t_Slice i16) -// : Prims.Pure (u8 & u8 & u8 & u8 & u8) -// (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) -// (ensures fun _ -> True) -// let serialize_10_int (v: t_Slice i16) = -// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in -// let r1:u8 = -// ((cast ((v.[ sz 1 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s <: i16) <: u8) -// in -// let r2:u8 = -// ((cast ((v.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s <: i16) <: u8) -// in -// let r3:u8 = -// ((cast ((v.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s <: i16) <: u8) -// in -// let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in -// //let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in -// r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) -// #pop-options - -// let wrapped (v: t_Array i16 (sz 4)): t_Array u8 (sz 5) = -// MkSeq.create5 (serialize_10_int v) - -// let norm_seq #t (l: list t) i -// : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) -// = () - -// let split_forall_nat -// (#upper_bound: pos) -// (p: (i:nat{i <= upper_bound}) -> Type0) -// : Lemma (requires (if upper_bound = 0 then True else (forall (i:nat{i <= upper_bound - 1}). p i)) -// /\ p upper_bound -// ) -// (ensures forall (i:nat{i <= upper_bound}). p i) -// = () - -// let rw_simplify_v_mk_int t (x: int {Rust_primitives.Integers.range x t}) -// : Lemma (v (mk_int #t x) == x) -// = () - - -// let rw_simplify_v_mk_intu8 -// (x: int {Rust_primitives.Integers.range x u8_inttype}) -// (t: _ {t == u8_inttype}) -// : Lemma (UInt8.v (mk_int #t x) == x) -// = assert (UInt8.v (mk_int #t x) == v (mk_int #u8_inttype x)) - - -// let conv_mk_int_u8 x: Lemma (mk_int #u8_inttype x == UInt8.uint_to_t x) = admit () -// let rw_v_uint_to_t_u8 x: Lemma (UInt8.v (UInt8.uint_to_t x) == x) = () -// let rw_v_uint_to_t_u8' x: Lemma (UInt8.uint_to_t (UInt8.v x) == x) = () -// let rw_v_u8 x: Lemma (v #u8_inttype x == UInt8.v x) = () - -// let conv_mk_int_i16 x: Lemma (mk_int #i16_inttype x == Int16.int_to_t x) = admit () -// let rw_v_uint_to_t_i16 x: Lemma (Int16.v (Int16.int_to_t x) == x) = () -// let rw_v_uint_to_t_i16' x: Lemma (Int16.int_to_t (Int16.v x) == x) = () -// let rw_v_i16 x: Lemma (v #i16_inttype x == Int16.v x) = () - -// let conv_mk_int_i32 x: Lemma (mk_int #i32_inttype x == Int32.int_to_t x) = admit () -// let rw_v_uint_to_t_i32 x: Lemma (Int32.v (Int32.int_to_t x) == x) = () -// let rw_v_uint_to_t_i32' x: Lemma (Int32.int_to_t (Int32.v x) == x) = () -// let rw_v_i32 x: Lemma (v #i32_inttype x == Int32.v x) = () - -// let usize_v_mk_int x: Lemma (v #usize_inttype (mk_int #usize_inttype x) == x) = () - -// let rw_ints = [ -// `conv_mk_int_u8; -// `rw_v_uint_to_t_u8; -// `rw_v_uint_to_t_u8'; -// `rw_v_u8; -// `conv_mk_int_i16; -// `rw_v_uint_to_t_i16; -// `rw_v_uint_to_t_i16'; -// `rw_v_i16; -// `conv_mk_int_i32; -// `rw_v_uint_to_t_i32; -// `rw_v_uint_to_t_i32'; -// `rw_v_i32; -// `usize_v_mk_int; -// ] - -// let rw_v_mk_int t x: Lemma (v (mk_int #t x) == x) = () - -// // let lemma_gt_0 x: Lemma ( -// // (Int16.v (logand #Lib.IntTypes.S16 x 255s) @%. Lib.IntTypes.U8 >= 0) -// // == (Int16.v x >= 0) -// // ) = () - -// let rw = [ -// `norm_seq -// ; `rw_simplify_v_mk_int -// ; `conv_mk_int_u8; `rw_v_uint_to_t_u8; `rw_v_uint_to_t_u8' -// ; `conv_mk_int_i16; `rw_v_uint_to_t_i16; `rw_v_uint_to_t_i16' -// ; `rw_v_mk_int -// // ; `lemma_gt_0 -// ] - -// #push-options "--z3rlimit 60" -// let rw_bit_or (b1 b2: bit) result: -// Lemma -// (requires ( -// (b1 = 0 ==> b2 = 0 ==> result = 0) -// /\ (b1 = 0 ==> b2 = 1 ==> result = 1) -// /\ (b1 = 1 ==> b2 = 0 ==> result = 1) -// /\ (b1 = 1 ==> b2 = 1 ==> result = 0) -// )) -// (ensures (bit_or b1 b2 == result)) -// = () - -// type nn = { -// x_bits: nat; -// y_bits: int; -// x_shift: nat; -// } - -// #push-options "--z3rlimit 260" -// let numbers -// t (u: inttype {bits t > bits u}) -// (d1: num_bits t) (d2: num_bits u) -// (arr2_term_idx: nat) = -// // let t (arr2_term_idx: nat {arr2_term_idx > 0 /\ arr2_term_idx < 4}) = -// let first_bit = arr2_term_idx * d2 in -// let arr1_idx = first_bit / d1 in -// let x_shift = first_bit % d1 in -// // How many bits are left from `x` in the result? -// let x_bits: nat = d1 - x_shift in -// // How many bits are left from `y` in the result? -// let y_bits: int = d2 - x_bits in -// // let x_mask = pow2 x_bits - 1 in -// // let y_mask = pow2 y_bits - 1 in -// {x_bits; y_bits; x_shift; } -// #pop-options - -// let config = numbers i16_inttype u8_inttype 10 8 2 - -// #push-options "--z3rlimit 260" -// // #push-options "--z3rlimit 260 --admit_smt_queries true" -// let compute_term -// t (u: inttype {bits t > bits u}) -// (d1: num_bits t) (d2: num_bits u) -// (n1: nat) (n2: nat {n2 * d2 == n1 * d1}) -// (arr1: Seq.seq (int_t t) {Seq.length arr1 == n1}) -// (arr2: Seq.seq (int_t u) {Seq.length arr2 == n2}) -// (arr2_term_idx: nat {arr2_term_idx < n2}): int_t u = -// // let t (arr2_term_idx: nat {arr2_term_idx > 0 /\ arr2_term_idx < 4}) = -// let first_bit = arr2_term_idx * d2 in -// let arr1_idx = first_bit / d1 in -// let x = Seq.index arr1 arr1_idx in -// let x_shift = first_bit % d1 in -// // How many bits are left from `x` in the result? -// let x_bits = d1 - x_shift in -// // How many bits are left from `y` in the result? -// let y_bits = d2 - x_bits in -// Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) x_bits; -// let x_mask = pow2 x_bits - 1 in -// let x': int_t u = cast ((x >>! mk_int #i32_inttype x_shift) &. mk_int #t x_mask) in -// if arr1_idx + 1 < n1 && y_bits > 0 -// then ( -// Math.Lemmas.pow2_le_compat (bits u - (if unsigned u then 0 else 1)) y_bits; -// let y_mask = pow2 y_bits - 1 in -// let y = Seq.index arr1 (arr1_idx + 1) in -// let y': int_t u = cast (y &. mk_int #t y_mask) in -// let y_shift = x_bits in -// let y': int_t u = y' < bits u}) -// (d1: num_bits t) (d2: num_bits u) -// (n1: nat) (n2: nat {n2 * d2 == n1 * d1}) -// (arr1: Seq.seq (int_t t) {Seq.length arr1 == n1}) -// (arr2: Seq.seq (int_t u) {Seq.length arr2 == n2}) -// (arr2_term_idx: nat {arr2_term_idx < n2}) -// (i: nat { i < d2 }) -// : Lemma ( -// let first_bit = arr2_term_idx * d2 in -// let x_bits = d1 - first_bit % d1 in -// let arr1_idx = first_bit / d1 in -// get_bit (compute_term t u d1 d2 n1 n2 arr1 arr2 arr2_term_idx) (sz i) -// == ( if i < x_bits -// // ICI C'EST PAS OKAY -// then get_bit (Seq.index arr1 arr1_idx ) (sz i) -// else get_bit (Seq.index arr1 (arr1_idx + 1)) (sz (i - x_bits)) -// ) -// // let j = i - -// // bv1 i == get_bit (compute_term t u d1 d2 n1 n2 arr1 arr2 arr2_term_idx) j -// ) = admit () -// #pop-options - -// let norm_pow2 (): Tac unit = -// pointwise (fun () -> -// begin match FStar.Tactics.V2.Logic.cur_formula () with -// | Comp _eq lhs _rhs -> -// let (head, args) = collect_app lhs in -// ( match (inspect head, args) with -// | (Tv_FVar fv, [_]) -> -// if implode_qn (inspect_fv fv) = `%pow2 -// then norm [iota; zeta_full; reify_; delta; primops; unmeta] -// else () -// | _ -> ()) -// | _ -> () -// end; -// trefl ()) - -// let unfold_index (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) -// : Lemma ( FStar.List.Tot.index #a l i -// == (let hd::tl = l in -// if i = 0 then hd else List.Tot.index tl (i - 1))) -// = () - -// exception StopNormIndex - -// let norm_index (): Tac unit = -// let _ = repeat (fun _ -> -// lset "found" false; -// pointwise (fun _ -> -// (fun () -> -// apply_lemma_rw (`unfold_index); -// lset "found" true -// ) `or_else` trefl); -// if lget "found" then () else raise StopNormIndex) in () - -// // #push-options "--fuel 0 --ifuel 0 --z3rlimit 60" -// // let xx (x0 x1: i16) = -// // get_bit_pow2_minus_one_i16 63 (sz 3); -// // assert (get_bit (mk_int #i16_inttype 63) (sz 3) == 1) - -// // // get_bit_pow2_minus_one_i16 63 (sz 3); -// // assert ( -// // get_bit x1 (mk_int #usize_inttype 3) -// // == -// // // get_bit ((cast (x1 &. mk_int #i16_inttype 63) <: u8) <>! mk_int #i16_inttype 8 &. mk_int #i16_inttype 3) <: u8) (mk_int 5)) -// // ) - -// // let shift_right_simplify_0 t (x: int_t t): Lemma (shift_right x 0l == x) -// // = () - -// #push-options "--compat_pre_core 0" -// #push-options "--z3rlimit 60" -// let lemma (arr1: t_Array i16 (sz 4)) = -// let arr2 = wrapped arr1 in -// let d1 = 10 in -// let d2 = 8 in -// let bv1 = bit_vec_of_int_t_array arr1 d1 in -// let bv2 = bit_vec_of_int_t_array arr2 d2 in -// let mk = compute_term -// i16_inttype u8_inttype -// 10 8 -// 4 5 -// arr1 arr2 -// in -// let mk_lemma = lemma_compute_term -// i16_inttype u8_inttype -// 10 8 -// 4 5 -// arr1 arr2 -// in -// let i = 13 in -// assert (forall (i: nat {i <= 19}). bv1 i == bv2 i) by ( -// let rec round (i: nat): Tac _ = -// apply_lemma (`split_forall_nat); -// norm [iota; reify_; primops; unmeta; delta_only [`%op_Subtraction]]; -// let deep_norm () = -// norm [iota; zeta; reify_; delta; primops; unmeta]; -// norm_index (); -// l_to_r (rw_ints `List.Tot.append` [`norm_index; `norm_seq]) -// in -// split (); -// flip (); -// focus (fun () -> -// dump "x"; -// let t = quote (get_bit (mk (i / d2)) (sz (i % d2))) in -// // let bv2_eq_t = tcut (`((`@bv2) (`@i) == (`#t))) in -// grewrite (quote (bv2 i)) t; -// dump "after grewrite 1"; -// flip (); -// focus (fun _ -> -// let _ = repeatn 3 deep_norm in -// trefl `or_else` (fun () -> -// dump "Not refl after norm, SMT?"; -// smt_sync (); -// dump "SMT ok" -// ) -// ); -// // let bv1_eq_t = tcut (`((`@bv1) (`@i) == (`#t))) in -// grewrite (quote (bv1 i)) t; -// dump "after grewrite 2"; -// flip (); -// focus (fun () -> -// dump "dunm"; -// l_to_r [quote mk_lemma]; -// compute (); -// trefl `or_else` (fun () -> -// dump "Not refl, SMT?"; -// smt_sync (); -// dump "SMT ok" -// ) -// ); -// dump "Just before the end of the round"; -// deep_norm (); -// dump "Just before the end of the round (+norm)"; -// trefl () -// ); -// dump ("finished round" ^ string_of_int i); -// if i = 0 -// then () -// else round (i - 1) -// in -// let _ = round 19 in -// () -// ); -// // assert (bv2 i == get_bit (mk (i / d2)) (sz (i % d2))) by ( -// // ); -// // assert ( -// // bv2 8 == get_bit t (sz 0) -// // ) by ( -// // compute (); -// // l_to_r [`norm_seq]; -// // ); -// admit(); -// () - -// let _ = -// assume (Int16.v (Seq.Base.index arr1 (i / d1)) >= 0); -// assume (Int16.v (Seq.Base.index arr1 (i / d2)) >= 0); -// // assert (bv2 13 == ); -// assert ( -// bv2 13 -// == bv1 13 -// // == get_bit (Seq.index bv1 0) (sz 0) -// // == get_bit (Seq.index arr2 0) (sz 0) -// //get_bit (Seq.index arr2 0) (sz 0) -// ) by ( - -// compute (); -// l_to_r rw; -// compute (); -// l_to_r rw; -// norm [iota; simplify; zeta_full; reify_; delta; primops; unmeta]; -// l_to_r rw; -// l_to_r [`Math.Lemmas.modulo_distributivity]; -// l_to_r [`get_bit_or; `get_bit_and]; -// // l_to_r [`rw_bit_or]; -// apply_lemma (`rw_bit_or); -// l_to_r rw; -// fail "x"; -// let _ = repeat split in -// iterAll (fun _ -> -// l_to_r rw; -// norm [iota; simplify; zeta_full; reify_; delta; primops; simplify; unmeta]; -// () -// ); -// fail "x"; -// iterAll ( -// fun _ -> -// dump "SMT for:"; -// smt_sync () -// ) -// // let _ = iterAll (fun _ -> let _ = l_intros () in ()) in -// // fail "x" -// // tadmit () -// ) - - - diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst deleted file mode 100644 index acdcf619b..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst +++ /dev/null @@ -1,351 +0,0 @@ -module Libcrux_ml_kem.Vector.Avx2.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let deserialize_11_int (bytes: t_Slice u8) = - let r0:i16 = - (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) - in - let r2:i16 = - ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) - in - let r3:i16 = - (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) - in - let r4:i16 = - (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) - in - let r5:i16 = - ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) - in - let r6:i16 = - (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) - in - let r7:i16 = - ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) - in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let serialize_11_int (v: t_Slice i16) = - let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in - let r1:u8 = - ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) - in - let r2:u8 = - ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) - in - let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in - let r4:u8 = - ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) - in - let r5:u8 = - ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) - in - let r6:u8 = - ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) - in - let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in - let r8:u8 = - ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) - in - let r9:u8 = - ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) - in - let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - -let from_i16_array (array: t_Array i16 (sz 16)) = { f_elements = array } <: t_PortableVector - -let serialize_11_ (v: t_PortableVector) = - let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 0) r0_10_._1 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 1) r0_10_._2 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 2) r0_10_._3 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 3) r0_10_._4 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 4) r0_10_._5 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 5) r0_10_._6 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 6) r0_10_._7 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 7) r0_10_._8 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 8) r0_10_._9 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 9) r0_10_._10 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 10) r0_10_._11 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 11) r11_21_._1 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 12) r11_21_._2 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 13) r11_21_._3 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 14) r11_21_._4 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 15) r11_21_._5 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 16) r11_21_._6 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 17) r11_21_._7 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 18) r11_21_._8 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 19) r11_21_._9 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 20) r11_21_._10 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 21) r11_21_._11 - in - result - -let to_i16_array (v: t_PortableVector) = v.f_elements - -let zero (_: Prims.unit) = - { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector - -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v:t_PortableVector = zero () in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 0) v0_7_._1 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 1) v0_7_._2 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 2) v0_7_._3 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 3) v0_7_._4 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 4) v0_7_._5 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 5) v0_7_._6 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 6) v0_7_._7 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 7) v0_7_._8 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 8) v8_15_._1 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 9) v8_15_._2 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 10) v8_15_._3 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 11) v8_15_._4 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 12) v8_15_._5 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 13) v8_15_._6 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 14) v8_15_._7 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 15) v8_15_._8 - } - <: - t_PortableVector - in - v diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst deleted file mode 100644 index 785f57dd7..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst +++ /dev/null @@ -1,2334 +0,0 @@ -module Libcrux_ml_kem.Vector.Portable.Serialize.Edited -// #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -// open Core -// open FStar.Mul - -// #push-options "--admit_smt_queries true" - -// let deserialize_10_int (bytes: t_Slice u8) = -// let r0:i16 = -// (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) -// in -// let r2:i16 = -// (((cast (bytes.[ sz 3 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) -// in -// let r3:i16 = -// ((cast (bytes.[ sz 4 ] <: u8) <: i16) <>! 6l <: i16) -// in -// let r4:i16 = -// (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) -// in -// let r6:i16 = -// (((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) -// in -// let r7:i16 = -// ((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) -// in -// r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_11_int (bytes: t_Slice u8) = -// let r0:i16 = -// (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) -// in -// let r2:i16 = -// ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) -// in -// let r3:i16 = -// (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) -// in -// let r4:i16 = -// (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) -// in -// let r5:i16 = -// ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) -// in -// let r6:i16 = -// (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) -// in -// let r7:i16 = -// ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) -// in -// r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_12_int (bytes: t_Slice u8) = -// let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in -// let byte1:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in -// let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in -// let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in -// r0, r1 <: (i16 & i16) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_4_int (bytes: t_Slice u8) = -// let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in -// let v1:i16 = cast (((bytes.[ sz 0 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in -// let v2:i16 = cast ((bytes.[ sz 1 ] <: u8) &. 15uy <: u8) <: i16 in -// let v3:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in -// let v4:i16 = cast ((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <: i16 in -// let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in -// let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in -// let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in -// v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_5_int (bytes: t_Slice u8) = -// let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in -// let v1:i16 = -// cast ((((bytes.[ sz 1 ] <: u8) &. 3uy <: u8) <>! 5l <: u8) -// <: -// u8) -// <: -// i16 -// in -// let v2:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 2l <: u8) &. 31uy <: u8) <: i16 in -// let v3:i16 = -// cast ((((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <>! 7l <: u8) -// <: -// u8) -// <: -// i16 -// in -// let v4:i16 = -// cast ((((bytes.[ sz 3 ] <: u8) &. 1uy <: u8) <>! 4l <: u8) -// <: -// u8) -// <: -// i16 -// in -// let v5:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 1l <: u8) &. 31uy <: u8) <: i16 in -// let v6:i16 = -// cast ((((bytes.[ sz 4 ] <: u8) &. 7uy <: u8) <>! 6l <: u8) -// <: -// u8) -// <: -// i16 -// in -// let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in -// v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -// #pop-options - -// #push-options "--z3rlimit 480 --split_queries always" - -// let serialize_10_int (v: t_Slice i16) = -// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in -// let r1:u8 = -// ((cast ((v.[ sz 1 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s <: i16) <: u8) -// in -// let r2:u8 = -// ((cast ((v.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s <: i16) <: u8) -// in -// let r3:u8 = -// ((cast ((v.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s <: i16) <: u8) -// in -// let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in -// let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in -// r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) - -// #pop-options - -// // #push-options "--ifuel 1 --z3rlimit 1600 " - -// unfold let (.[]) (x: t_Slice i16) (i: usize {v i < Seq.length x}): i16 = Seq.index x (v i) - -// // val serialize_11_int' (v: t_Slice i16) -// // : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -// // (requires Seq.length v == 8 -// // /\ Rust_primitives.bounded (v.[sz 0] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 1] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 2] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 3] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 4] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 5] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 6] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 7] <: i16) 11 -// // ) -// // (ensures -// // fun tuple -> -// // let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in -// // BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 8)) 11 (MkSeq.create11 tuple) 8) - -// #push-options "--ifuel 1 --z3rlimit 600 --split_queries always" - -// val compress_coefficients_11_ -// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: -// int_t_d i16_inttype 11) -// : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -// (requires True) -// (ensures fun tuple -> -// True -// // BitVecEq.int_t_array_bitwise_eq' -// // (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 -// // (MkSeq.create11 tuple) 8 -// ) - -// #pop-options - -// // #push-options "--z3rlimit 90" -// // let rightmost_bits #t u -// // (coef: int_t t) (n_bits: nat {n_bits <= bits t - (if unsigned t then 0 else 1)}) -// // (shift: nat {shift > 0 /\ shift < bits u}) -// // : result: int_t u {forall i. get_bit result i == } -// // = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n_bits; -// // (cast (coef &. mk_int (pow2 n_bits - 1)) <: int_t u) -// // <= bits u}) -// // (coef: int_t t) -// // (n_bits: nat {n_bits <= bits t - (if unsigned t then 0 else 1)}) -// // (shift: nat {shift > 0 /\ shift < (bits u - n_bits)}) -// // // : result: int_t u -// // // {forall (i: nat). i < n_bits ==> get_bit result (sz i) == get_bit coef (sz (i - shift)) } -// // // : result: int_t u {forall i. (i >= shift /\ i < shift + n_bits) -// // // ==> get_bit result (sz i) == get_bit coef (sz (i - shift)) -// // // } -// // = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n_bits; -// // let x = (cast (coef &. mk_int (pow2 n_bits - 1)) <: int_t u) in -// // let y: int_t u = mk_int shift in -// // let result = x < 0 -// // // // ==> -// // // // (get_bit result (sz 0) == get_bit x (sz shift)) -// // // // ); -// // // // admit (); -// // result - -// // let leftmost_bits #t u (coef: int_t t) (shift: nat {shift > 0 /\ shift < bits t}) -// // = (cast (coef >>! (mk_int shift <: int_t t)) <: int_t u) - -// let is_num_bits t (d:nat) = d > 0 /\ d <= bits t /\ (signed t ==> d < bits t) - -// #push-options "--fuel 0 --ifuel 0 --z3rlimit 900" -// [@@"opaque_to_smt"] -// let mix_two_ints t (u:inttype {bits t > bits u}) -// (d1: num_bits t) (d2: num_bits u) -// (x1: int_t t) (x2: int_t t) -// (offset1: pos { offset1 < d1 /\ offset1 > d1 - d2}) -// : r: int_t u { -// forall i. i < d2 -// ==> get_bit r (sz i) -// = ( if i >= d1 - offset1 (* offset2 *) -// then -// // get_bit r (sz i) -// get_bit x2 (sz (i - (d1 - offset1))) -// else -// // get_bit r (sz i) -// get_bit x1 (sz (offset1 + i)) -// ) -// } -// = -// let offset2 = d1 - offset1 in -// Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) (d2 - offset2); -// let power = d2 - offset2 in -// FStar.Classical.forall_intro (get_bit_pow2_minus_one #t power); -// let mask: int_t t = mk_int (pow2 power - 1) in -// admit (); -// ((cast (x2 &. mask <: int_t t) <: int_t u) <>! mk_int #t offset1 <: int_t t) <: int_t u) -// // let a = cast (x1 >>! mk_int #t offset1 <: int_t t) <: int_t u in -// // let b' = cast (x2 &. mask <: int_t t) <: int_t u in -// // let b = b' <= offset2 /\ i < d2}). get_bit b (sz i) == get_bit x2 (sz (i - offset2)) -// // with ( -// // get_bit_pow2_minus_one #t power (sz (i - offset2)); -// // get_bit_and x2 mask (sz i) -// // ); -// // let proof (i: nat {i >= offset2 /\ i < d2}) = -// // // assert (get_bit b (sz i) == get_bit b' (sz (i - offset2))); -// // get_bit_pow2_minus_one #t power (sz (i - offset2)); -// // // assert (get_bit mask (sz (i - offset2)) == 1); -// // get_bit_and x2 mask (sz i); -// // // assert (get_bit b' (sz (i - offset2)) == get_bit x2 (sz (i - offset2))); -// // assert (get_bit b (sz i) == get_bit x2 (sz (i - offset2))); -// // () -// // in -// // // assert (forall (i: nat {i < offset2}). get_bit b (sz i) == 0); -// // // let proof (i: nat {i < offset2}) = - -// // // calc (==) { -// // // get_bit r (sz i); -// // // == { -// // // assert (get_bit b (sz i) == 0); -// // // get_bit_or a b (sz i) -// // // } get_bit a (sz i); -// // // // == { -// // // // get_bit_shr x1 (mk_int #t offset1) (sz i) -// // // // } get_bit x1 (sz (offset1 + i)); -// // // }; -// // // // assert (get_bit b (sz i) == 0); -// // // // assert (get_bit (b |. a) (sz i) == get_bit a (sz i)); -// // // // assert (get_bit a (sz i) == get_bit x1 (sz (offset1 + i))); -// // // // assert (get_bit (b |. a) (sz i) == get_bit x1 (sz (offset1 + i))); -// // // () -// // // // assert (get_bit r (a |. b) == get_bit a (sz i)); -// // // in -// // r -// #pop-options - -// let mask_inv_opt_in_range #t (mask: int_t t {Some? (mask_inv_opt (v mask))}) -// : Lemma (Rust_primitives.Integers.range (Some?.v (mask_inv_opt (v mask))) t) -// [SMTPat (Rust_primitives.Integers.range (Some?.v (mask_inv_opt (v mask))) t)] -// = let n = (Some?.v (mask_inv_opt (v mask))) in -// assert (pow2 n - 1 == v mask) - -// #push-options "--z3rlimit 90 --split_queries always" -// let rw_mix_two_ints -// t u -// (x1: int_t t) (x2: int_t t) -// (mask: int_t t {Some? (mask_inv_opt (v mask))}) -// (shl: int_t t {v shl > 0 /\ v shl < bits u}) -// (shr: int_t t {v shr > 0 /\ v shr < bits t}) -// : Lemma -// (requires ( -// let d1 = v shl + v shr in -// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in -// let offset1 = v shr in -// bits t > bits u -// /\ is_num_bits t d1 -// /\ is_num_bits u d2 -// /\ offset1 < d1 -// /\ offset1 > d1 - d2 -// )) -// (ensures -// ( ((cast (x2 &. mask <: int_t t) <: int_t u) <>! shr <: int_t t) <: int_t u) -// ) -// == ( -// let d1 = v shl + v shr in -// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in -// let offset1 = v shr in -// mix_two_ints t u d1 d2 x1 x2 offset1 -// ) -// ) -// = let d1 = v shl + v shr in -// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in -// let offset1 = v shr in -// reveal_opaque (`%mix_two_ints) (mix_two_ints t u d1 d2 x1 x2 offset1); -// admit () -// #pop-options - -// open FStar.Tactics.V2 - -// let tau () -// = let first_or_trefl () : Tac unit = -// if try apply_lemma_rw (`rw_mix_two_ints); true -// with | _ -> false -// then begin -// FStar.Tactics.V1.dump "Before norm"; -// norm [iota; zeta_full; reify_; delta; primops; simplify; unmeta]; -// FStar.Tactics.V1.dump "After norm"; -// trivial () -// end else trefl () -// in -// pointwise first_or_trefl; -// FStar.Tactics.V1.dump "xx"; -// trefl () - -// #push-options "--compat_pre_core 2" - -// #push-options "--z3rlimit 90" -// // [@@"opaque_to_smt"] -// [@@postprocess_with tau] -// let compress_coefficients_11_ -// coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 = -// let coef1:u8 = cast (coefficient1 <: i16) <: u8 in -// // assert (get_bit ) -// // coefficient1 -// let coef2:u8 = -// ((cast (coefficient2 &. 31s <: i16) <: u8) <>! 8s <: i16) <: u8) -// in -// let coef3:u8 = -// ((cast (coefficient3 &. 3s <: i16) <: u8) <>! 5s <: i16) <: u8) -// in -// let coef4:u8 = cast ((coefficient3 >>! 2s <: i16) &. 255s <: i16) <: u8 in -// let coef5:u8 = -// ((cast (coefficient4 &. 127s <: i16) <: u8) <>! 10s <: i16) <: u8) -// in -// let coef6:u8 = -// ((cast (coefficient5 &. 15s <: i16) <: u8) <>! 7s <: i16) <: u8) -// in -// let coef7:u8 = -// ((cast (coefficient6 &. 1s <: i16) <: u8) <>! 4s <: i16) <: u8) -// in -// let coef8:u8 = cast ((coefficient6 >>! 1s <: i16) &. 255s <: i16) <: u8 in -// let coef9:u8 = -// ((cast (coefficient7 &. 63s <: i16) <: u8) <>! 9s <: i16) <: u8) -// in -// let coef10:u8 = -// ((cast (coefficient8 &. 7s <: i16) <: u8) <>! 6s <: i16) <: u8) -// in -// let coef11:u8 = cast (coefficient8 >>! 3s <: i16) <: u8 in -// // admit (); -// // BitVecEq.bit_vec_equal_intro_principle (); -// coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 -// <: -// (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -// #pop-options - -// #push-options "--fuel 5 --ifuel 0 --z3rlimit 800 --split_queries always" -// let compress_coefficients_11_lemma -// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: -// int_t_d i16_inttype 11) -// = BitVecEq.bit_vec_equal_intro_principle (); -// // let arr1 = MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8) in -// // let arr2 = (MkSeq.create11 (compress_coefficients_11_ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8)) in -// // let bv1 = bit_vec_of_int_t_array arr1 11 in -// // let bv2 = bit_vec_of_int_t_array arr2 8 in -// // let d1 = 11 in -// // let d2 = 8 in -// // let i = 27 in -// // let coef_number_input = i / d1 in -// // let mixed = mix_two_ints i16_inttype u8_inttype -// // 11 8 -// // (Seq.index arr1 coef_number_input ) -// // (Seq.index arr1 (coef_number_input + 1)) -// // (i % d2) in -// assert ( -// // bv1 i == get_bit (Seq.index arr1 (coef_number_input)) (sz (i % d1)) -// // bv2 i == get_bit mixed (sz (i % d2)) -// // get_bit (Seq.index arr1 (coef_number_input)) (sz (i % d1)) -// // bv1 27 == bv2 27 -// BitVecEq.int_t_array_bitwise_eq' -// (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 -// (MkSeq.create11 (compress_coefficients_11_ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8)) 8 -// ) -// #pop-options - -// // bv2 i == bit_vec (Seq.index arr1 ()) - -// let eee -// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: -// int_t_d i32_inttype 11) -// = let arr1 = MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8) in -// let tuple = compress_coefficients_11_ -// coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 in -// let arr2 = MkSeq.create11 tuple in -// let bv1 = bit_vec_of_int_t_array arr1 11 in -// let bv2 = bit_vec_of_int_t_array (MkSeq.create11 tuple) 8 in -// let i = 0 in -// let d = 11 in -// assert ( -// // bv2 i == get_bit (Seq.index arr2 (i / 11)) (sz (i % 11)) -// bv2 i == (cast (coefficient1 <: i32) <: u8) -// ) by (FStar.Tactics.compute (); FStar.Tactics.trefl (); FStar.Tactics.fail "x"); -// // assert ( -// // bv1 i == get_bit (Seq.index arr1 (i / 11)) (sz (i % 11)) -// // ) by (FStar.Tactics.compute (); FStar.Tactics.fail "x"); -// admit () -// // : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -// // (requires True) -// // (ensures fun tuple -> -// // BitVecEq.int_t_array_bitwise_eq' -// // (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 -// // (MkSeq.create11 tuple) 8 -// // ) - -// #push-options "--ifuel 1 --z3rlimit 200" - -// #push-options "--z3rlimit 1600 --split_queries always" - -// let serialize_11_int' (v: t_Slice i16) = -// let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in -// let r1:u8 = -// ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) -// in -// let r2:u8 = -// ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) -// in -// let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in -// let r4:u8 = -// ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) -// in -// let r5:u8 = -// ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) -// in -// let r6:u8 = -// ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) -// in -// let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in -// let r8:u8 = -// ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) -// in -// let r9:u8 = -// ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) -// in -// let r10: u8 = (cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8) in -// let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in -// r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 -// <: -// (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let serialize_12_int (v: t_Slice i16) = -// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in -// let r1:u8 = -// cast (((v.[ sz 0 ] <: i16) >>! 8l <: i16) |. (((v.[ sz 1 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s <: i16) <: u8 in -// r0, r1, r2 <: (u8 & u8 & u8) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let serialize_4_int (v: t_Slice i16) = -// let result0:u8 = -// ((cast (v.[ sz 1 ] <: i16) <: u8) <>! 3l <: i16) |. ((v.[ sz 2 ] <: i16) <>! 1l <: i16) |. ((v.[ sz 4 ] <: i16) <>! 4l <: i16) |. ((v.[ sz 5 ] <: i16) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) < -// let result:t_Array u8 (sz 2) = result in -// let _:usize = temp_1_ in -// true) -// result -// (fun result i -> -// let result:t_Array u8 (sz 2) = result in -// let i:usize = i in -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result -// (sz 0) -// ((result.[ sz 0 ] <: u8) |. -// ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < -// let result:t_Array u8 (sz 2) = result in -// let _:usize = temp_1_ in -// true) -// result -// (fun result i -> -// let result:t_Array u8 (sz 2) = result in -// let i:usize = i in -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result -// (sz 1) -// ((result.[ sz 1 ] <: u8) |. -// ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < -// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in -// let _:usize = temp_1_ in -// true) -// result -// (fun result i -> -// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in -// let i:usize = i in -// { -// result with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// i -// (cast (((v.[ sz 0 ] <: u8) >>! i <: u8) &. 1uy <: u8) <: i16) -// <: -// t_Array i16 (sz 16) -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// in -// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Rust_primitives.Hax.Folds.fold_range (sz 8) -// Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR -// (fun result temp_1_ -> -// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in -// let _:usize = temp_1_ in -// true) -// result -// (fun result i -> -// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in -// let i:usize = i in -// { -// result with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// i -// (cast (((v.[ sz 1 ] <: u8) >>! (i -! sz 8 <: usize) <: u8) &. 1uy <: u8) <: i16) -// <: -// t_Array i16 (sz 16) -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// in -// result - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_10_ (bytes: t_Slice u8) = -// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 20 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 0) -// v0_7_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 1) -// v0_7_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 2) -// v0_7_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 3) -// v0_7_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 4) -// v0_7_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 5) -// v0_7_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 6) -// v0_7_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 7) -// v0_7_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 8) -// v8_15_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 9) -// v8_15_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 10) -// v8_15_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 11) -// v8_15_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 12) -// v8_15_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 13) -// v8_15_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 14) -// v8_15_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 15) -// v8_15_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// v - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_11_ (bytes: t_Slice u8) = -// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 0) -// v0_7_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 1) -// v0_7_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 2) -// v0_7_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 3) -// v0_7_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 4) -// v0_7_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 5) -// v0_7_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 6) -// v0_7_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 7) -// v0_7_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 8) -// v8_15_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 9) -// v8_15_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 10) -// v8_15_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 11) -// v8_15_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 12) -// v8_15_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 13) -// v8_15_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 14) -// v8_15_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 15) -// v8_15_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// v - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_12_ (bytes: t_Slice u8) = -// let v0_1_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v2_3_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 6 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v4_5_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 6; Core.Ops.Range.f_end = sz 9 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v6_7_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 12 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v8_9_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 12; Core.Ops.Range.f_end = sz 15 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v10_11_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 15; Core.Ops.Range.f_end = sz 18 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v12_13_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 18; Core.Ops.Range.f_end = sz 21 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v14_15_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 21; Core.Ops.Range.f_end = sz 24 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 0) -// v0_1_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 1) -// v0_1_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 2) -// v2_3_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 3) -// v2_3_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 4) -// v4_5_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 5) -// v4_5_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 6) -// v6_7_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 7) -// v6_7_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 8) -// v8_9_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 9) -// v8_9_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 10) -// v10_11_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 11) -// v10_11_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 12) -// v12_13_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 13) -// v12_13_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 14) -// v14_15_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 15) -// v14_15_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// re - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_4_ (bytes: t_Slice u8) = -// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 4; Core.Ops.Range.f_end = sz 8 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 0) -// v0_7_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 1) -// v0_7_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 2) -// v0_7_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 3) -// v0_7_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 4) -// v0_7_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 5) -// v0_7_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 6) -// v0_7_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 7) -// v0_7_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 8) -// v8_15_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 9) -// v8_15_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 10) -// v8_15_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 11) -// v8_15_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 12) -// v8_15_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 13) -// v8_15_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 14) -// v8_15_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 15) -// v8_15_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// v - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_5_ (bytes: t_Slice u8) = -// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 0) -// v0_7_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 1) -// v0_7_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 2) -// v0_7_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 3) -// v0_7_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 4) -// v0_7_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 5) -// v0_7_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 6) -// v0_7_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 7) -// v0_7_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 8) -// v8_15_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 9) -// v8_15_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 10) -// v8_15_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 11) -// v8_15_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 12) -// v8_15_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 13) -// v8_15_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 14) -// v8_15_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 15) -// v8_15_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// v - -// #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst b/libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst deleted file mode 100644 index e69de29bb..000000000 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst b/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst deleted file mode 100644 index e2e480052..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst +++ /dev/null @@ -1,15 +0,0 @@ -module TacticTest - -open Core -open FStar.Mul -open FStar.Tactics.V2 - -module _ = BitVecEq -module _ = Rust_primitives.BitVectors - - -/// Rewrite lemmas - - - - diff --git a/libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json b/libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json deleted file mode 100644 index 2509bf529..000000000 --- a/libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "fstar_exe": "fstar.exe", - "options": [ - "--warn_error", - "-274-321-331", - "--cache_checked_modules", - "--query_stats", - "--record_hints", - "--log_queries", - "--cache_dir", - ".cache", - "--no_location_info", - "--use_hints" - ], - "include_dirs": [ - "${HACL_HOME}/lib", - "${HACL_HOME}/specs", - "${HAX_HOME}/proof-libs/fstar/rust_primitives", - "${HAX_HOME}/proof-libs/fstar/core", - "${HAX_HOME}/hax-lib/proofs/fstar/extraction", - "../../../../sys/platform/proofs/fstar/extraction", - "../../../../libcrux-sha3/proofs/fstar/extraction", - "../../../../libcrux-intrinsics/proofs/fstar/extraction" - ] -} From be21196bf1eff1b8d35381270147e7fb00e035a4 Mon Sep 17 00:00:00 2001 From: Maxime Buyse Date: Tue, 3 Sep 2024 10:05:15 +0200 Subject: [PATCH 25/29] Remove unsafe code from include to avoid being rejected by hax. --- libcrux-ml-kem/hax.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 534d921cc..b95b864ab 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -31,7 +31,7 @@ class extractAction(argparse.Action): def __call__(self, parser, args, values, option_string=None) -> None: # Extract platform interfaces - include_str = "+:**" + include_str = "+:** -**::x86::init::cpuid -**::x86::init::cpuid_count" interface_include = "+**" cargo_hax_into = [ "cargo", From 3183572181daad04a4361c689c570af2b3c90abe Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 15:45:15 +0000 Subject: [PATCH 26/29] Update MLKEM Makefile --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 07600d92d..002992afa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,16 +1,13 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst -ADMIT_MODULES += Libcrux_ml_kem.Ind_cca.Unpacked.fst \ - Libcrux_ml_kem.Ind_cca.fst \ - Libcrux_ml_kem.Ind_cpa.fst \ - Libcrux_ml_kem.Ind_cpa.fsti \ +ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ - Libcrux_ml_kem.Matrix.fst \ Libcrux_ml_kem.Ntt.fst \ + Libcrux_ml_kem.Sampling.fst \ Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ - Libcrux_ml_kem.Vector.Avx2.SeriGalize.fst \ + Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ @@ -19,16 +16,10 @@ ADMIT_MODULES += Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ Libcrux_ml_kem.Vector.Neon.Compress.fst \ - Libcrux_ml_kem.Vector.Neon.fst \ Libcrux_ml_kem.Vector.Neon.fsti \ + Libcrux_ml_kem.Vector.Neon.fst \ Libcrux_ml_kem.Vector.Neon.Ntt.fst \ Libcrux_ml_kem.Vector.Neon.Serialize.fst \ Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ - Libcrux_ml_kem.Vector.Portable.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Portable.Compress.fst \ - Libcrux_ml_kem.Vector.Portable.Ntt.fst \ - Libcrux_ml_kem.Vector.Portable.Sampling.fst \ - Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ - Libcrux_ml_kem.Vector.Traits.fst include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base From 16af53b115c81ba9c5610c1e2d71fc6da389a845 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 3 Sep 2024 21:47:40 +0200 Subject: [PATCH 27/29] serialize --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 002992afa..e6d9a72c4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -11,7 +11,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ - Libcrux_ml_kem.Vector.Portable.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ @@ -20,6 +19,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Neon.fst \ Libcrux_ml_kem.Vector.Neon.Ntt.fst \ Libcrux_ml_kem.Vector.Neon.Serialize.fst \ - Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ + Libcrux_ml_kem.Vector.Neon.Vector_type.fst include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base From 9be19e9d33e9945c170e42eae523088253ef1ce3 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 3 Sep 2024 21:45:19 +0200 Subject: [PATCH 28/29] feat: tactic: do nothing if smt queries are admitted --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index 2bcd5dd0f..ae0567aef 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -38,7 +38,7 @@ let compute_one_round (): Tac _ = let compute': unit -> Tac unit = goal_fixpoint compute_one_round /// Proves a goal of the shape `forall (i:nat{i < N}). get_bit ... i == get_bit ... i` (`N` is expected to be a literal) -let prove_bit_vector_equality' (): Tac unit = +let prove_bit_vector_equality'' (): Tac unit = norm [ iota; primops; @@ -57,6 +57,10 @@ let prove_bit_vector_equality' (): Tac unit = print ("Ask SMT: " ^ term_to_string (cur_goal ())); focus smt_sync )) +let prove_bit_vector_equality' (): Tac unit = + if lax_on () + then iterAll tadmit + else prove_bit_vector_equality'' () let prove_bit_vector_equality (): Tac unit = set_rlimit 100; with_compat_pre_core 0 prove_bit_vector_equality' From 7dc12e9cb94f5f26d02773caea2525620fb59d5d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 3 Sep 2024 23:38:19 +0200 Subject: [PATCH 29/29] port --- libcrux-ml-kem/hax.py | 2 ++ .../extraction/Libcrux_ml_kem.Ind_cca.fst | 4 +++ .../Libcrux_ml_kem.Vector.Portable.fsti | 2 +- .../proofs/fstar/extraction/Makefile | 1 + libcrux-ml-kem/src/ind_cca.rs | 1 + libcrux-ml-kem/src/vector/avx2.rs | 18 ++++++------- libcrux-ml-kem/src/vector/neon.rs | 6 ++--- libcrux-ml-kem/src/vector/portable.rs | 27 +++++++------------ .../extraction/Libcrux_platform.Platform.fsti | 2 +- 9 files changed, 32 insertions(+), 31 deletions(-) diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index b95b864ab..8df66c304 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -40,6 +40,8 @@ def __call__(self, parser, args, values, option_string=None) -> None: "-i", include_str, "fstar", + "--z3rlimit", + "80", "--interfaces", interface_include, ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index a037dd8e4..2576b5c73 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -11,6 +11,8 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +#push-options "--z3rlimit 150" + let serialize_kem_secret_key (v_K v_SERIALIZED_KEY_LEN: usize) (#v_Hasher: Type0) @@ -157,6 +159,8 @@ let serialize_kem_secret_key in out +#pop-options + let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 461660a87..00d0a1e3d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 300 --split_queries always" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index e6d9a72c4..5886525fd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -3,6 +3,7 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ + Libcrux_ml_kem.Serialize.fst \ Libcrux_ml_kem.Sampling.fst \ Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index dae6d21b5..a709a62e7 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -39,6 +39,7 @@ pub(crate) mod instantiations; /// Serialize the secret key. #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 150")] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index e82054ba0..e5a205174 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -53,44 +53,44 @@ impl crate::vector::traits::Repr for SIMD256Vector { #[hax_lib::attributes] impl Operations for SIMD256Vector { #[inline(always)] - #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] + #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { vec_zero() } #[requires(array.len() == 16)] - #[ensures(|result| fstar!("impl.f_repr out == $array"))] + #[ensures(|out| fstar!("impl.f_repr out == $array"))] fn from_i16_array(array: &[i16]) -> Self { vec_from_i16_array(array) } - #[ensures(|result| fstar!("out == impl.f_repr $x"))] + #[ensures(|out| fstar!("out == impl.f_repr $x"))] fn to_i16_array(x: Self) -> [i16; 16] { vec_to_i16_array(x) } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn add(lhs: Self, rhs: &Self) -> Self { Self { elements: arithmetic::add(lhs.elements, rhs.elements), } } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn sub(lhs: Self, rhs: &Self) -> Self { Self { elements: arithmetic::sub(lhs.elements, rhs.elements), } } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] fn multiply_by_constant(v: Self, c: i16) -> Self { Self { elements: arithmetic::multiply_by_constant(v.elements, c), } } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. $constant) (impl.f_repr $vector)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. $constant) (impl.f_repr $vector)"))] fn bitwise_and_with_constant(vector: Self, constant: i16) -> Self { Self { elements: arithmetic::bitwise_and_with_constant(vector.elements, constant), @@ -98,7 +98,7 @@ impl Operations for SIMD256Vector { } #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] - #[ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $vector)"))] + #[ensures(|out| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $vector)"))] fn shift_right(vector: Self) -> Self { Self { elements: arithmetic::shift_right::<{ SHIFT_BY }>(vector.elements), @@ -106,7 +106,7 @@ impl Operations for SIMD256Vector { } #[requires(true)] - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"))] fn cond_subtract_3329(vector: Self) -> Self { Self { elements: arithmetic::cond_subtract_3329(vector.elements), diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index 394434cc7..bd3be862a 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -26,18 +26,18 @@ impl crate::vector::traits::Repr for SIMD128Vector { #[hax_lib::attributes] impl Operations for SIMD128Vector { #[inline(always)] - #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] + #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { ZERO() } #[requires(array.len() == 16)] - #[ensures(|result| fstar!("impl.f_repr out == $array"))] + #[ensures(|out| fstar!("impl.f_repr out == $array"))] fn from_i16_array(array: &[i16]) -> Self { from_i16_array(array) } - #[ensures(|result| fstar!("out == impl.f_repr $x"))] + #[ensures(|out| fstar!("out == impl.f_repr $x"))] fn to_i16_array(x: Self) -> [i16; 16] { to_i16_array(x) } diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 766276e56..1b34df9bc 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -23,51 +23,52 @@ impl crate::vector::traits::Repr for PortableVector { } #[hax_lib::attributes] +#[hax_lib::fstar::options("--z3rlimit 300")] impl Operations for PortableVector { - #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] + #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { zero() } #[requires(array.len() == 16)] - #[ensures(|result| fstar!("impl.f_repr out == $array"))] + #[ensures(|out| fstar!("impl.f_repr out == $array"))] fn from_i16_array(array: &[i16]) -> Self { from_i16_array(array) } - #[ensures(|result| fstar!("out == impl.f_repr $x"))] + #[ensures(|out| fstar!("out == impl.f_repr $x"))] fn to_i16_array(x: Self) -> [i16; 16] { to_i16_array(x) } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn add(lhs: Self, rhs: &Self) -> Self { add(lhs, rhs) } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn sub(lhs: Self, rhs: &Self) -> Self { sub(lhs, rhs) } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] fn multiply_by_constant(v: Self, c: i16) -> Self { multiply_by_constant(v, c) } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr $v)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr $v)"))] fn bitwise_and_with_constant(v: Self, c: i16) -> Self { bitwise_and_with_constant(v, c) } #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] - #[ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"))] + #[ensures(|out| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"))] fn shift_right(v: Self) -> Self { shift_right::<{ SHIFT_BY }>(v) } #[requires(true)] - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $v)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $v)"))] fn cond_subtract_3329(v: Self) -> Self { cond_subtract_3329(v) } @@ -134,7 +135,6 @@ impl Operations for PortableVector { } #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))] fn serialize_1(a: Self) -> [u8; 2] { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a"); @@ -142,7 +142,6 @@ impl Operations for PortableVector { } #[requires(a.len() == 2)] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))] fn deserialize_1(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a"); @@ -150,7 +149,6 @@ impl Operations for PortableVector { } #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))] fn serialize_4(a: Self) -> [u8; 8] { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a"); @@ -158,7 +156,6 @@ impl Operations for PortableVector { } #[requires(a.len() == 8)] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))] fn deserialize_4(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a"); @@ -175,7 +172,6 @@ impl Operations for PortableVector { } #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))] fn serialize_10(a: Self) -> [u8; 20] { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a"); @@ -183,7 +179,6 @@ impl Operations for PortableVector { } #[requires(a.len() == 20)] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))] fn deserialize_10(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a"); @@ -200,7 +195,6 @@ impl Operations for PortableVector { } #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))] fn serialize_12(a: Self) -> [u8; 24] { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a"); @@ -208,7 +202,6 @@ impl Operations for PortableVector { } #[requires(a.len() == 24)] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))] fn deserialize_12(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a"); diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti index e8713dad5..95dad6932 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti @@ -1,5 +1,5 @@ module Libcrux_platform.Platform -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul