diff --git a/fstar-helpers/fstar-bitvec/BitVec.Equality.fst b/fstar-helpers/fstar-bitvec/BitVec.Equality.fst index afbc5a4fa..5e21832c7 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Equality.fst +++ b/fstar-helpers/fstar-bitvec/BitVec.Equality.fst @@ -33,7 +33,16 @@ let bv_equality' #n (bv1 bv2: bit_vec n) let bv_equality #n (bv1 bv2: bit_vec n) = bv_equality' bv1 bv2 - + +let bv_equality_elim #n (bv1 bv2: bit_vec n) + : Lemma (requires bv_equality bv1 bv2) + (ensures bv1 == bv2) + = () +let bv_equality_intro #n (bv1 bv2: bit_vec n) + : Lemma (requires bv1 == bv2) + (ensures bv_equality bv1 bv2) + = () + let rewrite n (bv1: bit_vec n) : Lemma (bv_equality #n bv1 bv1 == true) = () diff --git a/fstar-helpers/fstar-bitvec/BitVec.Equality.fsti b/fstar-helpers/fstar-bitvec/BitVec.Equality.fsti index 184202a61..5340903b4 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Equality.fsti +++ b/fstar-helpers/fstar-bitvec/BitVec.Equality.fsti @@ -6,4 +6,12 @@ open FStar.Mul open FStar.FunctionalExtensionality val bv_equality #n (bv1 bv2: bit_vec n): bool +val bv_equality_elim #n (bv1 bv2: bit_vec n) + : Lemma (requires bv_equality bv1 bv2) + (ensures bv1 == bv2) +val bv_equality_intro #n (bv1 bv2: bit_vec n) + : Lemma (requires bv1 == bv2) + (ensures bv_equality bv1 bv2) val rewrite n (bv1: bit_vec n): Lemma (bv_equality #n bv1 bv1 == true) + + diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.Constants.fst b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.Constants.fst new file mode 100644 index 000000000..9d2614842 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.Constants.fst @@ -0,0 +1,264 @@ +module BitVec.Intrinsics.Constants + +open Core +open Rust_primitives +open FStar.Mul +open FStar.FunctionalExtensionality +open BitVec.Utils +open BitVec.Equality + +let mm256_set_epi16 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) + : bit_vec 256 + = mk_bv (fun i -> + let offset = i % 16 in + match i / 16 with + | 0 -> get_bit x15 (sz offset) + | 1 -> get_bit x14 (sz offset) + | 2 -> get_bit x13 (sz offset) + | 3 -> get_bit x12 (sz offset) + | 4 -> get_bit x11 (sz offset) + | 5 -> get_bit x10 (sz offset) + | 6 -> get_bit x9 (sz offset) + | 7 -> get_bit x8 (sz offset) + | 8 -> get_bit x7 (sz offset) + | 9 -> get_bit x6 (sz offset) + | 10 -> get_bit x5 (sz offset) + | 11 -> get_bit x4 (sz offset) + | 12 -> get_bit x3 (sz offset) + | 13 -> get_bit x2 (sz offset) + | 14 -> get_bit x1 (sz offset) + | 15 -> get_bit x0 (sz offset) + ) + +let madd_rhs (n: nat {n < 16}) = + mm256_set_epi16 + (1s < bit_vec 256 = admit () + +open Tactics.Utils + +open FStar.Tactics + +(** Unifies `t` with `fn x1 ... xN`, where `x1` and `xN` are +unification variables. This returns a list of terms to substitute `x1` +... `xN` with. *) +let unify_app (t fn: term) norm_steps: Tac (option (list term)) + = let bds = fst (collect_arr_bs (tc (cur_env ()) fn)) in + let _fake_goal = + (* create a goal `b1 -> ... -> bn -> squash True` *) + let trivial = pack_comp (C_Total (`squash True)) in + unshelve (fresh_uvar (Some (mk_arr bds trivial))) + in + (* get back the binders `b1`, ..., `bn` *) + let bds = intros () in + let args = map (fun (b: binder) -> b <: term) bds in + let norm_term = norm_term (hnf::norm_steps) in + let fn, t = norm_term (mk_e_app fn args), norm_term t in + let vars = map (fun b -> + let b = inspect_binder b in + let {bv_index = uniq; bv_ppname = ppname} = inspect_bv b.binder_bv in + let nv: namedv_view = {uniq; ppname; sort = seal (`_)} in + (FStar.Reflection.V2.pack_namedv nv, b.binder_sort) + ) bds in + let?# substs = fst (try_unify (cur_env ()) vars fn t) in + if List.Tot.length substs <> List.Tot.length bds + then fail "unify_app: inconsistent lengths"; + (* solve the trivial goal introduced at the begining *) + trivial (); + Some (List.Tot.rev (map (fun (_, t) -> t) substs)) + +irreducible let add (x y: int): int = x + y + +let f (a b c d: int): int = add (add (add a b) c) d + +// #push-options "--print_full_names --print_implicits --print_bound_var_types" +let _ = assert true by ( + let r = + unify_app + (quote (f 1 2 3 4)) + (quote f) + [delta_only [`%f]] + in + let s = term_to_string (quote r) + in + print s + ) + +let test x y (#[( + let n = fresh_namedv () in + let y = quote y in + let y' = `(madd_rhs (`#n)) in + let n = FStar.Reflection.V2.pack_namedv n in + let t = match try_unify (cur_env ()) [(n,`(n: nat {n < 16}))] y y' with + | (Some [v, t'], _) -> + `(stupid (`#t')) + | _ -> `(stupid (`#y)) in + exact t +)]f: bit_vec 256 -> bit_vec 256) = f x + +let xx = fun x -> test x (madd_rhs 12) + +irreducible let vec256_to_i16s (bv: bit_vec 256) + : (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + & (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + = admit () + +irreducible let rw_vec256_to_i16_ints + (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) + : Lemma ( + vec256_to_i16s (mm256_set_epi16 x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15) + == ((x0, x1, x2, x3, x4, x5, x6, x7), (x8, x9, x10, x11, x12, x13, x14, x15)) + ) = admit () + +let madd_rhs (n: nat {n < 16}) = + mm256_set_epi16 + (1s <= 1 + && v x0 = v x2 && v x0 = v x4 && v x0 = v x6 && v x0 = v x8 + && v x0 = v x10 && v x0 = v x12 && v x0 = v x14 + && v x1 = 1 && v x3 = 1 && v x5 = 1 && v x7 = 1 + && v x9 = 1 && v x11= 1 && v x13= 1 && v x15= 1 + then match Tactics.Pow2.log2 (v x0 <: nat) with + | Some coef -> + if coef < 16 + then ( + assert (v ((1s < None + else None +#pop-options + +open FStar.Tactics.V2 +[@@FStar.Tactics.V2.postprocess_with (fun _ -> + compute (); + Tactics.Seq.norm_index (); + compute (); + fail "x" +)] +let aa = + let n = 12 in + let tuple = ( + ( (1s < n | None -> 0 in + x + +open Tactics.Utils +open FStar.Tactics.V2 +module Visit = FStar.Tactics.Visit + +let rec any (f: 'a -> bool) (l: list 'a): bool + = match l with + | [] -> false + | hd::tl -> if f hd + then true + else any f tl + +exception FoundFreeLocalVar +let is_closed_term (x: term): Tac bool + = try + let _ = FStar.Tactics.Visit.visit_tm ( + function + | Tv_Var _ | Tv_BVar _ -> raise FoundFreeLocalVar + | x -> x + ) x + in true + with | FoundFreeLocalVar -> false + | e -> raise e + +let rw_mm256_set_epi16 t = + let?# (f, [arg,_]) = expect_app_n t 1 in + let?# _ = expect_free_var f (`%vec256_to_i16_ints) in + let?? _ = is_closed_term arg in + let?# (f, args) = expect_app_n arg 16 in + let?# _ = expect_free_var f (`%mm256_set_epi16) in + pointwise' (fun _ -> + let _ = let?# (lhs, _, _) = expect_lhs_eq_rhs () in + Some (if any (fun (arg, _) -> term_eq lhs arg) args + then norm [primops; iota; delta; zeta_full] + else ()) + in trefl () + ); + Some () + +let rec expect_madd_rhs' (bv: bit_vec 256) (n:nat {n < 16}) + : result: option (n: nat {n < 16}) { match result with + | Some n -> bv == madd_rhs n + | _ -> True + } + = if bv_equality bv (madd_rhs n) + then ( bv_equality_elim bv (madd_rhs n); + Some n ) + else if n = 0 then None + else expect_madd_rhs' bv (n - 1) + +irreducible let expect_madd_rhs (bv: bit_vec 256): option (n: nat {n < 16}) + = expect_madd_rhs' bv 15 + +// let rewrite_expect_madd_rhs +// (bv: bit_vec 256) (n: nat {n < 16}) +// : Lemma (requires bv == madd_rhs n) +// (ensures ) +// = () + diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.TestShuffle.fst b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.TestShuffle.fst new file mode 100644 index 000000000..0c60d6587 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.TestShuffle.fst @@ -0,0 +1,203 @@ +module BitVec.Intrinsics.TestShuffle + +open Rust_primitives +open FStar.Mul +open BitVec.Utils +open BitVec.Intrinsics + +assume val stuck: #a:Type -> #b:Type -> a -> b + +let index64 l (i: nat {i < List.Tot.length l}) = + match l with + | [x0;x1;x2;x3] -> + (match i with + | 0 -> x0 | 1 -> x1 | 2 -> x2 | 3 -> x3) + | [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15;x16;x17;x18;x19;x20;x21;x22;x23;x24;x25;x26;x27;x28;x29;x30;x31;x32;x33;x34;x35;x36;x37;x38;x39;x40;x41;x42;x43;x44;x45;x46;x47;x48;x49;x50;x51;x52;x53;x54;x55;x56;x57;x58;x59;x60;x61;x62;x63] -> + (match i with + | 0 -> x0 | 1 -> x1 | 2 -> x2 | 3 -> x3 | 4 -> x4 | 5 -> x5 | 6 -> x6 | 7 -> x7 | 8 -> x8 | 9 -> x9 | 10 -> x10 | 11 -> x11 | 12 -> x12 | 13 -> x13 | 14 -> x14 | 15 -> x15 + | 16 -> x16 | 17 -> x17 | 18 -> x18 | 19 -> x19 | 20 -> x20 | 21 -> x21 | 22 -> x22 | 23 -> x23 | 24 -> x24 | 25 -> x25 | 26 -> x26 | 27 -> x27 | 28 -> x28 | 29 -> x29 | 30 -> x30 | 31 -> x31 + | 32 -> x32 | 33 -> x33 | 34 -> x34 | 35 -> x35 | 36 -> x36 | 37 -> x37 | 38 -> x38 | 39 -> x39 | 40 -> x40 | 41 -> x41 | 42 -> x42 | 43 -> x43 | 44 -> x44 | 45 -> x45 | 46 -> x46 | 47 -> x47 + | 48 -> x48 | 49 -> x49 | 50 -> x50 | 51 -> x51 | 52 -> x52 | 53 -> x53 | 54 -> x54 | 55 -> x55 | 56 -> x56 | 57 -> x57 | 58 -> x58 | 59 -> x59 | 60 -> x60 | 61 -> x61 | 62 -> x62 | 63 -> x63) + | _ -> stuck "index" + +assume val nth: list bit -> nat -> bit + +let bv_of_list_list (n: pos) (l: list (l: list bit {List.Tot.length l == n})): bit_vec (List.Tot.length l * n) + = mk_bv (fun i -> nth (index64 l (i / n)) (i % n)) + +let z: l: list bit {List.Tot.length l == 4} = [0;0;0;0] + +type result #t0 #t1 #t2 #t3 #t4 = { + vector: t0; + adjacent_2_combined: t1; + adjacent_8_combined: t2; + combined': t3; + combined: t4; + } + +// /// We view `x` as a sequence of pairs of 16 bits, of the shape +// /// `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)`: only the last `n` bits are non-zero. +// /// We output a sequence of 32 bits `0b0…0b₁…bₙa₁…aₙ`. +// let mm256_madd_epi16_specialized' (x: bit_vec 256) (n: nat {n < 16}): bit_vec 256 = +// mk_bv (fun i -> let j = i % 32 in +// // `x i` is the `j`th bit in the `i/32`th pair of 16 bits `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` +// // we want to construct the `j`th bit of `0b0…0b₁…bₙa₁…aₙ` +// let is_zero = +// // `|b₁…bₙa₁…aₙ| = n * 2`: if we're above that, we want to produce the bit `0` +// j >= n * 2 +// in +// if is_zero +// then 0 +// else if j < n +// then x i // we want to produce the bit `aⱼ` +// else +// // the bit from `b` is in the second item of the pair `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` +// x (i - n + 16) +// ) + +// let mm256_permutevar8x32_epi32_i32 (a: bit_vec 256) (b: list _ {List.Tot.length b == 8}): bit_vec 256 = +// mk_bv (fun i -> +// let j = i / 32 in +// let index = (List.Tot.index b (7 - j) % 8) * 32 in +// a (index + i % 32)) + +let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in + let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_madd_epi16_specialized' vector 4 + // Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 vector + // (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < bit) = [f 0;f 1;f 2;f 3;f 4;f 5;f 6;f 7;f 8;f 9;f 10;f 11;f 12;f 13;f 14;f 15;f 16;f 17;f 18;f 19;f 20;f 21;f 22;f 23;f 24;f 25;f 26;f 27;f 28;f 29;f 30;f 31;f 32;f 33;f 34;f 35;f 36;f 37;f 38;f 39;f 40;f 41;f 42;f 43;f 44;f 45;f 46;f 47;f 48;f 49;f 50;f 51;f 52;f 53;f 54;f 55;f 56;f 57;f 58;f 59;f 60;f 61;f 62;f 63;f 64;f 65;f 66;f 67;f 68;f 69;f 70;f 71;f 72;f 73;f 74;f 75;f 76;f 77;f 78;f 79;f 80;f 81;f 82;f 83;f 84;f 85;f 86;f 87;f 88;f 89;f 90;f 91;f 92;f 93;f 94;f 95;f 96;f 97;f 98;f 99;f 100;f 101;f 102;f 103;f 104;f 105;f 106;f 107;f 108;f 109;f 110;f 111;f 112;f 113;f 114;f 115;f 116;f 117;f 118;f 119;f 120;f 121;f 122;f 123;f 124;f 125;f 126;f 127;f 128;f 129;f 130;f 131;f 132;f 133;f 134;f 135;f 136;f 137;f 138;f 139;f 140;f 141;f 142;f 143;f 144;f 145;f 146;f 147;f 148;f 149;f 150;f 151;f 152;f 153;f 154;f 155;f 156;f 157;f 158;f 159;f 160;f 161;f 162;f 163;f 164;f 165;f 166;f 167;f 168;f 169;f 170;f 171;f 172;f 173;f 174;f 175;f 176;f 177;f 178;f 179;f 180;f 181;f 182;f 183;f 184;f 185;f 186;f 187;f 188;f 189;f 190;f 191;f 192;f 193;f 194;f 195;f 196;f 197;f 198;f 199;f 200;f 201;f 202;f 203;f 204;f 205;f 206;f 207;f 208;f 209;f 210;f 211;f 212;f 213;f 214;f 215;f 216;f 217;f 218;f 219;f 220;f 221;f 222;f 223;f 224;f 225;f 226;f 227;f 228;f 229;f 230;f 231;f 232;f 233;f 234;f 235;f 236;f 237;f 238;f 239;f 240;f 241;f 242;f 243;f 244;f 245;f 246;f 247;f 248;f 249;f 250;f 251;f 252;f 253;f 254;f 255] +let map128 (f: (i: nat {i < 128}) -> bit) = [f 0;f 1;f 2;f 3;f 4;f 5;f 6;f 7;f 8;f 9;f 10;f 11;f 12;f 13;f 14;f 15;f 16;f 17;f 18;f 19;f 20;f 21;f 22;f 23;f 24;f 25;f 26;f 27;f 28;f 29;f 30;f 31;f 32;f 33;f 34;f 35;f 36;f 37;f 38;f 39;f 40;f 41;f 42;f 43;f 44;f 45;f 46;f 47;f 48;f 49;f 50;f 51;f 52;f 53;f 54;f 55;f 56;f 57;f 58;f 59;f 60;f 61;f 62;f 63;f 64;f 65;f 66;f 67;f 68;f 69;f 70;f 71;f 72;f 73;f 74;f 75;f 76;f 77;f 78;f 79;f 80;f 81;f 82;f 83;f 84;f 85;f 86;f 87;f 88;f 89;f 90;f 91;f 92;f 93;f 94;f 95;f 96;f 97;f 98;f 99;f 100;f 101;f 102;f 103;f 104;f 105;f 106;f 107;f 108;f 109;f 110;f 111;f 112;f 113;f 114;f 115;f 116;f 117;f 118;f 119;f 120;f 121;f 122;f 123;f 124;f 125;f 126;f 127] + +let test (a b c d e f g h i j k l m n o p: (l: list bit {List.Tot.length l == 4})) = + let input = bv_of_list_list 4 [ + a;z;z;z; b;z;z;z; c;z;z;z; d;z;z;z; + e;z;z;z; f;z;z;z; g;z;z;z; h;z;z;z; + i;z;z;z; j;z;z;z; k;z;z;z; l;z;z;z; + m;z;z;z; n;z;z;z; o;z;z;z; p;z;z;z; + + // z;z;z;a; z;z;z;b; z;z;z;c; z;z;z;d; + // z;z;z;e; z;z;z;f; z;z;z;g; z;z;z;h; + // z;z;z;i; z;z;z;j; z;z;z;k; z;z;z;l; + // z;z;z;m; z;z;z;n; z;z;z;o; z;z;z;p; + ] in + serialize_4_ input + + +// let xx a b c d e f g h i j k l m n o p = +// Pervasives.norm [iota; primops; zeta_full; delta] ( +// Pervasives.norm [iota; primops; zeta; delta] ( +// let {vector; adjacent_2_combined; adjacent_8_combined; combined'; combined} = test a b c d e f g h i j k l m n o p in +// let vector = map256 (fun (idx: nat{idx < 256}) -> vector idx) in +// let adjacent_2_combined = map256 (fun (idx: nat{idx < 256}) -> adjacent_2_combined idx) in +// let adjacent_8_combined = map256 (fun (idx: nat{idx < 256}) -> adjacent_8_combined idx) in +// let combined' = map256 (fun (idx: nat{idx < 256}) -> combined' idx) in +// let combined = map128 (fun (idx: nat{idx < 128}) -> combined idx) in +// // map128 (fun (idx: nat {idx < 128}) -> test a b c d e f g h i j k l m n o p idx) +// {vector; adjacent_2_combined; adjacent_8_combined; combined'; combined} +// // (vector, adjacent_2_combined) +// ) +// ) + + + +open FStar.Tactics.V2 +open Tactics.Utils + + +open Libcrux_intrinsics.Avx2_extract {t_Vec256, t_Vec128} +// open BitVec.Intrinsics { + +// } + +#push-options "--compat_pre_core 0" +let serialize_4__ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in + let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + BitVec.Intrinsics.mm256_madd_epi16 vector + (BitVec.Intrinsics.mm256_set_epi16 (1s < i % 16 < 4 || vector i = 0)); + assert (forall (i: nat {i < 64}). + // let local_i = i / 4 in + combined i == vector ((i / 4) * 16 + i % 4) + ) by ( + // unfold wrappers + norm [primops; iota; zeta; delta_namespace [ + `%BitVec.Intrinsics.mm256_shuffle_epi8; + `%BitVec.Intrinsics.mm256_permutevar8x32_epi32; + `%BitVec.Intrinsics.mm256_madd_epi16; + `%BitVec.Intrinsics.mm256_castsi256_si128; + "BitVec.Utils"; + ]]; + Tactics.Utils.prove_forall_nat_pointwise (Tactics.Utils.print_time "SMT query succeeded in " (fun _ -> + let reduce t = + norm [primops; iota; zeta_full; delta_namespace [ + "FStar.FunctionalExtensionality"; + t; + `%BitVec.Utils.mk_bv; + `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) + ]]; + norm [primops; iota; zeta_full; delta_namespace [ + "FStar.List.Tot"; `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) + ]] + in + reduce (`%BitVec.Intrinsics.mm256_permutevar8x32_epi32_i32); + reduce (`%BitVec.Intrinsics.mm256_shuffle_epi8_i8); + reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized); + grewrite (quote (forall_bool #256 (fun i -> i % 16 < 4 || op_Equality #int (vector i) 0))) (`true); + flip (); smt (); + reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized'); + // focus (fun _ -> dump' "Goal!!"); + trivial () + )) + ); + combined diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti index a246794d6..a101013a6 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti @@ -3,31 +3,95 @@ module BitVec.Intrinsics open Core open Rust_primitives open FStar.Mul - -(*** BitVec related utils *) -open FStar.FunctionalExtensionality +open BitVec.Utils open BitVec.Equality -open Rust_primitives.BitVectors - -let mk_bv #len (f: (i:nat{i < len}) -> bit) = on (i:nat {i < len}) f +open Tactics.Utils (*** The intrinsics *) - let mm256_slli_epi16 (shift: i32 {v shift >= 0 /\ v shift <= 16}) (vec: bit_vec 256): bit_vec 256 = mk_bv (fun i -> let nth_bit = i % 16 in - if nth_bit >= v shift - then vec (i - v shift) - else 0) + if nth_bit >= v shift then vec (i - v shift) else 0) let mm256_srli_epi16 (shift: i32 {v shift >= 0 /\ v shift <= 16}) (vec: bit_vec 256): bit_vec 256 = mk_bv (fun i -> let nth_bit = i % 16 in if nth_bit < 16 - v shift then vec (i + v shift) else 0) +let mm256_srli_epi64 (shift: i32 {v shift >= 0 /\ v shift <= 64}) (vec: bit_vec 256): bit_vec 256 + = mk_bv (fun i -> let nth_bit = i % 64 in + if nth_bit < 64 - v shift then vec (i + v shift) else 0) + let mm256_castsi256_si128 (vec: bit_vec 256): bit_vec 128 = mk_bv (fun i -> vec i) let mm256_extracti128_si256 (control: i32{control == 1l}) (vec: bit_vec 256): bit_vec 128 = mk_bv (fun i -> vec (i + 128)) +let mm256_si256_from_two_si128 (lower upper: bit_vec 128): bit_vec 256 + = mk_bv (fun i -> if i < 128 then lower i else upper (i - 128)) + +let mm_loadu_si128 (bytes: t_Array u8 (sz 16)): bit_vec 128 + = mk_bv (fun i -> get_bit (Seq.index bytes (i / 8)) (sz (i % 8))) + +let mm256_set_epi32 (x0 x1 x2 x3 x4 x5 x6 x7: i32) + : bit_vec 256 + = mk_bv (fun i -> + let h (x: i32) = get_bit x (sz (i % 32)) in + match i / 32 with + | 0 -> h x7 | 1 -> h x6 | 2 -> h x5 | 3 -> h x4 + | 4 -> h x3 | 5 -> h x2 | 6 -> h x1 | 7 -> h x0) + +let mm256_set_epi16 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) + : bit_vec 256 + = mk_bv (fun i -> + let h (x: i16) = get_bit x (sz (i % 16)) in + match i / 16 with + | 0 -> h x15 | 1 -> h x14 | 2 -> h x13 | 3 -> h x12 + | 4 -> h x11 | 5 -> h x10 | 6 -> h x9 | 7 -> h x8 + | 8 -> h x7 | 9 -> h x6 | 10 -> h x5 | 11 -> h x4 + | 12 -> h x3 | 13 -> h x2 | 14 -> h x1 | 15 -> h x0 + ) + +let mm_set_epi8 + (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: u8) + : bit_vec 128 + = mk_bv (fun i -> + let h (x: u8) = get_bit x (sz (i % 8)) in + match i / 8 with + | 0 -> h x15 | 1 -> h x14 | 2 -> h x13 | 3 -> h x12 + | 4 -> h x11 | 5 -> h x10 | 6 -> h x9 | 7 -> h x8 + | 8 -> h x7 | 9 -> h x6 | 10 -> h x5 | 11 -> h x4 + | 12 -> h x3 | 13 -> h x2 | 14 -> h x1 | 15 -> h x0 + ) + +let mm256_set_epi8 + (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x20 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30 x31: i8) + : bit_vec 256 + = mk_bv (fun i -> + let h (x: i8) = get_bit x (sz (i % 8)) in + match i / 8 with + | 0 -> h x31 | 1 -> h x30 | 2 -> h x29 | 3 -> h x28 + | 4 -> h x27 | 5 -> h x26 | 6 -> h x25 | 7 -> h x24 + | 8 -> h x23 | 9 -> h x22 | 10 -> h x21 | 11 -> h x20 + | 12 -> h x19 | 13 -> h x18 | 14 -> h x17 | 15 -> h x16 + | 16 -> h x15 | 17 -> h x14 | 18 -> h x13 | 19 -> h x12 + | 20 -> h x11 | 21 -> h x10 | 22 -> h x9 | 23 -> h x8 + | 24 -> h x7 | 25 -> h x6 | 26 -> h x5 | 27 -> h x4 + | 28 -> h x3 | 29 -> h x2 | 30 -> h x1 | 31 -> h x0 + ) + +val mm256_set1_epi16_no_semantics: i16 -> bit_vec 256 +let mm256_set1_epi16_pow2_minus_one (n: nat): bit_vec 256 + = mk_bv (fun i -> if i % 16 < n then 1 else 0) + +let mm256_and_si256 (x y: bit_vec 256): bit_vec 256 + = mk_bv (fun i -> if y i = 0 then 0 else x i) + +let mm256_set1_epi16 (constant: i16) + (#[Tactics.exact (match unify_app (quote constant) (quote (fun n -> ((1s < `(mm256_set1_epi16_pow2_minus_one (`#x)) + | _ -> (quote (mm256_set1_epi16_no_semantics constant)) + )]result: bit_vec 256) + : bit_vec 256 = result + private let saturate8 (v: bit_vec 16): bit_vec 8 = let on_upper_bits (+) (f: (n:nat{n >= 8 && n <= 15}) -> _) = f 8 + f 9 + f 10 + f 11 + f 12 + f 13 + f 14 + f 15 @@ -60,29 +124,6 @@ let mm_movemask_epi8_bv (a: bit_vec 128): bit_vec 128 let mm_movemask_epi8 (a: bit_vec 128): i32 = bit_vec_to_int_t 32 (mk_bv (fun i -> mm_movemask_epi8_bv a i)) -let mm256_set_epi16 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) - : bit_vec 256 - = mk_bv (fun i -> - let offset = i % 16 in - match i / 16 with - | 0 -> get_bit x15 (sz offset) - | 1 -> get_bit x14 (sz offset) - | 2 -> get_bit x13 (sz offset) - | 3 -> get_bit x12 (sz offset) - | 4 -> get_bit x11 (sz offset) - | 5 -> get_bit x10 (sz offset) - | 6 -> get_bit x9 (sz offset) - | 7 -> get_bit x8 (sz offset) - | 8 -> get_bit x7 (sz offset) - | 9 -> get_bit x6 (sz offset) - | 10 -> get_bit x5 (sz offset) - | 11 -> get_bit x4 (sz offset) - | 12 -> get_bit x3 (sz offset) - | 13 -> get_bit x2 (sz offset) - | 14 -> get_bit x1 (sz offset) - | 15 -> get_bit x0 (sz offset) - ) - let mm_packs_epi16 (a b: bit_vec 128): bit_vec 128 = mk_bv (fun i -> let nth_block = i / 8 in @@ -96,7 +137,7 @@ let mm_packs_epi16 (a b: bit_vec 128): bit_vec 128 // This is a very specialized version of mm256_mullo_epi16 -let specialized_mm256_mullo_epi16 (a: bit_vec 256): bit_vec 256 = +let mm256_mullo_epi16_specialized1 (a: bit_vec 256): bit_vec 256 = mk_bv (fun i -> let nth_bit = i % 16 in let nth_i16 = i / 16 in @@ -104,16 +145,241 @@ let specialized_mm256_mullo_epi16 (a: bit_vec 256): bit_vec 256 = if nth_bit >= shift then a (i - shift) else 0 ) +// This is a very specialized version of mm256_mullo_epi16 +let mm256_mullo_epi16_specialized2 (a: bit_vec 256): bit_vec 256 = + mk_bv (fun i -> + let nth_bit = i % 16 in + let nth_i16 = i / 16 in + let shift = if nth_i16 % 2 = 0 then 4 else 0 in + if nth_bit >= shift then a (i - shift) else 0 + ) + +// This is a very specialized version of mm256_mullo_epi16 +let mm256_mullo_epi16_specialized3 (a: bit_vec 256): bit_vec 256 = + mk_bv (fun i -> + let nth_bit = i % 16 in + let nth_i16 = i / 16 in + let shift = 6 - (nth_i16 % 4) * 2 in + if nth_bit >= shift then a (i - shift) else 0 + ) + // This term will be stuck, we don't know anything about it val mm256_mullo_epi16_no_semantics (a count: bit_vec 256): bit_vec 256 -let mm256_mullo_epi16 (a count: bit_vec 256): bit_vec 256 = - if count `bv_equality` mm256_set_epi16 (1s < mm256_set_epi16 (1s < unquote x = 1s + | _ -> false + then Tactics.exact (quote (mm256_mullo_epi16_specialized1 a)) + else if match unify_app (quote count) (quote (fun x -> mm256_set_epi16 (1s < unquote x = 1s + | _ -> false + then Tactics.exact (quote (mm256_mullo_epi16_specialized2 a)) + else + if match unify_app (quote count) (quote (fun x -> mm256_set_epi16 (1s < unquote x = 1s + | _ -> false + then Tactics.exact (quote (mm256_mullo_epi16_specialized3 a)) + else + Tactics.exact (quote (mm256_mullo_epi16_no_semantics a count)) + )]result: bit_vec 256): bit_vec 256 = result + +let madd_rhs (n: nat {n < 16}) = + mm256_set_epi16 + (1s < bit_vec 256 -> bit_vec 256 + +let forall_bool (#max: pos) (f: (n: nat {n < max}) -> bool) + : r:bool {r <==> (forall i. f i)} + = let rec h (n: nat {n <= max}): r:bool {r <==> (forall i. i < n ==> f i)} = + match n with + | 0 -> true + | _ -> f (n - 1) && h (n - 1) + in h max + +/// We view `x` as a sequence of pairs of 16 bits, of the shape +/// `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)`: only the last `n` bits are non-zero. +/// We output a sequence of 32 bits `0b0…0b₁…bₙa₁…aₙ`. +let mm256_madd_epi16_specialized' (x: bit_vec 256) (n: nat {n < 16}): bit_vec 256 = + mk_bv (fun i -> let j = i % 32 in + // `x i` is the `j`th bit in the `i/32`th pair of 16 bits `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` + // we want to construct the `j`th bit of `0b0…0b₁…bₙa₁…aₙ` + let is_zero = + // `|b₁…bₙa₁…aₙ| = n * 2`: if we're above that, we want to produce the bit `0` + j >= n * 2 + in + if is_zero + then 0 + else if j < n + then x i // we want to produce the bit `aⱼ` + else + // the bit from `b` is in the second item of the pair `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` + x (i - n + 16) + ) + +let mm256_concat_pairs_n + (n: u8 {v n < 16}) + (x: bit_vec 256 {forall (i: nat {i < 256}). i % 16 < v n || x i = 0}) = + mm256_madd_epi16_specialized' x (v n) + +let mm256_madd_epi16_specialized (x: bit_vec 256) (n: nat {n < 16}) = + if forall_bool (fun (i: nat {i < 256}) -> i % 16 < n || x i = 0) + then mm256_madd_epi16_specialized' x n + else mm256_madd_epi16_no_semantic x (madd_rhs n) + +val mm_shuffle_epi8_no_semantics (a b: bit_vec 128): bit_vec 128 +let mm_shuffle_epi8_u8 (a: bit_vec 128) (b: list int {List.Tot.length b == 16}): bit_vec 128 = + mk_bv (fun i -> + let nth = i / 8 in + let index = List.Tot.index b (15 - nth) in + if index < 0 then 0 + else let index = index % 16 in + a (index * 8 + i % 8 + i / 128 * 128)) + +let mm_shuffle_epi8 + (x y: bit_vec 128) + (#[( + let t = match unify_app (quote y) + (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 -> + mm_set_epi8 + (UInt8.uint_to_t x0 ) (UInt8.uint_to_t x1 ) (UInt8.uint_to_t x2 ) (UInt8.uint_to_t x3 ) (UInt8.uint_to_t x4 ) (UInt8.uint_to_t x5 ) (UInt8.uint_to_t x6 ) (UInt8.uint_to_t x7 ) + (UInt8.uint_to_t x8 ) (UInt8.uint_to_t x9 ) (UInt8.uint_to_t x10) (UInt8.uint_to_t x11) (UInt8.uint_to_t x12) (UInt8.uint_to_t x13) (UInt8.uint_to_t x14) (UInt8.uint_to_t x15))) [] with + | Some [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15] -> + `(mm_shuffle_epi8_u8 (`@x) + (mk_list_16 + (`#x0 ) (`#x1 ) (`#x2 ) (`#x3 ) (`#x4 ) (`#x5 ) (`#x6 ) (`#x7 ) + (`#x8 ) (`#x9 ) (`#x10) (`#x11) (`#x12) (`#x13) (`#x14) (`#x15))) + | _ -> quote (mm_shuffle_epi8_no_semantics x y) in + exact t + )]result: bit_vec 128) + : bit_vec 128 + = result + +val mm256_shuffle_epi8_no_semantics (a b: bit_vec 256): bit_vec 256 +let mm256_shuffle_epi8_i8 (a: bit_vec 256) (b: list _ {List.Tot.length b == 32}): bit_vec 256 = + mk_bv (fun i -> + let nth = i / 8 in + let index = List.Tot.index b (31 - nth) in + if index < 0 then 0 + else let index = index % 16 in + a (index * 8 + i % 8 + i / 128 * 128)) + +let mm256_shuffle_epi8 + (x y: bit_vec 256) + (#[( + let t = match unify_app (quote y) + (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x20 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30 x31 -> + mm256_set_epi8 + (Int8.int_to_t x0 ) (Int8.int_to_t x1 ) (Int8.int_to_t x2 ) (Int8.int_to_t x3 ) (Int8.int_to_t x4 ) (Int8.int_to_t x5 ) (Int8.int_to_t x6 ) (Int8.int_to_t x7 ) + (Int8.int_to_t x8 ) (Int8.int_to_t x9 ) (Int8.int_to_t x10) (Int8.int_to_t x11) (Int8.int_to_t x12) (Int8.int_to_t x13) (Int8.int_to_t x14) (Int8.int_to_t x15) + (Int8.int_to_t x16) (Int8.int_to_t x17) (Int8.int_to_t x18) (Int8.int_to_t x19) (Int8.int_to_t x20) (Int8.int_to_t x21) (Int8.int_to_t x22) (Int8.int_to_t x23) + (Int8.int_to_t x24) (Int8.int_to_t x25) (Int8.int_to_t x26) (Int8.int_to_t x27) (Int8.int_to_t x28) (Int8.int_to_t x29) (Int8.int_to_t x30) (Int8.int_to_t x31))) [] with + | Some [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15;x16;x17;x18;x19;x20;x21;x22;x23;x24;x25;x26;x27;x28;x29;x30;x31] -> + `(mm256_shuffle_epi8_i8 (`@x) + (mk_list_32 + (`#x0 ) (`#x1 ) (`#x2 ) (`#x3 ) (`#x4 ) (`#x5 ) (`#x6 ) (`#x7 ) + (`#x8 ) (`#x9 ) (`#x10) (`#x11) (`#x12) (`#x13) (`#x14) (`#x15) + (`#x16) (`#x17) (`#x18) (`#x19) (`#x20) (`#x21) (`#x22) (`#x23) + (`#x24) (`#x25) (`#x26) (`#x27) (`#x28) (`#x29) (`#x30) (`#x31))) + | _ -> quote (mm256_shuffle_epi8_no_semantics x y) in + exact t + )]result: bit_vec 256) + : bit_vec 256 + = result + +val mm256_permutevar8x32_epi32_no_semantics (a b: bit_vec 256): bit_vec 256 +let mm256_permutevar8x32_epi32_i32 (a: bit_vec 256) (b: list _ {List.Tot.length b == 8}): bit_vec 256 = + mk_bv (fun i -> + let j = i / 32 in + let index = (List.Tot.index b (7 - j) % 8) * 32 in + a (index + i % 32)) + +let mm256_permutevar8x32_epi32 + (x y: bit_vec 256) + (#[( + let t = match unify_app (quote y) + (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 -> + mm256_set_epi32 + (Int32.int_to_t x0) (Int32.int_to_t x1) (Int32.int_to_t x2) (Int32.int_to_t x3) + (Int32.int_to_t x4) (Int32.int_to_t x5) (Int32.int_to_t x6) (Int32.int_to_t x7))) [] with + | Some [x0;x1;x2;x3;x4;x5;x6;x7] -> + `(mm256_permutevar8x32_epi32_i32 (`@x) + (mk_list_8 (`#x0 ) (`#x1 ) (`#x2 ) (`#x3 ) (`#x4 ) (`#x5 ) (`#x6 ) (`#x7 ))) + | _ -> quote (mm256_permutevar8x32_epi32_no_semantics x y) in + exact t + )]result: bit_vec 256) + : bit_vec 256 + = result + +val mm256_sllv_epi32_no_semantics (x y: bit_vec 256): bit_vec 256 +let mm256_sllv_epi32_i32 (vec: bit_vec 256) (counts: list _ {List.Tot.length counts == 8}): bit_vec 256 + = mk_bv (fun i -> let nth_bit = i % 32 in + let shift = List.Tot.index counts (7 - i / 32) in + if shift >= 0 && nth_bit >= shift then vec (i - shift) else 0) + +let mm256_sllv_epi32 + (x y: bit_vec 256) + (#[( + let t = match unify_app (quote y) + (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 -> + mm256_set_epi32 + (Int32.int_to_t x0) (Int32.int_to_t x1) (Int32.int_to_t x2) (Int32.int_to_t x3) + (Int32.int_to_t x4) (Int32.int_to_t x5) (Int32.int_to_t x6) (Int32.int_to_t x7))) [] with + | Some [x0;x1;x2;x3;x4;x5;x6;x7] -> + `(mm256_sllv_epi32_i32 (`@x) + (mk_list_8 (`#x0 ) (`#x1 ) (`#x2 ) (`#x3 ) (`#x4 ) (`#x5 ) (`#x6 ) (`#x7 ))) + | _ -> quote (mm256_sllv_epi32_no_semantics x y) in + exact t + )]result: bit_vec 256) + : bit_vec 256 + = result + + +let mm256_madd_epi16 + (x y: bit_vec 256) + (#[( + let t = match unify_app (quote y) (quote (fun n -> madd_rhs n)) [delta_only [`%madd_rhs]] with + | Some [n] -> `(mm256_madd_epi16_specialized (`@x) (`#n)) + | _ -> quote (mm256_madd_epi16_no_semantic x y) in + exact t + )]result: bit_vec 256) + : bit_vec 256 + = result + +val mm_storeu_bytes_si128 (_output: t_Slice u8) (vec: bit_vec 128) + // : r: t_Array u8 (sz 16) {forall i. vec i == get_bit (Seq.index r (i / 8)) (sz (i % 8))} + : r: t_Array u8 (sz 16) {forall i. vec i == bit_vec_of_int_t_array r 8 i} open FStar.Stubs.Tactics.V2.Builtins open FStar.Stubs.Tactics.V2 diff --git a/fstar-helpers/fstar-bitvec/BitVec.Utils.fst b/fstar-helpers/fstar-bitvec/BitVec.Utils.fst new file mode 100644 index 000000000..3d2d19c98 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVec.Utils.fst @@ -0,0 +1,67 @@ +module BitVec.Utils + +open Core +open FStar.FunctionalExtensionality +open BitVec.Equality +open Rust_primitives.BitVectors + +let mk_bv #len (f: (i:nat{i < len}) -> bit) = on (i:nat {i < len}) f + +let mk_list_32 #a (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x20 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30 x31: a) + : (l:list a {List.Tot.length l == 32}) + = let l = [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15;x16;x17;x18;x19;x20;x21;x22;x23;x24;x25;x26;x27;x28;x29;x30;x31] in + assert_norm (List.Tot.length l == 32); + l + +let mk_list_16 #a (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: a) + : (l:list a {List.Tot.length l == 16}) + = let l = [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15] in + assert_norm (List.Tot.length l == 16); + l + +let mk_list_8 #a (x0 x1 x2 x3 x4 x5 x6 x7: a) + : (l:list a {List.Tot.length l == 8}) + = let l = [x0;x1;x2;x3;x4;x5;x6;x7] in + assert_norm (List.Tot.length l == 8); + l + +let rw_get_bit_cast #t #u + (x: int_t t) (nth: usize) + : Lemma (requires v nth < bits u /\ v nth < bits u) + (ensures eq2 #bit (get_bit (cast_mod #t #u x) nth) (if v nth < bits t then get_bit x nth else 0)) + [SMTPat (get_bit (cast_mod #t #u x) nth)] + = () + +let rw_get_bit_shr #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) + : Lemma (requires v y >= 0 /\ v y < bits t) + (ensures eq2 #bit (get_bit (x >>! y) i ) + (if v i < bits t - v y + then get_bit x (mk_int (v i + v y)) + else if signed t + then get_bit x (mk_int (bits t - 1)) + else 0)) + = () + +unfold type forall_sig (n: nat) = pred: ((i:nat{i < n}) -> bool) + -> r: bool {r <==> (forall i. pred i)} + +let forall8: forall_sig 8 = fun pred -> pred 0 && pred 1 && pred 2 && pred 3 + && pred 4 && pred 5 && pred 6 && pred 7 + +#push-options "--z3rlimit 400" +let forall16: forall_sig 16 = fun pred -> forall8 pred && forall8 (fun i -> pred (i + 8)) +let forall32: forall_sig 32 = fun pred -> forall16 pred && forall16 (fun i -> pred (i + 16)) +let forall64: forall_sig 64 = fun pred -> forall32 pred && forall32 (fun i -> pred (i + 32)) +let forall128: forall_sig 128 = fun pred -> forall64 pred && forall64 (fun i -> pred (i + 64)) +let forall256: forall_sig 256 = fun pred -> forall128 pred && forall128 (fun i -> pred (i + 128)) +#pop-options + +let forall_n (n:nat{n <= 256}): forall_sig n = fun pred -> forall256 (fun i -> if i < n then pred i else true) + +let bit_vec_to_int_t_lemma + #t (d: num_bits t) (bv: bit_vec d) + i + : Lemma (get_bit (bit_vec_to_int_t d bv) (sz i) == bv i) + [SMTPat (get_bit (bit_vec_to_int_t d bv) (sz i))] + = bit_vec_to_int_t_lemma d bv i + diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst index 46f9f507f..18030a682 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -1,12 +1,12 @@ module Tactics.Utils open Core +open FStar.Option module L = FStar.List.Tot open FStar.Tactics.V2 open FStar.Tactics.V2.SyntaxHelpers open FStar.Class.Printable open FStar.Mul -open FStar.Option (*** Let operators *) let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) @@ -204,6 +204,56 @@ let rewrite_rhs (): Tac _ = let uvar = fresh_uvar (Some (tc (cur_env ()) rhs)) in tcut (`squash (`#rhs == `#uvar)) +open FStar.Tactics +(*** Unification *) +(** Unifies `t` with `fn x1 ... xN`, where `x1` and `xN` are +unification variables. This returns a list of terms to substitute `x1` +... `xN` with. You probably want `norm_steps` to be `[delta_only +[`%the_name_of_function_fn]]` *) +exception UnifyAppReturn of (option (list term)) +let unify_app (t fn: term) norm_steps: Tac (option (list term)) + = let (* Tactic types are confusing, seems like we need V1 here *) + open FStar.Tactics.V1 in + let bds = fst (collect_arr_bs (tc (cur_env ()) fn)) in + try + let _fake_goal = + (* create a goal `b1 -> ... -> bn -> squash True` *) + let trivial = `squash True in + let trivial_comp = pack_comp (C_Total trivial) in + unshelve (fresh_uvar (Some (match bds with | [] -> trivial | _ -> mk_arr bds trivial_comp))) + in + (* get back the binders `b1`, ..., `bn` *) + let bds = intros () in + let args = FStar.Tactics.Util.map (fun (b: binder) -> b <: term) bds in + let norm_term = norm_term (hnf::norm_steps) in + let fn, t = norm_term (mk_e_app fn args), norm_term t in + let fn = `(((`#fn), ())) in + let dummy_var = fresh_namedv_named "dummy_var" in + let t = `(((`#t), (`#dummy_var))) in + let vars = map (fun b -> + let b = inspect_binder b in + let {bv_index = uniq; bv_ppname = ppname} = inspect_bv b.binder_bv in + let sort = b.binder_sort in + let nv: namedv_view = {uniq; ppname; sort = seal sort} in + (FStar.Reflection.V2.pack_namedv nv, sort) + ) bds in + let vars = + List.Tot.append + vars + [(FStar.Reflection.V2.pack_namedv dummy_var, `())] + in + let?