aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* un-hardcode # of reductionsGravatar Jade Philipoom2018-04-30
|
* print saturated mulmod for p192 on 32-bit, add note about p256Gravatar Jade Philipoom2018-04-30
|
* fixed too-many-additions problem by fixing number of limbs in from_associationalGravatar Jade Philipoom2018-04-30
|
* Fix some carry logicGravatar Jade Philipoom2018-04-30
|
* First stab at generating code for saturated solinas modularGravatar Jade Philipoom2018-04-30
| | | | | multiplication (currently produces way too many expressions because 1*x and -1*x are not simplified for two-output mul)
* fix commentGravatar Jade Philipoom2018-04-30
|
* Fix bounds analysis for saturated ops and remove unneeded commentGravatar Jade Philipoom2018-04-30
|
* first stab at reifying barrettGravatar Jade Philipoom2018-04-30
|
* fix definitions of saturated operations to avoid unnecessary work, and make ↵Gravatar Jade Philipoom2018-04-30
| | | | Montgomery use them
* tweak definition of flatten to use an index rather than check the length of ↵Gravatar Jade Philipoom2018-04-30
| | | | the output accumulator--this prevents the accumulator from repeatedly showing up in the expression and making the term huge
* fix the placement of a dlet to make more senseGravatar Jade Philipoom2018-04-30
|
* Don't allow coqprime and coqprime-all to run in parallelGravatar Jason Gross2018-04-30
| | | | We only want one invocation of submake at a time.
* Only install files built by the coq targetGravatar Jason Gross2018-04-30
|
* Add a coqprime-all target to build all of coqprimeGravatar Jason Gross2018-04-30
|
* In reassocation, don't reassociate additionsGravatar Jason Gross2018-04-26
| | | | | | | | | It was serving no purpose, and was messing up the associativity of balance on sub. I believe it was originally there because I thought I had to handle 19 * (a * b + c * d) -> (19 * a) * b + (19 * c) * d, but this case doesn't show up, and so I never wrote the code to handle it, but also never removed the code to parse additions into lists (thereby losing associativity information).
* Fix a printoutGravatar Jason Gross2018-04-26
|
* Revert most of "Make reassociation optional"Gravatar Jason Gross2018-04-26
| | | | | | This reverts most of commit f776eb5815166f1ff648808231794dee01a4683c. We'll do it a different way.
* Make reassociation optionalGravatar Jason Gross2018-04-26
| | | | It was messing up the associativity of balance on sub.
* Compute tight bounds in a different wayGravatar Jason Gross2018-04-26
| | | | | | We compute them as 1.1*(s-1), which is a simpler way to express that they vary across limbs for nonuniform bases. This allows 32-bit 25519 sub to boundscheck.
* Don't introduce extra lambdas and apps in uncurryGravatar Jason Gross2018-04-26
| | | | | | | | | Previously I was trying to make the proof easier by using the same var type for input and output (which would allow a correctness-of-interpretation proof which doesn't depend on well-formedness). We now no longer do that, and instead go from `@expr (@expr var)` to `@expr var`, and avoid introducing useless `Abs` and `App` nodes.
* Add some Positional Hint RewritesGravatar Jason Gross2018-04-26
| | | | | They disappear after the end of the section, but I want them to stay in distr_length for later proofs.
* Util.Loops: remove non-stdlib dependenciesGravatar Andres Erbsen2018-04-26
|
* Generalize Jacobian.v over all a.Gravatar David Benjamin2018-04-25
| | | | | | | | | | | | | | | | The immediate motivation is BoringSSL's generic EC code is sadly stuck with supporting arbitrary curves, including those where a <> -3, but it may be more generally useful. This makes the file slightly more general: - It now proves that the addition formula works independent of a = -3. - It proves a generic doubling implementation, based on http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#doubling-dbl-2007-bl - There's a place to stick in other specializations should someone want them. (I hear some folks are interested in secp256k1 for some reason.)
* Fix the lite-display targetGravatar Jason Gross2018-04-20
|
* pass-through after Jason's reviewGravatar Jade Philipoom2018-04-19
|
* add instructions cc_m, rshi, and sub_with_get_borrow to pipeline in ↵Gravatar Jade Philipoom2018-04-19
| | | | preparation for reifying barrett; tweaked definition of cc_l
* Also include argument bounds in bounds-analysis-failure messageGravatar Jason Gross2018-04-18
| | | | This will be required to correctly stringify the syntax tree for the error message
* Add COQLIBS to display targetsGravatar Jason Gross2018-04-18
| | | | | As per https://github.com/mit-plv/fiat-crypto/issues/344#issuecomment-381424442
* Error if a display target failsGravatar Jason Gross2018-04-18
| | | | | | | Because pipes eat error codes, we were previously succeeding when display targets fail. This meant that we didn't catch https://github.com/mit-plv/fiat-crypto/issues/344#issuecomment-381422896 on Travis. Now we will.
* Fix a proofGravatar Jason Gross2018-04-18
|
* Change a proof in src/Util/OptionGravatar Jason Gross2018-04-18
| | | | | | This was causing issues with bug minimization because some hints seem to follow [Require], not [Import], and so when [eauto] got stronger, this proof was failing.
* Merge pull request #335 from mit-plv/cpsloopsGravatar Andres Erbsen2018-04-18
|\ | | | | comprehensive loops framework with complete proof theory
* | Actually display the error messages from pipeline failuresGravatar Jason Gross2018-04-18
| | | | | | | | | | See https://github.com/coq/coq/issues/7291 and https://github.com/mit-plv/fiat-crypto/issues/349#issuecomment-382180578
* | Add a Z.cast2 case to bounds extractionGravatar Jason Gross2018-04-18
| |
* | Also include the syntax tree in bounds analysis errorsGravatar Jason Gross2018-04-18
| | | | | | | | This should fix #349 (or at least most of it).
* | Bump coq-scripts to fix a bugGravatar Jason Gross2018-04-15
| |
* | Add a lite-display targetGravatar Jason Gross2018-04-15
| |
* | Bump coq-scriptsGravatar Jason Gross2018-04-15
| | | | | | | | This should speed up the lite target on master
* | move requires to top of fileGravatar Jade Philipoom2018-04-11
| |
* | barrett reduction definition and proofGravatar Jade Philipoom2018-04-11
| |
* | add a list lemmaGravatar Jade Philipoom2018-04-11
| |
* | add some lemmas aboud div and modGravatar Jade Philipoom2018-04-11
| |
* | Add new assembly-mimicking operations rshi, cc_m, and cc_lGravatar Jade Philipoom2018-04-11
| |
* | fix trashed carry flagGravatar Jade Philipoom2018-04-11
| |
* | remove commentGravatar Jade Philipoom2018-04-11
| |
* | add a comment to rerun buildGravatar Jade Philipoom2018-04-11
| |
* | Automate some proofs a bit moreGravatar Jason Gross2018-04-11
| |
* | try to fix build on coq masterGravatar Jade Philipoom2018-04-11
| |
* | prove stronger bound on quotient error for barrett reductionGravatar Jade Philipoom2018-04-11
| |
* | Update number/string conversionsGravatar Jason Gross2018-04-09
| | | | | | | | To updated version of https://github.com/coq/coq/pull/6597
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 06:17:46 +0000