Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change saw-core tuple representation. #1612

Draft
wants to merge 27 commits into
base: master
Choose a base branch
from
Draft

Change saw-core tuple representation. #1612

wants to merge 27 commits into from

Conversation

brianhuffman
Copy link
Contributor

We now have an explicit AST constructor for arbitrary-size tuple values.

Tuple types are formalized as a type constructor that takes a list
of types as an argument:

data TypeList : sort 1 where {
TypeNil : TypeList;
TypeCons : sort 0 -> TypeList -> TypeList;
}

primitive Tuple : TypeList -> sort 0;

Additional primitives allow constructing and deconstructing tuples
in a nested fashion:

primitive headTuple : (t : sort 0) -> (ts : TypeList) -> Tuple (TypeCons t ts) -> t;
primitive tailTuple : (t : sort 0) -> (ts : TypeList) -> Tuple (TypeCons t ts) -> Tuple ts;
primitive consTuple : (t : sort 0) -> (ts : TypeList) -> t -> Tuple ts -> Tuple (TypeCons t ts);

NOTE: This commit makes the cryptol-saw-core test suite pass, but
saw-core-coq fails to compile. Further changes will be necessary.

Change saw-core tuple representation.
4a961b3 
We now have an explicit AST constructor for arbitrary-size tuple values.

Tuple types are formalized as a type constructor that takes a list
of types as an argument:

data TypeList : sort 1 where {
    TypeNil : TypeList;
    TypeCons : sort 0 -> TypeList -> TypeList;
  }

primitive Tuple : TypeList -> sort 0;

Additional primitives allow constructing and deconstructing tuples
in a nested fashion:

primitive headTuple : (t : sort 0) -> (ts : TypeList) -> Tuple (TypeCons t ts) -> t;
primitive tailTuple : (t : sort 0) -> (ts : TypeList) -> Tuple (TypeCons t ts) -> Tuple ts;
primitive consTuple : (t : sort 0) -> (ts : TypeList) -> t -> Tuple ts -> Tuple (TypeCons t ts);

NOTE: This commit makes the cryptol-saw-core test suite pass, but
saw-core-coq fails to compile. Further changes will be necessary.
@brianhuffman
Copy link
Contributor Author

The plan is to use a similar encoding for record types as well. The end goal is to get an injective mapping of Cryptol types into saw-core.

@eddywestbrook I will need your assistance to figure out how to translate the new tuple encoding into Coq.

@brianhuffman brianhuffman mentioned this pull request Mar 16, 2022
Open
@brianhuffman brianhuffman marked this pull request as ready for review March 16, 2022 18:17
Brian Huffman added 3 commits March 16, 2022 15:30
Adapt crux-mir-comp to changed tuple representation.
453cdb0
Fix definition of ensureTupleType in SCTypeCheck.hs.
84e0573 
With the new tuple representation, a single tuple type is represented
as not a single AST node, but a whole pile of constructor applications
(`Tuple`, `TypeCons`, `TypeNil`). A single call to WHNF followed by
running the syntactic recognizer is not sufficient; we may need to
evaluate to WHNF separately on each constructor.
Remove saw-core parenthesized tuple selector syntax "x.(1)".
0b43f8f 
With the new tuple representation the distinction between "x.1" and
"x.(1)" is no longer needed.
Brian Huffman added 12 commits March 18, 2022 13:38
Change saw-core tuple representation.
75b639c 
We now have an explicit AST constructor for arbitrary-size tuple values.

Tuple types are formalized as a type constructor that takes a list
of types as an argument:

data TypeList : sort 1 where {
    TypeNil : TypeList;
    TypeCons : sort 0 -> TypeList -> TypeList;
  }

primitive Tuple : TypeList -> sort 0;

Additional primitives allow constructing and deconstructing tuples
in a nested fashion:

primitive headTuple : (t : sort 0) -> (ts : TypeList) -> Tuple (TypeCons t ts) -> t;
primitive tailTuple : (t : sort 0) -> (ts : TypeList) -> Tuple (TypeCons t ts) -> Tuple ts;
primitive consTuple : (t : sort 0) -> (ts : TypeList) -> t -> Tuple ts -> Tuple (TypeCons t ts);

NOTE: This commit makes the cryptol-saw-core test suite pass, but
saw-core-coq fails to compile. Further changes will be necessary.
Reinstate pair-related functions to Verifier/SAW/OpenTerm.hs
016cdbc 
These functions are now just the tuple functions specialized to
tuples of size 2.
Adapt heapster-saw to changed tuple representation.
65966e7
Adapt saw-core-coq to changed tuple representation.
3051800
Adapt saw-script to changed tuple representation.
46a0c6d
Adapt crux-mir-comp to changed tuple representation.
b6f308a
Fix definition of ensureTupleType in SCTypeCheck.hs.
7ce2fce 
With the new tuple representation, a single tuple type is represented
as not a single AST node, but a whole pile of constructor applications
(`Tuple`, `TypeCons`, `TypeNil`). A single call to WHNF followed by
running the syntactic recognizer is not sufficient; we may need to
evaluate to WHNF separately on each constructor.
Remove saw-core parenthesized tuple selector syntax "x.(1)".
4af3cbf 
With the new tuple representation the distinction between "x.1" and
"x.(1)" is no longer needed.
Rewrite CompM combinators in Prelude.sawcore to use new tuple types.
b1fad07
Update saw-core tuple syntax in heapster-saw/examples.
5c93c78
Restore special cases to tuple operations in Heapster/SAWTranslation.
2edef5f 
This avoids construction of 1-tuples.

This makes many of the example proof scripts work again.
Export typeListOpenTerm from OpenTerm library.
aa624a8
Add Coq definitions for Tuple and {head,tail,cons}Tuple functions.
6d50ea7 
These still need to be associated with the corresponding SAW primitives
in `Translation/Coq/SpecialTreatment.hs`. Note that the definitions also
expect the SAW type `TypeList` to be translated to `list Type` in Coq.
@brianhuffman
Copy link
Contributor Author

I added some Coq code to SAWCoreScaffolding.v that implements the new Tuple-related primitives. SpecialTreatment.hs still needs to be updated to associate those with the new SAW primitives; datatype TypeList should also be set up to map to list Type in Coq.

Some of the saw-script files in heapster-saw/examples are working currently:

  • c_data.saw
  • exp_explosion.saw
  • global_var.saw
  • iso_recursive.saw
  • linked_list.saw
  • memcpy.saw
  • rust_data.saw
  • rust_lifetimes.saw
  • string_set.saw
  • xor_swap.saw
  • xor_swap_rust.saw

The other saw-script files fail on heapster_typecheck_fun commands with saw-core type errors. The errors occur when type checking the term tup_fun on this line:

saw-script/heapster-saw/src/Verifier/SAW/Heapster/SAWTranslation.hs

Lines 4869 to 4870 in bc564dd

tup_fun_tm <- completeNormOpenTerm sc $
applyOpenTermMulti (globalOpenTerm "Prelude.multiFixM") [lrts, tup_fun]

The type error (once you simplify all the type functions involved) seems to always involves a mismatch between a type t and the 1-tuple type #(t). The 1-tuple type is normally not used, but can occur when you are using consTuple to construct tuples iteratively.

Unfortunately I have not yet implemented the syntax for tuple types in the saw-core pretty-printer, so types like #() and #(a, b) still print out as Prelude.Tuple Prelude.TypeNil and Prelude.Tuple (Prelude.TypeCons a (Prelude.TypeCons b Prelude.TypeNil)). That's on my TODO list.

@brianhuffman brianhuffman marked this pull request as draft March 18, 2022 20:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@chameco chameco

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@brianhuffman @chameco