Conversation
parrot7483
force-pushed
the
Parrot7483/sha3-type-check
branch
from
8f7a614 to
223bcaf
Compare
franziskuskiefer
left a comment
franziskuskiefer
left a comment
There was a problem hiding this comment.
Sorry for being a little slow on this.
Here a couple first comments. Can you address them and update? Then we can do another round.
There was a problem hiding this comment.
This requires the unconditional hax_lib dependency for debug builds. Is there a better way to do this?
There was a problem hiding this comment.
I don't think I understand this correctly. Would putting a cfg(hax) be enough? It is only needed for proof.
|
@franziskuskiefer I applied your feedback and also cherry-picked one commit from my AVX/NEON branch adding the correct precondition on the traits and doing some light refactoring (mainly having consistent names for variables). |
franziskuskiefer
left a comment
franziskuskiefer
left a comment
There was a problem hiding this comment.
Thanks, looks pretty good. A couple things and some cleanup, then this can go in.
libcrux-sha3/src/simd/portable.rs
Outdated
There was a problem hiding this comment.
Are these changes needed for the proof? If yes, they'd need some explanation to why. If not, we should keep it as is.
Same for the similar change below.
There was a problem hiding this comment.
Yes, if I inline everything F* can't figure out that the bounds are correct every time. Sometimes it works sometimes it doesn't.
I think inlining let bytes = get_ij(s, octets / 5, octets % 5).to_le_bytes() should be possible.
| " | ||
| )] | ||
| pub(crate) trait Squeeze1<T: KeccakItem<1>> { | ||
| #[hax_lib::attributes] | ||
| pub(crate) trait Squeeze<T: KeccakItem<1>> { |
There was a problem hiding this comment.
Why did this lose the 1?
There was a problem hiding this comment.
I want to emphasize that having the Squeeze trait multiple times is because of HAX not supporting &[&mut [u8]; N] or other types with mutables inside. If that would work that would simplify a lot of things in this crate. I will write a comment explaining it.
|
@franziskuskiefer I applied your review. cherry-picked 1064d0d from SIMD branch. Merged main. |
github-actions
bot
dismissed
franziskuskiefer’s stale review
Review re-requested
parrot7483
force-pushed
the
Parrot7483/sha3-type-check
branch
from
fb88708 to
153b003
Compare
|
I have a tendency to pressing these big green buttons on github messing everything up. sorry. |
jschneider-bensch
added
the
waiting-on-author
parrot7483
force-pushed
the
Parrot7483/sha3-type-check
branch
from
589ff18 to
14e49e7
Compare
|
What do you want to do about these warnings? warning: unused attribute
--> crates/algorithms/sha3/src/lib.rs:181:1
|
181 | #[inline(always)]
| ^^^^^^^^^^^^^^^^^ help: remove this attribute
|
note: attribute also specified here
--> crates/algorithms/sha3/src/lib.rs:176:1
|
176 | #[cfg_attr(not(eurydice), inline(always))]
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
= warning: this was previously accepted by the compiler but is being phased out; it will become a hard error in a future release!` |
|
F* proofs failing with "Namespace 'Core' cannot be found" after core-models directory moved Reproducer:
Both fail at prove step with same error. ML-KEM and SHA3 both have this issue. Using the old name "Core_models" still works for single models. |
parrot7483
force-pushed
the
Parrot7483/sha3-type-check
branch
from
14e49e7 to
2c33cb9
Compare
|
The auto-discovery in |
Fix F* Makefile include paths. Work around hax from_fn extraction bug: Add helper function with fstar::replace to fix incorrect type parameter extraction. See: cryspen/hax#1920.
franziskuskiefer
left a comment
franziskuskiefer
left a comment
There was a problem hiding this comment.
lgtm with those nits addressed
| interface, " | ||
| class t_Squeeze (v_Self: Type0) (v_T: Type0) = { | ||
| // TODO: This super variable is problematic and makes typecheck fail | ||
| // https://github.com/cryspen/hax/issues/1554 |
There was a problem hiding this comment.
Looks like that issue is closed and if it works without the commented code, let's drop it.
There was a problem hiding this comment.
still a problem. I reopened the issue
| } | ||
|
|
||
| // TODO: See above | ||
| // [@@ FStar.Tactics.Typeclasses.tcinstance] |
There was a problem hiding this comment.
Same here, let's remove when it's not used.
that should be fixed in a separate PR |
| env=hax_env, | ||
| ) | ||
|
|
||
| # Extract Core models |
There was a problem hiding this comment.
From the output of ./hax.py extract --portable it looks like nothing is extracted here actually, and you also removed the core-models proof directory from FSTAR_INCLUDE_DIRS_EXTRA in the Makefile. So is this extraction step needed here, after all?
There was a problem hiding this comment.
I am not sure. I am confused about the difference between Core and Core_models
There was a problem hiding this comment.
Is it possible to avoid this manual F* dependency by making the lemmas in proof_utils::lemmas into Rust functions (nops which are replaced as they are now) and calling these from Rust instead of invoking them in inline fstar! blocks?
| @@ -1,8 +1,25 @@ | |||
| use hax_lib::int::*; | |||
There was a problem hiding this comment.
This should be behind a #[cfg(hax)], no?
There was a problem hiding this comment.
Same question about avoiding the manual F* open as in generic_keccak::portable.
There was a problem hiding this comment.
Could you move it to proof_utils and pass in xof.buf_len from here instead of passing in xof and accessing it in the invariant body?
|
@jschneider-bensch Does |
parrot7483
requested review from
jschneider-bensch
and removed request for
karthikbhargavan
|
@jschneider-bensch friendly ping |
Sorry for the late reply! |
|
Can we merge then? |
3 participants
This PR adds full type checking for the SHA3 portable version for #395
Extract using
hax.py extract --portable, prove usinghax.py prove.Besides prove code the following things where changed:
libcrux-sha3/src/generic_keccak/xof.rsabsorb_fullfunction inlibcrux-sha3/src/generic_keccak/xof.rspreviously did not always consume the internal buffer when it was full. This state could only be reached by misusing the API. The only bug I found.This version contains a few things I would consider "hacks"
hax_lib::fstar::replaceimpl From<u32> for Algorithmdoes not work because of the panic.libcrux-sha3/src/generic_keccak/xof.rsthe#[hax_lib::fstar::options("...")]has no effect. I use anhax_lib::fstar::beforeinstead