# substs = fst (try_unify (cur_env ()) vars fn t) in + raise (UnifyAppReturn ( + if List.Tot.length substs <> List.Tot.length bds + 1 + then (print ("unify_app: WARNING: inconsistent lengths: " ^ string_of_int (List.Tot.length substs) ^ " - 1 VS " ^ string_of_int (List.Tot.length bds + 1)); None) + else ( + match substs with + | [] -> None + | _::substs -> Some (List.Tot.rev (map (fun (_, t) -> t) substs)) + ))) + with | UnifyAppReturn result -> result + | e -> raise e + (*** Logging and time *) let time_tactic_ms (t: 'a -> Tac 'b) (x: 'a): Tac ('b & int) = let time0 = curms () in @@ -246,14 +296,14 @@ let focus_first_forall_goal (t : unit -> Tac unit) : Tac unit = /// Proves `forall (i:nat{i < bound})` for `bound` being a concrete int let rec prove_forall_nat_pointwise (tactic: unit -> Tac unit): Tac unit - = let _ = - (* hacky way of printing the progress *) - let goal = term_to_string (cur_goal ()) in - let goal = match String.split ['\n'] goal with - | s::_ -> s | _ -> "" in - print ("prove_forall_pointwise: " ^ goal ^ "...") - in - focus_first_forall_goal (fun _ -> + = focus_first_forall_goal (fun _ -> + let _ = + (* hacky way of printing the progress *) + let goal = term_to_string (cur_goal ()) in + let goal = match String.split ['\n'] goal with + | s::_ -> s | _ -> "" in + print ("prove_forall_pointwise: " ^ goal ^ "...") + in apply_lemma (`_split_forall_nat); trivial `or_else` (fun _ -> if try norm [primops]; diff --git a/fstar-helpers/fstar-bitvec/dep.graph b/fstar-helpers/fstar-bitvec/dep.graph new file mode 100644 index 000000000..58c54a479 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/dep.graph @@ -0,0 +1,2316 @@ +digraph { + "fstar_int32" -> "fstar_uint" + "fstar_int32" -> "fstar_uint" + "fstar_int32" -> "fstar_uint32" + "fstar_int32" -> "fstar_uint32" + "fstar_int32" -> "fstar_mul" + "fstar_int32" -> "fstar_mul" + "fstar_int32" -> "fstar_int" + "fstar_int32" -> "fstar_int" + "fstar_int32" -> "fstar_pervasives" + "fstar_int32" -> "fstar_pervasives" + "fstar_int32" -> "prims" + "fstar_int32" -> "prims" + "fstar_pervasives" -> "fstar_pervasives_native" + "fstar_pervasives" -> "fstar_pervasives_native" + "fstar_pervasives" -> "prims" + "fstar_pervasives" -> "prims" + "fstar_seq" -> "fstar_seq_properties" + "fstar_seq" -> "fstar_seq_properties" + "fstar_seq" -> "fstar_seq_base" + "fstar_seq" -> "fstar_seq_base" + "fstar_seq" -> "fstar_pervasives" + "fstar_seq" -> "fstar_pervasives" + "fstar_seq" -> "prims" + "fstar_seq" -> "prims" + "fstar_int32" -> "fstar_uint32" + "fstar_int32" -> "fstar_uint32" + "fstar_int32" -> "fstar_math_lemmas" + "fstar_int32" -> "fstar_math_lemmas" + "fstar_int32" -> "fstar_mul" + "fstar_int32" -> "fstar_mul" + "fstar_int32" -> "fstar_int" + "fstar_int32" -> "fstar_int" + "fstar_int32" -> "fstar_pervasives" + "fstar_int32" -> "fstar_pervasives" + "fstar_int32" -> "prims" + "fstar_int32" -> "prims" + "fstar_int32" -> "fstar_int32" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_list_tot_base" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_list_tot_base" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_pervasives_native" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_pervasives_native" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_stubs_tactics_v1_builtins" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_stubs_tactics_types" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_tactics_effect" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_tactics_effect" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_reflection_v1" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_reflection_v1" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_pervasives" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_pervasives" + "fstar_tactics_v1_syntaxhelpers" -> "prims" + "fstar_tactics_v1_syntaxhelpers" -> "prims" + "core_option" -> "fstar_pervasives" + "core_option" -> "fstar_pervasives" + "core_option" -> "prims" + "core_option" -> "prims" + "fstar_seq_properties" -> "fstar_list_tot_properties" + "fstar_seq_properties" -> "fstar_list_tot_properties" + "fstar_seq_properties" -> "fstar_list_tot_base" + "fstar_seq_properties" -> "fstar_list_tot_base" + "fstar_seq_properties" -> "fstar_list_tot" + "fstar_seq_properties" -> "fstar_list_tot" + "fstar_seq_properties" -> "fstar_pervasives_native" + "fstar_seq_properties" -> "fstar_pervasives_native" + "fstar_seq_properties" -> "fstar_seq_base" + "fstar_seq_properties" -> "fstar_seq_base" + "fstar_seq_properties" -> "fstar_pervasives" + "fstar_seq_properties" -> "fstar_pervasives" + "fstar_seq_properties" -> "prims" + "fstar_seq_properties" -> "prims" + "fstar_squash" -> "fstar_pervasives" + "fstar_squash" -> "fstar_pervasives" + "fstar_squash" -> "prims" + "fstar_squash" -> "prims" + "fstar_squash" -> "fstar_squash" + "fstar_stubs_tactics_v1_builtins" -> "fstar_tactics_unseal" + "fstar_stubs_tactics_v1_builtins" -> "fstar_stubs_tactics_types" + "fstar_stubs_tactics_v1_builtins" -> "fstar_tactics_effect" + "fstar_stubs_tactics_v1_builtins" -> "fstar_tactics_effect" + "fstar_stubs_tactics_v1_builtins" -> "fstar_reflection_const" + "fstar_stubs_tactics_v1_builtins" -> "fstar_reflection_const" + "fstar_stubs_tactics_v1_builtins" -> "fstar_stubs_reflection_v1_data" + "fstar_stubs_tactics_v1_builtins" -> "fstar_stubs_reflection_types" + "fstar_stubs_tactics_v1_builtins" -> "fstar_stubs_reflection_v1_builtins" + "fstar_stubs_tactics_v1_builtins" -> "fstar_vconfig" + "fstar_stubs_tactics_v1_builtins" -> "fstar_pervasives" + "fstar_stubs_tactics_v1_builtins" -> "fstar_pervasives" + "fstar_stubs_tactics_v1_builtins" -> "prims" + "fstar_stubs_tactics_v1_builtins" -> "prims" + "fstar_tactics_print" -> "fstar_tactics_namedview" + "fstar_tactics_print" -> "fstar_tactics_namedview" + "fstar_tactics_print" -> "fstar_tactics_v2_derived" + "fstar_tactics_print" -> "fstar_tactics_v2_derived" + "fstar_tactics_print" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_print" -> "fstar_tactics_effect" + "fstar_tactics_print" -> "fstar_tactics_effect" + "fstar_tactics_print" -> "fstar_reflection_v2" + "fstar_tactics_print" -> "fstar_reflection_v2" + "fstar_tactics_print" -> "fstar_pervasives" + "fstar_tactics_print" -> "fstar_pervasives" + "fstar_tactics_print" -> "prims" + "fstar_tactics_print" -> "prims" + "lib_inttypes" -> "fstar_uint" + "lib_inttypes" -> "fstar_uint" + "lib_inttypes" -> "fstar_int" + "lib_inttypes" -> "fstar_int" + "lib_inttypes" -> "fstar_int128" + "lib_inttypes" -> "fstar_int128" + "lib_inttypes" -> "fstar_int64" + "lib_inttypes" -> "fstar_int64" + "lib_inttypes" -> "fstar_int32" + "lib_inttypes" -> "fstar_int32" + "lib_inttypes" -> "fstar_int16" + "lib_inttypes" -> "fstar_int16" + "lib_inttypes" -> "fstar_int8" + "lib_inttypes" -> "fstar_int8" + "lib_inttypes" -> "fstar_uint128" + "lib_inttypes" -> "fstar_uint128" + "lib_inttypes" -> "fstar_uint64" + "lib_inttypes" -> "fstar_uint64" + "lib_inttypes" -> "fstar_uint32" + "lib_inttypes" -> "fstar_uint32" + "lib_inttypes" -> "fstar_uint16" + "lib_inttypes" -> "fstar_uint16" + "lib_inttypes" -> "fstar_uint8" + "lib_inttypes" -> "fstar_uint8" + "lib_inttypes" -> "fstar_mul" + "lib_inttypes" -> "fstar_mul" + "lib_inttypes" -> "fstar_pervasives" + "lib_inttypes" -> "fstar_pervasives" + "lib_inttypes" -> "prims" + "lib_inttypes" -> "prims" + "fstar_reflection_v1_compare" -> "fstar_reflection_v2_compare" + "fstar_reflection_v1_compare" -> "fstar_reflection_v2_compare" + "fstar_reflection_v1_compare" -> "fstar_pervasives" + "fstar_reflection_v1_compare" -> "fstar_pervasives" + "fstar_reflection_v1_compare" -> "prims" + "fstar_reflection_v1_compare" -> "prims" + "fstar_classical" -> "fstar_squash" + "fstar_classical" -> "fstar_squash" + "fstar_classical" -> "fstar_pervasives" + "fstar_classical" -> "fstar_pervasives" + "fstar_classical" -> "prims" + "fstar_classical" -> "prims" + "fstar_classical" -> "fstar_classical" + "fstar_seq_base" -> "fstar_list_tot" + "fstar_seq_base" -> "fstar_list_tot" + "fstar_seq_base" -> "fstar_pervasives" + "fstar_seq_base" -> "fstar_pervasives" + "fstar_seq_base" -> "prims" + "fstar_seq_base" -> "prims" + "fstar_seq_properties" -> "fstar_list_tot_properties" + "fstar_seq_properties" -> "fstar_list_tot_properties" + "fstar_seq_properties" -> "fstar_list_tot_base" + "fstar_seq_properties" -> "fstar_list_tot_base" + "fstar_seq_properties" -> "fstar_squash" + "fstar_seq_properties" -> "fstar_squash" + "fstar_seq_properties" -> "fstar_list_tot" + "fstar_seq_properties" -> "fstar_list_tot" + "fstar_seq_properties" -> "fstar_pervasives_native" + "fstar_seq_properties" -> "fstar_pervasives_native" + "fstar_seq_properties" -> "fstar_classical" + "fstar_seq_properties" -> "fstar_classical" + "fstar_seq_properties" -> "fstar_seq_base" + "fstar_seq_properties" -> "fstar_seq_base" + "fstar_seq_properties" -> "fstar_pervasives" + "fstar_seq_properties" -> "fstar_pervasives" + "fstar_seq_properties" -> "prims" + "fstar_seq_properties" -> "prims" + "fstar_seq_properties" -> "fstar_seq_properties" + "fstar_calc" -> "fstar_classical" + "fstar_calc" -> "fstar_classical" + "fstar_calc" -> "fstar_preorder" + "fstar_calc" -> "fstar_preorder" + "fstar_calc" -> "fstar_squash" + "fstar_calc" -> "fstar_squash" + "fstar_calc" -> "fstar_pervasives" + "fstar_calc" -> "fstar_pervasives" + "fstar_calc" -> "prims" + "fstar_calc" -> "prims" + "fstar_calc" -> "fstar_calc" + "fstar_reflection_termeq" -> "fstar_list_tot" + "fstar_reflection_termeq" -> "fstar_list_tot" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_types" + "fstar_reflection_termeq" -> "fstar_pervasives" + "fstar_reflection_termeq" -> "fstar_pervasives" + "fstar_reflection_termeq" -> "prims" + "fstar_reflection_termeq" -> "prims" + "tactics_pow2" -> "fstar_tactics_effect" + "tactics_pow2" -> "fstar_tactics_effect" + "tactics_pow2" -> "fstar_tactics_v2" + "tactics_pow2" -> "fstar_tactics_v2" + "tactics_pow2" -> "tactics_utils" + "tactics_pow2" -> "tactics_utils" + "tactics_pow2" -> "core" + "tactics_pow2" -> "core" + "tactics_pow2" -> "fstar_pervasives" + "tactics_pow2" -> "fstar_pervasives" + "tactics_pow2" -> "prims" + "tactics_pow2" -> "prims" + "fstar_classical" -> "fstar_pervasives" + "fstar_classical" -> "fstar_pervasives" + "fstar_classical" -> "prims" + "fstar_classical" -> "prims" + "fstar_stubs_reflection_v2_builtins" -> "fstar_stubs_reflection_v2_data" + "fstar_stubs_reflection_v2_builtins" -> "fstar_stubs_reflection_types" + "fstar_stubs_reflection_v2_builtins" -> "fstar_vconfig" + "fstar_stubs_reflection_v2_builtins" -> "fstar_stubs_syntax_syntax" + "fstar_stubs_reflection_v2_builtins" -> "fstar_order" + "fstar_stubs_reflection_v2_builtins" -> "fstar_order" + "fstar_stubs_reflection_v2_builtins" -> "fstar_pervasives" + "fstar_stubs_reflection_v2_builtins" -> "fstar_pervasives" + "fstar_stubs_reflection_v2_builtins" -> "prims" + "fstar_stubs_reflection_v2_builtins" -> "prims" + "rust_primitives_bitvectors" -> "fstar_math_lemmas" + "rust_primitives_bitvectors" -> "fstar_math_lemmas" + "rust_primitives_bitvectors" -> "rust_primitives_integers" + "rust_primitives_bitvectors" -> "rust_primitives_integers" + "rust_primitives_bitvectors" -> "rust_primitives_arrays" + "rust_primitives_bitvectors" -> "rust_primitives_arrays" + "rust_primitives_bitvectors" -> "fstar_mul" + "rust_primitives_bitvectors" -> "fstar_mul" + "rust_primitives_bitvectors" -> "fstar_pervasives" + "rust_primitives_bitvectors" -> "fstar_pervasives" + "rust_primitives_bitvectors" -> "prims" + "rust_primitives_bitvectors" -> "prims" + "rust_primitives_bitvectors" -> "rust_primitives_bitvectors" + "fstar_option" -> "fstar_pervasives_native" + "fstar_option" -> "fstar_pervasives_native" + "fstar_option" -> "fstar_all" + "fstar_option" -> "fstar_all" + "fstar_option" -> "fstar_pervasives" + "fstar_option" -> "fstar_pervasives" + "fstar_option" -> "prims" + "fstar_option" -> "prims" + "fstar_propositionalextensionality" -> "fstar_pervasives" + "fstar_propositionalextensionality" -> "fstar_pervasives" + "fstar_propositionalextensionality" -> "prims" + "fstar_propositionalextensionality" -> "prims" + "fstar_erasedlogic" -> "fstar_ghost" + "fstar_erasedlogic" -> "fstar_ghost" + "fstar_erasedlogic" -> "fstar_pervasives" + "fstar_erasedlogic" -> "fstar_pervasives" + "fstar_erasedlogic" -> "prims" + "fstar_erasedlogic" -> "prims" + "bitveceq" -> "fstar_functionalextensionality" + "bitveceq" -> "fstar_functionalextensionality" + "bitveceq" -> "fstar_mul" + "bitveceq" -> "fstar_mul" + "bitveceq" -> "core" + "bitveceq" -> "core" + "bitveceq" -> "fstar_pervasives" + "bitveceq" -> "fstar_pervasives" + "bitveceq" -> "prims" + "bitveceq" -> "prims" + "bitveceq" -> "bitveceq" + "fstar_issue" -> "fstar_stubs_pprint" + "fstar_issue" -> "fstar_range" + "fstar_issue" -> "fstar_pervasives" + "fstar_issue" -> "fstar_pervasives" + "fstar_issue" -> "prims" + "fstar_issue" -> "prims" + "fstar_mul" -> "fstar_pervasives" + "fstar_mul" -> "fstar_pervasives" + "fstar_mul" -> "prims" + "fstar_mul" -> "prims" + "tactics_utils" -> "fstar_tactics_effect" + "tactics_utils" -> "fstar_tactics_effect" + "tactics_utils" -> "fstar_char" + "tactics_utils" -> "fstar_string" + "tactics_utils" -> "fstar_reflection_v2" + "tactics_utils" -> "fstar_reflection_v2" + "tactics_utils" -> "fstar_tactics_util" + "tactics_utils" -> "fstar_tactics_util" + "tactics_utils" -> "fstar_tactics_v1" + "tactics_utils" -> "fstar_tactics_v1" + "tactics_utils" -> "fstar_tactics" + "tactics_utils" -> "fstar_tactics" + "tactics_utils" -> "fstar_pervasives_native" + "tactics_utils" -> "fstar_pervasives_native" + "tactics_utils" -> "fstar_mul" + "tactics_utils" -> "fstar_mul" + "tactics_utils" -> "fstar_class_printable" + "tactics_utils" -> "fstar_class_printable" + "tactics_utils" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_utils" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_utils" -> "fstar_tactics_v2" + "tactics_utils" -> "fstar_tactics_v2" + "tactics_utils" -> "fstar_list_tot" + "tactics_utils" -> "fstar_list_tot" + "tactics_utils" -> "fstar_option" + "tactics_utils" -> "fstar_option" + "tactics_utils" -> "core" + "tactics_utils" -> "core" + "tactics_utils" -> "fstar_pervasives" + "tactics_utils" -> "fstar_pervasives" + "tactics_utils" -> "prims" + "tactics_utils" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "bitvec_intrinsics" + "libcrux_intrinsics_avx2_extract" -> "fstar_mul" + "libcrux_intrinsics_avx2_extract" -> "fstar_mul" + "libcrux_intrinsics_avx2_extract" -> "core" + "libcrux_intrinsics_avx2_extract" -> "core" + "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" + "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" + "libcrux_intrinsics_avx2_extract" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "prims" + "fstar_stubs_tactics_types" -> "fstar_issue" + "fstar_stubs_tactics_types" -> "fstar_range" + "fstar_stubs_tactics_types" -> "fstar_stubs_typechecker_core" + "fstar_stubs_tactics_types" -> "fstar_stubs_tactics_common" + "fstar_stubs_tactics_types" -> "fstar_stubs_reflection_types" + "fstar_stubs_tactics_types" -> "fstar_pervasives" + "fstar_stubs_tactics_types" -> "fstar_pervasives" + "fstar_stubs_tactics_types" -> "prims" + "fstar_stubs_tactics_types" -> "prims" + "fstar_exn" -> "fstar_pervasives" + "fstar_exn" -> "fstar_pervasives" + "fstar_exn" -> "prims" + "fstar_exn" -> "prims" + "core_iter" -> "rust_primitives_arrays" + "core_iter" -> "rust_primitives_arrays" + "core_iter" -> "core_ops_range" + "core_iter" -> "core_iter_adapters_step_by" + "core_iter" -> "core_iter_adapters_step_by" + "core_iter" -> "fstar_pervasives_native" + "core_iter" -> "fstar_pervasives_native" + "core_iter" -> "core_ops" + "core_iter" -> "core_ops" + "core_iter" -> "fstar_tactics_typeclasses" + "core_iter" -> "fstar_tactics_typeclasses" + "core_iter" -> "core_iter_adapters_enumerate" + "core_iter" -> "core_iter_adapters_enumerate" + "core_iter" -> "core_iter_traits_iterator" + "core_iter" -> "core_iter_traits_iterator" + "core_iter" -> "rust_primitives" + "core_iter" -> "rust_primitives" + "core_iter" -> "fstar_pervasives" + "core_iter" -> "fstar_pervasives" + "core_iter" -> "prims" + "core_iter" -> "prims" + "fstar_functionalextensionality" -> "fstar_pervasives_native" + "fstar_functionalextensionality" -> "fstar_pervasives_native" + "fstar_functionalextensionality" -> "fstar_tactics_effect" + "fstar_functionalextensionality" -> "fstar_tactics_effect" + "fstar_functionalextensionality" -> "fstar_stubs_tactics_types" + "fstar_functionalextensionality" -> "fstar_stubs_reflection_types" + "fstar_functionalextensionality" -> "fstar_stubs_tactics_v2_builtins" + "fstar_functionalextensionality" -> "fstar_pervasives" + "fstar_functionalextensionality" -> "fstar_pervasives" + "fstar_functionalextensionality" -> "prims" + "fstar_functionalextensionality" -> "prims" + "fstar_functionalextensionality" -> "fstar_functionalextensionality" + "core_iter_adapters_step_by" -> "rust_primitives" + "core_iter_adapters_step_by" -> "rust_primitives" + "core_iter_adapters_step_by" -> "fstar_pervasives" + "core_iter_adapters_step_by" -> "fstar_pervasives" + "core_iter_adapters_step_by" -> "prims" + "core_iter_adapters_step_by" -> "prims" + "fstar_tactics_v1_derived" -> "fstar_propositionalextensionality" + "fstar_tactics_v1_derived" -> "fstar_propositionalextensionality" + "fstar_tactics_v1_derived" -> "fstar_squash" + "fstar_tactics_v1_derived" -> "fstar_squash" + "fstar_tactics_v1_derived" -> "fstar_range" + "fstar_tactics_v1_derived" -> "fstar_pervasives_native" + "fstar_tactics_v1_derived" -> "fstar_pervasives_native" + "fstar_tactics_v1_derived" -> "fstar_tactics_visit" + "fstar_tactics_v1_derived" -> "fstar_tactics_visit" + "fstar_tactics_v1_derived" -> "fstar_list_tot_base" + "fstar_tactics_v1_derived" -> "fstar_list_tot_base" + "fstar_tactics_v1_derived" -> "fstar_vconfig" + "fstar_tactics_v1_derived" -> "fstar_tactics_v1_syntaxhelpers" + "fstar_tactics_v1_derived" -> "fstar_tactics_v1_syntaxhelpers" + "fstar_tactics_v1_derived" -> "fstar_stubs_tactics_v1_builtins" + "fstar_tactics_v1_derived" -> "fstar_tactics_util" + "fstar_tactics_v1_derived" -> "fstar_tactics_util" + "fstar_tactics_v1_derived" -> "fstar_stubs_tactics_result" + "fstar_tactics_v1_derived" -> "fstar_stubs_tactics_types" + "fstar_tactics_v1_derived" -> "fstar_tactics_effect" + "fstar_tactics_v1_derived" -> "fstar_tactics_effect" + "fstar_tactics_v1_derived" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1_derived" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1_derived" -> "fstar_reflection_v1" + "fstar_tactics_v1_derived" -> "fstar_reflection_v1" + "fstar_tactics_v1_derived" -> "fstar_pervasives" + "fstar_tactics_v1_derived" -> "fstar_pervasives" + "fstar_tactics_v1_derived" -> "prims" + "fstar_tactics_v1_derived" -> "prims" + "fstar_tactics_visit" -> "fstar_pervasives_native" + "fstar_tactics_visit" -> "fstar_pervasives_native" + "fstar_tactics_visit" -> "fstar_tactics_util" + "fstar_tactics_visit" -> "fstar_tactics_util" + "fstar_tactics_visit" -> "fstar_tactics_effect" + "fstar_tactics_visit" -> "fstar_tactics_effect" + "fstar_tactics_visit" -> "fstar_reflection_v2" + "fstar_tactics_visit" -> "fstar_reflection_v2" + "fstar_tactics_visit" -> "fstar_pervasives" + "fstar_tactics_visit" -> "fstar_pervasives" + "fstar_tactics_visit" -> "prims" + "fstar_tactics_visit" -> "prims" + "rust_primitives_bitvectors" -> "fstar_uint8" + "rust_primitives_bitvectors" -> "fstar_uint8" + "rust_primitives_bitvectors" -> "fstar_uint16" + "rust_primitives_bitvectors" -> "fstar_uint16" + "rust_primitives_bitvectors" -> "fstar_uint32" + "rust_primitives_bitvectors" -> "fstar_uint32" + "rust_primitives_bitvectors" -> "fstar_int16" + "rust_primitives_bitvectors" -> "fstar_int16" + "rust_primitives_bitvectors" -> "fstar_int32" + "rust_primitives_bitvectors" -> "fstar_int32" + "rust_primitives_bitvectors" -> "fstar_seq" + "rust_primitives_bitvectors" -> "fstar_seq" + "rust_primitives_bitvectors" -> "fstar_functionalextensionality" + "rust_primitives_bitvectors" -> "fstar_functionalextensionality" + "rust_primitives_bitvectors" -> "rust_primitives_integers" + "rust_primitives_bitvectors" -> "rust_primitives_integers" + "rust_primitives_bitvectors" -> "rust_primitives_arrays" + "rust_primitives_bitvectors" -> "rust_primitives_arrays" + "rust_primitives_bitvectors" -> "fstar_mul" + "rust_primitives_bitvectors" -> "fstar_mul" + "rust_primitives_bitvectors" -> "fstar_pervasives" + "rust_primitives_bitvectors" -> "fstar_pervasives" + "rust_primitives_bitvectors" -> "prims" + "rust_primitives_bitvectors" -> "prims" + "fstar_uint16" -> "fstar_uint32" + "fstar_uint16" -> "fstar_uint32" + "fstar_uint16" -> "fstar_mul" + "fstar_uint16" -> "fstar_mul" + "fstar_uint16" -> "fstar_uint" + "fstar_uint16" -> "fstar_uint" + "fstar_uint16" -> "fstar_pervasives" + "fstar_uint16" -> "fstar_pervasives" + "fstar_uint16" -> "prims" + "fstar_uint16" -> "prims" + "fstar_uint16" -> "fstar_uint16" + "core_num_error" -> "rust_primitives" + "core_num_error" -> "rust_primitives" + "core_num_error" -> "fstar_pervasives" + "core_num_error" -> "fstar_pervasives" + "core_num_error" -> "prims" + "core_num_error" -> "prims" + "bitveceq" -> "fstar_math_lemmas" + "bitveceq" -> "fstar_math_lemmas" + "bitveceq" -> "fstar_seq" + "bitveceq" -> "fstar_seq" + "bitveceq" -> "fstar_classical_sugar" + "bitveceq" -> "fstar_classical_sugar" + "bitveceq" -> "fstar_functionalextensionality" + "bitveceq" -> "fstar_functionalextensionality" + "bitveceq" -> "mkseq" + "bitveceq" -> "mkseq" + "bitveceq" -> "fstar_mul" + "bitveceq" -> "fstar_mul" + "bitveceq" -> "core" + "bitveceq" -> "core" + "bitveceq" -> "fstar_pervasives" + "bitveceq" -> "fstar_pervasives" + "bitveceq" -> "prims" + "bitveceq" -> "prims" + "lib_inttypes" -> "fstar_bitvector" + "lib_inttypes" -> "fstar_bitvector" + "lib_inttypes" -> "fstar_seq" + "lib_inttypes" -> "fstar_seq" + "lib_inttypes" -> "fstar_uint" + "lib_inttypes" -> "fstar_uint" + "lib_inttypes" -> "fstar_pervasives_native" + "lib_inttypes" -> "fstar_pervasives_native" + "lib_inttypes" -> "fstar_int_cast_full" + "lib_inttypes" -> "fstar_int_cast_full" + "lib_inttypes" -> "fstar_int" + "lib_inttypes" -> "fstar_int" + "lib_inttypes" -> "fstar_int_cast" + "lib_inttypes" -> "fstar_int_cast" + "lib_inttypes" -> "fstar_int128" + "lib_inttypes" -> "fstar_int128" + "lib_inttypes" -> "fstar_int64" + "lib_inttypes" -> "fstar_int64" + "lib_inttypes" -> "fstar_int32" + "lib_inttypes" -> "fstar_int32" + "lib_inttypes" -> "fstar_int16" + "lib_inttypes" -> "fstar_int16" + "lib_inttypes" -> "fstar_int8" + "lib_inttypes" -> "fstar_int8" + "lib_inttypes" -> "fstar_uint128" + "lib_inttypes" -> "fstar_uint128" + "lib_inttypes" -> "fstar_uint64" + "lib_inttypes" -> "fstar_uint64" + "lib_inttypes" -> "fstar_uint32" + "lib_inttypes" -> "fstar_uint32" + "lib_inttypes" -> "fstar_uint16" + "lib_inttypes" -> "fstar_uint16" + "lib_inttypes" -> "fstar_uint8" + "lib_inttypes" -> "fstar_uint8" + "lib_inttypes" -> "fstar_math_lemmas" + "lib_inttypes" -> "fstar_math_lemmas" + "lib_inttypes" -> "fstar_pervasives" + "lib_inttypes" -> "fstar_pervasives" + "lib_inttypes" -> "prims" + "lib_inttypes" -> "prims" + "lib_inttypes" -> "lib_inttypes" + "fstar_int_cast_full" -> "fstar_uint128" + "fstar_int_cast_full" -> "fstar_uint128" + "fstar_int_cast_full" -> "fstar_uint64" + "fstar_int_cast_full" -> "fstar_uint64" + "fstar_int_cast_full" -> "fstar_int_cast" + "fstar_int_cast_full" -> "fstar_int_cast" + "fstar_int_cast_full" -> "fstar_pervasives" + "fstar_int_cast_full" -> "fstar_pervasives" + "fstar_int_cast_full" -> "prims" + "fstar_int_cast_full" -> "prims" + "rust_primitives_hax" -> "fstar_list_tot" + "rust_primitives_hax" -> "fstar_list_tot" + "rust_primitives_hax" -> "lib_inttypes" + "rust_primitives_hax" -> "lib_inttypes" + "rust_primitives_hax" -> "core_slice" + "rust_primitives_hax" -> "fstar_tactics_typeclasses" + "rust_primitives_hax" -> "fstar_tactics_typeclasses" + "rust_primitives_hax" -> "core_ops_index" + "rust_primitives_hax" -> "core_ops_index" + "rust_primitives_hax" -> "fstar_seq" + "rust_primitives_hax" -> "fstar_seq" + "rust_primitives_hax" -> "rust_primitives_arrays" + "rust_primitives_hax" -> "rust_primitives_arrays" + "rust_primitives_hax" -> "rust_primitives_integers" + "rust_primitives_hax" -> "rust_primitives_integers" + "rust_primitives_hax" -> "fstar_pervasives" + "rust_primitives_hax" -> "fstar_pervasives" + "rust_primitives_hax" -> "prims" + "rust_primitives_hax" -> "prims" + "fstar_reflection_v2_formula" -> "fstar_pervasives_native" + "fstar_reflection_v2_formula" -> "fstar_pervasives_native" + "fstar_reflection_v2_formula" -> "fstar_reflection_termeq_simple" + "fstar_reflection_v2_formula" -> "fstar_reflection_termeq_simple" + "fstar_reflection_v2_formula" -> "fstar_tactics_namedview" + "fstar_reflection_v2_formula" -> "fstar_tactics_namedview" + "fstar_reflection_v2_formula" -> "fstar_stubs_tactics_v2_builtins" + "fstar_reflection_v2_formula" -> "fstar_tactics_effect" + "fstar_reflection_v2_formula" -> "fstar_tactics_effect" + "fstar_reflection_v2_formula" -> "fstar_stubs_tactics_common" + "fstar_reflection_v2_formula" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2_formula" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_formula" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_formula" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_v2_formula" -> "fstar_reflection_const" + "fstar_reflection_v2_formula" -> "fstar_reflection_const" + "fstar_reflection_v2_formula" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2_formula" -> "fstar_list_tot_base" + "fstar_reflection_v2_formula" -> "fstar_list_tot_base" + "fstar_reflection_v2_formula" -> "fstar_pervasives" + "fstar_reflection_v2_formula" -> "fstar_pervasives" + "fstar_reflection_v2_formula" -> "prims" + "fstar_reflection_v2_formula" -> "prims" + "fstar_tactics_unseal" -> "fstar_tactics_effect" + "fstar_tactics_unseal" -> "fstar_tactics_effect" + "fstar_tactics_unseal" -> "fstar_sealed" + "fstar_tactics_unseal" -> "fstar_pervasives" + "fstar_tactics_unseal" -> "fstar_pervasives" + "fstar_tactics_unseal" -> "prims" + "fstar_tactics_unseal" -> "prims" + "fstar_int128" -> "fstar_int64" + "fstar_int128" -> "fstar_int64" + "fstar_int128" -> "fstar_uint32" + "fstar_int128" -> "fstar_uint32" + "fstar_int128" -> "fstar_math_lemmas" + "fstar_int128" -> "fstar_math_lemmas" + "fstar_int128" -> "fstar_mul" + "fstar_int128" -> "fstar_mul" + "fstar_int128" -> "fstar_int" + "fstar_int128" -> "fstar_int" + "fstar_int128" -> "fstar_pervasives" + "fstar_int128" -> "fstar_pervasives" + "fstar_int128" -> "prims" + "fstar_int128" -> "prims" + "fstar_int128" -> "fstar_int128" + "tactics_seq" -> "fstar_tactics_effect" + "tactics_seq" -> "fstar_tactics_effect" + "tactics_seq" -> "fstar_pervasives_native" + "tactics_seq" -> "fstar_pervasives_native" + "tactics_seq" -> "tactics_pow2" + "tactics_seq" -> "tactics_pow2" + "tactics_seq" -> "tactics_utils" + "tactics_seq" -> "tactics_utils" + "tactics_seq" -> "fstar_option" + "tactics_seq" -> "fstar_option" + "tactics_seq" -> "fstar_mul" + "tactics_seq" -> "fstar_mul" + "tactics_seq" -> "fstar_class_printable" + "tactics_seq" -> "fstar_class_printable" + "tactics_seq" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_seq" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_seq" -> "fstar_tactics_v2" + "tactics_seq" -> "fstar_tactics_v2" + "tactics_seq" -> "fstar_seq_base" + "tactics_seq" -> "fstar_seq_base" + "tactics_seq" -> "fstar_list_tot" + "tactics_seq" -> "fstar_list_tot" + "tactics_seq" -> "core" + "tactics_seq" -> "core" + "tactics_seq" -> "fstar_pervasives" + "tactics_seq" -> "fstar_pervasives" + "tactics_seq" -> "prims" + "tactics_seq" -> "prims" + "rust_primitives" -> "fstar_seq" + "rust_primitives" -> "fstar_seq" + "rust_primitives" -> "fstar_tactics_typeclasses" + "rust_primitives" -> "fstar_tactics_typeclasses" + "rust_primitives" -> "core_ops_control_flow" + "rust_primitives" -> "core_ops_control_flow" + "rust_primitives" -> "core_result" + "rust_primitives" -> "core_result" + "rust_primitives" -> "core_option" + "rust_primitives" -> "core_option" + "rust_primitives" -> "rust_primitives_bitvectors" + "rust_primitives" -> "rust_primitives_bitvectors" + "rust_primitives" -> "rust_primitives_arrays" + "rust_primitives" -> "rust_primitives_arrays" + "rust_primitives" -> "rust_primitives_integers" + "rust_primitives" -> "rust_primitives_integers" + "rust_primitives" -> "fstar_pervasives" + "rust_primitives" -> "fstar_pervasives" + "rust_primitives" -> "prims" + "rust_primitives" -> "prims" + "fstar_set" -> "fstar_classical" + "fstar_set" -> "fstar_classical" + "fstar_set" -> "fstar_functionalextensionality" + "fstar_set" -> "fstar_functionalextensionality" + "fstar_set" -> "fstar_pervasives" + "fstar_set" -> "fstar_pervasives" + "fstar_set" -> "prims" + "fstar_set" -> "prims" + "fstar_set" -> "fstar_set" + "fstar_tactics_v1_logic" -> "fstar_pervasives_native" + "fstar_tactics_v1_logic" -> "fstar_pervasives_native" + "fstar_tactics_v1_logic" -> "fstar_squash" + "fstar_tactics_v1_logic" -> "fstar_squash" + "fstar_tactics_v1_logic" -> "fstar_indefinitedescription" + "fstar_tactics_v1_logic" -> "fstar_indefinitedescription" + "fstar_tactics_v1_logic" -> "fstar_classical" + "fstar_tactics_v1_logic" -> "fstar_classical" + "fstar_tactics_v1_logic" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1_logic" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1_logic" -> "fstar_reflection_v1" + "fstar_tactics_v1_logic" -> "fstar_reflection_v1" + "fstar_tactics_v1_logic" -> "fstar_tactics_util" + "fstar_tactics_v1_logic" -> "fstar_tactics_util" + "fstar_tactics_v1_logic" -> "fstar_tactics_v1_derived" + "fstar_tactics_v1_logic" -> "fstar_tactics_v1_derived" + "fstar_tactics_v1_logic" -> "fstar_stubs_tactics_v1_builtins" + "fstar_tactics_v1_logic" -> "fstar_tactics_effect" + "fstar_tactics_v1_logic" -> "fstar_tactics_effect" + "fstar_tactics_v1_logic" -> "fstar_pervasives" + "fstar_tactics_v1_logic" -> "fstar_pervasives" + "fstar_tactics_v1_logic" -> "prims" + "fstar_tactics_v1_logic" -> "prims" + "fstar_class_printable" -> "fstar_seq" + "fstar_class_printable" -> "fstar_seq" + "fstar_class_printable" -> "fstar_uint64" + "fstar_class_printable" -> "fstar_uint64" + "fstar_class_printable" -> "fstar_int64" + "fstar_class_printable" -> "fstar_int64" + "fstar_class_printable" -> "fstar_uint32" + "fstar_class_printable" -> "fstar_uint32" + "fstar_class_printable" -> "fstar_int32" + "fstar_class_printable" -> "fstar_int32" + "fstar_class_printable" -> "fstar_uint16" + "fstar_class_printable" -> "fstar_uint16" + "fstar_class_printable" -> "fstar_int16" + "fstar_class_printable" -> "fstar_int16" + "fstar_class_printable" -> "fstar_int8" + "fstar_class_printable" -> "fstar_int8" + "fstar_class_printable" -> "fstar_uint8" + "fstar_class_printable" -> "fstar_uint8" + "fstar_class_printable" -> "fstar_char" + "fstar_class_printable" -> "fstar_list_tot" + "fstar_class_printable" -> "fstar_list_tot" + "fstar_class_printable" -> "fstar_tactics_typeclasses" + "fstar_class_printable" -> "fstar_tactics_typeclasses" + "fstar_class_printable" -> "fstar_seq_properties" + "fstar_class_printable" -> "fstar_seq_properties" + "fstar_class_printable" -> "fstar_string" + "fstar_class_printable" -> "fstar_pervasives" + "fstar_class_printable" -> "fstar_pervasives" + "fstar_class_printable" -> "prims" + "fstar_class_printable" -> "prims" + "tactics_getbit" -> "fstar_functionalextensionality" + "tactics_getbit" -> "fstar_functionalextensionality" + "tactics_getbit" -> "tactics_machineints" + "tactics_getbit" -> "tactics_machineints" + "tactics_getbit" -> "rust_primitives_hax" + "tactics_getbit" -> "rust_primitives_hax" + "tactics_getbit" -> "tactics_seq" + "tactics_getbit" -> "tactics_seq" + "tactics_getbit" -> "bitveceq" + "tactics_getbit" -> "bitveceq" + "tactics_getbit" -> "tactics_pow2" + "tactics_getbit" -> "tactics_pow2" + "tactics_getbit" -> "tactics_utils" + "tactics_getbit" -> "tactics_utils" + "tactics_getbit" -> "fstar_option" + "tactics_getbit" -> "fstar_option" + "tactics_getbit" -> "fstar_mul" + "tactics_getbit" -> "fstar_mul" + "tactics_getbit" -> "fstar_class_printable" + "tactics_getbit" -> "fstar_class_printable" + "tactics_getbit" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_getbit" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_getbit" -> "fstar_tactics_v2" + "tactics_getbit" -> "fstar_tactics_v2" + "tactics_getbit" -> "fstar_list_tot" + "tactics_getbit" -> "fstar_list_tot" + "tactics_getbit" -> "core" + "tactics_getbit" -> "core" + "tactics_getbit" -> "fstar_pervasives" + "tactics_getbit" -> "fstar_pervasives" + "tactics_getbit" -> "prims" + "tactics_getbit" -> "prims" + "tactics_machineints" -> "fstar_uint8" + "tactics_machineints" -> "fstar_uint8" + "tactics_machineints" -> "fstar_tactics_effect" + "tactics_machineints" -> "fstar_tactics_effect" + "tactics_machineints" -> "fstar_list_tot" + "tactics_machineints" -> "fstar_list_tot" + "tactics_machineints" -> "lib_inttypes" + "tactics_machineints" -> "lib_inttypes" + "tactics_machineints" -> "fstar_pervasives_native" + "tactics_machineints" -> "fstar_pervasives_native" + "tactics_machineints" -> "rust_primitives_integers" + "tactics_machineints" -> "rust_primitives_integers" + "tactics_machineints" -> "tactics_utils" + "tactics_machineints" -> "tactics_utils" + "tactics_machineints" -> "fstar_option" + "tactics_machineints" -> "fstar_option" + "tactics_machineints" -> "fstar_class_printable" + "tactics_machineints" -> "fstar_class_printable" + "tactics_machineints" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_machineints" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_machineints" -> "fstar_tactics_v2" + "tactics_machineints" -> "fstar_tactics_v2" + "tactics_machineints" -> "fstar_pervasives" + "tactics_machineints" -> "fstar_pervasives" + "tactics_machineints" -> "prims" + "tactics_machineints" -> "prims" + "fstar_preorder" -> "fstar_pervasives" + "fstar_preorder" -> "fstar_pervasives" + "fstar_preorder" -> "prims" + "fstar_preorder" -> "prims" + "fstar_reflection_const" -> "fstar_pervasives" + "fstar_reflection_const" -> "fstar_pervasives" + "fstar_reflection_const" -> "prims" + "fstar_reflection_const" -> "prims" + "fstar_tactics_bv" -> "fstar_pervasives_native" + "fstar_tactics_bv" -> "fstar_pervasives_native" + "fstar_tactics_bv" -> "fstar_uint" + "fstar_tactics_bv" -> "fstar_uint" + "fstar_tactics_bv" -> "fstar_bv" + "fstar_tactics_bv" -> "fstar_bv" + "fstar_tactics_bv" -> "fstar_reflection_v2_arith" + "fstar_tactics_bv" -> "fstar_reflection_v2_arith" + "fstar_tactics_bv" -> "fstar_reflection_v2_formula" + "fstar_tactics_bv" -> "fstar_reflection_v2_formula" + "fstar_tactics_bv" -> "fstar_tactics_v2" + "fstar_tactics_bv" -> "fstar_tactics_v2" + "fstar_tactics_bv" -> "fstar_pervasives" + "fstar_tactics_bv" -> "fstar_pervasives" + "fstar_tactics_bv" -> "prims" + "fstar_tactics_bv" -> "prims" + "fstar_tactics_v2" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2" -> "fstar_tactics_smt" + "fstar_tactics_v2" -> "fstar_tactics_smt" + "fstar_tactics_v2" -> "fstar_tactics_mapply" + "fstar_tactics_v2" -> "fstar_tactics_mapply" + "fstar_tactics_v2" -> "fstar_tactics_namedview" + "fstar_tactics_v2" -> "fstar_tactics_namedview" + "fstar_tactics_v2" -> "fstar_tactics_visit" + "fstar_tactics_v2" -> "fstar_tactics_visit" + "fstar_tactics_v2" -> "fstar_tactics_print" + "fstar_tactics_v2" -> "fstar_tactics_print" + "fstar_tactics_v2" -> "fstar_tactics_util" + "fstar_tactics_v2" -> "fstar_tactics_util" + "fstar_tactics_v2" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2" -> "fstar_tactics_v2_logic" + "fstar_tactics_v2" -> "fstar_tactics_v2_logic" + "fstar_tactics_v2" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_v2" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_v2" -> "fstar_tactics_v2_derived" + "fstar_tactics_v2" -> "fstar_tactics_v2_derived" + "fstar_tactics_v2" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_v2" -> "fstar_tactics_effect" + "fstar_tactics_v2" -> "fstar_tactics_effect" + "fstar_tactics_v2" -> "fstar_stubs_tactics_types" + "fstar_tactics_v2" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2" -> "fstar_reflection_v2" + "fstar_tactics_v2" -> "fstar_reflection_v2" + "fstar_tactics_v2" -> "fstar_stubs_reflection_types" + "fstar_tactics_v2" -> "fstar_pervasives" + "fstar_tactics_v2" -> "fstar_pervasives" + "fstar_tactics_v2" -> "prims" + "fstar_tactics_v2" -> "prims" + "fstar_stubs_tactics_result" -> "fstar_stubs_tactics_types" + "fstar_stubs_tactics_result" -> "fstar_pervasives" + "fstar_stubs_tactics_result" -> "fstar_pervasives" + "fstar_stubs_tactics_result" -> "prims" + "fstar_stubs_tactics_result" -> "prims" + "fstar_tactics_effect" -> "fstar_stubs_tactics_result" + "fstar_tactics_effect" -> "fstar_stubs_tactics_types" + "fstar_tactics_effect" -> "fstar_stubs_reflection_types" + "fstar_tactics_effect" -> "fstar_pervasives" + "fstar_tactics_effect" -> "fstar_pervasives" + "fstar_tactics_effect" -> "prims" + "fstar_tactics_effect" -> "prims" + "fstar_tactics_effect" -> "fstar_tactics_effect" + "fstar_monotonic_witnessed" -> "fstar_preorder" + "fstar_monotonic_witnessed" -> "fstar_preorder" + "fstar_monotonic_witnessed" -> "fstar_pervasives" + "fstar_monotonic_witnessed" -> "fstar_pervasives" + "fstar_monotonic_witnessed" -> "prims" + "fstar_monotonic_witnessed" -> "prims" + "fstar_range" -> "fstar_sealed" + "fstar_range" -> "fstar_pervasives" + "fstar_range" -> "fstar_pervasives" + "fstar_range" -> "prims" + "fstar_range" -> "prims" + "fstar_monotonic_witnessed" -> "fstar_classical" + "fstar_monotonic_witnessed" -> "fstar_classical" + "fstar_monotonic_witnessed" -> "fstar_preorder" + "fstar_monotonic_witnessed" -> "fstar_preorder" + "fstar_monotonic_witnessed" -> "fstar_pervasives" + "fstar_monotonic_witnessed" -> "fstar_pervasives" + "fstar_monotonic_witnessed" -> "prims" + "fstar_monotonic_witnessed" -> "prims" + "fstar_monotonic_witnessed" -> "fstar_monotonic_witnessed" + "fstar_uint32" -> "fstar_mul" + "fstar_uint32" -> "fstar_mul" + "fstar_uint32" -> "fstar_uint" + "fstar_uint32" -> "fstar_uint" + "fstar_uint32" -> "fstar_pervasives" + "fstar_uint32" -> "fstar_pervasives" + "fstar_uint32" -> "prims" + "fstar_uint32" -> "prims" + "fstar_uint32" -> "fstar_uint32" + "fstar_st" -> "fstar_set" + "fstar_st" -> "fstar_set" + "fstar_st" -> "fstar_monotonic_witnessed" + "fstar_st" -> "fstar_monotonic_witnessed" + "fstar_st" -> "fstar_preorder" + "fstar_st" -> "fstar_preorder" + "fstar_st" -> "fstar_heap" + "fstar_st" -> "fstar_heap" + "fstar_st" -> "fstar_tset" + "fstar_st" -> "fstar_tset" + "fstar_st" -> "fstar_pervasives" + "fstar_st" -> "fstar_pervasives" + "fstar_st" -> "prims" + "fstar_st" -> "prims" + "bitvec_intrinsics" -> "fstar_list_tot" + "bitvec_intrinsics" -> "fstar_list_tot" + "bitvec_intrinsics" -> "fstar_string" + "bitvec_intrinsics" -> "fstar_tactics_v2_derived" + "bitvec_intrinsics" -> "fstar_tactics_v2_derived" + "bitvec_intrinsics" -> "fstar_stubs_tactics_v2_builtins" + "bitvec_intrinsics" -> "libcrux_intrinsics_avx2_extract" + "bitvec_intrinsics" -> "libcrux_intrinsics_avx2_extract" + "bitvec_intrinsics" -> "fstar_tactics" + "bitvec_intrinsics" -> "fstar_tactics" + "bitvec_intrinsics" -> "fstar_int16" + "bitvec_intrinsics" -> "fstar_int16" + "bitvec_intrinsics" -> "fstar_tactics_v2" + "bitvec_intrinsics" -> "fstar_tactics_v2" + "bitvec_intrinsics" -> "fstar_int32" + "bitvec_intrinsics" -> "fstar_int32" + "bitvec_intrinsics" -> "tactics_utils" + "bitvec_intrinsics" -> "tactics_utils" + "bitvec_intrinsics" -> "bitvec_equality" + "bitvec_intrinsics" -> "bitvec_equality" + "bitvec_intrinsics" -> "bitvec_utils" + "bitvec_intrinsics" -> "bitvec_utils" + "bitvec_intrinsics" -> "fstar_mul" + "bitvec_intrinsics" -> "fstar_mul" + "bitvec_intrinsics" -> "rust_primitives" + "bitvec_intrinsics" -> "rust_primitives" + "bitvec_intrinsics" -> "core" + "bitvec_intrinsics" -> "core" + "bitvec_intrinsics" -> "fstar_pervasives" + "bitvec_intrinsics" -> "fstar_pervasives" + "bitvec_intrinsics" -> "prims" + "bitvec_intrinsics" -> "prims" + "fstar_stubs_typechecker_core" -> "fstar_pervasives" + "fstar_stubs_typechecker_core" -> "fstar_pervasives" + "fstar_stubs_typechecker_core" -> "prims" + "fstar_stubs_typechecker_core" -> "prims" + "fstar_char" -> "fstar_uint32" + "fstar_char" -> "fstar_uint32" + "fstar_char" -> "fstar_pervasives" + "fstar_char" -> "fstar_pervasives" + "fstar_char" -> "prims" + "fstar_char" -> "prims" + "fstar_int8" -> "fstar_uint32" + "fstar_int8" -> "fstar_uint32" + "fstar_int8" -> "fstar_math_lemmas" + "fstar_int8" -> "fstar_math_lemmas" + "fstar_int8" -> "fstar_mul" + "fstar_int8" -> "fstar_mul" + "fstar_int8" -> "fstar_int" + "fstar_int8" -> "fstar_int" + "fstar_int8" -> "fstar_pervasives" + "fstar_int8" -> "fstar_pervasives" + "fstar_int8" -> "prims" + "fstar_int8" -> "prims" + "fstar_int8" -> "fstar_int8" + "fstar_uint32" -> "fstar_mul" + "fstar_uint32" -> "fstar_mul" + "fstar_uint32" -> "fstar_uint" + "fstar_uint32" -> "fstar_uint" + "fstar_uint32" -> "fstar_pervasives" + "fstar_uint32" -> "fstar_pervasives" + "fstar_uint32" -> "prims" + "fstar_uint32" -> "prims" + "fstar_tset" -> "fstar_squash" + "fstar_tset" -> "fstar_squash" + "fstar_tset" -> "fstar_strongexcludedmiddle" + "fstar_tset" -> "fstar_strongexcludedmiddle" + "fstar_tset" -> "fstar_set" + "fstar_tset" -> "fstar_set" + "fstar_tset" -> "fstar_predicateextensionality" + "fstar_tset" -> "fstar_predicateextensionality" + "fstar_tset" -> "fstar_functionalextensionality" + "fstar_tset" -> "fstar_functionalextensionality" + "fstar_tset" -> "fstar_propositionalextensionality" + "fstar_tset" -> "fstar_propositionalextensionality" + "fstar_tset" -> "fstar_pervasives" + "fstar_tset" -> "fstar_pervasives" + "fstar_tset" -> "prims" + "fstar_tset" -> "prims" + "fstar_tset" -> "fstar_tset" + "tactics_folds" -> "tactics_utils" + "tactics_folds" -> "tactics_utils" + "tactics_folds" -> "rust_primitives_hax_folds" + "tactics_folds" -> "fstar_option" + "tactics_folds" -> "fstar_option" + "tactics_folds" -> "fstar_mul" + "tactics_folds" -> "fstar_mul" + "tactics_folds" -> "fstar_class_printable" + "tactics_folds" -> "fstar_class_printable" + "tactics_folds" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_folds" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_folds" -> "fstar_tactics_v2" + "tactics_folds" -> "fstar_tactics_v2" + "tactics_folds" -> "fstar_seq_base" + "tactics_folds" -> "fstar_seq_base" + "tactics_folds" -> "fstar_list_tot" + "tactics_folds" -> "fstar_list_tot" + "tactics_folds" -> "core" + "tactics_folds" -> "core" + "tactics_folds" -> "fstar_pervasives" + "tactics_folds" -> "fstar_pervasives" + "tactics_folds" -> "prims" + "tactics_folds" -> "prims" + "fstar_vconfig" -> "fstar_pervasives" + "fstar_vconfig" -> "fstar_pervasives" + "fstar_vconfig" -> "prims" + "fstar_vconfig" -> "prims" + "fstar_reflection_v2_derived" -> "fstar_list_tot_base" + "fstar_reflection_v2_derived" -> "fstar_list_tot_base" + "fstar_reflection_v2_derived" -> "fstar_pervasives_native" + "fstar_reflection_v2_derived" -> "fstar_pervasives_native" + "fstar_reflection_v2_derived" -> "fstar_list_tot" + "fstar_reflection_v2_derived" -> "fstar_list_tot" + "fstar_reflection_v2_derived" -> "fstar_vconfig" + "fstar_reflection_v2_derived" -> "fstar_order" + "fstar_reflection_v2_derived" -> "fstar_order" + "fstar_reflection_v2_derived" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2_derived" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_v2_derived" -> "fstar_reflection_const" + "fstar_reflection_v2_derived" -> "fstar_reflection_const" + "fstar_reflection_v2_derived" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2_derived" -> "fstar_pervasives" + "fstar_reflection_v2_derived" -> "fstar_pervasives" + "fstar_reflection_v2_derived" -> "prims" + "fstar_reflection_v2_derived" -> "prims" + "fstar_tset" -> "fstar_set" + "fstar_tset" -> "fstar_set" + "fstar_tset" -> "fstar_pervasives" + "fstar_tset" -> "fstar_pervasives" + "fstar_tset" -> "prims" + "fstar_tset" -> "prims" + "fstar_tactics" -> "fstar_tactics_v1" + "fstar_tactics" -> "fstar_tactics_v1" + "fstar_tactics" -> "fstar_pervasives" + "fstar_tactics" -> "fstar_pervasives" + "fstar_tactics" -> "prims" + "fstar_tactics" -> "prims" + "fstar_reflection_v1_derived_lemmas" -> "fstar_classical" + "fstar_reflection_v1_derived_lemmas" -> "fstar_classical" + "fstar_reflection_v1_derived_lemmas" -> "fstar_pervasives_native" + "fstar_reflection_v1_derived_lemmas" -> "fstar_pervasives_native" + "fstar_reflection_v1_derived_lemmas" -> "fstar_list_tot" + "fstar_reflection_v1_derived_lemmas" -> "fstar_list_tot" + "fstar_reflection_v1_derived_lemmas" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1_derived_lemmas" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1_derived_lemmas" -> "fstar_stubs_reflection_v1_data" + "fstar_reflection_v1_derived_lemmas" -> "fstar_stubs_reflection_v1_builtins" + "fstar_reflection_v1_derived_lemmas" -> "fstar_stubs_reflection_types" + "fstar_reflection_v1_derived_lemmas" -> "fstar_pervasives" + "fstar_reflection_v1_derived_lemmas" -> "fstar_pervasives" + "fstar_reflection_v1_derived_lemmas" -> "prims" + "fstar_reflection_v1_derived_lemmas" -> "prims" + "fstar_set" -> "fstar_pervasives" + "fstar_set" -> "fstar_pervasives" + "fstar_set" -> "prims" + "fstar_set" -> "prims" + "fstar_classical_sugar" -> "fstar_squash" + "fstar_classical_sugar" -> "fstar_squash" + "fstar_classical_sugar" -> "fstar_pervasives" + "fstar_classical_sugar" -> "fstar_pervasives" + "fstar_classical_sugar" -> "prims" + "fstar_classical_sugar" -> "prims" + "fstar_classical_sugar" -> "fstar_classical_sugar" + "rust_primitives_integers" -> "fstar_pervasives_native" + "rust_primitives_integers" -> "fstar_pervasives_native" + "rust_primitives_integers" -> "fstar_int" + "rust_primitives_integers" -> "fstar_int" + "rust_primitives_integers" -> "fstar_int128" + "rust_primitives_integers" -> "fstar_int128" + "rust_primitives_integers" -> "fstar_uint128" + "rust_primitives_integers" -> "fstar_uint128" + "rust_primitives_integers" -> "fstar_int64" + "rust_primitives_integers" -> "fstar_int64" + "rust_primitives_integers" -> "fstar_uint64" + "rust_primitives_integers" -> "fstar_uint64" + "rust_primitives_integers" -> "fstar_int32" + "rust_primitives_integers" -> "fstar_int32" + "rust_primitives_integers" -> "fstar_uint32" + "rust_primitives_integers" -> "fstar_uint32" + "rust_primitives_integers" -> "fstar_int16" + "rust_primitives_integers" -> "fstar_int16" + "rust_primitives_integers" -> "fstar_uint16" + "rust_primitives_integers" -> "fstar_uint16" + "rust_primitives_integers" -> "fstar_int8" + "rust_primitives_integers" -> "fstar_int8" + "rust_primitives_integers" -> "fstar_uint8" + "rust_primitives_integers" -> "fstar_uint8" + "rust_primitives_integers" -> "lib_inttypes" + "rust_primitives_integers" -> "lib_inttypes" + "rust_primitives_integers" -> "fstar_mul" + "rust_primitives_integers" -> "fstar_mul" + "rust_primitives_integers" -> "fstar_pervasives" + "rust_primitives_integers" -> "fstar_pervasives" + "rust_primitives_integers" -> "prims" + "rust_primitives_integers" -> "prims" + "fstar_squash" -> "fstar_pervasives" + "fstar_squash" -> "fstar_pervasives" + "fstar_squash" -> "prims" + "fstar_squash" -> "prims" + "fstar_stubs_reflection_types" -> "fstar_sealed" + "fstar_stubs_reflection_types" -> "fstar_range" + "fstar_stubs_reflection_types" -> "fstar_pervasives" + "fstar_stubs_reflection_types" -> "fstar_pervasives" + "fstar_stubs_reflection_types" -> "prims" + "fstar_stubs_reflection_types" -> "prims" + "fstar_tactics_v1" -> "fstar_tactics_smt" + "fstar_tactics_v1" -> "fstar_tactics_smt" + "fstar_tactics_v1" -> "fstar_tactics_visit" + "fstar_tactics_v1" -> "fstar_tactics_visit" + "fstar_tactics_v1" -> "fstar_tactics_print" + "fstar_tactics_v1" -> "fstar_tactics_print" + "fstar_tactics_v1" -> "fstar_tactics_util" + "fstar_tactics_v1" -> "fstar_tactics_util" + "fstar_tactics_v1" -> "fstar_tactics_v1_logic" + "fstar_tactics_v1" -> "fstar_tactics_v1_logic" + "fstar_tactics_v1" -> "fstar_tactics_v1_syntaxhelpers" + "fstar_tactics_v1" -> "fstar_tactics_v1_syntaxhelpers" + "fstar_tactics_v1" -> "fstar_tactics_v1_derived" + "fstar_tactics_v1" -> "fstar_tactics_v1_derived" + "fstar_tactics_v1" -> "fstar_stubs_tactics_v1_builtins" + "fstar_tactics_v1" -> "fstar_tactics_effect" + "fstar_tactics_v1" -> "fstar_tactics_effect" + "fstar_tactics_v1" -> "fstar_stubs_tactics_types" + "fstar_tactics_v1" -> "fstar_reflection_v1_compare" + "fstar_tactics_v1" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1" -> "fstar_reflection_v1_derived" + "fstar_tactics_v1" -> "fstar_reflection_v1_derived" + "fstar_tactics_v1" -> "fstar_stubs_reflection_v1_builtins" + "fstar_tactics_v1" -> "fstar_stubs_reflection_v1_data" + "fstar_tactics_v1" -> "fstar_reflection_const" + "fstar_tactics_v1" -> "fstar_reflection_const" + "fstar_tactics_v1" -> "fstar_stubs_reflection_types" + "fstar_tactics_v1" -> "fstar_pervasives" + "fstar_tactics_v1" -> "fstar_pervasives" + "fstar_tactics_v1" -> "prims" + "fstar_tactics_v1" -> "prims" + "fstar_list_tot" -> "fstar_list_tot_properties" + "fstar_list_tot" -> "fstar_list_tot_properties" + "fstar_list_tot" -> "fstar_list_tot_base" + "fstar_list_tot" -> "fstar_list_tot_base" + "fstar_list_tot" -> "fstar_pervasives" + "fstar_list_tot" -> "fstar_pervasives" + "fstar_list_tot" -> "prims" + "fstar_list_tot" -> "prims" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_mapply" -> "fstar_tactics_typeclasses" + "fstar_tactics_mapply" -> "fstar_tactics_typeclasses" + "fstar_tactics_mapply" -> "fstar_tactics_effect" + "fstar_tactics_mapply" -> "fstar_tactics_effect" + "fstar_tactics_mapply" -> "fstar_reflection_v2" + "fstar_tactics_mapply" -> "fstar_reflection_v2" + "fstar_tactics_mapply" -> "fstar_pervasives" + "fstar_tactics_mapply" -> "fstar_pervasives" + "fstar_tactics_mapply" -> "prims" + "fstar_tactics_mapply" -> "prims" + "fstar_ghost" -> "fstar_pervasives" + "fstar_ghost" -> "fstar_pervasives" + "fstar_ghost" -> "prims" + "fstar_ghost" -> "prims" + "fstar_ghost" -> "fstar_ghost" + "fstar_bitvector" -> "fstar_seq" + "fstar_bitvector" -> "fstar_seq" + "fstar_bitvector" -> "fstar_mul" + "fstar_bitvector" -> "fstar_mul" + "fstar_bitvector" -> "fstar_pervasives" + "fstar_bitvector" -> "fstar_pervasives" + "fstar_bitvector" -> "prims" + "fstar_bitvector" -> "prims" + "core" -> "core_ops" + "core" -> "core_ops" + "core" -> "core_iter" + "core" -> "core_num" + "core" -> "rust_primitives" + "core" -> "rust_primitives" + "core" -> "fstar_pervasives" + "core" -> "fstar_pervasives" + "core" -> "prims" + "core" -> "prims" + "fstar_uint" -> "fstar_seq" + "fstar_uint" -> "fstar_seq" + "fstar_uint" -> "fstar_math_lemmas" + "fstar_uint" -> "fstar_math_lemmas" + "fstar_uint" -> "fstar_bitvector" + "fstar_uint" -> "fstar_bitvector" + "fstar_uint" -> "fstar_mul" + "fstar_uint" -> "fstar_mul" + "fstar_uint" -> "fstar_pervasives" + "fstar_uint" -> "fstar_pervasives" + "fstar_uint" -> "prims" + "fstar_uint" -> "prims" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_sealed" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_tactics_namedview" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_tactics_namedview" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_tactics_builtins" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_pervasives" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_pervasives" + "fstar_tactics_v2_syntaxcoercions" -> "prims" + "fstar_tactics_v2_syntaxcoercions" -> "prims" + "fstar_tactics_v2_logic" -> "fstar_pervasives_native" + "fstar_tactics_v2_logic" -> "fstar_pervasives_native" + "fstar_tactics_v2_logic" -> "fstar_squash" + "fstar_tactics_v2_logic" -> "fstar_squash" + "fstar_tactics_v2_logic" -> "fstar_indefinitedescription" + "fstar_tactics_v2_logic" -> "fstar_indefinitedescription" + "fstar_tactics_v2_logic" -> "fstar_classical" + "fstar_tactics_v2_logic" -> "fstar_classical" + "fstar_tactics_v2_logic" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2_logic" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2_logic" -> "fstar_tactics_util" + "fstar_tactics_v2_logic" -> "fstar_tactics_util" + "fstar_tactics_v2_logic" -> "fstar_tactics_namedview" + "fstar_tactics_v2_logic" -> "fstar_tactics_namedview" + "fstar_tactics_v2_logic" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2_logic" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2_logic" -> "fstar_tactics_v2_derived" + "fstar_tactics_v2_logic" -> "fstar_tactics_v2_derived" + "fstar_tactics_v2_logic" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_v2_logic" -> "fstar_tactics_effect" + "fstar_tactics_v2_logic" -> "fstar_tactics_effect" + "fstar_tactics_v2_logic" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2_logic" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2_logic" -> "fstar_reflection_v2" + "fstar_tactics_v2_logic" -> "fstar_reflection_v2" + "fstar_tactics_v2_logic" -> "fstar_pervasives" + "fstar_tactics_v2_logic" -> "fstar_pervasives" + "fstar_tactics_v2_logic" -> "prims" + "fstar_tactics_v2_logic" -> "prims" + "fstar_uint" -> "fstar_calc" + "fstar_uint" -> "fstar_calc" + "fstar_uint" -> "fstar_seq_base" + "fstar_uint" -> "fstar_seq_base" + "fstar_uint" -> "fstar_classical" + "fstar_uint" -> "fstar_classical" + "fstar_uint" -> "fstar_seq" + "fstar_uint" -> "fstar_seq" + "fstar_uint" -> "fstar_math_lib" + "fstar_uint" -> "fstar_math_lib" + "fstar_uint" -> "fstar_math_lemmas" + "fstar_uint" -> "fstar_math_lemmas" + "fstar_uint" -> "fstar_bitvector" + "fstar_uint" -> "fstar_bitvector" + "fstar_uint" -> "fstar_mul" + "fstar_uint" -> "fstar_mul" + "fstar_uint" -> "fstar_pervasives" + "fstar_uint" -> "fstar_pervasives" + "fstar_uint" -> "prims" + "fstar_uint" -> "prims" + "fstar_uint" -> "fstar_uint" + "fstar_uint8" -> "fstar_uint32" + "fstar_uint8" -> "fstar_uint32" + "fstar_uint8" -> "fstar_mul" + "fstar_uint8" -> "fstar_mul" + "fstar_uint8" -> "fstar_uint" + "fstar_uint8" -> "fstar_uint" + "fstar_uint8" -> "fstar_pervasives" + "fstar_uint8" -> "fstar_pervasives" + "fstar_uint8" -> "prims" + "fstar_uint8" -> "prims" + "fstar_uint8" -> "fstar_uint8" + "fstar_monotonic_pure" -> "fstar_pervasives" + "fstar_monotonic_pure" -> "fstar_pervasives" + "fstar_monotonic_pure" -> "prims" + "fstar_monotonic_pure" -> "prims" + "core_ops_index" -> "fstar_tactics_typeclasses" + "core_ops_index" -> "fstar_tactics_typeclasses" + "core_ops_index" -> "fstar_pervasives" + "core_ops_index" -> "fstar_pervasives" + "core_ops_index" -> "prims" + "core_ops_index" -> "prims" + "fstar_uint64" -> "fstar_uint32" + "fstar_uint64" -> "fstar_uint32" + "fstar_uint64" -> "fstar_mul" + "fstar_uint64" -> "fstar_mul" + "fstar_uint64" -> "fstar_uint" + "fstar_uint64" -> "fstar_uint" + "fstar_uint64" -> "fstar_pervasives" + "fstar_uint64" -> "fstar_pervasives" + "fstar_uint64" -> "prims" + "fstar_uint64" -> "prims" + "fstar_uint64" -> "fstar_uint64" + "fstar_float" -> "fstar_pervasives" + "fstar_float" -> "fstar_pervasives" + "fstar_float" -> "prims" + "fstar_float" -> "prims" + "fstar_reflection_v2_compare" -> "fstar_ghost" + "fstar_reflection_v2_compare" -> "fstar_ghost" + "fstar_reflection_v2_compare" -> "fstar_reflection_v2_derived_lemmas" + "fstar_reflection_v2_compare" -> "fstar_reflection_v2_derived_lemmas" + "fstar_reflection_v2_compare" -> "fstar_pervasives_native" + "fstar_reflection_v2_compare" -> "fstar_pervasives_native" + "fstar_reflection_v2_compare" -> "fstar_order" + "fstar_reflection_v2_compare" -> "fstar_order" + "fstar_reflection_v2_compare" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_compare" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_compare" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_v2_compare" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2_compare" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2_compare" -> "fstar_pervasives" + "fstar_reflection_v2_compare" -> "fstar_pervasives" + "fstar_reflection_v2_compare" -> "prims" + "fstar_reflection_v2_compare" -> "prims" + "fstar_reflection_v2_compare" -> "fstar_reflection_v2_compare" + "fstar_int" -> "fstar_uint" + "fstar_int" -> "fstar_uint" + "fstar_int" -> "fstar_seq" + "fstar_int" -> "fstar_seq" + "fstar_int" -> "fstar_math_lib" + "fstar_int" -> "fstar_math_lib" + "fstar_int" -> "fstar_math_lemmas" + "fstar_int" -> "fstar_math_lemmas" + "fstar_int" -> "fstar_bitvector" + "fstar_int" -> "fstar_bitvector" + "fstar_int" -> "fstar_mul" + "fstar_int" -> "fstar_mul" + "fstar_int" -> "fstar_pervasives" + "fstar_int" -> "fstar_pervasives" + "fstar_int" -> "prims" + "fstar_int" -> "prims" + "fstar_int" -> "fstar_int" + "fstar_int16" -> "fstar_uint" + "fstar_int16" -> "fstar_uint" + "fstar_int16" -> "fstar_uint32" + "fstar_int16" -> "fstar_uint32" + "fstar_int16" -> "fstar_mul" + "fstar_int16" -> "fstar_mul" + "fstar_int16" -> "fstar_int" + "fstar_int16" -> "fstar_int" + "fstar_int16" -> "fstar_pervasives" + "fstar_int16" -> "fstar_pervasives" + "fstar_int16" -> "prims" + "fstar_int16" -> "prims" + "fstar_list" -> "fstar_pervasives_native" + "fstar_list" -> "fstar_pervasives_native" + "fstar_list" -> "fstar_list_tot" + "fstar_list" -> "fstar_list_tot" + "fstar_list" -> "fstar_all" + "fstar_list" -> "fstar_all" + "fstar_list" -> "fstar_pervasives" + "fstar_list" -> "fstar_pervasives" + "fstar_list" -> "prims" + "fstar_list" -> "prims" + "fstar_predicateextensionality" -> "fstar_propositionalextensionality" + "fstar_predicateextensionality" -> "fstar_propositionalextensionality" + "fstar_predicateextensionality" -> "fstar_functionalextensionality" + "fstar_predicateextensionality" -> "fstar_functionalextensionality" + "fstar_predicateextensionality" -> "fstar_pervasives" + "fstar_predicateextensionality" -> "fstar_pervasives" + "fstar_predicateextensionality" -> "prims" + "fstar_predicateextensionality" -> "prims" + "fstar_reflection_v1_derived" -> "fstar_list_tot_base" + "fstar_reflection_v1_derived" -> "fstar_list_tot_base" + "fstar_reflection_v1_derived" -> "fstar_pervasives_native" + "fstar_reflection_v1_derived" -> "fstar_pervasives_native" + "fstar_reflection_v1_derived" -> "fstar_vconfig" + "fstar_reflection_v1_derived" -> "fstar_order" + "fstar_reflection_v1_derived" -> "fstar_order" + "fstar_reflection_v1_derived" -> "fstar_stubs_reflection_v1_data" + "fstar_reflection_v1_derived" -> "fstar_stubs_reflection_v1_builtins" + "fstar_reflection_v1_derived" -> "fstar_reflection_const" + "fstar_reflection_v1_derived" -> "fstar_reflection_const" + "fstar_reflection_v1_derived" -> "fstar_stubs_reflection_types" + "fstar_reflection_v1_derived" -> "fstar_pervasives" + "fstar_reflection_v1_derived" -> "fstar_pervasives" + "fstar_reflection_v1_derived" -> "prims" + "fstar_reflection_v1_derived" -> "prims" + "fstar_stubs_reflection_v2_data" -> "fstar_sealed_inhabited" + "fstar_stubs_reflection_v2_data" -> "fstar_sealed_inhabited" + "fstar_stubs_reflection_v2_data" -> "fstar_stubs_reflection_types" + "fstar_stubs_reflection_v2_data" -> "fstar_stubs_syntax_syntax" + "fstar_stubs_reflection_v2_data" -> "fstar_pervasives" + "fstar_stubs_reflection_v2_data" -> "fstar_pervasives" + "fstar_stubs_reflection_v2_data" -> "prims" + "fstar_stubs_reflection_v2_data" -> "prims" + "fstar_stubs_reflection_v1_builtins" -> "fstar_vconfig" + "fstar_stubs_reflection_v1_builtins" -> "fstar_stubs_reflection_v1_data" + "fstar_stubs_reflection_v1_builtins" -> "fstar_stubs_reflection_types" + "fstar_stubs_reflection_v1_builtins" -> "fstar_order" + "fstar_stubs_reflection_v1_builtins" -> "fstar_order" + "fstar_stubs_reflection_v1_builtins" -> "fstar_pervasives" + "fstar_stubs_reflection_v1_builtins" -> "fstar_pervasives" + "fstar_stubs_reflection_v1_builtins" -> "prims" + "fstar_stubs_reflection_v1_builtins" -> "prims" + "fstar_uint128" -> "fstar_uint64" + "fstar_uint128" -> "fstar_uint64" + "fstar_uint128" -> "fstar_uint32" + "fstar_uint128" -> "fstar_uint32" + "fstar_uint128" -> "fstar_mul" + "fstar_uint128" -> "fstar_mul" + "fstar_uint128" -> "fstar_uint" + "fstar_uint128" -> "fstar_uint" + "fstar_uint128" -> "fstar_pervasives" + "fstar_uint128" -> "fstar_pervasives" + "fstar_uint128" -> "prims" + "fstar_uint128" -> "prims" + "fstar_reflection_v2_arith" -> "fstar_classical" + "fstar_reflection_v2_arith" -> "fstar_classical" + "fstar_reflection_v2_arith" -> "fstar_list_tot" + "fstar_reflection_v2_arith" -> "fstar_list_tot" + "fstar_reflection_v2_arith" -> "fstar_pervasives_native" + "fstar_reflection_v2_arith" -> "fstar_pervasives_native" + "fstar_reflection_v2_arith" -> "fstar_list_tot_base" + "fstar_reflection_v2_arith" -> "fstar_list_tot_base" + "fstar_reflection_v2_arith" -> "fstar_order" + "fstar_reflection_v2_arith" -> "fstar_order" + "fstar_reflection_v2_arith" -> "fstar_reflection_v2" + "fstar_reflection_v2_arith" -> "fstar_reflection_v2" + "fstar_reflection_v2_arith" -> "fstar_tactics_v2" + "fstar_reflection_v2_arith" -> "fstar_tactics_v2" + "fstar_reflection_v2_arith" -> "fstar_pervasives" + "fstar_reflection_v2_arith" -> "fstar_pervasives" + "fstar_reflection_v2_arith" -> "prims" + "fstar_reflection_v2_arith" -> "prims" + "fstar_functionalextensionality" -> "fstar_pervasives" + "fstar_functionalextensionality" -> "fstar_pervasives" + "fstar_functionalextensionality" -> "prims" + "fstar_functionalextensionality" -> "prims" + "fstar_reflection_termeq" -> "fstar_classical_sugar" + "fstar_reflection_termeq" -> "fstar_classical_sugar" + "fstar_reflection_termeq" -> "fstar_sealed" + "fstar_reflection_termeq" -> "fstar_pervasives_native" + "fstar_reflection_termeq" -> "fstar_pervasives_native" + "fstar_reflection_termeq" -> "fstar_strongexcludedmiddle" + "fstar_reflection_termeq" -> "fstar_strongexcludedmiddle" + "fstar_reflection_termeq" -> "fstar_list_tot" + "fstar_reflection_termeq" -> "fstar_list_tot" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_types" + "fstar_reflection_termeq" -> "fstar_pervasives" + "fstar_reflection_termeq" -> "fstar_pervasives" + "fstar_reflection_termeq" -> "prims" + "fstar_reflection_termeq" -> "prims" + "fstar_reflection_termeq" -> "fstar_reflection_termeq" + "fstar_reflection_v2_derived_lemmas" -> "fstar_classical" + "fstar_reflection_v2_derived_lemmas" -> "fstar_classical" + "fstar_reflection_v2_derived_lemmas" -> "fstar_pervasives_native" + "fstar_reflection_v2_derived_lemmas" -> "fstar_pervasives_native" + "fstar_reflection_v2_derived_lemmas" -> "fstar_list_tot" + "fstar_reflection_v2_derived_lemmas" -> "fstar_list_tot" + "fstar_reflection_v2_derived_lemmas" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_derived_lemmas" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_derived_lemmas" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2_derived_lemmas" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_v2_derived_lemmas" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2_derived_lemmas" -> "fstar_pervasives" + "fstar_reflection_v2_derived_lemmas" -> "fstar_pervasives" + "fstar_reflection_v2_derived_lemmas" -> "prims" + "fstar_reflection_v2_derived_lemmas" -> "prims" + "core_ops_range" -> "rust_primitives_hax" + "core_ops_range" -> "rust_primitives_hax" + "core_ops_range" -> "fstar_seq" + "core_ops_range" -> "fstar_seq" + "core_ops_range" -> "core_ops_index" + "core_ops_range" -> "core_ops_index" + "core_ops_range" -> "fstar_tactics_typeclasses" + "core_ops_range" -> "fstar_tactics_typeclasses" + "core_ops_range" -> "fstar_pervasives_native" + "core_ops_range" -> "fstar_pervasives_native" + "core_ops_range" -> "core_iter_traits_iterator" + "core_ops_range" -> "core_iter_traits_iterator" + "core_ops_range" -> "rust_primitives" + "core_ops_range" -> "rust_primitives" + "core_ops_range" -> "fstar_pervasives" + "core_ops_range" -> "fstar_pervasives" + "core_ops_range" -> "prims" + "core_ops_range" -> "prims" + "core_iter_traits_iterator" -> "fstar_tactics_typeclasses" + "core_iter_traits_iterator" -> "fstar_tactics_typeclasses" + "core_iter_traits_iterator" -> "core_iter_adapters_step_by" + "core_iter_traits_iterator" -> "core_iter_adapters_step_by" + "core_iter_traits_iterator" -> "core_iter_adapters_enumerate" + "core_iter_traits_iterator" -> "core_iter_adapters_enumerate" + "core_iter_traits_iterator" -> "rust_primitives" + "core_iter_traits_iterator" -> "rust_primitives" + "core_iter_traits_iterator" -> "fstar_pervasives" + "core_iter_traits_iterator" -> "fstar_pervasives" + "core_iter_traits_iterator" -> "prims" + "core_iter_traits_iterator" -> "prims" + "fstar_bv" -> "fstar_list" + "fstar_bv" -> "fstar_list" + "fstar_bv" -> "fstar_uint" + "fstar_bv" -> "fstar_uint" + "fstar_bv" -> "fstar_pervasives" + "fstar_bv" -> "fstar_pervasives" + "fstar_bv" -> "prims" + "fstar_bv" -> "prims" + "fstar_math_lemmas" -> "fstar_calc" + "fstar_math_lemmas" -> "fstar_calc" + "fstar_math_lemmas" -> "fstar_math_lib" + "fstar_math_lemmas" -> "fstar_math_lib" + "fstar_math_lemmas" -> "fstar_mul" + "fstar_math_lemmas" -> "fstar_mul" + "fstar_math_lemmas" -> "fstar_pervasives" + "fstar_math_lemmas" -> "fstar_pervasives" + "fstar_math_lemmas" -> "prims" + "fstar_math_lemmas" -> "prims" + "fstar_math_lemmas" -> "fstar_math_lemmas" + "fstar_tactics_builtins" -> "fstar_stubs_tactics_v1_builtins" + "fstar_tactics_builtins" -> "fstar_pervasives" + "fstar_tactics_builtins" -> "fstar_pervasives" + "fstar_tactics_builtins" -> "prims" + "fstar_tactics_builtins" -> "prims" + "fstar_string" -> "fstar_all" + "fstar_string" -> "fstar_all" + "fstar_string" -> "fstar_list" + "fstar_string" -> "fstar_list" + "fstar_string" -> "fstar_char" + "fstar_string" -> "fstar_list_tot" + "fstar_string" -> "fstar_list_tot" + "fstar_string" -> "fstar_pervasives" + "fstar_string" -> "fstar_pervasives" + "fstar_string" -> "prims" + "fstar_string" -> "prims" + "fstar_pervasives" -> "prims" + "fstar_pervasives" -> "prims" + "fstar_pervasives" -> "fstar_pervasives" + "fstar_tactics_util" -> "fstar_pervasives_native" + "fstar_tactics_util" -> "fstar_pervasives_native" + "fstar_tactics_util" -> "fstar_list_tot_base" + "fstar_tactics_util" -> "fstar_list_tot_base" + "fstar_tactics_util" -> "fstar_tactics_effect" + "fstar_tactics_util" -> "fstar_tactics_effect" + "fstar_tactics_util" -> "fstar_pervasives" + "fstar_tactics_util" -> "fstar_pervasives" + "fstar_tactics_util" -> "prims" + "fstar_tactics_util" -> "prims" + "core_slice_iter" -> "rust_primitives" + "core_slice_iter" -> "rust_primitives" + "core_slice_iter" -> "fstar_pervasives" + "core_slice_iter" -> "fstar_pervasives" + "core_slice_iter" -> "prims" + "core_slice_iter" -> "prims" + "core_ops_control_flow" -> "fstar_pervasives" + "core_ops_control_flow" -> "fstar_pervasives" + "core_ops_control_flow" -> "prims" + "core_ops_control_flow" -> "prims" + "core_slice" -> "fstar_tactics_typeclasses" + "core_slice" -> "fstar_tactics_typeclasses" + "core_slice" -> "core_ops_index" + "core_slice" -> "core_ops_index" + "core_slice" -> "core_slice_iter" + "core_slice" -> "core_slice_iter" + "core_slice" -> "fstar_seq" + "core_slice" -> "fstar_seq" + "core_slice" -> "rust_primitives_integers" + "core_slice" -> "rust_primitives_integers" + "core_slice" -> "rust_primitives_arrays" + "core_slice" -> "rust_primitives_arrays" + "core_slice" -> "fstar_pervasives" + "core_slice" -> "fstar_pervasives" + "core_slice" -> "prims" + "core_slice" -> "prims" + "fstar_all" -> "fstar_exn" + "fstar_all" -> "fstar_exn" + "fstar_all" -> "fstar_st" + "fstar_all" -> "fstar_st" + "fstar_all" -> "fstar_heap" + "fstar_all" -> "fstar_heap" + "fstar_all" -> "fstar_pervasives" + "fstar_all" -> "fstar_pervasives" + "fstar_all" -> "prims" + "fstar_all" -> "prims" + "fstar_ghost" -> "fstar_pervasives" + "fstar_ghost" -> "fstar_pervasives" + "fstar_ghost" -> "prims" + "fstar_ghost" -> "prims" + "fstar_indefinitedescription" -> "fstar_ghost" + "fstar_indefinitedescription" -> "fstar_ghost" + "fstar_indefinitedescription" -> "fstar_pervasives" + "fstar_indefinitedescription" -> "fstar_pervasives" + "fstar_indefinitedescription" -> "prims" + "fstar_indefinitedescription" -> "prims" + "fstar_list_tot_properties" -> "fstar_classical" + "fstar_list_tot_properties" -> "fstar_classical" + "fstar_list_tot_properties" -> "fstar_strongexcludedmiddle" + "fstar_list_tot_properties" -> "fstar_strongexcludedmiddle" + "fstar_list_tot_properties" -> "fstar_classical_sugar" + "fstar_list_tot_properties" -> "fstar_classical_sugar" + "fstar_list_tot_properties" -> "fstar_pervasives_native" + "fstar_list_tot_properties" -> "fstar_pervasives_native" + "fstar_list_tot_properties" -> "fstar_list_tot_base" + "fstar_list_tot_properties" -> "fstar_list_tot_base" + "fstar_list_tot_properties" -> "fstar_pervasives" + "fstar_list_tot_properties" -> "fstar_pervasives" + "fstar_list_tot_properties" -> "prims" + "fstar_list_tot_properties" -> "prims" + "fstar_stubs_syntax_syntax" -> "fstar_stubs_reflection_types" + "fstar_stubs_syntax_syntax" -> "fstar_pervasives" + "fstar_stubs_syntax_syntax" -> "fstar_pervasives" + "fstar_stubs_syntax_syntax" -> "prims" + "fstar_stubs_syntax_syntax" -> "prims" + "core_ops_arith" -> "fstar_tactics_typeclasses" + "core_ops_arith" -> "fstar_tactics_typeclasses" + "core_ops_arith" -> "rust_primitives" + "core_ops_arith" -> "rust_primitives" + "core_ops_arith" -> "fstar_pervasives" + "core_ops_arith" -> "fstar_pervasives" + "core_ops_arith" -> "prims" + "core_ops_arith" -> "prims" + "rust_primitives_hax_folds" -> "fstar_math_lemmas" + "rust_primitives_hax_folds" -> "fstar_math_lemmas" + "rust_primitives_hax_folds" -> "lib_inttypes" + "rust_primitives_hax_folds" -> "lib_inttypes" + "rust_primitives_hax_folds" -> "fstar_seq" + "rust_primitives_hax_folds" -> "fstar_seq" + "rust_primitives_hax_folds" -> "fstar_mul" + "rust_primitives_hax_folds" -> "fstar_mul" + "rust_primitives_hax_folds" -> "core_ops_range" + "rust_primitives_hax_folds" -> "rust_primitives" + "rust_primitives_hax_folds" -> "rust_primitives" + "rust_primitives_hax_folds" -> "fstar_pervasives" + "rust_primitives_hax_folds" -> "fstar_pervasives" + "rust_primitives_hax_folds" -> "prims" + "rust_primitives_hax_folds" -> "prims" + "fstar_strongexcludedmiddle" -> "fstar_pervasives" + "fstar_strongexcludedmiddle" -> "fstar_pervasives" + "fstar_strongexcludedmiddle" -> "prims" + "fstar_strongexcludedmiddle" -> "prims" + "fstar_uint8" -> "fstar_uint32" + "fstar_uint8" -> "fstar_uint32" + "fstar_uint8" -> "fstar_mul" + "fstar_uint8" -> "fstar_mul" + "fstar_uint8" -> "fstar_uint" + "fstar_uint8" -> "fstar_uint" + "fstar_uint8" -> "fstar_pervasives" + "fstar_uint8" -> "fstar_pervasives" + "fstar_uint8" -> "prims" + "fstar_uint8" -> "prims" + "fstar_stubs_tactics_v2_builtins" -> "fstar_issue" + "fstar_stubs_tactics_v2_builtins" -> "fstar_list_tot" + "fstar_stubs_tactics_v2_builtins" -> "fstar_list_tot" + "fstar_stubs_tactics_v2_builtins" -> "fstar_ghost" + "fstar_stubs_tactics_v2_builtins" -> "fstar_ghost" + "fstar_stubs_tactics_v2_builtins" -> "fstar_pervasives_native" + "fstar_stubs_tactics_v2_builtins" -> "fstar_pervasives_native" + "fstar_stubs_tactics_v2_builtins" -> "fstar_stubs_pprint" + "fstar_stubs_tactics_v2_builtins" -> "fstar_tactics_unseal" + "fstar_stubs_tactics_v2_builtins" -> "fstar_stubs_tactics_types" + "fstar_stubs_tactics_v2_builtins" -> "fstar_tactics_effect" + "fstar_stubs_tactics_v2_builtins" -> "fstar_tactics_effect" + "fstar_stubs_tactics_v2_builtins" -> "fstar_stubs_reflection_v2_builtins" + "fstar_stubs_tactics_v2_builtins" -> "fstar_stubs_reflection_v2_data" + "fstar_stubs_tactics_v2_builtins" -> "fstar_reflection_const" + "fstar_stubs_tactics_v2_builtins" -> "fstar_reflection_const" + "fstar_stubs_tactics_v2_builtins" -> "fstar_stubs_reflection_types" + "fstar_stubs_tactics_v2_builtins" -> "fstar_vconfig" + "fstar_stubs_tactics_v2_builtins" -> "fstar_pervasives" + "fstar_stubs_tactics_v2_builtins" -> "fstar_pervasives" + "fstar_stubs_tactics_v2_builtins" -> "prims" + "fstar_stubs_tactics_v2_builtins" -> "prims" + "rust_primitives_arrays" -> "fstar_pervasives_native" + "rust_primitives_arrays" -> "fstar_pervasives_native" + "rust_primitives_arrays" -> "lib_inttypes" + "rust_primitives_arrays" -> "lib_inttypes" + "rust_primitives_arrays" -> "fstar_list_tot" + "rust_primitives_arrays" -> "fstar_list_tot" + "rust_primitives_arrays" -> "fstar_seq" + "rust_primitives_arrays" -> "fstar_seq" + "rust_primitives_arrays" -> "fstar_mul" + "rust_primitives_arrays" -> "fstar_mul" + "rust_primitives_arrays" -> "rust_primitives_integers" + "rust_primitives_arrays" -> "rust_primitives_integers" + "rust_primitives_arrays" -> "fstar_pervasives" + "rust_primitives_arrays" -> "fstar_pervasives" + "rust_primitives_arrays" -> "prims" + "rust_primitives_arrays" -> "prims" + "fstar_reflection_v1" -> "fstar_reflection_v1_compare" + "fstar_reflection_v1" -> "fstar_reflection_const" + "fstar_reflection_v1" -> "fstar_reflection_const" + "fstar_reflection_v1" -> "fstar_reflection_v1_derived_lemmas" + "fstar_reflection_v1" -> "fstar_reflection_v1_derived_lemmas" + "fstar_reflection_v1" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1" -> "fstar_stubs_reflection_v1_builtins" + "fstar_reflection_v1" -> "fstar_stubs_reflection_v1_data" + "fstar_reflection_v1" -> "fstar_stubs_reflection_types" + "fstar_reflection_v1" -> "fstar_pervasives" + "fstar_reflection_v1" -> "fstar_pervasives" + "fstar_reflection_v1" -> "prims" + "fstar_reflection_v1" -> "prims" + "fstar_bv" -> "fstar_math_lemmas" + "fstar_bv" -> "fstar_math_lemmas" + "fstar_bv" -> "fstar_seq" + "fstar_bv" -> "fstar_seq" + "fstar_bv" -> "fstar_bitvector" + "fstar_bv" -> "fstar_bitvector" + "fstar_bv" -> "fstar_uint" + "fstar_bv" -> "fstar_uint" + "fstar_bv" -> "fstar_pervasives" + "fstar_bv" -> "fstar_pervasives" + "fstar_bv" -> "prims" + "fstar_bv" -> "prims" + "fstar_bv" -> "fstar_bv" + "fstar_list_tot_base" -> "fstar_classical_sugar" + "fstar_list_tot_base" -> "fstar_classical_sugar" + "fstar_list_tot_base" -> "fstar_pervasives_native" + "fstar_list_tot_base" -> "fstar_pervasives_native" + "fstar_list_tot_base" -> "fstar_pervasives" + "fstar_list_tot_base" -> "fstar_pervasives" + "fstar_list_tot_base" -> "prims" + "fstar_list_tot_base" -> "prims" + "fstar_math_lib" -> "fstar_mul" + "fstar_math_lib" -> "fstar_mul" + "fstar_math_lib" -> "fstar_pervasives" + "fstar_math_lib" -> "fstar_pervasives" + "fstar_math_lib" -> "prims" + "fstar_math_lib" -> "prims" + "core_num" -> "fstar_tactics_typeclasses" + "core_num" -> "fstar_tactics_typeclasses" + "core_num" -> "core_ops_arith" + "core_num" -> "core_num_error" + "core_num" -> "core_result" + "core_num" -> "core_result" + "core_num" -> "fstar_math_lemmas" + "core_num" -> "fstar_math_lemmas" + "core_num" -> "lib_inttypes" + "core_num" -> "lib_inttypes" + "core_num" -> "fstar_uint128" + "core_num" -> "fstar_uint128" + "core_num" -> "fstar_uint32" + "core_num" -> "fstar_uint32" + "core_num" -> "rust_primitives" + "core_num" -> "rust_primitives" + "core_num" -> "fstar_pervasives" + "core_num" -> "fstar_pervasives" + "core_num" -> "prims" + "core_num" -> "prims" + "fstar_math_lemmas" -> "fstar_mul" + "fstar_math_lemmas" -> "fstar_mul" + "fstar_math_lemmas" -> "fstar_pervasives" + "fstar_math_lemmas" -> "fstar_pervasives" + "fstar_math_lemmas" -> "prims" + "fstar_math_lemmas" -> "prims" + "fstar_reflection_termeq_simple" -> "fstar_stubs_reflection_types" + "fstar_reflection_termeq_simple" -> "fstar_pervasives" + "fstar_reflection_termeq_simple" -> "fstar_pervasives" + "fstar_reflection_termeq_simple" -> "prims" + "fstar_reflection_termeq_simple" -> "prims" + "fstar_int16" -> "fstar_uint32" + "fstar_int16" -> "fstar_uint32" + "fstar_int16" -> "fstar_math_lemmas" + "fstar_int16" -> "fstar_math_lemmas" + "fstar_int16" -> "fstar_mul" + "fstar_int16" -> "fstar_mul" + "fstar_int16" -> "fstar_int" + "fstar_int16" -> "fstar_int" + "fstar_int16" -> "fstar_pervasives" + "fstar_int16" -> "fstar_pervasives" + "fstar_int16" -> "prims" + "fstar_int16" -> "prims" + "fstar_int16" -> "fstar_int16" + "bitvec_utils" -> "rust_primitives_bitvectors" + "bitvec_utils" -> "rust_primitives_bitvectors" + "bitvec_utils" -> "bitvec_equality" + "bitvec_utils" -> "bitvec_equality" + "bitvec_utils" -> "fstar_functionalextensionality" + "bitvec_utils" -> "fstar_functionalextensionality" + "bitvec_utils" -> "core" + "bitvec_utils" -> "core" + "bitvec_utils" -> "fstar_pervasives" + "bitvec_utils" -> "fstar_pervasives" + "bitvec_utils" -> "prims" + "bitvec_utils" -> "prims" + "fstar_tactics_typeclasses" -> "fstar_stubs_pprint" + "fstar_tactics_typeclasses" -> "fstar_list_tot" + "fstar_tactics_typeclasses" -> "fstar_list_tot" + "fstar_tactics_typeclasses" -> "fstar_tactics_util" + "fstar_tactics_typeclasses" -> "fstar_tactics_util" + "fstar_tactics_typeclasses" -> "fstar_reflection_termeq_simple" + "fstar_tactics_typeclasses" -> "fstar_reflection_termeq_simple" + "fstar_tactics_typeclasses" -> "fstar_pervasives_native" + "fstar_tactics_typeclasses" -> "fstar_pervasives_native" + "fstar_tactics_typeclasses" -> "fstar_stubs_reflection_v2_builtins" + "fstar_tactics_typeclasses" -> "fstar_list_tot_base" + "fstar_tactics_typeclasses" -> "fstar_list_tot_base" + "fstar_tactics_typeclasses" -> "fstar_tactics_namedview" + "fstar_tactics_typeclasses" -> "fstar_tactics_namedview" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_derived" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_derived" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_typeclasses" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_typeclasses" -> "fstar_tactics_effect" + "fstar_tactics_typeclasses" -> "fstar_tactics_effect" + "fstar_tactics_typeclasses" -> "fstar_stubs_tactics_common" + "fstar_tactics_typeclasses" -> "fstar_reflection_v2" + "fstar_tactics_typeclasses" -> "fstar_reflection_v2" + "fstar_tactics_typeclasses" -> "fstar_pervasives" + "fstar_tactics_typeclasses" -> "fstar_pervasives" + "fstar_tactics_typeclasses" -> "prims" + "fstar_tactics_typeclasses" -> "prims" + "fstar_tactics_typeclasses" -> "fstar_tactics_typeclasses" + "rust_primitives_integers" -> "fstar_int_cast" + "rust_primitives_integers" -> "fstar_int_cast" + "rust_primitives_integers" -> "fstar_pervasives" + "rust_primitives_integers" -> "fstar_pervasives" + "rust_primitives_integers" -> "prims" + "rust_primitives_integers" -> "prims" + "rust_primitives_integers" -> "rust_primitives_integers" + "fstar_tactics_namedview" -> "fstar_range" + "fstar_tactics_namedview" -> "fstar_reflection_v2" + "fstar_tactics_namedview" -> "fstar_reflection_v2" + "fstar_tactics_namedview" -> "fstar_tactics_effect" + "fstar_tactics_namedview" -> "fstar_tactics_effect" + "fstar_tactics_namedview" -> "fstar_pervasives" + "fstar_tactics_namedview" -> "fstar_pervasives" + "fstar_tactics_namedview" -> "prims" + "fstar_tactics_namedview" -> "prims" + "fstar_reflection_v2" -> "fstar_reflection_v2_compare" + "fstar_reflection_v2" -> "fstar_reflection_v2_compare" + "fstar_reflection_v2" -> "fstar_reflection_const" + "fstar_reflection_v2" -> "fstar_reflection_const" + "fstar_reflection_v2" -> "fstar_reflection_v2_derived_lemmas" + "fstar_reflection_v2" -> "fstar_reflection_v2_derived_lemmas" + "fstar_reflection_v2" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_v2" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2" -> "fstar_pervasives" + "fstar_reflection_v2" -> "fstar_pervasives" + "fstar_reflection_v2" -> "prims" + "fstar_reflection_v2" -> "prims" + "fstar_int_cast" -> "fstar_int" + "fstar_int_cast" -> "fstar_int" + "fstar_int_cast" -> "fstar_int64" + "fstar_int_cast" -> "fstar_int64" + "fstar_int_cast" -> "fstar_int32" + "fstar_int_cast" -> "fstar_int32" + "fstar_int_cast" -> "fstar_int16" + "fstar_int_cast" -> "fstar_int16" + "fstar_int_cast" -> "fstar_int8" + "fstar_int_cast" -> "fstar_int8" + "fstar_int_cast" -> "fstar_uint64" + "fstar_int_cast" -> "fstar_uint64" + "fstar_int_cast" -> "fstar_uint32" + "fstar_int_cast" -> "fstar_uint32" + "fstar_int_cast" -> "fstar_uint16" + "fstar_int_cast" -> "fstar_uint16" + "fstar_int_cast" -> "fstar_uint8" + "fstar_int_cast" -> "fstar_uint8" + "fstar_int_cast" -> "fstar_pervasives" + "fstar_int_cast" -> "fstar_pervasives" + "fstar_int_cast" -> "prims" + "fstar_int_cast" -> "prims" + "fstar_stubs_errors_msg" -> "fstar_stubs_pprint" + "fstar_stubs_errors_msg" -> "fstar_pervasives" + "fstar_stubs_errors_msg" -> "fstar_pervasives" + "fstar_stubs_errors_msg" -> "prims" + "fstar_stubs_errors_msg" -> "prims" + "fstar_tactics_mapply" -> "fstar_squash" + "fstar_tactics_mapply" -> "fstar_squash" + "fstar_tactics_mapply" -> "fstar_tactics_typeclasses" + "fstar_tactics_mapply" -> "fstar_tactics_typeclasses" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_mapply" -> "fstar_tactics_v2_derived" + "fstar_tactics_mapply" -> "fstar_tactics_v2_derived" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_mapply" -> "fstar_tactics_namedview" + "fstar_tactics_mapply" -> "fstar_tactics_namedview" + "fstar_tactics_mapply" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_mapply" -> "fstar_tactics_effect" + "fstar_tactics_mapply" -> "fstar_tactics_effect" + "fstar_tactics_mapply" -> "fstar_reflection_v2_formula" + "fstar_tactics_mapply" -> "fstar_reflection_v2_formula" + "fstar_tactics_mapply" -> "fstar_reflection_v2" + "fstar_tactics_mapply" -> "fstar_reflection_v2" + "fstar_tactics_mapply" -> "fstar_pervasives" + "fstar_tactics_mapply" -> "fstar_pervasives" + "fstar_tactics_mapply" -> "prims" + "fstar_tactics_mapply" -> "prims" + "fstar_tactics_mapply" -> "fstar_tactics_mapply" + "fstar_monotonic_heap" -> "fstar_preorder" + "fstar_monotonic_heap" -> "fstar_preorder" + "fstar_monotonic_heap" -> "fstar_tset" + "fstar_monotonic_heap" -> "fstar_tset" + "fstar_monotonic_heap" -> "fstar_set" + "fstar_monotonic_heap" -> "fstar_set" + "fstar_monotonic_heap" -> "fstar_pervasives" + "fstar_monotonic_heap" -> "fstar_pervasives" + "fstar_monotonic_heap" -> "prims" + "fstar_monotonic_heap" -> "prims" + "fstar_stubs_tactics_common" -> "fstar_range" + "fstar_stubs_tactics_common" -> "fstar_stubs_errors_msg" + "fstar_stubs_tactics_common" -> "fstar_pervasives" + "fstar_stubs_tactics_common" -> "fstar_pervasives" + "fstar_stubs_tactics_common" -> "prims" + "fstar_stubs_tactics_common" -> "prims" + "fstar_stubs_reflection_v1_data" -> "fstar_sealed_inhabited" + "fstar_stubs_reflection_v1_data" -> "fstar_sealed_inhabited" + "fstar_stubs_reflection_v1_data" -> "fstar_stubs_reflection_types" + "fstar_stubs_reflection_v1_data" -> "fstar_stubs_reflection_v2_builtins" + "fstar_stubs_reflection_v1_data" -> "fstar_stubs_reflection_v2_data" + "fstar_stubs_reflection_v1_data" -> "fstar_pervasives" + "fstar_stubs_reflection_v1_data" -> "fstar_pervasives" + "fstar_stubs_reflection_v1_data" -> "prims" + "fstar_stubs_reflection_v1_data" -> "prims" + "fstar_seq_base" -> "fstar_list_tot" + "fstar_seq_base" -> "fstar_list_tot" + "fstar_seq_base" -> "fstar_pervasives" + "fstar_seq_base" -> "fstar_pervasives" + "fstar_seq_base" -> "prims" + "fstar_seq_base" -> "prims" + "fstar_seq_base" -> "fstar_seq_base" + "fstar_tactics_v2_derived" -> "fstar_propositionalextensionality" + "fstar_tactics_v2_derived" -> "fstar_propositionalextensionality" + "fstar_tactics_v2_derived" -> "fstar_squash" + "fstar_tactics_v2_derived" -> "fstar_squash" + "fstar_tactics_v2_derived" -> "fstar_range" + "fstar_tactics_v2_derived" -> "fstar_pervasives_native" + "fstar_tactics_v2_derived" -> "fstar_pervasives_native" + "fstar_tactics_v2_derived" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2_derived" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2_derived" -> "fstar_tactics_visit" + "fstar_tactics_v2_derived" -> "fstar_tactics_visit" + "fstar_tactics_v2_derived" -> "fstar_list_tot_base" + "fstar_tactics_v2_derived" -> "fstar_list_tot_base" + "fstar_tactics_v2_derived" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2_derived" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2_derived" -> "fstar_tactics_namedview" + "fstar_tactics_v2_derived" -> "fstar_tactics_namedview" + "fstar_tactics_v2_derived" -> "fstar_vconfig" + "fstar_tactics_v2_derived" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_v2_derived" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_v2_derived" -> "fstar_tactics_util" + "fstar_tactics_v2_derived" -> "fstar_tactics_util" + "fstar_tactics_v2_derived" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_v2_derived" -> "fstar_stubs_tactics_result" + "fstar_tactics_v2_derived" -> "fstar_stubs_tactics_types" + "fstar_tactics_v2_derived" -> "fstar_tactics_effect" + "fstar_tactics_v2_derived" -> "fstar_tactics_effect" + "fstar_tactics_v2_derived" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2_derived" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2_derived" -> "fstar_reflection_v2" + "fstar_tactics_v2_derived" -> "fstar_reflection_v2" + "fstar_tactics_v2_derived" -> "fstar_pervasives" + "fstar_tactics_v2_derived" -> "fstar_pervasives" + "fstar_tactics_v2_derived" -> "prims" + "fstar_tactics_v2_derived" -> "prims" + "fstar_uint128" -> "fstar_pervasives_native" + "fstar_uint128" -> "fstar_pervasives_native" + "fstar_uint128" -> "fstar_int_cast" + "fstar_uint128" -> "fstar_int_cast" + "fstar_uint128" -> "fstar_calc" + "fstar_uint128" -> "fstar_calc" + "fstar_uint128" -> "fstar_classical_sugar" + "fstar_uint128" -> "fstar_classical_sugar" + "fstar_uint128" -> "fstar_tactics_effect" + "fstar_uint128" -> "fstar_tactics_effect" + "fstar_uint128" -> "fstar_tactics_bv" + "fstar_uint128" -> "fstar_tactics_bv" + "fstar_uint128" -> "fstar_tactics_v2" + "fstar_uint128" -> "fstar_tactics_v2" + "fstar_uint128" -> "fstar_bv" + "fstar_uint128" -> "fstar_bv" + "fstar_uint128" -> "fstar_math_lemmas" + "fstar_uint128" -> "fstar_math_lemmas" + "fstar_uint128" -> "fstar_uint64" + "fstar_uint128" -> "fstar_uint64" + "fstar_uint128" -> "fstar_uint32" + "fstar_uint128" -> "fstar_uint32" + "fstar_uint128" -> "fstar_bitvector" + "fstar_uint128" -> "fstar_bitvector" + "fstar_uint128" -> "fstar_seq" + "fstar_uint128" -> "fstar_seq" + "fstar_uint128" -> "fstar_uint" + "fstar_uint128" -> "fstar_uint" + "fstar_uint128" -> "fstar_mul" + "fstar_uint128" -> "fstar_mul" + "fstar_uint128" -> "fstar_pervasives" + "fstar_uint128" -> "fstar_pervasives" + "fstar_uint128" -> "prims" + "fstar_uint128" -> "prims" + "fstar_uint128" -> "fstar_uint128" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "core" + "bitvec_equality" -> "core" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "prims" + "bitvec_equality" -> "prims" + "fstar_int8" -> "fstar_uint" + "fstar_int8" -> "fstar_uint" + "fstar_int8" -> "fstar_uint32" + "fstar_int8" -> "fstar_uint32" + "fstar_int8" -> "fstar_mul" + "fstar_int8" -> "fstar_mul" + "fstar_int8" -> "fstar_int" + "fstar_int8" -> "fstar_int" + "fstar_int8" -> "fstar_pervasives" + "fstar_int8" -> "fstar_pervasives" + "fstar_int8" -> "prims" + "fstar_int8" -> "prims" + "rust_primitives_arrays" -> "fstar_seq" + "rust_primitives_arrays" -> "fstar_seq" + "rust_primitives_arrays" -> "lib_inttypes" + "rust_primitives_arrays" -> "lib_inttypes" + "rust_primitives_arrays" -> "fstar_list_tot" + "rust_primitives_arrays" -> "fstar_list_tot" + "rust_primitives_arrays" -> "rust_primitives_integers" + "rust_primitives_arrays" -> "rust_primitives_integers" + "rust_primitives_arrays" -> "fstar_pervasives" + "rust_primitives_arrays" -> "fstar_pervasives" + "rust_primitives_arrays" -> "prims" + "rust_primitives_arrays" -> "prims" + "rust_primitives_arrays" -> "rust_primitives_arrays" + "fstar_int128" -> "fstar_int64" + "fstar_int128" -> "fstar_int64" + "fstar_int128" -> "fstar_uint" + "fstar_int128" -> "fstar_uint" + "fstar_int128" -> "fstar_uint32" + "fstar_int128" -> "fstar_uint32" + "fstar_int128" -> "fstar_mul" + "fstar_int128" -> "fstar_mul" + "fstar_int128" -> "fstar_int" + "fstar_int128" -> "fstar_int" + "fstar_int128" -> "fstar_pervasives" + "fstar_int128" -> "fstar_pervasives" + "fstar_int128" -> "prims" + "fstar_int128" -> "prims" + "fstar_uint16" -> "fstar_uint32" + "fstar_uint16" -> "fstar_uint32" + "fstar_uint16" -> "fstar_mul" + "fstar_uint16" -> "fstar_mul" + "fstar_uint16" -> "fstar_uint" + "fstar_uint16" -> "fstar_uint" + "fstar_uint16" -> "fstar_pervasives" + "fstar_uint16" -> "fstar_pervasives" + "fstar_uint16" -> "prims" + "fstar_uint16" -> "prims" + "fstar_calc" -> "fstar_range" + "fstar_calc" -> "fstar_preorder" + "fstar_calc" -> "fstar_preorder" + "fstar_calc" -> "fstar_pervasives" + "fstar_calc" -> "fstar_pervasives" + "fstar_calc" -> "prims" + "fstar_calc" -> "prims" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "core" + "bitvec_equality" -> "core" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "prims" + "bitvec_equality" -> "prims" + "bitvec_equality" -> "bitvec_equality" + "fstar_sealed" -> "fstar_pervasives" + "fstar_sealed" -> "fstar_pervasives" + "fstar_sealed" -> "prims" + "fstar_sealed" -> "prims" + "fstar_int" -> "fstar_seq" + "fstar_int" -> "fstar_seq" + "fstar_int" -> "fstar_uint" + "fstar_int" -> "fstar_uint" + "fstar_int" -> "fstar_math_lemmas" + "fstar_int" -> "fstar_math_lemmas" + "fstar_int" -> "fstar_bitvector" + "fstar_int" -> "fstar_bitvector" + "fstar_int" -> "fstar_mul" + "fstar_int" -> "fstar_mul" + "fstar_int" -> "fstar_pervasives" + "fstar_int" -> "fstar_pervasives" + "fstar_int" -> "prims" + "fstar_int" -> "prims" + "fstar_uint64" -> "fstar_uint32" + "fstar_uint64" -> "fstar_uint32" + "fstar_uint64" -> "fstar_mul" + "fstar_uint64" -> "fstar_mul" + "fstar_uint64" -> "fstar_uint" + "fstar_uint64" -> "fstar_uint" + "fstar_uint64" -> "fstar_pervasives" + "fstar_uint64" -> "fstar_pervasives" + "fstar_uint64" -> "prims" + "fstar_uint64" -> "prims" + "fstar_indefinitedescription" -> "fstar_ghost" + "fstar_indefinitedescription" -> "fstar_ghost" + "fstar_indefinitedescription" -> "fstar_squash" + "fstar_indefinitedescription" -> "fstar_squash" + "fstar_indefinitedescription" -> "fstar_classical" + "fstar_indefinitedescription" -> "fstar_classical" + "fstar_indefinitedescription" -> "fstar_pervasives" + "fstar_indefinitedescription" -> "fstar_pervasives" + "fstar_indefinitedescription" -> "prims" + "fstar_indefinitedescription" -> "prims" + "fstar_indefinitedescription" -> "fstar_indefinitedescription" + "fstar_int64" -> "fstar_uint32" + "fstar_int64" -> "fstar_uint32" + "fstar_int64" -> "fstar_math_lemmas" + "fstar_int64" -> "fstar_math_lemmas" + "fstar_int64" -> "fstar_mul" + "fstar_int64" -> "fstar_mul" + "fstar_int64" -> "fstar_int" + "fstar_int64" -> "fstar_int" + "fstar_int64" -> "fstar_pervasives" + "fstar_int64" -> "fstar_pervasives" + "fstar_int64" -> "prims" + "fstar_int64" -> "prims" + "fstar_int64" -> "fstar_int64" + "fstar_classical_sugar" -> "fstar_pervasives" + "fstar_classical_sugar" -> "fstar_pervasives" + "fstar_classical_sugar" -> "prims" + "fstar_classical_sugar" -> "prims" + "fstar_reflection_termeq_simple" -> "fstar_reflection_termeq" + "fstar_reflection_termeq_simple" -> "fstar_reflection_termeq" + "fstar_reflection_termeq_simple" -> "fstar_stubs_reflection_types" + "fstar_reflection_termeq_simple" -> "fstar_pervasives" + "fstar_reflection_termeq_simple" -> "fstar_pervasives" + "fstar_reflection_termeq_simple" -> "prims" + "fstar_reflection_termeq_simple" -> "prims" + "fstar_reflection_termeq_simple" -> "fstar_reflection_termeq_simple" + "fstar_pervasives_native" -> "prims" + "fstar_pervasives_native" -> "prims" + "fstar_tactics_typeclasses" -> "fstar_stubs_reflection_types" + "fstar_tactics_typeclasses" -> "fstar_tactics_effect" + "fstar_tactics_typeclasses" -> "fstar_tactics_effect" + "fstar_tactics_typeclasses" -> "fstar_pervasives" + "fstar_tactics_typeclasses" -> "fstar_pervasives" + "fstar_tactics_typeclasses" -> "prims" + "fstar_tactics_typeclasses" -> "prims" + "fstar_stubs_pprint" -> "fstar_float" + "fstar_stubs_pprint" -> "fstar_char" + "fstar_stubs_pprint" -> "fstar_pervasives" + "fstar_stubs_pprint" -> "fstar_pervasives" + "fstar_stubs_pprint" -> "prims" + "fstar_stubs_pprint" -> "prims" + "fstar_sealed_inhabited" -> "fstar_sealed" + "fstar_sealed_inhabited" -> "fstar_pervasives" + "fstar_sealed_inhabited" -> "fstar_pervasives" + "fstar_sealed_inhabited" -> "prims" + "fstar_sealed_inhabited" -> "prims" + "fstar_tactics_namedview" -> "fstar_list_tot" + "fstar_tactics_namedview" -> "fstar_list_tot" + "fstar_tactics_namedview" -> "fstar_pervasives_native" + "fstar_tactics_namedview" -> "fstar_pervasives_native" + "fstar_tactics_namedview" -> "fstar_stubs_reflection_v2_data" + "fstar_tactics_namedview" -> "fstar_reflection_v2" + "fstar_tactics_namedview" -> "fstar_reflection_v2" + "fstar_tactics_namedview" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_namedview" -> "fstar_tactics_util" + "fstar_tactics_namedview" -> "fstar_tactics_util" + "fstar_tactics_namedview" -> "fstar_tactics_effect" + "fstar_tactics_namedview" -> "fstar_tactics_effect" + "fstar_tactics_namedview" -> "fstar_pervasives" + "fstar_tactics_namedview" -> "fstar_pervasives" + "fstar_tactics_namedview" -> "prims" + "fstar_tactics_namedview" -> "prims" + "fstar_tactics_namedview" -> "fstar_tactics_namedview" + "fstar_heap" -> "fstar_preorder" + "fstar_heap" -> "fstar_preorder" + "fstar_heap" -> "fstar_monotonic_heap" + "fstar_heap" -> "fstar_monotonic_heap" + "fstar_heap" -> "fstar_pervasives" + "fstar_heap" -> "fstar_pervasives" + "fstar_heap" -> "prims" + "fstar_heap" -> "prims" + "mkseq" -> "fstar_tactics_effect" + "mkseq" -> "fstar_tactics_effect" + "mkseq" -> "fstar_classical" + "mkseq" -> "fstar_classical" + "mkseq" -> "fstar_list_tot" + "mkseq" -> "fstar_list_tot" + "mkseq" -> "fstar_pervasives_native" + "mkseq" -> "fstar_pervasives_native" + "mkseq" -> "fstar_tactics" + "mkseq" -> "fstar_tactics" + "mkseq" -> "fstar_seq" + "mkseq" -> "fstar_seq" + "mkseq" -> "fstar_reflection_v2" + "mkseq" -> "fstar_reflection_v2" + "mkseq" -> "rust_primitives_integers" + "mkseq" -> "rust_primitives_integers" + "mkseq" -> "fstar_tactics_v2" + "mkseq" -> "fstar_tactics_v2" + "mkseq" -> "core" + "mkseq" -> "core" + "mkseq" -> "fstar_pervasives" + "mkseq" -> "fstar_pervasives" + "mkseq" -> "prims" + "mkseq" -> "prims" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_list_tot_base" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_list_tot_base" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_pervasives_native" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_pervasives_native" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_tactics_namedview" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_tactics_namedview" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_stubs_tactics_types" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_tactics_effect" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_tactics_effect" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_reflection_v2" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_reflection_v2" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_pervasives" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_pervasives" + "fstar_tactics_v2_syntaxhelpers" -> "prims" + "fstar_tactics_v2_syntaxhelpers" -> "prims" + "bitvec_intrinsics_constants" -> "fstar_tactics_visit" + "bitvec_intrinsics_constants" -> "fstar_tactics_visit" + "bitvec_intrinsics_constants" -> "tactics_seq" + "bitvec_intrinsics_constants" -> "tactics_seq" + "bitvec_intrinsics_constants" -> "tactics_pow2" + "bitvec_intrinsics_constants" -> "tactics_pow2" + "bitvec_intrinsics_constants" -> "fstar_tactics_effect" + "bitvec_intrinsics_constants" -> "fstar_tactics_effect" + "bitvec_intrinsics_constants" -> "fstar_list_tot" + "bitvec_intrinsics_constants" -> "fstar_list_tot" + "bitvec_intrinsics_constants" -> "fstar_reflection_v2" + "bitvec_intrinsics_constants" -> "fstar_reflection_v2" + "bitvec_intrinsics_constants" -> "fstar_pervasives_native" + "bitvec_intrinsics_constants" -> "fstar_pervasives_native" + "bitvec_intrinsics_constants" -> "fstar_tactics" + "bitvec_intrinsics_constants" -> "fstar_tactics" + "bitvec_intrinsics_constants" -> "tactics_utils" + "bitvec_intrinsics_constants" -> "tactics_utils" + "bitvec_intrinsics_constants" -> "fstar_tactics_v2" + "bitvec_intrinsics_constants" -> "fstar_tactics_v2" + "bitvec_intrinsics_constants" -> "fstar_int32" + "bitvec_intrinsics_constants" -> "fstar_int32" + "bitvec_intrinsics_constants" -> "fstar_int16" + "bitvec_intrinsics_constants" -> "fstar_int16" + "bitvec_intrinsics_constants" -> "bitvec_equality" + "bitvec_intrinsics_constants" -> "bitvec_equality" + "bitvec_intrinsics_constants" -> "bitvec_utils" + "bitvec_intrinsics_constants" -> "bitvec_utils" + "bitvec_intrinsics_constants" -> "fstar_functionalextensionality" + "bitvec_intrinsics_constants" -> "fstar_functionalextensionality" + "bitvec_intrinsics_constants" -> "fstar_mul" + "bitvec_intrinsics_constants" -> "fstar_mul" + "bitvec_intrinsics_constants" -> "rust_primitives" + "bitvec_intrinsics_constants" -> "rust_primitives" + "bitvec_intrinsics_constants" -> "core" + "bitvec_intrinsics_constants" -> "core" + "bitvec_intrinsics_constants" -> "fstar_pervasives" + "bitvec_intrinsics_constants" -> "fstar_pervasives" + "bitvec_intrinsics_constants" -> "prims" + "bitvec_intrinsics_constants" -> "prims" + "fstar_order" -> "fstar_pervasives_native" + "fstar_order" -> "fstar_pervasives_native" + "fstar_order" -> "fstar_pervasives" + "fstar_order" -> "fstar_pervasives" + "fstar_order" -> "prims" + "fstar_order" -> "prims" + "fstar_tactics_effect" -> "fstar_range" + "fstar_tactics_effect" -> "fstar_stubs_tactics_result" + "fstar_tactics_effect" -> "fstar_stubs_tactics_types" + "fstar_tactics_effect" -> "fstar_stubs_reflection_types" + "fstar_tactics_effect" -> "fstar_monotonic_pure" + "fstar_tactics_effect" -> "fstar_monotonic_pure" + "fstar_tactics_effect" -> "fstar_pervasives" + "fstar_tactics_effect" -> "fstar_pervasives" + "fstar_tactics_effect" -> "prims" + "fstar_tactics_effect" -> "prims" + "core_ops" -> "core_ops_index" + "core_ops" -> "core_ops_index" + "core_ops" -> "fstar_tactics_typeclasses" + "core_ops" -> "fstar_tactics_typeclasses" + "core_ops" -> "rust_primitives" + "core_ops" -> "rust_primitives" + "core_ops" -> "fstar_pervasives" + "core_ops" -> "fstar_pervasives" + "core_ops" -> "prims" + "core_ops" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "fstar_mul" + "libcrux_intrinsics_avx2_extract" -> "core" + "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" + "libcrux_intrinsics_avx2_extract" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "libcrux_intrinsics_avx2_extract" + "core_result" -> "fstar_pervasives" + "core_result" -> "fstar_pervasives" + "core_result" -> "prims" + "core_result" -> "prims" + "fstar_monotonic_heap" -> "fstar_erasedlogic" + "fstar_monotonic_heap" -> "fstar_erasedlogic" + "fstar_monotonic_heap" -> "fstar_squash" + "fstar_monotonic_heap" -> "fstar_squash" + "fstar_monotonic_heap" -> "fstar_set" + "fstar_monotonic_heap" -> "fstar_set" + "fstar_monotonic_heap" -> "fstar_pervasives_native" + "fstar_monotonic_heap" -> "fstar_pervasives_native" + "fstar_monotonic_heap" -> "fstar_functionalextensionality" + "fstar_monotonic_heap" -> "fstar_functionalextensionality" + "fstar_monotonic_heap" -> "fstar_classical" + "fstar_monotonic_heap" -> "fstar_classical" + "fstar_monotonic_heap" -> "fstar_preorder" + "fstar_monotonic_heap" -> "fstar_preorder" + "fstar_monotonic_heap" -> "fstar_pervasives" + "fstar_monotonic_heap" -> "fstar_pervasives" + "fstar_monotonic_heap" -> "prims" + "fstar_monotonic_heap" -> "prims" + "fstar_monotonic_heap" -> "fstar_monotonic_heap" + "fstar_tactics_smt" -> "fstar_vconfig" + "fstar_tactics_smt" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_smt" -> "fstar_tactics_effect" + "fstar_tactics_smt" -> "fstar_tactics_effect" + "fstar_tactics_smt" -> "fstar_pervasives" + "fstar_tactics_smt" -> "fstar_pervasives" + "fstar_tactics_smt" -> "prims" + "fstar_tactics_smt" -> "prims" + "fstar_reflection_v2_compare" -> "fstar_order" + "fstar_reflection_v2_compare" -> "fstar_order" + "fstar_reflection_v2_compare" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2_compare" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2_compare" -> "fstar_pervasives" + "fstar_reflection_v2_compare" -> "fstar_pervasives" + "fstar_reflection_v2_compare" -> "prims" + "fstar_reflection_v2_compare" -> "prims" + "fstar_int64" -> "fstar_uint" + "fstar_int64" -> "fstar_uint" + "fstar_int64" -> "fstar_uint32" + "fstar_int64" -> "fstar_uint32" + "fstar_int64" -> "fstar_mul" + "fstar_int64" -> "fstar_mul" + "fstar_int64" -> "fstar_int" + "fstar_int64" -> "fstar_int" + "fstar_int64" -> "fstar_pervasives" + "fstar_int64" -> "fstar_pervasives" + "fstar_int64" -> "prims" + "fstar_int64" -> "prims" + "core_iter_adapters_enumerate" -> "rust_primitives" + "core_iter_adapters_enumerate" -> "rust_primitives" + "core_iter_adapters_enumerate" -> "fstar_pervasives" + "core_iter_adapters_enumerate" -> "fstar_pervasives" + "core_iter_adapters_enumerate" -> "prims" + "core_iter_adapters_enumerate" -> "prims" + "fstar_reflection_v1_formula" -> "fstar_pervasives_native" + "fstar_reflection_v1_formula" -> "fstar_pervasives_native" + "fstar_reflection_v1_formula" -> "fstar_stubs_reflection_v1_data" + "fstar_reflection_v1_formula" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1_formula" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1_formula" -> "fstar_stubs_reflection_v1_builtins" + "fstar_reflection_v1_formula" -> "fstar_reflection_const" + "fstar_reflection_v1_formula" -> "fstar_reflection_const" + "fstar_reflection_v1_formula" -> "fstar_stubs_reflection_types" + "fstar_reflection_v1_formula" -> "fstar_stubs_tactics_v1_builtins" + "fstar_reflection_v1_formula" -> "fstar_tactics_effect" + "fstar_reflection_v1_formula" -> "fstar_tactics_effect" + "fstar_reflection_v1_formula" -> "fstar_list_tot_base" + "fstar_reflection_v1_formula" -> "fstar_list_tot_base" + "fstar_reflection_v1_formula" -> "fstar_pervasives" + "fstar_reflection_v1_formula" -> "fstar_pervasives" + "fstar_reflection_v1_formula" -> "prims" + "fstar_reflection_v1_formula" -> "prims" +} diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst index 44910de0c..167d0b324 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul @@ -21,14 +21,14 @@ Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: }; kind = Concrete_ident.Kind.Value })); span = - { Span.id = 2213; + { Span.id = 3091; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 213 }; - lo = { Span.Imported.col = 0; line = 207 } } + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } ] }; typ = @@ -54,43 +54,527 @@ Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: (Ast.String "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); span = - { Span.id = 2213; + { Span.id = 3091; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 213 }; - lo = { Span.Imported.col = 0; line = 207 } } + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } ] }; typ = Ast.Make.TStr }; { Ast.Make.e = (Ast.Make.Literal (Ast.String - "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"2\"; line = \"213\" };\n lo = { Types.col = \"0\"; line = \"207\" } };\n ty = Types.Never }")); + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); span = - { Span.id = 2213; + { Span.id = 3091; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 213 }; - lo = { Span.Imported.col = 0; line = 207 } } + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } ] }; typ = Ast.Make.TStr } ]; generic_args = []; bounds_impls = []; trait = None}; span = - { Span.id = 2213; + { Span.id = 3091; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 213 }; - lo = { Span.Imported.col = 0; line = 207 } } + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_and_si256"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3580; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3580; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3580; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3580; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_castsi128_si256"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3681; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3681; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3681; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3681; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_extracti128_si256"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 2293; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 2293; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 2293; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 2293; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_madd_epi16"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 2613; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 2613; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 2613; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 2613; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } ] }; typ = @@ -123,3 +607,608 @@ Last AST: kind = Concrete_ident.Kind.Value }) */ const _: () = (); *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3439; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3439; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3439; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3439; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_slli_epi16"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3378; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3378; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3378; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3378; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_srli_epi16"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3719; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3719; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3719; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3719; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm_movemask_epi8"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3630; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3630; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3630; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3630; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm_packs_epi16"); disambiguator = 0 + } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 1423; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 1423; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 1423; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 1423; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm_storeu_bytes_si128"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 83942f87d..16d93fb14 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -6,14 +6,12 @@ open FStar.Mul val mm256_movemask_ps (a: u8) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) unfold type t_Vec128 = bit_vec 128 - val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) - let get_lane128 (v:t_Vec128) (i:nat{i < 8}) = - Seq.index (vec128_as_i16x8 v) i +val vec128_as_i16x8 (x: bit_vec 128) : t_Array i16 (sz 8) +let get_lane128 (v: bit_vec 128) (i:nat{i < 8}) = Seq.index (vec128_as_i16x8 v) i unfold type t_Vec256 = bit_vec 256 - val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) - let get_lane (v:t_Vec256) (i:nat{i < 16}) = - Seq.index (vec256_as_i16x16 v) i +val vec256_as_i16x16 (x: bit_vec 256) : t_Array i16 (sz 16) +let get_lane (v: bit_vec 256) (i:nat{i < 16}) = Seq.index (vec256_as_i16x16 v) i val mm256_abs_epi32 (a: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -30,15 +28,6 @@ val mm256_add_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_add_epi64 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_and_si256 (lhs rhs: t_Vec256) - : Prims.Pure t_Vec256 - Prims.l_True - (ensures - fun result -> - let result:t_Vec256 = result in - vec256_as_i16x16 result == - Spec.Utils.map2 ( &. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) - val mm256_andnot_si256 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: t_Vec256) @@ -76,8 +65,6 @@ val mm256_loadu_si256_i32 (input: t_Slice i32) val mm256_loadu_si256_u8 (input: t_Slice u8) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_madd_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) - val mm256_mul_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_mul_epu32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -105,31 +92,18 @@ val mm256_permute2x128_si256 (v_IMM8: i32) (a b: t_Vec256) val mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_permutevar8x32_epi32 (vector control: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) - -val mm256_set1_epi16 (constant: i16) - : Prims.Pure t_Vec256 - Prims.l_True - (ensures - fun result -> - let result:t_Vec256 = result in - vec256_as_i16x16 result == Spec.Utils.create (sz 16) constant) +include BitVec.Intrinsics {mm256_permutevar8x32_epi32} val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_set_epi32} val mm256_set_epi64x (input3 input2 input1 input0: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_set_epi8 - (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: - i8) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_set_epi8} val mm256_set_m128i (hi lo: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -138,8 +112,7 @@ val mm256_setzero_si256: Prims.unit -> Prims.Pure t_Vec256 Prims.l_True (fun _ - val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_shuffle_epi8 (vector control: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_shuffle_epi8} val mm256_sign_epi32 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -149,8 +122,7 @@ val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) val mm256_slli_epi64 (v_LEFT: i32) (x: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_sllv_epi32 (vector counts: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_sllv_epi32} val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 @@ -167,9 +139,6 @@ val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) - val mm256_srlv_epi32 (vector counts: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -226,7 +195,7 @@ val mm_add_epi16 (lhs rhs: t_Vec128) vec128_as_i16x8 result == Spec.Utils.map2 ( +. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) -val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_loadu_si128} val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 @@ -259,13 +228,9 @@ val mm_set1_epi16 (constant: i16) val mm_set_epi32 (input3 input2 input1 input0: i32) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_set_epi8 - (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: - u8) - : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_set_epi8} -val mm_shuffle_epi8 (vector control: t_Vec128) - : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_shuffle_epi8} val mm_sllv_epi32 (vector counts: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) @@ -273,8 +238,7 @@ val mm_sllv_epi32 (vector counts: t_Vec128) val mm_srli_epi64 (v_SHIFT_BY: i32) (vector: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_storeu_bytes_si128 (output: t_Slice u8) (vector: t_Vec128) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_storeu_bytes_si128} val mm_storeu_si128 (output: t_Slice i16) (vector: t_Vec128) : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) @@ -294,26 +258,44 @@ val mm_sub_epi16 (lhs rhs: t_Vec128) val vec256_blendv_epi32 (a b mask: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_castsi256_si128 = BitVec.Intrinsics.mm256_castsi256_si128 +include BitVec.Intrinsics {mm256_and_si256 as mm256_and_si256} +val lemma_mm256_and_si256 lhs rhs + : Lemma ( vec256_as_i16x16 (mm256_and_si256 lhs rhs) + == Spec.Utils.map2 (&.) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs) + ) + [SMTPat (vec256_as_i16x16 (mm256_and_si256 lhs rhs))] + +include BitVec.Intrinsics {mm256_castsi256_si128 as mm256_castsi256_si128} -unfold let mm256_extracti128_si256 = BitVec.Intrinsics.mm256_extracti128_si256 +include BitVec.Intrinsics {mm256_extracti128_si256 as mm256_extracti128_si256} -unfold let mm256_mullo_epi16 = BitVec.Intrinsics.mm256_mullo_epi16 - let lemma_mm256_mullo_epi16 v1 v2 : - Lemma (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2) == - Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) - [SMTPat (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2))] = admit() +include BitVec.Intrinsics {mm256_madd_epi16 as mm256_madd_epi16} -unfold let mm256_set_epi16 = BitVec.Intrinsics.mm256_set_epi16 +include BitVec.Intrinsics {mm256_mullo_epi16 as mm256_mullo_epi16} +let lemma_mm256_mullo_epi16 v1 v2 : + Lemma (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2) == + Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) + [SMTPat (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2))] = admit() + +include BitVec.Intrinsics {mm256_set1_epi16 as mm256_set1_epi16} +val lemma_mm256_set1_epi16 constant + : Lemma ( vec256_as_i16x16 (mm256_set1_epi16 constant) + == Spec.Utils.create (sz 16) constant + ) + [SMTPat (vec256_as_i16x16 (mm256_set1_epi16 constant))] + +include BitVec.Intrinsics {mm256_set_epi16 as mm256_set_epi16} let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : Lemma (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) [SMTPat (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() -unfold let mm256_slli_epi16 = BitVec.Intrinsics.mm256_slli_epi16 +include BitVec.Intrinsics {mm256_slli_epi16 as mm256_slli_epi16} + +include BitVec.Intrinsics {mm256_srli_epi16 as mm256_srli_epi16} -unfold let mm256_srli_epi16 = BitVec.Intrinsics.mm256_srli_epi16 +include BitVec.Intrinsics {mm256_srli_epi64 as mm256_srli_epi64} -unfold let mm_movemask_epi8 = BitVec.Intrinsics.mm_movemask_epi8 +include BitVec.Intrinsics {mm_movemask_epi8 as mm_movemask_epi8} -unfold let mm_packs_epi16 = BitVec.Intrinsics.mm_packs_epi16 +include BitVec.Intrinsics {mm_packs_epi16 as mm_packs_epi16} diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index fa918ef6c..ce78d81e5 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -7,10 +7,11 @@ #[derive(Clone, Copy)] #[hax_lib::fstar::replace( interface, - "unfold type $:{Vec256} = bit_vec 256 - val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) - let get_lane (v:t_Vec256) (i:nat{i < 16}) = - Seq.index (vec256_as_i16x16 v) i" + r#" +unfold type $:{Vec256} = bit_vec 256 +val vec256_as_i16x16 (x: bit_vec 256) : t_Array i16 (sz 16) +let get_lane (v: bit_vec 256) (i:nat{i < 16}) = Seq.index (vec256_as_i16x16 v) i +"# )] pub struct Vec256(u8); @@ -18,10 +19,11 @@ pub struct Vec256(u8); #[derive(Copy, Clone)] #[hax_lib::fstar::replace( interface, - "unfold type $:{Vec128} = bit_vec 128 - val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) - let get_lane128 (v:t_Vec128) (i:nat{i < 8}) = - Seq.index (vec128_as_i16x8 v) i" + r#" +unfold type $:{Vec128} = bit_vec 128 +val vec128_as_i16x8 (x: bit_vec 128) : t_Array i16 (sz 8) +let get_lane128 (v: bit_vec 128) (i:nat{i < 8}) = Seq.index (vec128_as_i16x8 v) i +"# )] pub struct Vec128(u8); @@ -55,11 +57,13 @@ pub fn mm_storeu_si128_i32(output: &mut [i32], vector: Vec128) { unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm_storeu_bytes_si128}")] pub fn mm_storeu_bytes_si128(output: &mut [u8], vector: Vec128) { debug_assert_eq!(output.len(), 16); unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm_loadu_si128}")] pub fn mm_loadu_si128(input: &[u8]) -> Vec128 { debug_assert_eq!(input.len(), 16); unimplemented!() @@ -85,6 +89,7 @@ pub fn mm256_set_m128i(hi: Vec128, lo: Vec128) -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm_set_epi8}")] pub fn mm_set_epi8( byte15: u8, byte14: u8, @@ -106,6 +111,7 @@ pub fn mm_set_epi8( unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_set_epi8}")] pub fn mm256_set_epi8( byte31: i8, byte30: i8, @@ -145,17 +151,30 @@ pub fn mm256_set_epi8( #[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == Spec.Utils.create (sz 16) $constant"))] +#[hax_lib::fstar::replace( + interface, + r#" +include BitVec.Intrinsics {mm256_set1_epi16 as ${mm256_set1_epi16}} +val lemma_mm256_set1_epi16 constant + : Lemma ( vec256_as_i16x16 (mm256_set1_epi16 constant) + == Spec.Utils.create (sz 16) constant + ) + [SMTPat (vec256_as_i16x16 (mm256_set1_epi16 constant))] +"# +)] pub fn mm256_set1_epi16(constant: i16) -> Vec256 { unimplemented!() } #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_set_epi16} = BitVec.Intrinsics.mm256_set_epi16 + r#" +include BitVec.Intrinsics {mm256_set_epi16 as ${mm256_set_epi16}} let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : Lemma (vec256_as_i16x16 (${mm256_set_epi16} v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) - [SMTPat (vec256_as_i16x16 (${mm256_set_epi16} v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit()" + [SMTPat (vec256_as_i16x16 (${mm256_set_epi16} v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() +"# )] pub fn mm256_set_epi16( input15: i16, @@ -194,6 +213,8 @@ pub fn mm256_set1_epi32(constant: i32) -> Vec256 { pub fn mm_set_epi32(input3: i32, input2: i32, input1: i32, input0: i32) -> Vec128 { unimplemented!() } + +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_set_epi32}")] #[inline(always)] pub fn mm256_set_epi32( input7: i32, @@ -225,7 +246,10 @@ pub fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { pub fn mm256_add_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } - +#[hax_lib::fstar::replace( + interface, + "include BitVec.Intrinsics {mm256_madd_epi16 as ${mm256_madd_epi16}}" +)] pub fn mm256_madd_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } @@ -256,12 +280,13 @@ pub fn mm256_sub_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_mullo_epi16} = BitVec.Intrinsics.mm256_mullo_epi16 - let lemma_mm256_mullo_epi16 v1 v2 : - Lemma (vec256_as_i16x16 (${mm256_mullo_epi16} v1 v2) == - Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) - [SMTPat (vec256_as_i16x16 (${mm256_mullo_epi16} v1 v2))] = admit() - " + r#" +include BitVec.Intrinsics {mm256_mullo_epi16 as ${mm256_mullo_epi16}} +let lemma_mm256_mullo_epi16 v1 v2 : + Lemma (vec256_as_i16x16 (${mm256_mullo_epi16} v1 v2) == + Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) + [SMTPat (vec256_as_i16x16 (${mm256_mullo_epi16} v1 v2))] = admit() +"# )] pub fn mm256_mullo_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() @@ -322,13 +347,22 @@ pub fn mm256_mul_epu32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[inline(always)] pub fn mm256_mul_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } -#[inline(always)] -#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == - Spec.Utils.map2 (&.) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] +#[hax_lib::fstar::replace( + interface, + r#" +include BitVec.Intrinsics {mm256_and_si256 as ${mm256_and_si256}} +val lemma_mm256_and_si256 lhs rhs + : Lemma ( vec256_as_i16x16 (mm256_and_si256 lhs rhs) + == Spec.Utils.map2 (&.) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs) + ) + [SMTPat (vec256_as_i16x16 (mm256_and_si256 lhs rhs))] +"# +)] #[inline(always)] pub fn mm256_and_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() @@ -361,7 +395,7 @@ pub fn mm256_srai_epi32(vector: Vec256) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_srli_epi16::<0>} = BitVec.Intrinsics.mm256_srli_epi16" + "include BitVec.Intrinsics {mm256_srli_epi16 as ${mm256_srli_epi16::<0>}}" )] pub fn mm256_srli_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); @@ -376,6 +410,11 @@ pub fn mm_srli_epi64(vector: Vec128) -> Vec128 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 64); unimplemented!() } + +#[hax_lib::fstar::replace( + interface, + "include BitVec.Intrinsics {mm256_srli_epi64 as ${mm256_srli_epi64::<0>}}" +)] pub fn mm256_srli_epi64(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 64); unimplemented!() @@ -383,7 +422,7 @@ pub fn mm256_srli_epi64(vector: Vec256) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_slli_epi16::<0>} = BitVec.Intrinsics.mm256_slli_epi16" + "include BitVec.Intrinsics {mm256_slli_epi16 as ${mm256_slli_epi16::<0>}}" )] pub fn mm256_slli_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); @@ -395,9 +434,11 @@ pub fn mm256_slli_epi32(vector: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm_shuffle_epi8}")] pub fn mm_shuffle_epi8(vector: Vec128, control: Vec128) -> Vec128 { unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_shuffle_epi8}")] pub fn mm256_shuffle_epi8(vector: Vec256, control: Vec256) -> Vec256 { unimplemented!() } @@ -425,7 +466,7 @@ pub fn mm256_unpackhi_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_castsi256_si128} = BitVec.Intrinsics.mm256_castsi256_si128" + "include BitVec.Intrinsics {mm256_castsi256_si128 as ${mm256_castsi256_si128}}" )] pub fn mm256_castsi256_si128(vector: Vec256) -> Vec128 { unimplemented!() @@ -440,7 +481,7 @@ pub fn mm256_cvtepi16_epi32(vector: Vec128) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm_packs_epi16} = BitVec.Intrinsics.mm_packs_epi16" + "include BitVec.Intrinsics {mm_packs_epi16 as ${mm_packs_epi16}}" )] pub fn mm_packs_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() @@ -451,7 +492,7 @@ pub fn mm256_packs_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_extracti128_si256::<0>} = BitVec.Intrinsics.mm256_extracti128_si256" + "include BitVec.Intrinsics {mm256_extracti128_si256 as ${mm256_extracti128_si256::<0>}}" )] pub fn mm256_extracti128_si256(vector: Vec256) -> Vec128 { debug_assert!(CONTROL == 0 || CONTROL == 1); @@ -484,19 +525,19 @@ pub fn vec256_blendv_epi32(a: Vec256, b: Vec256, mask: Vec256) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm_movemask_epi8} = BitVec.Intrinsics.mm_movemask_epi8" + "include BitVec.Intrinsics {mm_movemask_epi8 as ${mm_movemask_epi8}}" )] #[inline(always)] pub fn mm_movemask_epi8(vector: Vec128) -> i32 { unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_permutevar8x32_epi32}")] #[inline(always)] pub fn mm256_permutevar8x32_epi32(vector: Vec256, control: Vec256) -> Vec256 { unimplemented!() } -#[inline(always)] pub fn mm256_srlv_epi32(vector: Vec256, counts: Vec256) -> Vec256 { unimplemented!() } @@ -508,6 +549,9 @@ pub fn mm256_srlv_epi64(vector: Vec256, counts: Vec256) -> Vec256 { pub fn mm_sllv_epi32(vector: Vec128, counts: Vec128) -> Vec128 { unimplemented!() } + +#[inline(always)] +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_sllv_epi32}")] pub fn mm256_sllv_epi32(vector: Vec256, counts: Vec256) -> Vec256 { unimplemented!() } diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 062f62026..d5f025639 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -98,6 +98,7 @@ def __call__(self, parser, args, values, option_string=None) -> None: "simd128,simd256,pre-verification", ";", "into", + "-vv", "-i", include_str, "fstar", diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst deleted file mode 100644 index d1d2f4389..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst +++ /dev/null @@ -1,92 +0,0 @@ -module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Hash_functions in - let open Libcrux_ml_kem.Hash_functions.Avx2 in - let open Libcrux_ml_kem.Variant in - let open Libcrux_ml_kem.Vector.Avx2 in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash public_key randomness - -let unpack_public_key - (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - (), - Libcrux_ml_kem.Ind_cca.Unpacked.unpack_public_key v_K - v_T_AS_NTT_ENCODED_SIZE - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - in - unpacked_public_key - -let decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE - v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - key_pair ciphertext - -let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - (out: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - = - let hax_temp_output, out:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - (), - Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - #Libcrux_ml_kem.Variant.t_MlKem randomness out - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - in - out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti deleted file mode 100644 index 262eebc4e..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti +++ /dev/null @@ -1,59 +0,0 @@ -module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Hash_functions in - let open Libcrux_ml_kem.Hash_functions.Avx2 in - let open Libcrux_ml_kem.Variant in - let open Libcrux_ml_kem.Vector.Avx2 in - let open Libcrux_ml_kem.Vector.Traits in - () - -/// Unpacked encapsulate -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpack_public_key - (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Unpacked decapsulate -val decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate a key pair -val generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - (out: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst deleted file mode 100644 index 930ccd9aa..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst +++ /dev/null @@ -1,93 +0,0 @@ -module Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Hash_functions in - let open Libcrux_ml_kem.Hash_functions.Neon in - let open Libcrux_ml_kem.Variant in - let open Libcrux_ml_kem.Vector.Neon in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash public_key randomness - -let unpack_public_key - (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - (), - Libcrux_ml_kem.Ind_cca.Unpacked.unpack_public_key v_K - v_T_AS_NTT_ENCODED_SIZE - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - in - unpacked_public_key - -let decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE - v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash key_pair ciphertext - -let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - (out: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - = - let hax_temp_output, out:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - (), - Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem randomness - out - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - in - out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti deleted file mode 100644 index 89e95e7d4..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti +++ /dev/null @@ -1,63 +0,0 @@ -module Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Hash_functions in - let open Libcrux_ml_kem.Hash_functions.Neon in - let open Libcrux_ml_kem.Variant in - let open Libcrux_ml_kem.Vector.Neon in - let open Libcrux_ml_kem.Vector.Traits in - () - -/// Unpacked encapsulate -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpack_public_key - (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Unpacked decapsulate -val decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate a key pair -val generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - (out: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst deleted file mode 100644 index a866771ed..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst +++ /dev/null @@ -1,93 +0,0 @@ -module Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Hash_functions in - let open Libcrux_ml_kem.Hash_functions.Portable in - let open Libcrux_ml_kem.Variant in - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) public_key randomness - -let unpack_public_key - (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - (), - Libcrux_ml_kem.Ind_cca.Unpacked.unpack_public_key v_K - v_T_AS_NTT_ENCODED_SIZE - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - in - unpacked_public_key - -let decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE - v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) key_pair ciphertext - -let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - (out: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - = - let hax_temp_output, out:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - (), - Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem - randomness out - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - in - out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti deleted file mode 100644 index 074e3d77e..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti +++ /dev/null @@ -1,63 +0,0 @@ -module Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Hash_functions in - let open Libcrux_ml_kem.Hash_functions.Portable in - let open Libcrux_ml_kem.Variant in - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Traits in - () - -/// Unpacked encapsulate -val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpack_public_key - (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Unpacked decapsulate -val decapsulate - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate a key pair -val generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - (out: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst deleted file mode 100644 index f7f20bea3..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst +++ /dev/null @@ -1,109 +0,0 @@ -module Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Avx2 in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - #FStar.Tactics.Typeclasses.solve - () - -let serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1536) - (sz 1568) - public_key - serialized - in - serialized - -let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 4) - (sz 1536) - (sz 1536) - (sz 1568) - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - in - unpacked_public_key - -let decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext - -let generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - = - let hax_temp_output, key_pair:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) - randomness - key_pair - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - in - key_pair - -let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - #FStar.Tactics.Typeclasses.solve - () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti deleted file mode 100644 index 23a9ceb02..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti +++ /dev/null @@ -1,87 +0,0 @@ -module Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Avx2 in - let open Libcrux_ml_kem.Vector.Traits in - () - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 1024 (unpacked) -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: -/// -val encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked public key. -val init_public_key: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 1024 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] -/// and an [`MlKem1024Ciphertext`]. -val decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked key. -val init_key_pair: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst deleted file mode 100644 index 561f10648..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst +++ /dev/null @@ -1,109 +0,0 @@ -module Libcrux_ml_kem.Mlkem1024.Neon.