├── .cargo └── config.toml ├── .docker └── Dockerfile ├── .dockerignore ├── .envrc ├── .github └── workflows │ ├── bertie.yml │ ├── charon.yml │ ├── engine_js_build.yml │ ├── extract_and_run_coq.yml │ ├── flake_lock.yml │ ├── format.yml │ ├── gh_pages.yml │ ├── install_and_test.yml │ ├── licenses.yml │ ├── mlkem.yml │ ├── release.yml │ ├── stale.yml │ ├── test.yml │ └── test_installs.yml ├── .gitignore ├── .utils ├── jq_utils.jq ├── rebuild.sh └── rust-by-example.js ├── CHANGELOG.md ├── CI.md ├── CODEOWNERS ├── CONTRIBUTING.md ├── Cargo.lock ├── Cargo.toml ├── LICENSE ├── PUBLISHING.md ├── README.md ├── cli ├── default.nix ├── driver │ ├── Cargo.toml │ └── src │ │ ├── callbacks_wrapper.rs │ │ ├── driver.rs │ │ ├── exporter.rs │ │ └── features.rs └── subcommands │ ├── Cargo.toml │ ├── build.rs │ ├── rust-toolchain.toml │ └── src │ ├── cargo_hax.rs │ ├── engine_debug_webapp │ ├── README.md │ ├── mod.rs │ └── static │ │ ├── index.html │ │ └── script.js │ └── json_schema.rs ├── deny.toml ├── dependabot.yml ├── docs ├── RFCs │ ├── 0000-template.md │ └── index.md ├── blog │ ├── .authors.yml │ ├── index.md │ └── posts │ │ ├── announce-v0.1.md │ │ ├── hax-for-everyone.md │ │ ├── reworking-names │ │ ├── name-example.excalidraw.png │ │ └── reworking-names.md │ │ └── this-month-in-hax │ │ ├── 2025-01.md │ │ ├── 2025-02.md │ │ ├── 2025-03.md │ │ └── 2025-04.md ├── default.nix ├── dev │ ├── architecture.md │ ├── ast_ebnf.md │ ├── docs.md │ ├── index.md │ └── libraries_macros.md ├── engine │ └── index.md ├── frontend │ ├── designs.md │ ├── high-level-arch.excalidraw.png │ ├── index.md │ ├── rustc-diagram.excalidraw.png │ ├── user-flow.excalidraw.png │ └── workflow-diagram.excalidraw.png ├── index.md ├── javascripts │ ├── ansi_up.js │ ├── fstar.js │ ├── hax_playground.js │ └── lz-string.js ├── manual │ ├── faq │ │ ├── include-flags.md │ │ ├── index.md │ │ └── into.md │ ├── index.md │ ├── quick_start │ │ └── index.md │ └── tutorial │ │ ├── data-invariants.md │ │ ├── index.md │ │ ├── panic-freedom.md │ │ ├── proofs │ │ └── fstar │ │ │ └── extraction │ │ │ ├── Makefile │ │ │ ├── Tutorial_src.Math.Lemmas.fst │ │ │ └── Tutorial_src.fst │ │ └── properties.md ├── overrides │ └── main.html ├── publications.md ├── static │ └── img │ │ ├── favicon.png │ │ ├── logo.png │ │ ├── overview.png │ │ └── playground.png └── stylesheets │ ├── hax_playground.css │ ├── logo.css │ └── tags-colors.css ├── engine ├── .ocamlformat ├── DEV.md ├── backends │ ├── coq │ │ ├── coq │ │ │ ├── coq_backend.ml │ │ │ ├── coq_backend.mli │ │ │ └── dune │ │ ├── coq_ast.ml │ │ ├── dune │ │ └── ssprove │ │ │ ├── dune │ │ │ ├── ssprove_backend.ml │ │ │ └── ssprove_backend.mli │ ├── easycrypt │ │ ├── dune │ │ ├── easycrypt_backend.ml │ │ └── easycrypt_backend.mli │ ├── fstar │ │ ├── dune │ │ ├── fstar-surface-ast │ │ │ ├── .gitignore │ │ │ ├── .ocamlformat-ignore │ │ │ ├── FStar_BaseTypes.ml │ │ │ ├── FStar_Char.ml │ │ │ ├── FStar_Compiler_Effect.ml │ │ │ ├── FStar_Compiler_List.ml │ │ │ ├── FStar_Compiler_Range.ml │ │ │ ├── FStar_Compiler_Util.ml │ │ │ ├── FStar_Const.ml │ │ │ ├── FStar_Errors.ml │ │ │ ├── FStar_Errors_Codes.ml │ │ │ ├── FStar_Getopt.ml │ │ │ ├── FStar_Ident.ml │ │ │ ├── FStar_ImmutableArray_Base.ml │ │ │ ├── FStar_List.ml │ │ │ ├── FStar_Parser_AST.ml │ │ │ ├── FStar_Parser_AST_Util.ml │ │ │ ├── FStar_Parser_Const.ml │ │ │ ├── FStar_Parser_Driver.ml │ │ │ ├── FStar_Parser_LexFStar.ml │ │ │ ├── FStar_Parser_Parse.ml │ │ │ ├── FStar_Parser_ParseIt.ml │ │ │ ├── FStar_Parser_ToDocument.ml │ │ │ ├── FStar_Parser_Utf8.ml │ │ │ ├── FStar_Parser_Util.ml │ │ │ ├── FStar_Pervasives.ml │ │ │ ├── FStar_Pervasives_Native.ml │ │ │ ├── FStar_Pprint.ml │ │ │ ├── FStar_Sedlexing.ml │ │ │ ├── FStar_String.ml │ │ │ ├── FStar_VConfig.ml │ │ │ ├── README │ │ │ ├── dune │ │ │ ├── prims.ml │ │ │ └── z.ml │ │ ├── fstar_ast.ml │ │ ├── fstar_backend.ml │ │ └── fstar_backend.mli │ └── proverif │ │ ├── dune │ │ ├── proverif_backend.ml │ │ └── proverif_backend.mli ├── bin │ ├── dune │ ├── dune-js │ ├── js_driver.ml │ ├── js_stubs │ │ ├── mutex.js │ │ ├── stdint.js │ │ └── unix.js │ ├── lib.ml │ ├── lib.mli │ └── native_driver.ml ├── default.nix ├── doc │ ├── dune │ └── index.mld ├── dune-project ├── hax-engine.opam ├── hax-engine.opam.template ├── lib │ ├── analyses.ml │ ├── analyses │ │ ├── function_dependency.ml │ │ └── mutable_variables.ml │ ├── ast.ml │ ├── ast_builder.ml │ ├── ast_destruct.ml │ ├── ast_utils.ml │ ├── attr_payloads.ml │ ├── backend.ml │ ├── concrete_ident │ │ ├── concrete_ident.ml │ │ ├── concrete_ident.mli │ │ ├── concrete_ident_render_sig.ml │ │ ├── concrete_ident_types.ml │ │ ├── concrete_ident_view.ml │ │ ├── concrete_ident_view.mli │ │ ├── concrete_ident_view_types.ml │ │ ├── explicit_def_id.ml │ │ ├── explicit_def_id.mli │ │ ├── impl_infos.ml │ │ └── thir_simple_types.ml │ ├── dependencies.ml │ ├── dependencies.mli │ ├── deprecated_generic_printer │ │ ├── deprecated_generic_printer.ml │ │ ├── deprecated_generic_printer.mli │ │ └── deprecated_generic_printer_base.ml │ ├── diagnostics.ml │ ├── dune │ ├── feature_gate.ml │ ├── features.ml │ ├── generic_printer │ │ ├── generic_printer.ml │ │ ├── generic_printer_template.generate.js │ │ └── generic_printer_template.ml │ ├── hax_io.ml │ ├── import_thir.ml │ ├── import_thir.mli │ ├── local_ident.ml │ ├── local_ident.mli │ ├── phase_utils.ml │ ├── phases.ml │ ├── phases │ │ ├── phase_and_mut_defsite.ml │ │ ├── phase_and_mut_defsite.mli │ │ ├── phase_bundle_cycles.ml │ │ ├── phase_bundle_cycles.mli │ │ ├── phase_cf_into_monads.ml │ │ ├── phase_cf_into_monads.mli │ │ ├── phase_direct_and_mut.ml │ │ ├── phase_direct_and_mut.mli │ │ ├── phase_drop_blocks.ml │ │ ├── phase_drop_blocks.mli │ │ ├── phase_drop_match_guards.ml │ │ ├── phase_drop_match_guards.mli │ │ ├── phase_drop_references.ml │ │ ├── phase_drop_references.mli │ │ ├── phase_drop_return_break_continue.ml │ │ ├── phase_drop_return_break_continue.mli │ │ ├── phase_drop_sized_trait.ml │ │ ├── phase_drop_sized_trait.mli │ │ ├── phase_functionalize_loops.ml │ │ ├── phase_functionalize_loops.mli │ │ ├── phase_hoist_disjunctive_patterns.ml │ │ ├── phase_hoist_disjunctive_patterns.mli │ │ ├── phase_local_mutation.ml │ │ ├── phase_local_mutation.mli │ │ ├── phase_newtype_as_refinement.ml │ │ ├── phase_newtype_as_refinement.mli │ │ ├── phase_reconstruct_asserts.ml │ │ ├── phase_reconstruct_asserts.mli │ │ ├── phase_reconstruct_for_index_loops.ml │ │ ├── phase_reconstruct_for_index_loops.mli │ │ ├── phase_reconstruct_for_loops.ml │ │ ├── phase_reconstruct_for_loops.mli │ │ ├── phase_reconstruct_question_marks.ml │ │ ├── phase_reconstruct_question_marks.mli │ │ ├── phase_reconstruct_while_loops.ml │ │ ├── phase_reconstruct_while_loops.mli │ │ ├── phase_reject.ml │ │ ├── phase_rewrite_control_flow.ml │ │ ├── phase_rewrite_control_flow.mli │ │ ├── phase_simplify_hoisting.ml │ │ ├── phase_simplify_hoisting.mli │ │ ├── phase_simplify_match_return.ml │ │ ├── phase_simplify_match_return.mli │ │ ├── phase_simplify_question_marks.ml │ │ ├── phase_simplify_question_marks.mli │ │ ├── phase_sort_items.ml │ │ ├── phase_sort_items.mli │ │ ├── phase_specialize.ml │ │ ├── phase_specialize.mli │ │ ├── phase_traits_specs.ml │ │ ├── phase_traits_specs.mli │ │ ├── phase_transform_hax_lib_inline.ml │ │ ├── phase_transform_hax_lib_inline.mli │ │ ├── phase_trivialize_assign_lhs.ml │ │ └── phase_trivialize_assign_lhs.mli │ ├── prelude.ml │ ├── print_rust.ml │ ├── print_rust.mli │ ├── profiling.ml │ ├── side_effect_utils.ml │ ├── span.ml │ ├── span.mli │ ├── subtype.ml │ └── utils.ml ├── names │ ├── Cargo.toml │ ├── README.md │ ├── extract │ │ ├── Cargo.toml │ │ ├── build.rs │ │ └── src │ │ │ └── main.rs │ └── src │ │ ├── crypto_abstractions.rs │ │ └── lib.rs └── utils │ ├── generate_from_ast │ ├── README.md │ ├── codegen_ast_builder.ml │ ├── codegen_ast_destruct.ml │ ├── codegen_printer.ml │ ├── codegen_visitor.ml │ ├── dune │ ├── errors.ml │ ├── generate_from_ast.ml │ ├── primitive_types.ml │ ├── types.ml │ ├── utils.ml │ └── visitors.ml │ ├── hacspeclib-macro-parser │ ├── dune │ └── hacspeclib_macro_parser.ml │ ├── ocaml_of_json_schema │ └── ocaml_of_json_schema.js │ ├── ppx_functor_application │ ├── README.md │ ├── dune │ └── ppx_functor_application.ml │ ├── ppx_generate_features │ ├── README.md │ ├── dune │ └── ppx_generate_features.ml │ ├── ppx_inline │ ├── README.md │ ├── dune │ └── ppx_inline.ml │ ├── ppx_phases_index │ ├── README.md │ ├── dune │ └── ppx_phases_index.ml │ ├── sourcemaps │ ├── base64.ml │ ├── dune │ ├── location.ml │ ├── mappings │ │ ├── dual.ml │ │ ├── instruction.ml │ │ ├── mappings.ml │ │ ├── mappings.mli │ │ ├── spanned.ml │ │ └── types.ml │ ├── prelude.ml │ ├── source_maps.ml │ ├── source_maps.mli │ └── vql.ml │ └── universe-hash.sh ├── examples ├── .envrc ├── Cargo.lock ├── Cargo.toml ├── Makefile ├── README.md ├── barrett │ ├── Cargo.toml │ ├── Makefile │ ├── proofs │ │ └── fstar │ │ │ └── extraction │ │ │ └── Makefile │ └── src │ │ └── lib.rs ├── chacha20 │ ├── Cargo.toml │ ├── Makefile │ ├── proofs │ │ ├── coq │ │ │ └── extraction │ │ │ │ ├── Chacha20.Hacspec_helper.v │ │ │ │ └── Chacha20.v │ │ └── fstar │ │ │ └── extraction │ │ │ ├── Chacha20.Hacspec_helper.fst │ │ │ ├── Chacha20.fst │ │ │ ├── Makefile │ │ │ └── hax.fst.config.json │ ├── src │ │ ├── hacspec_helper.rs │ │ └── lib.rs │ └── tests │ │ └── kat.rs ├── commonArgs.nix ├── coq-example │ ├── Cargo.toml │ ├── README.md │ ├── proofs │ │ └── coq │ │ │ └── extraction │ │ │ ├── Coq_example.v │ │ │ ├── Coq_example_Dummy_core_lib.v │ │ │ ├── Coq_proofs.v │ │ │ ├── Makefile │ │ │ └── dummy_core_lib.v │ └── src │ │ ├── dummy_core_lib.rs │ │ └── lib.rs ├── coverage │ ├── Cargo.toml │ ├── default.nix │ └── src │ │ ├── lib.rs │ │ ├── test_arrays.rs │ │ ├── test_closures.rs │ │ ├── test_enum.rs │ │ ├── test_functions.rs │ │ ├── test_instance.rs │ │ ├── test_primitives.rs │ │ ├── test_sequence.rs │ │ ├── test_struct.rs │ │ └── test_trait.rs ├── default.nix ├── hax.fst.config.json ├── kyber_compress │ ├── Cargo.toml │ ├── Makefile │ ├── proofs │ │ └── fstar │ │ │ └── extraction │ │ │ └── Makefile │ └── src │ │ └── lib.rs ├── limited-order-book │ ├── Cargo.toml │ ├── Makefile │ ├── README.md │ ├── lob_backend.did │ ├── proofs │ │ ├── coq │ │ │ └── extraction │ │ │ │ └── Lob_backend.v │ │ └── fstar │ │ │ └── extraction │ │ │ ├── Lob_backend.fst │ │ │ └── Makefile │ └── src │ │ ├── canister.rs │ │ └── lib.rs ├── proverif-psk │ ├── Cargo.toml │ ├── Makefile │ ├── Readme.md │ ├── proofs │ │ └── proverif │ │ │ └── extraction │ │ │ └── analysis.pv │ ├── psk.pv │ ├── pv_div_by_zero_fix.diff │ └── src │ │ └── lib.rs └── sha256 │ ├── .gitignore │ ├── Cargo.toml │ ├── Makefile │ ├── proofs │ ├── coq │ │ └── extraction │ │ │ └── Sha256.v │ └── fstar │ │ └── extraction │ │ ├── Makefile │ │ └── Sha256.fst │ ├── src │ └── sha256.rs │ └── tests │ └── test_sha256.rs ├── flake.lock ├── flake.nix ├── frontend └── exporter │ ├── Cargo.toml │ ├── README.md │ ├── adt-into │ ├── .gitignore │ ├── Cargo.toml │ ├── README.md │ ├── src │ │ └── lib.rs │ └── tests │ │ └── lib.rs │ ├── default.nix │ ├── options │ ├── Cargo.toml │ └── src │ │ └── lib.rs │ └── src │ ├── body.rs │ ├── comments.rs │ ├── constant_utils.rs │ ├── constant_utils │ └── uneval.rs │ ├── deterministic_hash.rs │ ├── id_table.rs │ ├── index_vec.rs │ ├── lib.rs │ ├── prelude.rs │ ├── rustc_utils.rs │ ├── sinto.rs │ ├── state.rs │ ├── traits.rs │ ├── traits │ ├── resolution.rs │ └── utils.rs │ ├── types │ ├── def_id.rs │ ├── hir.rs │ ├── mir.rs │ ├── mod.rs │ ├── new │ │ ├── full_def.rs │ │ ├── impl_infos.rs │ │ ├── item_attributes.rs │ │ ├── mod.rs │ │ ├── predicate_id.rs │ │ └── variant_infos.rs │ ├── serialize_int.rs │ ├── span.rs │ ├── thir.rs │ └── ty.rs │ └── utils │ ├── error_macros.rs │ ├── mod.rs │ └── type_map.rs ├── hax-bounded-integers ├── Cargo.toml ├── proofs │ └── fstar │ │ └── extraction │ │ ├── Hax_bounded_integers.Num_traits.fst │ │ └── Hax_bounded_integers.fst └── src │ ├── lib.rs │ └── num_traits.rs ├── hax-lib-protocol-macros ├── Cargo.toml └── src │ └── lib.rs ├── hax-lib-protocol ├── Cargo.toml ├── README.md └── src │ ├── crypto.rs │ ├── lib.rs │ └── state_machine.rs ├── hax-lib ├── Cargo.toml ├── README.md ├── build.rs ├── macros │ ├── Cargo.lock │ ├── Cargo.toml │ ├── README.md │ ├── src │ │ ├── dummy.rs │ │ ├── hax_paths.rs │ │ ├── impl_fn_decoration.rs │ │ ├── implementation.rs │ │ ├── lib.rs │ │ ├── quote.rs │ │ ├── rewrite_self.rs │ │ ├── syn_ext.rs │ │ └── utils.rs │ └── types │ │ ├── Cargo.toml │ │ ├── README.md │ │ └── src │ │ └── lib.rs ├── proof-libs │ ├── coq │ │ ├── coq │ │ │ ├── .gitignore │ │ │ ├── default.nix │ │ │ └── generated-core │ │ │ │ ├── _CoqProject │ │ │ │ ├── phase_library │ │ │ │ ├── ControlFlow.v │ │ │ │ ├── NumberNotation.v │ │ │ │ └── TODO.v │ │ │ │ ├── spec │ │ │ │ ├── Core_Base_Spec.v │ │ │ │ ├── Core_Base_Spec_Binary.v │ │ │ │ ├── Core_Base_Spec_Binary_Pos.v │ │ │ │ ├── Core_Base_Spec_Binary_Positive.v │ │ │ │ ├── Core_Base_Spec_Constants.v │ │ │ │ ├── Core_Base_Spec_Haxint.v │ │ │ │ ├── Core_Base_Spec_Seq.v │ │ │ │ ├── Core_Base_Spec_Unary.v │ │ │ │ └── Core_Base_Spec_Z.v │ │ │ │ └── src │ │ │ │ ├── Core.v │ │ │ │ ├── Core_Array.v │ │ │ │ ├── Core_Array_Iter.v │ │ │ │ ├── Core_Array_Rec_bundle_579704328.v │ │ │ │ ├── Core_Base.v │ │ │ │ ├── Core_Base_Binary.v │ │ │ │ ├── Core_Base_Number_conversion.v │ │ │ │ ├── Core_Base_Pos.v │ │ │ │ ├── Core_Base_Seq.v │ │ │ │ ├── Core_Base_Z.v │ │ │ │ ├── Core_Base_interface.v │ │ │ │ ├── Core_Base_interface_Coerce.v │ │ │ │ ├── Core_Base_interface_Int.v │ │ │ │ ├── Core_Base_interface_Int_I128_proofs.v │ │ │ │ ├── Core_Base_interface_Int_I16_proofs.v │ │ │ │ ├── Core_Base_interface_Int_I32_proofs.v │ │ │ │ ├── Core_Base_interface_Int_I64_proofs.v │ │ │ │ ├── Core_Base_interface_Int_I8_proofs.v │ │ │ │ ├── Core_Base_interface_Int_U128_proofs.v │ │ │ │ ├── Core_Base_interface_Int_U16_proofs.v │ │ │ │ ├── Core_Base_interface_Int_U32_proofs.v │ │ │ │ ├── Core_Base_interface_Int_U64_proofs.v │ │ │ │ ├── Core_Base_interface_Int_U8_proofs.v │ │ │ │ ├── Core_Clone.v │ │ │ │ ├── Core_Cmp.v │ │ │ │ ├── Core_Convert.v │ │ │ │ ├── Core_Fmt.v │ │ │ │ ├── Core_Intrinsics.v │ │ │ │ ├── Core_Iter.v │ │ │ │ ├── Core_Iter_Range.v │ │ │ │ ├── Core_Iter_Traits.v │ │ │ │ ├── Core_Iter_Traits_Collect.v │ │ │ │ ├── Core_Iter_Traits_Exact_size.v │ │ │ │ ├── Core_Iter_Traits_Iterator.v │ │ │ │ ├── Core_Iter_Traits_Marker.v │ │ │ │ ├── Core_Marker.v │ │ │ │ ├── Core_Num.v │ │ │ │ ├── Core_Num_Int_macros.v │ │ │ │ ├── Core_Num_Uint_macros.v │ │ │ │ ├── Core_Ops.v │ │ │ │ ├── Core_Ops_Arith.v │ │ │ │ ├── Core_Ops_Arith_Impls_for_prims.v │ │ │ │ ├── Core_Ops_Bit.v │ │ │ │ ├── Core_Ops_Bit_Impls_for_prims.v │ │ │ │ ├── Core_Ops_Function.v │ │ │ │ ├── Core_Ops_Index.v │ │ │ │ ├── Core_Ops_Index_range.v │ │ │ │ ├── Core_Ops_Range.v │ │ │ │ ├── Core_Option.v │ │ │ │ ├── Core_Panicking.v │ │ │ │ ├── Core_Primitive.v │ │ │ │ ├── Core_Primitive_Number_conversion.v │ │ │ │ ├── Core_Primitive_Number_conversion_i.v │ │ │ │ ├── Core_Result.v │ │ │ │ ├── Core_Slice.v │ │ │ │ ├── Core_Slice_Index.v │ │ │ │ ├── Core_Slice_Index_Private_slice_index.v │ │ │ │ ├── Core_Slice_Iter.v │ │ │ │ ├── Core_Slice_Iter_Macros.v │ │ │ │ └── _CoqProject │ │ └── ssprove │ │ │ ├── .gitignore │ │ │ ├── README.md │ │ │ ├── _CoqProject │ │ │ ├── coq-hacspec-ssprove.opam.template │ │ │ ├── docker_build │ │ │ └── Dockerfile │ │ │ └── src │ │ │ ├── ChoiceEquality.v │ │ │ ├── ConCertLib.v │ │ │ ├── Hacspec_Lib.v │ │ │ ├── Hacspec_Lib_Coercions.v │ │ │ ├── Hacspec_Lib_Comparable.v │ │ │ ├── Hacspec_Lib_Controlflow.v │ │ │ ├── Hacspec_Lib_Eq.v │ │ │ ├── Hacspec_Lib_Integers.v │ │ │ ├── Hacspec_Lib_Loops.v │ │ │ ├── Hacspec_Lib_Ltac.v │ │ │ ├── Hacspec_Lib_Monad.v │ │ │ ├── Hacspec_Lib_Natmod.v │ │ │ ├── Hacspec_Lib_Notation.v │ │ │ ├── Hacspec_Lib_Pre.v │ │ │ ├── Hacspec_Lib_Seq.v │ │ │ ├── Hacspec_Lib_TODO.v │ │ │ ├── LocationUtility.v │ │ │ └── dune │ ├── fstar-secret-integers │ │ ├── .envrc │ │ ├── Makefile.copy │ │ ├── README.md │ │ ├── core │ │ │ ├── Alloc.Alloc.fst │ │ │ ├── Alloc.Collections.Binary_heap.fsti │ │ │ ├── Alloc.Slice.fst │ │ │ ├── Alloc.Vec.fst │ │ │ ├── Core.Array.Iter.fsti │ │ │ ├── Core.Array.fst │ │ │ ├── Core.Clone.fst │ │ │ ├── Core.Cmp.fsti │ │ │ ├── Core.Convert.fst │ │ │ ├── Core.Iter.Adapters.Enumerate.fst │ │ │ ├── Core.Iter.Adapters.Step_by.fst │ │ │ ├── Core.Iter.Traits.Collect.fst │ │ │ ├── Core.Iter.Traits.Iterator.fst │ │ │ ├── Core.Iter.fsti │ │ │ ├── Core.Marker.fst │ │ │ ├── Core.Num.Error.fsti │ │ │ ├── Core.Num.fsti │ │ │ ├── Core.Ops.Arith.Neg.fsti │ │ │ ├── Core.Ops.Arith.fsti │ │ │ ├── Core.Ops.Control_flow.fst │ │ │ ├── Core.Ops.Deref.fst │ │ │ ├── Core.Ops.Index.IndexMut.fst │ │ │ ├── Core.Ops.Index.fst │ │ │ ├── Core.Ops.Range.fsti │ │ │ ├── Core.Ops.Try_trait.fst │ │ │ ├── Core.Ops.fst │ │ │ ├── Core.Option.fst │ │ │ ├── Core.Panicking.fst │ │ │ ├── Core.Result.fst │ │ │ ├── Core.Slice.Iter.fst │ │ │ ├── Core.Slice.fsti │ │ │ ├── Core.Str.Converts.fsti │ │ │ ├── Core.Str.Error.fsti │ │ │ ├── Core.Str.fsti │ │ │ ├── Core.fst │ │ │ ├── Makefile │ │ │ └── README.md │ │ ├── hax_lib │ │ │ └── Makefile │ │ └── rust_primitives │ │ │ ├── Makefile │ │ │ ├── Rust_primitives.Arrays.fst │ │ │ ├── Rust_primitives.Arrays.fsti │ │ │ ├── Rust_primitives.BitVectors.fst │ │ │ ├── Rust_primitives.BitVectors.fsti │ │ │ ├── Rust_primitives.Hax.Monomorphized_update_at.fst │ │ │ ├── Rust_primitives.Hax.Monomorphized_update_at.fsti │ │ │ ├── Rust_primitives.Hax.fst │ │ │ ├── Rust_primitives.Integers.fst │ │ │ ├── Rust_primitives.Integers.fsti │ │ │ ├── Rust_primitives.Iterators.fsti │ │ │ └── Rust_primitives.fst │ └── fstar │ │ ├── .envrc │ │ ├── Makefile.copy │ │ ├── README.md │ │ ├── core │ │ ├── Alloc.Alloc.fst │ │ ├── Alloc.Borrow.fst │ │ ├── Alloc.Boxed.fst │ │ ├── Alloc.Collections.Binary_heap.fsti │ │ ├── Alloc.Collections.Btree.Set.fsti │ │ ├── Alloc.Collections.Vec_deque.fsti │ │ ├── Alloc.Fmt.fsti │ │ ├── Alloc.Slice.fsti │ │ ├── Alloc.String.fst │ │ ├── Alloc.Vec.Drain.fsti │ │ ├── Alloc.Vec.Into_iter.fsti │ │ ├── Alloc.Vec.fst │ │ ├── Core.Array.Iter.fsti │ │ ├── Core.Array.fsti │ │ ├── Core.Borrow.fsti │ │ ├── Core.Clone.fst │ │ ├── Core.Cmp.fsti │ │ ├── Core.Convert.fst │ │ ├── Core.Core_arch.Arm_shared.Neon.fsti │ │ ├── Core.Core_arch.X86.Pclmulqdq.fsti │ │ ├── Core.Core_arch.X86.Sse2.fsti │ │ ├── Core.Core_arch.X86.fsti │ │ ├── Core.Core_arch.X86_64_.Sse2.fsti │ │ ├── Core.Core_arch.fsti │ │ ├── Core.Default.fsti │ │ ├── Core.Error.fsti │ │ ├── Core.Fmt.Rt.fsti │ │ ├── Core.Fmt.fsti │ │ ├── Core.Hash.fsti │ │ ├── Core.Hint.fsti │ │ ├── Core.Iter.Adapters.Enumerate.fst │ │ ├── Core.Iter.Adapters.Flatten.fsti │ │ ├── Core.Iter.Adapters.Map.fsti │ │ ├── Core.Iter.Adapters.Rev.fsti │ │ ├── Core.Iter.Adapters.Step_by.fst │ │ ├── Core.Iter.Adapters.Take.fsti │ │ ├── Core.Iter.Adapters.Zip.fsti │ │ ├── Core.Iter.Sources.Repeat_with.fsti │ │ ├── Core.Iter.Traits.Collect.fst │ │ ├── Core.Iter.Traits.Iterator.fst │ │ ├── Core.Iter.fsti │ │ ├── Core.Marker.fst │ │ ├── Core.Mem.fsti │ │ ├── Core.Num.Error.fsti │ │ ├── Core.Num.fsti │ │ ├── Core.Ops.Arith.fsti │ │ ├── Core.Ops.Bit.fsti │ │ ├── Core.Ops.Control_flow.fst │ │ ├── Core.Ops.Deref.fst │ │ ├── Core.Ops.Index.IndexMut.fst │ │ ├── Core.Ops.Index.fst │ │ ├── Core.Ops.Range.fsti │ │ ├── Core.Ops.Try_trait.fst │ │ ├── Core.Ops.fst │ │ ├── Core.Option.fst │ │ ├── Core.Panicking.fst │ │ ├── Core.Result.fst │ │ ├── Core.Result_Option_bundle.fst │ │ ├── Core.Slice.Iter.fst │ │ ├── Core.Slice.fsti │ │ ├── Core.Str.Converts.fsti │ │ ├── Core.Str.Error.fsti │ │ ├── Core.Str.fsti │ │ ├── Core.TypeClassPlaceHolder.fst │ │ ├── Core.fst │ │ ├── Makefile │ │ ├── README.md │ │ ├── Rand.Distr.Distribution.fsti │ │ ├── Rand.Distr.Integer.fsti │ │ ├── Rand.Distributions.Distribution.fsti │ │ ├── Rand.Distributions.Integer.fsti │ │ ├── Rand.Rng.fsti │ │ ├── Rand_core.Os.fsti │ │ ├── Rand_core.fsti │ │ ├── Std.Collections.Hash.Map.fsti │ │ ├── Std.Hash.Random.fsti │ │ ├── Std.Io.Error.fsti │ │ ├── Std.Io.Stdio.fsti │ │ └── Std.Io.fsti │ │ ├── hax_lib │ │ └── Makefile │ │ └── rust_primitives │ │ ├── Makefile │ │ ├── Rust_primitives.Arrays.fsti │ │ ├── Rust_primitives.BitVectors.fsti │ │ ├── Rust_primitives.Char.fsti │ │ ├── Rust_primitives.Float.fsti │ │ ├── Rust_primitives.Hax.Control_flow_monad.Mexception.fst │ │ ├── Rust_primitives.Hax.Control_flow_monad.Moption.fst │ │ ├── Rust_primitives.Hax.Control_flow_monad.Mresult.fst │ │ ├── Rust_primitives.Hax.Folds.fsti │ │ ├── Rust_primitives.Hax.Int.fst │ │ ├── Rust_primitives.Hax.Monomorphized_update_at.fsti │ │ ├── Rust_primitives.Hax.fst │ │ ├── Rust_primitives.Integers.fsti │ │ ├── Rust_primitives.Iterators.fsti │ │ └── Rust_primitives.fst ├── proofs │ └── fstar │ │ └── extraction │ │ ├── Hax_lib.Int.fst │ │ ├── Hax_lib.Prop.fst │ │ ├── Hax_lib.fst │ │ └── Makefile └── src │ ├── abstraction.rs │ ├── dummy.rs │ ├── implementation.rs │ ├── int │ ├── bigint.rs │ └── mod.rs │ ├── lib.rs │ ├── proc_macros.rs │ └── prop.rs ├── hax-types ├── Cargo.toml ├── README.md ├── build.rs └── src │ ├── cli_options │ ├── extension.rs │ └── mod.rs │ ├── diagnostics │ ├── message.rs │ ├── mod.rs │ └── report.rs │ ├── driver_api.rs │ ├── engine_api.rs │ ├── lib.rs │ └── prelude.rs ├── justfile ├── logo.svg ├── mkdocs.yml ├── proof-libs ├── rust-toolchain.toml ├── setup.sh ├── test-harness ├── .gitignore ├── Cargo.toml ├── README.md └── src │ ├── command_hax_ext.rs │ ├── harness.rs │ ├── lib.rs │ └── snapshots │ ├── toolchain__assert into-coq.snap │ ├── toolchain__assert into-fstar.snap │ ├── toolchain__assert into-ssprove.snap │ ├── toolchain__attribute-opaque into-fstar.snap │ ├── toolchain__attributes into-fstar.snap │ ├── toolchain__constructor-as-closure into-fstar.snap │ ├── toolchain__cyclic-modules into-fstar.snap │ ├── toolchain__dyn into-fstar.snap │ ├── toolchain__enum-repr into-coq.snap │ ├── toolchain__enum-repr into-fstar.snap │ ├── toolchain__enum-repr into-ssprove.snap │ ├── toolchain__functions into-coq.snap │ ├── toolchain__functions into-fstar.snap │ ├── toolchain__generics into-fstar.snap │ ├── toolchain__guards into-coq.snap │ ├── toolchain__guards into-fstar.snap │ ├── toolchain__guards into-ssprove.snap │ ├── toolchain__include-flag into-coq.snap │ ├── toolchain__include-flag into-fstar.snap │ ├── toolchain__interface-only into-fstar.snap │ ├── toolchain__let-else into-coq.snap │ ├── toolchain__let-else into-fstar.snap │ ├── toolchain__let-else into-ssprove.snap │ ├── toolchain__literals into-coq.snap │ ├── toolchain__literals into-fstar.snap │ ├── toolchain__loops into-fstar.snap │ ├── toolchain__mut-ref-functionalization into-fstar.snap │ ├── toolchain__naming into-coq.snap │ ├── toolchain__naming into-fstar.snap │ ├── toolchain__pattern-or into-coq.snap │ ├── toolchain__pattern-or into-fstar.snap │ ├── toolchain__patterns into-fstar.snap │ ├── toolchain__recursion into-fstar.snap │ ├── toolchain__reordering into-coq.snap │ ├── toolchain__reordering into-fstar.snap │ ├── toolchain__reordering into-ssprove.snap │ ├── toolchain__side-effects into-fstar.snap │ ├── toolchain__side-effects into-ssprove.snap │ ├── toolchain__slices into-coq.snap │ ├── toolchain__slices into-fstar.snap │ ├── toolchain__statics into-fstar.snap │ ├── toolchain__traits into-fstar.snap │ └── toolchain__unsafe into-fstar.snap └── tests ├── .gitignore ├── Cargo.lock ├── Cargo.toml ├── README.md ├── assert ├── Cargo.toml └── src │ └── lib.rs ├── attribute-opaque ├── Cargo.toml └── src │ └── lib.rs ├── attributes ├── Cargo.toml └── src │ └── lib.rs ├── cli ├── include-flag │ ├── Cargo.toml │ └── src │ │ └── lib.rs └── interface-only │ ├── Cargo.toml │ └── src │ └── lib.rs ├── constructor-as-closure ├── Cargo.toml └── src │ └── lib.rs ├── cyclic-modules ├── Cargo.toml └── src │ └── lib.rs ├── dyn ├── Cargo.toml └── src │ └── lib.rs ├── enum-repr ├── Cargo.toml └── src │ └── lib.rs ├── enum-struct-variant ├── Cargo.toml └── src │ └── lib.rs ├── even ├── Cargo.toml └── src │ └── lib.rs ├── functions ├── Cargo.toml └── src │ └── lib.rs ├── generics ├── Cargo.toml └── src │ └── lib.rs ├── guards ├── Cargo.toml └── src │ └── lib.rs ├── if-let ├── Cargo.toml └── src │ └── lib.rs ├── let-else ├── Cargo.toml └── src │ └── lib.rs ├── literals ├── Cargo.toml └── src │ └── lib.rs ├── loops ├── Cargo.toml └── src │ └── lib.rs ├── mut-ref-functionalization ├── Cargo.toml └── src │ └── lib.rs ├── naming ├── Cargo.toml └── src │ └── lib.rs ├── nested-derefs ├── Cargo.toml └── src │ └── lib.rs ├── never-type ├── Cargo.toml └── src │ └── lib.rs ├── odd ├── Cargo.toml └── src │ └── lib.rs ├── pattern-or ├── Cargo.toml └── src │ └── lib.rs ├── patterns ├── Cargo.toml └── src │ └── lib.rs ├── proverif-basic-structs ├── Cargo.toml └── src │ └── lib.rs ├── proverif-fn-to-letfun ├── Cargo.toml └── src │ └── lib.rs ├── proverif-minimal ├── Cargo.toml └── src │ └── lib.rs ├── proverif-noise ├── Cargo.toml └── src │ ├── lib.rs │ ├── noise_crypto.rs │ ├── noise_kkpsk0.rs │ └── noise_lib.rs ├── proverif-ping-pong ├── Cargo.toml ├── pingpong.pv └── src │ ├── a.rs │ ├── b.rs │ └── lib.rs ├── raw-attributes ├── Cargo.toml ├── README.md └── src │ └── lib.rs ├── recursion ├── Cargo.toml └── src │ └── lib.rs ├── reordering ├── Cargo.toml └── src │ └── lib.rs ├── side-effects ├── Cargo.toml └── src │ └── lib.rs ├── slices ├── Cargo.toml └── src │ └── lib.rs ├── statics ├── Cargo.toml └── src │ └── lib.rs ├── traits ├── Cargo.toml └── src │ └── lib.rs └── unsafe ├── Cargo.toml └── src └── lib.rs /.cargo/config.toml: -------------------------------------------------------------------------------- 1 | [build] 2 | rustflags = ["--cfg", "hax"] 3 | -------------------------------------------------------------------------------- /.docker/Dockerfile: -------------------------------------------------------------------------------- 1 | # This Dockerfile should be run from the root directory of this repo 2 | # e.g. `docker build -f .docker/Dockerfile .` from the parent directory 3 | 4 | FROM nixpkgs/nix-flakes 5 | 6 | # See issue #71 7 | RUN if [ "$(uname)" = Darwin ]; then \ 8 | echo "filter-syscalls = false" >> /etc/nix/nix.conf; \ 9 | fi 10 | 11 | # Prepare the sources 12 | COPY . /hax-sources 13 | RUN cd /hax-sources && git init && git add . 14 | 15 | # Use cache to speed up install 16 | ENV PATH="$PATH:/root/.nix-profile/bin" 17 | RUN nix-env -iA cachix -f https://cachix.org/api/v1/install 18 | RUN cachix use hacspec 19 | 20 | # Install 21 | RUN nix profile install /hax-sources 22 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | .gitignore 3 | **/target 4 | **/_build 5 | debug -------------------------------------------------------------------------------- /.envrc: -------------------------------------------------------------------------------- 1 | watch_file rust-toolchain.toml 2 | use flake 3 | -------------------------------------------------------------------------------- /.github/workflows/bertie.yml: -------------------------------------------------------------------------------- 1 | name: Extract Bertie 2 | 3 | on: 4 | pull_request: 5 | merge_group: 6 | workflow_dispatch: 7 | push: 8 | branches: [main] 9 | 10 | env: 11 | CARGO_TERM_COLOR: always 12 | 13 | jobs: 14 | extract-bertie: 15 | if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' }} 16 | runs-on: "ubuntu-latest" 17 | 18 | steps: 19 | - name: ⤵ Clone Bertie repository 20 | uses: actions/checkout@v4 21 | with: 22 | repository: cryspen/bertie 23 | 24 | - uses: actions/checkout@v4 25 | with: 26 | path: hax 27 | 28 | - uses: DeterminateSystems/nix-installer-action@main 29 | - name: ⤵ Install hax 30 | run: | 31 | nix profile install ./hax 32 | 33 | - name: 🏃 Extract fstar 34 | run: ./hax-driver.py extract-fstar 35 | -------------------------------------------------------------------------------- /.github/workflows/charon.yml: -------------------------------------------------------------------------------- 1 | on: 2 | pull_request: 3 | 4 | jobs: 5 | charon: 6 | runs-on: ubuntu-latest 7 | steps: 8 | - uses: DeterminateSystems/nix-installer-action@main 9 | - uses: actions/checkout@v4 10 | with: 11 | repository: AeneasVerif/charon 12 | - run: | 13 | cd charon 14 | cargo update -p hax-frontend-exporter --precise ${{ github.sha }} 15 | cargo update -p hax-frontend-exporter-options --precise ${{ github.sha }} 16 | - run: nix build -L 17 | -------------------------------------------------------------------------------- /.github/workflows/engine_js_build.yml: -------------------------------------------------------------------------------- 1 | name: Test JS build 2 | 3 | on: 4 | pull_request: 5 | merge_group: 6 | workflow_dispatch: 7 | push: 8 | branches: [main] 9 | 10 | jobs: 11 | engine-js-build: 12 | if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' }} 13 | runs-on: ubuntu-latest 14 | steps: 15 | - uses: actions/checkout@v4 16 | - uses: DeterminateSystems/nix-installer-action@main 17 | - run: nix build .