Fix encoding of primitive operators with refined domains #3427

nikswamy · 2024-08-30T22:20:23Z

This adds preconditions in the SMT encoding to Prims.op_Modulus, op_Division, and Real.op_Slash_dot.

I also had an everest run with no meaningful regressions---one brittle proof in Hacl.Spec.Chacha.Equiv needed a restart-solver to go through.

…#3426

nikswamy · 2024-08-30T22:21:26Z

ulib/FStar.UInt.fst

@@ -584,7 +584,7 @@ let lemma_lognot_value_zero #n a =
 private
 val lemma_mod_variation: #n:pos -> a:uint_t n ->
  Lemma (a <> 0 ==> ((-a) % pow2 n) - 1 % pow2 n = (((-a) % pow2 n) - 1) % pow2 n)
-let lemma_mod_variation #n a = ()
+let lemma_mod_variation #n a = assert (pow2 n =!= 0)


This proof was a bit flaky and uses a very large rlimit. It seems to stabilizes with this assertion.

nikswamy added 2 commits August 30, 2024 11:03

restrict domain of partial primitive operations in the SMT encoding cf …

723b00a

…#3426

fix a typo in encoding of Real.(/.); bump cache version number

84b0ba5

nikswamy commented Aug 30, 2024

View reviewed changes

nikswamy enabled auto-merge August 30, 2024 22:22

nikswamy mentioned this pull request Aug 30, 2024

Restarting solver for an unstable proof hacl-star/hacl-star#975

Merged

10 tasks

nikswamy merged commit d56e791 into master Aug 30, 2024
3 checks passed

nikswamy deleted the nik_3426 branch August 30, 2024 22:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix encoding of primitive operators with refined domains #3427

Fix encoding of primitive operators with refined domains #3427

nikswamy commented Aug 30, 2024

nikswamy Aug 30, 2024

Fix encoding of primitive operators with refined domains #3427

Fix encoding of primitive operators with refined domains #3427

Conversation

nikswamy commented Aug 30, 2024

nikswamy Aug 30, 2024

Choose a reason for hiding this comment