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Neon in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - #FStar.Tactics.Typeclasses.solve - () - -let serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1536) - (sz 1568) - public_key - serialized - in - serialized - -let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 4) - (sz 1536) - (sz 1536) - (sz 1568) - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - in - unpacked_public_key - -let decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext - -let generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - = - let hax_temp_output, key_pair:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) - randomness - key_pair - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - in - key_pair - -let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - #FStar.Tactics.Typeclasses.solve - () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti deleted file mode 100644 index 57a9fbcbf..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti +++ /dev/null @@ -1,95 +0,0 @@ -module Libcrux_ml_kem.Mlkem1024.Neon.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Neon in - let open Libcrux_ml_kem.Vector.Traits in - () - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 1024 (unpacked) -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: -/// -val encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked public key. -val init_public_key: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 1024 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] -/// and an [`MlKem1024Ciphertext`]. -val decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked key. -val init_key_pair: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst deleted file mode 100644 index acfa9cb43..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst +++ /dev/null @@ -1,109 +0,0 @@ -module Libcrux_ml_kem.Mlkem1024.Portable.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - #FStar.Tactics.Typeclasses.solve - () - -let serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 4) - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1536) - (sz 1568) - public_key - serialized - in - serialized - -let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 4) - (sz 1536) - (sz 1536) - (sz 1568) - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - in - unpacked_public_key - -let decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext - -let generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - = - let hax_temp_output, key_pair:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) - randomness - key_pair - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - in - key_pair - -let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - #FStar.Tactics.Typeclasses.solve - () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti deleted file mode 100644 index 57f7005f1..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti +++ /dev/null @@ -1,95 +0,0 @@ -module Libcrux_ml_kem.Mlkem1024.Portable.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Traits in - () - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 1024 (unpacked) -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: -/// -val encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked public key. -val init_public_key: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 1024 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] -/// and an [`MlKem1024Ciphertext`]. -val decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked key. -val init_key_pair: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst deleted file mode 100644 index a73d29793..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fst +++ /dev/null @@ -1,51 +0,0 @@ -module Libcrux_ml_kem.Mlkem1024.Rand -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Rand_core in - () - -let encapsulate - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (rng: impl_277843321_) - = - let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness - in - let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 32) = tmp1 in - let _:Prims.unit = () in - let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) = - Libcrux_ml_kem.Mlkem1024.encapsulate public_key randomness - in - rng, hax_temp_output - <: - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32))) - -let generate_key_pair - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (rng: impl_277843321_) - = - let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness - in - let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 64) = tmp1 in - let _:Prims.unit = () in - let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) = - Libcrux_ml_kem.Mlkem1024.generate_key_pair randomness - in - rng, hax_temp_output - <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti deleted file mode 100644 index ab7710bce..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Rand.fsti +++ /dev/null @@ -1,39 +0,0 @@ -module Libcrux_ml_kem.Mlkem1024.Rand -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Rand_core in - () - -/// Encapsulate ML-KEM 1024 -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem1024PublicKey`]. -/// The random number generator `rng` needs to implement `RngCore` and -/// `CryptoRng` to sample the required randomness internally. -val encapsulate - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - (rng: impl_277843321_) - : Prims.Pure - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32))) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Generate ML-KEM 1024 Key Pair -/// The random number generator `rng` needs to implement `RngCore` and -/// `CryptoRng` to sample the required randomness internally. -/// This function returns an [`MlKem1024KeyPair`]. -val generate_key_pair - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (rng: impl_277843321_) - : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst deleted file mode 100644 index 666bc08a2..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst +++ /dev/null @@ -1,105 +0,0 @@ -module Libcrux_ml_kem.Mlkem512.Avx2.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Avx2 in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - -let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - #FStar.Tactics.Typeclasses.solve - () - -let serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - = - let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - (), - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 768) - (sz 800) - public_key - serialized - <: - (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - in - serialized - -let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 2) - (sz 768) - (sz 768) - (sz 800) - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - in - unpacked_public_key - -let decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext - -let generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) - randomness - key_pair - in - key_pair - -let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - #FStar.Tactics.Typeclasses.solve - () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti deleted file mode 100644 index 1751d34e2..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti +++ /dev/null @@ -1,85 +0,0 @@ -module Libcrux_ml_kem.Mlkem512.Avx2.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Avx2 in - let open Libcrux_ml_kem.Vector.Traits in - () - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 512 (unpacked) -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked public key. -val init_public_key: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 512 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] -/// and an [`MlKem512Ciphertext`]. -val decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked key. -val init_key_pair: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst deleted file mode 100644 index a46c591a3..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst +++ /dev/null @@ -1,105 +0,0 @@ -module Libcrux_ml_kem.Mlkem512.Neon.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Neon in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - -let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - #FStar.Tactics.Typeclasses.solve - () - -let serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - = - let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - (), - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 768) - (sz 800) - public_key - serialized - <: - (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - in - serialized - -let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 2) - (sz 768) - (sz 768) - (sz 800) - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - in - unpacked_public_key - -let decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext - -let generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) - randomness - key_pair - in - key_pair - -let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - #FStar.Tactics.Typeclasses.solve - () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti deleted file mode 100644 index 8526e6637..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti +++ /dev/null @@ -1,93 +0,0 @@ -module Libcrux_ml_kem.Mlkem512.Neon.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Neon in - let open Libcrux_ml_kem.Vector.Traits in - () - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 512 (unpacked) -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked public key. -val init_public_key: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 512 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] -/// and an [`MlKem512Ciphertext`]. -val decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked key. -val init_key_pair: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst deleted file mode 100644 index 1cdaff422..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst +++ /dev/null @@ -1,106 +0,0 @@ -module Libcrux_ml_kem.Mlkem512.Portable.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 2) (sz 768) (sz 800) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key - randomness - -let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - #FStar.Tactics.Typeclasses.solve - () - -let serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - = - let hax_temp_output, serialized:(Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - (), - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 2) - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 768) - (sz 800) - public_key - serialized - <: - (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - in - serialized - -let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 2) - (sz 768) - (sz 768) - (sz 800) - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - in - unpacked_public_key - -let decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 2) (sz 1632) (sz 768) - (sz 800) (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) - (sz 128) (sz 800) private_key ciphertext - -let generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) - randomness - key_pair - in - key_pair - -let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - #FStar.Tactics.Typeclasses.solve - () diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti deleted file mode 100644 index f4f9bd770..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti +++ /dev/null @@ -1,93 +0,0 @@ -module Libcrux_ml_kem.Mlkem512.Portable.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Traits in - () - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 512 (unpacked) -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked public key. -val init_public_key: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 512 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] -/// and an [`MlKem512Ciphertext`]. -val decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked key. -val init_key_pair: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst deleted file mode 100644 index f9f53966f..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fst +++ /dev/null @@ -1,49 +0,0 @@ -module Libcrux_ml_kem.Mlkem512.Rand -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Rand_core in - () - -let encapsulate - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (rng: impl_277843321_) - = - let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness - in - let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 32) = tmp1 in - let _:Prims.unit = () in - let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) = - Libcrux_ml_kem.Mlkem512.encapsulate public_key randomness - in - rng, hax_temp_output - <: - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32))) - -let generate_key_pair - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (rng: impl_277843321_) - = - let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness - in - let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 64) = tmp1 in - let _:Prims.unit = () in - let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) = - Libcrux_ml_kem.Mlkem512.generate_key_pair randomness - in - rng, hax_temp_output <: (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti deleted file mode 100644 index b1c603e54..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Rand.fsti +++ /dev/null @@ -1,39 +0,0 @@ -module Libcrux_ml_kem.Mlkem512.Rand -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Rand_core in - () - -/// Encapsulate ML-KEM 512 -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem512PublicKey`]. -/// The random number generator `rng` needs to implement `RngCore` and -/// `CryptoRng` to sample the required randomness internally. -val encapsulate - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - (rng: impl_277843321_) - : Prims.Pure - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32))) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Generate ML-KEM 512 Key Pair -/// The random number generator `rng` needs to implement `RngCore` and -/// `CryptoRng` to sample the required randomness internally. -/// This function returns an [`MlKem512KeyPair`]. -val generate_key_pair - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (rng: impl_277843321_) - : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst deleted file mode 100644 index 9d4c2330b..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst +++ /dev/null @@ -1,141 +0,0 @@ -module Libcrux_ml_kem.Mlkem768.Avx2.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Avx2 in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - #FStar.Tactics.Typeclasses.solve - () - -let serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 1184) - public_key - serialized - in - serialized - -let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.unpack_public_key (sz 3) - (sz 1152) - (sz 1152) - (sz 1184) - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - in - unpacked_public_key - -let decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext - -let generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) - randomness - key_pair - in - key_pair - -let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - #FStar.Tactics.Typeclasses.solve - () - -let key_pair_serialized_public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 3) - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - (sz 1152) - (sz 1184) - key_pair - serialized - in - serialized - -let public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - = - let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector = - Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__public_key (sz 3) - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - key_pair - <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - in - pk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti deleted file mode 100644 index c337caec7..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti +++ /dev/null @@ -1,107 +0,0 @@ -module Libcrux_ml_kem.Mlkem768.Avx2.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Avx2 in - let open Libcrux_ml_kem.Vector.Traits in - () - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 768 (unpacked) -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked public key. -val init_public_key: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 768 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] -/// and an [`MlKem768Ciphertext`]. -val decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked key. -val init_key_pair: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val key_pair_serialized_public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst deleted file mode 100644 index 4473ed5a3..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst +++ /dev/null @@ -1,142 +0,0 @@ -module Libcrux_ml_kem.Mlkem768.Neon.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Neon in - let open Libcrux_ml_kem.Vector.Neon.Vector_type in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - #FStar.Tactics.Typeclasses.solve - () - -let serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 1184) - public_key - serialized - in - serialized - -let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.unpack_public_key (sz 3) - (sz 1152) - (sz 1152) - (sz 1184) - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - in - unpacked_public_key - -let decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext - -let generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) - randomness - key_pair - in - key_pair - -let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - #FStar.Tactics.Typeclasses.solve - () - -let key_pair_serialized_public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 3) - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - (sz 1152) - (sz 1184) - key_pair - serialized - in - serialized - -let public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - = - let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = - Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__public_key (sz 3) - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - key_pair - <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - in - pk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti deleted file mode 100644 index 272b816b2..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti +++ /dev/null @@ -1,118 +0,0 @@ -module Libcrux_ml_kem.Mlkem768.Neon.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Neon in - let open Libcrux_ml_kem.Vector.Neon.Vector_type in - let open Libcrux_ml_kem.Vector.Traits in - () - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 768 (unpacked) -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked public key. -val init_public_key: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 768 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] -/// and an [`MlKem768Ciphertext`]. -val decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked key. -val init_key_pair: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val key_pair_serialized_public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst deleted file mode 100644 index f5ca7487b..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst +++ /dev/null @@ -1,142 +0,0 @@ -module Libcrux_ml_kem.Mlkem768.Portable.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Portable.Vector_type in - let open Libcrux_ml_kem.Vector.Traits in - () - -let encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.encapsulate (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let init_public_key (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - #FStar.Tactics.Typeclasses.solve - () - -let serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl__serialized_public_key_mut (sz 3) - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 1184) - public_key - serialized - in - serialized - -let unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - = - let hax_temp_output, unpacked_public_key:(Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - (), - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.unpack_public_key (sz 3) - (sz 1152) - (sz 1152) - (sz 1184) - public_key - unpacked_public_key - <: - (Prims.unit & - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - in - unpacked_public_key - -let decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.decapsulate (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext - -let generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - = - let key_pair:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) - randomness - key_pair - in - key_pair - -let init_key_pair (_: Prims.unit) = - Core.Default.f_default #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - #FStar.Tactics.Typeclasses.solve - () - -let key_pair_serialized_public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - = - let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184) = - Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__serialized_public_key_mut (sz 3) - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (sz 1152) - (sz 1184) - key_pair - serialized - in - serialized - -let public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - = - let pk:Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Clone.f_clone #(Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Ind_cca.Unpacked.impl_2__public_key (sz 3) - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - key_pair - <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - in - pk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti deleted file mode 100644 index 9a7f4ddd5..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti +++ /dev/null @@ -1,118 +0,0 @@ -module Libcrux_ml_kem.Mlkem768.Portable.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Ind_cca.Unpacked in - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Portable.Vector_type in - let open Libcrux_ml_kem.Vector.Traits in - () - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 768 (unpacked) -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked public key. -val init_public_key: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val serialized_public_key - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val unpacked_public_key - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (unpacked_public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 768 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] -/// and an [`MlKem768Ciphertext`]. -val decapsulate - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 768 Key Pair in "unpacked" form. -val generate_key_pair - (randomness: t_Array u8 (sz 64)) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Create a new, empty unpacked key. -val init_key_pair: Prims.unit - -> Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the serialized public key. -val key_pair_serialized_public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Get the unpacked public key. -val public_key - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (pk: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst deleted file mode 100644 index 75440ad21..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fst +++ /dev/null @@ -1,51 +0,0 @@ -module Libcrux_ml_kem.Mlkem768.Rand -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Rand_core in - () - -let encapsulate - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (rng: impl_277843321_) - = - let randomness:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 32)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness - in - let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 32) = tmp1 in - let _:Prims.unit = () in - let hax_temp_output:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) = - Libcrux_ml_kem.Mlkem768.encapsulate public_key randomness - in - rng, hax_temp_output - <: - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32))) - -let generate_key_pair - (#impl_277843321_: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Rand_core.t_RngCore impl_277843321_) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Rand_core.t_CryptoRng impl_277843321_) - (rng: impl_277843321_) - = - let randomness:t_Array u8 (sz 64) = Rust_primitives.Hax.repeat 0uy (sz 64) in - let tmp0, tmp1:(impl_277843321_ & t_Array u8 (sz 64)) = - Rand_core.f_fill_bytes #impl_277843321_ #FStar.Tactics.Typeclasses.solve rng randomness - in - let rng:impl_277843321_ = tmp0 in - let randomness:t_Array u8 (sz 64) = tmp1 in - let _:Prims.unit = () in - let hax_temp_output:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) = - Libcrux_ml_kem.Mlkem768.generate_key_pair randomness - in - rng, hax_temp_output - <: - (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti deleted file mode 100644 index 05b12c35a..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Rand.fsti +++ /dev/null @@ -1,39 +0,0 @@ -module Libcrux_ml_kem.Mlkem768.Rand -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Rand_core in - () - -/// Encapsulate ML-KEM 768 -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an [`MlKem768PublicKey`]. -/// The random number generator `rng` needs to implement `RngCore` and -/// `CryptoRng` to sample the required randomness internally. -val encapsulate - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - (rng: impl_277843321_) - : Prims.Pure - (impl_277843321_ & (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32))) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Generate ML-KEM 768 Key Pair -/// The random number generator `rng` needs to implement `RngCore` and -/// `CryptoRng` to sample the required randomness internally. -/// This function returns an [`MlKem768KeyPair`]. -val generate_key_pair - (#impl_277843321_: Type0) - {| i1: Rand_core.t_RngCore impl_277843321_ |} - {| i2: Rand_core.t_CryptoRng impl_277843321_ |} - (rng: impl_277843321_) - : Prims.Pure (impl_277843321_ & Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Unpacked.fsti new file mode 100644 index 000000000..1910c0b08 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.Unpacked.fsti @@ -0,0 +1,48 @@ +module Libcrux_ml_kem.Types.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + +/// An unpacked ML-KEM IND-CPA Private Key +type t_IndCpaPrivateKeyUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { f_secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K } + +/// An unpacked ML-KEM IND-CPA Private Key +type t_IndCpaPublicKeyUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_t_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K; + f_seed_for_A:t_Array u8 (sz 32); + f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K +} + +/// An unpacked ML-KEM IND-CCA Private Key +type t_MlKemPrivateKeyUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_ind_cpa_private_key:t_IndCpaPrivateKeyUnpacked v_K v_Vector; + f_implicit_rejection_value:t_Array u8 (sz 32) +} + +/// An unpacked ML-KEM IND-CCA Private Key +type t_MlKemPublicKeyUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_ind_cpa_public_key:t_IndCpaPublicKeyUnpacked v_K v_Vector; + f_public_key_hash:t_Array u8 (sz 32) +} + +/// An unpacked ML-KEM KeyPair +type t_MlKemKeyPairUnpacked + (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + = { + f_private_key:t_MlKemPrivateKeyUnpacked v_K v_Vector; + f_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector +} diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti deleted file mode 100644 index 943518133..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti +++ /dev/null @@ -1,243 +0,0 @@ -module Libcrux_ml_kem.Variant -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Hash_functions in - () - -/// Implements [`Variant`], to perform the ML-KEM-specific actions -/// during encapsulation and decapsulation. -/// Specifically, -/// * during key generation, the seed hash is domain separated (this is a difference from the FIPS 203 IPD and Kyber) -/// * during encapsulation, the initial randomness is used without prior hashing, -/// * the derivation of the shared secret does not include a hash of the ML-KEM ciphertext. -type t_MlKem = | MlKem : t_MlKem - -/// This trait collects differences in specification between ML-KEM -/// (FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the -/// NIST PQ competition. -/// cf. FIPS 203, Appendix C -class t_Variant (v_Self: Type0) = { - f_kdf_pre: - v_K: usize -> - v_CIPHERTEXT_SIZE: usize -> - #v_Hasher: Type0 -> - {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - shared_secret: t_Slice u8 -> - ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> pred: Type0{(Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32 ==> pred}; - f_kdf_post: - v_K: usize -> - v_CIPHERTEXT_SIZE: usize -> - #v_Hasher: Type0 -> - {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - shared_secret: t_Slice u8 -> - ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> - res: t_Array u8 (sz 32) - -> pred: Type0{pred ==> res == shared_secret}; - f_kdf: - v_K: usize -> - v_CIPHERTEXT_SIZE: usize -> - #v_Hasher: Type0 -> - {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - x0: t_Slice u8 -> - x1: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> Prims.Pure (t_Array u8 (sz 32)) - (f_kdf_pre v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1) - (fun result -> f_kdf_post v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1 result); - f_entropy_preprocess_pre: - v_K: usize -> - #v_Hasher: Type0 -> - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - randomness: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 randomness <: usize) =. sz 32 ==> pred}; - f_entropy_preprocess_post: - v_K: usize -> - #v_Hasher: Type0 -> - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - randomness: t_Slice u8 -> - res: t_Array u8 (sz 32) - -> pred: Type0{pred ==> res == randomness}; - f_entropy_preprocess: - v_K: usize -> - #v_Hasher: Type0 -> - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) - (f_entropy_preprocess_pre v_K #v_Hasher #i3 x0) - (fun result -> f_entropy_preprocess_post v_K #v_Hasher #i3 x0 result); - f_cpa_keygen_seed_pre: - v_K: usize -> - #v_Hasher: Type0 -> - {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - seed: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 seed <: usize) =. sz 32 ==> pred}; - f_cpa_keygen_seed_post: - v_K: usize -> - #v_Hasher: Type0 -> - {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 -> - t_Array u8 (sz 64) - -> Type0; - f_cpa_keygen_seed: - v_K: usize -> - #v_Hasher: Type0 -> - {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 64)) - (f_cpa_keygen_seed_pre v_K #v_Hasher #i4 x0) - (fun result -> f_cpa_keygen_seed_post v_K #v_Hasher #i4 x0 result) -} - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl: t_Variant t_MlKem = - { - f_kdf_pre - = - (fun - (v_K: usize) - (v_CIPHERTEXT_SIZE: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (shared_secret: t_Slice u8) - (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - -> - (Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32); - f_kdf_post - = - (fun - (v_K: usize) - (v_CIPHERTEXT_SIZE: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (shared_secret: t_Slice u8) - (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - (res: t_Array u8 (sz 32)) - -> - res == shared_secret); - f_kdf - = - (fun - (v_K: usize) - (v_CIPHERTEXT_SIZE: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (shared_secret: t_Slice u8) - (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in - out); - f_entropy_preprocess_pre - = - (fun - (v_K: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (randomness: t_Slice u8) - -> - (Core.Slice.impl__len #u8 randomness <: usize) =. sz 32); - f_entropy_preprocess_post - = - (fun - (v_K: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (randomness: t_Slice u8) - (res: t_Array u8 (sz 32)) - -> - res == randomness); - f_entropy_preprocess - = - (fun - (v_K: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (randomness: t_Slice u8) - -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in - out); - f_cpa_keygen_seed_pre - = - (fun - (v_K: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (key_generation_seed: t_Slice u8) - -> - (Core.Slice.impl__len #u8 key_generation_seed <: usize) =. sz 32); - f_cpa_keygen_seed_post - = - (fun - (v_K: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (key_generation_seed: t_Slice u8) - (out: t_Array u8 (sz 64)) - -> - true); - f_cpa_keygen_seed - = - fun - (v_K: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i4: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (key_generation_seed: t_Slice u8) - -> - let seed:t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in - let seed:t_Array u8 (sz 33) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range seed - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice #u8 - (seed.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - key_generation_seed - <: - t_Slice u8) - in - let seed:t_Array u8 (sz 33) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed - Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - (cast (v_K <: usize) <: u8) - in - Libcrux_ml_kem.Hash_functions.f_G #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (seed <: t_Slice u8) - } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index ac2d0d4c1..c6edc5b32 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -101,11 +101,12 @@ let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: i16)) in + let t512:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 512s + in + let _:Prims.unit = assert (forall i. get_lane t512 i == 512s) in let t1:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 t0 - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 512s - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 t0 t512 in let _:Prims.unit = assert (forall i. get_lane t1 i == get_lane t0 i +. 512s) in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti new file mode 100644 index 000000000..fe64003c4 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti @@ -0,0 +1,30 @@ +module Libcrux_ml_kem.Vector.Avx2.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +val deserialize_11_int (bytes: t_Slice u8) + : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + Prims.l_True + (fun _ -> Prims.l_True) + +val serialize_11_int (v: t_Slice i16) + : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) + Prims.l_True + (fun _ -> Prims.l_True) + +type t_PortableVector = { f_elements:t_Array i16 (sz 16) } + +val from_i16_array (array: t_Array i16 (sz 16)) + : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) + +val serialize_11_ (v: t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val to_i16_array (v: t_PortableVector) + : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (fun _ -> Prims.l_True) + +val zero: Prims.unit -> Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index cbcca6519..d0c07fe84 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -10,165 +10,48 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -let deserialize_1_ (bytes: t_Slice u8) = +[@@"opaque_to_smt"] + +let deserialize_1___deserialize_1_i16s (a b: i16) = let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) - in - let shift_lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < + (); + (Tactics.Utils.prove_forall_nat_pointwise (fun _ -> + Tactics.compute (); + Tactics.smt_sync ()))) + in let bits_packed:i32 = Libcrux_intrinsics.Avx2_extract.mm_movemask_epi8 msbs in - let list = [cast (bits_packed <: i32) <: u8; cast (bits_packed >>! 8l <: i32) <: u8] in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); - Rust_primitives.Hax.array_of_list 2 list + let result:t_Array u8 (sz 2) = + let list = [cast (bits_packed <: i32) <: u8; cast (bits_packed >>! 8l <: i32) <: u8] in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); + Rust_primitives.Hax.array_of_list 2 list + in + let _:Prims.unit = + assert (forall (i: nat{i < 8}). + get_bit (bits_packed >>! 8l <: i32) (sz i) == get_bit bits_packed (sz (i + 8))) + in + result -let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in +#pop-options + +#push-options "--ext context_pruning --split_queries always" + +let serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < lower_8_ i = vector ((i / 10) * 16 + i % 10))); + introduce forall (i: nat{i < 80}) . upper_8_ i = vector (128 + (i / 10) * 16 + i % 10) + with assert_norm (BitVec.Utils.forall_n 80 + (fun i -> upper_8_ i = vector (128 + (i / 10) * 16 + i % 10))) + in + lower_8_, upper_8_ + <: + (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) + +#pop-options + +#push-options "--ext context_pruning --split_queries always" + +let serialize_12___serialize_12_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_concat_pairs_n 12uy vector + in + let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 adjacent_2_combined + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 8l 0l 8l 0l 8l 0l 8l + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 8l adjacent_4_combined + in + let adjacent_8_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_4_combined + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) 13y 12y 11y 10y 9y 8y + 5y 4y 3y 2y 1y 0y (-1y) (-1y) (-1y) (-1y) 13y 12y 11y 10y 9y 8y 5y 4y 3y 2y 1y 0y + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let lower_8_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_8_combined + in + let upper_8_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_8_combined + in + let _:Prims.unit = + introduce forall (i: nat{i < 96}) . lower_8_ i = vector ((i / 12) * 16 + i % 12) + with assert_norm (BitVec.Utils.forall_n 96 + (fun i -> lower_8_ i = vector ((i / 12) * 16 + i % 12))); + introduce forall (i: nat{i < 96}) . upper_8_ i = vector (128 + (i / 12) * 16 + i % 12) + with assert_norm (BitVec.Utils.forall_n 96 + (fun i -> upper_8_ i = vector (128 + (i / 12) * 16 + i % 12))) + in + lower_8_, upper_8_ + <: + (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) + +#pop-options + +#push-options "--ext context_pruning --split_queries always" + +let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & + Libcrux_intrinsics.Avx2_extract.t_Vec128) = + serialize_10___serialize_10_vec vector + in + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } @@ -276,9 +234,6 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: t_Slice u8) in - let upper_8_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_8_combined - in let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 26 } @@ -309,37 +264,15 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Core.Result.t_Result (t_Array u8 (sz 20)) Core.Array.t_TryFromSliceError) +#pop-options + +#push-options "--ext context_pruning --split_queries always" + let serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < combined i = vector ((i / 4) * 16 + i % 4))); + assert (forall (i: nat{i < 64}). + bit_vec_of_int_t_array serialized 8 i == vector ((i / 4) * 16 + i % 4)) + in Core.Result.impl__unwrap #(t_Array u8 (sz 8)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) @@ -515,6 +454,186 @@ let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Core.Result.t_Result (t_Array u8 (sz 8)) Core.Array.t_TryFromSliceError) +#pop-options + +[@@"opaque_to_smt"] + +let deserialize_10___deserialize_10_vec + (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) + = + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 lower_coefficients0 + (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 9uy 8uy 8uy 7uy 7uy 6uy 6uy 5uy 4uy 3uy 3uy 2uy + 2uy 1uy 1uy 0uy + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + in + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients0 + (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 15uy 14uy 14uy 13uy 13uy 12uy 12uy 11uy 10uy 9uy + 9uy 8uy 8uy 7uy 7uy 6uy + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_si256_from_two_si128 lower_coefficients upper_coefficients + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < + coefficients i = + (if i % 16 < 10 + then + let j = (i / 16) * 10 + i % 16 in + if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 32) + else 0))) + in + coefficients + +let deserialize_10_ (bytes: t_Slice u8) = + let lower_coefficients:t_Slice u8 = + bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + <: + Core.Ops.Range.t_Range usize ] + in + let upper_coefficients:t_Slice u8 = + bytes.[ { Core.Ops.Range.f_start = sz 4; Core.Ops.Range.f_end = sz 20 } + <: + Core.Ops.Range.t_Range usize ] + in + deserialize_10___deserialize_10_vec (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 lower_coefficients + + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 upper_coefficients + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + +[@@"opaque_to_smt"] + +let deserialize_12___deserialize_12_vec + (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) + = + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 lower_coefficients0 + (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 11uy 10uy 10uy 9uy 8uy 7uy 7uy 6uy 5uy 4uy 4uy + 3uy 2uy 1uy 1uy 0uy + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + in + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients0 + (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 15uy 14uy 14uy 13uy 12uy 11uy 11uy 10uy 9uy 8uy + 8uy 7uy 6uy 5uy 5uy 4uy + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_si256_from_two_si128 lower_coefficients upper_coefficients + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < + coefficients i = + (if i % 16 < 12 + then + let j = (i / 16) * 12 + i % 16 in + if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 64) + else 0))) + in + coefficients + +let deserialize_12_ (bytes: t_Slice u8) = + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (bytes.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (bytes.[ { + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = sz 24 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + deserialize_12___deserialize_12_vec lower_coefficients upper_coefficients + +let deserialize_5_ (bytes: t_Slice u8) = + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_set_epi8 (bytes.[ sz 9 ] <: u8) (bytes.[ sz 8 ] <: u8) + (bytes.[ sz 8 ] <: u8) (bytes.[ sz 7 ] <: u8) (bytes.[ sz 7 ] <: u8) (bytes.[ sz 6 ] <: u8) + (bytes.[ sz 6 ] <: u8) (bytes.[ sz 5 ] <: u8) (bytes.[ sz 4 ] <: u8) (bytes.[ sz 3 ] <: u8) + (bytes.[ sz 3 ] <: u8) (bytes.[ sz 2 ] <: u8) (bytes.[ sz 2 ] <: u8) (bytes.[ sz 1 ] <: u8) + (bytes.[ sz 1 ] <: u8) (bytes.[ sz 0 ] <: u8) + in + let coefficients_loaded:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_si256_from_two_si128 coefficients coefficients + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 coefficients_loaded + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 15y 14y 15y 14y 13y 12y 13y 12y 11y 10y 11y + 10y 9y 8y 9y 8y 7y 6y 7y 6y 5y 4y 5y 4y 3y 2y 3y 2y 1y 0y 1y 0y + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 >= 1 + then 0 + else + let j = (i / 16) * 1 + i % 16 in + if i < 128 then get_bit a (sz j) else get_bit b (sz (j - 8)))) + +val deserialize_1___deserialize_1_u8s (a b: u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 >= 1 + then 0 + else + let j = (i / 16) * 1 + i % 16 in + if i < 128 then get_bit a (sz j) else get_bit b (sz (j - 8)))) + val deserialize_1_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2) + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 >= 1 + then 0 + else + let j = (i / 16) * 1 + i % 16 in + bit_vec_of_int_t_array (bytes <: t_Array _ (sz 2)) 8 j)) -val deserialize_10_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val deserialize_4___deserialize_4_i16s (b0 b1 b2 b3 b4 b5 b6 b7: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 < 4 + then + let j = (i / 16) * 4 + i % 16 in + (match i / 32 with + | 0 -> get_bit b0 (sz j) + | 1 -> get_bit b1 (sz (j - 8)) + | 2 -> get_bit b2 (sz (j - 16)) + | 3 -> get_bit b3 (sz (j - 24)) + | 4 -> get_bit b4 (sz (j - 32)) + | 5 -> get_bit b5 (sz (j - 40)) + | 6 -> get_bit b6 (sz (j - 48)) + | 7 -> get_bit b7 (sz (j - 56))) + else 0)) -val deserialize_12_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val deserialize_4___deserialize_4_u8s (b0 b1 b2 b3 b4 b5 b6 b7: u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 < 4 + then + let j = (i / 16) * 4 + i % 16 in + (match i / 32 with + | 0 -> get_bit b0 (sz j) + | 1 -> get_bit b1 (sz (j - 8)) + | 2 -> get_bit b2 (sz (j - 16)) + | 3 -> get_bit b3 (sz (j - 24)) + | 4 -> get_bit b4 (sz (j - 32)) + | 5 -> get_bit b5 (sz (j - 40)) + | 6 -> get_bit b6 (sz (j - 48)) + | 7 -> get_bit b7 (sz (j - 56))) + else 0)) val deserialize_4_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + forall (i: nat{i < 256}). + result i = + (if i % 16 >= 4 + then 0 + else + let j = (i / 16) * 4 + i % 16 in + bit_vec_of_int_t_array (bytes <: t_Array _ (sz 8)) 8 j)) -val deserialize_5_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_concat_pairs_n} val serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 2)) + (requires forall i. i % 16 >= 1 ==> vector i == 0) + (ensures + fun result -> + let result:t_Array u8 (sz 2) = result in + forall i. bit_vec_of_int_t_array result 8 i == vector (i * 16)) + +val serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure + (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) + (requires forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0) + (ensures + fun temp_0_ -> + let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & + Libcrux_intrinsics.Avx2_extract.t_Vec128) = + temp_0_ + in + forall (i: nat{i < 160}). + vector ((i / 10) * 16 + i % 10) == (if i < 80 then lower_8_ i else upper_8_ (i - 80))) + +val serialize_12___serialize_12_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure + (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) + (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) + (ensures + fun temp_0_ -> + let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & + Libcrux_intrinsics.Avx2_extract.t_Vec128) = + temp_0_ + in + forall (i: nat{i < 192}). + vector ((i / 12) * 16 + i % 12) == (if i < 96 then lower_8_ i else upper_8_ (i - 96))) val serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 20)) + (requires forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0) + (ensures + fun r -> + let r:t_Array u8 (sz 20) = r in + forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i / 10) * 16 + i % 10)) val serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 24)) + (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) + (ensures + fun r -> + let r:t_Array u8 (sz 24) = r in + forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i / 12) * 16 + i % 12)) val serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) val serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 8)) + (requires forall (i: nat{i < 256}). i % 16 < 4 || vector i = 0) + (ensures + fun r -> + let r:t_Array u8 (sz 8) = r in + forall (i: nat{i < 64}). bit_vec_of_int_t_array r 8 i == vector ((i / 4) * 16 + i % 4)) + +include BitVec.Intrinsics {mm256_si256_from_two_si128 as mm256_si256_from_two_si128} + +val deserialize_10___deserialize_10_vec + (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 >= 10 + then 0 + else + let j = (i / 16) * 10 + i % 16 in + if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 32))) + +val deserialize_10_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Seq.length bytes == 20) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + forall (i: nat{i < 256}). + result i = + (if i % 16 >= 10 + then 0 + else + let j = (i / 16) * 10 + i % 16 in + bit_vec_of_int_t_array (bytes <: t_Array _ (sz 20)) 8 j)) + +val deserialize_12___deserialize_12_vec + (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 >= 12 + then 0 + else + let j = (i / 16) * 12 + i % 16 in + if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 64))) + +val deserialize_12_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Seq.length bytes == 24) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + forall (i: nat{i < 256}). + result i = + (if i % 16 >= 12 + then 0 + else + let j = (i / 16) * 12 + i % 16 in + bit_vec_of_int_t_array (bytes <: t_Array _ (sz 24)) 8 j)) + +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Seq.length bytes == 10) + (fun _ -> Prims.l_True) val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index ed5b74a59..57d1a48ac 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -173,6 +173,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_cond_subtract_3329_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.cond_subtract_3329_ vector.f_elements } <: t_SIMD256Vector); @@ -291,6 +292,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ntt_layer_1_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> + let _:Prims.unit = admit () in { f_elements = @@ -310,6 +312,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ntt_layer_2_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1 } @@ -327,6 +330,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ntt_layer_3_step = (fun (vector: t_SIMD256Vector) (zeta: i16) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_3_step vector.f_elements zeta } <: t_SIMD256Vector); @@ -350,6 +354,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_inv_ntt_layer_1_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> + let _:Prims.unit = admit () in { f_elements = @@ -373,6 +378,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_inv_ntt_layer_2_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> + let _:Prims.unit = admit () in { f_elements = @@ -391,6 +397,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_inv_ntt_layer_3_step = (fun (vector: t_SIMD256Vector) (zeta: i16) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta } <: t_SIMD256Vector); @@ -430,6 +437,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta2: i16) (zeta3: i16) -> + let _:Prims.unit = admit () in { f_elements = @@ -453,7 +461,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_serialize_1_ = (fun (vector: t_SIMD256Vector) -> - let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements); f_deserialize_1_pre = @@ -465,7 +472,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_deserialize_1_ = (fun (bytes: t_Slice u8) -> - let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes } <: t_SIMD256Vector); @@ -480,7 +486,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_serialize_4_ = (fun (vector: t_SIMD256Vector) -> - let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_4_ vector.f_elements); f_deserialize_4_pre = @@ -492,7 +497,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_deserialize_4_ = (fun (bytes: t_Slice u8) -> - let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_4_ bytes } <: t_SIMD256Vector); @@ -501,6 +505,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_serialize_5_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements); f_deserialize_5_pre = @@ -509,6 +514,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_deserialize_5_ = (fun (bytes: t_Slice u8) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_5_ bytes } <: t_SIMD256Vector); @@ -523,7 +529,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_serialize_10_ = (fun (vector: t_SIMD256Vector) -> - let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_10_ vector.f_elements); f_deserialize_10_pre = @@ -535,7 +540,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_deserialize_10_ = (fun (bytes: t_Slice u8) -> - let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_10_ bytes } <: t_SIMD256Vector); @@ -566,7 +570,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_serialize_12_ = (fun (vector: t_SIMD256Vector) -> - let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_12_ vector.f_elements); f_deserialize_12_pre = @@ -578,7 +581,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_deserialize_12_ = (fun (bytes: t_Slice u8) -> - let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes } <: t_SIMD256Vector); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst deleted file mode 100644 index 0ca12f7ff..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst +++ /dev/null @@ -1,59 +0,0 @@ -module Libcrux_ml_kem.Vector.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Core -open FStar.Mul - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable.Vector_type in - let open Libcrux_ml_kem.Vector.Traits in - () - -let deserialize_11_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_11_ a - -let deserialize_5_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_5_ a - -let serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_11_ a - -let serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a - -let deserialize_1_ (a: t_Slice u8) = - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a - -let deserialize_10_ (a: t_Slice u8) = - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a - -let deserialize_12_ (a: t_Slice u8) = - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a - -let deserialize_4_ (a: t_Slice u8) = - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a - -let serialize_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 1) in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a - -let serialize_10_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_ a - -let serialize_12_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_ a - -let serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4) in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index 31c67d6b2..cbc90050c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -3,7 +3,7 @@ module Libcrux_ml_kem.Vector.Traits open Core open FStar.Mul -#push-options "--z3rlimit 100" +#push-options "--z3rlimit 200 --split_queries always" let decompress_1_ (#v_T: Type0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index bd794d873..b7a4485d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -5,7 +5,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ - Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index bb8601b20..571e879fb 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -123,6 +123,7 @@ let poly_inv_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = let b = field_mul b_minus_a zetas.[sz i] in (a,b) +#push-options "--z3rlimit 150" let poly_inv_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let len = pow2 l in let k = (256 / len) - 1 in @@ -132,6 +133,7 @@ let poly_inv_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in let (a_ntt, b_ntt) = poly_inv_ntt_step p.[sz idx0] p.[sz idx1] (k - round) in if idx < len then a_ntt else b_ntt) +#pop-options val poly_inv_ntt: polynomial -> polynomial let poly_inv_ntt p = diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 54fb8b3be..1c6ed14b1 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -215,7 +215,6 @@ val lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : is_i16b (b1 + b2) (n1 +! n2))) let lemma_add_i16b (b1 b2:nat) (n1 n2:i16) = () - #push-options "--z3rlimit 100 --split_queries always" let lemma_range_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ v < p/2 /\ v >= -p / 2}): Lemma (v @% p == v) = diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index ade993f68..3c65a7e26 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -8,7 +8,7 @@ mod sampling; mod serialize; #[derive(Clone, Copy)] -#[hax_lib::fstar::before(interface,"noeq")] +#[hax_lib::fstar::before(interface, "noeq")] #[hax_lib::fstar::after(interface,"let repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements")] pub struct SIMD256Vector { elements: Vec256, @@ -23,7 +23,6 @@ fn vec_zero() -> SIMD256Vector { } } - #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("${result} == repr ${v}"))] @@ -120,6 +119,7 @@ impl Operations for SIMD256Vector { #[requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr $vector)"))] #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"))] fn cond_subtract_3329(vector: Self) -> Self { + hax_lib::fstar!("admit()"); Self { elements: arithmetic::cond_subtract_3329(vector.elements), } @@ -184,6 +184,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"))] fn ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), } @@ -193,6 +194,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"))] fn ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::ntt_layer_2_step(vector.elements, zeta0, zeta1), } @@ -202,6 +204,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"))] fn ntt_layer_3_step(vector: Self, zeta: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::ntt_layer_3_step(vector.elements, zeta), } @@ -212,6 +215,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::inv_ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), } @@ -221,6 +225,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::inv_ntt_layer_2_step(vector.elements, zeta0, zeta1), } @@ -230,6 +235,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_3_step(vector: Self, zeta: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::inv_ntt_layer_3_step(vector.elements, zeta), } @@ -248,6 +254,7 @@ impl Operations for SIMD256Vector { zeta2: i16, zeta3: i16, ) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::ntt_multiply(lhs.elements, rhs.elements, zeta0, zeta1, zeta2, zeta3), } @@ -257,7 +264,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $vector) $out"))] fn serialize_1(vector: Self) -> [u8; 2] { - hax_lib::fstar!("admit()"); serialize::serialize_1(vector.elements) } @@ -265,7 +271,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (impl.f_repr $out)"))] fn deserialize_1(bytes: &[u8]) -> Self { - hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_1(bytes), } @@ -275,7 +280,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $vector) $out"))] fn serialize_4(vector: Self) -> [u8; 8] { - hax_lib::fstar!("admit()"); serialize::serialize_4(vector.elements) } @@ -283,18 +287,19 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (impl.f_repr $out)"))] fn deserialize_4(bytes: &[u8]) -> Self { - hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_4(bytes), } } fn serialize_5(vector: Self) -> [u8; 10] { + hax_lib::fstar!("admit()"); serialize::serialize_5(vector.elements) } #[requires(bytes.len() == 10)] fn deserialize_5(bytes: &[u8]) -> Self { + hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_5(bytes), } @@ -304,7 +309,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $vector) $out"))] fn serialize_10(vector: Self) -> [u8; 20] { - hax_lib::fstar!("admit()"); serialize::serialize_10(vector.elements) } @@ -312,7 +316,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (impl.f_repr $out)"))] fn deserialize_10(bytes: &[u8]) -> Self { - hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_10(bytes), } @@ -333,7 +336,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $vector) $out"))] fn serialize_12(vector: Self) -> [u8; 24] { - hax_lib::fstar!("admit()"); serialize::serialize_12(vector.elements) } @@ -341,7 +343,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (impl.f_repr $out)"))] fn deserialize_12(bytes: &[u8]) -> Self { - hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_12(bytes), } diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 3dd5be929..7f6d7e6b3 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -3,13 +3,15 @@ use crate::vector::{traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, FIELD_MODULUS}; use super::*; #[inline(always)] -#[hax_lib::fstar::before(interface,"open Libcrux_intrinsics.Avx2_extract")] -#[hax_lib::fstar::before(" +#[hax_lib::fstar::before(interface, "open Libcrux_intrinsics.Avx2_extract")] +#[hax_lib::fstar::before( + " let lemma_add_i (lhs rhs: t_Vec256) (i:nat): Lemma (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) + v (get_lane rhs i)))) (ensures (v (add_mod (get_lane lhs i) (get_lane rhs i)) == (v (get_lane lhs i) + v (get_lane rhs i)))) - [SMTPat (v (add_mod (get_lane lhs i) (get_lane rhs i)))] = ()")] + [SMTPat (v (add_mod (get_lane lhs i) (get_lane rhs i)))] = ()" +)] #[hax_lib::requires(fstar!("forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) + v (get_lane $rhs i))"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> @@ -22,12 +24,14 @@ pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { } #[inline(always)] -#[hax_lib::fstar::before(" +#[hax_lib::fstar::before( + " let lemma_sub_i (lhs rhs: t_Vec256) (i:nat): Lemma (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) - v (get_lane rhs i)))) (ensures (v (sub_mod (get_lane lhs i) (get_lane rhs i)) == (v (get_lane lhs i) - v (get_lane rhs i)))) - [SMTPat (v (sub_mod (get_lane lhs i) (get_lane rhs i)))] = ()")] + [SMTPat (v (sub_mod (get_lane lhs i) (get_lane rhs i)))] = ()" +)] #[hax_lib::requires(fstar!("forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) - v (get_lane $rhs i))"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> @@ -40,12 +44,14 @@ pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { } #[inline(always)] -#[hax_lib::fstar::before(" +#[hax_lib::fstar::before( + " let lemma_mul_i (lhs: t_Vec256) (i:nat) (c:i16): Lemma (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) * v c))) (ensures (v (mul_mod (get_lane lhs i) c) == (v (get_lane lhs i) * v c))) - [SMTPat (v (mul_mod (get_lane lhs i) c))] = ()")] + [SMTPat (v (mul_mod (get_lane lhs i) c))] = ()" +)] #[hax_lib::requires(fstar!("forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $vector i) * v constant)"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> @@ -55,7 +61,7 @@ pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { let result = mm256_mullo_epi16(vector, cv); hax_lib::fstar!("Seq.lemma_eq_intro (vec256_as_i16x16 ${result}) (Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); - + hax_lib::fstar!("assert (forall i. get_lane result i == get_lane vector i *. constant); assert (forall i. v (get_lane vector i *. constant) == v (get_lane vector i) * v constant); assert (forall i. v (get_lane result i) == v (get_lane vector i) * v constant)"); @@ -77,12 +83,14 @@ pub(crate) fn bitwise_and_with_constant(vector: Vec256, constant: i16) -> Vec256 #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] #[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] + Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn shift_right(vector: Vec256) -> Vec256 { let result = mm256_srai_epi16::<{ SHIFT_BY }>(vector); - hax_lib::fstar!("Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) + hax_lib::fstar!( + "Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))" + ); result } @@ -96,17 +104,21 @@ pub(crate) fn shift_right(vector: Vec256) -> Vec256 { #[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> get_lane $result i == - (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i)"))] + (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i)"))] pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); hax_lib::fstar!("assert (forall i. get_lane $field_modulus i == 3329s)"); // Compute v_i - Q and crate a mask from the sign bit of each of these // quantities. let v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); - hax_lib::fstar!("assert (forall i. get_lane $v_minus_field_modulus i == get_lane $vector i -. 3329s)"); + hax_lib::fstar!( + "assert (forall i. get_lane $v_minus_field_modulus i == get_lane $vector i -. 3329s)" + ); let sign_mask = mm256_srai_epi16::<15>(v_minus_field_modulus); - hax_lib::fstar!("assert (forall i. get_lane $sign_mask i == (get_lane $v_minus_field_modulus i >>! 15l))"); + hax_lib::fstar!( + "assert (forall i. get_lane $sign_mask i == (get_lane $v_minus_field_modulus i >>! 15l))" + ); // If v_i - Q < 0 then add back Q to (v_i - Q). let conditional_add_field_modulus = mm256_and_si256(sign_mask, field_modulus); @@ -133,13 +145,19 @@ const BARRETT_MULTIPLIER: i16 = 20159; pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 { let t0 = mm256_mulhi_epi16(vector, mm256_set1_epi16(BARRETT_MULTIPLIER)); hax_lib::fstar!("assert (forall i. get_lane $t0 i == (cast (((cast (get_lane $vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! 16l) <: i16))"); - let t1 = mm256_add_epi16(t0, mm256_set1_epi16(512)); + let t512 = mm256_set1_epi16(512); + hax_lib::fstar!("assert (forall i. get_lane $t512 i == 512s)"); + let t1 = mm256_add_epi16(t0, t512); hax_lib::fstar!("assert (forall i. get_lane $t1 i == get_lane $t0 i +. 512s)"); let quotient = mm256_srai_epi16::<10>(t1); - hax_lib::fstar!("assert (forall i. get_lane $quotient i == (((get_lane $t1 i) <: i16) >>! (10l <: i32)))"); + hax_lib::fstar!( + "assert (forall i. get_lane $quotient i == (((get_lane $t1 i) <: i16) >>! (10l <: i32)))" + ); let quotient_times_field_modulus = mm256_mullo_epi16(quotient, mm256_set1_epi16(FIELD_MODULUS)); - hax_lib::fstar!("assert (forall i. get_lane $quotient_times_field_modulus i == - get_lane $quotient i *. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)"); + hax_lib::fstar!( + "assert (forall i. get_lane $quotient_times_field_modulus i == + get_lane $quotient i *. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)" + ); let result = mm256_sub_epi16(vector, quotient_times_field_modulus); hax_lib::fstar!("assert (forall i. get_lane $result i == get_lane $vector i -. get_lane $quotient_times_field_modulus i); @@ -203,14 +221,16 @@ pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) -> ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))")))] pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) -> Vec256 { let value_low = mm256_mullo_epi16(vec, constants); - hax_lib::fstar!("assert (forall i. get_lane $value_low i == get_lane $vec i *. get_lane $constants i)"); - + hax_lib::fstar!( + "assert (forall i. get_lane $value_low i == get_lane $vec i *. get_lane $constants i)" + ); + let k = mm256_mullo_epi16( value_low, mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); hax_lib::fstar!("assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))"); - + let modulus = mm256_set1_epi16(FIELD_MODULUS); hax_lib::fstar!("assert (forall i. get_lane $modulus i == 3329s)"); @@ -222,7 +242,6 @@ pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) - assert (forall i. get_lane $k_times_modulus i == (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))"); - let value_high = mm256_mulhi_epi16(vec, constants); hax_lib::fstar!("assert (forall i. get_lane $value_high i == (cast (((cast (get_lane $vec i) <: i32) *. (cast (get_lane $constants i) <: i32)) >>! 16l) <: i16))"); @@ -237,7 +256,7 @@ pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) - assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i)); assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane $result i)); assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)); - assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))"); + assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))"); result } @@ -274,14 +293,15 @@ pub(crate) fn montgomery_reduce_i32s(vec: Vec256) -> Vec256 { pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec128) -> Vec128 { let value_low = mm_mullo_epi16(vec, constants); hax_lib::fstar!("assert (forall i. get_lane128 $value_low i == get_lane128 $vec i *. get_lane128 $constants i)"); - let k = mm_mullo_epi16( value_low, mm_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - hax_lib::fstar!("assert (forall i. get_lane128 $k i == get_lane128 $value_low i *. (neg 3327s))"); - + hax_lib::fstar!( + "assert (forall i. get_lane128 $k i == get_lane128 $value_low i *. (neg 3327s))" + ); + let modulus = mm_set1_epi16(FIELD_MODULUS); hax_lib::fstar!("assert (forall i. get_lane128 $modulus i == 3329s)"); @@ -293,7 +313,6 @@ pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec assert (forall i. get_lane128 $k_times_modulus i == (cast (((cast (get_lane128 $k i) <: i32) *. (cast (get_lane128 $modulus i) <: i32)) >>! 16l) <: i16))"); - let value_high = mm_mulhi_epi16(vec, constants); hax_lib::fstar!("assert (forall i. get_lane128 $value_high i == (cast (((cast (get_lane128 $vec i) <: i32) *. (cast (get_lane128 $constants i) <: i32)) >>! 16l) <: i16))"); @@ -308,7 +327,7 @@ pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec assert (forall i. Spec.Utils.is_i16b 3328 (get_lane128 $result i)); assert (forall (i:nat). i < 8 ==> Spec.Utils.is_i16b 3328 (get_lane128 $result i)); assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $result)); - assert (forall i. v (get_lane128 $result i) % 3329 == ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))"); - + assert (forall i. v (get_lane128 $result i) % 3329 == ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))"); + result } diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 69da39197..693bb1bf8 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -2,6 +2,9 @@ use super::*; use crate::vector::portable::PortableVector; #[inline(always)] +#[hax_lib::fstar::options("--ext context_pruning --compat_pre_core 0")] +#[hax_lib::requires(fstar!("forall i. i % 16 >= 1 ==> vector i == 0"))] +#[hax_lib::ensures(|result| fstar!("forall i. bit_vec_of_int_t_array $result 8 i == $vector (i * 16)"))] pub(crate) fn serialize_1(vector: Vec256) -> [u8; 2] { // Suppose |vector| is laid out as follows (superscript number indicates the // corresponding bit is duplicated that many times): @@ -43,75 +46,139 @@ pub(crate) fn serialize_1(vector: Vec256) -> [u8; 2] { // 0xFF 0x00 0x00 0x00 | 0xFF 0x00 0x00 0x00 | 0x00 0x00 0x00 0x00 | 0x00 0x00 0x00 0xFF let msbs = mm_packs_epi16(low_msbs, high_msbs); + hax_lib::fstar!( + r#" +let bits_packed' = BitVec.Intrinsics.mm_movemask_epi8_bv msbs in + assert (forall (i: nat{i < 16}). bits_packed' i = $vector ((i / 1) * 16 + i % 1)) + by ( + Tactics.Utils.prove_forall_nat_pointwise (fun _ -> + Tactics.compute (); + Tactics.smt_sync () + ) + ) +"# + ); + // Now that every element is either 0xFF or 0x00, we just extract the most // significant bit from each element and collate them into two bytes. let bits_packed = mm_movemask_epi8(msbs); - [bits_packed as u8, (bits_packed >> 8) as u8] + let result = [bits_packed as u8, (bits_packed >> 8) as u8]; + + hax_lib::fstar!( + r#" +assert (forall (i: nat {i < 8}). get_bit ($bits_packed >>! 8l <: i32) (sz i) == get_bit $bits_packed (sz (i + 8))) +"# + ); + + result } #[inline(always)] +#[hax_lib::requires(bytes.len() == 2)] +#[hax_lib::ensures(|coefficients| fstar!( + r#"forall (i:nat{i < 256}). + $coefficients i + = ( if i % 16 >= 1 then 0 + else let j = (i / 16) * 1 + i % 16 in + bit_vec_of_int_t_array ($bytes <: t_Array _ (sz 2)) 8 j)) +"# +))] +#[hax_lib::fstar::before("#restart-solver")] pub(crate) fn deserialize_1(bytes: &[u8]) -> Vec256 { - // We need to take each bit from the 2 bytes of input and put them - // into their own 16-bit lane. Ideally, we'd load the two bytes into the vector, - // duplicate them, and right-shift the 0th element by 0 bits, - // the first element by 1 bit, the second by 2 bits and so on before AND-ing - // with 0x1 to leave only the least signifinicant bit. - // But since |_mm256_srlv_epi16| does not exist, so we have to resort to a - // workaround. - // - // Rather than shifting each element by a different amount, we'll multiply - // each element by a value such that the bit we're interested in becomes the most - // significant bit. - - // The coefficients are loaded as follows: - let coefficients = mm256_set_epi16( - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - ); - - // And this vector, when multiplied with the previous one, ensures that the - // bit we'd like to keep in each lane becomes the most significant bit upon - // multiplication. - let shift_lsb_to_msb = mm256_set_epi16( - 1 << 8, - 1 << 9, - 1 << 10, - 1 << 11, - 1 << 12, - 1 << 13, - 1 << 14, - -32768, - 1 << 8, - 1 << 9, - 1 << 10, - 1 << 11, - 1 << 12, - 1 << 13, - 1 << 14, - -32768, - ); - let coefficients_in_msb = mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + #[hax_lib::ensures(|coefficients| fstar!( + r#"forall (i:nat{i < 256}). + $coefficients i + = ( if i % 16 >= 1 then 0 + else let j = (i / 16) * 1 + i % 16 in + if i < 128 then get_bit $a (sz j) else get_bit $b (sz (j - 8))) +"# + ))] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + #[inline(always)] + pub(crate) fn deserialize_1_u8s(a: u8, b: u8) -> Vec256 { + deserialize_1_i16s(a as i16, b as i16) + } + + #[hax_lib::ensures(|coefficients| fstar!( + r#"forall (i:nat{i < 256}). + $coefficients i + = ( if i % 16 >= 1 then 0 + else let j = (i / 16) * 1 + i % 16 in + if i < 128 then get_bit $a (sz j) else get_bit $b (sz (j - 8))) +"# + ))] + #[inline(always)] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + pub(crate) fn deserialize_1_i16s(a: i16, b: i16) -> Vec256 { + // We need to take each bit from the 2 bytes of input and put them + // into their own 16-bit lane. Ideally, we'd load the two bytes into the vector, + // duplicate them, and right-shift the 0th element by 0 bits, + // the first element by 1 bit, the second by 2 bits and so on before AND-ing + // with 0x1 to leave only the least signifinicant bit. + // But since |_mm256_srlv_epi16| does not exist, so we have to resort to a + // workaround. + // + // Rather than shifting each element by a different amount, we'll multiply + // each element by a value such that the bit we're interested in becomes the most + // significant bit. + // The coefficients are loaded as follows: + let coefficients = mm256_set_epi16(b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a); + + // And this vector, when multiplied with the previous one, ensures that the + // bit we'd like to keep in each lane becomes the most significant bit upon + // multiplication. + let coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16( + 1 << 8, + 1 << 9, + 1 << 10, + 1 << 11, + 1 << 12, + 1 << 13, + 1 << 14, + -32768, + 1 << 8, + 1 << 9, + 1 << 10, + 1 << 11, + 1 << 12, + 1 << 13, + 1 << 14, + -32768, + ), + ); + + // Now that they're all in the most significant bit position, shift them + // down to the least significant bit. + mm256_srli_epi16::<15>(coefficients_in_msb) + } + + deserialize_1_u8s(bytes[0], bytes[1]) +} - // Now that they're all in the most significant bit position, shift them - // down to the least significant bit. - mm256_srli_epi16::<15>(coefficients_in_msb) +/// `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets +/// of the shape `0b0…0b₁…bₙa₁…aₙ`, if `x` is a sequence of pairs of +/// 16 bits, of the shape `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` (where the last +/// `n` bits are non-zero). +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_concat_pairs_n}")] +#[inline(always)] +fn mm256_concat_pairs_n(n: u8, x: Vec256) -> Vec256 { + let n = 1 << n; + mm256_madd_epi16( + x, + mm256_set_epi16(n, 1, n, 1, n, 1, n, 1, n, 1, n, 1, n, 1, n, 1), + ) } +#[hax_lib::fstar::options("--ext context_pruning --split_queries always")] +#[hax_lib::requires( + fstar!( + r#"forall (i: nat{i < 256}). i % 16 < 4 || $vector i = 0"# + ) +)] +#[hax_lib::ensures(|r| fstar!("forall (i: nat{i < 64}). bit_vec_of_int_t_array $r 8 i == $vector ((i/4) * 16 + i%4)"))] #[inline(always)] pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] { let mut serialized = [0u8; 16]; @@ -124,27 +191,7 @@ pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] { // as follows: // // 0x00_00_00_BA 0x00_00_00_DC | 0x00_00_00_FE 0x00_00_00_HG | ... - let adjacent_2_combined = mm256_madd_epi16( - vector, - mm256_set_epi16( - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - ), - ); + let adjacent_2_combined = mm256_concat_pairs_n(4, vector); // Recall that |adjacent_2_combined| goes as follows: // @@ -172,71 +219,131 @@ pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] { // ... so that we can read them out in one go. mm_storeu_bytes_si128(&mut serialized, combined); + hax_lib::fstar!( + r#" +assert (forall (i: nat{i < 64}). $combined i == bit_vec_of_int_t_array serialized 8 i); + introduce forall (i: nat {i < 64}). $combined i = vector ((i / 4) * 16 + i % 4) + with assert_norm (BitVec.Utils.forall64 (fun i -> $combined i = $vector ((i / 4) * 16 + i % 4))); + assert (forall (i: nat{i < 64}). bit_vec_of_int_t_array serialized 8 i == $vector ((i / 4) * 16 + i % 4)) +"# + ); + serialized[0..8].try_into().unwrap() } #[inline(always)] +#[hax_lib::requires(bytes.len() == 8)] +#[hax_lib::ensures(|result| fstar!(r#"forall (i: nat{i < 256}). + $result i = (if i % 16 >= 4 then 0 + else let j = (i / 16) * 4 + i % 16 in + bit_vec_of_int_t_array ($bytes <: t_Array _ (sz 8)) 8 j)"#))] +#[hax_lib::fstar::before("#restart-solver")] pub(crate) fn deserialize_4(bytes: &[u8]) -> Vec256 { - // Every 4 bits from each byte of input should be put into its own 16-bit lane. - // Since |_mm256_srlv_epi16| does not exist, we have to resort to a workaround. - // - // Rather than shifting each element by a different amount, we'll multiply - // each element by a value such that the bits we're interested in become the most - // significant bits (of an 8-bit value). - let coefficients = mm256_set_epi16( - // In this lane, the 4 bits we need to put are already the most - // significant bits of |bytes[7]|. - bytes[7] as i16, - // In this lane, the 4 bits we need to put are the least significant bits, - // so we need to shift the 4 least-significant bits of |bytes[7]| to the - // most significant bits (of an 8-bit value). - bytes[7] as i16, - // and so on ... - bytes[6] as i16, - bytes[6] as i16, - bytes[5] as i16, - bytes[5] as i16, - bytes[4] as i16, - bytes[4] as i16, - bytes[3] as i16, - bytes[3] as i16, - bytes[2] as i16, - bytes[2] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[0] as i16, - bytes[0] as i16, - ); - - let shift_lsbs_to_msbs = mm256_set_epi16( - // These constants are chosen to shift the bits of the values - // that we loaded into |coefficients|. - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - ); - - let coefficients_in_msb = mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); - - // Once the 4-bit coefficients are in the most significant positions (of - // an 8-bit value), shift them all down by 4. - let coefficients_in_lsb = mm256_srli_epi16::<4>(coefficients_in_msb); - - // Zero the remaining bits. - mm256_and_si256(coefficients_in_lsb, mm256_set1_epi16((1 << 4) - 1)) + #[hax_lib::ensures(|coefficients| fstar!( + r#"forall (i:nat{i < 256}). + $coefficients i + = ( if i % 16 < 4 + then let j = (i / 16) * 4 + i % 16 in + (match i / 32 with + | 0 -> get_bit $b0 (sz j) + | 1 -> get_bit $b1 (sz (j - 8)) + | 2 -> get_bit $b2 (sz (j - 16)) + | 3 -> get_bit $b3 (sz (j - 24)) + | 4 -> get_bit $b4 (sz (j - 32)) + | 5 -> get_bit $b5 (sz (j - 40)) + | 6 -> get_bit $b6 (sz (j - 48)) + | 7 -> get_bit $b7 (sz (j - 56))) + else 0) +"# + ))] + #[inline(always)] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + fn deserialize_4_u8s(b0: u8, b1: u8, b2: u8, b3: u8, b4: u8, b5: u8, b6: u8, b7: u8) -> Vec256 { + deserialize_4_i16s( + b0 as i16, b1 as i16, b2 as i16, b3 as i16, b4 as i16, b5 as i16, b6 as i16, b7 as i16, + ) + } + + #[hax_lib::ensures(|coefficients| fstar!( + r#"forall (i:nat{i < 256}). + $coefficients i + = ( if i % 16 < 4 + then let j = (i / 16) * 4 + i % 16 in + (match i / 32 with + | 0 -> get_bit $b0 (sz j) + | 1 -> get_bit $b1 (sz (j - 8)) + | 2 -> get_bit $b2 (sz (j - 16)) + | 3 -> get_bit $b3 (sz (j - 24)) + | 4 -> get_bit $b4 (sz (j - 32)) + | 5 -> get_bit $b5 (sz (j - 40)) + | 6 -> get_bit $b6 (sz (j - 48)) + | 7 -> get_bit $b7 (sz (j - 56))) + else 0) +"# + ))] + #[inline(always)] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + fn deserialize_4_i16s( + b0: i16, + b1: i16, + b2: i16, + b3: i16, + b4: i16, + b5: i16, + b6: i16, + b7: i16, + ) -> Vec256 { + // Every 4 bits from each byte of input should be put into its own 16-bit lane. + // Since |_mm256_srlv_epi16| does not exist, we have to resort to a workaround. + // + // Rather than shifting each element by a different amount, we'll multiply + // each element by a value such that the bits we're interested in become the most + // significant bits (of an 8-bit value). + let coefficients = mm256_set_epi16( + // In this lane, the 4 bits we need to put are already the most + // significant bits of |bytes[7]| (that is, b7). + b7, + // In this lane, the 4 bits we need to put are the least significant bits, + // so we need to shift the 4 least-significant bits of |b7| to the + // most significant bits (of an 8-bit value). + b7, // and so on ... + b6, b6, b5, b5, b4, b4, b3, b3, b2, b2, b1, b1, b0, b0, + ); + let coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16( + // These constants are chosen to shift the bits of the values + // that we loaded into |coefficients|. + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + ), + ); + + // Once the 4-bit coefficients are in the most significant positions (of + // an 8-bit value), shift them all down by 4. + let coefficients_in_lsb = mm256_srli_epi16::<4>(coefficients_in_msb); + + // Zero the remaining bits. + mm256_and_si256(coefficients_in_lsb, mm256_set1_epi16((1 << 4) - 1)) + } + + deserialize_4_u8s( + bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5], bytes[6], bytes[7], + ) } #[inline(always)] @@ -336,15 +443,31 @@ pub(crate) fn serialize_5(vector: Vec256) -> [u8; 10] { serialized[0..10].try_into().unwrap() } +/// We cannot model `mm256_inserti128_si256` on its own: it produces a +/// Vec256 where the upper 128 bits are undefined. Thus +/// `mm256_inserti128_si256` is not pure. +/// +/// Luckily, we always call `mm256_castsi128_si256` right after +/// `mm256_inserti128_si256`: this composition sets the upper bits, +/// making the whole computation pure again. #[inline(always)] +#[hax_lib::fstar::replace( + interface, + "include BitVec.Intrinsics {mm256_si256_from_two_si128 as ${mm256_si256_from_two_si128}}" +)] +fn mm256_si256_from_two_si128(lower: Vec128, upper: Vec128) -> Vec256 { + mm256_inserti128_si256::<1>(mm256_castsi128_si256(lower), upper) +} + +#[inline(always)] +#[hax_lib::requires(fstar!(r#"Seq.length bytes == 10"#))] pub(crate) fn deserialize_5(bytes: &[u8]) -> Vec256 { let coefficients = mm_set_epi8( bytes[9], bytes[8], bytes[8], bytes[7], bytes[7], bytes[6], bytes[6], bytes[5], bytes[4], bytes[3], bytes[3], bytes[2], bytes[2], bytes[1], bytes[1], bytes[0], ); - let coefficients_loaded = mm256_castsi128_si256(coefficients); - let coefficients_loaded = mm256_inserti128_si256::<1>(coefficients_loaded, coefficients); + let coefficients_loaded = mm256_si256_from_two_si128(coefficients, coefficients); let coefficients = mm256_shuffle_epi8( coefficients_loaded, @@ -379,137 +502,172 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> Vec256 { } #[inline(always)] +#[hax_lib::fstar::options("--ext context_pruning --split_queries always")] +#[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0"))] +#[hax_lib::ensures(|r| fstar!("forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i/10) * 16 + i%10)"))] pub(crate) fn serialize_10(vector: Vec256) -> [u8; 20] { - let mut serialized = [0u8; 32]; + #[hax_lib::fstar::options("--ext context_pruning --split_queries always")] + #[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0"))] + #[hax_lib::ensures(|(lower_8, upper_8)| fstar!( + r#" + forall (i: nat{i < 160}). + vector ((i/10) * 16 + i%10) == (if i < 80 then $lower_8 i else $upper_8 (i - 80)) + ) + "# + ))] + fn serialize_10_vec(vector: Vec256) -> (Vec128, Vec128) { + // If |vector| is laid out as follows (superscript number indicates the + // corresponding bit is duplicated that many times): + // + // 0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀ 0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩ + // 0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀ 0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ + // ... + // + // |adjacent_2_combined| will be laid out as a series of 32-bit integers, + // as follows: + // + // 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ + // 0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ + // .... + let adjacent_2_combined = mm256_concat_pairs_n(10, vector); + + // Shifting up the values at the even indices by 12, we get: + // + // b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ + // f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ + // ... + let adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32(0, 12, 0, 12, 0, 12, 0, 12), + ); + + // Viewing this as a set of 64-bit integers we get: + // + // 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² | ↩ + // 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² | ↩ + // ... + // + // Shifting down by 12 gives us: + // + // 0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ | ↩ + // 0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ | ↩ + // ... + let adjacent_4_combined = mm256_srli_epi64::<12>(adjacent_4_combined); + + // |adjacent_4_combined|, when the bottom and top 128 bit-lanes are grouped + // into bytes, looks like: + // + // 0₇0₆0₅B₄B₃B₂B₁B₀ | ↩ + // 0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩ + // + // In each 128-bit lane, we want to put bytes 8, 9, 10, 11, 12 after + // bytes 0, 1, 2, 3 to allow for sequential reading. + let adjacent_8_combined = mm256_shuffle_epi8( + adjacent_4_combined, + mm256_set_epi8( + -1, -1, -1, -1, -1, -1, 12, 11, 10, 9, 8, 4, 3, 2, 1, 0, -1, -1, -1, -1, -1, -1, + 12, 11, 10, 9, 8, 4, 3, 2, 1, 0, + ), + ); + // We now have 64 bits starting at position 0 in the lower 128-bit lane, ... + let lower_8 = mm256_castsi256_si128(adjacent_8_combined); + // and 64 bits starting at position 0 in the upper 128-bit lane. + let upper_8 = mm256_extracti128_si256::<1>(adjacent_8_combined); + hax_lib::fstar!( + r#" + introduce forall (i:nat{i < 80}). lower_8_ i = vector ((i / 10) * 16 + i % 10) + with assert_norm (BitVec.Utils.forall_n 80 (fun i -> lower_8_ i = vector ((i / 10) * 16 + i % 10))); + introduce forall (i:nat{i < 80}). upper_8_ i = vector (128 + (i / 10) * 16 + i % 10) + with assert_norm (BitVec.Utils.forall_n 80 (fun i -> upper_8_ i = vector (128 + (i / 10) * 16 + i % 10))) + "# + ); + (lower_8, upper_8) + } + + let (lower_8, upper_8) = serialize_10_vec(vector); - // If |vector| is laid out as follows (superscript number indicates the - // corresponding bit is duplicated that many times): - // - // 0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀ 0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩ - // 0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀ 0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ - // ... - // - // |adjacent_2_combined| will be laid out as a series of 32-bit integers, - // as follows: - // - // 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ - // 0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ - // .... - let adjacent_2_combined = mm256_madd_epi16( - vector, - mm256_set_epi16( - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - ), - ); - - // Shifting up the values at the even indices by 12, we get: - // - // b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ - // f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ - // ... - let adjacent_4_combined = mm256_sllv_epi32( - adjacent_2_combined, - mm256_set_epi32(0, 12, 0, 12, 0, 12, 0, 12), - ); - - // Viewing this as a set of 64-bit integers we get: - // - // 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² | ↩ - // 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² | ↩ - // ... - // - // Shifting down by 12 gives us: - // - // 0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ | ↩ - // 0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ | ↩ - // ... - let adjacent_4_combined = mm256_srli_epi64::<12>(adjacent_4_combined); - - // |adjacent_4_combined|, when the bottom and top 128 bit-lanes are grouped - // into bytes, looks like: - // - // 0₇0₆0₅B₄B₃B₂B₁B₀ | ↩ - // 0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩ - // - // In each 128-bit lane, we want to put bytes 8, 9, 10, 11, 12 after - // bytes 0, 1, 2, 3 to allow for sequential reading. - let adjacent_8_combined = mm256_shuffle_epi8( - adjacent_4_combined, - mm256_set_epi8( - -1, -1, -1, -1, -1, -1, 12, 11, 10, 9, 8, 4, 3, 2, 1, 0, -1, -1, -1, -1, -1, -1, 12, - 11, 10, 9, 8, 4, 3, 2, 1, 0, - ), - ); - - // We now have 64 bits starting at position 0 in the lower 128-bit lane, ... - let lower_8 = mm256_castsi256_si128(adjacent_8_combined); + let mut serialized = [0u8; 32]; mm_storeu_bytes_si128(&mut serialized[0..16], lower_8); - - // and 64 bits starting at position 0 in the upper 128-bit lane. - let upper_8 = mm256_extracti128_si256::<1>(adjacent_8_combined); mm_storeu_bytes_si128(&mut serialized[10..26], upper_8); serialized[0..20].try_into().unwrap() } #[inline(always)] +#[hax_lib::requires(fstar!(r#"Seq.length bytes == 20"#))] +#[hax_lib::ensures(|result| fstar!(r#"forall (i: nat{i < 256}). + $result i = (if i % 16 >= 10 then 0 + else let j = (i / 16) * 10 + i % 16 in + bit_vec_of_int_t_array ($bytes <: t_Array _ (sz 20)) 8 j)"#))] pub(crate) fn deserialize_10(bytes: &[u8]) -> Vec256 { - let shift_lsbs_to_msbs = mm256_set_epi16( - 1 << 0, - 1 << 2, - 1 << 4, - 1 << 6, - 1 << 0, - 1 << 2, - 1 << 4, - 1 << 6, - 1 << 0, - 1 << 2, - 1 << 4, - 1 << 6, - 1 << 0, - 1 << 2, - 1 << 4, - 1 << 6, - ); - - let lower_coefficients = mm_loadu_si128(&bytes[0..16]); - let lower_coefficients = mm_shuffle_epi8( - lower_coefficients, - mm_set_epi8(9, 8, 8, 7, 7, 6, 6, 5, 4, 3, 3, 2, 2, 1, 1, 0), - ); - let upper_coefficients = mm_loadu_si128(&bytes[4..20]); - let upper_coefficients = mm_shuffle_epi8( - upper_coefficients, - mm_set_epi8(15, 14, 14, 13, 13, 12, 12, 11, 10, 9, 9, 8, 8, 7, 7, 6), - ); - - let coefficients = mm256_castsi128_si256(lower_coefficients); - let coefficients = mm256_inserti128_si256::<1>(coefficients, upper_coefficients); - - let coefficients = mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); - let coefficients = mm256_srli_epi16::<6>(coefficients); - let coefficients = mm256_and_si256(coefficients, mm256_set1_epi16((1 << 10) - 1)); - - coefficients + #[inline(always)] + #[hax_lib::ensures(|coefficients| fstar!(r#" +forall (i: nat {i < 256}). + $coefficients i + = ( if i % 16 >= 10 then 0 + else let j = (i / 16) * 10 + i % 16 in + if i < 128 then $lower_coefficients0 j else $upper_coefficients0 (j - 32))) +"#))] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + fn deserialize_10_vec(lower_coefficients0: Vec128, upper_coefficients0: Vec128) -> Vec256 { + let lower_coefficients = mm_shuffle_epi8( + lower_coefficients0, + mm_set_epi8(9, 8, 8, 7, 7, 6, 6, 5, 4, 3, 3, 2, 2, 1, 1, 0), + ); + let upper_coefficients = mm_shuffle_epi8( + upper_coefficients0, + mm_set_epi8(15, 14, 14, 13, 13, 12, 12, 11, 10, 9, 9, 8, 8, 7, 7, 6), + ); + + let coefficients = mm256_si256_from_two_si128(lower_coefficients, upper_coefficients); + + let coefficients = mm256_mullo_epi16( + coefficients, + mm256_set_epi16( + 1 << 0, + 1 << 2, + 1 << 4, + 1 << 6, + 1 << 0, + 1 << 2, + 1 << 4, + 1 << 6, + 1 << 0, + 1 << 2, + 1 << 4, + 1 << 6, + 1 << 0, + 1 << 2, + 1 << 4, + 1 << 6, + ), + ); + let coefficients = mm256_srli_epi16::<6>(coefficients); + // Here I can prove this `and` is not useful + let coefficients = mm256_and_si256(coefficients, mm256_set1_epi16((1 << 10) - 1)); + hax_lib::fstar!( + r#" +assert_norm(BitVec.Utils.forall256 (fun i -> + $coefficients i + = ( if i % 16 < 10 + then let j = (i / 16) * 10 + i % 16 in + if i < 128 then $lower_coefficients0 j else $upper_coefficients0 (j - 32) + else 0))) +"# + ); + coefficients + } + + let lower_coefficients = &bytes[0..16]; + let upper_coefficients = &bytes[4..20]; + deserialize_10_vec( + mm_loadu_si128(lower_coefficients), + mm_loadu_si128(upper_coefficients), + ) } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(crate) fn serialize_11(vector: Vec256) -> [u8; 22] { let mut array = [0i16; 16]; mm256_storeu_si256_i16(&mut array, vector); @@ -518,6 +676,7 @@ pub(crate) fn serialize_11(vector: Vec256) -> [u8; 22] { } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(crate) fn deserialize_11(bytes: &[u8]) -> Vec256 { let output = PortableVector::deserialize_11(bytes); let array = PortableVector::to_i16_array(output); @@ -525,46 +684,49 @@ pub(crate) fn deserialize_11(bytes: &[u8]) -> Vec256 { } #[inline(always)] +#[hax_lib::fstar::options("--ext context_pruning --split_queries always")] +#[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0"))] +#[hax_lib::ensures(|r| fstar!("forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i/12) * 16 + i%12)"))] pub(crate) fn serialize_12(vector: Vec256) -> [u8; 24] { - let mut serialized = [0u8; 32]; - - let adjacent_2_combined = mm256_madd_epi16( - vector, - mm256_set_epi16( - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - ), - ); - - let adjacent_4_combined = - mm256_sllv_epi32(adjacent_2_combined, mm256_set_epi32(0, 8, 0, 8, 0, 8, 0, 8)); - let adjacent_4_combined = mm256_srli_epi64::<8>(adjacent_4_combined); - - let adjacent_8_combined = mm256_shuffle_epi8( - adjacent_4_combined, - mm256_set_epi8( - -1, -1, -1, -1, 13, 12, 11, 10, 9, 8, 5, 4, 3, 2, 1, 0, -1, -1, -1, -1, 13, 12, 11, 10, - 9, 8, 5, 4, 3, 2, 1, 0, - ), - ); - - let lower_8 = mm256_castsi256_si128(adjacent_8_combined); - let upper_8 = mm256_extracti128_si256::<1>(adjacent_8_combined); + #[inline(always)] + #[hax_lib::fstar::options("--ext context_pruning --split_queries always")] + #[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0"))] + #[hax_lib::ensures(|(lower_8, upper_8)| fstar!( + r#" + forall (i: nat{i < 192}). + vector ((i/12) * 16 + i%12) == (if i < 96 then $lower_8 i else $upper_8 (i - 96)) + ) + "# + ))] + fn serialize_12_vec(vector: Vec256) -> (Vec128, Vec128) { + let adjacent_2_combined = mm256_concat_pairs_n(12, vector); + let adjacent_4_combined = + mm256_sllv_epi32(adjacent_2_combined, mm256_set_epi32(0, 8, 0, 8, 0, 8, 0, 8)); + let adjacent_4_combined = mm256_srli_epi64::<8>(adjacent_4_combined); + + let adjacent_8_combined = mm256_shuffle_epi8( + adjacent_4_combined, + mm256_set_epi8( + -1, -1, -1, -1, 13, 12, 11, 10, 9, 8, 5, 4, 3, 2, 1, 0, -1, -1, -1, -1, 13, 12, 11, + 10, 9, 8, 5, 4, 3, 2, 1, 0, + ), + ); + + let lower_8 = mm256_castsi256_si128(adjacent_8_combined); + let upper_8 = mm256_extracti128_si256::<1>(adjacent_8_combined); + hax_lib::fstar!( + r#" + introduce forall (i:nat{i < 96}). lower_8_ i = vector ((i / 12) * 16 + i % 12) + with assert_norm (BitVec.Utils.forall_n 96 (fun i -> lower_8_ i = vector ((i / 12) * 16 + i % 12))); + introduce forall (i:nat{i < 96}). upper_8_ i = vector (128 + (i / 12) * 16 + i % 12) + with assert_norm (BitVec.Utils.forall_n 96 (fun i -> upper_8_ i = vector (128 + (i / 12) * 16 + i % 12))) + "# + ); + (lower_8, upper_8) + } + let mut serialized = [0u8; 32]; + let (lower_8, upper_8) = serialize_12_vec(vector); mm_storeu_bytes_si128(&mut serialized[0..16], lower_8); mm_storeu_bytes_si128(&mut serialized[12..28], upper_8); @@ -572,43 +734,69 @@ pub(crate) fn serialize_12(vector: Vec256) -> [u8; 24] { } #[inline(always)] +#[hax_lib::requires(fstar!(r#"Seq.length bytes == 24"#))] +#[hax_lib::ensures(|result| fstar!(r#"forall (i: nat{i < 256}). + $result i = (if i % 16 >= 12 then 0 + else let j = (i / 16) * 12 + i % 16 in + bit_vec_of_int_t_array ($bytes <: t_Array _ (sz 24)) 8 j)"#))] pub(crate) fn deserialize_12(bytes: &[u8]) -> Vec256 { - let shift_lsbs_to_msbs = mm256_set_epi16( - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - ); - + #[inline(always)] + #[hax_lib::ensures(|coefficients| fstar!(r#" +forall (i: nat {i < 256}). + $coefficients i + = ( if i % 16 >= 12 then 0 + else let j = (i / 16) * 12 + i % 16 in + if i < 128 then $lower_coefficients0 j else $upper_coefficients0 (j - 64))) +"#))] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + fn deserialize_12_vec(lower_coefficients0: Vec128, upper_coefficients0: Vec128) -> Vec256 { + let lower_coefficients = mm_shuffle_epi8( + lower_coefficients0, + mm_set_epi8(11, 10, 10, 9, 8, 7, 7, 6, 5, 4, 4, 3, 2, 1, 1, 0), + ); + let upper_coefficients = mm_shuffle_epi8( + upper_coefficients0, + mm_set_epi8(15, 14, 14, 13, 12, 11, 11, 10, 9, 8, 8, 7, 6, 5, 5, 4), + ); + + let coefficients = mm256_si256_from_two_si128(lower_coefficients, upper_coefficients); + + let coefficients = mm256_mullo_epi16( + coefficients, + mm256_set_epi16( + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + ), + ); + let coefficients = mm256_srli_epi16::<4>(coefficients); + let coefficients = mm256_and_si256(coefficients, mm256_set1_epi16((1 << 12) - 1)); + hax_lib::fstar!( + r#" +assert_norm(BitVec.Utils.forall256 (fun i -> + $coefficients i + = ( if i % 16 < 12 + then let j = (i / 16) * 12 + i % 16 in + if i < 128 then $lower_coefficients0 j else $upper_coefficients0 (j - 64) + else 0))) +"# + ); + coefficients + } let lower_coefficients = mm_loadu_si128(&bytes[0..16]); - let lower_coefficients = mm_shuffle_epi8( - lower_coefficients, - mm_set_epi8(11, 10, 10, 9, 8, 7, 7, 6, 5, 4, 4, 3, 2, 1, 1, 0), - ); let upper_coefficients = mm_loadu_si128(&bytes[8..24]); - let upper_coefficients = mm_shuffle_epi8( - upper_coefficients, - mm_set_epi8(15, 14, 14, 13, 12, 11, 11, 10, 9, 8, 8, 7, 6, 5, 5, 4), - ); - - let coefficients = mm256_castsi128_si256(lower_coefficients); - let coefficients = mm256_inserti128_si256::<1>(coefficients, upper_coefficients); - - let coefficients = mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); - let coefficients = mm256_srli_epi16::<4>(coefficients); - let coefficients = mm256_and_si256(coefficients, mm256_set1_epi16((1 << 12) - 1)); - - coefficients + deserialize_12_vec(lower_coefficients, upper_coefficients) } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 61679a724..b92ee9c91 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -235,7 +235,7 @@ pub fn to_unsigned_representative(a: T) -> T { T::add(a, &fm) } -#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::fstar::options("--z3rlimit 200 --split_queries always")] #[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in (x == 0s \\/ x == 1s)"))] pub fn decompress_1(vec: T) -> T { diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst new file mode 100644 index 000000000..0e4db4e49 --- /dev/null +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst @@ -0,0 +1,69 @@ +module Libcrux_platform.X86 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +(* item error backend: (reject_Unsafe) ExplicitRejection { reason: "a node of kind [Unsafe] have been found in the AST" } +Last available AST for this item: + +#[inline(never)] +#[inline(always)] +#[cfg(any(target_arch = "x86", target_arch = "x86_64"))] +#[allow(non_upper_case_globals)] +#[no_std()] +#[feature(register_tool)] +#[register_tool(_hax)] +unsafe fn init__cpuid(leaf: int) -> core::core_arch::x86::cpuid::t_CpuidResult { + rust_primitives::hax::dropped_body +} + + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_platform"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "x86"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "init"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "cpuid"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (reject_Unsafe) ExplicitRejection { reason: "a node of kind [Unsafe] have been found in the AST" } +Last available AST for this item: + +#[inline(never)] +#[inline(always)] +#[cfg(any(target_arch = "x86", target_arch = "x86_64"))] +#[allow(non_upper_case_globals)] +#[no_std()] +#[feature(register_tool)] +#[register_tool(_hax)] +unsafe fn init__cpuid_count( + leaf: int, + sub_leaf: int, +) -> core::core_arch::x86::cpuid::t_CpuidResult { + rust_primitives::hax::dropped_body +} + + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_platform"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "x86"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "init"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "cpuid_count"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *)