aboutsummaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
...
* Some experiments with partial evaluation with letin without cpsGravatar Jason Gross2018-05-05
| | | | Jason & Andres
* un-hardcode # of reductionsGravatar Jade Philipoom2018-04-30
|
* print saturated mulmod for p192 on 32-bit, add note about p256Gravatar Jade Philipoom2018-04-30
|
* fixed too-many-additions problem by fixing number of limbs in from_associationalGravatar Jade Philipoom2018-04-30
|
* Fix some carry logicGravatar Jade Philipoom2018-04-30
|
* First stab at generating code for saturated solinas modularGravatar Jade Philipoom2018-04-30
| | | | | multiplication (currently produces way too many expressions because 1*x and -1*x are not simplified for two-output mul)
* fix commentGravatar Jade Philipoom2018-04-30
|
* Fix bounds analysis for saturated ops and remove unneeded commentGravatar Jade Philipoom2018-04-30
|
* first stab at reifying barrettGravatar Jade Philipoom2018-04-30
|
* fix definitions of saturated operations to avoid unnecessary work, and make ↵Gravatar Jade Philipoom2018-04-30
| | | | Montgomery use them
* tweak definition of flatten to use an index rather than check the length of ↵Gravatar Jade Philipoom2018-04-30
| | | | the output accumulator--this prevents the accumulator from repeatedly showing up in the expression and making the term huge
* fix the placement of a dlet to make more senseGravatar Jade Philipoom2018-04-30
|
* In reassocation, don't reassociate additionsGravatar Jason Gross2018-04-26
| | | | | | | | | It was serving no purpose, and was messing up the associativity of balance on sub. I believe it was originally there because I thought I had to handle 19 * (a * b + c * d) -> (19 * a) * b + (19 * c) * d, but this case doesn't show up, and so I never wrote the code to handle it, but also never removed the code to parse additions into lists (thereby losing associativity information).
* Fix a printoutGravatar Jason Gross2018-04-26
|
* Revert most of "Make reassociation optional"Gravatar Jason Gross2018-04-26
| | | | | | This reverts most of commit f776eb5815166f1ff648808231794dee01a4683c. We'll do it a different way.
* Make reassociation optionalGravatar Jason Gross2018-04-26
| | | | It was messing up the associativity of balance on sub.
* Compute tight bounds in a different wayGravatar Jason Gross2018-04-26
| | | | | | We compute them as 1.1*(s-1), which is a simpler way to express that they vary across limbs for nonuniform bases. This allows 32-bit 25519 sub to boundscheck.
* Don't introduce extra lambdas and apps in uncurryGravatar Jason Gross2018-04-26
| | | | | | | | | Previously I was trying to make the proof easier by using the same var type for input and output (which would allow a correctness-of-interpretation proof which doesn't depend on well-formedness). We now no longer do that, and instead go from `@expr (@expr var)` to `@expr var`, and avoid introducing useless `Abs` and `App` nodes.
* Add some Positional Hint RewritesGravatar Jason Gross2018-04-26
| | | | | They disappear after the end of the section, but I want them to stay in distr_length for later proofs.
* Util.Loops: remove non-stdlib dependenciesGravatar Andres Erbsen2018-04-26
|
* Generalize Jacobian.v over all a.Gravatar David Benjamin2018-04-25
| | | | | | | | | | | | | | | | The immediate motivation is BoringSSL's generic EC code is sadly stuck with supporting arbitrary curves, including those where a <> -3, but it may be more generally useful. This makes the file slightly more general: - It now proves that the addition formula works independent of a = -3. - It proves a generic doubling implementation, based on http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html#doubling-dbl-2007-bl - There's a place to stick in other specializations should someone want them. (I hear some folks are interested in secp256k1 for some reason.)
* pass-through after Jason's reviewGravatar Jade Philipoom2018-04-19
|
* add instructions cc_m, rshi, and sub_with_get_borrow to pipeline in ↵Gravatar Jade Philipoom2018-04-19
| | | | preparation for reifying barrett; tweaked definition of cc_l
* Also include argument bounds in bounds-analysis-failure messageGravatar Jason Gross2018-04-18
| | | | This will be required to correctly stringify the syntax tree for the error message
* Fix a proofGravatar Jason Gross2018-04-18
|
* Change a proof in src/Util/OptionGravatar Jason Gross2018-04-18
| | | | | | This was causing issues with bug minimization because some hints seem to follow [Require], not [Import], and so when [eauto] got stronger, this proof was failing.
* Merge pull request #335 from mit-plv/cpsloopsGravatar Andres Erbsen2018-04-18
|\ | | | | comprehensive loops framework with complete proof theory
* | Actually display the error messages from pipeline failuresGravatar Jason Gross2018-04-18
| | | | | | | | | | See https://github.com/coq/coq/issues/7291 and https://github.com/mit-plv/fiat-crypto/issues/349#issuecomment-382180578
* | Add a Z.cast2 case to bounds extractionGravatar Jason Gross2018-04-18
| |
* | Also include the syntax tree in bounds analysis errorsGravatar Jason Gross2018-04-18
| | | | | | | | This should fix #349 (or at least most of it).
* | move requires to top of fileGravatar Jade Philipoom2018-04-11
| |
* | barrett reduction definition and proofGravatar Jade Philipoom2018-04-11
| |
* | add a list lemmaGravatar Jade Philipoom2018-04-11
| |
* | add some lemmas aboud div and modGravatar Jade Philipoom2018-04-11
| |
* | Add new assembly-mimicking operations rshi, cc_m, and cc_lGravatar Jade Philipoom2018-04-11
| |
* | fix trashed carry flagGravatar Jade Philipoom2018-04-11
| |
* | remove commentGravatar Jade Philipoom2018-04-11
| |
* | add a comment to rerun buildGravatar Jade Philipoom2018-04-11
| |
* | Automate some proofs a bit moreGravatar Jason Gross2018-04-11
| |
* | try to fix build on coq masterGravatar Jade Philipoom2018-04-11
| |
* | prove stronger bound on quotient error for barrett reductionGravatar Jade Philipoom2018-04-11
| |
* | Update number/string conversionsGravatar Jason Gross2018-04-09
| | | | | | | | To updated version of https://github.com/coq/coq/pull/6597
* | package properties of weight functions into a recordGravatar Jade Philipoom2018-04-09
| |
* | relocate and prove an admitGravatar Jade Philipoom2018-04-09
| |
* | reorganization: move more things into BaseConversionGravatar Jade Philipoom2018-04-09
| |
* | better factoring-out of mul_converted stuff, define saturated arith operationsGravatar Jade Philipoom2018-04-06
| |
* | Use a simpler form of UncurryingGravatar Jason Gross2018-04-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After in-person discussion with Andres, we decided that, because the previous form of uncurrying was only half-uncurried (not including identifiers nor lambdas passed to other lambdas), and the strongest driver of a full uncurrying pass would be having an easier-to-visualize intermediate representation / knowing more clearly what the pipeline is doing, and the changes required for making this a full uncurrying pass would be global to the pipeline (require changing the type of identifiers), we would instead go back the version of uncurrying that I initially proposed, where we only uncurry the top-level function. Note that we create a slightly more complicated term (with more application nodes) than we have to; if we instead took in `@expr (@expr var) t` rather than `@expr var t`, we wouldn't introduce needless abstractions. However, the current form admits an extremely simple proof of correctness, which doesn't even require well-formedness of the expression tree.
* | Stick an uncurry pass in the pipelineGravatar Jason Gross2018-04-04
| | | | | | | | | | This allows us to (a) consolidate the constant and non-constant pipelines and (b) vastly simplify the call-with-id-continuation logic.
* | Add UncurryGravatar Jason Gross2018-04-04
| | | | | | | | | | This pass uncurries all applied lambdas. Care is taken to not do beta reduction and to not introduce spurious `Abs` or `App` nodes.
* | pass-through after Jason's reviewGravatar Jade Philipoom2018-04-03
| |
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 15:24:27 +0000