\#hax-engine.passthru.js -L 18 | -------------------------------------------------------------------------------- /.github/workflows/extract_and_run_coq.yml: -------------------------------------------------------------------------------- 1 | name: Extract and Run - Coq 2 | 3 | on: [pull_request] 4 | jobs: 5 | build: 6 | runs-on: ubuntu-latest 7 | steps: 8 | - uses: actions/checkout@v4 9 | - uses: DeterminateSystems/nix-installer-action@main 10 | - uses: DeterminateSystems/magic-nix-cache-action@main 11 | 12 | - name: ⤵ Install hax 13 | run: | 14 | nix build .\#check-coq-coverage -------------------------------------------------------------------------------- /.github/workflows/flake_lock.yml: -------------------------------------------------------------------------------- 1 | name: Make sure flake.lock is up-to-date 2 | 3 | on: 4 | pull_request: 5 | merge_group: 6 | workflow_dispatch: 7 | 8 | jobs: 9 | flake_lock_up_to_date: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v4 13 | - uses: DeterminateSystems/nix-installer-action@main 14 | - name: Lock flake 15 | run: nix flake lock 16 | - name: Diff `flake.lock` 17 | run: git diff --exit-code flake.lock 18 | -------------------------------------------------------------------------------- /.github/workflows/format.yml: -------------------------------------------------------------------------------- 1 | name: Ensure formatting 2 | 3 | on: 4 | pull_request: 5 | merge_group: 6 | workflow_dispatch: 7 | push: 8 | branches: [main] 9 | 10 | jobs: 11 | ocamlformat: 12 | name: ocamlformat 13 | runs-on: ubuntu-latest 14 | steps: 15 | - uses: actions/checkout@v4 16 | - uses: DeterminateSystems/nix-installer-action@main 17 | - name: Run OCaml formatter 18 | run: | 19 | nix shell ..#ocamlformat -c \ 20 | ocamlformat --check $(find . -name '*.ml') 21 | working-directory: engine 22 | rustfmt: 23 | name: rustfmt 24 | runs-on: ubuntu-latest 25 | steps: 26 | - uses: actions/checkout@v4 27 | - uses: DeterminateSystems/nix-installer-action@main 28 | - name: Run Rust formatter 29 | run: | 30 | nix shell .#rustfmt -c \ 31 | rustfmt --check $(find . -name '*.rs') 32 | 33 | -------------------------------------------------------------------------------- /.github/workflows/licenses.yml: -------------------------------------------------------------------------------- 1 | name: Check licenses 2 | 3 | on: 4 | pull_request: 5 | merge_group: 6 | workflow_dispatch: 7 | push: 8 | branches: [main] 9 | 10 | jobs: 11 | tests: 12 | name: nix-action 13 | runs-on: ubuntu-latest 14 | steps: 15 | - uses: actions/checkout@v4 16 | - uses: extractions/setup-just@v1 17 | - name: Set-up OCaml 18 | uses: ocaml/setup-ocaml@v3 19 | with: 20 | ocaml-compiler: 5 21 | - uses: actions-rust-lang/setup-rust-toolchain@v1 22 | with: 23 | toolchain: stable 24 | - name: Install cargo-deny 25 | run: cargo install cargo-deny 26 | - name: Install cargo-deny 27 | run: cargo install toml2json 28 | - name: Check the licenses 29 | run: just check-licenses 30 | 31 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | debug/ 2 | target/ 3 | **/*.rs.bk 4 | node_modules 5 | TODO.org 6 | .direnv 7 | _build 8 | result 9 | .DS_Store 10 | .depend 11 | .cache 12 | proof-libs/fstar/rust_primitives/#*# 13 | **/proofs/*/extraction/* 14 | !**/proofs/*/extraction/Makefile 15 | !**/proofs/*/extraction/*.diff 16 | !**/proofs/fstar/extraction/*.fst 17 | !**/proofs/coq/extraction/*.v 18 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @cryspen/hax 2 | -------------------------------------------------------------------------------- /cli/driver/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-driver" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme.workspace = true 10 | description = "The custom rustc driver used by hax." 11 | 12 | [package.metadata.rust-analyzer] 13 | rustc_private = true 14 | 15 | [[bin]] 16 | path = "src/driver.rs" 17 | name = "driver-hax-frontend-exporter" 18 | 19 | [dependencies] 20 | serde.workspace = true 21 | serde_json.workspace = true 22 | clap.workspace = true 23 | colored.workspace = true 24 | hax-frontend-exporter = {workspace = true, features = ["rustc"]} 25 | hax-types = {workspace = true, features = ["rustc"]} 26 | hax-frontend-exporter-options.workspace = true 27 | hax-lib-macros-types.workspace = true 28 | itertools.workspace = true 29 | tracing.workspace = true 30 | tracing-subscriber.workspace = true 31 | tracing-tree.workspace = true 32 | -------------------------------------------------------------------------------- /cli/subcommands/rust-toolchain.toml: -------------------------------------------------------------------------------- 1 | ../../rust-toolchain.toml -------------------------------------------------------------------------------- /cli/subcommands/src/engine_debug_webapp/README.md: -------------------------------------------------------------------------------- 1 | This folder implements a small webapp designed for viewing how a rust 2 | crate is translated by the engine, step-by-step. 3 | 4 | The engine works by phases. First, it receives a tweaked version of 5 | Rust's internal typed representation. On this representation, the 6 | engine then applies sequentially a certain number of phases. Each 7 | phase transports your code from a representation to another, by 8 | performing some translation or rewriting. 9 | 10 | This webapp allows you to display a rust code before and after each 11 | phase. 12 | 13 | ### How to 14 | When running `cargo hax into BACKEND`, pass the option 15 | `--debug-engine` (or `-d`) to the subcommand `into`. This will spawn a 16 | small webserver with the webapp. 17 | 18 | -------------------------------------------------------------------------------- /cli/subcommands/src/json_schema.rs: -------------------------------------------------------------------------------- 1 | const JSON_SCHEMA: &str = include_str!(concat!(env!("OUT_DIR"), "/schema.json")); 2 | 3 | fn main() { 4 | println!("{}", JSON_SCHEMA); 5 | } 6 | -------------------------------------------------------------------------------- /deny.toml: -------------------------------------------------------------------------------- 1 | [licenses] 2 | unused-allowed-license = "allow" 3 | allow = [ 4 | "Apache-2.0", 5 | "MIT", 6 | "Unicode-DFS-2016", 7 | "MPL-2.0", 8 | # Licences used in the OCaml dependencies in the engine 9 | "BSD-3-Clause", 10 | "LGPL-2.1", 11 | "LGPL-2.0", 12 | "ISC", 13 | ] 14 | -------------------------------------------------------------------------------- /dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: "cargo" 4 | directory: "/" 5 | schedule: 6 | interval: "weekly" 7 | - package-ecosystem: "github-actions" 8 | directory: "/" 9 | schedule: 10 | interval: "weekly" 11 | -------------------------------------------------------------------------------- /docs/RFCs/index.md: -------------------------------------------------------------------------------- 1 | # RFCs 2 | 3 | 4 | -------------------------------------------------------------------------------- /docs/blog/.authors.yml: -------------------------------------------------------------------------------- 1 | authors: 2 | franziskus: 3 | name: Franziskus Kiefer 4 | description: Creator 5 | avatar: https://cryspen.com/images/franziskus_hu8239521875621889102.jpg 6 | lucas: 7 | name: Lucas Franceschino 8 | description: Creator 9 | avatar: https://cryspen.com/images/lucas_hu1387702743353212719.jpg 10 | maxime: 11 | name: Maxime Buyse 12 | description: Engineer 13 | avatar: https://cryspen.com/images/maxime_hu_8da610acc29fd826.png 14 | 15 | -------------------------------------------------------------------------------- /docs/blog/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | weight: 4 3 | --- 4 | 5 | # Blog 6 | 7 | The hax blog. 8 | Here you find announcement, development news, and more. 9 | -------------------------------------------------------------------------------- /docs/blog/posts/reworking-names/name-example.excalidraw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryspen/hax/b4692fc54c399af0d158d1092756228b4aae12b2/docs/blog/posts/reworking-names/name-example.excalidraw.png -------------------------------------------------------------------------------- /docs/dev/docs.md: -------------------------------------------------------------------------------- 1 | # Docs 2 | 3 | ## mkdocs material (this page) 4 | 5 | Install dependencies 6 | 7 | ```bash 8 | pip install mkdocs-glightbox mkdocs-nav-weight mkdocs-material 9 | ``` 10 | 11 | [Official docs](https://squidfunk.github.io/mkdocs-material). 12 | 13 | ### Commands 14 | 15 | * `mkdocs new [dir-name]` - Create a new project. 16 | * `mkdocs serve` - Start the live-reloading docs server. 17 | * `mkdocs build` - Build the documentation site. 18 | * `mkdocs -h` - Print help message and exit. 19 | 20 | ### Project layout 21 | 22 | mkdocs.yml # The configuration file. 23 | docs/ 24 | index.md # The documentation homepage. 25 | ... # Other markdown pages, images and other files. 26 | blog/ # The blog 27 | posts/ # Blog posts 28 | 29 | ### Including external files 30 | 31 | ``` 32 | ;--8<-- "engine/DEV.md:3:7" 33 | ``` 34 | 35 | --8<-- "engine/DEV.md:3:7" 36 | -------------------------------------------------------------------------------- /docs/dev/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | weight: 5 3 | --- 4 | 5 | # Dev on hax 6 | This chapter contains information about internals of hax. 7 | 8 | Please read the [`CONTRIBUTING.md`](https://github.com/hacspec/hax/blob/main/CONTRIBUTING.md) before opening a pull request. 9 | -------------------------------------------------------------------------------- /docs/dev/libraries_macros.md: -------------------------------------------------------------------------------- 1 | # Libraries 2 | 3 | # Macros and attributes 4 | The hax engine understands only one attribute: `#[_hax::json(PAYLOAD)]`, 5 | where `PAYLOAD` is a JSON serialization of the Rust enum 6 | `hax_lib_macros_types::AttrPayload`. 7 | 8 | Note `#[_hax::json(PAYLOAD)]` is a [tool 9 | attribute](https://github.com/rust-lang/rust/issues/66079): an 10 | attribute that is never expanded. 11 | 12 | In the engine, the OCaml module `Attr_payloads` offers an API to query 13 | attributes easily. The types in crate `hax_lib_macros_types` and 14 | corresponding serializers/deserializers are automatically generated in 15 | OCaml, thus there is no manual parsing involved. 16 | 17 | ## User experience 18 | Asking the user to type `#[_hax::json(some_long_json)]` is not very 19 | friendly. Thus, the crate `hax-lib-macros` defines a bunch of [proc 20 | macros](https://doc.rust-lang.org/beta/reference/procedural-macros.html) 21 | that defines nice and simple-to-use macros. Those macro take care of 22 | cooking some `hax_lib_macros_types::AttrPayload` payload(s), then 23 | serialize those payloads to JSON and produce one or more 24 | `#[_hax::json(serialized_payload)]` attributes. 25 | 26 | -------------------------------------------------------------------------------- /docs/engine/index.md: -------------------------------------------------------------------------------- 1 | # Engine 2 | 3 | The hax engine. Its [odoc](https://ocaml.github.io/odoc/) documentation can be found [here](./docs/hax-engine/index.html). -------------------------------------------------------------------------------- /docs/frontend/designs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryspen/hax/b4692fc54c399af0d158d1092756228b4aae12b2/docs/frontend/designs.md -------------------------------------------------------------------------------- /docs/frontend/high-level-arch.excalidraw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryspen/hax/b4692fc54c399af0d158d1092756228b4aae12b2/docs/frontend/high-level-arch.excalidraw.png -------------------------------------------------------------------------------- /docs/frontend/rustc-diagram.excalidraw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryspen/hax/b4692fc54c399af0d158d1092756228b4aae12b2/docs/frontend/rustc-diagram.excalidraw.png -------------------------------------------------------------------------------- /docs/frontend/user-flow.excalidraw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryspen/hax/b4692fc54c399af0d158d1092756228b4aae12b2/docs/frontend/user-flow.excalidraw.png -------------------------------------------------------------------------------- /docs/frontend/workflow-diagram.excalidraw.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryspen/hax/b4692fc54c399af0d158d1092756228b4aae12b2/docs/frontend/workflow-diagram.excalidraw.png -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | # hax 2 | 3 | hax is a tool for high assurance translations of a large subset of 4 | Rust into formal languages such as [F\*](https://www.fstar-lang.org/) or [Rocq](https://rocq-prover.org/). 5 | 6 | Head over to the [Manual](./manual/index.md) or the [playground](https://hax-playground.cryspen.com) 7 | to get started! 8 | 9 | ![hax overview](static/img/overview.png) 10 | 11 | ## Playground 12 | Try out hax in the browser on the [playground](https://hax-playground.cryspen.com). 13 | 14 | [![Playground screenshot](static/img/playground.png)](https://hax-playground.cryspen.com) 15 | 16 | ## Community 17 | 18 | Join the hax community on our [Zulip chat](https://hacspec.zulipchat.com). 19 | -------------------------------------------------------------------------------- /docs/manual/faq/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | weight: 4 3 | --- 4 | 5 | # Troubleshooting/FAQ 6 | 7 | This chapter captures a list of common questions or issues and how to resolve them. If you happen to run into an issue that is not documented here, please consider submitting a pull request! 8 | -------------------------------------------------------------------------------- /docs/manual/faq/into.md: -------------------------------------------------------------------------------- 1 | # Troubleshooting/FAQ 2 | -------------------------------------------------------------------------------- /docs/manual/tutorial/index.md: -------------------------------------------------------------------------------- 1 | --- 2 | weight: 1 3 | --- 4 | 5 | # Tutorial 6 | 7 | This tutorial is a guide for formally verifying properties about Rust 8 | programs using the hax toolchain. hax is a tool that translates Rust 9 | programs to various formal programming languages. 10 | 11 | The formal programming languages we target are called *backends*. Some 12 | of them, e.g. [F*](https://fstar-lang.org/) or 13 | [Coq](https://coq.inria.fr/), are general purpose formal programming 14 | languages. Others are specialized tools: 15 | [ProVerif](https://bblanche.gitlabpages.inria.fr/proverif/) is 16 | dedicated to proving properties about protocols. 17 | 18 | This tutorial focuses on proving properties with the 19 | [F* programming language](https://fstar-lang.org/). 20 | -------------------------------------------------------------------------------- /docs/manual/tutorial/proofs/fstar/extraction/Tutorial_src.Math.Lemmas.fst: -------------------------------------------------------------------------------- 1 | module Tutorial_src.Math.Lemmas 2 | #set-options "--fuel 0 --ifuel 1 --z3rlimit 150" 3 | open Core 4 | open FStar.Mul 5 | 6 | 7 | val cancel_mul_mod (a:i32) (n:i32 {v n >= 0}) : Lemma ((v a * v n) % v n == 0) 8 | let cancel_mul_mod a n = 9 | FStar.Math.Lemmas.cancel_mul_mod (v a) (v n) 10 | -------------------------------------------------------------------------------- /docs/overrides/main.html: -------------------------------------------------------------------------------- 1 | {% extends "base.html" %} 2 | 3 | {% block site_meta %} 4 | 5 | 8 | 9 | 10 | 15 | {{ super() }} 16 | {% endblock %} 17 | -------------------------------------------------------------------------------- /docs/static/img/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryspen/hax/b4692fc54c399af0d158d1092756228b4aae12b2/docs/static/img/favicon.png -------------------------------------------------------------------------------- /docs/static/img/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryspen/hax/b4692fc54c399af0d158d1092756228b4aae12b2/docs/static/img/logo.png -------------------------------------------------------------------------------- /docs/static/img/overview.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryspen/hax/b4692fc54c399af0d158d1092756228b4aae12b2/docs/static/img/overview.png -------------------------------------------------------------------------------- /docs/static/img/playground.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cryspen/hax/b4692fc54c399af0d158d1092756228b4aae12b2/docs/static/img/playground.png -------------------------------------------------------------------------------- /docs/stylesheets/hax_playground.css: -------------------------------------------------------------------------------- 1 | .md-hax-playground::after { 2 | display: none; 3 | } 4 | 5 | textarea.code.inline+div.CodeMirror div.CodeMirror-lines { 6 | padding: 0px !important; 7 | /* added !important as padding is an inline stlye */ 8 | } 9 | 10 | .cm-editor { 11 | outline: none !important; 12 | } 13 | 14 | .md-hax-playground~.md-code__content { 15 | padding: 14px 7px 14px 7px !important; 16 | } 17 | 18 | pre.md-hax-playground-pre { 19 | margin: 0 !important; 20 | } 21 | 22 | .center { 23 | display: block; 24 | margin: 0 auto; 25 | } 26 | -------------------------------------------------------------------------------- /docs/stylesheets/logo.css: -------------------------------------------------------------------------------- 1 | .md-header__button[data-md-component="logo"] { 2 | display: block !important; 3 | } 4 | 5 | label.md-header__button.md-icon[for="__drawer"] { 6 | order: -1; 7 | } 8 | 9 | label.md-nav__title[for="__drawer"] img { 10 | margin: auto; 11 | } 12 | 13 | label.md-nav__title[for="__drawer"] { 14 | font-size: 0.0001px !important; 15 | color: red !important; 16 | text-align: center; 17 | height: 4rem; 18 | overflow: none; 19 | /* color: transparent !important; */ 20 | } 21 | 22 | .md-header__topic { 23 | display: none; 24 | } -------------------------------------------------------------------------------- /docs/stylesheets/tags-colors.css: -------------------------------------------------------------------------------- 1 | /* This sets the color of the ADR status tags see https://github.com/squidfunk/mkdocs-material/discussions/5101 */ 2 | 3 | .md-typeset .md-tag--draft, 4 | .md-typeset .md-tag--draft[href] { 5 | background-color: #5694ca; 6 | color: white; 7 | } 8 | 9 | .md-typeset .md-tag--accepted, 10 | .md-typeset .md-tag--accepted[href] { 11 | background-color: #00703c; 12 | color: white; 13 | } 14 | 15 | .md-typeset .md-tag--deprecated, 16 | .md-typeset .md-tag--deprecated[href] { 17 | background-color: #b1b4b6; 18 | color: white; 19 | } 20 | 21 | .md-typeset .md-tag--proposed, 22 | .md-typeset .md-tag--proposed[href] { 23 | background-color: #003078; 24 | color: white; 25 | } 26 | 27 | .md-typeset .md-tag--rejected, 28 | .md-typeset .md-tag--rejected[href] { 29 | background-color: #f47738; 30 | color: white; 31 | } 32 | 33 | .md-typeset .md-tag--superseded, 34 | .md-typeset .md-tag--superseded[href] { 35 | background-color: #505a5f; 36 | color: white; 37 | } 38 | -------------------------------------------------------------------------------- /engine/.ocamlformat: -------------------------------------------------------------------------------- 1 | profile = default 2 | version = 0.26.2 -------------------------------------------------------------------------------- /engine/backends/coq/coq/coq_backend.mli: -------------------------------------------------------------------------------- 1 | open Hax_engine.Backend 2 | include T with module BackendOptions = UnitBackendOptions 3 | -------------------------------------------------------------------------------- /engine/backends/coq/coq/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name coq_backend) 3 | (package hax-engine) 4 | (libraries hax_engine base hacspeclib_macro_parser coq_ast) 5 | (preprocess 6 | (pps 7 | ppx_yojson_conv 8 | ppx_sexp_conv 9 | ppx_compare 10 | ppx_hash 11 | ppx_deriving.show 12 | ppx_deriving.eq 13 | ppx_inline 14 | ppx_functor_application 15 | ppx_matches))) 16 | 17 | (env 18 | (_ 19 | (flags 20 | (:standard -w -A)))) 21 | -------------------------------------------------------------------------------- /engine/backends/coq/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name coq_ast) 3 | (package hax-engine) 4 | (libraries hax_engine base hacspeclib_macro_parser) 5 | (preprocess 6 | (pps 7 | ppx_yojson_conv 8 | ppx_sexp_conv 9 | ppx_compare 10 | ppx_hash 11 | ppx_deriving.show 12 | ppx_deriving.eq 13 | ppx_inline 14 | ppx_functor_application 15 | ppx_matches))) 16 | 17 | ; (env 18 | ; (_ 19 | ; (flags 20 | ; (:standard -warn-error -A -warn-error +8)))) 21 | 22 | (env 23 | (_ 24 | (flags 25 | (:standard -w +A-4-40-42-44)))) 26 | -------------------------------------------------------------------------------- /engine/backends/coq/ssprove/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name ssprove_backend) 3 | (package hax-engine) 4 | (libraries hax_engine base hacspeclib_macro_parser coq_ast) 5 | (preprocess 6 | (pps 7 | ppx_yojson_conv 8 | ppx_sexp_conv 9 | ppx_compare 10 | ppx_hash 11 | ppx_deriving.show 12 | ppx_deriving.eq 13 | ppx_inline 14 | ppx_functor_application 15 | ppx_matches))) 16 | 17 | (env 18 | (_ 19 | (flags 20 | (:standard -w -A)))) 21 | -------------------------------------------------------------------------------- /engine/backends/coq/ssprove/ssprove_backend.mli: -------------------------------------------------------------------------------- 1 | open Hax_engine.Backend 2 | include T with module BackendOptions = UnitBackendOptions 3 | -------------------------------------------------------------------------------- /engine/backends/easycrypt/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name easycrypt_backend) 3 | (package hax-engine) 4 | (libraries hax_engine) 5 | (preprocess 6 | (pps 7 | ppx_yojson_conv 8 | ppx_sexp_conv 9 | ppx_compare 10 | ppx_hash 11 | ppx_deriving.show 12 | ppx_deriving.eq 13 | ppx_inline 14 | ppx_functor_application 15 | ppx_matches))) 16 | 17 | (env 18 | (_ 19 | (flags 20 | (:standard -w -A)))) 21 | -------------------------------------------------------------------------------- /engine/backends/easycrypt/easycrypt_backend.mli: -------------------------------------------------------------------------------- 1 | open Hax_engine.Backend 2 | include T with module BackendOptions = UnitBackendOptions 3 | -------------------------------------------------------------------------------- /engine/backends/fstar/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name fstar_backend) 3 | (package hax-engine) 4 | (wrapped false) 5 | (libraries hax_engine base fstar_surface_ast hacspeclib_macro_parser) 6 | (preprocess 7 | (pps 8 | ppx_yojson_conv 9 | ppx_sexp_conv 10 | ppx_compare 11 | ppx_hash 12 | ppx_deriving.show 13 | ppx_deriving.eq 14 | ppx_inline 15 | ppx_functor_application 16 | ppx_matches))) 17 | 18 | (env 19 | (_ 20 | (flags 21 | (:standard -w -A)))) 22 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar-surface-ast/.gitignore: -------------------------------------------------------------------------------- 1 | _build 2 | result 3 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar-surface-ast/.ocamlformat-ignore: -------------------------------------------------------------------------------- 1 | * 2 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar-surface-ast/FStar_BaseTypes.ml: -------------------------------------------------------------------------------- 1 | type char = FStar_Char.char[@@deriving yojson,show] 2 | type float = Base.Float.t 3 | type double = Base.Float.t 4 | type byte = Base.Int.t 5 | type int8 = Stdint.Int8.t 6 | type uint8 = Stdint.Uint8.t 7 | type int16 = Stdint.Int16.t 8 | type uint16 = Stdint.Uint16.t 9 | type int32 = Stdint.Int32.t 10 | type int64 = Stdint.Int64.t 11 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar-surface-ast/FStar_Char.ml: -------------------------------------------------------------------------------- 1 | module UChar = BatUChar 2 | type char = int[@@deriving yojson,show] 3 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar-surface-ast/FStar_Compiler_Effect.ml: -------------------------------------------------------------------------------- 1 | let op_Bar_Greater (x : 'a) (f : ('a -> 'b)) : 'b = f x 2 | let op_Less_Bar (f : ('a -> 'b)) (x : 'a) : 'b = f x 3 | 4 | type 'a ref' = 'a ref[@@deriving yojson,show] 5 | type 'a ref = 'a ref'[@@deriving yojson,show] 6 | 7 | let op_Bang (r:'a ref) = !r 8 | let op_Colon_Equals x y = x := y 9 | let alloc x = ref x 10 | let raise = raise 11 | let exit i = exit (Z.to_int i) 12 | let try_with f1 f2 = try f1 () with | e -> f2 e 13 | exception Failure = Failure 14 | let failwith x = raise (Failure x) 15 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar-surface-ast/FStar_Compiler_List.ml: -------------------------------------------------------------------------------- 1 | (* We give an implementation here using OCaml's BatList, 2 | which provides tail-recursive versions of most functions *) 3 | include FStar_List 4 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar-surface-ast/FStar_ImmutableArray_Base.ml: -------------------------------------------------------------------------------- 1 | type 'a t = 'a array 2 | 3 | let of_list (l:'a list) = Array.of_list l 4 | 5 | let length (a: 'a t) = Z.of_int (Array.length a) 6 | 7 | let index (a: 'a t) (i:Z.t) = Array.get a (Z.to_int i) 8 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar-surface-ast/FStar_Pervasives.ml: -------------------------------------------------------------------------------- 1 | let id : 'a . 'a -> 'a = fun x -> x 2 | type ('a, 'b) either = 3 | | Inl of 'a 4 | | Inr of 'b 5 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar-surface-ast/FStar_Pervasives_Native.ml: -------------------------------------------------------------------------------- 1 | type 'a option' = 'a option = 2 | | None 3 | | Some of 'a[@@deriving yojson,show] 4 | 5 | type 'a option = 'a option' = 6 | | None 7 | | Some of 'a[@@deriving yojson,show] 8 | 9 | let fst = Stdlib.fst 10 | let snd = Stdlib.snd 11 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar-surface-ast/README: -------------------------------------------------------------------------------- 1 | Those files were extracted from github:fstarlang/fstar 2 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar-surface-ast/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name fstar_surface_ast) 3 | (package hax-engine) 4 | (libraries batteries stdint ppxlib menhirLib pprint base) 5 | (wrapped false) 6 | (preprocess 7 | (pps ppx_deriving.show ppx_deriving_yojson sedlex.ppx))) 8 | 9 | (env 10 | (_ 11 | (flags 12 | (:standard -warn-error -A -warn-error +8)))) 13 | -------------------------------------------------------------------------------- /engine/backends/fstar/fstar_backend.mli: -------------------------------------------------------------------------------- 1 | open Hax_engine.Backend 2 | include T with type BackendOptions.t = Hax_engine.Types.f_star_options_for__null 3 | -------------------------------------------------------------------------------- /engine/backends/proverif/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name proverif_backend) 3 | (package hax-engine) 4 | (wrapped false) 5 | (libraries hax_engine base hacspeclib_macro_parser) 6 | (preprocess 7 | (pps 8 | ppx_yojson_conv 9 | ppx_sexp_conv 10 | ppx_compare 11 | ppx_hash 12 | ppx_deriving.show 13 | ppx_deriving.eq 14 | ppx_inline 15 | ppx_functor_application 16 | ppx_matches))) 17 | 18 | (env 19 | (_ 20 | (flags 21 | (:standard -w -A)))) 22 | -------------------------------------------------------------------------------- /engine/backends/proverif/proverif_backend.mli: -------------------------------------------------------------------------------- 1 | open Hax_engine.Backend 2 | include T with type BackendOptions.t = Hax_engine.Types.pro_verif_options 3 | -------------------------------------------------------------------------------- /engine/bin/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name lib) 3 | (modules lib) 4 | (wrapped false) 5 | (libraries 6 | hax_engine 7 | fstar_backend 8 | coq_backend 9 | ssprove_backend 10 | easycrypt_backend 11 | proverif_backend 12 | logs 13 | core) 14 | (preprocess 15 | (pps 16 | ppx_yojson_conv 17 | ppx_deriving.show 18 | ppx_deriving.eq 19 | ppx_matches 20 | ppx_string))) 21 | 22 | (executable 23 | (public_name hax-engine) 24 | (name native_driver) 25 | (modules native_driver) 26 | (libraries lib)) 27 | 28 | ; The following line is commented: by default, we don't want to 29 | ; generate javascript. 30 | 31 | ; (include dune-js) 32 | 33 | (env 34 | (_ 35 | (flags 36 | (:standard -g -warn-error -A -warn-error +8 -w -33)))) 37 | -------------------------------------------------------------------------------- /engine/bin/dune-js: -------------------------------------------------------------------------------- 1 | (executable 2 | (optional) 3 | (name js_driver) 4 | (modes js) 5 | (modules js_driver) 6 | (js_of_ocaml 7 | (javascript_files js_stubs/mutex.js js_stubs/stdint.js js_stubs/unix.js)) 8 | (libraries js_of_ocaml lib)) 9 | -------------------------------------------------------------------------------- /engine/bin/lib.mli: -------------------------------------------------------------------------------- 1 | val main : unit -> unit 2 | -------------------------------------------------------------------------------- /engine/bin/native_driver.ml: -------------------------------------------------------------------------------- 1 | open Hax_engine 2 | open Base 3 | 4 | let _ = 5 | Hax_io.init 6 | (module struct 7 | let stdin_json_stream = 8 | ref (Yojson.Safe.seq_from_channel In_channel.stdin) 9 | 10 | let read_json () = 11 | match Stdlib.Seq.uncons !stdin_json_stream with 12 | | Some (json, stream) -> 13 | stdin_json_stream := stream; 14 | Some json 15 | | None -> None 16 | 17 | let write_json msg = 18 | let open Stdio.Out_channel in 19 | Yojson.Safe.to_channel stdout msg; 20 | output_char stdout '\n'; 21 | flush stdout 22 | end); 23 | Lib.main () 24 | -------------------------------------------------------------------------------- /engine/doc/dune: -------------------------------------------------------------------------------- 1 | (documentation 2 | (package hax-engine) 3 | (mld_files index)) 4 | -------------------------------------------------------------------------------- /engine/doc/index.mld: -------------------------------------------------------------------------------- 1 | {0 Hax Engine} 2 | 3 | The engine of hax is written in OCaml, and has the following structure: 4 | {ul {- the {!module-Hax_engine} library (located in `/engine/lib`)} 5 | {- the {!module-Native_driver} binary (located in `/engine/bin`)} 6 | {- the backends (located in `/engine/backends`): 7 | {ul {- {!module-Fstar_backend}} 8 | {- {!module-Coq_ast}} 9 | {- {!module-Easycrypt_ast}} 10 | } 11 | } 12 | {- utilities and PPXs: 13 | {ul {- {!module-Hacspeclib_macro_parser}} 14 | {- {!module-Ppx_functor_application}} 15 | {- {!module-Ppx_generate_features}} 16 | {- {!module-Ppx_inline}} 17 | } 18 | } 19 | } 20 | 21 | -------------------------------------------------------------------------------- /engine/hax-engine.opam.template: -------------------------------------------------------------------------------- 1 | depexts: [ 2 | ["nodejs"] {} 3 | ] 4 | -------------------------------------------------------------------------------- /engine/lib/analyses.ml: -------------------------------------------------------------------------------- 1 | module Function_dependency = Function_dependency.Make 2 | module Mutable_variables = Mutable_variables.Make 3 | -------------------------------------------------------------------------------- /engine/lib/analyses/function_dependency.ml: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module%inlined_contents Make (F : Features.T) = struct 4 | module FA = F 5 | module A = Ast.Make (F) 6 | module U = Ast_utils.Make (F) 7 | open Ast 8 | 9 | (* TODO: Swap to Concrete_ident see: https://github.com/hacspec/hax/issues/375 *) 10 | type analysis_data = concrete_ident list Map.M(String).t 11 | type id_order = int 12 | 13 | let analyse (items : A.item list) : analysis_data = 14 | let temp_list = List.concat_map ~f:U.functions_of_item items in 15 | List.fold_left 16 | ~init:(Map.empty (module String)) 17 | ~f:(fun y (name, body) -> 18 | Map.set y 19 | ~key:([%show: Concrete_ident.View.t] (Concrete_ident.to_view name)) 20 | ~data: 21 | (Set.to_list 22 | (U.Reducers.collect_concrete_idents#visit_expr () body))) 23 | temp_list 24 | end 25 | -------------------------------------------------------------------------------- /engine/lib/ast_destruct.ml: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | open! Ast 3 | 4 | module Make (F : Features.T) = struct 5 | include Ast_destruct_generated.Make (F) 6 | 7 | let list_0 = function [] -> Some () | _ -> None 8 | let list_1 = function [ a ] -> Some a | _ -> None 9 | let list_2 = function [ a; b ] -> Some (a, b) | _ -> None 10 | let list_3 = function [ a; b; c ] -> Some (a, b, c) | _ -> None 11 | let list_4 = function [ a; b; c; d ] -> Some (a, b, c, d) | _ -> None 12 | let list_5 = function [ a; b; c; d; e ] -> Some (a, b, c, d, e) | _ -> None 13 | end 14 | -------------------------------------------------------------------------------- /engine/lib/concrete_ident/concrete_ident_view.mli: -------------------------------------------------------------------------------- 1 | include module type of Concrete_ident_view_types 2 | 3 | val of_def_id : Explicit_def_id.t -> t 4 | (** Computes a view for an explicit definition identifier. *) 5 | -------------------------------------------------------------------------------- /engine/lib/dependencies.mli: -------------------------------------------------------------------------------- 1 | module Make (F : Features.T) : sig 2 | module AST : module type of Ast.Make (F) 3 | 4 | val uid_associated_items : AST.item list -> Ast.attrs -> AST.item list 5 | val bundle_cyclic_modules : AST.item list -> AST.item list 6 | val global_sort : AST.item list -> AST.item list 7 | val recursive_bundles : AST.item list -> AST.item list list * AST.item list 8 | 9 | val filter_by_inclusion_clauses : 10 | Types.inclusion_clause list -> AST.item list -> AST.item list 11 | end 12 | -------------------------------------------------------------------------------- /engine/lib/deprecated_generic_printer/deprecated_generic_printer.mli: -------------------------------------------------------------------------------- 1 | module Make (F : Features.T) (View : Concrete_ident.RENDER_API) : sig 2 | open Deprecated_generic_printer_base.Make(F) 3 | include API 4 | 5 | class print : print_class 6 | end 7 | -------------------------------------------------------------------------------- /engine/lib/features.ml: -------------------------------------------------------------------------------- 1 | [%%declare_features 2 | loop, 3 | for_loop, 4 | for_index_loop, 5 | while_loop, 6 | state_passing_loop, 7 | fold_like_loop, 8 | continue, 9 | break, 10 | mutable_variable, 11 | mutable_reference, 12 | mutable_pointer, 13 | reference, 14 | slice, 15 | raw_pointer, 16 | early_exit, 17 | question_mark, 18 | macro, 19 | as_pattern, 20 | nontrivial_lhs, 21 | arbitrary_lhs, 22 | lifetime, 23 | construct_base, 24 | monadic_action, 25 | monadic_binding, 26 | quote, 27 | block, 28 | dyn, 29 | match_guard, 30 | trait_item_default, 31 | unsafe] 32 | 33 | module Full = On 34 | 35 | module Rust = struct 36 | include On 37 | include Off.While_loop 38 | include Off.For_loop 39 | include Off.For_index_loop 40 | include Off.Question_mark 41 | include Off.Monadic_action 42 | include Off.Monadic_binding 43 | include Off.State_passing_loop 44 | include Off.Fold_like_loop 45 | include Off.Quote 46 | end 47 | 48 | module _ = struct 49 | module _ : T = Full 50 | module _ : T = Rust 51 | end 52 | -------------------------------------------------------------------------------- /engine/lib/import_thir.mli: -------------------------------------------------------------------------------- 1 | val import_ty : Types.span -> Types.node_for__ty_kind -> Ast.Rust.ty 2 | val import_trait_ref : Types.span -> Types.trait_ref -> Ast.Rust.trait_goal 3 | 4 | val import_clause : 5 | Types.span -> Types.clause -> Ast.Rust.generic_constraint option 6 | 7 | val import_item : 8 | type_only:bool -> 9 | Types.item_for__decorated_for__expr_kind -> 10 | Concrete_ident.t * (Ast.Rust.item list * Diagnostics.t list) 11 | -------------------------------------------------------------------------------- /engine/lib/local_ident.ml: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module T = struct 4 | type kind = Typ | Cnst | Expr | LILifetime | Final | SideEffectHoistVar 5 | [@@deriving show, yojson, hash, compare, sexp, eq] 6 | 7 | type id = kind * int [@@deriving show, yojson, hash, compare, sexp, eq] 8 | 9 | let mk_id kind id = (kind, id) 10 | 11 | type t = { name : string; id : id } 12 | [@@deriving show, yojson, hash, compare, sexp, eq] 13 | 14 | let make_final name = { name; id = mk_id Final 0 } 15 | let is_final { id; _ } = [%matches? Final] @@ fst id 16 | 17 | let is_side_effect_hoist_var { id; _ } = 18 | [%matches? SideEffectHoistVar] @@ fst id 19 | end 20 | 21 | include Base.Comparator.Make (T) 22 | include T 23 | -------------------------------------------------------------------------------- /engine/lib/local_ident.mli: -------------------------------------------------------------------------------- 1 | module T : sig 2 | type kind = 3 | | Typ (** type namespace *) 4 | | Cnst (** Generic constant namespace *) 5 | | Expr (** Expression namespace *) 6 | | LILifetime (** Lifetime namespace *) 7 | | Final 8 | (** Frozen identifier: such an identifier will *not* be rewritten by the name policy *) 9 | | SideEffectHoistVar (** A variable generated by `Side_effect_utils` *) 10 | [@@deriving show, yojson, hash, compare, sexp, eq] 11 | 12 | type id = kind * int [@@deriving show, yojson, hash, compare, sexp, eq] 13 | 14 | val mk_id : kind -> int -> id 15 | 16 | type t = { name : string; id : id } 17 | [@@deriving show, yojson, hash, compare, sexp, eq] 18 | 19 | val make_final : string -> t 20 | (** Creates a frozen final local identifier: such an indentifier won't be rewritten by a name policy *) 21 | 22 | val is_final : t -> bool 23 | val is_side_effect_hoist_var : t -> bool 24 | end 25 | 26 | include module type of struct 27 | include Base.Comparator.Make (T) 28 | include T 29 | end 30 | -------------------------------------------------------------------------------- /engine/lib/phases.ml: -------------------------------------------------------------------------------- 1 | [%%phases_index ()] 2 | 3 | module Reject = Phase_reject 4 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_and_mut_defsite.mli: -------------------------------------------------------------------------------- 1 | module Make 2 | (F : Features.T 3 | with type mutable_variable = Features.On.mutable_variable 4 | and type mutable_reference = Features.On.mutable_reference 5 | and type nontrivial_lhs = Features.On.nontrivial_lhs 6 | and type arbitrary_lhs = Features.On.arbitrary_lhs 7 | and type reference = Features.On.reference) : sig 8 | include module type of struct 9 | module FB = F 10 | module A = Ast.Make (F) 11 | module B = Ast.Make (FB) 12 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 13 | module FA = F 14 | end 15 | 16 | include ImplemT.T 17 | end 18 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_bundle_cycles.ml: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module Make (F : Features.T) = 4 | Phase_utils.MakeMonomorphicPhase 5 | (F) 6 | (struct 7 | let phase_id = [%auto_phase_name auto] 8 | 9 | module A = Ast.Make (F) 10 | 11 | module Error = Phase_utils.MakeError (struct 12 | let ctx = Diagnostics.Context.Phase phase_id 13 | end) 14 | 15 | module Attrs = Attr_payloads.MakeBase (Error) 16 | 17 | let ditems items = 18 | let module DepGraph = Dependencies.Make (F) in 19 | DepGraph.bundle_cyclic_modules items 20 | end) 21 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_bundle_cycles.mli: -------------------------------------------------------------------------------- 1 | (** This phase makes sure the items don't yield any cycle, 2 | namespace-wise. It does so by creating namespaces we call bundles, in 3 | which we regroup definitions that would otherwise yield cycles. *) 4 | 5 | module Make : Phase_utils.UNCONSTRAINTED_MONOMORPHIC_PHASE 6 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_cf_into_monads.mli: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module Make 4 | (F : Features.T 5 | with type monadic_action = Features.Off.monadic_action 6 | and type monadic_binding = Features.Off.monadic_binding) : sig 7 | include module type of struct 8 | module FA = F 9 | 10 | module FB = struct 11 | include F 12 | include Features.Off.Continue 13 | include Features.Off.Early_exit 14 | include Features.Off.Question_mark 15 | include Features.Off.Break 16 | include Features.On.Monadic_binding 17 | end 18 | 19 | module A = Ast.Make (F) 20 | module B = Ast.Make (FB) 21 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 22 | end 23 | 24 | include ImplemT.T 25 | end 26 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_direct_and_mut.mli: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module Make 4 | (F : Features.T 5 | with type raw_pointer = Features.Off.raw_pointer 6 | and type mutable_pointer = Features.Off.mutable_pointer) : sig 7 | include module type of struct 8 | module FB = struct 9 | include F 10 | include Features.On.Mutable_variable 11 | include Features.On.Arbitrary_lhs 12 | include Features.On.Nontrivial_lhs 13 | include Features.Off.Mutable_reference 14 | end 15 | 16 | module A = Ast.Make (F) 17 | module B = Ast.Make (FB) 18 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 19 | module FA = F 20 | end 21 | 22 | include ImplemT.T 23 | end 24 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_drop_blocks.ml: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module%inlined_contents Make (F : Features.T) = struct 4 | open Ast 5 | module FA = F 6 | 7 | module FB = struct 8 | include F 9 | include Features.Off.Block 10 | end 11 | 12 | include 13 | Phase_utils.MakeBase (F) (FB) 14 | (struct 15 | let phase_id = [%auto_phase_name auto] 16 | end) 17 | 18 | module UA = Ast_utils.Make (F) 19 | 20 | module Implem : ImplemT.T = struct 21 | let metadata = metadata 22 | 23 | module S = struct 24 | include Features.SUBTYPE.Id 25 | end 26 | 27 | [%%inline_defs dmutability + dsafety_kind] 28 | 29 | let rec dexpr' (span : span) (e : A.expr') : B.expr' = 30 | match (UA.unbox_underef_expr { e; span; typ = UA.never_typ }).e with 31 | | [%inline_arms "dexpr'.*" - Block] -> auto 32 | | Block { e; _ } -> (dexpr e).e 33 | [@@inline_ands bindings_of dexpr - dexpr'] 34 | 35 | [%%inline_defs "Item.*"] 36 | end 37 | 38 | include Implem 39 | end 40 | [@@add "subtype.ml"] 41 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_drop_blocks.mli: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | (** Only use this phase if you are also rejecting [unsafe] *) 4 | module Make (F : Features.T) : sig 5 | include module type of struct 6 | module FA = F 7 | 8 | module FB = struct 9 | include F 10 | include Features.Off.Block 11 | end 12 | 13 | module A = Ast.Make (F) 14 | module B = Ast.Make (FB) 15 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 16 | end 17 | 18 | include ImplemT.T 19 | end 20 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_drop_match_guards.mli: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module Make (F : Features.T) : sig 4 | include module type of struct 5 | module FA = F 6 | 7 | module FB = struct 8 | include F 9 | include Features.Off.Match_guard 10 | end 11 | 12 | module A = Ast.Make (F) 13 | module B = Ast.Make (FB) 14 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 15 | end 16 | 17 | include ImplemT.T 18 | end 19 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_drop_references.mli: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module Make 4 | (F : Features.T 5 | with type raw_pointer = Features.Off.raw_pointer 6 | and type mutable_reference = Features.Off.mutable_reference) : sig 7 | include module type of struct 8 | module FA = F 9 | 10 | module FB = struct 11 | include F 12 | include Features.Off.Mutable_pointer 13 | include Features.Off.Lifetime 14 | include Features.Off.Reference 15 | end 16 | 17 | module A = Ast.Make (F) 18 | module B = Ast.Make (FB) 19 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 20 | end 21 | 22 | include ImplemT.T 23 | end 24 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_drop_return_break_continue.mli: -------------------------------------------------------------------------------- 1 | (** This phase transforms `return e` expressions into `e` when `return 2 | e` is on an exit position. It should come after phase `RewriteControlFlow` 3 | and thus eliminate all `return`s. Inside loops it rewrites `return`, 4 | `break` and `continue` as their equivalent in terms of the `ControlFlow` 5 | wrapper that will be handled by the specific fold operators introduced by 6 | phase `FunctionalizeLoops`. *) 7 | 8 | module Make (F : Features.T) : sig 9 | include module type of struct 10 | module FA = F 11 | 12 | module FB = struct 13 | include F 14 | include Features.On.Fold_like_loop 15 | include Features.Off.Early_exit 16 | include Features.Off.Break 17 | include Features.Off.Continue 18 | end 19 | 20 | module A = Ast.Make (F) 21 | module B = Ast.Make (FB) 22 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 23 | end 24 | 25 | include ImplemT.T 26 | end 27 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_drop_sized_trait.mli: -------------------------------------------------------------------------------- 1 | (** This phase remove any occurence to the `core::marker::sized` 2 | trait. This trait appears a lot, but is generally not very useful in 3 | our backends. *) 4 | 5 | module Make : Phase_utils.UNCONSTRAINTED_MONOMORPHIC_PHASE 6 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_functionalize_loops.mli: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module Make 4 | (F : Features.T 5 | with type continue = Features.Off.continue 6 | and type early_exit = Features.Off.early_exit 7 | and type break = Features.Off.break) : sig 8 | include module type of struct 9 | module FA = F 10 | 11 | module FB = struct 12 | include F 13 | include Features.Off.Loop 14 | include Features.Off.While_loop 15 | include Features.Off.For_loop 16 | include Features.Off.For_index_loop 17 | include Features.Off.State_passing_loop 18 | include Features.Off.Fold_like_loop 19 | end 20 | 21 | module A = Ast.Make (F) 22 | module B = Ast.Make (FB) 23 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 24 | end 25 | 26 | include ImplemT.T 27 | end 28 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_hoist_disjunctive_patterns.mli: -------------------------------------------------------------------------------- 1 | (** This phase eliminates nested disjunctive patterns (leaving 2 | only shallow disjunctions). It moves the disjunctions up 3 | to the top-level pattern. *) 4 | 5 | module Make : Phase_utils.UNCONSTRAINTED_MONOMORPHIC_PHASE 6 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_local_mutation.mli: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module Make 4 | (F : Features.T 5 | with type mutable_reference = Features.Off.mutable_reference 6 | and type mutable_pointer = Features.Off.mutable_pointer 7 | and type raw_pointer = Features.Off.raw_pointer 8 | and type arbitrary_lhs = Features.Off.arbitrary_lhs 9 | and type nontrivial_lhs = Features.Off.nontrivial_lhs 10 | and type monadic_action = Features.Off.monadic_action 11 | and type monadic_binding = Features.Off.monadic_binding 12 | and type for_index_loop = Features.Off.for_index_loop) : sig 13 | include module type of struct 14 | module FA = F 15 | 16 | module FB = struct 17 | include F 18 | include Features.Off.Mutable_variable 19 | include Features.On.State_passing_loop 20 | end 21 | 22 | module A = Ast.Make (F) 23 | module B = Ast.Make (FB) 24 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 25 | end 26 | 27 | include ImplemT.T 28 | end 29 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_newtype_as_refinement.mli: -------------------------------------------------------------------------------- 1 | (** This phase transforms annotated struct definitions into (refined) 2 | type aliases. *) 3 | 4 | module Make : Phase_utils.UNCONSTRAINTED_MONOMORPHIC_PHASE 5 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_reconstruct_asserts.mli: -------------------------------------------------------------------------------- 1 | (** This phase recognizes desugared `assert!(...)` to rewrite 2 | into `hax_lib::assert(..)`. *) 3 | 4 | module Make : Phase_utils.UNCONSTRAINTED_MONOMORPHIC_PHASE 5 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_reconstruct_for_index_loops.mli: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module Make (F : Features.T) : sig 4 | include module type of struct 5 | module FA = F 6 | 7 | module FB = struct 8 | include F 9 | include Features.On.For_index_loop 10 | end 11 | 12 | module A = Ast.Make (F) 13 | module B = Ast.Make (FB) 14 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 15 | end 16 | 17 | include ImplemT.T 18 | end 19 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_reconstruct_for_loops.mli: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module Make (F : Features.T) : sig 4 | include module type of struct 5 | module FA = F 6 | 7 | module FB = struct 8 | include F 9 | include Features.On.For_loop 10 | end 11 | 12 | module A = Ast.Make (F) 13 | module B = Ast.Make (FB) 14 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 15 | end 16 | 17 | include ImplemT.T 18 | end 19 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_reconstruct_while_loops.mli: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module Make (F : Features.T) : sig 4 | include module type of struct 5 | module FA = F 6 | 7 | module FB = struct 8 | include F 9 | include Features.On.While_loop 10 | end 11 | 12 | module A = Ast.Make (F) 13 | module B = Ast.Make (FB) 14 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 15 | end 16 | 17 | include ImplemT.T 18 | end 19 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_rewrite_control_flow.mli: -------------------------------------------------------------------------------- 1 | (** This phase finds control flow expression (`if` or `match`) with a `return` expression 2 | in one of the branches. We replace them by replicating what comes after in all the branches. 3 | This allows the `return` to be eliminated by `drop_needless_returns`. 4 | This phase should come after `phase_local_mutation`. *) 5 | 6 | module Make : Phase_utils.UNCONSTRAINTED_MONOMORPHIC_PHASE 7 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_simplify_hoisting.mli: -------------------------------------------------------------------------------- 1 | (** This phase rewrites `let pat = match ... { ... => ..., ... => return ... }; e` 2 | into `match ... { ... => let pat = ...; e}`. *) 3 | 4 | module Make : Phase_utils.UNCONSTRAINTED_MONOMORPHIC_PHASE 5 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_simplify_match_return.mli: -------------------------------------------------------------------------------- 1 | (** This phase rewrites `let pat = match ... { ... => ..., ... => return ... }; e` 2 | into `match ... { ... => let pat = ...; e}`. *) 3 | 4 | module Make : Phase_utils.UNCONSTRAINTED_MONOMORPHIC_PHASE 5 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_sort_items.ml: -------------------------------------------------------------------------------- 1 | open! Prelude 2 | 3 | module Make (F : Features.T) = 4 | Phase_utils.MakeMonomorphicPhase 5 | (F) 6 | (struct 7 | let phase_id = [%auto_phase_name auto] 8 | 9 | module A = Ast.Make (F) 10 | 11 | module Error = Phase_utils.MakeError (struct 12 | let ctx = Diagnostics.Context.Phase phase_id 13 | end) 14 | 15 | module Attrs = Attr_payloads.MakeBase (Error) 16 | 17 | let ditems items = 18 | let module Deps = Dependencies.Make (F) in 19 | Deps.global_sort items 20 | end) 21 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_sort_items.mli: -------------------------------------------------------------------------------- 1 | (** This phase sorts items so that each item comes after the items it depends on. 2 | This is done by sorting namespaces with the same property, and then sorting 3 | items within each namespace, trying as much as possible to respect the 4 | original order. *) 5 | 6 | module Make : Phase_utils.UNCONSTRAINTED_MONOMORPHIC_PHASE 7 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_specialize.mli: -------------------------------------------------------------------------------- 1 | (** This phase specializes certain specific method applications 2 | (according to their name and the type it is being used on) into plain 3 | functions. 4 | 5 | This is useful espcially for math integers: the methods of the traits 6 | `Add`, `Sub`, `Mul` etc. are mapped to "primitive" functions in 7 | backends (e.g. Prims.whatever in FStar). *) 8 | 9 | module Make : Phase_utils.UNCONSTRAINTED_MONOMORPHIC_PHASE 10 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_traits_specs.mli: -------------------------------------------------------------------------------- 1 | (** This phase adds specification to traits. For each method `f` in a 2 | trait, we add a `f_pre` and a `f_post`. *) 3 | 4 | module Make : Phase_utils.UNCONSTRAINTED_MONOMORPHIC_PHASE 5 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_transform_hax_lib_inline.mli: -------------------------------------------------------------------------------- 1 | (** This phase transforms nodes like: 2 | {@rust[ 3 | hax_lib::inline({ 4 | let _KIND = ...; 5 | ... 6 | let _KIND = ...; 7 | "payload" 8 | }) 9 | ]} 10 | 11 | into [hax_lib::inline("payload'")] where [payload'] is a string 12 | with all the binding names substituted. 13 | 14 | Note: above `_KIND` can be `_expr`, `_pat` or `_constructor`. 15 | *) 16 | 17 | module Make (F : Features.T) : sig 18 | include module type of struct 19 | module FB = struct 20 | include F 21 | include Features.On.Quote 22 | end 23 | 24 | module A = Ast.Make (F) 25 | module B = Ast.Make (FB) 26 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 27 | module FA = F 28 | end 29 | 30 | include ImplemT.T 31 | end 32 | -------------------------------------------------------------------------------- /engine/lib/phases/phase_trivialize_assign_lhs.mli: -------------------------------------------------------------------------------- 1 | module Make (F : Features.T) : sig 2 | include module type of struct 3 | module FA = F 4 | 5 | module FB = struct 6 | include F 7 | include Features.Off.Nontrivial_lhs 8 | include Features.On.Construct_base 9 | end 10 | 11 | module A = Ast.Make (F) 12 | module B = Ast.Make (FB) 13 | module ImplemT = Phase_utils.MakePhaseImplemT (A) (B) 14 | end 15 | 16 | include ImplemT.T 17 | end 18 | -------------------------------------------------------------------------------- /engine/lib/prelude.ml: -------------------------------------------------------------------------------- 1 | include Base 2 | include Utils 3 | include Ppx_yojson_conv_lib.Yojson_conv.Primitives 4 | -------------------------------------------------------------------------------- /engine/lib/print_rust.mli: -------------------------------------------------------------------------------- 1 | open Ast.Full 2 | 3 | module AnnotatedString : sig 4 | module Output : sig 5 | type t [@@deriving show, yojson] 6 | 7 | val raw_string : t -> string 8 | end 9 | end 10 | 11 | val pitem : item -> AnnotatedString.Output.t 12 | val pitems : item list -> AnnotatedString.Output.t 13 | val pitem_str : item -> string 14 | val pexpr_str : expr -> string 15 | val pty_str : ty -> string 16 | -------------------------------------------------------------------------------- /engine/names/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-engine-names" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme.workspace = true 10 | description = "Dummy crate containing all the Rust names the hax engine should be aware of" 11 | 12 | [dependencies] 13 | hax-lib-protocol = {path = "../../hax-lib-protocol"} 14 | hax-lib = {path = "../../hax-lib"} 15 | 16 | [package.metadata.release] 17 | release = false 18 | -------------------------------------------------------------------------------- /engine/names/extract/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-engine-names-extract" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme.workspace = true 10 | description = "Helper binary generating an OCaml module" 11 | 12 | 13 | [build-dependencies] 14 | serde.workspace = true 15 | serde_json.workspace = true 16 | hax-engine-names.workspace = true 17 | hax-adt-into.workspace = true 18 | tempfile.version = "3.9" 19 | 20 | [features] 21 | default = ["extract_names_mode"] 22 | extract_names_mode = [] 23 | 24 | [lints.rust] 25 | unexpected_cfgs = { level = "warn", check-cfg = ['cfg(feature, values("rustc"))'] } 26 | 27 | [package.metadata.release] 28 | release = false 29 | -------------------------------------------------------------------------------- /engine/names/extract/src/main.rs: -------------------------------------------------------------------------------- 1 | const OCAML_MODULE: &str = include_str!(concat!(env!("OUT_DIR"), "/module.ml")); 2 | 3 | fn main() { 4 | println!("{}", OCAML_MODULE); 5 | } 6 | -------------------------------------------------------------------------------- /engine/names/src/crypto_abstractions.rs: -------------------------------------------------------------------------------- 1 | use hax_lib_protocol::crypto::*; 2 | 3 | fn crypto_abstractions() { 4 | let bytes = vec![0u8; 32]; 5 | let iv = AEADIV::from_bytes(&bytes); 6 | let key = AEADKey::from_bytes(AEADAlgorithm::Chacha20Poly1305, &bytes); 7 | 8 | let (cipher_text, _tag) = aead_encrypt(key, iv, &bytes, &bytes); 9 | let iv = AEADIV::from_bytes(&bytes); 10 | let key = AEADKey::from_bytes(AEADAlgorithm::Chacha20Poly1305, &bytes); 11 | let _ = aead_decrypt(key, iv, &bytes, &cipher_text, AEADTag::from_bytes(&bytes)); 12 | 13 | let p = DHElement::from_bytes(&bytes); 14 | let s = DHScalar::from_bytes(&bytes); 15 | dh_scalar_multiply(DHGroup::X25519, s.clone(), p); 16 | dh_scalar_multiply_base(DHGroup::X25519, s); 17 | 18 | let _ = hmac(HMACAlgorithm::Sha256, &bytes, &bytes); 19 | 20 | let _ = 1u64.to_le_bytes(); 21 | let slice = &bytes[0..1]; 22 | let _ = slice.len(); 23 | let _ = slice.to_vec(); 24 | let _ = [slice, slice].concat(); 25 | let mut v = vec![0]; 26 | v.extend_from_slice(slice); 27 | v.truncate(1); 28 | 29 | let _ = hash(HashAlgorithm::Sha256, &bytes); 30 | let _ = cipher_text.clone(); 31 | } 32 | -------------------------------------------------------------------------------- /engine/utils/generate_from_ast/README.md: -------------------------------------------------------------------------------- 1 | # `generate_from_ast` 2 | 3 | ## `generate_from_ast visitors` 4 | This binary reads the AST module of hax and creates **standalone** 5 | visitors. We need to define visitors and the types of the AST in two 6 | separate modules. Otherwise, each time we instantiate the AST functor, 7 | we end up re-defining every single visitor. Since the AST functor is 8 | instantiated a lot, this used to lead to huge memory consumption while 9 | building. 10 | 11 | This binary takes an OCaml module that defines types as input and 12 | outputs an OCaml module defining visitors for those types. 13 | 14 | Note that this binary relies on the structure and naming of the AST of 15 | hax; it is not intended for any other use. 16 | 17 | ## `generate_from_ast ast_builder` 18 | Generates helpers to build node in the AST. 19 | -------------------------------------------------------------------------------- /engine/utils/generate_from_ast/dune: -------------------------------------------------------------------------------- 1 | (executable 2 | (public_name generate_from_ast) 3 | (name generate_from_ast) 4 | (package hax-engine) 5 | (libraries ppxlib base stdio ppx_deriving_yojson.runtime) 6 | (preprocess 7 | (pps 8 | ppxlib.metaquot 9 | ppx_deriving.eq 10 | ppx_yojson_conv 11 | ppx_compare 12 | ppx_deriving.show))) 13 | 14 | (env 15 | (_ 16 | (flags 17 | (:standard -warn-error -A -warn-error +8)))) 18 | -------------------------------------------------------------------------------- /engine/utils/generate_from_ast/utils.ml: -------------------------------------------------------------------------------- 1 | open Base 2 | include Ppx_yojson_conv_lib.Yojson_conv.Primitives 3 | 4 | let ( >> ) f g x = g (f x) 5 | 6 | let type_declaration_of_structure (str : Ppxlib.structure) : 7 | (string * Ppxlib.type_declaration) list = 8 | let open Ppxlib in 9 | let visitor = 10 | object (self) 11 | inherit Ast_traverse.iter as super 12 | val mutable result = [] 13 | val mutable path_state = [] 14 | 15 | method get_path () = 16 | List.rev path_state |> List.map ~f:(Option.value ~default:"") 17 | 18 | method get_result () = List.rev result 19 | 20 | method! module_binding mb = 21 | let prev_path = path_state in 22 | path_state <- mb.pmb_name.txt :: path_state; 23 | super#module_binding mb; 24 | path_state <- prev_path; 25 | () 26 | 27 | method! type_declaration decl = 28 | let path = 29 | self#get_path () @ [ decl.ptype_name.txt ] |> String.concat ~sep:"." 30 | in 31 | result <- (path, decl) :: result 32 | end 33 | in 34 | visitor#structure str; 35 | visitor#get_result () 36 | -------------------------------------------------------------------------------- /engine/utils/hacspeclib-macro-parser/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name hacspeclib_macro_parser) 3 | (package hax-engine) 4 | (libraries yojson angstrom) 5 | (preprocess 6 | (pps 7 | ppx_yojson_conv 8 | ppx_sexp_conv 9 | ppx_compare 10 | ppx_hash 11 | ppx_deriving.show 12 | ppx_deriving.eq 13 | ppx_matches))) 14 | 15 | (env 16 | (_ 17 | (flags 18 | (:standard -warn-error "-A+8" -w "-17-7-30-56-32")))) 19 | -------------------------------------------------------------------------------- /engine/utils/ppx_functor_application/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name ppx_functor_application) 3 | (package hax-engine) 4 | (kind ppx_rewriter) 5 | (libraries ppxlib base) 6 | (preprocess 7 | (pps ppxlib.metaquot ppx_deriving.eq ppx_deriving.show))) 8 | 9 | (env 10 | (_ 11 | (flags 12 | (:standard -warn-error -A -warn-error +8)))) 13 | -------------------------------------------------------------------------------- /engine/utils/ppx_generate_features/README.md: -------------------------------------------------------------------------------- 1 | # `ppx_generate_features` 2 | 3 | Specific to `hax-engine`: 4 | - generates a `FEATURES` module type; 5 | - modules `Off` and `On` of type `FEATURES`, one with every feature type set to `on`, the other with every feature type set to `off`; 6 | - a `SUBSET.T` module type that describe a subtyping relation between two modules of type `FEATURES`; 7 | - a `SUBSET.Id` module that maps every feature to themselves. 8 | 9 | This PPX aims to alleviates the pain of adding new features. 10 | 11 | -------------------------------------------------------------------------------- /engine/utils/ppx_generate_features/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name ppx_generate_features) 3 | (package hax-engine) 4 | (kind ppx_rewriter) 5 | (libraries ppxlib base) 6 | (preprocess 7 | (pps ppxlib.metaquot ppx_deriving.eq ppx_deriving.show))) 8 | 9 | (env 10 | (_ 11 | (flags 12 | (:standard -warn-error -A -warn-error +8)))) 13 | -------------------------------------------------------------------------------- /engine/utils/ppx_inline/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name ppx_inline) 3 | (package hax-engine) 4 | (kind ppx_rewriter) 5 | (libraries ppxlib base) 6 | (preprocess 7 | (pps ppxlib.metaquot ppx_deriving.eq ppx_compare ppx_deriving.show))) 8 | 9 | (env 10 | (_ 11 | (flags 12 | (:standard -warn-error -A -warn-error +8)))) 13 | -------------------------------------------------------------------------------- /engine/utils/ppx_phases_index/README.md: -------------------------------------------------------------------------------- 1 | # `ppx_phases_index` 2 | 3 | This PPX looks for a `phases` folder in the sources, and generate a 4 | module binding for each, inlining the documentation, so that we can 5 | have a nice index of all the phases with their documentation. 6 | -------------------------------------------------------------------------------- /engine/utils/ppx_phases_index/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name ppx_phases_index) 3 | (package hax-engine) 4 | (kind ppx_rewriter) 5 | (libraries ppxlib base) 6 | (preprocess 7 | (pps ppxlib.metaquot ppx_deriving.eq ppx_compare ppx_deriving.show))) 8 | 9 | (env 10 | (_ 11 | (flags 12 | (:standard -warn-error -A -warn-error +8)))) 13 | -------------------------------------------------------------------------------- /engine/utils/sourcemaps/base64.ml: -------------------------------------------------------------------------------- 1 | open Prelude 2 | 3 | let alphabet = 4 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" 5 | 6 | let encode (n : int) : char = 7 | assert (n >= 0 && n < 64); 8 | String.get alphabet n 9 | 10 | let decode (c : char) : int = String.index alphabet c |> Option.value_exn 11 | -------------------------------------------------------------------------------- /engine/utils/sourcemaps/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name sourcemaps) 3 | (package hax-engine) 4 | (inline_tests) 5 | (preprocess 6 | (pps ppx_inline_test ppx_yojson_conv ppx_deriving.show ppx_deriving.eq)) 7 | (libraries base)) 8 | 9 | (include_subdirs unqualified) 10 | -------------------------------------------------------------------------------- /engine/utils/sourcemaps/location.ml: -------------------------------------------------------------------------------- 1 | open Prelude 2 | 3 | type t = { line : int; col : int } [@@deriving eq, yojson] 4 | 5 | let show { line; col } = 6 | "(" ^ Int.to_string line ^ ":" ^ Int.to_string col ^ ")" 7 | 8 | let pp (fmt : Stdlib.Format.formatter) (s : t) : unit = 9 | Stdlib.Format.pp_print_string fmt @@ show s 10 | 11 | let default = { line = 0; col = 0 } 12 | let plus_cols x cols = { x with col = x.col + cols } 13 | let op ( + ) x y = { line = x.line + y.line; col = x.col + y.col } 14 | let ( + ) = op ( + ) 15 | let ( - ) = op ( - ) 16 | 17 | let compare (x : t) (y : t) : int = 18 | let open Int in 19 | if x.line > y.line then 1 20 | else if x.line = y.line then 21 | if x.col > y.col then 1 else if x.col = y.col then 0 else -1 22 | else -1 23 | -------------------------------------------------------------------------------- /engine/utils/sourcemaps/mappings/dual.ml: -------------------------------------------------------------------------------- 1 | type 'a t = { gen : 'a; src : 'a } [@@deriving show, eq, yojson] 2 | 3 | let transpose ~(default : 'a t) ({ gen; src } : 'a option t) : 'a t option = 4 | match (gen, src) with 5 | | Some gen, None -> Some { gen; src = default.src } 6 | | None, Some src -> Some { gen = default.gen; src } 7 | | Some gen, Some src -> Some { gen; src } 8 | | _ -> None 9 | 10 | let default (type a) (default : a) : a t = { gen = default; src = default } 11 | -------------------------------------------------------------------------------- /engine/utils/sourcemaps/mappings/mappings.mli: -------------------------------------------------------------------------------- 1 | type meta = { file_offset : int; name : int option } 2 | [@@deriving show, eq, yojson] 3 | 4 | type range = { start : Location.t; end_ : Location.t option } 5 | [@@deriving show, eq, yojson] 6 | 7 | module Chunk : sig 8 | type t = { gen : range; src : range; meta : meta } 9 | [@@deriving show, eq, yojson] 10 | 11 | val compare : t -> t -> int 12 | end 13 | 14 | open Chunk 15 | 16 | val decode : string -> t list 17 | val encode : t list -> string 18 | -------------------------------------------------------------------------------- /engine/utils/sourcemaps/mappings/types.ml: -------------------------------------------------------------------------------- 1 | open Prelude 2 | 3 | type meta = { file_offset : int; name : int option } 4 | [@@deriving show, eq, yojson] 5 | 6 | type point = Location.t Dual.t * meta option [@@deriving show, eq, yojson] 7 | -------------------------------------------------------------------------------- /engine/utils/sourcemaps/prelude.ml: -------------------------------------------------------------------------------- 1 | include Base 2 | include Ppx_yojson_conv_lib.Yojson_conv.Primitives 3 | 4 | let ( << ) f g x = f (g x) 5 | let ( >> ) f g x = g (f x) 6 | -------------------------------------------------------------------------------- /engine/utils/sourcemaps/source_maps.mli: -------------------------------------------------------------------------------- 1 | type range = { start : Location.t; end_ : Location.t option } 2 | 3 | module Location : sig 4 | type t = { line : int; col : int } [@@deriving eq] 5 | end 6 | 7 | type mapping = { 8 | gen : range; 9 | src : range; 10 | source : string; 11 | name : string option; 12 | } 13 | (** A source file to generated file mapping *) 14 | 15 | type t = { 16 | mappings : string; 17 | sourceRoot : string; 18 | sources : string list; 19 | sourcesContent : string option list; 20 | names : string list; 21 | version : int; 22 | file : string; 23 | } 24 | [@@deriving yojson] 25 | 26 | val mk : 27 | ?file:string -> 28 | ?sourceRoot:string -> 29 | ?sourcesContent:(string -> string option) -> 30 | mapping list -> 31 | t 32 | 33 | val to_json : t -> string 34 | -------------------------------------------------------------------------------- /examples/.envrc: -------------------------------------------------------------------------------- 1 | use flake .#examples 2 | -------------------------------------------------------------------------------- /examples/Cargo.toml: -------------------------------------------------------------------------------- 1 | [workspace] 2 | members = [ 3 | "chacha20", 4 | "limited-order-book", 5 | "sha256", 6 | "barrett", 7 | "kyber_compress", 8 | "proverif-psk", 9 | "coq-example", 10 | "coverage"] 11 | resolver = "2" 12 | 13 | [workspace.dependencies] 14 | hax-lib = { path = "../hax-lib" } 15 | hax-bounded-integers = { path = "../hax-bounded-integers" } 16 | 17 | -------------------------------------------------------------------------------- /examples/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: default 2 | default: 3 | make -C limited-order-book 4 | make -C chacha20 5 | OTHERFLAGS="--lax" make -C sha256 6 | make -C barrett 7 | make -C kyber_compress 8 | make -C proverif-psk 9 | 10 | clean: 11 | make -C limited-order-book clean 12 | make -C chacha20 clean 13 | make -C sha256 clean 14 | make -C barrett clean 15 | make -C kyber_compress clean 16 | make -C proverif-psk clean 17 | -------------------------------------------------------------------------------- /examples/barrett/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "barrett" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | hax-lib.workspace = true 10 | -------------------------------------------------------------------------------- /examples/barrett/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: default clean 2 | default: 3 | make -C proofs/fstar/extraction 4 | 5 | clean: 6 | rm -f proofs/fstar/extraction/.depend 7 | rm -f proofs/fstar/extraction/*.fst 8 | -------------------------------------------------------------------------------- /examples/chacha20/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "chacha20" 3 | version = "0.1.0" 4 | authors = ["Franziskus Kiefer "] 5 | edition = "2021" 6 | 7 | [dependencies] 8 | hax-lib.workspace = true 9 | hax-bounded-integers.workspace = true 10 | -------------------------------------------------------------------------------- /examples/chacha20/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: default clean 2 | default: 3 | make -C proofs/fstar/extraction 4 | 5 | clean: 6 | rm -f proofs/fstar/extraction/.depend 7 | rm -f proofs/fstar/extraction/*.fst 8 | -------------------------------------------------------------------------------- /examples/chacha20/proofs/fstar/extraction/hax.fst.config.json: -------------------------------------------------------------------------------- 1 | { 2 | "fstar_exe": "fstar.exe", 3 | "options": [ 4 | "--cmi", 5 | "--warn_error", 6 | "-331", 7 | "--cache_checked_modules", 8 | "--cache_dir", 9 | "${HAX_HOME}/proof-libs/fstar/.cache", 10 | "--already_cached", 11 | "+Prims+FStar+LowStar+C+Spec.Loops+TestLib", 12 | "--query_stats", 13 | "--split_queries", 14 | "always" 15 | ], 16 | "include_dirs": [ 17 | ".", 18 | "${HACL_HOME}/lib", 19 | "${HAX_HOME}/proof-libs/fstar/rust_primitives", 20 | "${HAX_HOME}/proof-libs/fstar/core", 21 | "${HAX_HOME}/proof-libs/fstar/hax_lib", 22 | "${HAX_HOME}/hax-lib/proofs/fstar/extraction" 23 | ] 24 | } 25 | -------------------------------------------------------------------------------- /examples/commonArgs.nix: -------------------------------------------------------------------------------- 1 | { 2 | craneLib, 3 | lib, 4 | }: 5 | let 6 | matches = re: path: !builtins.isNull (builtins.match re path); 7 | in 8 | { 9 | version = "0.0.1"; 10 | src = lib.cleanSourceWith { 11 | src = craneLib.path ./..; 12 | filter = path: type: 13 | # We include only certain files. FStar files under the example 14 | # directory are listed out. Same for proverif (*.pvl) files. 15 | ( matches ".*(Makefile|.*[.](rs|toml|lock|diff|fsti?|pv))$" path 16 | && !matches ".*examples/.*[.]fsti?$" path 17 | ) || ("directory" == type); 18 | }; 19 | doCheck = false; 20 | cargoVendorDir = craneLib.vendorMultipleCargoDeps { 21 | cargoLockList = [ 22 | ./Cargo.lock 23 | ../Cargo.lock 24 | ]; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /examples/coq-example/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "coq-example" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | hax-lib = {path = "../../hax-lib" } 8 | -------------------------------------------------------------------------------- /examples/coq-example/proofs/coq/extraction/Coq_example_Dummy_core_lib.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | From Core Require Import Core. 13 | 14 | (* NotImplementedYet *) 15 | -------------------------------------------------------------------------------- /examples/coq-example/proofs/coq/extraction/Coq_proofs.v: -------------------------------------------------------------------------------- 1 | (* Handwritten Proofs *) 2 | 3 | From Coq Require Import ZArith. 4 | Require Import List. 5 | Import List.ListNotations. 6 | 7 | From Coq_example Require Import Coq_example. 8 | 9 | 10 | (* Check example *) 11 | Example is_example_correct : example tt = [-7]. Proof. reflexivity. Qed. 12 | 13 | (* Proof composite operations *) 14 | Theorem dup_mul_is_square : forall x, 15 | impl__Instruction__interpret Instruction_Mul ( 16 | impl__Instruction__interpret Instruction_Dup [x]) 17 | = [Z.pow x 2]. 18 | Proof. 19 | intros. 20 | cbn. 21 | rewrite Z.mul_1_r. 22 | reflexivity. 23 | Qed. 24 | 25 | Theorem push_pop_cancel : forall l x, 26 | impl__Instruction__interpret Instruction_Pop ( 27 | impl__Instruction__interpret (Instruction_Push x) l) 28 | = l. 29 | Proof. 30 | intros. 31 | cbn. 32 | reflexivity. 33 | Qed. 34 | -------------------------------------------------------------------------------- /examples/coq-example/src/dummy_core_lib.rs: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /examples/coverage/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "coverage" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | -------------------------------------------------------------------------------- /examples/coverage/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | stdenv, 3 | lib, 4 | hax, 5 | coqPackages, 6 | craneLib, 7 | bat, 8 | coqGeneratedCore ? import ../../proof-libs/coq/coq {inherit stdenv coqPackages;}, 9 | }: 10 | let 11 | commonArgs = import ../commonArgs.nix {inherit craneLib lib;}; 12 | cargoArtifacts = craneLib.buildDepsOnly commonArgs; 13 | in 14 | craneLib.mkCargoDerivation (commonArgs // { 15 | inherit cargoArtifacts; 16 | pname = "coverage"; 17 | doCheck = false; 18 | buildPhaseCargoCommand = '' 19 | ( 20 | cd examples/coverage/ 21 | cargo hax into coq 22 | cd proofs/coq/extraction/ 23 | echo -e "-R ${coqGeneratedCore}/lib/coq/user-contrib/Core Core\n$(cat _CoqProject)" > _CoqProject 24 | coq_makefile -f _CoqProject -o Makefile 25 | make 26 | ) 27 | ''; 28 | cargoToml = ./Cargo.toml; 29 | buildInputs = [ 30 | hax 31 | coqPackages.coq-record-update 32 | coqPackages.coq 33 | ]; 34 | }) -------------------------------------------------------------------------------- /examples/coverage/src/lib.rs: -------------------------------------------------------------------------------- 1 | // https://doc.rust-lang.org/reference/types.html 2 | mod test_primitives; 3 | // mod test_sequence; 4 | 5 | // mod test_enum; 6 | // mod test_struct; 7 | 8 | // mod test_closures; 9 | // mod test_functions; 10 | 11 | // mod test_instance; 12 | 13 | // mod test_trait; 14 | 15 | // mod test_arrays; 16 | -------------------------------------------------------------------------------- /examples/coverage/src/test_closures.rs: -------------------------------------------------------------------------------- 1 | // TODO: 2 | // fn test() { 3 | // let add : fn(i32, i32) -> i32 = |x, y| x + y; 4 | // let _ = (|x : &u8| { x + x })(&2); 5 | 6 | // fn f u8> (g: F) -> u8 { 7 | // g() + 2 8 | // } 9 | 10 | // f(|| { 11 | // 23 12 | // }); 13 | // // Prints "foobar". 14 | // } 15 | -------------------------------------------------------------------------------- /examples/coverage/src/test_functions.rs: -------------------------------------------------------------------------------- 1 | fn first((value, _): (A, i32), y: B) -> A 2 | where 3 | B: Clone, 4 | { 5 | value 6 | } 7 | 8 | // foo is generic over A and B 9 | 10 | fn foo1(x: A, y: B) {} 11 | 12 | fn foo2(x: &[T], y: &[T; 1]) 13 | where 14 | T: Clone, 15 | { 16 | // details elided 17 | } 18 | 19 | fn test() { 20 | let x = [1u8]; 21 | foo2(&x, &x); 22 | foo2(&[1, 2], &x); 23 | } 24 | 25 | extern "Rust" fn foo3() {} 26 | 27 | // async fn regular_example() { } // TODO: Not yet supported 28 | 29 | // Requires std::fmt; 30 | // fn documented() { 31 | // #![doc = "Example"] 32 | // } 33 | -------------------------------------------------------------------------------- /examples/coverage/src/test_instance.rs: -------------------------------------------------------------------------------- 1 | // enum SomeEnum { 2 | // None, 3 | // Some(T), 4 | // } 5 | 6 | // trait SomeTrait { 7 | // fn some_fun(&self) -> Self; 8 | // } 9 | 10 | // impl SomeTrait for SomeEnum 11 | // where 12 | // T: SomeTrait, 13 | // { 14 | // #[inline] 15 | // fn some_fun(&self) -> Self { 16 | // match self { 17 | // SomeEnum::Some(x) => SomeEnum::Some(x.some_fun()), 18 | // SomeEnum::None => SomeEnum::None, 19 | // } 20 | // } 21 | // } 22 | -------------------------------------------------------------------------------- /examples/coverage/src/test_primitives.rs: -------------------------------------------------------------------------------- 1 | fn test_primtives() { 2 | // bool 3 | let _: bool = false; 4 | let _: bool = true; 5 | 6 | // Numerics 7 | let _: u8 = 12u8; 8 | let _: u16 = 123u16; 9 | let _: u32 = 1234u32; 10 | let _: u64 = 12345u64; 11 | let _: u128 = 123456u128; 12 | let _: usize = 32usize; 13 | 14 | let _: i8 = -12i8; 15 | let _: i16 = 123i16; 16 | let _: i32 = -1234i32; 17 | let _: i64 = 12345i64; 18 | let _: i128 = 123456i128; 19 | let _: isize = -32isize; 20 | 21 | let _: f32 = 1.2f32; 22 | let _: f64 = -1.23f64; 23 | 24 | // Textual 25 | let _: char = 'c'; 26 | let _: &str = "hello world"; 27 | 28 | // Never 29 | // cannot be built 30 | } 31 | -------------------------------------------------------------------------------- /examples/coverage/src/test_sequence.rs: -------------------------------------------------------------------------------- 1 | fn test() { 2 | // Tuple 3 | let _: () = (); 4 | let _: (u8, u16, i8) = (1, 2, 3); 5 | let _: u8 = (1, 2).0; 6 | let _: u8 = (1,).0; 7 | let _: u8 = (1, 2, 3, 4, 5).3; 8 | 9 | // Array 10 | let _: [u8; 0] = []; 11 | let _: [&str; 3] = ["23", "a", "hllo"]; 12 | let _: [u8; 14] = [2; 14]; 13 | 14 | // Slice 15 | let _: &[u8] = &[1, 2, 3, 4]; 16 | let _: &[&str] = &[]; 17 | } 18 | -------------------------------------------------------------------------------- /examples/coverage/src/test_trait.rs: -------------------------------------------------------------------------------- 1 | // Broken.. 2 | 3 | // // Co-inductive trait 4 | // trait TraitA { 5 | // type B : TraitB; 6 | // } 7 | 8 | // trait TraitB { 9 | // fn test(other : U) -> U 10 | // where U: TraitA; 11 | // } 12 | -------------------------------------------------------------------------------- /examples/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | craneLib, 3 | stdenv, 4 | lib, 5 | hax, 6 | fstar, 7 | hacl-star, 8 | hax-env, 9 | jq, 10 | proverif, 11 | }: let 12 | commonArgs = import ./commonArgs.nix {inherit craneLib lib;}; 13 | cargoArtifacts = craneLib.buildDepsOnly commonArgs; 14 | in 15 | craneLib.mkCargoDerivation (commonArgs 16 | // { 17 | inherit cargoArtifacts; 18 | pname = "hax-examples"; 19 | doCheck = false; 20 | buildPhaseCargoCommand = '' 21 | cd examples 22 | eval $(hax-env) 23 | export CACHE_DIR=$(mktemp -d) 24 | export HINT_DIR=$(mktemp -d) 25 | export SHELL=${stdenv.shell} 26 | make clean # Should be a no-op (see `filter` above) 27 | # Need to inject `HAX_VANILLA_RUSTC=never` because of #472 28 | sed -i "s/make -C limited-order-book/HAX_VANILLA_RUSTC=never make -C limited-order-book/g" Makefile 29 | make 30 | ''; 31 | buildInputs = [ 32 | hax hax-env fstar jq 33 | (proverif.overrideDerivation (_: { 34 | patches = [ ./proverif-psk/pv_div_by_zero_fix.diff ]; 35 | })) 36 | ]; 37 | }) 38 | -------------------------------------------------------------------------------- /examples/hax.fst.config.json: -------------------------------------------------------------------------------- 1 | { 2 | "fstar_exe": "fstar.exe", 3 | "options": [ 4 | "--cmi", 5 | "--warn_error", 6 | "-331", 7 | "--cache_checked_modules", 8 | "--cache_dir", 9 | "${HAX_HOME}/proof-libs/fstar/.cache", 10 | "--already_cached", 11 | "+Prims+FStar+LowStar+C+Spec.Loops+TestLib", 12 | "--query_stats", 13 | "--split_queries", 14 | "always" 15 | ], 16 | "include_dirs": [ 17 | ".", 18 | "${HACL_HOME}/lib", 19 | "${HAX_HOME}/proof-libs/fstar/rust_primitives", 20 | "${HAX_HOME}/proof-libs/fstar/core", 21 | "${HAX_HOME}/proof-libs/fstar/hax_lib" 22 | ] 23 | } 24 | -------------------------------------------------------------------------------- /examples/kyber_compress/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "kyber_compress" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | hax-lib.workspace = true 10 | -------------------------------------------------------------------------------- /examples/kyber_compress/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: default clean 2 | default: 3 | make -C proofs/fstar/extraction 4 | 5 | clean: 6 | rm -f proofs/fstar/extraction/.depend 7 | rm -f proofs/fstar/extraction/*.fst 8 | -------------------------------------------------------------------------------- /examples/limited-order-book/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "lob_backend" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [lib] 9 | crate-type = ["cdylib", "lib"] 10 | 11 | [dependencies] 12 | candid = "0.9.6" 13 | ic-cdk = "0.10.0" 14 | ic-cdk-macros = "0.8.1" 15 | hax-lib.workspace = true 16 | serde = { version = "1.0" } 17 | -------------------------------------------------------------------------------- /examples/limited-order-book/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: default 2 | default: 3 | make -C proofs/fstar/extraction 4 | 5 | clean: 6 | rm -f proofs/fstar/extraction/.depend 7 | rm -f proofs/fstar/extraction/*.fst 8 | -------------------------------------------------------------------------------- /examples/limited-order-book/README.md: -------------------------------------------------------------------------------- 1 | This crate comes from https://github.com/oggy-dfin/lob 2 | -------------------------------------------------------------------------------- /examples/limited-order-book/lob_backend.did: -------------------------------------------------------------------------------- 1 | type GetBookResult = record { asks : vec Order; bids : vec Order }; 2 | type Match = record { 3 | ask_id : nat64; 4 | quantity : nat64; 5 | price : nat64; 6 | bid_id : nat64; 7 | }; 8 | type Order = record { 9 | id : nat64; 10 | side : Side; 11 | quantity : nat64; 12 | price : nat64; 13 | }; 14 | type Side = variant { Buy; Sell }; 15 | service : (opt principal) -> { 16 | add_order : (Order) -> (vec Match); 17 | get_book : () -> (GetBookResult) query; 18 | } -------------------------------------------------------------------------------- /examples/proverif-psk/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "proverif-psk" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | hax-lib.workspace = true 10 | libcrux = "=0.0.2-pre.2" 11 | 12 | [dev-dependencies] 13 | rand = { version = "0.8" } 14 | -------------------------------------------------------------------------------- /examples/proverif-psk/Makefile: -------------------------------------------------------------------------------- 1 | check: ./proofs/proverif/extraction/lib.pvl 2 | timeout 30 proverif -lib ./proofs/proverif/extraction/lib.pvl ./proofs/proverif/extraction/analysis.pv 3 | 4 | proofs/proverif/extraction/lib.pvl: 5 | cargo hax into pro-verif 6 | 7 | clean: 8 | rm -f proofs/proverif/extraction/lib.pvl 9 | -------------------------------------------------------------------------------- /examples/proverif-psk/pv_div_by_zero_fix.diff: -------------------------------------------------------------------------------- 1 | diff proverif2.05/src/display.ml proverif2.05/src/display.ml 2 | index c43785ec..2763d907 100644 3 | --- proverif/src/display.ml 4 | +++ proverif/src/display.ml 5 | @@ -49,7 +49,7 @@ let dynamic_display str = 6 | then display_whitespace (!record_cursor_line - size); 7 | (* If we cannot determine the number of columns, we just assume that the statistics 8 | will fit on one line (the statistics will not be active by default) *) 9 | - let lines = if columns = -1 then 0 else ((max (!record_cursor_line) size) - 1) / columns in 10 | + let lines = if columns <= 0 then 0 else ((max (!record_cursor_line) size) - 1) / columns in 11 | (* Go to the beginning of the line *) 12 | print_string "\r"; 13 | if lines > 0 then 14 | -------------------------------------------------------------------------------- /examples/sha256/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | Cargo.lock 3 | -------------------------------------------------------------------------------- /examples/sha256/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "sha256" 3 | version = "0.1.0" 4 | authors = ["Franziskus Kiefer "] 5 | edition = "2021" 6 | 7 | [lib] 8 | path = "src/sha256.rs" 9 | 10 | [dependencies] 11 | hax-lib.workspace = true 12 | -------------------------------------------------------------------------------- /examples/sha256/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: default 2 | default: 3 | make -C proofs/fstar/extraction 4 | 5 | clean: 6 | rm -f proofs/fstar/extraction/.depend 7 | rm -f proofs/fstar/extraction/*.fst 8 | -------------------------------------------------------------------------------- /frontend/exporter/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-frontend-exporter" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme.workspace = true 10 | description = "Provides mirrors of the algebraic data types used in the Rust compilers, removing indirections and inlining various pieces of information." 11 | 12 | [package.metadata.rust-analyzer] 13 | rustc_private=true 14 | 15 | [dependencies] 16 | hax-adt-into.workspace = true 17 | serde.workspace = true 18 | serde_json.workspace = true 19 | schemars.workspace = true 20 | itertools.workspace = true 21 | hax-frontend-exporter-options.workspace = true 22 | tracing.workspace = true 23 | paste = "1.0.11" 24 | extension-traits = "1.0.1" 25 | lazy_static = "1.4.0" 26 | 27 | [features] 28 | default = ["rustc"] 29 | extract_names_mode = [] 30 | # Enables the conversion bridges from rustc types (and AST) to the 31 | # ones defined in this crate. Enabling `rustc` adds a dependency to 32 | # `librustc_driver`. 33 | rustc = [] 34 | -------------------------------------------------------------------------------- /frontend/exporter/README.md: -------------------------------------------------------------------------------- 1 | # Special core extraction mode 2 | For now, the frontend is sensible to the `HAX_CORE_EXTRACTION_MODE` 3 | variable environment that enables a special mode. 4 | -------------------------------------------------------------------------------- /frontend/exporter/adt-into/.gitignore: -------------------------------------------------------------------------------- 1 | /target 2 | /Cargo.lock 3 | -------------------------------------------------------------------------------- /frontend/exporter/adt-into/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-adt-into" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme.workspace = true 10 | description = "Provides the `adt_into` procedural macro, allowing for mirroring data types with small variations." 11 | 12 | [lib] 13 | proc-macro = true 14 | 15 | [dependencies] 16 | itertools.workspace = true 17 | syn.workspace = true 18 | proc-macro2 = "1.0" 19 | quote = "1.0" 20 | 21 | [dev-dependencies] 22 | tracing.workspace = true 23 | -------------------------------------------------------------------------------- /frontend/exporter/adt-into/README.md: -------------------------------------------------------------------------------- 1 | # hax adt into 2 | 3 | This crate provides the `adt_into` procedural macro, allowing for 4 | mirroring data types with small variations. 5 | 6 | This crate is used by the frontend of hax, where we need to mirror a 7 | big part of the data types defined by the Rust compiler. While the 8 | abstract syntax trees (ASTs) from the Rust compiler expose a lot of 9 | indirections (identifiers one should lookup, additional informations 10 | reachable only via interactive queries), hax exposes the same ASTs, 11 | removing indirections and inlining additional informations. 12 | 13 | The `adt_into` derive macro can be used on `struct`s and `enum`s. `adt_into` then looks for another `#[args(, from: FROM_TYPE, state: STATE_TYPE as SOME_NAME)]` attribute. Such an attribute means that the `struct` or `enum` mirrors the type `FROM_TYPE`, and that the transformation is carried along with a state of type `STATE_TYPE` that will be accessible via the name `SOME_NAME`. 14 | 15 | An example is available in the `tests` folder. 16 | -------------------------------------------------------------------------------- /frontend/exporter/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | craneLib, 3 | stdenv, 4 | makeWrapper, 5 | lib, 6 | rustc, 7 | gcc, 8 | }: let 9 | commonArgs = { 10 | version = "0.0.1"; 11 | src = craneLib.cleanCargoSource ./.; 12 | }; 13 | pname = "hax-rust-frontend"; 14 | cargoArtifacts = craneLib.buildDepsOnly (commonArgs 15 | // { 16 | pname = "${pname}-deps"; 17 | }); 18 | in 19 | craneLib.buildPackage (commonArgs 20 | // { 21 | inherit cargoArtifacts pname; 22 | }) 23 | # hax // { 24 | # passthru = hax.passthru or {} // { 25 | # wrapped = hax-engine: stdenv.mkDerivation { 26 | # name = "hax"; 27 | # buildInputs = [ makeWrapper ]; 28 | # phases = ["installPhase"]; 29 | # installPhase = '' 30 | # mkdir -p $out/bin 31 | # makeWrapper ${hax}/bin/cargo-hax $out/bin/cargo-hax \ 32 | # --prefix PATH : ${ 33 | # lib.makeBinPath [ 34 | # hax 35 | # hax-engine 36 | # rustc gcc 37 | # ] 38 | # } 39 | # ''; 40 | # meta.mainProgram = "cargo-hax"; 41 | # }; 42 | # }; 43 | # } 44 | 45 | -------------------------------------------------------------------------------- /frontend/exporter/options/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-frontend-exporter-options" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme.workspace = true 10 | description = "The options the `hax-frontend-exporter` crate is sensible to." 11 | 12 | [dependencies] 13 | serde.workspace = true 14 | serde_json.workspace = true 15 | schemars.workspace = true 16 | hax-adt-into.workspace = true 17 | -------------------------------------------------------------------------------- /frontend/exporter/src/prelude.rs: -------------------------------------------------------------------------------- 1 | pub use crate::*; 2 | pub use schemars::{schema_for, JsonSchema}; 3 | pub use serde::{Deserialize, Serialize}; 4 | pub use std::collections::HashMap; 5 | pub use std::path::PathBuf; 6 | pub use std::rc::Rc; 7 | 8 | pub use crate::body::*; 9 | pub use crate::constant_utils::*; 10 | pub use crate::id_table; 11 | pub use crate::index_vec::*; 12 | pub use crate::traits::*; 13 | pub use crate::types::*; 14 | 15 | #[cfg(feature = "rustc")] 16 | pub use self::rustc::*; 17 | #[cfg(feature = "rustc")] 18 | pub mod rustc { 19 | pub use crate::rustc_utils::*; 20 | pub use crate::state::*; 21 | pub use crate::utils::*; 22 | } 23 | 24 | pub(crate) use hax_adt_into::derive_group; 25 | -------------------------------------------------------------------------------- /frontend/exporter/src/types/mod.rs: -------------------------------------------------------------------------------- 1 | // There's a conflict between `mir::ScalarInt`and `todo::ScalarInt` but it doesn't matter. 2 | #![allow(ambiguous_glob_reexports)] 3 | 4 | mod def_id; 5 | mod hir; 6 | mod mir; 7 | mod new; 8 | pub(crate) mod serialize_int; 9 | mod span; 10 | mod thir; 11 | mod ty; 12 | 13 | pub use def_id::*; 14 | pub use hir::*; 15 | pub use mir::*; 16 | pub use new::*; 17 | pub use span::*; 18 | pub use thir::*; 19 | pub use ty::*; 20 | -------------------------------------------------------------------------------- /frontend/exporter/src/types/new/impl_infos.rs: -------------------------------------------------------------------------------- 1 | use crate::prelude::*; 2 | 3 | /// Meta-informations about an `impl TRAIT for 4 | /// TYPE where PREDICATES {}` 5 | #[derive_group(Serializers)] 6 | #[derive(Clone, Debug, JsonSchema)] 7 | pub struct ImplInfos { 8 | pub generics: TyGenerics, 9 | pub clauses: Vec<(Clause, Span)>, 10 | pub typ: Ty, 11 | pub trait_ref: Option, 12 | } 13 | -------------------------------------------------------------------------------- /frontend/exporter/src/types/new/mod.rs: -------------------------------------------------------------------------------- 1 | //! This module contains type definitions that have no equivalent in 2 | //! Rustc. 3 | 4 | mod full_def; 5 | mod impl_infos; 6 | mod item_attributes; 7 | mod predicate_id; 8 | mod variant_infos; 9 | 10 | pub use full_def::*; 11 | pub use impl_infos::*; 12 | pub use item_attributes::*; 13 | pub use predicate_id::*; 14 | pub use variant_infos::*; 15 | -------------------------------------------------------------------------------- /frontend/exporter/src/types/new/variant_infos.rs: -------------------------------------------------------------------------------- 1 | use crate::prelude::*; 2 | use crate::sinto_as_usize; 3 | 4 | /// Describe the kind of a variant 5 | #[derive_group(Serializers)] 6 | #[derive(Clone, Debug, JsonSchema, Hash, PartialEq, Eq, PartialOrd, Ord)] 7 | pub enum VariantKind { 8 | /// The variant is the only variant of a `struct` type 9 | Struct { 10 | /// Are the fields on this struct all named? 11 | named: bool, 12 | }, 13 | /// The variant is the only variant of a `union` type 14 | Union, 15 | /// The variant is one of the many variants of a `enum` type 16 | Enum { 17 | /// The index of this variant in the `enum` 18 | index: VariantIdx, 19 | /// Are the fields on this struct all named? 20 | named: bool, 21 | }, 22 | } 23 | 24 | sinto_as_usize!(rustc_abi, VariantIdx); 25 | 26 | /// Describe a variant 27 | #[derive_group(Serializers)] 28 | #[derive(Clone, Debug, JsonSchema, Hash, PartialEq, Eq, PartialOrd, Ord)] 29 | pub struct VariantInformations { 30 | pub type_namespace: DefId, 31 | 32 | pub typ: DefId, 33 | pub variant: DefId, 34 | pub kind: VariantKind, 35 | } 36 | -------------------------------------------------------------------------------- /frontend/exporter/src/utils/mod.rs: -------------------------------------------------------------------------------- 1 | mod error_macros; 2 | mod type_map; 3 | 4 | pub use error_macros::*; 5 | pub use type_map::*; 6 | -------------------------------------------------------------------------------- /hax-bounded-integers/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-bounded-integers" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme.workspace = true 10 | description = "Newtypes for working with bounded integers with hax" 11 | 12 | [dependencies] 13 | duplicate = "1.0.0" 14 | hax-lib.workspace = true 15 | paste = "1.0.15" 16 | -------------------------------------------------------------------------------- /hax-lib-protocol-macros/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-lib-protocol-macros" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme.workspace = true 10 | 11 | [lib] 12 | proc-macro = true 13 | 14 | [dependencies] 15 | proc-macro-error2 = { version = "2.0" } 16 | proc-macro2.workspace = true 17 | quote.workspace = true 18 | syn = { version = "2.0", features = [ 19 | "full", 20 | "visit-mut", 21 | "extra-traits", 22 | "parsing", 23 | ] } 24 | 25 | [package.metadata.release] 26 | release = false 27 | -------------------------------------------------------------------------------- /hax-lib-protocol/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-lib-protocol" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme.workspace = true 10 | 11 | [dependencies] 12 | libcrux = "0.0.2-pre.2" 13 | 14 | [package.metadata.release] 15 | release = false 16 | -------------------------------------------------------------------------------- /hax-lib-protocol/README.md: -------------------------------------------------------------------------------- 1 | # Hax Protocol Library 2 | This crate provides tools for protocol developers to write protcol 3 | specifications for hax. 4 | 5 | ## Protocol Traits 6 | To hax, a protocol is a collection of communicating state 7 | machines. This module provides traits that describe parts of a state 8 | machine's behaviour, specifically it provides traits for creating an 9 | initial state, and for state transition behaviour when reading or 10 | writing a message. 11 | 12 | ## Cryptographic Abstractions 13 | Beside message passing and state transitions, a protocol of course 14 | includes operations on the sent and received messages. For 15 | cryptographic protocols, these will be of a fairly restricted set of 16 | cryptoraphic primitive operations, which are provided in these 17 | cryptographic abstractions. This allows protocol authors to specify 18 | protocol party internal operations in a way that is easily accessible 19 | to hax. 20 | -------------------------------------------------------------------------------- /hax-lib-protocol/src/lib.rs: -------------------------------------------------------------------------------- 1 | //! This crate provides tools for protocol authors to write protocol 2 | //! specifications for hax. 3 | //! 4 | //! It contains a collection traits describing state machine behaviour, as 5 | //! well as a library of abstract primitive cryptographic operations for 6 | //! use in protocol specifications. 7 | 8 | pub mod crypto; 9 | pub mod state_machine; 10 | 11 | /// A protocol error type. 12 | #[derive(Debug)] 13 | pub enum ProtocolError { 14 | /// An error in the crypto abstraction layer 15 | CryptoError, 16 | /// On receiving an unexpected message, i.e. one that does not allow a state 17 | /// transition from the current state. 18 | InvalidMessage, 19 | /// On receiving invalid initialization data. 20 | InvalidPrologue, 21 | } 22 | 23 | pub type ProtocolResult = Result; 24 | -------------------------------------------------------------------------------- /hax-lib/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-lib" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme = "README.md" 10 | description = "Hax-specific helpers for Rust programs" 11 | 12 | 13 | [target.'cfg(hax)'.dependencies] 14 | num-bigint = { version = "0.4", default-features = false } 15 | num-traits = { version = "0.2", default-features = false } 16 | 17 | [dependencies] 18 | hax-lib-macros = { workspace = true, optional = true } 19 | 20 | [features] 21 | default = ["macros"] 22 | macros = ["dep:hax-lib-macros"] 23 | 24 | [lints.rust] 25 | unexpected_cfgs = { level = "warn", check-cfg = ['cfg(hax)'] } 26 | -------------------------------------------------------------------------------- /hax-lib/README.md: -------------------------------------------------------------------------------- 1 | # hax library 2 | 3 | This crate contains helpers that can be used when writing Rust code that is proven 4 | through the hax toolchain. 5 | 6 | **⚠️ The code in this crate has no effect when compiled without the `--cfg hax`.** 7 | 8 | ## Examples: 9 | 10 | ```rust 11 | fn sum(x: Vec, y: Vec) -> Vec { 12 | hax_lib::assume!(x.len() == y.len()); 13 | hax_lib::assert!(hax_lib::forall(|i: usize| hax_lib::implies(i < x.len(), || x[i] < 4242))); 14 | hax_lib::debug_assert!(hax_lib::exists(|i: usize| hax_lib::implies(i < x.len(), || x[i] > 123))); 15 | x.into_iter().zip(y.into_iter()).map(|(x, y)| x + y).collect() 16 | } 17 | ``` 18 | -------------------------------------------------------------------------------- /hax-lib/macros/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-lib-macros" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme = "README.md" 10 | description = "Hax-specific proc-macros for Rust programs" 11 | 12 | [lib] 13 | proc-macro = true 14 | 15 | [target.'cfg(hax)'.dependencies] 16 | proc-macro-error2 = { version = "2.0" } 17 | hax-lib-macros-types = { workspace = true } 18 | syn = { version = "2.0", features = ["full", "visit-mut", "visit"] } 19 | 20 | [dependencies] 21 | syn = { version = "2.0", features = ["full", "visit", "visit-mut"] } 22 | proc-macro2 = { workspace = true } 23 | quote = { workspace = true } 24 | 25 | [dev-dependencies] 26 | hax-lib = { path = ".." } 27 | 28 | [lints.rust] 29 | unexpected_cfgs = { level = "warn", check-cfg = ['cfg(hax)', 'cfg(doc_cfg)'] } 30 | -------------------------------------------------------------------------------- /hax-lib/macros/README.md: -------------------------------------------------------------------------------- 1 | # hax proc macros 2 | 3 | Hax-specific proc-macros for Rust programs. 4 | 5 | This crate defines proc macros to be used in Rust programs that are extracted with 6 | hax. 7 | It provides proc macros such as `requires` and `ensures` to define pre- and post-conditions 8 | for functions. 9 | -------------------------------------------------------------------------------- /hax-lib/macros/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Proc-macros must "reside in the root of the crate": whence the use 2 | // of `std::include!` instead of proper module declaration. 3 | 4 | #![cfg_attr(hax, feature(macro_metavar_expr_concat))] 5 | 6 | #[cfg(hax)] 7 | std::include!("implementation.rs"); 8 | 9 | #[cfg(not(hax))] 10 | std::include!("dummy.rs"); 11 | -------------------------------------------------------------------------------- /hax-lib/macros/types/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-lib-macros-types" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme = "README.md" 10 | description = "Hax-internal types" 11 | 12 | [dependencies] 13 | serde.workspace = true 14 | serde_json.workspace = true 15 | schemars = {workspace = true, optional = true} 16 | quote.workspace = true 17 | proc-macro2.workspace = true 18 | uuid = { version = "1.5", features = ["v4"] } 19 | 20 | -------------------------------------------------------------------------------- /hax-lib/macros/types/README.md: -------------------------------------------------------------------------------- 1 | # hax internal types 2 | 3 | A crate that defines the types of the various payloads of the attributes produced by the crate `hax-lib-macros` and consumed internally by the engine of hax. 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/.gitignore: -------------------------------------------------------------------------------- 1 | *.vo* 2 | *.aux 3 | *.glob 4 | *.cache 5 | .Makefile.d 6 | Makefile 7 | Makefile.conf 8 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | stdenv ? (import {}).stdenv, 3 | coqPackages ? (import {}).coqPackages, 4 | }: 5 | stdenv.mkDerivation { 6 | name = "hax-coq-generated-core"; 7 | src = ./generated-core; 8 | buildPhase = '' 9 | coq_makefile -f _CoqProject -o Makefile 10 | make 11 | ''; 12 | installPhase = '' 13 | export DESTDIR=$out 14 | make install 15 | mv $out/nix/store/*/lib $out 16 | rm -rf $out/nix 17 | ''; 18 | buildInputs = [ 19 | coqPackages.coq-record-update 20 | coqPackages.coq 21 | ]; 22 | } 23 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/spec/Core_Base_Spec_Binary.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | From Core Require Import Core_Base_Spec_Binary_Pos. 16 | Export Core_Base_Spec_Binary_Pos. 17 | 18 | From Core Require Import Core_Base_Spec_Binary_Positive. 19 | Export Core_Base_Spec_Binary_Positive. 20 | 21 | (* NotImplementedYet *) 22 | 23 | (* NotImplementedYet *) 24 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/spec/Core_Base_Spec_Binary_Pos.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | From Core Require Import Core_Base_Spec_Haxint. 16 | Export Core_Base_Spec_Haxint. 17 | 18 | From Core Require Import Core_Base_Spec_Binary_Positive. 19 | Export Core_Base_Spec_Binary_Positive. 20 | 21 | Notation "'t_POS'" := N. 22 | Notation "'POS_ZERO'" := N0. 23 | Notation "'POS_POS'" := Npos. 24 | 25 | Definition match_pos (s : t_HaxInt) : t_POS := s. 26 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/spec/Core_Base_Spec_Haxint.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | Notation "'t_HaxInt'" := N. 16 | 17 | Definition v_HaxInt_ONE : t_HaxInt := 1. 18 | Definition v_HaxInt_TWO : t_HaxInt := 2. 19 | Definition v_HaxInt_ZERO : t_HaxInt := 0. 20 | 21 | Definition div2 (s : t_HaxInt) : t_HaxInt := s / 2. 22 | 23 | Definition is_zero (s : t_HaxInt) : bool := match s with | N0 => true | _ => false end. 24 | 25 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/spec/Core_Base_Spec_Seq.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | Notation "'t_Seq'" := list. 16 | 17 | Notation "'t_LIST'" := list. 18 | Notation "'LIST_NIL'" := nil. 19 | Notation "'LIST_CONS'" := cons. 20 | 21 | Notation "'nil'" := nil. 22 | Notation "'cons'" := (fun x y => cons y x). 23 | 24 | Definition match_list {T} (x : t_Seq T) : t_LIST T := x. 25 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/spec/Core_Base_Spec_Unary.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | From Core Require Import Core_Base_Spec_Haxint. 16 | Export Core_Base_Spec_Haxint. 17 | 18 | Notation "'t_Unary'" := nat. 19 | 20 | Notation "'t_UNARY'" := nat. 21 | Notation "'UNARY_ZERO'" := O. 22 | Notation "'UNARY_SUCC'" := S. 23 | 24 | Definition unary_from_int (x : t_HaxInt) : t_Unary := N.to_nat x. 25 | Definition unary_to_int (s : t_Unary) : t_HaxInt := N.of_nat s. 26 | 27 | Definition pred (x : t_Unary) : t_Unary := Nat.pred x. 28 | 29 | Definition match_unary (s : t_Unary) : t_UNARY := s. 30 | 31 | Definition succ (x : t_Unary) : t_Unary := S x. 32 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/spec/Core_Base_Spec_Z.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | From Core Require Import Core_Base_Spec_Binary. 16 | Export Core_Base_Spec_Binary. 17 | 18 | Notation "'t_Z'" := Z. 19 | Notation "'Z_NEG'" := Zneg. 20 | Notation "'Z_ZERO'" := Z0. 21 | Notation "'Z_POS'" := Zpos. 22 | 23 | Definition v_Z_ONE : t_Z := 1%Z. 24 | Definition v_Z_TWO : t_Z := 2%Z. 25 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/src/Core_Array.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | From Core Require Import Core_Ops_Index. 16 | Export Core_Ops_Index. 17 | 18 | (* From Core Require Import Core_Ops_IndexMut. *) 19 | (* Export Core_Ops (t_IndexMut). *) 20 | 21 | From Core Require Import Core_Primitive. 22 | Export Core_Primitive. 23 | 24 | From Core Require Import Core_Array_Iter. 25 | Export Core_Array_Iter. 26 | 27 | Notation "'t_TryFromSliceError'" := (t_TryFromSliceError). 28 | 29 | Notation "'TryFromSliceError_0'" := (TryFromSliceError_0). 30 | 31 | (* NotImplementedYet *) 32 | 33 | (* Notation "'impl_2'" := (impl_2). *) 34 | 35 | (* Notation "'impl_1'" := (impl_1). *) 36 | 37 | (* Notation "'impl'" := (impl). *) 38 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/src/Core_Base.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | From Core Require Import Core_Base_Spec. 16 | Export Core_Base_Spec. 17 | 18 | From Core Require Import Core_Base_Binary. 19 | Export Core_Base_Binary. 20 | 21 | 22 | 23 | From Core Require Import Core_Base_Pos. 24 | Export Core_Base_Pos. 25 | 26 | From Core Require Import Core_Base_Z. 27 | Export Core_Base_Z. 28 | 29 | (* From Core Require Import Core_Base_Number_conversion. *) 30 | (* Export Core_Base_Number_conversion. *) 31 | 32 | From Core Require Import Core_Base_Seq. 33 | Export Core_Base_Seq. 34 | 35 | (* NotImplementedYet *) 36 | 37 | (* NotImplementedYet *) 38 | 39 | (* NotImplementedYet *) 40 | 41 | (* NotImplementedYet *) 42 | 43 | (* NotImplementedYet *) 44 | 45 | (* NotImplementedYet *) 46 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/src/Core_Base_interface.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | From Core Require Import Core_Base_interface_Int. 16 | Export Core_Base_interface_Int. 17 | 18 | From Core Require Import Core_Base_interface_Coerce. 19 | Export Core_Base_interface_Coerce. 20 | 21 | (* NotImplementedYet *) 22 | 23 | (* NotImplementedYet *) 24 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/src/Core_Base_interface_Coerce.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | From Core Require Import Core_Marker. 16 | Export Core_Marker. 17 | 18 | Class t_Concretization (v_Self : Type) (v_T : Type) `{t_Sized (v_T)} : Type := 19 | { 20 | Concretization_f_concretize : v_Self -> v_T; 21 | }. 22 | Arguments t_Concretization (_) (_) {_}. 23 | 24 | Class t_Abstraction (v_Self : Type) : Type := 25 | { 26 | Abstraction_f_AbstractType : Type; 27 | _ :: `{t_Sized (Abstraction_f_AbstractType)}; 28 | Abstraction_f_lift : v_Self -> Abstraction_f_AbstractType; 29 | }. 30 | Arguments t_Abstraction (_). 31 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/src/Core_Clone.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | Class t_Clone (v_Self : Type) : Type := 16 | { 17 | Clone_f_clone : v_Self -> v_Self; 18 | }. 19 | Arguments t_Clone (_). 20 | 21 | #[global] Instance t_Clone_any T : t_Clone T := { Clone_f_clone := id }. 22 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/src/Core_Num_Uint_macros.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | (* NotImplementedYet *) 16 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/src/Core_Ops_Index.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | Class t_Index (v_Self : Type) (v_Idx : Type) : Type := 16 | { 17 | Index_f_Output : Type; 18 | Index_f_index : v_Self -> v_Idx -> Index_f_Output; 19 | }. 20 | Arguments t_Index (_) (_). 21 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/src/Core_Ops_Range.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | From Core Require Import Core_Marker. 16 | Export Core_Marker. 17 | 18 | Record t_Range (v_Idx : Type) `{t_Sized (v_Idx)} : Type := 19 | { 20 | Range_f_start : v_Idx; 21 | Range_f_end : v_Idx; 22 | }. 23 | Arguments Build_t_Range (_) {_}. 24 | Arguments Range_f_start {_} {_}. 25 | Arguments Range_f_end {_} {_}. 26 | #[export] Instance settable_t_Range `{v_Idx : Type} `{t_Sized (v_Idx)} : Settable _ := 27 | settable! (Build_t_Range v_Idx) . 28 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/src/Core_Panicking.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | Inductive t_Never : Type := 16 | . 17 | 18 | Definition t_Never_cast_to_repr (x : t_Never) : t_Never := 19 | match x with 20 | end. 21 | 22 | Definition never_to_any `{v_T : Type} (x : t_Never) : v_T := 23 | (match x with 24 | end). 25 | 26 | Definition panic (expr : string) {HFalse : t_Never} : t_Never := 27 | never_to_any HFalse. 28 | 29 | Definition panic_explicit '(_ : unit) `{HFalse : t_Never} : t_Never := 30 | never_to_any HFalse. 31 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/coq/generated-core/src/Core_Result.v: -------------------------------------------------------------------------------- 1 | (* File automatically generated by Hacspec *) 2 | From Coq Require Import ZArith. 3 | Require Import List. 4 | Import List.ListNotations. 5 | Open Scope Z_scope. 6 | Open Scope bool_scope. 7 | Require Import Ascii. 8 | Require Import String. 9 | Require Import Coq.Floats.Floats. 10 | From RecordUpdate Require Import RecordSet. 11 | Import RecordSetNotations. 12 | 13 | (* From Core Require Import Core. *) 14 | 15 | From Core Require Import Core_Option. 16 | Export Core_Option. 17 | 18 | Inductive t_Result (v_T : Type) (v_E : Type) `{t_Sized (v_T)} `{t_Sized (v_E)} : Type := 19 | | Result_Ok : v_T -> _ 20 | | Result_Err : v_E -> _. 21 | Arguments Result_Ok {_} {_} {_} {_}. 22 | Arguments Result_Err {_} {_} {_} {_}. 23 | 24 | Definition impl__ok `{v_T : Type} `{v_E : Type} `{t_Sized (v_T)} `{t_Sized (v_E)} (self : t_Result ((v_T)) ((v_E))) : t_Option ((v_T)) := 25 | match self with 26 | | Result_Ok (x) => 27 | Option_Some (x) 28 | | Result_Err (_) => 29 | Option_None 30 | end. 31 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/ssprove/.gitignore: -------------------------------------------------------------------------------- 1 | *.vo* 2 | *.aux 3 | *.glob 4 | *.cache 5 | .Makefile.d 6 | Makefile 7 | Makefile.conf 8 | src/_temp/ 9 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/ssprove/_CoqProject: -------------------------------------------------------------------------------- 1 | -R src/ Hacspec 2 | -arg -w 3 | -arg all 4 | 5 | src/Hacspec_Lib_Comparable.v 6 | src/LocationUtility.v 7 | src/ChoiceEquality.v 8 | src/Hacspec_Lib_Pre.v 9 | 10 | src/Hacspec_Lib_Integers.v 11 | src/Hacspec_Lib_Loops.v 12 | src/Hacspec_Lib_Seq.v 13 | src/Hacspec_Lib_Natmod.v 14 | src/Hacspec_Lib_Coercions.v 15 | src/Hacspec_Lib_Eq.v 16 | src/Hacspec_Lib_Monad.v 17 | src/Hacspec_Lib_Ltac.v 18 | src/Hacspec_Lib_Controlflow.v 19 | src/Hacspec_Lib_Notation.v 20 | src/Hacspec_Lib_TODO.v 21 | 22 | src/ConCertLib.v 23 | 24 | src/Hacspec_Lib.v 25 | 26 | # src/Hacspec_Aes_Jazz.v 27 | # src/Hacspec_Xor.v 28 | 29 | # src/Hacspec_Aes.v 30 | # src/Hacspec_Bls12_381.v 31 | # src/Hacspec_Poly1305.v 32 | # src/Hacspec_Curve25519.v 33 | # src/Hacspec_Gf128.v 34 | # src/Hacspec_P256.v 35 | # src/Hacspec_Sha256.v 36 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/ssprove/coq-hacspec-ssprove.opam.template: -------------------------------------------------------------------------------- 1 | pin-depends: [ 2 | ["jasmin.dev" "git+https://github.com/proux01/jasmin.git#mathcomp2"] 3 | ["ssprove.dev" "git+https://github.com/ssprove/ssprove.git#jasmin-coq.8.18.0"] 4 | ["coq-concert.dev" "git+https://github.com/AU-COBRA/ConCert.git#master"] 5 | ["coq-rust-extraction.dev" "git+https://github.com/AU-COBRA/coq-rust-extraction.git#0053733e56008c917bf43d12e8bf0616d3b9a856"] 6 | ["coq-elm-extraction.dev" "git+https://github.com/AU-COBRA/coq-elm-extraction.git#903320120e3f36d7857161e5680fabeb6e743c6b"] 7 | ["coq-quickchick.dev" "git+https://github.com/4ever2/QuickChick.git#bc61d58045feeb754264df9494965c280e266e1c"] 8 | ] 9 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/coq/ssprove/src/dune: -------------------------------------------------------------------------------- 1 | (coq.theory 2 | (name Hacspec) ; -R flag 3 | (package coq-hacspec-ssprove) 4 | (flags -w all) 5 | (theories 6 | mathcomp elpi HB deriving ; Mathcomp 7 | extructures 8 | Equations 9 | ConCert stdpp MetaCoq Ltac2 ; ConCert 10 | ; Jasmin 11 | Crypt Mon Relational ; SSProve 12 | ) 13 | ; (libraries ) 14 | ) 15 | ; (include_subdirs qualified) -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/.envrc: -------------------------------------------------------------------------------- 1 | use flake .#examples 2 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Alloc.Alloc.fst: -------------------------------------------------------------------------------- 1 | module Alloc.Alloc 2 | 3 | let t_Global = () 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Alloc.Collections.Binary_heap.fsti: -------------------------------------------------------------------------------- 1 | module Alloc.Collections.Binary_heap 2 | open Rust_primitives 3 | 4 | val t_BinaryHeap: Type -> eqtype 5 | 6 | val impl_9__new: #t:Type -> t_BinaryHeap t 7 | val impl_9__push: #t:Type -> t_BinaryHeap t -> t -> t_BinaryHeap t 8 | val impl_10__len: #t:Type -> t_BinaryHeap t -> usize 9 | val impl_10__iter: #t:Type -> t_BinaryHeap t -> t_Slice t 10 | 11 | open Core.Option 12 | 13 | val impl_10__peek: #t:Type -> t_BinaryHeap t -> t_Option t 14 | val impl_9__pop: #t:Type -> t_BinaryHeap t -> t_BinaryHeap t & t_Option t 15 | 16 | unfold 17 | let nonempty h = v (impl_10__len h) > 0 18 | 19 | val lemma_peek_len: #t:Type -> h: t_BinaryHeap t 20 | -> Lemma (Option_Some? (impl_10__peek h) <==> nonempty h) 21 | 22 | val lemma_pop_len: #t:Type -> h: t_BinaryHeap t 23 | -> Lemma (Option_Some? (snd (impl_9__pop h)) <==> nonempty h) 24 | 25 | val lemma_peek_pop: #t:Type -> h: t_BinaryHeap t 26 | -> Lemma (impl_10__peek h == snd (impl_9__pop h)) 27 | [SMTPat (impl_10__peek h)] 28 | 29 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Alloc.Slice.fst: -------------------------------------------------------------------------------- 1 | module Alloc.Slice 2 | open Rust_primitives.Arrays 3 | open Alloc.Vec 4 | 5 | let impl__to_vec #a (s: t_Slice a): t_Vec a Alloc.Alloc.t_Global = s 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Array.Iter.fsti: -------------------------------------------------------------------------------- 1 | module Core.Array.Iter 2 | open Rust_primitives 3 | 4 | let into_iter = Core.Iter.iterator_array 5 | let t_IntoIter t l = t_Array t l 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Array.fst: -------------------------------------------------------------------------------- 1 | module Core.Array 2 | open Rust_primitives 3 | 4 | type t_TryFromSliceError = | TryFromSliceError 5 | 6 | let impl_23__map #a #b n (arr: t_Array a n) (f: a -> b): t_Array b n 7 | = map_array arr f 8 | 9 | let impl_23__as_slice #a len (arr: t_Array a len): t_Slice a = arr 10 | 11 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Clone.fst: -------------------------------------------------------------------------------- 1 | module Core.Clone 2 | 3 | class t_Clone self = { 4 | f_clone: x:self -> r:self {x == r} 5 | } 6 | 7 | (** Everything is clonable *) 8 | instance clone_all (t: Type): t_Clone t = { 9 | f_clone = (fun x -> x); 10 | } 11 | 12 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Iter.Adapters.Enumerate.fst: -------------------------------------------------------------------------------- 1 | module Core.Iter.Adapters.Enumerate 2 | open Rust_primitives 3 | 4 | type t_Enumerate t = { iter: t; count: usize } 5 | 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Iter.Adapters.Step_by.fst: -------------------------------------------------------------------------------- 1 | module Core.Iter.Adapters.Step_by 2 | open Rust_primitives 3 | 4 | type t_StepBy t = { 5 | f_iter: t; 6 | f_step: n: usize {v n > 0}; 7 | f_first_take: bool; 8 | } 9 | 10 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Iter.Traits.Collect.fst: -------------------------------------------------------------------------------- 1 | module Core.Iter.Traits.Collect 2 | 3 | class into_iterator self = { 4 | f_IntoIter: Type; 5 | // f_Item: Type; 6 | f_into_iter: self -> f_IntoIter; 7 | } 8 | 9 | let t_IntoIterator = into_iterator 10 | 11 | unfold instance impl t {| Core.Iter.Traits.Iterator.iterator t |}: into_iterator t = { 12 | f_IntoIter = t; 13 | f_into_iter = id; 14 | } 15 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Marker.fst: -------------------------------------------------------------------------------- 1 | module Core.Marker 2 | 3 | class t_Sized (h: Type) = { 4 | dummy_field: unit 5 | } 6 | 7 | (** we consider everything to be sized *) 8 | instance t_Sized_all t: t_Sized t = { 9 | dummy_field = () 10 | } 11 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Num.Error.fsti: -------------------------------------------------------------------------------- 1 | module Core.Num.Error 2 | open Rust_primitives 3 | 4 | type t_ParseIntError = unit 5 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Ops.Arith.Neg.fsti: -------------------------------------------------------------------------------- 1 | module Core.Ops.Arith.Neg 2 | open Rust_primitives 3 | 4 | let neg #t #l (x:int_t_l t l) = zero #t #l -! x 5 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Ops.Arith.fsti: -------------------------------------------------------------------------------- 1 | module Core.Ops.Arith 2 | open Rust_primitives 3 | 4 | 5 | class t_Add self rhs = { 6 | add_output: Type; 7 | add_in_bounds: self -> rhs -> Type0; 8 | ( +! ): x:self -> y:rhs {add_in_bounds x y} -> add_output; 9 | } 10 | 11 | class t_Sub self rhs = { 12 | sub_output: Type; 13 | sub_in_bounds: self -> rhs -> Type0; 14 | ( -! ): x:self -> y:rhs {sub_in_bounds x y} -> sub_output; 15 | } 16 | 17 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Ops.Control_flow.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops.Control_flow 2 | 3 | type t_ControlFlow (b c: Type) = 4 | | ControlFlow_Continue of c 5 | | ControlFlow_Break of b 6 | 7 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Ops.Deref.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops.Deref 2 | 3 | let f_deref = id 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Ops.Index.IndexMut.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops.Index.IndexMut 2 | 3 | class t_IndexMut t_Self t_Idx = { 4 | f_Input: Type; 5 | in_range: t_Self -> t_Idx -> Type0; 6 | f_index_mut: s:t_Self -> i:t_Idx{in_range s i} -> v:f_Input -> t_Self; 7 | } 8 | 9 | open Rust_primitives 10 | instance impl__index_mut t l n: t_IndexMut (t_Array t l) (int_t n) 11 | = { f_Input = t; 12 | in_range = (fun (s: t_Array t l) (i: int_t n) -> v i >= 0 && v i < v l); 13 | f_index_mut = (fun s i x -> Seq.upd s (v i) x); 14 | } 15 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Ops.Index.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops.Index 2 | 3 | class t_Index (t_Self:Type0) (t_Idx:Type0) = { 4 | f_Output: Type0; 5 | in_range: t_Self -> t_Idx -> Type0; 6 | f_index: s:t_Self -> i:t_Idx{in_range s i} -> f_Output; 7 | } 8 | 9 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Ops.Try_trait.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops.Try_trait 2 | 3 | class t_FromResidual self r = { 4 | f_from_residual: r -> self; 5 | } 6 | 7 | class t_Try self = { 8 | f_Output: Type; 9 | f_Residual: Type; 10 | [@@@FStar.Tactics.Typeclasses.tcresolve] 11 | parent_FromResidual: t_FromResidual f_Residual f_Residual; 12 | 13 | f_from_output: f_Output -> self; 14 | f_branch: self -> Core.Ops.Control_flow.t_ControlFlow f_Residual f_Output; 15 | } 16 | 17 | 18 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Ops.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops 2 | open Rust_primitives 3 | 4 | // class add_tc self rhs = { 5 | // output: Type; 6 | // in_bounds: self -> rhs -> Type0; 7 | // ( +! ): x:self -> y:rhs {in_bounds x y} -> output; 8 | // } 9 | 10 | class negation_tc self = { 11 | ( ~. ): self -> self; 12 | } 13 | 14 | instance negation_for_integers #t: negation_tc (int_t t) = { 15 | ( ~. ) = fun x -> lognot x 16 | } 17 | 18 | instance negation_for_bool: negation_tc bool = { 19 | ( ~. ) = not 20 | } 21 | 22 | open Core.Ops.Index 23 | 24 | let ( .[] ) (#self:Type0) (#idx:Type0) {| inst: t_Index self idx |} 25 | : s:self -> i:idx{in_range s i} -> inst.f_Output 26 | = f_index 27 | 28 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Option.fst: -------------------------------------------------------------------------------- 1 | module Core.Option 2 | 3 | type t_Option t = | Option_Some of t | Option_None 4 | 5 | let impl__and_then #t #t_Self (self: t_Option t_Self) (f: t_Self -> t_Option t): t_Option t = 6 | match self with 7 | | Option_Some x -> f x 8 | | Option_None -> Option_None 9 | 10 | let impl__unwrap #t (x: t_Option t {Option_Some? x}): t = Option_Some?._0 x 11 | 12 | let impl__is_some #t_Self (self: t_Option t_Self): bool = Option_Some? self 13 | 14 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Panicking.fst: -------------------------------------------------------------------------------- 1 | module Core.Panicking 2 | 3 | open Rust_primitives 4 | open Rust_primitives.Hax 5 | 6 | type t_AssertKind = | AssertKind_Eq 7 | 8 | let panic (message: string {False}): t_Never 9 | = match () with 10 | 11 | let assert_failed (k: t_AssertKind) x y (z: Core.Option.t_Option unit {False}): t_Never 12 | = match () with 13 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Result.fst: -------------------------------------------------------------------------------- 1 | module Core.Result 2 | 3 | type t_Result t e = | Result_Ok: v:t -> t_Result t e 4 | | Result_Err of e 5 | 6 | let impl__unwrap (x: t_Result 't 'e {Result_Ok? x}): 't = Result_Ok?.v x 7 | 8 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Slice.Iter.fst: -------------------------------------------------------------------------------- 1 | module Core.Slice.Iter 2 | 3 | open Rust_primitives 4 | 5 | unfold let t_Chunks a = t_Slice (t_Slice a) 6 | unfold let t_ChunksExact a = t_Slice (t_Slice a) 7 | unfold let t_Iter a = t_Slice a 8 | 9 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Str.Converts.fsti: -------------------------------------------------------------------------------- 1 | module Core.Str.Converts 2 | open Rust_primitives 3 | 4 | val from_utf8 (s: t_Slice u8): Core.Result.t_Result string Core.Str.Error.t_Utf8Error 5 | 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Str.Error.fsti: -------------------------------------------------------------------------------- 1 | module Core.Str.Error 2 | 3 | type t_Utf8Error = unit 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.Str.fsti: -------------------------------------------------------------------------------- 1 | module Core.Str 2 | open Rust_primitives 3 | 4 | val impl__str__len: string -> usize 5 | val impl__str__as_bytes: string -> t_Slice u8 6 | 7 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/core/Core.fst: -------------------------------------------------------------------------------- 1 | module Core 2 | 3 | include Rust_primitives 4 | include Core.Num 5 | include Core.Iter 6 | include Core.Ops 7 | 8 | 9 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/rust_primitives/Rust_primitives.Arrays.fst: -------------------------------------------------------------------------------- 1 | module Rust_primitives.Arrays 2 | 3 | open Rust_primitives.Integers 4 | 5 | let of_list (#t:Type) (l: list t {FStar.List.Tot.length l < maxint Lib.IntTypes.U16}): t_Slice t = Seq.seq_of_list l 6 | let to_list (#t:Type) (s: t_Slice t): list t = Seq.seq_to_list s 7 | 8 | let to_of_list_lemma t l = Seq.lemma_list_seq_bij l 9 | let of_to_list_lemma t l = Seq.lemma_seq_list_bij l 10 | 11 | let map_array #a #b #n (arr: t_Array a n) (f: a -> b): t_Array b n 12 | = FStar.Seq.map_seq_len f arr; 13 | FStar.Seq.map_seq f arr 14 | 15 | let createi #t l f = admit() 16 | 17 | let lemma_index_concat x y i = admit() 18 | 19 | let lemma_index_slice x y i = admit() 20 | 21 | let eq_intro a b = admit() 22 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/rust_primitives/Rust_primitives.Hax.Monomorphized_update_at.fst: -------------------------------------------------------------------------------- 1 | module Rust_primitives.Hax.Monomorphized_update_at 2 | 3 | open Rust_primitives 4 | open Rust_primitives.Hax 5 | open Core.Ops.Range 6 | 7 | let update_at_usize s i x = 8 | update_at s i x 9 | 10 | let update_at_range #n s i x = 11 | let res = update_at s i x in 12 | admit(); // To be proved 13 | res 14 | 15 | let update_at_range_to #n s i x = 16 | let res = update_at s i x in 17 | admit(); 18 | res 19 | 20 | let update_at_range_from #n s i x = 21 | let res = update_at s i x in 22 | admit(); 23 | res 24 | 25 | let update_at_range_full s i x = 26 | let res = update_at s i x in 27 | admit(); 28 | res 29 | 30 | 31 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar-secret-integers/rust_primitives/Rust_primitives.fst: -------------------------------------------------------------------------------- 1 | module Rust_primitives 2 | 3 | include Rust_primitives.Integers 4 | include Rust_primitives.Arrays 5 | include Rust_primitives.BitVectors 6 | 7 | class cast_tc a b = { 8 | cast: a -> b; 9 | } 10 | 11 | /// Rust's casts operations on integers are non-panicking 12 | instance cast_tc_integers (t:inttype) (t':inttype) (l:Lib.IntTypes.secrecy_level) 13 | : cast_tc (int_t_l t l) (int_t_l t' l) 14 | = { cast = (fun x -> Rust_primitives.Integers.cast_mod #t #t' x) } 15 | 16 | class unsize_tc source = { 17 | output: Type; 18 | unsize: source -> output; 19 | } 20 | 21 | instance array_to_slice_unsize t n: unsize_tc (t_Array t n) = { 22 | output = t_Slice t; 23 | unsize = (fun (arr: t_Array t n) -> 24 | arr <: t_Slice t); 25 | } 26 | 27 | 28 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/.envrc: -------------------------------------------------------------------------------- 1 | use flake .#examples 2 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Alloc.Alloc.fst: -------------------------------------------------------------------------------- 1 | module Alloc.Alloc 2 | 3 | let t_Global = () 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Alloc.Borrow.fst: -------------------------------------------------------------------------------- 1 | module Alloc.Borrow 2 | open Core.TypeClassPlaceHolder 3 | 4 | type t_Cow t = t 5 | 6 | // the second argument is a hack for typeclasses resolution 7 | let f_to_owned (#t : Type0) {| t_Placeholder |} (x:t) : t = x 8 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Alloc.Boxed.fst: -------------------------------------------------------------------------------- 1 | module Alloc.Boxed 2 | 3 | type t_Box t t_Global = t 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Alloc.Collections.Btree.Set.fsti: -------------------------------------------------------------------------------- 1 | module Alloc.Collections.Btree.Set 2 | open Rust_primitives 3 | 4 | val t_BTreeSet (t:Type0) (u:unit): eqtype 5 | 6 | val t_Iter (t:Type0): eqtype 7 | 8 | val impl_13__new #t (): t_BTreeSet t () 9 | 10 | val impl_14__len #t #u (x:t_BTreeSet t u) : usize 11 | 12 | val impl_14__insert #t #u (x:t_BTreeSet t u) (y:t) : (t_BTreeSet t u & bool) 13 | 14 | val btree_iter_iter (t: Type0): Core.Iter.Traits.Iterator.t_Iterator (t_Iter t) 15 | 16 | val impl_14__iter #t #u (x:t_BTreeSet t u): t_Iter t 17 | 18 | unfold instance impl t : Core.Iter.Traits.Iterator.t_Iterator (t_Iter t) = { 19 | f_Item = t; 20 | f_next = (btree_iter_iter t).f_next; 21 | f_contains = (btree_iter_iter t).f_contains; 22 | f_fold = (btree_iter_iter t).f_fold; 23 | f_enumerate = (btree_iter_iter t).f_enumerate; 24 | f_step_by = (btree_iter_iter t).f_step_by; 25 | f_all = (btree_iter_iter t).f_all; 26 | } 27 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Alloc.Collections.Vec_deque.fsti: -------------------------------------------------------------------------------- 1 | module Alloc.Collections.Vec_deque 2 | open Rust_primitives 3 | 4 | type t_VecDeque: Type0 -> unit -> Type0 5 | 6 | val impl_5__push_back #t #a (v: t_VecDeque t a) (x: t): t_VecDeque t a 7 | 8 | val impl_5__len #t #a (v: t_VecDeque t a): usize 9 | 10 | val impl_5__pop_front #t #a (v: t_VecDeque t a): t_VecDeque t a & Core.Option.t_Option t 11 | 12 | 13 | [@FStar.Tactics.Typeclasses.tcinstance] 14 | val from_vec_deque_array t a n: Core.Convert.t_From (Alloc.Collections.Vec_deque.t_VecDeque t a) 15 | (Rust_primitives.Arrays.t_Array t 16 | (Rust_primitives.Integers.mk_usize n)) 17 | 18 | [@FStar.Tactics.Typeclasses.tcinstance] 19 | val index_vec_deque t a: Core.Ops.Index.t_Index (Alloc.Collections.Vec_deque.t_VecDeque t a) 20 | Rust_primitives.Integers.usize 21 | 22 | [@FStar.Tactics.Typeclasses.tcinstance] 23 | val update_at t a: Rust_primitives.Hax.update_at_tc (Alloc.Collections.Vec_deque.t_VecDeque t a) 24 | Rust_primitives.Integers.usize 25 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Alloc.Fmt.fsti: -------------------------------------------------------------------------------- 1 | module Alloc.Fmt 2 | open Rust_primitives 3 | 4 | include Core.Fmt 5 | 6 | val impl_2__new_v1 (sz1:usize) (sz2: usize) (pieces: t_Slice string) (args: Core.Fmt.Rt.t_Argument): t_Arguments 7 | val impl_7__write_fmt (fmt: t_Formatter) (args: t_Arguments): t_Result 8 | 9 | val format (args: t_Arguments): string 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Alloc.Slice.fsti: -------------------------------------------------------------------------------- 1 | module Alloc.Slice 2 | open Rust_primitives.Arrays 3 | open Alloc.Vec 4 | 5 | let impl__to_vec #a (s: t_Slice a): t_Vec a Alloc.Alloc.t_Global = s 6 | 7 | let impl__into_vec #t #a (s: Alloc.Boxed.t_Box (t_Slice t) a): t_Vec t a = s 8 | 9 | val impl__concat #t1 #t2 (s: t_Slice t1): t_Slice t2 10 | 11 | val impl__sort_by #t (s: t_Slice t) (f: t -> t -> Core.Cmp.t_Ordering): t_Slice t 12 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Alloc.String.fst: -------------------------------------------------------------------------------- 1 | module Alloc.String 2 | 3 | type t_String = string 4 | 5 | let impl__String__new (): t_String = "" 6 | 7 | let impl__String__push_str (self: t_String) (s: t_String): t_String = 8 | self ^ s 9 | 10 | let impl__String__push (self: t_String) (ch: FStar.Char.char) = 11 | self ^ (FStar.String.string_of_char ch) 12 | 13 | let impl__String__pop (self: t_String): (Alloc.String.t_String & Core.Option.t_Option FStar.Char.char) = 14 | let l = FStar.String.length self in 15 | if l > 0 then 16 | (FStar.String.sub self 0 (l - 1), Core.Option.Option_Some (FStar.String.index self (l - 1))) 17 | else (self, Core.Option.Option_None) 18 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Alloc.Vec.Drain.fsti: -------------------------------------------------------------------------------- 1 | module Alloc.Vec.Drain 2 | 3 | val t_Drain: Type0 -> unit -> Type0 4 | 5 | [@FStar.Tactics.Typeclasses.tcinstance] 6 | val iterator_drain t a: Core.Iter.Traits.Iterator.t_Iterator (t_Drain t a) 7 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Alloc.Vec.Into_iter.fsti: -------------------------------------------------------------------------------- 1 | module Alloc.Vec.Into_iter 2 | 3 | val t_IntoIter (t: Type0) (_: unit): Type0 4 | 5 | [@@ FStar.Tactics.Typeclasses.tcinstance] 6 | val into_iter_into_iterator (t: Type0): 7 | Core.Iter.Traits.Collect.t_IntoIterator (t_IntoIter t Alloc.Alloc.t_Global) 8 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Array.Iter.fsti: -------------------------------------------------------------------------------- 1 | module Core.Array.Iter 2 | open Rust_primitives 3 | 4 | let into_iter = Core.Iter.iterator_array 5 | let t_IntoIter t l = t_Array t l 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Array.fsti: -------------------------------------------------------------------------------- 1 | module Core.Array 2 | open Rust_primitives 3 | 4 | type t_TryFromSliceError = | TryFromSliceError 5 | 6 | let impl_23__map #a n #b (arr: t_Array a n) (f: a -> b): t_Array b n 7 | = map_array arr f 8 | 9 | let impl_23__as_slice #a len (arr: t_Array a len): t_Slice a = arr 10 | 11 | val from_fn #a len (f: (x:usize{x <. len}) -> a): Pure (t_Array a len) (requires True) (ensures (fun a -> forall i. Seq.index a i == f (sz i))) 12 | 13 | 14 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Borrow.fsti: -------------------------------------------------------------------------------- 1 | module Core.Borrow 2 | 3 | class t_Borrow (v_Self: Type0) (v_Borrowed: Type0) = { 4 | f__hax_placeholder:unit 5 | } 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Clone.fst: -------------------------------------------------------------------------------- 1 | module Core.Clone 2 | 3 | class t_Clone self = { 4 | f_clone: x:self -> r:self {x == r} 5 | } 6 | 7 | (** Everything is clonable *) 8 | instance clone_all (t: Type): t_Clone t = { 9 | f_clone = (fun x -> x); 10 | } 11 | 12 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Core_arch.Arm_shared.Neon.fsti: -------------------------------------------------------------------------------- 1 | module Core.Core_arch.Arm_shared.Neon 2 | 3 | val t_int8x8_t:Type0 4 | val t_int8x16_t:Type0 5 | val t_int16x4_t:Type0 6 | val t_int16x8_t:Type0 7 | val t_int32x2_t:Type0 8 | val t_int32x4_t:Type0 9 | val t_int64x1_t:Type0 10 | val t_int64x2_t:Type0 11 | 12 | val t_uint8x8_t:Type0 13 | val t_uint8x16_t:Type0 14 | val t_uint16x4_t:Type0 15 | val t_uint16x8_t:Type0 16 | val t_uint32x2_t:Type0 17 | val t_uint32x4_t:Type0 18 | val t_uint64x1_t:Type0 19 | val t_uint64x2_t:Type0 20 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Core_arch.X86.Pclmulqdq.fsti: -------------------------------------------------------------------------------- 1 | module Core.Core_arch.X86.Pclmulqdq 2 | 3 | val e_mm_clmulepi64_si128 : Rust_primitives.Integers.i32 -> Core.Core_arch.X86.t_e_ee_m128i -> Core.Core_arch.X86.t_e_ee_m128i -> Core.Core_arch.X86.t_e_ee_m128i 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Core_arch.X86.Sse2.fsti: -------------------------------------------------------------------------------- 1 | module Core.Core_arch.X86.Sse2 2 | 3 | val e_mm_set_epi64x: Rust_primitives.Integers.i64 -> Rust_primitives.Integers.i64 -> Core.Core_arch.X86.t_e_ee_m128i 4 | val e_mm_cvtsi128_si32: Core.Core_arch.X86.t_e_ee_m128i -> Rust_primitives.Integers.i32 5 | val e_mm_srli_si128: Rust_primitives.Integers.i32 -> Core.Core_arch.X86.t_e_ee_m128i -> Core.Core_arch.X86.t_e_ee_m128i 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Core_arch.X86.fsti: -------------------------------------------------------------------------------- 1 | module Core.Core_arch.X86 2 | 3 | val t_e_ee_m128i:Type0 4 | 5 | val t_e_ee_m256i:Type0 6 | 7 | val t_e_ee_m256:Type0 8 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Core_arch.X86_64_.Sse2.fsti: -------------------------------------------------------------------------------- 1 | module Core.Core_arch.X86_64_.Sse2 2 | 3 | val e_mm_cvtsi128_si64: Core.Core_arch.X86.t_e_ee_m128i -> Rust_primitives.Integers.i64 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Core_arch.fsti: -------------------------------------------------------------------------------- 1 | module Core.Core_arch 2 | 3 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Default.fsti: -------------------------------------------------------------------------------- 1 | module Core.Default 2 | 3 | class t_Default (t: Type0) = { 4 | f_default_pre: unit -> Type0; 5 | f_default_post: unit -> out:t -> Type0; 6 | f_default: unit -> t; 7 | } 8 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Error.fsti: -------------------------------------------------------------------------------- 1 | module Core.Error 2 | 3 | open FStar.Mul 4 | 5 | class t_Error (v_Self: Type0) = { 6 | [@@@ FStar.Tactics.Typeclasses.no_method]_super_11603873402755071380:Core.Fmt.t_Debug v_Self; 7 | [@@@ FStar.Tactics.Typeclasses.no_method]_super_7348497752681407507:Core.Fmt.t_Display v_Self; 8 | 9 | f__hax_placeholder:unit 10 | } 11 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Fmt.Rt.fsti: -------------------------------------------------------------------------------- 1 | module Core.Fmt.Rt 2 | open Rust_primitives 3 | 4 | val t_Argument: Type0 5 | val impl_1__new_display (#t:Type0) (x: t): t_Argument 6 | val impl_1__new_debug (#t:Type0) (x: t): t_Argument 7 | val impl_4__new_v1_formatted (#t:Type0) (x: t) : t_Argument 8 | val impl_1__new_binary (#t:Type0) (x: t) : t_Argument 9 | val impl_1__new_lower_hex (#t:Type0) (x: t) : t_Argument 10 | 11 | val impl_1__none : unit -> t_Array Core.Fmt.Rt.t_Argument (MkInt 0) 12 | 13 | type t_Count = 14 | | Count_Is : int_t U16 -> t_Count 15 | | Count_Param : int_t U16 -> t_Count 16 | | Count_Implied : t_Count 17 | 18 | type t_Placeholder: Type0 19 | val impl_Placeholder__new : usize -> (int_t U32) -> t_Count -> t_Count -> t_Placeholder 20 | 21 | type t_UnsafeArg 22 | val impl_UnsafeArg__new : unit -> t_UnsafeArg 23 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Hash.fsti: -------------------------------------------------------------------------------- 1 | module Core.Hash 2 | 3 | class t_Hash (h: Type) = { 4 | dummy_hash_field: unit 5 | } 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Hint.fsti: -------------------------------------------------------------------------------- 1 | module Core.Hint 2 | 3 | let black_box (#a:Type0) (x:a) = x 4 | let must_use (#a:Type0) (x:a) = x 5 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Iter.Adapters.Enumerate.fst: -------------------------------------------------------------------------------- 1 | module Core.Iter.Adapters.Enumerate 2 | open Rust_primitives 3 | 4 | type t_Enumerate t = { iter: t; count: usize } 5 | 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Iter.Adapters.Flatten.fsti: -------------------------------------------------------------------------------- 1 | module Core.Iter.Adapters.Flatten 2 | 3 | val t_FlatMap: Type0 -> Type0 -> Type0 -> Type0 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Iter.Adapters.Map.fsti: -------------------------------------------------------------------------------- 1 | module Core.Iter.Adapters.Map 2 | 3 | type t_Map (k:Type0) (v:Type0) 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Iter.Adapters.Rev.fsti: -------------------------------------------------------------------------------- 1 | module Core.Iter.Adapters.Rev 2 | 3 | type t_Rev (t:Type0) 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Iter.Adapters.Step_by.fst: -------------------------------------------------------------------------------- 1 | module Core.Iter.Adapters.Step_by 2 | open Rust_primitives 3 | 4 | type t_StepBy t = { 5 | f_iter: t; 6 | f_step: n: usize {v n > 0}; 7 | f_first_take: bool; 8 | } 9 | 10 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Iter.Adapters.Take.fsti: -------------------------------------------------------------------------------- 1 | module Core.Iter.Adapters.Take 2 | 3 | val t_Take: Type0 -> Type0 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Iter.Adapters.Zip.fsti: -------------------------------------------------------------------------------- 1 | module Core.Iter.Adapters.Zip 2 | 3 | type t_Zip (t1:Type0) (t2:Type0) 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Iter.Sources.Repeat_with.fsti: -------------------------------------------------------------------------------- 1 | module Core.Iter.Sources.Repeat_with 2 | 3 | val t_RepeatWith: Type0 -> Type0 4 | 5 | val repeat_with #t (y: Prims.unit -> t): t_RepeatWith (Prims.unit -> t) 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Iter.Traits.Collect.fst: -------------------------------------------------------------------------------- 1 | module Core.Iter.Traits.Collect 2 | 3 | open Rust_primitives 4 | 5 | class t_IntoIterator self = { 6 | f_IntoIter: Type0; 7 | // f_Item: Type0; 8 | f_into_iter: self -> f_IntoIter; 9 | } 10 | 11 | unfold instance impl t {| Core.Iter.Traits.Iterator.t_Iterator t |}: t_IntoIterator t = { 12 | f_IntoIter = t; 13 | f_into_iter = id; 14 | } 15 | 16 | class t_Extend 17 | (v_Self: Type0) (v_A: Type0) 18 | = { 19 | f_extend_post: 20 | #v_T: Type0 -> 21 | {| i1: 22 | Core.Iter.Traits.Collect.t_IntoIterator 23 | v_T |} -> 24 | v_Self -> 25 | v_T -> 26 | v_Self 27 | -> Type0; 28 | f_extend: 29 | #v_T: Type0 -> 30 | {| i1: 31 | Core.Iter.Traits.Collect.t_IntoIterator 32 | v_T |} -> 33 | x0: v_Self -> 34 | x1: v_T 35 | -> v_Self 36 | } 37 | 38 | [@@ FStar.Tactics.Typeclasses.tcinstance] 39 | assume val extend_slice (t: eqtype): t_Extend (t_Slice t) t 40 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Mem.fsti: -------------------------------------------------------------------------------- 1 | module Core.Mem 2 | open Rust_primitives 3 | 4 | // FIXME(unsafe!): remove default type (see #545) 5 | val size_of (#[FStar.Tactics.exact (`eqtype_as_type unit)]t:Type): unit -> usize 6 | val size_of_val (#t:Type) : t -> usize 7 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Num.Error.fsti: -------------------------------------------------------------------------------- 1 | module Core.Num.Error 2 | open Rust_primitives 3 | 4 | type t_ParseIntError = unit 5 | type t_TryFromIntError = unit 6 | 7 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Ops.Control_flow.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops.Control_flow 2 | 3 | type t_ControlFlow (b c: Type) = 4 | | ControlFlow_Continue of c 5 | | ControlFlow_Break of b 6 | 7 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Ops.Deref.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops.Deref 2 | 3 | class t_Deref (t_Self: Type0) = { 4 | f_Target: Type0; 5 | f_deref: t_Self -> f_Target; 6 | } 7 | 8 | unfold 9 | instance identity_Deref t_Self: t_Deref t_Self = { 10 | f_Target = t_Self; 11 | f_deref = (fun x -> x); 12 | } 13 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Ops.Index.IndexMut.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops.Index.IndexMut 2 | 3 | class t_IndexMut t_Self t_Idx = { 4 | f_Input: Type0; 5 | in_range: t_Self -> t_Idx -> Type0; 6 | f_index_mut: s:t_Self -> i:t_Idx{in_range s i} -> v:f_Input -> t_Self; 7 | } 8 | 9 | open Rust_primitives 10 | instance impl__index_mut t l n: t_IndexMut (t_Array t l) (int_t n) 11 | = { f_Input = t; 12 | in_range = (fun (s: t_Array t l) (i: int_t n) -> v i >= 0 && v i < v l); 13 | f_index_mut = (fun s i x -> Seq.upd s (v i) x); 14 | } 15 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Ops.Index.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops.Index 2 | 3 | class t_Index t_Self t_Idx = { 4 | f_Output: Type0; 5 | f_index_pre: s:t_Self -> i:t_Idx -> Type0; 6 | f_index_post: s:t_Self -> i:t_Idx -> f_Output -> Type0; 7 | f_index: s:t_Self -> i:t_Idx -> Pure f_Output (f_index_pre s i) (fun r -> f_index_post s i r); 8 | } 9 | 10 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Ops.Try_trait.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops.Try_trait 2 | 3 | class t_FromResidual self r = { 4 | f_from_residual: r -> self; 5 | } 6 | 7 | class t_Try self = { 8 | f_Output: Type0; 9 | f_Residual: Type0; 10 | [@@@FStar.Tactics.Typeclasses.tcresolve] 11 | parent_FromResidual: t_FromResidual f_Residual f_Residual; 12 | 13 | f_from_output: f_Output -> self; 14 | f_branch: self -> Core.Ops.Control_flow.t_ControlFlow f_Residual f_Output; 15 | } 16 | 17 | 18 | [@FStar.Tactics.Typeclasses.tcinstance] 19 | assume val t_Try_all t: t_Try t 20 | 21 | [@FStar.Tactics.Typeclasses.tcinstance] 22 | assume val t_FromResidual_all t r: t_FromResidual t r 23 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Ops.fst: -------------------------------------------------------------------------------- 1 | module Core.Ops 2 | open Rust_primitives 3 | 4 | // class add_tc self rhs = { 5 | // output: Type; 6 | // in_bounds: self -> rhs -> Type0; 7 | // ( +! ): x:self -> y:rhs {in_bounds x y} -> output; 8 | // } 9 | 10 | class negation_tc self = { 11 | ( ~. ): self -> self; 12 | } 13 | 14 | instance negation_for_integers #t: negation_tc (int_t t) = { 15 | ( ~. ) = fun x -> lognot x 16 | } 17 | 18 | instance negation_for_bool: negation_tc bool = { 19 | ( ~. ) = not 20 | } 21 | 22 | open Core.Ops.Index 23 | 24 | let ( .[] ) #self #idx {| inst: t_Index self idx |} 25 | (s:self) (i:idx{f_index_pre s i}): inst.f_Output 26 | = f_index s i 27 | 28 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Panicking.fst: -------------------------------------------------------------------------------- 1 | module Core.Panicking 2 | 3 | open Rust_primitives 4 | open Rust_primitives.Hax 5 | 6 | type t_AssertKind = | AssertKind_Eq 7 | 8 | let explicit_panic (_: unit {False}): t_Never 9 | = match () with 10 | 11 | let panic (message: string {False}): t_Never 12 | = match () with 13 | 14 | let panic_fmt (fmt: Core.Fmt.t_Arguments {False}): t_Never 15 | = match () with 16 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Result.fst: -------------------------------------------------------------------------------- 1 | module Core.Result 2 | 3 | include Core.Result_Option_bundle {t_Result, impl__ok} 4 | 5 | let impl__unwrap #t #e (x: t_Result t e {Result_Ok? x}): t = Result_Ok?.v x 6 | let impl__map_err #e1 #e2 (x: t_Result 't e1) (f: e1 -> e2): t_Result 't e2 7 | = match x with 8 | | Result_Ok v -> Result_Ok v 9 | | Result_Err e -> Result_Err (f e) 10 | 11 | let impl__is_ok #t #e (self: t_Result t e): bool 12 | = Result_Ok? self 13 | 14 | let impl__expect #t #e (x: t_Result t e {Result_Ok? x}) (y: string): t = Result_Ok?.v x 15 | 16 | let impl__map #t #e #u (self: t_Result t e) (f: t -> u): t_Result u e = 17 | match self with 18 | | Result_Ok v -> Result_Ok (f v) 19 | | Result_Err e -> Result_Err e 20 | 21 | let impl__and_then #t #e #u (self: t_Result t e) (op: t -> t_Result u e): t_Result u e = 22 | match self with 23 | | Result_Ok v -> op v 24 | | Result_Err e -> Result_Err e 25 | 26 | 27 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Result_Option_bundle.fst: -------------------------------------------------------------------------------- 1 | module Core.Result_Option_bundle 2 | 3 | type t_Result t e = | Result_Ok: v:t -> t_Result t e 4 | | Result_Err of e 5 | 6 | type t_Option t = | Option_Some of t | Option_None 7 | 8 | let impl__ok #t #e (self: t_Result t e): t_Option t = 9 | match self with 10 | | Result_Ok v -> Option_Some v 11 | | Result_Err _ -> Option_None 12 | 13 | let impl__ok_or_else #t_Self #e (self: t_Option t_Self) (err: unit -> e): t_Result t_Self e = 14 | match self with 15 | | Option_Some inner -> Result_Ok inner 16 | | Option_None -> Result_Err (err ()) 17 | 18 | let impl__ok_or #t_Self #e (self: t_Option t_Self) (err: e): t_Result t_Self e = 19 | match self with 20 | | Option_Some inner -> Result_Ok inner 21 | | Option_None -> Result_Err err 22 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Slice.Iter.fst: -------------------------------------------------------------------------------- 1 | module Core.Slice.Iter 2 | 3 | open Rust_primitives 4 | 5 | unfold let t_Chunks a = t_Slice (t_Slice a) 6 | unfold let t_ChunksExact a = t_Slice (t_Slice a) 7 | unfold let t_Iter a = t_Slice a 8 | 9 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Str.Converts.fsti: -------------------------------------------------------------------------------- 1 | module Core.Str.Converts 2 | open Rust_primitives 3 | 4 | val from_utf8 (s: t_Slice u8): Core.Result.t_Result string Core.Str.Error.t_Utf8Error 5 | 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Str.Error.fsti: -------------------------------------------------------------------------------- 1 | module Core.Str.Error 2 | 3 | type t_Utf8Error = unit 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.Str.fsti: -------------------------------------------------------------------------------- 1 | module Core.Str 2 | open Rust_primitives 3 | 4 | val impl__str__len: string -> usize 5 | val impl__str__as_bytes: string -> t_Slice u8 6 | 7 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.TypeClassPlaceHolder.fst: -------------------------------------------------------------------------------- 1 | module Core.TypeClassPlaceHolder 2 | (* This module defines a dummy type-class that acts as a placeholder for 3 | resolution, when an argument is useless. See Core.Alloc.Borrow for example. *) 4 | 5 | class t_Placeholder = { 6 | content : unit 7 | } 8 | 9 | instance placeholder : t_Placeholder = { 10 | content = () 11 | } 12 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Core.fst: -------------------------------------------------------------------------------- 1 | module Core 2 | 3 | include Rust_primitives 4 | include Core.Num 5 | include Core.Iter 6 | include Core.Ops 7 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Rand.Distr.Distribution.fsti: -------------------------------------------------------------------------------- 1 | module Rand.Distr.Distribution 2 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Rand.Distr.Integer.fsti: -------------------------------------------------------------------------------- 1 | module Rand.Distr.Integer 2 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Rand.Distributions.Distribution.fsti: -------------------------------------------------------------------------------- 1 | module Rand.Distributions.Distribution 2 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Rand.Distributions.Integer.fsti: -------------------------------------------------------------------------------- 1 | module Rand.Distributions.Integer 2 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Rand.Rng.fsti: -------------------------------------------------------------------------------- 1 | module Rand.Rng 2 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Rand_core.Os.fsti: -------------------------------------------------------------------------------- 1 | module Rand_core.Os 2 | 3 | type t_OsRng 4 | 5 | [@FStar.Tactics.Typeclasses.tcinstance] 6 | val impl_rng_core: Rand_core.t_RngCore t_OsRng 7 | 8 | [@FStar.Tactics.Typeclasses.tcinstance] 9 | val impl_crypto_rng_core: Rand_core.t_CryptoRngCore t_OsRng 10 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Rand_core.fsti: -------------------------------------------------------------------------------- 1 | module Rand_core 2 | open Rust_primitives 3 | 4 | class t_RngCore (t_Self: Type0) = { 5 | f_next_u32: t_Self -> t_Self & u32; 6 | f_next_u64: t_Self -> t_Self & u64; 7 | f_fill_bytes: t_Self -> x:t_Slice u8 -> t_Self & (y:t_Slice u8{Seq.length x == Seq.length y}) 8 | } 9 | 10 | class t_CryptoRng (t_Self: Type0) = { 11 | [@@@FStar.Tactics.Typeclasses.tcinstance] 12 | _super_core: t_RngCore t_Self; 13 | marker_trait: unit 14 | } 15 | 16 | class t_CryptoRngCore (t_Self: Type0) = { 17 | [@@@FStar.Tactics.Typeclasses.tcinstance] 18 | _super_crypto: t_CryptoRng t_Self; 19 | f_rngcore: t_Self -> t_Self 20 | } 21 | 22 | 23 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Std.Collections.Hash.Map.fsti: -------------------------------------------------------------------------------- 1 | module Std.Collections.Hash.Map 2 | 3 | val t_HashMap (k v s:Type0): eqtype 4 | 5 | val impl__new #k #v: unit -> t_HashMap k v Std.Hash.Random.t_RandomState 6 | 7 | val impl_2__get #k #v #s (#y:Type0): t_HashMap k v s -> k -> Core.Option.t_Option v 8 | 9 | val impl_2__insert #k #v #s: t_HashMap k v s -> k -> v -> (t_HashMap k v s & Core.Option.t_Option v) 10 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Std.Hash.Random.fsti: -------------------------------------------------------------------------------- 1 | module Std.Hash.Random 2 | 3 | type t_RandomState 4 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Std.Io.Error.fsti: -------------------------------------------------------------------------------- 1 | module Std.Io.Error 2 | 3 | open Core 4 | open FStar.Mul 5 | 6 | type t_Error = { f__hax_placeholder:Prims.unit } 7 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/core/Std.Io.Stdio.fsti: -------------------------------------------------------------------------------- 1 | module Std.Io.Stdio 2 | 3 | val v__eprint: Core.Fmt.t_Arguments -> unit 4 | 5 | val e_print: Core.Fmt.t_Arguments -> unit 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Char.fsti: -------------------------------------------------------------------------------- 1 | module Rust_primitives.Char 2 | 3 | #set-options "--max_fuel 0 --max_ifuel 1 --z3rlimit 20" 4 | 5 | type char : eqtype = FStar.Char.char 6 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Float.fsti: -------------------------------------------------------------------------------- 1 | module Rust_primitives.Float 2 | 3 | #set-options "--max_fuel 0 --max_ifuel 1 --z3rlimit 20" 4 | 5 | type float : eqtype 6 | 7 | val mk_float : string -> float 8 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Hax.Control_flow_monad.Mexception.fst: -------------------------------------------------------------------------------- 1 | module Rust_primitives.Hax.Control_flow_monad.Mexception 2 | open Core.Ops.Control_flow 3 | 4 | let run #a: t_ControlFlow a a -> a 5 | = function | ControlFlow_Continue v | ControlFlow_Break v -> v 6 | 7 | 8 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Hax.Control_flow_monad.Moption.fst: -------------------------------------------------------------------------------- 1 | module Rust_primitives.Hax.Control_flow_monad.Moption 2 | 3 | let run #a (f: Core.Option.t_Option (Core.Option.t_Option a)): Core.Option.t_Option a 4 | = match f with 5 | | Core.Option.Option_Some x -> x 6 | | Core.Option.Option_None -> Core.Option.Option_None 7 | 8 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Hax.Control_flow_monad.Mresult.fst: -------------------------------------------------------------------------------- 1 | module Rust_primitives.Hax.Control_flow_monad.Mresult 2 | 3 | let run #a #e (f: Core.Result.t_Result (Core.Result.t_Result a e) e): Core.Result.t_Result a e 4 | = match f with 5 | | Core.Result.Result_Ok x -> x 6 | | Core.Result.Result_Err e -> Core.Result.Result_Err e 7 | 8 | -------------------------------------------------------------------------------- /hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Hax.Int.fst: -------------------------------------------------------------------------------- 1 | module Rust_primitives.Hax.Int 2 | 3 | open Core 4 | open Rust_primitives 5 | 6 | unfold let from_machine (#t:inttype) (x:int_t t) : range_t t = v #t x 7 | unfold let into_machine (#t:inttype) (n:range_t t) : int_t t = mk_int #t n 8 | -------------------------------------------------------------------------------- /hax-lib/proofs/fstar/extraction/Hax_lib.Prop.fst: -------------------------------------------------------------------------------- 1 | module Hax_lib.Prop 2 | 3 | unfold type t_Prop = Type0 4 | -------------------------------------------------------------------------------- /hax-lib/proofs/fstar/extraction/Hax_lib.fst: -------------------------------------------------------------------------------- 1 | module Hax_lib 2 | #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" 3 | open FStar.Tactics 4 | 5 | val v_assert (p: bool) : Pure unit (requires p) (ensures (fun x -> p)) 6 | let v_assert (v__formula: bool) = () 7 | 8 | val assert_prop (p: Type0) : Pure unit (requires p) (ensures (fun x -> p)) 9 | let assert_prop (v__formula: Type0) = () 10 | 11 | val v_assume (p: Type0) : Pure unit (requires True) (ensures (fun x -> p)) 12 | let v_assume (v__formula: Type0) = assume v__formula 13 | -------------------------------------------------------------------------------- /hax-lib/src/abstraction.rs: -------------------------------------------------------------------------------- 1 | /// Marks a type as abstractable: its values can be mapped to an 2 | /// idealized version of the type. For instance, machine integers, 3 | /// which have bounds, can be mapped to mathematical integers. 4 | /// 5 | /// Each type can have only one abstraction. 6 | pub trait Abstraction { 7 | /// What is the ideal type values should be mapped to? 8 | type AbstractType; 9 | /// Maps a concrete value to its abstract counterpart 10 | fn lift(self) -> Self::AbstractType; 11 | } 12 | 13 | /// Marks a type as abstract: its values can be lowered to concrete 14 | /// values. This might panic. 15 | pub trait Concretization { 16 | /// Maps an abstract value and lowers it to its concrete counterpart. 17 | fn concretize(self) -> T; 18 | } 19 | -------------------------------------------------------------------------------- /hax-lib/src/lib.rs: -------------------------------------------------------------------------------- 1 | //! Hax-specific helpers for Rust programs. Those helpers are usually 2 | //! no-ops when compiled normally but meaningful when compiled under 3 | //! hax. 4 | //! 5 | //! # Example: 6 | //! 7 | //! ```rust 8 | //! use hax_lib::*; 9 | //! fn sum(x: Vec, y: Vec) -> Vec { 10 | //! hax_lib::assume!(x.len() == y.len()); 11 | //! hax_lib::assert!(x.len() >= 0); 12 | //! hax_lib::assert_prop!(forall(|i: usize| implies(i < x.len(), x[i] < 4242))); 13 | //! hax_lib::debug_assert!(exists(|i: usize| implies(i < x.len(), x[i] > 123))); 14 | //! x.into_iter().zip(y.into_iter()).map(|(x, y)| x + y).collect() 15 | //! } 16 | //! ``` 17 | 18 | #![no_std] 19 | 20 | #[cfg(feature = "macros")] 21 | mod proc_macros; 22 | 23 | // hax engine relies on `hax-lib` names: to avoid cluttering names with 24 | // an additional `implementation` in all paths, we `include!` instead 25 | // of doing conditional `mod` and `pub use`. 26 | 27 | #[cfg(not(hax))] 28 | core::include!("dummy.rs"); 29 | #[cfg(hax)] 30 | core::include!("implementation.rs"); 31 | -------------------------------------------------------------------------------- /hax-lib/src/proc_macros.rs: -------------------------------------------------------------------------------- 1 | //! This module re-exports macros from `hax-lib-macros` since a 2 | //! proc-macro crate cannot export anything but procedural macros. 3 | 4 | pub use hax_lib_macros::{ 5 | attributes, decreases, ensures, exclude, impl_fn_decoration, include, lemma, loop_decreases, 6 | loop_invariant, opaque, opaque_type, refinement_type, requires, trait_fn_decoration, 7 | transparent, 8 | }; 9 | 10 | pub use hax_lib_macros::{ 11 | process_init, process_read, process_write, protocol_messages, pv_constructor, pv_handwritten, 12 | }; 13 | 14 | include!(concat!(env!("OUT_DIR"), "/proc_macros_generated.rs")); 15 | -------------------------------------------------------------------------------- /hax-types/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-types" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme.workspace = true 10 | description = "Helper crate defining the types used to communicate between the custom rustc driver, the CLI and the engine of hax." 11 | 12 | [dependencies] 13 | clap = { workspace = true, features = ["env"] } 14 | hax-frontend-exporter.workspace = true 15 | hax-frontend-exporter-options.workspace = true 16 | itertools.workspace = true 17 | path-clean = "1.0.1" 18 | schemars.workspace = true 19 | serde.workspace = true 20 | colored.workspace = true 21 | serde_json.workspace = true 22 | annotate-snippets.workspace = true 23 | hax-adt-into.workspace = true 24 | tracing.workspace = true 25 | serde-brief ={ version = "0.1", features = ["std", "alloc"]} 26 | zstd = "0.13.1" 27 | miette = "7.2.0" 28 | 29 | [features] 30 | rustc = ["hax-frontend-exporter/rustc"] 31 | -------------------------------------------------------------------------------- /hax-types/README.md: -------------------------------------------------------------------------------- 1 | # `hax-types` 2 | This crate contains the type definitions that are used to communicate between: 3 | - the command line (the `cargo-hax` binary); 4 | - the custom rustc driver; 5 | - the hax engine (the `hax-engine` binary). 6 | 7 | Those three component send and receive messages in JSON or CBOR on 8 | stdin and stdout. 9 | -------------------------------------------------------------------------------- /hax-types/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![cfg_attr(feature = "rustc", feature(rustc_private))] 2 | //! This crate contains the type definitions that are used to communicate between: 3 | //! - the command line (the `cargo-hax` binary); 4 | //! - the custom rustc driver; 5 | //! - the hax engine (the `hax-engine` binary). 6 | //! 7 | //! Those three component send and receive messages in JSON or CBOR on 8 | //! stdin and stdout. 9 | 10 | pub(crate) mod prelude; 11 | 12 | /// The CLI options for `cargo-hax`. The types defines in this module 13 | /// are also used by the driver and the engine. 14 | pub mod cli_options; 15 | 16 | /// Type to represent errors, mainly in `hax-engine`. The engine 17 | /// doesn't do any reporting itself: it only sends JSON to its stdout, 18 | /// and `cargo-hax` takes care of reporting everything in a rustc 19 | /// style. 20 | pub mod diagnostics; 21 | 22 | /// The types used to communicate between `cargo-hax` and the custom 23 | /// driver. 24 | pub mod driver_api; 25 | 26 | /// The types used to communicate between `cargo-hax` and 27 | /// `hax-engine`. 28 | pub mod engine_api; 29 | 30 | /// Compile-time version of hax 31 | pub const HAX_VERSION: &str = env!("HAX_VERSION"); 32 | -------------------------------------------------------------------------------- /hax-types/src/prelude.rs: -------------------------------------------------------------------------------- 1 | pub(crate) use hax_adt_into::derive_group; 2 | pub use schemars::JsonSchema; 3 | pub use std::path::{Path, PathBuf}; 4 | -------------------------------------------------------------------------------- /proof-libs: -------------------------------------------------------------------------------- 1 | hax-lib/proof-libs/ -------------------------------------------------------------------------------- /rust-toolchain.toml: -------------------------------------------------------------------------------- 1 | [toolchain] 2 | channel = "nightly-2025-03-29" 3 | components = [ "rustc-dev", "llvm-tools-preview" , "rust-analysis" , "rust-src" , "rustfmt" ] 4 | -------------------------------------------------------------------------------- /test-harness/.gitignore: -------------------------------------------------------------------------------- 1 | *.snap.new -------------------------------------------------------------------------------- /test-harness/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "hax-test-harness" 3 | version.workspace = true 4 | authors.workspace = true 5 | license.workspace = true 6 | homepage.workspace = true 7 | edition.workspace = true 8 | repository.workspace = true 9 | readme.workspace = true 10 | 11 | [[test]] 12 | name = "toolchain" 13 | path = "src/harness.rs" 14 | harness = false 15 | test = false 16 | 17 | [dev-dependencies] 18 | libtest-mimic = "0.6" 19 | cargo_metadata.workspace = true 20 | enum-iterator = "1.4" 21 | serde_json = "1.0" 22 | lazy_static = "1.4" 23 | assert_cmd = "2.0" 24 | insta = {version = "1.29.0", features = ["filters", "toml"]} 25 | serde = { version = "1.0", features = ["derive"] } 26 | regex = "1" 27 | hax-types.workspace = true 28 | 29 | [package.metadata.release] 30 | release = false 31 | -------------------------------------------------------------------------------- /test-harness/src/lib.rs: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /test-harness/src/snapshots/toolchain__let-else into-fstar.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: test-harness/src/harness.rs 3 | expression: snapshot 4 | info: 5 | kind: 6 | Translate: 7 | backend: fstar 8 | info: 9 | name: let-else 10 | manifest: let-else/Cargo.toml 11 | description: ~ 12 | spec: 13 | optional: false 14 | broken: false 15 | issue_id: ~ 16 | positive: true 17 | snapshot: 18 | stderr: false 19 | stdout: true 20 | include_flag: ~ 21 | backend_options: ~ 22 | --- 23 | exit = 0 24 | 25 | [stdout] 26 | diagnostics = [] 27 | 28 | [stdout.files] 29 | "Let_else.fst" = ''' 30 | module Let_else 31 | #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" 32 | open Core 33 | open FStar.Mul 34 | 35 | let let_else (opt: Core.Option.t_Option u32) : bool = 36 | match opt <: Core.Option.t_Option u32 with 37 | | Core.Option.Option_Some x -> true 38 | | _ -> false 39 | 40 | let let_else_different_type (opt: Core.Option.t_Option u32) : bool = 41 | match opt <: Core.Option.t_Option u32 with 42 | | Core.Option.Option_Some x -> 43 | let_else (Core.Option.Option_Some (x +! mk_u32 1 <: u32) <: Core.Option.t_Option u32) 44 | | _ -> false 45 | ''' 46 | -------------------------------------------------------------------------------- /test-harness/src/snapshots/toolchain__patterns into-fstar.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: test-harness/src/harness.rs 3 | expression: snapshot 4 | info: 5 | kind: 6 | Translate: 7 | backend: fstar 8 | info: 9 | name: patterns 10 | manifest: patterns/Cargo.toml 11 | description: ~ 12 | spec: 13 | optional: false 14 | broken: false 15 | issue_id: ~ 16 | positive: true 17 | snapshot: 18 | stderr: true 19 | stdout: true 20 | include_flag: ~ 21 | backend_options: ~ 22 | --- 23 | exit = 0 24 | stderr = 'Finished `dev` profile [unoptimized + debuginfo] target(s) in XXs' 25 | 26 | [stdout] 27 | diagnostics = [] 28 | 29 | [stdout.files] 30 | "Patterns.fst" = ''' 31 | module Patterns 32 | #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" 33 | open Core 34 | open FStar.Mul 35 | 36 | type t_Other = | Other : i32 -> t_Other 37 | 38 | type t_Test = | Test_C1 : t_Other -> t_Test 39 | 40 | let impl__test (self: t_Test) : i32 = match self <: t_Test with | Test_C1 c -> c._0 41 | ''' 42 | -------------------------------------------------------------------------------- /test-harness/src/snapshots/toolchain__recursion into-fstar.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: test-harness/src/harness.rs 3 | expression: snapshot 4 | info: 5 | kind: 6 | Translate: 7 | backend: fstar 8 | info: 9 | name: recursion 10 | manifest: recursion/Cargo.toml 11 | description: ~ 12 | spec: 13 | optional: false 14 | broken: false 15 | issue_id: ~ 16 | positive: true 17 | snapshot: 18 | stderr: true 19 | stdout: true 20 | include_flag: ~ 21 | backend_options: ~ 22 | --- 23 | exit = 0 24 | stderr = 'Finished `dev` profile [unoptimized + debuginfo] target(s) in XXs' 25 | 26 | [stdout] 27 | diagnostics = [] 28 | 29 | [stdout.files] 30 | "Recursion.fst" = ''' 31 | module Recursion 32 | #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" 33 | open Core 34 | open FStar.Mul 35 | 36 | let rec f (n: u8) : u8 = if n =. mk_u8 0 then mk_u8 0 else n +! (f (n -! mk_u8 1 <: u8) <: u8) 37 | ''' 38 | -------------------------------------------------------------------------------- /test-harness/src/snapshots/toolchain__statics into-fstar.snap: -------------------------------------------------------------------------------- 1 | --- 2 | source: test-harness/src/harness.rs 3 | expression: snapshot 4 | info: 5 | kind: 6 | Translate: 7 | backend: fstar 8 | info: 9 | name: statics 10 | manifest: statics/Cargo.toml 11 | description: ~ 12 | spec: 13 | optional: false 14 | broken: false 15 | issue_id: ~ 16 | positive: true 17 | snapshot: 18 | stderr: false 19 | stdout: true 20 | include_flag: ~ 21 | backend_options: ~ 22 | --- 23 | exit = 0 24 | 25 | [stdout] 26 | diagnostics = [] 27 | 28 | [stdout.files] 29 | "Statics.fst" = ''' 30 | module Statics 31 | #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" 32 | open Core 33 | open FStar.Mul 34 | 35 | let v_FOO: usize = mk_usize 0 36 | 37 | let get_foo (_: Prims.unit) : usize = v_FOO 38 | ''' 39 | -------------------------------------------------------------------------------- /tests/.gitignore: -------------------------------------------------------------------------------- 1 | # ignore all output folder generated by the tool 2 | proofs/ 3 | -------------------------------------------------------------------------------- /tests/Cargo.toml: -------------------------------------------------------------------------------- 1 | [workspace] 2 | members = [ 3 | "assert", 4 | "enum-struct-variant", 5 | "literals", 6 | "slices", 7 | "naming", 8 | "if-let", 9 | "let-else", 10 | "enum-repr", 11 | "pattern-or", 12 | "side-effects", 13 | "mut-ref-functionalization", 14 | "generics", 15 | "loops", 16 | "even", 17 | "odd", 18 | "never-type", 19 | "attributes", 20 | "attribute-opaque", 21 | "raw-attributes", 22 | "traits", 23 | "dyn", 24 | "reordering", 25 | "nested-derefs", 26 | "patterns", 27 | "proverif-minimal", 28 | "proverif-basic-structs", 29 | "proverif-ping-pong", 30 | "proverif-noise", 31 | "proverif-fn-to-letfun", 32 | "cli/include-flag", 33 | "cli/interface-only", 34 | "recursion", 35 | "functions", 36 | "guards", 37 | "cyclic-modules", 38 | "unsafe", 39 | "constructor-as-closure", 40 | "statics", 41 | ] 42 | resolver = "2" 43 | -------------------------------------------------------------------------------- /tests/README.md: -------------------------------------------------------------------------------- 1 | # Tests 2 | 3 | This directory contains tests for the engine and the frontend. 4 | For examples of verification using hax, see `../examples`. 5 | -------------------------------------------------------------------------------- /tests/assert/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "assert" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar+coq+ssprove" = { broken = false, snapshot = "stdout", issue_id = "285" } 10 | -------------------------------------------------------------------------------- /tests/assert/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | pub fn asserts() { 4 | assert!({ 5 | assert!(true); 6 | 1 == 1 7 | }); 8 | assert_eq!(2, 2); 9 | assert_ne!(1, 2); 10 | } 11 | -------------------------------------------------------------------------------- /tests/attribute-opaque/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "attribute-opaque" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | hax-lib = { path = "../../hax-lib" } 8 | serde = { version = "1.0", features = ["derive"] } 9 | 10 | [package.metadata.hax-tests] 11 | into."fstar" = { backend-options = ["--interfaces", "+**"] } 12 | -------------------------------------------------------------------------------- /tests/attributes/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "attributes" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | hax-lib = { path = "../../hax-lib" } 8 | hax-bounded-integers = { path = "../../hax-bounded-integers" } 9 | serde = { version = "1.0", features = ["derive"] } 10 | 11 | [package.metadata.hax-tests] 12 | into."fstar" = { snapshot = "stdout" } 13 | -------------------------------------------------------------------------------- /tests/cli/include-flag/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "include-flag" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar+coq" = { snapshot = "stdout" } 10 | -------------------------------------------------------------------------------- /tests/cli/include-flag/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | #![allow(non_camel_case_types)] 3 | 4 | /// Entrypoint 5 | fn main() { 6 | main_a(Foo); 7 | main_b(); 8 | main_c(); 9 | } 10 | 11 | /// Direct dependencies 12 | fn main_a(x: T) { 13 | main_a_a(); 14 | main_a_b(); 15 | main_a_c(); 16 | } 17 | fn main_b() { 18 | main_b_a(); 19 | main_b_b(); 20 | main_b_c(); 21 | } 22 | fn main_c() { 23 | main_c_a(); 24 | main_c_b(); 25 | main_c_c(); 26 | } 27 | struct Foo; 28 | 29 | trait Trait {} 30 | impl Trait for Foo {} 31 | 32 | /// Indirect dependencies 33 | fn main_a_a() {} 34 | fn main_b_a() {} 35 | fn main_c_a() {} 36 | 37 | fn main_a_b() {} 38 | fn main_b_b() {} 39 | fn main_c_b() {} 40 | 41 | fn main_a_c() {} 42 | fn main_b_c() {} 43 | fn main_c_c() {} 44 | -------------------------------------------------------------------------------- /tests/cli/interface-only/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "interface-only" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | hax-lib = { path = "../../../hax-lib" } 8 | 9 | [package.metadata.hax-tests] 10 | into."fstar" = { include-flag = "+:** -interface_only::Foo" } 11 | -------------------------------------------------------------------------------- /tests/constructor-as-closure/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "constructor-as-closure" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar" = { broken = false, snapshot = "stdout", issue_id = "914" } 10 | -------------------------------------------------------------------------------- /tests/constructor-as-closure/src/lib.rs: -------------------------------------------------------------------------------- 1 | struct Test(i32); 2 | impl Test { 3 | pub fn test(x: Option) -> Option { 4 | x.map(Self) 5 | } 6 | } 7 | pub enum Context { 8 | A(i32), 9 | B(i32), 10 | } 11 | impl Context { 12 | pub fn test(x: Option) -> Option { 13 | x.map(Self::B) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /tests/cyclic-modules/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cyclic-modules" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | hax-lib = { path = "../../hax-lib" } 8 | 9 | [package.metadata.hax-tests] 10 | into."fstar" = { broken = false, snapshot = "stdout", issue_id = "396" } 11 | -------------------------------------------------------------------------------- /tests/dyn/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "dyn" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar" = { broken = false, snapshot = "stdout", issue_id = "296" } 10 | -------------------------------------------------------------------------------- /tests/dyn/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | pub trait Printable { 4 | fn stringify(&self) -> S; 5 | } 6 | 7 | impl Printable for i32 { 8 | fn stringify(&self) -> String { 9 | self.to_string() 10 | } 11 | } 12 | 13 | pub fn print(a: Box>) { 14 | println!("{}", a.stringify()); 15 | } 16 | -------------------------------------------------------------------------------- /tests/enum-repr/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "enum-repr" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar+coq+ssprove" = { broken = false, issue_id = "162" } 10 | -------------------------------------------------------------------------------- /tests/enum-repr/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | #[repr(u16)] 4 | enum EnumWithRepr { 5 | ExplicitDiscr1 = 1, 6 | ExplicitDiscr2 = 5, 7 | ImplicitDiscrEmptyTuple(), 8 | ImplicitDiscrEmptyStruct {}, 9 | } 10 | 11 | #[repr(u64)] 12 | enum ImplicitReprs { 13 | A, 14 | B(), 15 | C {}, 16 | D, 17 | E = 30, 18 | F, 19 | G, 20 | H {}, 21 | I(), 22 | } 23 | 24 | fn f() -> u32 { 25 | const CONST: u16 = EnumWithRepr::ExplicitDiscr1 as u16; 26 | let _x = EnumWithRepr::ExplicitDiscr2 as u16; 27 | EnumWithRepr::ImplicitDiscrEmptyTuple() as u32 28 | + EnumWithRepr::ImplicitDiscrEmptyStruct {} as u32 29 | } 30 | 31 | fn get_repr(x: EnumWithRepr) -> u16 { 32 | x as u16 33 | } 34 | 35 | fn get_casted_repr(x: EnumWithRepr) -> u64 { 36 | x as u64 37 | } 38 | -------------------------------------------------------------------------------- /tests/enum-struct-variant/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "enum-struct-variant" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | 10 | [package.metadata.hax-tests] 11 | into."fstar+coq" = {broken = false, snapshot = "none"} 12 | into."ssprove" = {broken = true, snapshot = "none"} -------------------------------------------------------------------------------- /tests/enum-struct-variant/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | #[derive(Debug)] 4 | pub struct Money { 5 | value: u64, 6 | } 7 | 8 | #[derive(Debug)] 9 | pub enum EnumWithStructVariant { 10 | Funds { balance: Money }, 11 | } 12 | -------------------------------------------------------------------------------- /tests/even/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "even" 3 | version = "0.0.1" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | -------------------------------------------------------------------------------- /tests/even/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | pub fn even(n: usize) -> bool { 4 | n % 2 == 0 5 | } 6 | -------------------------------------------------------------------------------- /tests/functions/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "functions" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | hax-lib = { path = "../../hax-lib" } 8 | 9 | [package.metadata.hax-tests] 10 | into."fstar" = { snapshot = "stdout" } 11 | -------------------------------------------------------------------------------- /tests/functions/src/lib.rs: -------------------------------------------------------------------------------- 1 | /// Issue #757 2 | fn calling_function_pointer() { 3 | fn f() {} 4 | let f_ptr = f::; 5 | f_ptr(); 6 | } 7 | 8 | mod issue_1048 { 9 | pub struct CallableViaDeref; 10 | 11 | impl core::ops::Deref for CallableViaDeref { 12 | type Target = fn() -> bool; 13 | 14 | fn deref(&self) -> &Self::Target { 15 | &((|| true) as fn() -> bool) 16 | } 17 | } 18 | 19 | pub fn call_via_deref() -> bool { 20 | CallableViaDeref() 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /tests/generics/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "generics" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar" = { broken = false, issue_id = "21" } 10 | -------------------------------------------------------------------------------- /tests/guards/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "guards" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | hax-lib = { path = "../../hax-lib" } 8 | 9 | [package.metadata.hax-tests] 10 | into."fstar+coq+ssprove" = { broken = false, snapshot = "stdout", issue_id = "814" } 11 | -------------------------------------------------------------------------------- /tests/if-let/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "if-let" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar+coq+ssprove" = { broken = false, snapshot = "none", issue_id = "85" } 10 | -------------------------------------------------------------------------------- /tests/if-let/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | pub fn fun_with_if_let() -> u8 { 4 | let x = Some(5); 5 | if let Some(x) = x { 6 | x 7 | } else { 8 | 7 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /tests/let-else/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "let-else" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar+coq+ssprove" = { broken = false, snapshot = "stdout", issue_id = "155" } 10 | -------------------------------------------------------------------------------- /tests/let-else/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | pub fn let_else(opt: Option) -> bool { 4 | let Some(x) = opt else { return false }; 5 | true 6 | } 7 | 8 | pub fn let_else_different_type(opt: Option) -> bool { 9 | let_else({ 10 | let Some(x) = opt else { return false }; 11 | Some(x + 1) 12 | }) 13 | } 14 | -------------------------------------------------------------------------------- /tests/literals/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "literals" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | hax-lib = { path = "../../hax-lib" } 8 | 9 | [package.metadata.hax-tests] 10 | into."fstar" = { broken = false, issue_id = "85" } 11 | into."coq" = { broken = false, issue_id = "85" } 12 | into."ssprove" = { broken = true, snapshot = "none", issue_id = "85" } 13 | -------------------------------------------------------------------------------- /tests/loops/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "loops" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | hax-lib = { path = "../../hax-lib" } 8 | 9 | [package.metadata.hax-tests] 10 | into."fstar" = { } 11 | into."coq" = { broken = true, snapshot = "none", issue_id = "137" } 12 | into."ssprove" = { broken = true, snapshot = "none", issue_id = "137" } 13 | -------------------------------------------------------------------------------- /tests/mut-ref-functionalization/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "mut-ref-functionalization" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into.fstar = {broken = false, issue_id = 90, snapshot = "stdout"} 10 | 11 | -------------------------------------------------------------------------------- /tests/naming/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "naming" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar" = { snapshot = "stdout" } 10 | -------------------------------------------------------------------------------- /tests/nested-derefs/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "nested-derefs" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [package.metadata.hax-tests] 7 | into."fstar+coq+ssprove" = { snapshot = "none" } 8 | -------------------------------------------------------------------------------- /tests/nested-derefs/src/lib.rs: -------------------------------------------------------------------------------- 1 | fn f(x: &usize) -> usize { 2 | *x 3 | } 4 | fn g(x: &&usize) -> usize { 5 | f(*x) 6 | } 7 | -------------------------------------------------------------------------------- /tests/never-type/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "never-type" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar" = { snapshot = "none" } 10 | -------------------------------------------------------------------------------- /tests/never-type/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | #![feature(never_type)] 3 | 4 | enum False {} 5 | 6 | fn never(h: False) -> ! { 7 | match h {} 8 | } 9 | 10 | fn test(b: bool) -> u8 { 11 | if b { 12 | panic!(); 13 | }; 14 | 3 15 | } 16 | 17 | fn any() -> T { 18 | panic!() 19 | } 20 | -------------------------------------------------------------------------------- /tests/odd/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "odd" 3 | version = "0.0.1" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | even = { path = "../even" } 8 | -------------------------------------------------------------------------------- /tests/odd/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | pub fn odd(n: usize) -> bool { 4 | !even::even(n) 5 | } 6 | -------------------------------------------------------------------------------- /tests/pattern-or/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "pattern-or" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."coq" = { issue_id = "161" } 10 | into."fstar" = { } 11 | # into."ssprove" = { broken = true, snapshot = "none" } -------------------------------------------------------------------------------- /tests/pattern-or/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | pub enum E { 4 | A, 5 | B, 6 | } 7 | 8 | pub fn bar(x: E) { 9 | match x { 10 | E::A | E::B => (), 11 | } 12 | } 13 | pub fn nested(x: Option) -> i32 { 14 | match x { 15 | Some(1 | 2) => 1, 16 | Some(x) => x, 17 | None => 0, 18 | } 19 | } 20 | 21 | pub fn deep(x: (i32, Option)) -> i32 { 22 | match x { 23 | (1 | 2, Some(3 | 4)) => 0, 24 | (x, _) => x, 25 | } 26 | } 27 | 28 | pub fn equivalent(x: (i32, Option)) -> i32 { 29 | match x { 30 | (1, Some(3)) | (1, Some(4)) | (2, Some(3)) | (2, Some(4)) => 0, 31 | (x, _) => x, 32 | } 33 | } 34 | 35 | pub fn deep_capture(x: Result<(i32, i32), (i32, i32)>) -> i32 { 36 | match x { 37 | Ok((1 | 2, x)) | Err((3 | 4, x)) => x, 38 | Ok((x, _)) | Err((x, _)) => x, 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /tests/patterns/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "patterns" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar" = { issue_id = "1170" } -------------------------------------------------------------------------------- /tests/patterns/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | struct Other<'a>(&'a i32); 4 | 5 | enum Test<'a> { 6 | C1(Other<'a>), 7 | } 8 | 9 | impl<'a> Test<'a> { 10 | fn test(&self) -> i32 { 11 | match self { 12 | Self::C1(c) => *c.0, 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /tests/proverif-basic-structs/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "basic-structs" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | 10 | [package.metadata.hax-tests] 11 | into."pro-verif" = { broken = false, snapshot = "none" } 12 | -------------------------------------------------------------------------------- /tests/proverif-basic-structs/src/lib.rs: -------------------------------------------------------------------------------- 1 | // Record struct with single field 2 | struct Ainitial { 3 | x: u8, 4 | } 5 | 6 | // Record struct with multiple fields 7 | struct A { 8 | one: usize, 9 | two: usize, 10 | } 11 | 12 | // Non-record struct 13 | struct B(usize); 14 | -------------------------------------------------------------------------------- /tests/proverif-fn-to-letfun/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "fn-to-letfun" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | -------------------------------------------------------------------------------- /tests/proverif-fn-to-letfun/src/lib.rs: -------------------------------------------------------------------------------- 1 | struct A { 2 | x: usize, 3 | y: u8, 4 | } 5 | struct B { 6 | b: bool, 7 | } 8 | 9 | fn some_function() -> bool { 10 | true 11 | } 12 | 13 | fn some_other_function(b: bool) -> u8 { 14 | 5 15 | } 16 | 17 | fn longer_function(x: &str) -> A { 18 | let b = some_function(); 19 | let d = some_other_function(b); 20 | 21 | A { x: 12usize, y: 9u8 } 22 | } 23 | 24 | fn another_longer_function() -> B { 25 | let b = some_function(); 26 | let d = some_other_function(b); 27 | 28 | B { b: false } 29 | } 30 | 31 | fn void_function() { 32 | let b = some_function(); 33 | let d = some_other_function(b); 34 | } 35 | -------------------------------------------------------------------------------- /tests/proverif-minimal/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "minimal" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | 10 | [package.metadata.hax-tests] 11 | into."pro-verif" = { broken = false, snapshot = "none" } 12 | -------------------------------------------------------------------------------- /tests/proverif-minimal/src/lib.rs: -------------------------------------------------------------------------------- 1 | pub fn add(left: usize, right: usize) -> usize { 2 | left + right 3 | } 4 | 5 | #[cfg(test)] 6 | mod tests { 7 | use super::*; 8 | 9 | #[test] 10 | fn it_works() { 11 | let result = add(2, 2); 12 | assert_eq!(result, 4); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /tests/proverif-noise/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "noise-kkpsk0" 3 | version = "0.1.0" 4 | authors = ["Karthik Bhargavan "] 5 | edition = "2018" 6 | license = "MIT OR Apache-2.0" 7 | description = "hacspec chacha20 poly1305 authenticated encryption" 8 | readme = "README.md" 9 | 10 | [dependencies] 11 | hax-lib-protocol = { path = "../../hax-lib-protocol" } 12 | hax-lib-protocol-macros = { path = "../../hax-lib-protocol-macros" } 13 | hax-lib = { path = "../../hax-lib" } 14 | 15 | 16 | [dev-dependencies] 17 | serde_json = "1.0" 18 | serde = { version = "1.0", features = ["derive"] } 19 | rayon = "1.3.0" 20 | criterion = "0.4" 21 | rand = "0.8" 22 | hacspec-dev = { git = "https://github.com/hacspec/hacspec.git" } 23 | 24 | [package.metadata.hax-tests] 25 | into."pro-verif" = { broken = false, snapshot = "none" } 26 | -------------------------------------------------------------------------------- /tests/proverif-noise/src/lib.rs: -------------------------------------------------------------------------------- 1 | pub mod noise_crypto; 2 | pub mod noise_kkpsk0; 3 | pub mod noise_lib; 4 | -------------------------------------------------------------------------------- /tests/proverif-ping-pong/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "ping-pong" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | hax-lib-protocol = { path = "../../hax-lib-protocol" } 10 | hax-lib-protocol-macros = { path = "../../hax-lib-protocol-macros" } 11 | hax-lib = { path = "../../hax-lib" } 12 | -------------------------------------------------------------------------------- /tests/proverif-ping-pong/pingpong.pv: -------------------------------------------------------------------------------- 1 | set attacker = passive. 2 | channel c. 3 | 4 | type ping_t. 5 | type pong_t. 6 | 7 | fun new_ping(): ping_t. 8 | fun ping2pong(ping_t): pong_t. 9 | 10 | event PingSent(ping_t). 11 | event PingReceived(ping_t). 12 | event PongSent(pong_t). 13 | event PongReceived(pong_t). 14 | 15 | query p: ping_t; 16 | event(PingReceived(p)) ==> event(PingSent(p)). 17 | 18 | 19 | 20 | let A = 21 | ( 22 | let ping = new_ping() in 23 | event PingSent(ping); 24 | out(c, ping) 25 | ) | ( 26 | in(c, pong: pong_t); 27 | event PongReceived(pong) 28 | ). 29 | 30 | let B = 31 | in(c, ping: ping_t); 32 | event PingReceived(ping); 33 | let pong = ping2pong(ping) in 34 | event PongSent(pong); 35 | out(c, pong); 36 | 0. 37 | 38 | process 39 | A | B 40 | -------------------------------------------------------------------------------- /tests/proverif-ping-pong/src/lib.rs: -------------------------------------------------------------------------------- 1 | mod a; 2 | mod b; 3 | 4 | #[hax_lib::protocol_messages] 5 | pub enum Message { 6 | Ping(u8), 7 | Pong(u8), 8 | } 9 | 10 | #[test] 11 | fn run() { 12 | use a::A0; 13 | use b::{B0, B1}; 14 | use hax_lib_protocol::state_machine::{InitialState, ReadState, WriteState}; 15 | let a = A0::init(Some(vec![1])).unwrap(); 16 | let b = B0::init(None).unwrap(); 17 | 18 | let (a, msg) = a.write().unwrap(); 19 | let b: B1 = b.read(msg).unwrap(); 20 | 21 | let (_b, msg) = b.write().unwrap(); 22 | let _a = a.read(msg).unwrap(); 23 | } 24 | -------------------------------------------------------------------------------- /tests/raw-attributes/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "raw-attributes" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | hax-lib = { path = "../../hax-lib" } 8 | 9 | [package.metadata.hax-tests] 10 | into."fstar" = { snapshot = "none" } 11 | -------------------------------------------------------------------------------- /tests/raw-attributes/README.md: -------------------------------------------------------------------------------- 1 | This example is more interesting with the debug mode enabled, to see all the attributes: 2 | - `cargo hax into --debug-engine SOME_EMPTY_EXISTING_DIR fstar` 3 | - `cd engine/utils/phase_debug_webapp && PORT=8989 node server.js SOME_EMPTY_EXISTING_DIR` 4 | - browse `http://localhost:8989/`, and observe the attributes 5 | -------------------------------------------------------------------------------- /tests/recursion/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "recursion" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar" = { } 10 | -------------------------------------------------------------------------------- /tests/recursion/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | pub fn f(n: u8) -> u8 { 4 | if n == 0 { 5 | 0 6 | } else { 7 | n + f(n - 1) 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /tests/reordering/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "reordering" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar+coq+ssprove" = { snapshot = "stdout" } 10 | -------------------------------------------------------------------------------- /tests/reordering/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | fn no_dependency_1() {} 4 | 5 | fn g() -> Bar { 6 | Bar(f(32)) 7 | } 8 | 9 | fn no_dependency_2() {} 10 | 11 | fn f(_: u32) -> Foo { 12 | Foo::A 13 | } 14 | 15 | struct Bar(Foo); 16 | enum Foo { 17 | A, 18 | B, 19 | } 20 | 21 | mod mut_rec { 22 | fn f() { 23 | g() 24 | } 25 | 26 | fn f_2() { 27 | f() 28 | } 29 | 30 | fn g() { 31 | f() 32 | } 33 | } 34 | 35 | mod independent_cycles { 36 | fn a() { 37 | c() 38 | } 39 | fn b() { 40 | d() 41 | } 42 | fn c() { 43 | a() 44 | } 45 | fn d() { 46 | b() 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /tests/side-effects/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "side-effects" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into.fstar = {} 10 | into.coq = {broken = true, snapshot = "none", issue_id = 134} 11 | into.ssprove = {broken = true, snapshot = "none"} 12 | -------------------------------------------------------------------------------- /tests/slices/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "slices" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar+coq" = { broken = false, issue_id = "85" } 10 | -------------------------------------------------------------------------------- /tests/slices/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | // The issue here is probably both, pointer and slice. We first run into the slice. 4 | const VERSION: &[u8] = b"v1"; 5 | 6 | // This panics 7 | // thread 'rustc' panicked at 'hax-engine exited with non-zero code', cli/driver/src/exporter.rs:217:2 8 | pub fn do_something(_: &[u8]) {} 9 | 10 | pub fn sized(x: &[&[u8; 4]; 1]) { 11 | r#unsized(&[(x[0] as &[u8])]) 12 | } 13 | 14 | pub fn r#unsized(_: &[&[u8]; 1]) {} 15 | -------------------------------------------------------------------------------- /tests/statics/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "statics" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [package.metadata.hax-tests] 7 | into."fstar" = { snapshot = "stdout" } 8 | -------------------------------------------------------------------------------- /tests/statics/src/lib.rs: -------------------------------------------------------------------------------- 1 | static FOO: usize = 0; 2 | 3 | fn get_foo() -> usize { 4 | FOO 5 | } 6 | -------------------------------------------------------------------------------- /tests/traits/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "traits" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | 8 | [package.metadata.hax-tests] 9 | into."fstar" = { snapshot = "stdout" } 10 | 11 | -------------------------------------------------------------------------------- /tests/unsafe/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "unsafe" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | hax-lib = { path = "../../hax-lib" } 8 | 9 | [package.metadata.hax-tests] 10 | into."fstar" = { broken = false } 11 | -------------------------------------------------------------------------------- /tests/unsafe/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | 3 | enum Impossible {} 4 | 5 | #[hax_lib::requires(false)] 6 | pub fn impossible() -> Impossible { 7 | unsafe { std::hint::unreachable_unchecked() } 8 | } 9 | 10 | #[hax_lib::requires(slice.len() > 10)] 11 | pub fn get_unchecked_example(slice: &[u8]) -> u8 { 12 | unsafe { *slice.get_unchecked(6) } 13 | } 14 | --------------------------------------------------------------------------------