diff --git a/arm/Makefile b/arm/Makefile index 27ade9e1..e1d37985 100644 --- a/arm/Makefile +++ b/arm/Makefile @@ -498,7 +498,10 @@ tutorial/rel_reordertac.native: tutorial/rel_reordertac2.o unopt: $(UNOPT_OBJ) -build_proofs: $(UNOPT_OBJ) $(PROOF_BINS); +build_proofs: $(UNOPT_OBJ) $(PROOF_BINS) +# Conservatively check that there is no redefinition of "check_axioms" +# '-I' excludes binary files (*.native). + ! grep -RI "check_axioms" . ../common/ --exclude="Makefile" build_tutorial: $(TUTORIAL_OBJ) $(TUTORIAL_PROOF_BINS); run_proofs: build_proofs $(PROOF_LOGS); diff --git a/arm/proofs/arm.ml b/arm/proofs/arm.ml index 80ebb9c6..2f7ada5b 100644 --- a/arm/proofs/arm.ml +++ b/arm/proofs/arm.ml @@ -410,6 +410,12 @@ let is_read_pc t = | Comb (Comb (Const ("read", _), Const ("PC", _)), _) -> true | _ -> false;; +(* returns true if t is `read events `. *) +let is_read_events t = + match t with + | Comb (Comb (Const ("read", _), Const ("events", _)), _) -> true + | _ -> false;; + (*** decode_ths is an array from int offset i to *** Some `|- !s pc. aligned_bytes_loaded s pc *_mc *** ==> arm_decode s (word (pc+i)) (..inst..)` diff --git a/arm/proofs/bignum_add.ml b/arm/proofs/bignum_add.ml index 45573c7e..538a1f11 100644 --- a/arm/proofs/bignum_add.ml +++ b/arm/proofs/bignum_add.ml @@ -99,7 +99,7 @@ let BIGNUM_ADD_CORRECT = prove bignum_from_memory (z,val p) s = lowdigits a (val p) + lowdigits b (val p)) (MAYCHANGE [PC; X0; X2; X4; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val p)])`, W64_GEN_TAC `p:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `m:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `a:num`] THEN diff --git a/arm/proofs/bignum_add_p25519.ml b/arm/proofs/bignum_add_p25519.ml index 9e0bfaf6..5bb4d2f9 100644 --- a/arm/proofs/bignum_add_p25519.ml +++ b/arm/proofs/bignum_add_p25519.ml @@ -57,7 +57,7 @@ let BIGNUM_ADD_P25519_CORRECT = time prove (m < p_25519 /\ n < p_25519 ==> bignum_from_memory (z,4) s = (m + n) MOD p_25519)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_add_p256.ml b/arm/proofs/bignum_add_p256.ml index 9f4c7b0b..0698031e 100644 --- a/arm/proofs/bignum_add_p256.ml +++ b/arm/proofs/bignum_add_p256.ml @@ -60,7 +60,7 @@ let BIGNUM_ADD_P256_CORRECT = time prove (m < p_256 /\ n < p_256 ==> bignum_from_memory (z,4) s = (m + n) MOD p_256)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_add_p256k1.ml b/arm/proofs/bignum_add_p256k1.ml index 71e7e95a..08a615e9 100644 --- a/arm/proofs/bignum_add_p256k1.ml +++ b/arm/proofs/bignum_add_p256k1.ml @@ -61,7 +61,7 @@ let BIGNUM_ADD_P256K1_CORRECT = time prove (m < p_256k1 /\ n < p_256k1 ==> bignum_from_memory (z,4) s = (m + n) MOD p_256k1)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_add_p384.ml b/arm/proofs/bignum_add_p384.ml index 42e8be9f..9e23d7b7 100644 --- a/arm/proofs/bignum_add_p384.ml +++ b/arm/proofs/bignum_add_p384.ml @@ -76,7 +76,7 @@ let BIGNUM_ADD_P384_CORRECT = time prove (m < p_384 /\ n < p_384 ==> bignum_from_memory (z,6) s = (m + n) MOD p_384)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_add_p521.ml b/arm/proofs/bignum_add_p521.ml index 5ca000d3..ac7bb3bc 100644 --- a/arm/proofs/bignum_add_p521.ml +++ b/arm/proofs/bignum_add_p521.ml @@ -75,7 +75,7 @@ let BIGNUM_ADD_P521_CORRECT = time prove (m < p_521 /\ n < p_521 ==> bignum_from_memory (z,9) s = (m + n) MOD p_521)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_add_sm2.ml b/arm/proofs/bignum_add_sm2.ml index 1b344037..b2b3dd03 100644 --- a/arm/proofs/bignum_add_sm2.ml +++ b/arm/proofs/bignum_add_sm2.ml @@ -60,7 +60,7 @@ let BIGNUM_ADD_SM2_CORRECT = time prove (m < p_sm2 /\ n < p_sm2 ==> bignum_from_memory (z,4) s = (m + n) MOD p_sm2)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_amontifier.ml b/arm/proofs/bignum_amontifier.ml index 1d7b1c3e..d63159f3 100644 --- a/arm/proofs/bignum_amontifier.ml +++ b/arm/proofs/bignum_amontifier.ml @@ -301,7 +301,7 @@ let BIGNUM_AMONTIFIER_CORRECT = time prove (MAYCHANGE [PC; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(z,8 * val k); memory :> bytes(t,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `mm:int64`; `t:int64`; `m:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_amontmul.ml b/arm/proofs/bignum_amontmul.ml index b99971f5..8bb0250c 100644 --- a/arm/proofs/bignum_amontmul.ml +++ b/arm/proofs/bignum_amontmul.ml @@ -139,7 +139,7 @@ let BIGNUM_AMONTMUL_CORRECT = time prove inverse_mod n (2 EXP (64 * val k)) * a * b) (mod n))) (MAYCHANGE [PC; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(z,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:int64`] THEN MAP_EVERY X_GEN_TAC [`a:num`; `b:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_amontredc.ml b/arm/proofs/bignum_amontredc.ml index 64c5ea9e..6329f271 100644 --- a/arm/proofs/bignum_amontredc.ml +++ b/arm/proofs/bignum_amontredc.ml @@ -142,7 +142,7 @@ let BIGNUM_AMONTREDC_CORRECT = time prove lowdigits a (val k + val p)) (mod n))) (MAYCHANGE [PC; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(z,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `nx:num` THEN X_GEN_TAC `x:int64` THEN X_GEN_TAC `m:int64` THEN W64_GEN_TAC `p:num` THEN diff --git a/arm/proofs/bignum_amontsqr.ml b/arm/proofs/bignum_amontsqr.ml index a4a601f7..923b6bf0 100644 --- a/arm/proofs/bignum_amontsqr.ml +++ b/arm/proofs/bignum_amontsqr.ml @@ -138,7 +138,7 @@ let BIGNUM_AMONTSQR_CORRECT = time prove inverse_mod n (2 EXP (64 * val k)) * a EXP 2) (mod n))) (MAYCHANGE [PC; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(z,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:int64`] THEN MAP_EVERY X_GEN_TAC [`a:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_bigendian_4.ml b/arm/proofs/bignum_bigendian_4.ml index 5ce524ba..1a77408f 100644 --- a/arm/proofs/bignum_bigendian_4.ml +++ b/arm/proofs/bignum_bigendian_4.ml @@ -105,7 +105,7 @@ let BIGNUM_FROMBEBYTES_4_CORRECT = time prove read (memory :> bytelist(x,32)) s = l) (\s. read PC s = word (pc + 0x110) /\ bignum_from_memory(z,4) s = num_of_bytelist (REVERSE l)) - (MAYCHANGE [PC; X2; X3; X4] ,, + (MAYCHANGE [PC; X2; X3; X4] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `l:byte list`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -152,7 +152,7 @@ let BIGNUM_TOBEBYTES_4_CORRECT = time prove (\s. read PC s = word (pc + 0x110) /\ read (memory :> bytelist(z,32)) s = REVERSE(bytelist_of_num 32 n)) - (MAYCHANGE [PC; X2; X3; X4] ,, + (MAYCHANGE [PC; X2; X3; X4] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, REPEAT GEN_TAC THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN @@ -199,7 +199,7 @@ let BIGNUM_BIGENDIAN_4_CORRECT = time prove (\s. read PC s = word (pc + 0x110) /\ bignum_from_memory(z,4) s = num_of_bytelist(REVERSE(bytelist_of_num 32 n))) - (MAYCHANGE [PC; X2; X3; X4] ,, + (MAYCHANGE [PC; X2; X3; X4] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, REPEAT GEN_TAC THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN GEN_REWRITE_TAC (RATOR_CONV o LAND_CONV o ONCE_DEPTH_CONV) diff --git a/arm/proofs/bignum_bigendian_6.ml b/arm/proofs/bignum_bigendian_6.ml index 54f64220..1f26ca4b 100644 --- a/arm/proofs/bignum_bigendian_6.ml +++ b/arm/proofs/bignum_bigendian_6.ml @@ -139,7 +139,7 @@ let BIGNUM_FROMBEBYTES_6_CORRECT = time prove read (memory :> bytelist(x,48)) s = l) (\s. read PC s = word (pc + 0x198) /\ bignum_from_memory(z,6) s = num_of_bytelist (REVERSE l)) - (MAYCHANGE [PC; X2; X3; X4] ,, + (MAYCHANGE [PC; X2; X3; X4] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `l:byte list`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -186,7 +186,7 @@ let BIGNUM_TOBEBYTES_6_CORRECT = time prove (\s. read PC s = word (pc + 0x198) /\ read (memory :> bytelist(z,48)) s = REVERSE(bytelist_of_num 48 n)) - (MAYCHANGE [PC; X2; X3; X4] ,, + (MAYCHANGE [PC; X2; X3; X4] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, REPEAT GEN_TAC THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN @@ -233,7 +233,7 @@ let BIGNUM_BIGENDIAN_6_CORRECT = time prove (\s. read PC s = word (pc + 0x198) /\ bignum_from_memory(z,6) s = num_of_bytelist(REVERSE(bytelist_of_num 48 n))) - (MAYCHANGE [PC; X2; X3; X4] ,, + (MAYCHANGE [PC; X2; X3; X4] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, REPEAT GEN_TAC THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN GEN_REWRITE_TAC (RATOR_CONV o LAND_CONV o ONCE_DEPTH_CONV) diff --git a/arm/proofs/bignum_bitfield.ml b/arm/proofs/bignum_bitfield.ml index 155ca340..49b4ec12 100644 --- a/arm/proofs/bignum_bitfield.ml +++ b/arm/proofs/bignum_bitfield.ml @@ -60,7 +60,7 @@ let BIGNUM_BITFIELD_CORRECT = prove (\s. read PC s = word(pc + 0x68) /\ C_RETURN s = word((a DIV (2 EXP val n)) MOD (2 EXP val l))) (MAYCHANGE [PC; X0; X2; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN X_GEN_TAC `x:int64` THEN MAP_EVERY W64_GEN_TAC [`n:num`; `l:num`] THEN MAP_EVERY X_GEN_TAC [`a:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_bitsize.ml b/arm/proofs/bignum_bitsize.ml index 27bf43d1..96f2b0ad 100644 --- a/arm/proofs/bignum_bitsize.ml +++ b/arm/proofs/bignum_bitsize.ml @@ -47,7 +47,7 @@ let BIGNUM_BITSIZE_CORRECT = prove (\s'. read PC s' = word (pc + 0x38) /\ C_RETURN s' = word(bitsize x)) (MAYCHANGE [PC; X0; X2; X3; X4; X5] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/proofs/bignum_cdiv.ml b/arm/proofs/bignum_cdiv.ml index 77acf680..5ab768ba 100644 --- a/arm/proofs/bignum_cdiv.ml +++ b/arm/proofs/bignum_cdiv.ml @@ -193,7 +193,7 @@ let BIGNUM_CDIV_CORRECT = prove C_RETURN s = word(a MOD val m))) (MAYCHANGE [PC; X0; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `n:num` THEN X_GEN_TAC `x:int64` THEN W64_GEN_TAC `m:num` THEN @@ -228,7 +228,8 @@ let BIGNUM_CDIV_CORRECT = prove (~(m = 0) ==> read X14 s = word (a MOD m))) (MAYCHANGE [PC; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, - MAYCHANGE [NF; ZF; CF; VF])` + MAYCHANGE [NF; ZF; CF; VF] ,, + MAYCHANGE [events])` MP_TAC THENL [ALL_TAC; REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN DISCH_THEN(fun th -> @@ -315,7 +316,8 @@ let BIGNUM_CDIV_CORRECT = prove &2 pow 64 + &(val (read X5 s)) < &2 pow 128 / &n /\ &2 pow 128 / &n <= &2 pow 64 + &(val (read X5 s)) + &1) (MAYCHANGE [PC; X5; X7; X9; X14] ,, - MAYCHANGE [NF; ZF; CF; VF])` + MAYCHANGE [NF; ZF; CF; VF] ,, + MAYCHANGE [events])` MP_TAC THENL [ALL_TAC; REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN DISCH_THEN(fun th -> diff --git a/arm/proofs/bignum_cdiv_exact.ml b/arm/proofs/bignum_cdiv_exact.ml index 232618dc..38407bec 100644 --- a/arm/proofs/bignum_cdiv_exact.ml +++ b/arm/proofs/bignum_cdiv_exact.ml @@ -108,7 +108,7 @@ let BIGNUM_CDIV_EXACT_CORRECT = prove lowdigits (a DIV val m) (val k))) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `n:num` THEN X_GEN_TAC `x:int64` THEN W64_GEN_TAC `m:num` THEN diff --git a/arm/proofs/bignum_cld.ml b/arm/proofs/bignum_cld.ml index 4e01d8be..01c63b60 100644 --- a/arm/proofs/bignum_cld.ml +++ b/arm/proofs/bignum_cld.ml @@ -43,7 +43,7 @@ let BIGNUM_CLD_CORRECT = prove (\s'. read PC s' = word (pc + 0x28) /\ C_RETURN s' = word((64 * val k - bitsize x) DIV 64)) (MAYCHANGE [PC; X0; X2; X3; X4] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/proofs/bignum_clz.ml b/arm/proofs/bignum_clz.ml index a1ce7933..76822892 100644 --- a/arm/proofs/bignum_clz.ml +++ b/arm/proofs/bignum_clz.ml @@ -48,7 +48,7 @@ let BIGNUM_CLZ_CORRECT = prove (\s'. read PC s' = word (pc + 0x3c) /\ C_RETURN s' = word(64 * val k - bitsize x)) (MAYCHANGE [PC; X0; X2; X3; X4; X5] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/proofs/bignum_cmadd.ml b/arm/proofs/bignum_cmadd.ml index 27437509..73bda882 100644 --- a/arm/proofs/bignum_cmadd.ml +++ b/arm/proofs/bignum_cmadd.ml @@ -79,7 +79,7 @@ let BIGNUM_CMADD_CORRECT = prove (val n <= val p ==> C_RETURN s = word(highdigits (d + val c * a) (val p)))) (MAYCHANGE [PC; X0; X3; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val p)])`, W64_GEN_TAC `p:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `d:num`] THEN W64_GEN_TAC `c:num` THEN diff --git a/arm/proofs/bignum_cmnegadd.ml b/arm/proofs/bignum_cmnegadd.ml index 9b5904a0..37e3e6b8 100644 --- a/arm/proofs/bignum_cmnegadd.ml +++ b/arm/proofs/bignum_cmnegadd.ml @@ -89,7 +89,7 @@ let BIGNUM_CMNEGADD_CORRECT = prove &2 pow (64 * val p) * &(val(C_RETURN s)):int = &d - &(val c) * &a)) (MAYCHANGE [PC; X0; X3; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val p)])`, W64_GEN_TAC `p:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `d:num`] THEN W64_GEN_TAC `c:num` THEN diff --git a/arm/proofs/bignum_cmod.ml b/arm/proofs/bignum_cmod.ml index eca4df80..3e75745f 100644 --- a/arm/proofs/bignum_cmod.ml +++ b/arm/proofs/bignum_cmod.ml @@ -114,7 +114,7 @@ let BIGNUM_CMOD_CORRECT = prove (\s. read PC s = word(pc + 0x140) /\ (~(val m = 0) ==> C_RETURN s = word(a MOD val m))) (MAYCHANGE [PC; X0; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN X_GEN_TAC `x:int64` THEN W64_GEN_TAC `m:num` THEN MAP_EVERY X_GEN_TAC [`a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN @@ -191,7 +191,8 @@ let BIGNUM_CMOD_CORRECT = prove &2 pow 64 + &(val (read X5 s)) < &2 pow 128 / &n /\ &2 pow 128 / &n <= &2 pow 64 + &(val (read X5 s)) + &1) (MAYCHANGE [PC; X5; X6; X9; X10] ,, - MAYCHANGE [NF; ZF; CF; VF])` + MAYCHANGE [NF; ZF; CF; VF] ,, + MAYCHANGE [events])` MP_TAC THENL [ALL_TAC; REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN DISCH_THEN(fun th -> diff --git a/arm/proofs/bignum_cmul.ml b/arm/proofs/bignum_cmul.ml index 72a3ad36..94743fd4 100644 --- a/arm/proofs/bignum_cmul.ml +++ b/arm/proofs/bignum_cmul.ml @@ -72,7 +72,7 @@ let BIGNUM_CMUL_CORRECT = prove (p = n ==> C_RETURN s = word(highdigits (val c * a) (val p)))) (MAYCHANGE [PC; X0; X3; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val p)])`, W64_GEN_TAC `p:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `c:num` THEN W64_GEN_TAC `n:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `a:num`] THEN diff --git a/arm/proofs/bignum_cmul_p25519.ml b/arm/proofs/bignum_cmul_p25519.ml index 0537e75f..27d0096e 100644 --- a/arm/proofs/bignum_cmul_p25519.ml +++ b/arm/proofs/bignum_cmul_p25519.ml @@ -78,7 +78,7 @@ let BIGNUM_CMUL_P25519_CORRECT = time prove (a < p_25519 ==> bignum_from_memory (z,4) s = (val c * a) MOD p_25519)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `c:int64`; `x:int64`; `a:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_cmul_p256.ml b/arm/proofs/bignum_cmul_p256.ml index 80143415..93436581 100644 --- a/arm/proofs/bignum_cmul_p256.ml +++ b/arm/proofs/bignum_cmul_p256.ml @@ -86,7 +86,7 @@ let BIGNUM_CMUL_P256_CORRECT = time prove (a < p_256 ==> bignum_from_memory (z,4) s = (val c * a) MOD p_256)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `c:int64`; `x:int64`; `a:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_cmul_p256k1.ml b/arm/proofs/bignum_cmul_p256k1.ml index 045cc62d..c2166c9c 100644 --- a/arm/proofs/bignum_cmul_p256k1.ml +++ b/arm/proofs/bignum_cmul_p256k1.ml @@ -75,7 +75,7 @@ let BIGNUM_CMUL_P256K1_CORRECT = time prove (a < p_256k1 ==> bignum_from_memory (z,4) s = (val c * a) MOD p_256k1)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `c:int64`; `x:int64`; `a:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_cmul_p384.ml b/arm/proofs/bignum_cmul_p384.ml index 40504aa5..69b807db 100644 --- a/arm/proofs/bignum_cmul_p384.ml +++ b/arm/proofs/bignum_cmul_p384.ml @@ -97,7 +97,7 @@ let BIGNUM_CMUL_P384_CORRECT = time prove ==> bignum_from_memory (z,6) s = (val c * a) MOD p_384)) (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `c:int64`; `x:int64`; `a:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_cmul_p521.ml b/arm/proofs/bignum_cmul_p521.ml index 07a316f6..5164a1a7 100644 --- a/arm/proofs/bignum_cmul_p521.ml +++ b/arm/proofs/bignum_cmul_p521.ml @@ -101,7 +101,7 @@ let BIGNUM_CMUL_P521_CORRECT = time prove ==> bignum_from_memory (z,9) s = (val c * a) MOD p_521)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `c:int64`; `x:int64`; `a:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_cmul_sm2.ml b/arm/proofs/bignum_cmul_sm2.ml index c41b7b65..1c669afe 100644 --- a/arm/proofs/bignum_cmul_sm2.ml +++ b/arm/proofs/bignum_cmul_sm2.ml @@ -83,7 +83,7 @@ let BIGNUM_CMUL_SM2_CORRECT = time prove (a < p_sm2 ==> bignum_from_memory (z,4) s = (val c * a) MOD p_sm2)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `c:int64`; `x:int64`; `a:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_coprime.ml b/arm/proofs/bignum_coprime.ml index dd90bb09..b74baf1b 100644 --- a/arm/proofs/bignum_coprime.ml +++ b/arm/proofs/bignum_coprime.ml @@ -258,7 +258,7 @@ let BIGNUM_COPRIME_CORRECT = prove C_RETURN s = if coprime(a,b) then word 1 else word 0) (MAYCHANGE [PC; X0; X1; X2; X3; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(w,2 * MAX (val m) (val n))])`, W64_GEN_TAC `m:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `a:num`] THEN W64_GEN_TAC `n:num` THEN MAP_EVERY X_GEN_TAC [`y:int64`; `b:num`] THEN @@ -319,7 +319,7 @@ let BIGNUM_COPRIME_CORRECT = prove MATCH_MP_TAC ENSURES_FRAME_SUBSUMED THEN EXISTS_TAC `MAYCHANGE [PC; X0; X1; X2; X3; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, - MAYCHANGE [NF; ZF; CF; VF] ,, + MAYCHANGE [NF; ZF; CF; VF] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(mm,k); memory :> bignum(nn,k)]` THEN CONJ_TAC THENL [REPEAT(MATCH_MP_TAC SUBSUMED_SEQ THEN REWRITE_TAC[SUBSUMED_REFL]) THEN diff --git a/arm/proofs/bignum_copy.ml b/arm/proofs/bignum_copy.ml index 142c730f..6557c2aa 100644 --- a/arm/proofs/bignum_copy.ml +++ b/arm/proofs/bignum_copy.ml @@ -50,7 +50,7 @@ let BIGNUM_COPY_CORRECT = prove bignum_from_memory (x,val n) s = a) (\s. read PC s = word (pc + 0x3c) /\ bignum_from_memory (z,val k) s = lowdigits a (val k)) - (MAYCHANGE [PC; X2; X4; X5] ,, MAYCHANGE SOME_FLAGS ,, + (MAYCHANGE [PC; X2; X4; X5] ,, MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, REWRITE_TAC[NONOVERLAPPING_CLAUSES] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; fst BIGNUM_COPY_EXEC] THEN diff --git a/arm/proofs/bignum_ctd.ml b/arm/proofs/bignum_ctd.ml index 7f5fd414..f8bad521 100644 --- a/arm/proofs/bignum_ctd.ml +++ b/arm/proofs/bignum_ctd.ml @@ -41,7 +41,7 @@ let BIGNUM_CTD_CORRECT = prove (\s'. read PC s' = word (pc + 0x20) /\ C_RETURN s' = if x = 0 then k else word(index 2 x DIV 64)) (MAYCHANGE [PC; X0; X2; X3] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/proofs/bignum_ctz.ml b/arm/proofs/bignum_ctz.ml index 763139a3..d708ca1b 100644 --- a/arm/proofs/bignum_ctz.ml +++ b/arm/proofs/bignum_ctz.ml @@ -50,7 +50,7 @@ let BIGNUM_CTZ_CORRECT = prove C_RETURN s' = if x = 0 then word(64 * val k) else word(index 2 x)) (MAYCHANGE [PC; X0; X2; X3; X4] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/proofs/bignum_deamont_p256.ml b/arm/proofs/bignum_deamont_p256.ml index fc4268b8..da7af46a 100644 --- a/arm/proofs/bignum_deamont_p256.ml +++ b/arm/proofs/bignum_deamont_p256.ml @@ -88,7 +88,7 @@ let BIGNUM_DEAMONT_P256_CORRECT = time prove (inverse_mod p_256 (2 EXP 256) * a) MOD p_256) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_deamont_p256k1.ml b/arm/proofs/bignum_deamont_p256k1.ml index fe9cb28d..cb6f3dad 100644 --- a/arm/proofs/bignum_deamont_p256k1.ml +++ b/arm/proofs/bignum_deamont_p256k1.ml @@ -100,7 +100,7 @@ let BIGNUM_DEAMONT_P256K1_CORRECT = time prove (inverse_mod p_256k1 (2 EXP 256) * a) MOD p_256k1) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_deamont_p384.ml b/arm/proofs/bignum_deamont_p384.ml index b6209e58..53882755 100644 --- a/arm/proofs/bignum_deamont_p384.ml +++ b/arm/proofs/bignum_deamont_p384.ml @@ -371,7 +371,7 @@ let BIGNUM_DEAMONT_P384_CORRECT = time prove (inverse_mod p_384 (2 EXP 384) * a) MOD p_384) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_deamont_p521.ml b/arm/proofs/bignum_deamont_p521.ml index 40c53627..5002ce7d 100644 --- a/arm/proofs/bignum_deamont_p521.ml +++ b/arm/proofs/bignum_deamont_p521.ml @@ -101,7 +101,7 @@ let BIGNUM_DEAMONT_P521_CORRECT = time prove (inverse_mod p_521 (2 EXP 576) * n) MOD p_521) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12] ,, MAYCHANGE [memory :> bytes(z,8 * 9)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_deamont_sm2.ml b/arm/proofs/bignum_deamont_sm2.ml index dc462ab9..5e5c1796 100644 --- a/arm/proofs/bignum_deamont_sm2.ml +++ b/arm/proofs/bignum_deamont_sm2.ml @@ -85,7 +85,7 @@ let BIGNUM_DEAMONT_SM2_CORRECT = time prove (inverse_mod p_sm2 (2 EXP 256) * a) MOD p_sm2) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_demont.ml b/arm/proofs/bignum_demont.ml index 12dd5ff3..c4c7c4d7 100644 --- a/arm/proofs/bignum_demont.ml +++ b/arm/proofs/bignum_demont.ml @@ -129,7 +129,7 @@ let BIGNUM_DEMONT_CORRECT = time prove (inverse_mod n (2 EXP (64 * val k)) * a) MOD n)) (MAYCHANGE [PC; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(z,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:int64`] THEN MAP_EVERY X_GEN_TAC [`a:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_demont_p256.ml b/arm/proofs/bignum_demont_p256.ml index b32448e1..055ff5eb 100644 --- a/arm/proofs/bignum_demont_p256.ml +++ b/arm/proofs/bignum_demont_p256.ml @@ -76,7 +76,7 @@ let BIGNUM_DEMONT_P256_CORRECT = time prove (inverse_mod p_256 (2 EXP 256) * a) MOD p_256)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_demont_p256k1.ml b/arm/proofs/bignum_demont_p256k1.ml index e37de718..834a86df 100644 --- a/arm/proofs/bignum_demont_p256k1.ml +++ b/arm/proofs/bignum_demont_p256k1.ml @@ -84,7 +84,7 @@ let BIGNUM_DEMONT_P256K1_CORRECT = time prove (inverse_mod p_256k1 (2 EXP 256) * a) MOD p_256k1)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_demont_p384.ml b/arm/proofs/bignum_demont_p384.ml index 7716f493..4305ee61 100644 --- a/arm/proofs/bignum_demont_p384.ml +++ b/arm/proofs/bignum_demont_p384.ml @@ -352,7 +352,7 @@ let BIGNUM_DEMONT_P384_CORRECT = time prove (inverse_mod p_384 (2 EXP 384) * a) MOD p_384)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_demont_p521.ml b/arm/proofs/bignum_demont_p521.ml index 7d540ffa..651cab35 100644 --- a/arm/proofs/bignum_demont_p521.ml +++ b/arm/proofs/bignum_demont_p521.ml @@ -108,7 +108,7 @@ let BIGNUM_DEMONT_P521_CORRECT = time prove ==> bignum_from_memory (z,9) s = (inverse_mod p_521 (2 EXP 576) * n) MOD p_521)) (MAYCHANGE [PC; X2; X3; X4; X5; X6] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_demont_sm2.ml b/arm/proofs/bignum_demont_sm2.ml index 7a06307f..044617df 100644 --- a/arm/proofs/bignum_demont_sm2.ml +++ b/arm/proofs/bignum_demont_sm2.ml @@ -76,7 +76,7 @@ let BIGNUM_DEMONT_SM2_CORRECT = time prove (inverse_mod p_sm2 (2 EXP 256) * a) MOD p_sm2)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_digit.ml b/arm/proofs/bignum_digit.ml index f4439791..fc57fbcb 100644 --- a/arm/proofs/bignum_digit.ml +++ b/arm/proofs/bignum_digit.ml @@ -44,7 +44,7 @@ let BIGNUM_DIGIT_CORRECT = prove (\s. read PC s = word(pc + 0x28) /\ C_RETURN s = word(bigdigit a (val n))) (MAYCHANGE [PC; X0; X3; X4; X5] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN X_GEN_TAC `x:int64` THEN W64_GEN_TAC `n:num` THEN MAP_EVERY X_GEN_TAC [`a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/proofs/bignum_digitsize.ml b/arm/proofs/bignum_digitsize.ml index 1a6e4e18..b6286cd6 100644 --- a/arm/proofs/bignum_digitsize.ml +++ b/arm/proofs/bignum_digitsize.ml @@ -43,7 +43,7 @@ let BIGNUM_DIGITSIZE_CORRECT = prove (\s'. read PC s' = word (pc + 0x28) /\ C_RETURN s' = word((bitsize x + 63) DIV 64)) (MAYCHANGE [PC; X0; X2; X3; X4] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/proofs/bignum_divmod10.ml b/arm/proofs/bignum_divmod10.ml index b67e6208..c552e1b1 100644 --- a/arm/proofs/bignum_divmod10.ml +++ b/arm/proofs/bignum_divmod10.ml @@ -61,7 +61,7 @@ let BIGNUM_DIVMOD10_CORRECT = time prove bignum_from_memory (z,val k) s = n DIV 10 /\ C_RETURN s = word(n MOD 10)) (MAYCHANGE [PC; X0; X2; X3; X4; X5; X6] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_double_p25519.ml b/arm/proofs/bignum_double_p25519.ml index 41b5b4bc..5b91df47 100644 --- a/arm/proofs/bignum_double_p25519.ml +++ b/arm/proofs/bignum_double_p25519.ml @@ -54,7 +54,7 @@ let BIGNUM_DOUBLE_P25519_CORRECT = time prove (n < p_25519 ==> bignum_from_memory (z,4) s = (2 * n) MOD p_25519)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_double_p256.ml b/arm/proofs/bignum_double_p256.ml index ce5a7cb3..da2f995a 100644 --- a/arm/proofs/bignum_double_p256.ml +++ b/arm/proofs/bignum_double_p256.ml @@ -57,7 +57,7 @@ let BIGNUM_DOUBLE_P256_CORRECT = time prove (n < p_256 ==> bignum_from_memory (z,4) s = (2 * n) MOD p_256)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_double_p256k1.ml b/arm/proofs/bignum_double_p256k1.ml index 16e4867f..27b8fd11 100644 --- a/arm/proofs/bignum_double_p256k1.ml +++ b/arm/proofs/bignum_double_p256k1.ml @@ -59,7 +59,7 @@ let BIGNUM_DOUBLE_P256K1_CORRECT = time prove (n < p_256k1 ==> bignum_from_memory (z,4) s = (2 * n) MOD p_256k1)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_double_p384.ml b/arm/proofs/bignum_double_p384.ml index f6c6b46c..6721aa9e 100644 --- a/arm/proofs/bignum_double_p384.ml +++ b/arm/proofs/bignum_double_p384.ml @@ -67,7 +67,7 @@ let BIGNUM_DOUBLE_P384_CORRECT = time prove ==> bignum_from_memory (z,6) s = (2 * n) MOD p_384)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_double_p521.ml b/arm/proofs/bignum_double_p521.ml index f60c9ba3..896e7a99 100644 --- a/arm/proofs/bignum_double_p521.ml +++ b/arm/proofs/bignum_double_p521.ml @@ -59,7 +59,7 @@ let BIGNUM_DOUBLE_P521_CORRECT = time prove (n < p_521 ==> bignum_from_memory (z,9) s = (2 * n) MOD p_521)) (MAYCHANGE [PC; X2; X3; X4] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_double_sm2.ml b/arm/proofs/bignum_double_sm2.ml index 5941cca6..068fe1a0 100644 --- a/arm/proofs/bignum_double_sm2.ml +++ b/arm/proofs/bignum_double_sm2.ml @@ -57,7 +57,7 @@ let BIGNUM_DOUBLE_SM2_CORRECT = time prove (n < p_sm2 ==> bignum_from_memory (z,4) s = (2 * n) MOD p_sm2)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_emontredc.ml b/arm/proofs/bignum_emontredc.ml index 8ec6011e..d07c3382 100644 --- a/arm/proofs/bignum_emontredc.ml +++ b/arm/proofs/bignum_emontredc.ml @@ -78,7 +78,7 @@ let BIGNUM_EMONTREDC_CORRECT = time prove (word_add z (word(8 * val k)),val k) s))) (MAYCHANGE [PC; X0; X1; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(z,8 * 2 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `m:int64`] THEN W64_GEN_TAC `w:num` THEN @@ -201,7 +201,8 @@ let BIGNUM_EMONTREDC_CORRECT = time prove MATCH_MP_TAC ENSURES_FRAME_SUBSUMED THEN EXISTS_TAC `MAYCHANGE [PC; X0; X1; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes (z',8 * p)] ,, - MAYCHANGE [NF; ZF; CF; VF]` THEN + MAYCHANGE [NF; ZF; CF; VF] ,, + MAYCHANGE [events]` THEN CONJ_TAC THENL [REPEAT(MATCH_MP_TAC SUBSUMED_SEQ THEN REWRITE_TAC[SUBSUMED_REFL]) THEN EXPAND_TAC "z'" THEN SUBSUMED_MAYCHANGE_TAC; diff --git a/arm/proofs/bignum_emontredc_8n_cdiff.ml b/arm/proofs/bignum_emontredc_8n_cdiff.ml index 5f154aea..cc6d9ae7 100644 --- a/arm/proofs/bignum_emontredc_8n_cdiff.ml +++ b/arm/proofs/bignum_emontredc_8n_cdiff.ml @@ -680,7 +680,7 @@ let BIGNUM_EMONTREDC_8N_MAINLOOP_ENSURES_N = prove( [PC; X0; X1; X2; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28] ,, MAYCHANGE [memory :> bytes (z,8 * 2 * k)] ,, - MAYCHANGE [NF; ZF; CF; VF]) + MAYCHANGE [NF; ZF; CF; VF] ,, MAYCHANGE [events]) (\s. 4 + (k4 * (93 + (k4 - 1) * 143) + (k4 - 1)))`, REPEAT STRIP_TAC THEN @@ -882,7 +882,7 @@ let BIGNUM_EMONTREDC_8N_MAINLOOP_ENSURES_N = prove( `MAYCHANGE [PC; X0; X1; X2; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28] ,, MAYCHANGE [memory :> bytes(z',8 * (k + 4))] ,, - MAYCHANGE [NF; ZF; CF; VF]` THEN + MAYCHANGE [NF; ZF; CF; VF] ,, MAYCHANGE [events]` THEN CONJ_TAC THENL [EXPAND_TAC "z'" THEN SUBSUMED_MAYCHANGE_TAC; ALL_TAC] THEN @@ -1092,7 +1092,8 @@ let BIGNUM_EMONTREDC_8N_MAINLOOP_ENSURES_N = prove( [PC; X0; X1; X2; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28] ,, MAYCHANGE [memory :> bytes (z',8 * 4)] ,, - MAYCHANGE [NF; ZF; CF; VF]` THEN + MAYCHANGE [NF; ZF; CF; VF] ,, + MAYCHANGE [events]` THEN CONJ_TAC THENL [REPEAT(MATCH_MP_TAC SUBSUMED_SEQ THEN REWRITE_TAC[SUBSUMED_REFL]) THEN MAP_EVERY EXPAND_TAC ["z'"] THEN SUBSUMED_MAYCHANGE_TAC; @@ -1281,7 +1282,8 @@ let BIGNUM_EMONTREDC_8N_MAINLOOP_ENSURES_N = prove( [PC; X0; X1; X2; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28] ,, MAYCHANGE [memory :> bytes (z',8 * 4)] ,, - MAYCHANGE [NF; ZF; CF; VF]` THEN + MAYCHANGE [NF; ZF; CF; VF] ,, + MAYCHANGE [events]` THEN CONJ_TAC THENL [EXPAND_TAC "z'" THEN SUBSUMED_MAYCHANGE_TAC; ALL_TAC] THEN @@ -1690,7 +1692,7 @@ let BIGNUM_EMONTREDC_8N_CDIFF_PRECALCLOOP = prove( get_m_precalc mn (val k DIV 4 - 1)) (MAYCHANGE [PC; X2; X4; X5; X6; X7; X24; X25; X27; X28; X29; X30] ,, MAYCHANGE [memory :> bytes (m_precalc, 8 * 12 * (val k DIV 4 - 1))] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC(map (snd o snd) bignum_emontredc_8n_cdiff_labels) THEN REWRITE_TAC[ALL;NONOVERLAPPING_CLAUSES;SOME_FLAGS; @@ -8206,7 +8208,7 @@ let equiv_goal = mk_equiv_statement [PC; X0; X1; X2; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28] ,, MAYCHANGE [memory :> bytes (z,8 * 2 * k)] ,, - MAYCHANGE [NF; ZF; CF; VF]`) + MAYCHANGE [NF; ZF; CF; VF] ,, MAYCHANGE [events]`) bignum_emontredc_8n_cdiff_mc (fst (assoc "precomp_loop_end" bignum_emontredc_8n_cdiff_labels)) (fst (assoc "main_end" bignum_emontredc_8n_cdiff_labels)) @@ -8218,7 +8220,7 @@ let equiv_goal = mk_equiv_statement X19; X23; X12; X13; X26; X8; X14; X17; X15; X30; X10; X24; PC; X28] ,, MAYCHANGE [memory :> bytes (sp,128)] ,, MAYCHANGE [memory :> bytes (z,8 * 2 * k)] ,, - MAYCHANGE [VF; CF; ZF; NF]`) + MAYCHANGE [VF; CF; ZF; NF] ,, MAYCHANGE [events]`) `\(s:armstate). 2 + (k DIV 4) * ((79 + 143 * (k DIV 4 - 1)) + 14) + (k DIV 4 - 1) + 2` `\(s:armstate). 5 + (k DIV 4) * ((168 + (44 + 151 * (k DIV 4 - 2)) + 105) + 17) + (k DIV 4 - 1) + 2`;; @@ -8481,7 +8483,7 @@ let BIGNUM_EMONTREDC_8N_MAINLOOP_ENSURES_N_NSTEP_REWRITTEN = [PC; X0; X1; X2; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28] ,, MAYCHANGE [memory :> bytes (z,8 * 2 * k)] ,, - MAYCHANGE [NF; ZF; CF; VF]) + MAYCHANGE [NF; ZF; CF; VF] ,, MAYCHANGE [events]) (\s. 2 + k DIV 4 * ((79 + 143 * (k DIV 4 - 1)) + 14) + k DIV 4 - 1 + 2)`, REPEAT GEN_TAC THEN STRIP_TAC THEN @@ -8561,7 +8563,7 @@ let BIGNUM_EMONTREDC_8N_CDIFF_MAINLOOP_CORRECT = prove( X15; X30; X10; X24; PC; X28] ,, MAYCHANGE [memory :> bytes (sp,128)] ,, MAYCHANGE [memory :> bytes (z,8 * 2 * k)] ,, - MAYCHANGE [VF; CF; ZF; NF])`, + MAYCHANGE [VF; CF; ZF; NF] ,, MAYCHANGE [events])`, REWRITE_TAC(map (snd o snd) bignum_emontredc_8n_cdiff_labels) THEN REPEAT GEN_TAC THEN @@ -8714,7 +8716,7 @@ let BIGNUM_EMONTREDC_8N_CDIFF_CORE_CORRECT = prove( MAYCHANGE [memory :> bytes(z,8 * 2 * k)] ,, MAYCHANGE [memory :> bytes(sp,128)] ,, MAYCHANGE [memory :> bytes(m_precalc,8 * 12 * (k DIV 4 - 1))] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[NONOVERLAPPING_CLAUSES;ALL;SOME_FLAGS; fst BIGNUM_EMONTREDC_8N_CDIFF_EXEC] THEN @@ -8847,7 +8849,7 @@ let BIGNUM_EMONTREDC_8N_CDIFF_CORRECT = time prove MAYCHANGE [memory :> bytes(z,8 * 2 * val k)] ,, MAYCHANGE [memory :> bytes(sp,128)] ,, MAYCHANGE [memory :> bytes(m_precalc,8 * 12 * (val k DIV 4 - 1))] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `m:int64`; `m_precalc:int64`] THEN W64_GEN_TAC `w:num` THEN diff --git a/arm/proofs/bignum_eq.ml b/arm/proofs/bignum_eq.ml index 245250f7..9aaa7d9f 100644 --- a/arm/proofs/bignum_eq.ml +++ b/arm/proofs/bignum_eq.ml @@ -57,7 +57,7 @@ let BIGNUM_EQ_CORRECT = prove (\s'. read PC s' = word (pc + 0x5c) /\ C_RETURN s' = if x = y then word 1 else word 0) (MAYCHANGE [PC; X0; X2; X4; X5] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `m:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`] THEN W64_GEN_TAC `n:num` THEN MAP_EVERY X_GEN_TAC [`b:int64`; `y:num`] THEN X_GEN_TAC `pc:num` THEN diff --git a/arm/proofs/bignum_even.ml b/arm/proofs/bignum_even.ml index 5207b056..6c37b185 100644 --- a/arm/proofs/bignum_even.ml +++ b/arm/proofs/bignum_even.ml @@ -36,7 +36,7 @@ let BIGNUM_EVEN_CORRECT = prove bignum_from_memory(a,val k) s = x) (\s. read PC s = word (pc + 16) /\ C_RETURN s = if EVEN x then word 1 else word 0) - (MAYCHANGE [PC; X0])`, + (MAYCHANGE [PC; X0] ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`a1:int64`; `x:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/proofs/bignum_fromlebytes_p521.ml b/arm/proofs/bignum_fromlebytes_p521.ml index 72f7df1e..a72fdf83 100644 --- a/arm/proofs/bignum_fromlebytes_p521.ml +++ b/arm/proofs/bignum_fromlebytes_p521.ml @@ -176,7 +176,7 @@ let BIGNUM_FROMLEBYTES_P521_CORRECT = time prove read (memory :> bytelist(x,66)) s = l) (\s. read PC s = word (pc + 0x234) /\ bignum_from_memory(z,9) s = num_of_bytelist l) - (MAYCHANGE [PC; X2; X3] ,, + (MAYCHANGE [PC; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `l:byte list`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_ge.ml b/arm/proofs/bignum_ge.ml index dc7d5afa..1352b2ea 100644 --- a/arm/proofs/bignum_ge.ml +++ b/arm/proofs/bignum_ge.ml @@ -68,7 +68,7 @@ let BIGNUM_GE_CORRECT = prove read PC s' = word(pc + 0x84)) /\ C_RETURN s' = if x >= y then word 1 else word 0) (MAYCHANGE [PC; X0; X2; X4; X5; X6] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `m:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`] THEN W64_GEN_TAC `n:num` THEN MAP_EVERY X_GEN_TAC [`b:int64`; `y:num`] THEN X_GEN_TAC `pc:num` THEN REWRITE_TAC[GE] THEN diff --git a/arm/proofs/bignum_gt.ml b/arm/proofs/bignum_gt.ml index bd1d3bc3..b46382d7 100644 --- a/arm/proofs/bignum_gt.ml +++ b/arm/proofs/bignum_gt.ml @@ -68,7 +68,7 @@ let BIGNUM_GT_CORRECT = prove read PC s' = word(pc + 0x84)) /\ C_RETURN s' = if x > y then word 1 else word 0) (MAYCHANGE [PC; X0; X2; X4; X5; X6] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `m:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`] THEN W64_GEN_TAC `n:num` THEN MAP_EVERY X_GEN_TAC [`b:int64`; `y:num`] THEN X_GEN_TAC `pc:num` THEN REWRITE_TAC[GT] THEN diff --git a/arm/proofs/bignum_half_p256.ml b/arm/proofs/bignum_half_p256.ml index 20ddd2f3..a2dfc3c5 100644 --- a/arm/proofs/bignum_half_p256.ml +++ b/arm/proofs/bignum_half_p256.ml @@ -55,7 +55,7 @@ let BIGNUM_HALF_P256_CORRECT = time prove ==> bignum_from_memory (z,4) s = (inverse_mod p_256 2 * n) MOD p_256)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_half_p256k1.ml b/arm/proofs/bignum_half_p256k1.ml index c63e531c..caa11ade 100644 --- a/arm/proofs/bignum_half_p256k1.ml +++ b/arm/proofs/bignum_half_p256k1.ml @@ -56,7 +56,7 @@ let BIGNUM_HALF_P256K1_CORRECT = time prove ==> bignum_from_memory (z,4) s = (inverse_mod p_256k1 2 * n) MOD p_256k1)) (MAYCHANGE [PC; X2; X3; X4; X5; X6] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_half_p384.ml b/arm/proofs/bignum_half_p384.ml index c836ce2b..6b0b7194 100644 --- a/arm/proofs/bignum_half_p384.ml +++ b/arm/proofs/bignum_half_p384.ml @@ -62,7 +62,7 @@ let BIGNUM_HALF_P384_CORRECT = time prove ==> bignum_from_memory (z,6) s = (inverse_mod p_384 2 * n) MOD p_384)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_half_p521.ml b/arm/proofs/bignum_half_p521.ml index 3181cdc7..96e562a0 100644 --- a/arm/proofs/bignum_half_p521.ml +++ b/arm/proofs/bignum_half_p521.ml @@ -107,7 +107,7 @@ let BIGNUM_HALF_P521_CORRECT = time prove ==> bignum_from_memory (z,9) s = (inverse_mod p_521 2 * n) MOD p_521)) (MAYCHANGE [PC; X2; X3; X4; X5; X6] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_half_sm2.ml b/arm/proofs/bignum_half_sm2.ml index 4d72c4bc..d29c372b 100644 --- a/arm/proofs/bignum_half_sm2.ml +++ b/arm/proofs/bignum_half_sm2.ml @@ -55,7 +55,7 @@ let BIGNUM_HALF_SM2_CORRECT = time prove ==> bignum_from_memory (z,4) s = (inverse_mod p_sm2 2 * n) MOD p_sm2)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_inv_p25519.ml b/arm/proofs/bignum_inv_p25519.ml index ca85fc5c..3ed8222a 100644 --- a/arm/proofs/bignum_inv_p25519.ml +++ b/arm/proofs/bignum_inv_p25519.ml @@ -1450,7 +1450,7 @@ let LOCAL_WORD_DIVSTEP59_CORRECT = prove read X13 s = iword(M$2$2))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY (fun t -> GEN_REWRITE_TAC I [FORALL_IVAL_GEN] THEN X_GEN_TAC t THEN STRIP_TAC) @@ -1771,7 +1771,7 @@ let CORE_INV_P25519_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,128)])`, MAP_EVERY X_GEN_TAC @@ -3293,7 +3293,7 @@ let BIGNUM_INV_P25519_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,128)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_inv_p256.ml b/arm/proofs/bignum_inv_p256.ml index e94a6c37..0f119231 100644 --- a/arm/proofs/bignum_inv_p256.ml +++ b/arm/proofs/bignum_inv_p256.ml @@ -1490,7 +1490,7 @@ let LOCAL_WORD_DIVSTEP59_CORRECT = prove read X13 s = iword(M$2$2))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY (fun t -> GEN_REWRITE_TAC I [FORALL_IVAL_GEN] THEN X_GEN_TAC t THEN STRIP_TAC) @@ -1816,7 +1816,7 @@ let CORE_INV_P256_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,160)])`, MAP_EVERY X_GEN_TAC @@ -3098,7 +3098,7 @@ let BIGNUM_INV_P256_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,160)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_inv_p384.ml b/arm/proofs/bignum_inv_p384.ml index f7d0b42f..28b0ac1e 100644 --- a/arm/proofs/bignum_inv_p384.ml +++ b/arm/proofs/bignum_inv_p384.ml @@ -1685,7 +1685,7 @@ let LOCAL_WORD_DIVSTEP59_CORRECT = prove read X13 s = iword(M$2$2))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY (fun t -> GEN_REWRITE_TAC I [FORALL_IVAL_GEN] THEN X_GEN_TAC t THEN STRIP_TAC) @@ -2039,7 +2039,7 @@ let CORE_INV_P384_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 6); memory :> bytes(stackpointer,256)])`, MAP_EVERY X_GEN_TAC @@ -3411,7 +3411,7 @@ let BIGNUM_INV_P384_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 6); memory :> bytes(stackpointer,256)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_inv_p521.ml b/arm/proofs/bignum_inv_p521.ml index f268e23d..7c603665 100644 --- a/arm/proofs/bignum_inv_p521.ml +++ b/arm/proofs/bignum_inv_p521.ml @@ -1805,7 +1805,7 @@ let LOCAL_WORD_DIVSTEP59_CORRECT = prove read X13 s = iword(M$2$2))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY (fun t -> GEN_REWRITE_TAC I [FORALL_IVAL_GEN] THEN X_GEN_TAC t THEN STRIP_TAC) @@ -2126,7 +2126,7 @@ let CORE_INV_P521_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 9); memory :> bytes(stackpointer,288)])`, MAP_EVERY X_GEN_TAC @@ -3508,7 +3508,7 @@ let BIGNUM_INV_P521_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 9); memory :> bytes(stackpointer,288)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_inv_sm2.ml b/arm/proofs/bignum_inv_sm2.ml index 18e977f1..93749034 100644 --- a/arm/proofs/bignum_inv_sm2.ml +++ b/arm/proofs/bignum_inv_sm2.ml @@ -1484,7 +1484,7 @@ let LOCAL_WORD_DIVSTEP59_CORRECT = prove read X13 s = iword(M$2$2))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY (fun t -> GEN_REWRITE_TAC I [FORALL_IVAL_GEN] THEN X_GEN_TAC t THEN STRIP_TAC) @@ -1811,7 +1811,7 @@ let CORE_INV_SM2_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,160)])`, MAP_EVERY X_GEN_TAC @@ -3114,7 +3114,7 @@ let BIGNUM_INV_SM2_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,160)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_invsqrt_p25519.ml b/arm/proofs/bignum_invsqrt_p25519.ml index f2b320dc..6db79aa7 100644 --- a/arm/proofs/bignum_invsqrt_p25519.ml +++ b/arm/proofs/bignum_invsqrt_p25519.ml @@ -662,7 +662,7 @@ let LOCAL_MUL_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -1118,7 +1118,7 @@ let LOCAL_NSQR_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -1693,7 +1693,7 @@ let BIGNUM_INVSQRT_P25519_CORRECT = time prove (mod p_25519))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,128)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_invsqrt_p25519_alt.ml b/arm/proofs/bignum_invsqrt_p25519_alt.ml index db34854e..71eb0c94 100644 --- a/arm/proofs/bignum_invsqrt_p25519_alt.ml +++ b/arm/proofs/bignum_invsqrt_p25519_alt.ml @@ -421,7 +421,7 @@ let LOCAL_MUL_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -584,7 +584,7 @@ let LOCAL_NSQR_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -963,7 +963,7 @@ let BIGNUM_INVSQRT_P25519_ALT_CORRECT = time prove (mod p_25519))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,128)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_iszero.ml b/arm/proofs/bignum_iszero.ml index 0710bbca..0a9aaeb2 100644 --- a/arm/proofs/bignum_iszero.ml +++ b/arm/proofs/bignum_iszero.ml @@ -42,7 +42,7 @@ let BIGNUM_ISZERO_CORRECT = prove (\s'. read PC s' = word (pc + 0x20) /\ C_RETURN s' = if x = 0 then word 1 else word 0) (MAYCHANGE [PC; X0; X2; X3] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; fst BIGNUM_ISZERO_EXEC] THEN diff --git a/arm/proofs/bignum_kmul_16_32.ml b/arm/proofs/bignum_kmul_16_32.ml index fa207494..03e6bf33 100644 --- a/arm/proofs/bignum_kmul_16_32.ml +++ b/arm/proofs/bignum_kmul_16_32.ml @@ -837,7 +837,7 @@ let BIGNUM_KMUL_16_32_LEMMA = prove X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5],, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[ADD_CLAUSES] THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`; `returnaddress:int64`] THEN @@ -1154,7 +1154,7 @@ let BIGNUM_KMUL_16_32_CORRECT = prove MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5],, MAYCHANGE [memory :> bytes(z,8 * 32); memory :> bytes(t,8 * 32)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `t:int64`;`pc:num`] THEN REWRITE_TAC[ALLPAIRS; ALL; PAIRWISE] THEN diff --git a/arm/proofs/bignum_kmul_32_64.ml b/arm/proofs/bignum_kmul_32_64.ml index 68c1d69e..89dc0880 100644 --- a/arm/proofs/bignum_kmul_32_64.ml +++ b/arm/proofs/bignum_kmul_32_64.ml @@ -1308,7 +1308,7 @@ let LOCAL_MUL_8_16_CORRECT = prove X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5],, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[ADD_CLAUSES] THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`; `returnaddress:int64`] THEN @@ -1621,7 +1621,7 @@ let LOCAL_KMUL_16_32_CORRECT = prove MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5],, MAYCHANGE [memory :> bytes(z,8 * 32); memory :> bytes(t,8 * 32)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `t:int64`;`pc:num`] THEN REWRITE_TAC[ALLPAIRS; ALL; PAIRWISE] THEN @@ -1907,7 +1907,7 @@ let LOCAL_KMUL_16_32_SUBR_CORRECT = prove MAYCHANGE [memory :> bytes(z,8 * 32); memory :> bytes(t,8 * 32); memory :> bytes(word_sub stackpointer (word 48),48)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[ADD_CLAUSES] THEN ARM_ADD_RETURN_STACK_TAC BIGNUM_KMUL_32_64_EXEC LOCAL_KMUL_16_32_CORRECT @@ -1977,7 +1977,7 @@ let BIGNUM_KMUL_32_64_SUBROUTINE_CORRECT = prove( MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5],, MAYCHANGE [memory :> bytes(z,8 * 64); memory :> bytes(t,8 * 96); memory :> bytes(stackpointer,48)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` MP_TAC THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THENL diff --git a/arm/proofs/bignum_ksqr_16_32.ml b/arm/proofs/bignum_ksqr_16_32.ml index 3b64a01f..27156152 100644 --- a/arm/proofs/bignum_ksqr_16_32.ml +++ b/arm/proofs/bignum_ksqr_16_32.ml @@ -629,7 +629,7 @@ let BIGNUM_KSQR_16_32_LEMMA = prove MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5; Q6; Q7; Q16; Q17; Q18; Q19; Q20; Q21; Q22; Q23; Q30] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[ADD_CLAUSES] THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`; `returnaddress:int64`] THEN diff --git a/arm/proofs/bignum_ksqr_32_64.ml b/arm/proofs/bignum_ksqr_32_64.ml index cf3e0320..ca618360 100644 --- a/arm/proofs/bignum_ksqr_32_64.ml +++ b/arm/proofs/bignum_ksqr_32_64.ml @@ -988,7 +988,7 @@ let BIGNUM_KSQR_32_64_SUBLEMMA = prove MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5; Q6; Q7; Q16; Q17; Q18; Q19; Q20; Q21; Q22; Q23; Q30] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[ADD_CLAUSES] THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`; `returnaddress:int64`] THEN @@ -1155,7 +1155,7 @@ let BIGNUM_KSQR_32_64_LEMMA = prove Q21; Q22; Q23; Q30] ,, MAYCHANGE [memory :> bytes(z,8 * 32); memory :> bytes(t,8 * 24)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `t:int64`;`pc:num`] THEN REWRITE_TAC[ALLPAIRS; ALL; PAIRWISE] THEN @@ -1353,7 +1353,7 @@ let BIGNUM_KSQR_32_64_SUBROUTINE_LEMMA = prove MAYCHANGE [memory :> bytes(z,8 * 32); memory :> bytes(t,8 * 24); memory :> bytes(word_sub stackpointer (word 64),64)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[ADD_CLAUSES] THEN ARM_ADD_RETURN_STACK_TAC BIGNUM_KSQR_32_64_EXEC BIGNUM_KSQR_32_64_LEMMA @@ -1417,7 +1417,7 @@ let BIGNUM_KSQR_32_64_SUBROUTINE_CORRECT = prove Q21; Q22; Q23; Q30] ,, MAYCHANGE [memory :> bytes(z,8 * 64); memory :> bytes(t,8 * 72); memory :> bytes(stackpointer,64)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` MP_TAC THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THENL diff --git a/arm/proofs/bignum_le.ml b/arm/proofs/bignum_le.ml index 8a4650c2..99e25994 100644 --- a/arm/proofs/bignum_le.ml +++ b/arm/proofs/bignum_le.ml @@ -68,7 +68,7 @@ let BIGNUM_LE_CORRECT = prove read PC s' = word(pc + 0x84)) /\ C_RETURN s' = if x <= y then word 1 else word 0) (MAYCHANGE [PC; X0; X2; X4; X5; X6] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `m:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`] THEN W64_GEN_TAC `n:num` THEN MAP_EVERY X_GEN_TAC [`b:int64`; `y:num`] THEN X_GEN_TAC `pc:num` THEN diff --git a/arm/proofs/bignum_littleendian_4.ml b/arm/proofs/bignum_littleendian_4.ml index e3026450..f29780d8 100644 --- a/arm/proofs/bignum_littleendian_4.ml +++ b/arm/proofs/bignum_littleendian_4.ml @@ -105,7 +105,7 @@ let BIGNUM_FROMLEBYTES_4_CORRECT = time prove read (memory :> bytelist(x,32)) s = l) (\s. read PC s = word (pc + 0x110) /\ bignum_from_memory(z,4) s = num_of_bytelist l) - (MAYCHANGE [PC; X2; X3] ,, + (MAYCHANGE [PC; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `l:byte list`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -150,7 +150,7 @@ let BIGNUM_TOLEBYTES_4_CORRECT = time prove bignum_from_memory(x,4) s = n) (\s. read PC s = word (pc + 0x110) /\ read (memory :> bytelist(z,32)) s = bytelist_of_num 32 n) - (MAYCHANGE [PC; X2; X3] ,, + (MAYCHANGE [PC; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, REPEAT GEN_TAC THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN @@ -195,7 +195,7 @@ let BIGNUM_LITTLEENDIAN_4_CORRECT = time prove bignum_from_memory(x,4) s = n) (\s. read PC s = word (pc + 0x110) /\ bignum_from_memory(z,4) s = n) - (MAYCHANGE [PC; X2; X3] ,, + (MAYCHANGE [PC; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, REPEAT GEN_TAC THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN BIGNUM_TERMRANGE_TAC `4` `n:num` THEN diff --git a/arm/proofs/bignum_littleendian_6.ml b/arm/proofs/bignum_littleendian_6.ml index 6b969bd7..0422e87d 100644 --- a/arm/proofs/bignum_littleendian_6.ml +++ b/arm/proofs/bignum_littleendian_6.ml @@ -139,7 +139,7 @@ let BIGNUM_FROMLEBYTES_6_CORRECT = time prove read (memory :> bytelist(x,48)) s = l) (\s. read PC s = word (pc + 0x198) /\ bignum_from_memory(z,6) s = num_of_bytelist l) - (MAYCHANGE [PC; X2; X3] ,, + (MAYCHANGE [PC; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `l:byte list`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -184,7 +184,7 @@ let BIGNUM_TOLEBYTES_6_CORRECT = time prove bignum_from_memory(x,6) s = n) (\s. read PC s = word (pc + 0x198) /\ read (memory :> bytelist(z,48)) s = bytelist_of_num 48 n) - (MAYCHANGE [PC; X2; X3] ,, + (MAYCHANGE [PC; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, REPEAT GEN_TAC THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN @@ -229,7 +229,7 @@ let BIGNUM_LITTLEENDIAN_6_CORRECT = time prove bignum_from_memory(x,6) s = n) (\s. read PC s = word (pc + 0x198) /\ bignum_from_memory(z,6) s = n) - (MAYCHANGE [PC; X2; X3] ,, + (MAYCHANGE [PC; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, REPEAT GEN_TAC THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN BIGNUM_TERMRANGE_TAC `6` `n:num` THEN diff --git a/arm/proofs/bignum_lt.ml b/arm/proofs/bignum_lt.ml index b0d8545a..a673218c 100644 --- a/arm/proofs/bignum_lt.ml +++ b/arm/proofs/bignum_lt.ml @@ -68,7 +68,7 @@ let BIGNUM_LT_CORRECT = prove read PC s' = word(pc + 0x84)) /\ C_RETURN s' = if x < y then word 1 else word 0) (MAYCHANGE [PC; X0; X2; X4; X5; X6] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `m:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`] THEN W64_GEN_TAC `n:num` THEN MAP_EVERY X_GEN_TAC [`b:int64`; `y:num`] THEN X_GEN_TAC `pc:num` THEN diff --git a/arm/proofs/bignum_madd.ml b/arm/proofs/bignum_madd.ml index e8d80c63..70fb02b3 100644 --- a/arm/proofs/bignum_madd.ml +++ b/arm/proofs/bignum_madd.ml @@ -77,7 +77,7 @@ let BIGNUM_MADD_CORRECT = prove ==> 2 EXP (64 * val p) * val(C_RETURN s) + bignum_from_memory(z,val p) s = a * b + c)) (MAYCHANGE [PC; X0; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val p)])`, MAP_EVERY W64_GEN_TAC [`p:num`; `m:num`; `n:num`] THEN MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_madd_n25519.ml b/arm/proofs/bignum_madd_n25519.ml index 6d50eb6f..7c9a954e 100644 --- a/arm/proofs/bignum_madd_n25519.ml +++ b/arm/proofs/bignum_madd_n25519.ml @@ -377,7 +377,7 @@ let BIGNUM_MADD_N25519_CORRECT = time prove bignum_from_memory (z,4) s = (m * n + r) MOD n_25519) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:num`; `y:int64`; `n:num`; diff --git a/arm/proofs/bignum_madd_n25519_alt.ml b/arm/proofs/bignum_madd_n25519_alt.ml index cb700f66..f992f005 100644 --- a/arm/proofs/bignum_madd_n25519_alt.ml +++ b/arm/proofs/bignum_madd_n25519_alt.ml @@ -234,7 +234,7 @@ let BIGNUM_MADD_N25519_ALT_CORRECT = time prove bignum_from_memory (z,4) s = (m * n + r) MOD n_25519) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:num`; `y:int64`; `n:num`; diff --git a/arm/proofs/bignum_mod_m25519_4.ml b/arm/proofs/bignum_mod_m25519_4.ml index f5f3bd62..f3722712 100644 --- a/arm/proofs/bignum_mod_m25519_4.ml +++ b/arm/proofs/bignum_mod_m25519_4.ml @@ -57,7 +57,7 @@ let BIGNUM_MOD_M25519_4_CORRECT = time prove (\s. read PC s = word (pc + 0x54) /\ bignum_from_memory (z,4) s = n MOD m_25519) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_n25519.ml b/arm/proofs/bignum_mod_n25519.ml index ad7f0cfa..5a353bde 100644 --- a/arm/proofs/bignum_mod_n25519.ml +++ b/arm/proofs/bignum_mod_n25519.ml @@ -113,7 +113,7 @@ let BIGNUM_MOD_N25519_CORRECT = time prove bignum_from_memory (z,4) s = n MOD n_25519) (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_mod_n25519_4.ml b/arm/proofs/bignum_mod_n25519_4.ml index 4f9bd694..fec6bcaf 100644 --- a/arm/proofs/bignum_mod_n25519_4.ml +++ b/arm/proofs/bignum_mod_n25519_4.ml @@ -67,7 +67,7 @@ let BIGNUM_MOD_N25519_4_CORRECT = time prove (\s. read PC s = word (pc + 0x7c) /\ bignum_from_memory (z,4) s = n MOD n_25519) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_n256.ml b/arm/proofs/bignum_mod_n256.ml index df8dcc8e..5f76f21b 100644 --- a/arm/proofs/bignum_mod_n256.ml +++ b/arm/proofs/bignum_mod_n256.ml @@ -118,7 +118,7 @@ let BIGNUM_MOD_N256_CORRECT = time prove bignum_from_memory (z,4) s = n MOD n_256) (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_mod_n256_4.ml b/arm/proofs/bignum_mod_n256_4.ml index 5db9bac3..a8891672 100644 --- a/arm/proofs/bignum_mod_n256_4.ml +++ b/arm/proofs/bignum_mod_n256_4.ml @@ -57,7 +57,7 @@ let BIGNUM_MOD_N256_4_CORRECT = time prove (\s. read PC s = word (pc + 0x54) /\ bignum_from_memory (z,4) s = n MOD n_256) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_n256k1_4.ml b/arm/proofs/bignum_mod_n256k1_4.ml index 60fe2bde..c616483a 100644 --- a/arm/proofs/bignum_mod_n256k1_4.ml +++ b/arm/proofs/bignum_mod_n256k1_4.ml @@ -57,7 +57,7 @@ let BIGNUM_MOD_N256K1_4_CORRECT = time prove (\s. read PC s = word (pc + 0x54) /\ bignum_from_memory (z,4) s = n MOD n_256k1) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_n384.ml b/arm/proofs/bignum_mod_n384.ml index 844f146d..2380d5ac 100644 --- a/arm/proofs/bignum_mod_n384.ml +++ b/arm/proofs/bignum_mod_n384.ml @@ -136,7 +136,7 @@ let BIGNUM_MOD_N384_CORRECT = time prove bignum_from_memory (z,6) s = n MOD n_384) (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_mod_n384_6.ml b/arm/proofs/bignum_mod_n384_6.ml index b45759b5..3d30ff8b 100644 --- a/arm/proofs/bignum_mod_n384_6.ml +++ b/arm/proofs/bignum_mod_n384_6.ml @@ -67,7 +67,7 @@ let BIGNUM_MOD_N384_6_CORRECT = time prove (\s. read PC s = word (pc + 0x78) /\ bignum_from_memory (z,6) s = n MOD n_384) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_n521_9.ml b/arm/proofs/bignum_mod_n521_9.ml index 58abbb89..cbc9d292 100644 --- a/arm/proofs/bignum_mod_n521_9.ml +++ b/arm/proofs/bignum_mod_n521_9.ml @@ -107,7 +107,7 @@ let BIGNUM_MOD_N521_9_CORRECT = time prove bignum_from_memory (z,9) s = n MOD n_521) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_nsm2.ml b/arm/proofs/bignum_mod_nsm2.ml index 2e818356..e06707c2 100644 --- a/arm/proofs/bignum_mod_nsm2.ml +++ b/arm/proofs/bignum_mod_nsm2.ml @@ -119,7 +119,7 @@ let BIGNUM_MOD_NSM2_CORRECT = time prove bignum_from_memory (z,4) s = n MOD n_sm2) (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_mod_nsm2_4.ml b/arm/proofs/bignum_mod_nsm2_4.ml index 03d88239..86fb2a98 100644 --- a/arm/proofs/bignum_mod_nsm2_4.ml +++ b/arm/proofs/bignum_mod_nsm2_4.ml @@ -57,7 +57,7 @@ let BIGNUM_MOD_NSM2_4_CORRECT = time prove (\s. read PC s = word (pc + 0x54) /\ bignum_from_memory (z,4) s = n MOD n_sm2) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_p25519_4.ml b/arm/proofs/bignum_mod_p25519_4.ml index e855091c..c883c82c 100644 --- a/arm/proofs/bignum_mod_p25519_4.ml +++ b/arm/proofs/bignum_mod_p25519_4.ml @@ -54,7 +54,7 @@ let BIGNUM_MOD_P25519_4_CORRECT = time prove (\s. read PC s = word (pc + 0x48) /\ bignum_from_memory (z,4) s = n MOD p_25519) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_p256.ml b/arm/proofs/bignum_mod_p256.ml index 1bd674cb..c2691acf 100644 --- a/arm/proofs/bignum_mod_p256.ml +++ b/arm/proofs/bignum_mod_p256.ml @@ -108,7 +108,7 @@ let BIGNUM_MOD_P256_CORRECT = time prove bignum_from_memory (z,4) s = n MOD p_256) (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_mod_p256_4.ml b/arm/proofs/bignum_mod_p256_4.ml index eedb40d0..11e3cc96 100644 --- a/arm/proofs/bignum_mod_p256_4.ml +++ b/arm/proofs/bignum_mod_p256_4.ml @@ -51,7 +51,7 @@ let BIGNUM_MOD_P256_4_CORRECT = time prove (\s. read PC s = word (pc + 0x3c) /\ bignum_from_memory (z,4) s = n MOD p_256) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_p256k1_4.ml b/arm/proofs/bignum_mod_p256k1_4.ml index 63168f58..5200b922 100644 --- a/arm/proofs/bignum_mod_p256k1_4.ml +++ b/arm/proofs/bignum_mod_p256k1_4.ml @@ -103,7 +103,7 @@ let BIGNUM_MOD_P256K1_4_CORRECT = time prove (\s. read PC s = word (pc + 0x38) /\ bignum_from_memory (z,4) s = n MOD p_256k1) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_p384.ml b/arm/proofs/bignum_mod_p384.ml index 720a5a73..68e46897 100644 --- a/arm/proofs/bignum_mod_p384.ml +++ b/arm/proofs/bignum_mod_p384.ml @@ -126,7 +126,7 @@ let BIGNUM_MOD_P384_CORRECT = time prove bignum_from_memory (z,6) s = n MOD p_384) (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_mod_p384_6.ml b/arm/proofs/bignum_mod_p384_6.ml index 20932afb..019ebe2d 100644 --- a/arm/proofs/bignum_mod_p384_6.ml +++ b/arm/proofs/bignum_mod_p384_6.ml @@ -58,7 +58,7 @@ let BIGNUM_MOD_P384_6_CORRECT = time prove (\s. read PC s = word (pc + 0x54) /\ bignum_from_memory (z,6) s = n MOD p_384) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_p521_9.ml b/arm/proofs/bignum_mod_p521_9.ml index f6eabec7..053c6580 100644 --- a/arm/proofs/bignum_mod_p521_9.ml +++ b/arm/proofs/bignum_mod_p521_9.ml @@ -69,7 +69,7 @@ let BIGNUM_MOD_P521_9_CORRECT = time prove (\s. read PC s = word (pc + 0x80) /\ bignum_from_memory (z,9) s = n MOD p_521) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mod_sm2.ml b/arm/proofs/bignum_mod_sm2.ml index 0fabd992..e2d0e8b7 100644 --- a/arm/proofs/bignum_mod_sm2.ml +++ b/arm/proofs/bignum_mod_sm2.ml @@ -107,7 +107,7 @@ let BIGNUM_MOD_SM2_CORRECT = time prove bignum_from_memory (z,4) s = n MOD p_sm2) (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_mod_sm2_4.ml b/arm/proofs/bignum_mod_sm2_4.ml index 1e242d2e..92692108 100644 --- a/arm/proofs/bignum_mod_sm2_4.ml +++ b/arm/proofs/bignum_mod_sm2_4.ml @@ -50,7 +50,7 @@ let BIGNUM_MOD_SM2_4_CORRECT = time prove (\s. read PC s = word (pc + 0x38) /\ bignum_from_memory (z,4) s = n MOD p_sm2) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_modadd.ml b/arm/proofs/bignum_modadd.ml index 37970977..d4c2a88b 100644 --- a/arm/proofs/bignum_modadd.ml +++ b/arm/proofs/bignum_modadd.ml @@ -72,7 +72,7 @@ let BIGNUM_MODADD_CORRECT = prove (\s. read PC s = word(pc + 0x7c) /\ bignum_from_memory (z,val k) s = (a + b) MOD n) (MAYCHANGE [PC; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:int64`] THEN diff --git a/arm/proofs/bignum_moddouble.ml b/arm/proofs/bignum_moddouble.ml index 3b03f030..89c67faa 100644 --- a/arm/proofs/bignum_moddouble.ml +++ b/arm/proofs/bignum_moddouble.ml @@ -63,7 +63,7 @@ let BIGNUM_MODDOUBLE_CORRECT = prove (\s. read PC s = word(pc + 0x64) /\ (a < n ==> bignum_from_memory (z,val k) s = (2 * a) MOD n)) (MAYCHANGE [PC; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:int64`] THEN diff --git a/arm/proofs/bignum_modexp.ml b/arm/proofs/bignum_modexp.ml index c2ab110a..c2ffba97 100644 --- a/arm/proofs/bignum_modexp.ml +++ b/arm/proofs/bignum_modexp.ml @@ -525,7 +525,7 @@ let BIGNUM_MODEXP_CORRECT = prove (ODD n ==> bignum_from_memory(z,val k) s = (x EXP y) MOD n)) (MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI ,, MAYCHANGE [X19; X20; X21; X22; X23; X24; X25; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k); memory :> bytes(t,24 * val k)])`, W64_GEN_TAC `k:num` THEN diff --git a/arm/proofs/bignum_modifier.ml b/arm/proofs/bignum_modifier.ml index d4ededf1..ec53e54a 100644 --- a/arm/proofs/bignum_modifier.ml +++ b/arm/proofs/bignum_modifier.ml @@ -345,7 +345,7 @@ let BIGNUM_MODIFIER_CORRECT = time prove (MAYCHANGE [PC; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(z,8 * val k); memory :> bytes(t,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `mm:int64`; `t:int64`; `m:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_modinv.ml b/arm/proofs/bignum_modinv.ml index 7ec88245..d32ba205 100644 --- a/arm/proofs/bignum_modinv.ml +++ b/arm/proofs/bignum_modinv.ml @@ -398,7 +398,7 @@ let CORE_MODINV_CORRECT = prove (a * bignum_from_memory(z,val k) s == 1) (mod b))) (MAYCHANGE [PC; X2; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k); memory :> bignum(w,3 * val k)])`, let CORE_MODINV_EXEC = @@ -433,7 +433,7 @@ let CORE_MODINV_CORRECT = prove MATCH_MP_TAC ENSURES_FRAME_SUBSUMED THEN EXISTS_TAC `MAYCHANGE [PC; X2; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, - MAYCHANGE [NF; ZF; CF; VF] ,, + MAYCHANGE [NF; ZF; CF; VF] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(mm,k); memory :> bignum(nn,k); memory :> bignum(ww,k); memory :> bignum(zz,k)]` THEN CONJ_TAC THENL @@ -4850,7 +4850,7 @@ let BIGNUM_MODINV_CORRECT = prove (a * bignum_from_memory(z,val k) s == 1) (mod b))) (MAYCHANGE [PC; X2; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k); memory :> bignum(w,3 * val k)])`, let CORE_MODINV_TAC = diff --git a/arm/proofs/bignum_modoptneg.ml b/arm/proofs/bignum_modoptneg.ml index 3ab0070f..c253d0d9 100644 --- a/arm/proofs/bignum_modoptneg.ml +++ b/arm/proofs/bignum_modoptneg.ml @@ -63,7 +63,7 @@ let BIGNUM_MODOPTNEG_CORRECT = prove ==> bignum_from_memory(z,val k) s = if p = word 0 \/ a = 0 then a else n - a)) (MAYCHANGE [PC; X2; X5; X6; X7] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `p:int64`; `x:int64`; `m:int64`] THEN diff --git a/arm/proofs/bignum_modsub.ml b/arm/proofs/bignum_modsub.ml index 6697dd4a..9f3be6ef 100644 --- a/arm/proofs/bignum_modsub.ml +++ b/arm/proofs/bignum_modsub.ml @@ -62,7 +62,7 @@ let BIGNUM_MODSUB_CORRECT = prove (\s. read PC s = word(pc + 0x54) /\ &(bignum_from_memory (z,val k) s) = (&a - &b) rem &n) (MAYCHANGE [PC; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:int64`] THEN diff --git a/arm/proofs/bignum_montifier.ml b/arm/proofs/bignum_montifier.ml index 2d16fcbb..773d141f 100644 --- a/arm/proofs/bignum_montifier.ml +++ b/arm/proofs/bignum_montifier.ml @@ -345,7 +345,7 @@ let BIGNUM_MONTIFIER_CORRECT = time prove (MAYCHANGE [PC; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(z,8 * val k); memory :> bytes(t,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `mm:int64`; `t:int64`; `m:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_montinv_p256.ml b/arm/proofs/bignum_montinv_p256.ml index 9ca4c8be..2b46fbe5 100644 --- a/arm/proofs/bignum_montinv_p256.ml +++ b/arm/proofs/bignum_montinv_p256.ml @@ -1498,7 +1498,7 @@ let LOCAL_WORD_DIVSTEP59_CORRECT = prove read X13 s = iword(M$2$2))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY (fun t -> GEN_REWRITE_TAC I [FORALL_IVAL_GEN] THEN X_GEN_TAC t THEN STRIP_TAC) @@ -1825,7 +1825,7 @@ let CORE_MONTINV_P256_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,160)])`, MAP_EVERY X_GEN_TAC @@ -3115,7 +3115,7 @@ let BIGNUM_MONTINV_P256_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,160)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_montinv_p384.ml b/arm/proofs/bignum_montinv_p384.ml index 407d14a1..e12dd11d 100644 --- a/arm/proofs/bignum_montinv_p384.ml +++ b/arm/proofs/bignum_montinv_p384.ml @@ -1689,7 +1689,7 @@ let LOCAL_WORD_DIVSTEP59_CORRECT = prove read X13 s = iword(M$2$2))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY (fun t -> GEN_REWRITE_TAC I [FORALL_IVAL_GEN] THEN X_GEN_TAC t THEN STRIP_TAC) @@ -2044,7 +2044,7 @@ let CORE_INV_P384_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 6); memory :> bytes(stackpointer,256)])`, MAP_EVERY X_GEN_TAC @@ -3424,7 +3424,7 @@ let BIGNUM_MONTINV_P384_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 6); memory :> bytes(stackpointer,256)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_montinv_sm2.ml b/arm/proofs/bignum_montinv_sm2.ml index 00f6ce30..072c9c3c 100644 --- a/arm/proofs/bignum_montinv_sm2.ml +++ b/arm/proofs/bignum_montinv_sm2.ml @@ -1491,7 +1491,7 @@ let LOCAL_WORD_DIVSTEP59_CORRECT = prove read X13 s = iword(M$2$2))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY (fun t -> GEN_REWRITE_TAC I [FORALL_IVAL_GEN] THEN X_GEN_TAC t THEN STRIP_TAC) @@ -1819,7 +1819,7 @@ let CORE_MONTINV_SM2_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,160)])`, MAP_EVERY X_GEN_TAC @@ -3130,7 +3130,7 @@ let BIGNUM_MONTINV_SM2_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,160)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_montmul.ml b/arm/proofs/bignum_montmul.ml index 67d19af6..e89fcd3a 100644 --- a/arm/proofs/bignum_montmul.ml +++ b/arm/proofs/bignum_montmul.ml @@ -147,7 +147,7 @@ let BIGNUM_MONTMUL_CORRECT = time prove (inverse_mod n (2 EXP (64 * val k)) * a * b) MOD n)) (MAYCHANGE [PC; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(z,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:int64`] THEN MAP_EVERY X_GEN_TAC [`a:num`; `b:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_montmul_p256.ml b/arm/proofs/bignum_montmul_p256.ml index f2ba9c37..2e5bea5d 100644 --- a/arm/proofs/bignum_montmul_p256.ml +++ b/arm/proofs/bignum_montmul_p256.ml @@ -262,7 +262,7 @@ let BIGNUM_MONTMUL_P256_UNOPT_CORE_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; @@ -694,7 +694,7 @@ let BIGNUM_MONTMUL_P256_UNOPT_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_MONTMUL_P256_UNOPT_CORE_CORRECT bignum_montmul_p256_unopt_core_mc_def [fst BIGNUM_MONTMUL_P256_UNOPT_CORE_EXEC;fst BIGNUM_MONTMUL_P256_UNOPT_EXEC]);; @@ -728,7 +728,7 @@ let BIGNUM_AMONTMUL_P256_UNOPT_CORE_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; @@ -1154,7 +1154,7 @@ let BIGNUM_AMONTMUL_P256_UNOPT_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_AMONTMUL_P256_UNOPT_CORE_CORRECT bignum_montmul_p256_unopt_core_mc_def [fst BIGNUM_MONTMUL_P256_UNOPT_CORE_EXEC;fst BIGNUM_MONTMUL_P256_UNOPT_EXEC]);; @@ -1439,13 +1439,13 @@ let equiv_goal1 = mk_equiv_statement_simple `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montmul_p256_interm1_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; @@ -1519,13 +1519,13 @@ let equiv_goal2 = mk_equiv_statement_simple X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montmul_p256_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; (* Line numbers from bignum_montmul_p256_core_mc (the fully optimized prog.) to bignum_montmul_p256_interm1_core_mc (the intermediate prog.) @@ -1589,13 +1589,13 @@ let equiv_goal = mk_equiv_statement_simple `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montmul_p256_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; let montmul_p256_eqout_TRANS = prove( `!s s2 s' @@ -1698,7 +1698,7 @@ let BIGNUM_MONTMUL_P256_CORE_CORRECT = prove( X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REPEAT GEN_TAC THEN (* Prepare pc for the original program. *) @@ -1744,7 +1744,7 @@ let BIGNUM_MONTMUL_P256_CORRECT = time prove X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_MONTMUL_P256_CORE_CORRECT bignum_montmul_p256_core_mc_def @@ -1801,7 +1801,7 @@ let BIGNUM_AMONTMUL_P256_CORE_CORRECT = prove( X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REPEAT GEN_TAC THEN (* Prepare pc for the original program. *) @@ -1845,7 +1845,7 @@ let BIGNUM_AMONTMUL_P256_CORRECT = time prove X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_AMONTMUL_P256_CORE_CORRECT bignum_montmul_p256_core_mc_def diff --git a/arm/proofs/bignum_montmul_p256_alt.ml b/arm/proofs/bignum_montmul_p256_alt.ml index aa126961..c04fe913 100644 --- a/arm/proofs/bignum_montmul_p256_alt.ml +++ b/arm/proofs/bignum_montmul_p256_alt.ml @@ -155,7 +155,7 @@ let BIGNUM_MONTMUL_P256_ALT_CORRECT = time prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -276,7 +276,7 @@ let BIGNUM_AMONTMUL_P256_ALT_CORRECT = time prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_montmul_p256k1.ml b/arm/proofs/bignum_montmul_p256k1.ml index 48fd2e6b..47a32e10 100644 --- a/arm/proofs/bignum_montmul_p256k1.ml +++ b/arm/proofs/bignum_montmul_p256k1.ml @@ -260,7 +260,7 @@ let BIGNUM_MONTMUL_P256K1_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_montmul_p256k1_alt.ml b/arm/proofs/bignum_montmul_p256k1_alt.ml index bdd6b45e..5f2b95ad 100644 --- a/arm/proofs/bignum_montmul_p256k1_alt.ml +++ b/arm/proofs/bignum_montmul_p256k1_alt.ml @@ -171,7 +171,7 @@ let BIGNUM_MONTMUL_P256K1_ALT_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_montmul_p384.ml b/arm/proofs/bignum_montmul_p384.ml index ed4bbc75..068bb97a 100644 --- a/arm/proofs/bignum_montmul_p384.ml +++ b/arm/proofs/bignum_montmul_p384.ml @@ -687,7 +687,7 @@ let BIGNUM_MONTMUL_P384_UNOPT_CORE_CORRECT = time prove X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; @@ -1186,7 +1186,7 @@ let BIGNUM_MONTMUL_P384_UNOPT_CORRECT = time prove( X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_MONTMUL_P384_UNOPT_CORE_CORRECT bignum_montmul_p384_unopt_core_mc_def @@ -1222,7 +1222,7 @@ let BIGNUM_AMONTMUL_P384_UNOPT_CORE_CORRECT = time prove X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; @@ -1713,7 +1713,7 @@ let BIGNUM_AMONTMUL_P384_UNOPT_CORRECT = time prove X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_AMONTMUL_P384_UNOPT_CORE_CORRECT bignum_montmul_p384_unopt_core_mc_def @@ -2208,14 +2208,14 @@ let equiv_goal1 = mk_equiv_statement_simple X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montmul_p384_interm1_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; let _org_extra_word_CONV = !extra_word_CONV;; @@ -2289,14 +2289,14 @@ let equiv_goal2 = mk_equiv_statement_simple X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montmul_p384_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; (* Line numbers from the fully optimized prog. to the intermediate prog. @@ -2362,14 +2362,14 @@ let equiv_goal = mk_equiv_statement_simple X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montmul_p384_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; let montmul_p384_eqout_TRANS = prove( `!s s2 s' @@ -2479,7 +2479,7 @@ let BIGNUM_MONTMUL_P384_CORE_CORRECT = time prove( X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REPEAT GEN_TAC THEN (* Prepare pc for the original program. *) @@ -2526,7 +2526,7 @@ let BIGNUM_MONTMUL_P384_CORRECT = time prove( X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_MONTMUL_P384_CORE_CORRECT bignum_montmul_p384_core_mc_def @@ -2599,7 +2599,7 @@ let BIGNUM_AMONTMUL_P384_CORE_CORRECT = time prove( X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REPEAT GEN_TAC THEN (* Prepare pc for the original program. *) @@ -2644,7 +2644,7 @@ let BIGNUM_AMONTMUL_P384_CORRECT = time prove( X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_AMONTMUL_P384_CORE_CORRECT bignum_montmul_p384_core_mc_def diff --git a/arm/proofs/bignum_montmul_p384_alt.ml b/arm/proofs/bignum_montmul_p384_alt.ml index aa68c146..abae1480 100644 --- a/arm/proofs/bignum_montmul_p384_alt.ml +++ b/arm/proofs/bignum_montmul_p384_alt.ml @@ -339,7 +339,7 @@ let BIGNUM_MONTMUL_P384_ALT_CORRECT = time prove X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -491,7 +491,7 @@ let BIGNUM_AMONTMUL_P384_ALT_CORRECT = time prove X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_montmul_p521.ml b/arm/proofs/bignum_montmul_p521.ml index f6e615c7..1289f118 100644 --- a/arm/proofs/bignum_montmul_p521.ml +++ b/arm/proofs/bignum_montmul_p521.ml @@ -780,7 +780,7 @@ let BIGNUM_MONTMUL_P521_UNOPT_CORE_CORRECT = prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)])`, MAP_EVERY X_GEN_TAC @@ -1679,7 +1679,7 @@ let BIGNUM_MONTMUL_P521_UNOPT_CORRECT = time prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)])`, @@ -2447,7 +2447,7 @@ let equiv_goal1 = mk_equiv_statement_simple `MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]` bignum_montmul_p521_interm1_core_mc @@ -2455,7 +2455,7 @@ let equiv_goal1 = mk_equiv_statement_simple X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]`;; @@ -2536,7 +2536,7 @@ let equiv_goal2 = mk_equiv_statement_simple X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]` bignum_montmul_p521_core_mc @@ -2544,7 +2544,7 @@ let equiv_goal2 = mk_equiv_statement_simple X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]`;; @@ -2612,7 +2612,7 @@ let equiv_goal = mk_equiv_statement_simple `MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]` bignum_montmul_p521_core_mc @@ -2620,7 +2620,7 @@ let equiv_goal = mk_equiv_statement_simple X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]`;; @@ -2741,7 +2741,7 @@ let BIGNUM_MONTMUL_P521_CORE_CORRECT = prove X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)])`, REPEAT GEN_TAC THEN @@ -2791,7 +2791,7 @@ let BIGNUM_MONTMUL_P521_CORRECT = prove X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)])`, diff --git a/arm/proofs/bignum_montmul_p521_alt.ml b/arm/proofs/bignum_montmul_p521_alt.ml index 9ab77b86..b0c90822 100644 --- a/arm/proofs/bignum_montmul_p521_alt.ml +++ b/arm/proofs/bignum_montmul_p521_alt.ml @@ -487,7 +487,7 @@ let BIGNUM_MONTMUL_P521_ALT_CORRECT = prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,64)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_montmul_sm2.ml b/arm/proofs/bignum_montmul_sm2.ml index 2417d251..0e247fd6 100644 --- a/arm/proofs/bignum_montmul_sm2.ml +++ b/arm/proofs/bignum_montmul_sm2.ml @@ -246,7 +246,7 @@ let BIGNUM_MONTMUL_SM2_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -716,7 +716,7 @@ let BIGNUM_AMONTMUL_SM2_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_montmul_sm2_alt.ml b/arm/proofs/bignum_montmul_sm2_alt.ml index c4297daa..002d232a 100644 --- a/arm/proofs/bignum_montmul_sm2_alt.ml +++ b/arm/proofs/bignum_montmul_sm2_alt.ml @@ -159,7 +159,7 @@ let BIGNUM_MONTMUL_SM2_ALT_CORRECT = time prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -280,7 +280,7 @@ let BIGNUM_AMONTMUL_SM2_ALT_CORRECT = time prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_montredc.ml b/arm/proofs/bignum_montredc.ml index 557004c6..a9b5f490 100644 --- a/arm/proofs/bignum_montredc.ml +++ b/arm/proofs/bignum_montredc.ml @@ -151,7 +151,7 @@ let BIGNUM_MONTREDC_CORRECT = time prove lowdigits a (val k + val p)) MOD n)) (MAYCHANGE [PC; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(z,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `nx:num` THEN X_GEN_TAC `x:int64` THEN X_GEN_TAC `m:int64` THEN W64_GEN_TAC `p:num` THEN diff --git a/arm/proofs/bignum_montsqr.ml b/arm/proofs/bignum_montsqr.ml index 03a86716..2f6e1231 100644 --- a/arm/proofs/bignum_montsqr.ml +++ b/arm/proofs/bignum_montsqr.ml @@ -146,7 +146,7 @@ let BIGNUM_MONTSQR_CORRECT = time prove (inverse_mod n (2 EXP (64 * val k)) * a EXP 2) MOD n)) (MAYCHANGE [PC; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(z,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `m:int64`] THEN MAP_EVERY X_GEN_TAC [`a:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_montsqr_p256.ml b/arm/proofs/bignum_montsqr_p256.ml index ca6fec3f..a9dc9ef2 100644 --- a/arm/proofs/bignum_montsqr_p256.ml +++ b/arm/proofs/bignum_montsqr_p256.ml @@ -220,7 +220,7 @@ let BIGNUM_MONTSQR_P256_UNOPT_CORE_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; @@ -388,7 +388,7 @@ let BIGNUM_MONTSQR_P256_UNOPT_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_MONTSQR_P256_UNOPT_CORE_CORRECT bignum_montsqr_p256_unopt_core_mc_def @@ -415,7 +415,7 @@ let BIGNUM_AMONTSQR_P256_UNOPT_CORE_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; @@ -580,7 +580,7 @@ let BIGNUM_AMONTSQR_P256_UNOPT_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_AMONTSQR_P256_UNOPT_CORE_CORRECT bignum_montsqr_p256_unopt_core_mc_def @@ -803,13 +803,13 @@ let equiv_goal1 = mk_equiv_statement_simple `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montsqr_p256_interm1_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; let lemma1 = prove(`!(x:int64). @@ -1005,13 +1005,13 @@ let equiv_goal2 = mk_equiv_statement_simple X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montsqr_p256_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; (* Line numbers from bignum_montsqr_p256_core_mc (the fully optimized prog.) to bignum_montsqr_p256_interm1_core_mc (the intermediate prog.) @@ -1075,13 +1075,13 @@ let equiv_goal = mk_equiv_statement_simple `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montsqr_p256_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; let montsqr_p256_eqout_TRANS = prove( `!s s2 s' @@ -1178,7 +1178,7 @@ let BIGNUM_MONTSQR_P256_CORE_CORRECT = prove( X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REPEAT GEN_TAC THEN (* Prepare pc for the original program. *) @@ -1221,7 +1221,7 @@ let BIGNUM_MONTSQR_P256_CORRECT = time prove X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_MONTSQR_P256_CORE_CORRECT bignum_montsqr_p256_core_mc_def @@ -1275,7 +1275,7 @@ let BIGNUM_AMONTSQR_P256_CORE_CORRECT = prove( X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REPEAT GEN_TAC THEN (* Prepare pc for the original program. *) @@ -1316,7 +1316,7 @@ let BIGNUM_AMONTSQR_P256_CORRECT = time prove X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_AMONTSQR_P256_CORE_CORRECT bignum_montsqr_p256_core_mc_def [fst BIGNUM_MONTSQR_P256_EXEC; diff --git a/arm/proofs/bignum_montsqr_p256_alt.ml b/arm/proofs/bignum_montsqr_p256_alt.ml index add7773a..9fb741a6 100644 --- a/arm/proofs/bignum_montsqr_p256_alt.ml +++ b/arm/proofs/bignum_montsqr_p256_alt.ml @@ -132,7 +132,7 @@ let BIGNUM_MONTSQR_P256_ALT_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -248,7 +248,7 @@ let BIGNUM_AMONTSQR_P256_ALT_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_montsqr_p256k1.ml b/arm/proofs/bignum_montsqr_p256k1.ml index b378b322..f9ff0b97 100644 --- a/arm/proofs/bignum_montsqr_p256k1.ml +++ b/arm/proofs/bignum_montsqr_p256k1.ml @@ -189,7 +189,7 @@ let BIGNUM_MONTSQR_P256K1_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_montsqr_p256k1_alt.ml b/arm/proofs/bignum_montsqr_p256k1_alt.ml index 3a5d87be..92ac8771 100644 --- a/arm/proofs/bignum_montsqr_p256k1_alt.ml +++ b/arm/proofs/bignum_montsqr_p256k1_alt.ml @@ -144,7 +144,7 @@ let BIGNUM_MONTSQR_P256K1_ALT_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_montsqr_p384.ml b/arm/proofs/bignum_montsqr_p384.ml index bba72905..8363d9e0 100644 --- a/arm/proofs/bignum_montsqr_p384.ml +++ b/arm/proofs/bignum_montsqr_p384.ml @@ -554,7 +554,7 @@ let BIGNUM_MONTSQR_P384_UNOPT_CORE_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; @@ -811,7 +811,7 @@ let BIGNUM_MONTSQR_P384_UNOPT_CORRECT = time prove( (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_MONTSQR_P384_UNOPT_CORE_CORRECT bignum_montsqr_p384_unopt_core_mc_def @@ -838,7 +838,7 @@ let BIGNUM_AMONTSQR_P384_UNOPT_CORE_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; @@ -1088,7 +1088,7 @@ let BIGNUM_AMONTSQR_P384_UNOPT_CORRECT = time prove( (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_AMONTSQR_P384_UNOPT_CORE_CORRECT bignum_montsqr_p384_unopt_core_mc_def @@ -1479,13 +1479,13 @@ let equiv_goal1 = mk_equiv_statement_simple `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montsqr_p384_interm1_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; let _org_extra_word_CONV = !extra_word_CONV;; extra_word_CONV := @@ -1559,13 +1559,13 @@ let equiv_goal2 = mk_equiv_statement_simple X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montsqr_p384_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; (* Line numbers from the fully optimized prog. to the intermediate prog. The script that prints this map is being privately maintained by aqjune-aws. @@ -1629,13 +1629,13 @@ let equiv_goal = mk_equiv_statement_simple `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_montsqr_p384_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; let montsqr_p384_eqout_TRANS = prove( `!s s2 s' @@ -1740,7 +1740,7 @@ let BIGNUM_MONTSQR_P384_CORE_CORRECT = prove( X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REPEAT GEN_TAC THEN (* Prepare pc for the original program. This is going to be used @@ -1785,7 +1785,7 @@ let BIGNUM_MONTSQR_P384_CORRECT = time prove( X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_MONTSQR_P384_CORE_CORRECT bignum_montsqr_p384_core_mc_def @@ -1809,7 +1809,7 @@ let BIGNUM_MONTSQR_P384_SUBROUTINE_CORRECT = time prove X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[fst BIGNUM_MONTSQR_P384_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC BIGNUM_MONTSQR_P384_EXEC (REWRITE_RULE [fst BIGNUM_MONTSQR_P384_EXEC; @@ -1850,7 +1850,7 @@ let BIGNUM_AMONTSQR_P384_CORE_CORRECT = prove( X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REPEAT GEN_TAC THEN (* Prepare pc for the original program. This is going to be used @@ -1895,7 +1895,7 @@ let BIGNUM_AMONTSQR_P384_CORRECT = time prove( X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_AMONTSQR_P384_CORE_CORRECT bignum_montsqr_p384_core_mc_def diff --git a/arm/proofs/bignum_montsqr_p384_alt.ml b/arm/proofs/bignum_montsqr_p384_alt.ml index 25be15bd..a10b225d 100644 --- a/arm/proofs/bignum_montsqr_p384_alt.ml +++ b/arm/proofs/bignum_montsqr_p384_alt.ml @@ -279,7 +279,7 @@ let BIGNUM_MONTSQR_P384_ALT_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -427,7 +427,7 @@ let BIGNUM_AMONTSQR_P384_ALT_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_montsqr_p521.ml b/arm/proofs/bignum_montsqr_p521.ml index 85ae5b45..1a483118 100644 --- a/arm/proofs/bignum_montsqr_p521.ml +++ b/arm/proofs/bignum_montsqr_p521.ml @@ -553,7 +553,7 @@ let BIGNUM_MONTSQR_P521_UNOPT_CORE_CORRECT = time prove (inverse_mod p_521 (2 EXP 576) * n EXP 2) MOD p_521)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN @@ -1283,7 +1283,7 @@ let BIGNUM_MONTSQR_P521_UNOPT_CORRECT = time prove (inverse_mod p_521 (2 EXP 576) * n EXP 2) MOD p_521)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_MONTSQR_P521_UNOPT_CORE_CORRECT @@ -1894,13 +1894,13 @@ let equiv_goal1 = mk_equiv_statement_simple bignum_montsqr_p521_unopt_core_mc `MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]` bignum_montsqr_p521_interm1_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]`;; let _org_extra_word_CONV = !extra_word_CONV;; @@ -1980,13 +1980,13 @@ let equiv_goal2 = mk_equiv_statement_simple `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]` bignum_montsqr_p521_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]`;; (* Line numbers from the fully optimized prog. to the intermediate prog. @@ -2048,13 +2048,13 @@ let equiv_goal = mk_equiv_statement_simple bignum_montsqr_p521_unopt_core_mc `MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]` bignum_montsqr_p521_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]`;; let montsqr_p521_eqout_TRANS = prove( @@ -2159,7 +2159,7 @@ let BIGNUM_MONTSQR_P521_CORE_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, REPEAT GEN_TAC THEN @@ -2204,7 +2204,7 @@ let BIGNUM_MONTSQR_P521_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, ARM_SUB_LIST_OF_MC_TAC diff --git a/arm/proofs/bignum_montsqr_p521_alt.ml b/arm/proofs/bignum_montsqr_p521_alt.ml index 12c2f8b7..aac56b14 100644 --- a/arm/proofs/bignum_montsqr_p521_alt.ml +++ b/arm/proofs/bignum_montsqr_p521_alt.ml @@ -337,7 +337,7 @@ let BIGNUM_MONTSQR_P521_ALT_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X29] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_montsqr_sm2.ml b/arm/proofs/bignum_montsqr_sm2.ml index 8d56ac3e..b8782faa 100644 --- a/arm/proofs/bignum_montsqr_sm2.ml +++ b/arm/proofs/bignum_montsqr_sm2.ml @@ -211,7 +211,7 @@ let BIGNUM_MONTSQR_SM2_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -401,7 +401,7 @@ let BIGNUM_AMONTSQR_SM2_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_montsqr_sm2_alt.ml b/arm/proofs/bignum_montsqr_sm2_alt.ml index d806dce1..82c9f519 100644 --- a/arm/proofs/bignum_montsqr_sm2_alt.ml +++ b/arm/proofs/bignum_montsqr_sm2_alt.ml @@ -136,7 +136,7 @@ let BIGNUM_MONTSQR_SM2_ALT_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -252,7 +252,7 @@ let BIGNUM_AMONTSQR_SM2_ALT_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_mul.ml b/arm/proofs/bignum_mul.ml index 6a508850..420b5450 100644 --- a/arm/proofs/bignum_mul.ml +++ b/arm/proofs/bignum_mul.ml @@ -69,7 +69,7 @@ let BIGNUM_MUL_CORRECT = prove (\s. read PC s = word (pc + 0x80) /\ bignum_from_memory(z,val p) s = lowdigits (a * b) (val p)) (MAYCHANGE [PC; X0; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val p)])`, MAP_EVERY W64_GEN_TAC [`p:num`; `m:num`; `n:num`] THEN MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_mul_4_8.ml b/arm/proofs/bignum_mul_4_8.ml index 16e04415..83e8a24c 100644 --- a/arm/proofs/bignum_mul_4_8.ml +++ b/arm/proofs/bignum_mul_4_8.ml @@ -249,7 +249,7 @@ let BIGNUM_MUL_4_8_CORRECT = prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 8)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/proofs/bignum_mul_4_8_alt.ml b/arm/proofs/bignum_mul_4_8_alt.ml index e4c355e2..46fbf677 100644 --- a/arm/proofs/bignum_mul_4_8_alt.ml +++ b/arm/proofs/bignum_mul_4_8_alt.ml @@ -109,7 +109,7 @@ let BIGNUM_MUL_4_8_ALT_CORRECT = time prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(z,8 * 8)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mul_6_12.ml b/arm/proofs/bignum_mul_6_12.ml index 0443a373..bab66368 100644 --- a/arm/proofs/bignum_mul_6_12.ml +++ b/arm/proofs/bignum_mul_6_12.ml @@ -359,7 +359,7 @@ let BIGNUM_MUL_6_12_CORRECT = prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, MAYCHANGE [memory :> bytes(z,8 * 12)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/proofs/bignum_mul_6_12_alt.ml b/arm/proofs/bignum_mul_6_12_alt.ml index 8e22f342..b4650a66 100644 --- a/arm/proofs/bignum_mul_6_12_alt.ml +++ b/arm/proofs/bignum_mul_6_12_alt.ml @@ -196,7 +196,7 @@ let BIGNUM_MUL_6_12_ALT_CORRECT = time prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, MAYCHANGE [memory :> bytes(z,8 * 12)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mul_8_16.ml b/arm/proofs/bignum_mul_8_16.ml index d0384d99..091d64bc 100644 --- a/arm/proofs/bignum_mul_8_16.ml +++ b/arm/proofs/bignum_mul_8_16.ml @@ -567,7 +567,7 @@ let BIGNUM_MUL_8_16_UNOPT_CORE_CORRECT = prove X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; fst BIGNUM_MUL_8_16_UNOPT_CORE_EXEC] THEN @@ -802,7 +802,7 @@ let BIGNUM_MUL_8_16_UNOPT_CORRECT = prove( X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_MUL_8_16_UNOPT_CORE_CORRECT bignum_mul_8_16_unopt_core_mc_def [fst BIGNUM_MUL_8_16_UNOPT_EXEC;fst BIGNUM_MUL_8_16_UNOPT_CORE_EXEC]);; @@ -1372,14 +1372,14 @@ let equiv_goal = mk_equiv_statement_simple X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_mul_8_16_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; let _org_extra_word_CONV = !extra_word_CONV;; extra_word_CONV := @@ -1514,7 +1514,7 @@ let BIGNUM_MUL_8_16_CORE_CORRECT = prove( X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5],, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, let mc_lengths_th = map fst [BIGNUM_MUL_8_16_UNOPT_CORE_EXEC; BIGNUM_MUL_8_16_CORE_EXEC] in @@ -1590,7 +1590,7 @@ let BIGNUM_MUL_8_16_CORRECT = prove( X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5],, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_MUL_8_16_CORE_CORRECT bignum_mul_8_16_core_mc_def @@ -1619,7 +1619,7 @@ let BIGNUM_MUL_8_16_SUBROUTINE_CORRECT = prove MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5],, MAYCHANGE [memory :> bytes(z,8 * 16); memory :> bytes(word_sub stackpointer (word 48),48)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_ADD_RETURN_STACK_TAC BIGNUM_MUL_8_16_EXEC ((CONV_RULE (ONCE_DEPTH_CONV NUM_ADD_CONV) o REWRITE_RULE diff --git a/arm/proofs/bignum_mul_8_16_alt.ml b/arm/proofs/bignum_mul_8_16_alt.ml index 53b1a5cd..c4611f9d 100644 --- a/arm/proofs/bignum_mul_8_16_alt.ml +++ b/arm/proofs/bignum_mul_8_16_alt.ml @@ -316,7 +316,7 @@ let BIGNUM_MUL_8_16_ALT_CORRECT = time prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `a:num`; `b:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mul_p25519.ml b/arm/proofs/bignum_mul_p25519.ml index f08ee10b..ed1d6ae0 100644 --- a/arm/proofs/bignum_mul_p25519.ml +++ b/arm/proofs/bignum_mul_p25519.ml @@ -319,7 +319,7 @@ let BIGNUM_MUL_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mul_p25519_alt.ml b/arm/proofs/bignum_mul_p25519_alt.ml index 51e13ece..923b704a 100644 --- a/arm/proofs/bignum_mul_p25519_alt.ml +++ b/arm/proofs/bignum_mul_p25519_alt.ml @@ -139,7 +139,7 @@ let BIGNUM_MUL_P25519_ALT_CORRECT = time prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mul_p256k1.ml b/arm/proofs/bignum_mul_p256k1.ml index 4fdcd726..685b9733 100644 --- a/arm/proofs/bignum_mul_p256k1.ml +++ b/arm/proofs/bignum_mul_p256k1.ml @@ -257,7 +257,7 @@ let BIGNUM_MUL_P256K1_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mul_p256k1_alt.ml b/arm/proofs/bignum_mul_p256k1_alt.ml index 1f25dddf..f8d736e0 100644 --- a/arm/proofs/bignum_mul_p256k1_alt.ml +++ b/arm/proofs/bignum_mul_p256k1_alt.ml @@ -147,7 +147,7 @@ let BIGNUM_MUL_P256K1_ALT_CORRECT = time prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_mul_p521.ml b/arm/proofs/bignum_mul_p521.ml index beb56e2b..7167e9f2 100644 --- a/arm/proofs/bignum_mul_p521.ml +++ b/arm/proofs/bignum_mul_p521.ml @@ -783,7 +783,7 @@ let BIGNUM_MUL_P521_UNOPT_CORE_CORRECT = prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)])`, MAP_EVERY X_GEN_TAC @@ -1660,7 +1660,7 @@ let BIGNUM_MUL_P521_UNOPT_CORRECT = time prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)])`, @@ -2423,7 +2423,7 @@ let equiv_goal1 = mk_equiv_statement_simple `MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]` bignum_mul_p521_interm1_core_mc @@ -2431,7 +2431,7 @@ let equiv_goal1 = mk_equiv_statement_simple X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]`;; @@ -2512,7 +2512,7 @@ let equiv_goal2 = mk_equiv_statement_simple X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]` bignum_mul_p521_core_mc @@ -2520,7 +2520,7 @@ let equiv_goal2 = mk_equiv_statement_simple X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]`;; @@ -2588,7 +2588,7 @@ let equiv_goal = mk_equiv_statement_simple `MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]` bignum_mul_p521_core_mc @@ -2596,7 +2596,7 @@ let equiv_goal = mk_equiv_statement_simple X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)]`;; @@ -2715,7 +2715,7 @@ let BIGNUM_MUL_P521_CORE_CORRECT = prove X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)])`, REPEAT GEN_TAC THEN @@ -2764,7 +2764,7 @@ let BIGNUM_MUL_P521_CORRECT = prove X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)])`, diff --git a/arm/proofs/bignum_mul_p521_alt.ml b/arm/proofs/bignum_mul_p521_alt.ml index 909390af..f3a6a77e 100644 --- a/arm/proofs/bignum_mul_p521_alt.ml +++ b/arm/proofs/bignum_mul_p521_alt.ml @@ -475,7 +475,7 @@ let BIGNUM_MUL_P521_ALT_CORRECT = prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,64)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_muladd10.ml b/arm/proofs/bignum_muladd10.ml index 74a7ce69..25995246 100644 --- a/arm/proofs/bignum_muladd10.ml +++ b/arm/proofs/bignum_muladd10.ml @@ -52,7 +52,7 @@ let BIGNUM_MULADD10_CORRECT = time prove lowdigits (10 * n + val d) (val k) /\ C_RETURN s = word(highdigits (10 * n + val d) (val k))) (MAYCHANGE [PC; X0; X2; X3; X4; X5] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `d:num` THEN MAP_EVERY X_GEN_TAC [`n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_mux.ml b/arm/proofs/bignum_mux.ml index b9a506ff..c573e82e 100644 --- a/arm/proofs/bignum_mux.ml +++ b/arm/proofs/bignum_mux.ml @@ -47,7 +47,7 @@ let BIGNUM_MUX_CORRECT = prove word (pc + 0x20) /\ bignum_from_memory (z,val k) s = if ~(b = word 0) then m else n) - (MAYCHANGE [PC; X0; X1; X5] ,, MAYCHANGE SOME_FLAGS ,, + (MAYCHANGE [PC; X0; X1; X5] ,, MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, REWRITE_TAC[NONOVERLAPPING_CLAUSES] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; fst BIGNUM_MUX_EXEC] THEN diff --git a/arm/proofs/bignum_mux16.ml b/arm/proofs/bignum_mux16.ml index 4f5693d9..da10b566 100644 --- a/arm/proofs/bignum_mux16.ml +++ b/arm/proofs/bignum_mux16.ml @@ -108,7 +108,7 @@ let BIGNUM_MUX16_CORRECT = prove (\s. read PC s = word (pc + 0x118) /\ (val i < 16 ==> bignum_from_memory (z,val k) s = n (val i))) (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`] THEN diff --git a/arm/proofs/bignum_mux_4.ml b/arm/proofs/bignum_mux_4.ml index fe9d8118..fdf7ccdc 100644 --- a/arm/proofs/bignum_mux_4.ml +++ b/arm/proofs/bignum_mux_4.ml @@ -55,7 +55,7 @@ let BIGNUM_MUX_4_CORRECT = prove (\s. read PC s = word (pc + 0x44) /\ bignum_from_memory (z,4) s = if ~(p = word 0) then m else n) - (MAYCHANGE [PC; X0; X4] ,, MAYCHANGE SOME_FLAGS ,, + (MAYCHANGE [PC; X0; X4] ,, MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`p:int64`; `z:int64`; `x:int64`; `y:int64`; diff --git a/arm/proofs/bignum_mux_6.ml b/arm/proofs/bignum_mux_6.ml index 5cb092e6..2cfb7d27 100644 --- a/arm/proofs/bignum_mux_6.ml +++ b/arm/proofs/bignum_mux_6.ml @@ -63,7 +63,7 @@ let BIGNUM_MUX_6_CORRECT = prove (\s. read PC s = word (pc + 0x64) /\ bignum_from_memory (z,6) s = if ~(p = word 0) then m else n) - (MAYCHANGE [PC; X0; X4] ,, MAYCHANGE SOME_FLAGS ,, + (MAYCHANGE [PC; X0; X4] ,, MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`p:int64`; `z:int64`; `x:int64`; `y:int64`; diff --git a/arm/proofs/bignum_neg_p25519.ml b/arm/proofs/bignum_neg_p25519.ml index 0bda8b90..aaf9ab49 100644 --- a/arm/proofs/bignum_neg_p25519.ml +++ b/arm/proofs/bignum_neg_p25519.ml @@ -56,7 +56,7 @@ let BIGNUM_NEG_P25519_CORRECT = time prove (n <= p_25519 ==> bignum_from_memory (z,4) s = (p_25519 - n) MOD p_25519)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_neg_p256.ml b/arm/proofs/bignum_neg_p256.ml index 65024f2e..8623a701 100644 --- a/arm/proofs/bignum_neg_p256.ml +++ b/arm/proofs/bignum_neg_p256.ml @@ -52,7 +52,7 @@ let BIGNUM_NEG_P256_CORRECT = time prove (n <= p_256 ==> bignum_from_memory (z,4) s = (p_256 - n) MOD p_256)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_neg_p256k1.ml b/arm/proofs/bignum_neg_p256k1.ml index a7ee0a76..11706429 100644 --- a/arm/proofs/bignum_neg_p256k1.ml +++ b/arm/proofs/bignum_neg_p256k1.ml @@ -53,7 +53,7 @@ let BIGNUM_NEG_P256K1_CORRECT = time prove (n <= p_256k1 ==> bignum_from_memory (z,4) s = (p_256k1 - n) MOD p_256k1)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_neg_p384.ml b/arm/proofs/bignum_neg_p384.ml index 42f84e83..edfc3837 100644 --- a/arm/proofs/bignum_neg_p384.ml +++ b/arm/proofs/bignum_neg_p384.ml @@ -59,7 +59,7 @@ let BIGNUM_NEG_P384_CORRECT = time prove (n <= p_384 ==> bignum_from_memory (z,6) s = (p_384 - n) MOD p_384)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_neg_p521.ml b/arm/proofs/bignum_neg_p521.ml index a56b146c..bc0ef8c1 100644 --- a/arm/proofs/bignum_neg_p521.ml +++ b/arm/proofs/bignum_neg_p521.ml @@ -67,7 +67,7 @@ let BIGNUM_NEG_P521_CORRECT = time prove (n <= p_521 ==> bignum_from_memory (z,9) s = (p_521 - n) MOD p_521)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_neg_sm2.ml b/arm/proofs/bignum_neg_sm2.ml index bcf5a613..1d3b6cf8 100644 --- a/arm/proofs/bignum_neg_sm2.ml +++ b/arm/proofs/bignum_neg_sm2.ml @@ -52,7 +52,7 @@ let BIGNUM_NEG_SM2_CORRECT = time prove (n <= p_sm2 ==> bignum_from_memory (z,4) s = (p_sm2 - n) MOD p_sm2)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_negmodinv.ml b/arm/proofs/bignum_negmodinv.ml index 7b964a8c..15db0478 100644 --- a/arm/proofs/bignum_negmodinv.ml +++ b/arm/proofs/bignum_negmodinv.ml @@ -115,7 +115,7 @@ let BIGNUM_NEGMODINV_CORRECT = prove (mod (2 EXP (64 * val k))))) (MAYCHANGE [PC; X0; X1; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(z,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`] THEN MAP_EVERY X_GEN_TAC [`m:num`; `pc:num`] THEN REWRITE_TAC[ALL; NONOVERLAPPING_CLAUSES] THEN @@ -389,7 +389,7 @@ let BIGNUM_NEGMODINV_CORRECT = prove MATCH_MP_TAC ENSURES_FRAME_SUBSUMED THEN EXISTS_TAC `MAYCHANGE [PC; X0; X1; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes (z',8 * p)] ,, - MAYCHANGE [NF; ZF; CF; VF]` THEN + MAYCHANGE [NF; ZF; CF; VF] ,, MAYCHANGE [events]` THEN CONJ_TAC THENL [REPEAT(MATCH_MP_TAC SUBSUMED_SEQ THEN REWRITE_TAC[SUBSUMED_REFL]) THEN EXPAND_TAC "z'" THEN SUBSUMED_MAYCHANGE_TAC; diff --git a/arm/proofs/bignum_nonzero.ml b/arm/proofs/bignum_nonzero.ml index d021b683..e7ae6121 100644 --- a/arm/proofs/bignum_nonzero.ml +++ b/arm/proofs/bignum_nonzero.ml @@ -42,7 +42,7 @@ let BIGNUM_NONZERO_CORRECT = prove (\s'. read PC s' = word (pc + 0x20) /\ C_RETURN s' = if ~(x = 0) then word 1 else word 0) (MAYCHANGE [PC; X0; X2; X3] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`a:int64`; `x:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; fst BIGNUM_NONZERO_EXEC] THEN diff --git a/arm/proofs/bignum_nonzero_4.ml b/arm/proofs/bignum_nonzero_4.ml index 0f257cbe..d8d32343 100644 --- a/arm/proofs/bignum_nonzero_4.ml +++ b/arm/proofs/bignum_nonzero_4.ml @@ -41,7 +41,7 @@ let BIGNUM_NONZERO_4_CORRECT = prove (\s. read PC s = word(pc + 0x1c) /\ C_RETURN s = if ~(n = 0) then word 1 else word 0) (MAYCHANGE [PC; X0; X1; X2; X3] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN diff --git a/arm/proofs/bignum_nonzero_6.ml b/arm/proofs/bignum_nonzero_6.ml index 55482cba..ebca5094 100644 --- a/arm/proofs/bignum_nonzero_6.ml +++ b/arm/proofs/bignum_nonzero_6.ml @@ -44,7 +44,7 @@ let BIGNUM_NONZERO_6_CORRECT = prove (\s. read PC s = word(pc + 0x28) /\ C_RETURN s = if ~(n = 0) then word 1 else word 0) (MAYCHANGE [PC; X0; X1; X2; X3] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN diff --git a/arm/proofs/bignum_normalize.ml b/arm/proofs/bignum_normalize.ml index bfa06cea..ced03689 100644 --- a/arm/proofs/bignum_normalize.ml +++ b/arm/proofs/bignum_normalize.ml @@ -89,7 +89,7 @@ let BIGNUM_NORMALIZE_CORRECT = time prove C_RETURN s = word(64 * val k - bitsize n)) (MAYCHANGE [PC; X0; X2; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(z,8 * val k)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`z:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[ALL; ALLPAIRS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_odd.ml b/arm/proofs/bignum_odd.ml index 55a98518..d02d5e68 100644 --- a/arm/proofs/bignum_odd.ml +++ b/arm/proofs/bignum_odd.ml @@ -35,7 +35,7 @@ let BIGNUM_ODD_CORRECT = prove bignum_from_memory(a,val k) s = x) (\s. read PC s = word (pc + 12) /\ C_RETURN s = if ODD x then word 1 else word 0) - (MAYCHANGE [PC; X0])`, + (MAYCHANGE [PC; X0] ,, MAYCHANGE [events])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`a1:int64`; `x:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/proofs/bignum_of_word.ml b/arm/proofs/bignum_of_word.ml index faf662f8..1c8552bf 100644 --- a/arm/proofs/bignum_of_word.ml +++ b/arm/proofs/bignum_of_word.ml @@ -38,7 +38,7 @@ let BIGNUM_OF_WORD_CORRECT = prove (\s. read PC s = word (pc + 0x1c) /\ bignum_from_memory (z,val k) s = val n MOD (2 EXP (64 * val k))) - (MAYCHANGE [PC; X0; X2] ,, MAYCHANGE SOME_FLAGS ,, + (MAYCHANGE [PC; X0; X2] ,, MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `n:num` THEN X_GEN_TAC `pc:num` THEN diff --git a/arm/proofs/bignum_optadd.ml b/arm/proofs/bignum_optadd.ml index 112fbdac..8a773462 100644 --- a/arm/proofs/bignum_optadd.ml +++ b/arm/proofs/bignum_optadd.ml @@ -54,7 +54,7 @@ let BIGNUM_OPTADD_CORRECT = prove C_RETURN s = word(highdigits (a + bitval(~(p = word 0)) * b) (val k))) (MAYCHANGE [PC; X0; X3; X5; X6; X7] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_optneg.ml b/arm/proofs/bignum_optneg.ml index c51e0c31..83c86a88 100644 --- a/arm/proofs/bignum_optneg.ml +++ b/arm/proofs/bignum_optneg.ml @@ -53,7 +53,7 @@ let BIGNUM_OPTNEG_CORRECT = prove (if p = word 0 \/ a = 0 then a else 2 EXP (64 * val k) - a) /\ C_RETURN s = word(bitval(~(p = word 0) /\ ~(a = 0)))) (MAYCHANGE [PC; X0; X2; X4; X5] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_optneg_p25519.ml b/arm/proofs/bignum_optneg_p25519.ml index 0ba29e51..b50fb5d8 100644 --- a/arm/proofs/bignum_optneg_p25519.ml +++ b/arm/proofs/bignum_optneg_p25519.ml @@ -58,7 +58,7 @@ let BIGNUM_OPTNEG_P25519_CORRECT = time prove ==> (bignum_from_memory (z,4) s = if ~(p = word 0) then (p_25519 - n) MOD p_25519 else n))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `p:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_optneg_p256.ml b/arm/proofs/bignum_optneg_p256.ml index d0c33947..800e4ad3 100644 --- a/arm/proofs/bignum_optneg_p256.ml +++ b/arm/proofs/bignum_optneg_p256.ml @@ -59,7 +59,7 @@ let BIGNUM_OPTNEG_P256_CORRECT = time prove ==> (bignum_from_memory (z,4) s = if ~(p = word 0) then (p_256 - n) MOD p_256 else n))) (MAYCHANGE [PC; X1; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `p:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_optneg_p256k1.ml b/arm/proofs/bignum_optneg_p256k1.ml index 2019a051..da3a7689 100644 --- a/arm/proofs/bignum_optneg_p256k1.ml +++ b/arm/proofs/bignum_optneg_p256k1.ml @@ -61,7 +61,7 @@ let BIGNUM_OPTNEG_P256K1_CORRECT = time prove if ~(p = word 0) then (p_256k1 - n) MOD p_256k1 else n))) (MAYCHANGE [PC; X1; X3; X4; X5; X6; X7] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `p:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_optneg_p384.ml b/arm/proofs/bignum_optneg_p384.ml index cf648149..bc388833 100644 --- a/arm/proofs/bignum_optneg_p384.ml +++ b/arm/proofs/bignum_optneg_p384.ml @@ -69,7 +69,7 @@ let BIGNUM_OPTNEG_P384_CORRECT = time prove if ~(p = word 0) then (p_384 - n) MOD p_384 else n))) (MAYCHANGE [PC; X1; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `p:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_optneg_p521.ml b/arm/proofs/bignum_optneg_p521.ml index e1f14e21..56b54c31 100644 --- a/arm/proofs/bignum_optneg_p521.ml +++ b/arm/proofs/bignum_optneg_p521.ml @@ -70,7 +70,7 @@ let BIGNUM_OPTNEG_P521_CORRECT = time prove ==> (bignum_from_memory (z,9) s = if ~(p = word 0) then (p_521 - n) MOD p_521 else n))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `p:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_optneg_sm2.ml b/arm/proofs/bignum_optneg_sm2.ml index 3f94bf96..9eb4d908 100644 --- a/arm/proofs/bignum_optneg_sm2.ml +++ b/arm/proofs/bignum_optneg_sm2.ml @@ -59,7 +59,7 @@ let BIGNUM_OPTNEG_SM2_CORRECT = time prove ==> (bignum_from_memory (z,4) s = if ~(p = word 0) then (p_sm2 - n) MOD p_sm2 else n))) (MAYCHANGE [PC; X1; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `p:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_optsub.ml b/arm/proofs/bignum_optsub.ml index bba01c60..757bfd75 100644 --- a/arm/proofs/bignum_optsub.ml +++ b/arm/proofs/bignum_optsub.ml @@ -55,7 +55,7 @@ let BIGNUM_OPTSUB_CORRECT = prove else (2 EXP (64 * val k) + m) - n) /\ (C_RETURN s = if ~(p = word 0) /\ m < n then word 1 else word 0)) - (MAYCHANGE [PC; X0; X3; X5; X6; X7] ,, MAYCHANGE SOME_FLAGS ,, + (MAYCHANGE [PC; X0; X3; X5; X6; X7] ,, MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_optsubadd.ml b/arm/proofs/bignum_optsubadd.ml index ac5d39c9..b004c0fc 100644 --- a/arm/proofs/bignum_optsubadd.ml +++ b/arm/proofs/bignum_optsubadd.ml @@ -60,7 +60,7 @@ let BIGNUM_OPTSUBADD_CORRECT = prove iword(int_sgn(ival p) * (&a + int_sgn(ival p) * &b) div &2 pow (64 * val k))) (MAYCHANGE [PC; X0; X3; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_pow2.ml b/arm/proofs/bignum_pow2.ml index 90aaef56..4f5d0d6a 100644 --- a/arm/proofs/bignum_pow2.ml +++ b/arm/proofs/bignum_pow2.ml @@ -46,7 +46,7 @@ let BIGNUM_POW2_CORRECT = prove bignum_from_memory (z,val k) s = lowdigits (2 EXP (val n)) (val k)) (MAYCHANGE [PC; X2; X3; X4; X5] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val k)])`, W64_GEN_TAC `k:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `n:num` THEN X_GEN_TAC `pc:num` THEN diff --git a/arm/proofs/bignum_shl_small.ml b/arm/proofs/bignum_shl_small.ml index 8e26b097..cf77bc36 100644 --- a/arm/proofs/bignum_shl_small.ml +++ b/arm/proofs/bignum_shl_small.ml @@ -82,7 +82,7 @@ let BIGNUM_SHL_SMALL_CORRECT = prove ==> C_RETURN s = word(highdigits (2 EXP (val c MOD 64) * a) (val p)))) (MAYCHANGE [PC; X0; X2; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val p)])`, W64_GEN_TAC `p:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `n:num` THEN X_GEN_TAC `x:int64` THEN diff --git a/arm/proofs/bignum_shr_small.ml b/arm/proofs/bignum_shr_small.ml index 63229a52..41d2cff4 100644 --- a/arm/proofs/bignum_shr_small.ml +++ b/arm/proofs/bignum_shr_small.ml @@ -92,7 +92,7 @@ let BIGNUM_SHR_SMALL_CORRECT = prove lowdigits (a DIV 2 EXP (val c MOD 64)) (val p) /\ C_RETURN s = word(a MOD 2 EXP (val c MOD 64))) (MAYCHANGE [PC; X0; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val p)])`, W64_GEN_TAC `p:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `n:num` THEN X_GEN_TAC `x:int64` THEN diff --git a/arm/proofs/bignum_sqr.ml b/arm/proofs/bignum_sqr.ml index 46f00d0e..d5549ee6 100644 --- a/arm/proofs/bignum_sqr.ml +++ b/arm/proofs/bignum_sqr.ml @@ -85,7 +85,7 @@ let BIGNUM_SQR_CORRECT = prove bignum_from_memory(z,val p) s = lowdigits (a EXP 2) (val p)) (MAYCHANGE [PC; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val p)])`, MAP_EVERY W64_GEN_TAC [`p:num`; `n:num`] THEN MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_sqr_4_8.ml b/arm/proofs/bignum_sqr_4_8.ml index 13474811..6a7763e5 100644 --- a/arm/proofs/bignum_sqr_4_8.ml +++ b/arm/proofs/bignum_sqr_4_8.ml @@ -152,7 +152,7 @@ let BIGNUM_SQR_4_8_CORRECT = prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(z,8 * 8)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_sqr_4_8_alt.ml b/arm/proofs/bignum_sqr_4_8_alt.ml index 890da3ed..1fd6a2a6 100644 --- a/arm/proofs/bignum_sqr_4_8_alt.ml +++ b/arm/proofs/bignum_sqr_4_8_alt.ml @@ -86,7 +86,7 @@ let BIGNUM_SQR_4_8_ALT_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(z,8 * 8)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_sqr_6_12.ml b/arm/proofs/bignum_sqr_6_12.ml index 00fd14d7..adf97b4b 100644 --- a/arm/proofs/bignum_sqr_6_12.ml +++ b/arm/proofs/bignum_sqr_6_12.ml @@ -227,7 +227,7 @@ let BIGNUM_SQR_6_12_CORRECT = prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 12)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_sqr_6_12_alt.ml b/arm/proofs/bignum_sqr_6_12_alt.ml index c8037537..7eeaf51a 100644 --- a/arm/proofs/bignum_sqr_6_12_alt.ml +++ b/arm/proofs/bignum_sqr_6_12_alt.ml @@ -137,7 +137,7 @@ let BIGNUM_SQR_6_12_ALT_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, MAYCHANGE [memory :> bytes(z,8 * 12)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_sqr_8_16.ml b/arm/proofs/bignum_sqr_8_16.ml index 9358b480..09132740 100644 --- a/arm/proofs/bignum_sqr_8_16.ml +++ b/arm/proofs/bignum_sqr_8_16.ml @@ -395,7 +395,7 @@ let BIGNUM_SQR_8_16_UNOPT_CORE_CORRECT = prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; fst BIGNUM_SQR_8_16_UNOPT_CORE_EXEC] THEN @@ -507,7 +507,7 @@ let BIGNUM_SQR_8_16_UNOPT_CORRECT = prove( (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_SQR_8_16_UNOPT_CORE_CORRECT bignum_sqr_8_16_unopt_core_mc_def [fst BIGNUM_SQR_8_16_UNOPT_CORE_EXEC;fst BIGNUM_SQR_8_16_UNOPT_EXEC]);; @@ -1095,14 +1095,14 @@ let equiv_goal = mk_equiv_statement_simple `MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]` bignum_sqr_8_16_core_mc `MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5; Q6; Q7; Q16; Q17; Q18; Q19; Q20; Q21; Q22; Q23; Q30] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`;; let _org_extra_word_CONV = !extra_word_CONV;; extra_word_CONV := @@ -1197,7 +1197,7 @@ let BIGNUM_SQR_8_16_CORE_CORRECT = prove( MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5; Q6; Q7; Q16; Q17; Q18; Q19; Q20; Q21; Q22; Q23; Q30] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, let mc_lengths_th = map fst [BIGNUM_SQR_8_16_UNOPT_CORE_EXEC; BIGNUM_SQR_8_16_CORE_EXEC] in @@ -1274,7 +1274,7 @@ let BIGNUM_SQR_8_16_CORRECT = prove( MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5; Q6; Q7; Q16; Q17; Q18; Q19; Q20; Q21; Q22; Q23; Q30] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_SQR_8_16_CORE_CORRECT bignum_sqr_8_16_core_mc_def diff --git a/arm/proofs/bignum_sqr_8_16_alt.ml b/arm/proofs/bignum_sqr_8_16_alt.ml index 10cd988e..7dcc7ac8 100644 --- a/arm/proofs/bignum_sqr_8_16_alt.ml +++ b/arm/proofs/bignum_sqr_8_16_alt.ml @@ -211,7 +211,7 @@ let BIGNUM_SQR_8_16_ALT_CORRECT = time prove X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE [memory :> bytes(z,8 * 16)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_sqr_p25519.ml b/arm/proofs/bignum_sqr_p25519.ml index 11db7bbf..8d12b5f9 100644 --- a/arm/proofs/bignum_sqr_p25519.ml +++ b/arm/proofs/bignum_sqr_p25519.ml @@ -227,7 +227,7 @@ let BIGNUM_SQR_P25519_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_sqr_p25519_alt.ml b/arm/proofs/bignum_sqr_p25519_alt.ml index 1ed59574..814afaa9 100644 --- a/arm/proofs/bignum_sqr_p25519_alt.ml +++ b/arm/proofs/bignum_sqr_p25519_alt.ml @@ -116,7 +116,7 @@ let BIGNUM_SQR_P25519_ALT_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_sqr_p256k1.ml b/arm/proofs/bignum_sqr_p256k1.ml index 69d936aa..cc8c4661 100644 --- a/arm/proofs/bignum_sqr_p256k1.ml +++ b/arm/proofs/bignum_sqr_p256k1.ml @@ -199,7 +199,7 @@ let BIGNUM_SQR_P256K1_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_sqr_p256k1_alt.ml b/arm/proofs/bignum_sqr_p256k1_alt.ml index f970d97c..6a0471ec 100644 --- a/arm/proofs/bignum_sqr_p256k1_alt.ml +++ b/arm/proofs/bignum_sqr_p256k1_alt.ml @@ -124,7 +124,7 @@ let BIGNUM_SQR_P256K1_ALT_CORRECT = time prove (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_sqr_p521.ml b/arm/proofs/bignum_sqr_p521.ml index 9a27435b..279fd5e9 100644 --- a/arm/proofs/bignum_sqr_p521.ml +++ b/arm/proofs/bignum_sqr_p521.ml @@ -494,7 +494,7 @@ let BIGNUM_SQR_P521_UNOPT_CORE_CORRECT = time prove ==> bignum_from_memory (z,9) s = (n EXP 2) MOD p_521)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN @@ -1158,7 +1158,7 @@ let BIGNUM_SQR_P521_UNOPT_CORRECT = time prove ==> bignum_from_memory (z,9) s = (n EXP 2) MOD p_521)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, ARM_SUB_LIST_OF_MC_TAC BIGNUM_SQR_P521_UNOPT_CORE_CORRECT @@ -1768,13 +1768,13 @@ let equiv_goal1 = mk_equiv_statement_simple bignum_sqr_p521_unopt_core_mc `MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]` bignum_sqr_p521_interm1_core_mc `MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]`;; let _org_extra_word_CONV = !extra_word_CONV;; @@ -1848,13 +1848,13 @@ let equiv_goal2 = mk_equiv_statement_simple `MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]` bignum_sqr_p521_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]`;; @@ -1915,13 +1915,13 @@ let equiv_goal = mk_equiv_statement_simple bignum_sqr_p521_unopt_core_mc `MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]` bignum_sqr_p521_core_mc `MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)]`;; let sqr_p521_eqout_TRANS = prove( @@ -2024,7 +2024,7 @@ let BIGNUM_SQR_P521_CORE_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, REPEAT GEN_TAC THEN @@ -2067,7 +2067,7 @@ let BIGNUM_SQR_P521_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, ARM_SUB_LIST_OF_MC_TAC diff --git a/arm/proofs/bignum_sqr_p521_alt.ml b/arm/proofs/bignum_sqr_p521_alt.ml index e723219d..3038b985 100644 --- a/arm/proofs/bignum_sqr_p521_alt.ml +++ b/arm/proofs/bignum_sqr_p521_alt.ml @@ -277,7 +277,7 @@ let BIGNUM_SQR_P521_ALT_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_sqrt_p25519.ml b/arm/proofs/bignum_sqrt_p25519.ml index 2fddc7e7..f193bd3f 100644 --- a/arm/proofs/bignum_sqrt_p25519.ml +++ b/arm/proofs/bignum_sqrt_p25519.ml @@ -669,7 +669,7 @@ let LOCAL_MUL_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -1115,7 +1115,7 @@ let LOCAL_NSQR_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -1679,7 +1679,7 @@ let BIGNUM_SQRT_P25519_CORRECT = time prove ==> (bignum_from_memory (z,4) s EXP 2 == n) (mod p_25519))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,128)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_sqrt_p25519_alt.ml b/arm/proofs/bignum_sqrt_p25519_alt.ml index 29a1ef86..af4a2c96 100644 --- a/arm/proofs/bignum_sqrt_p25519_alt.ml +++ b/arm/proofs/bignum_sqrt_p25519_alt.ml @@ -428,7 +428,7 @@ let LOCAL_MUL_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -591,7 +591,7 @@ let LOCAL_NSQR_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -969,7 +969,7 @@ let BIGNUM_SQRT_P25519_ALT_CORRECT = time prove ==> (bignum_from_memory (z,4) s EXP 2 == n) (mod p_25519))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 4); memory :> bytes(stackpointer,128)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/bignum_sub.ml b/arm/proofs/bignum_sub.ml index b5977580..a3098e34 100644 --- a/arm/proofs/bignum_sub.ml +++ b/arm/proofs/bignum_sub.ml @@ -96,7 +96,7 @@ let BIGNUM_SUB_CORRECT = prove 2 EXP (64 * val p) * val(C_RETURN s) + lowdigits a (val p) = bignum_from_memory (z,val p) s + lowdigits b (val p)) (MAYCHANGE [PC; X0; X2; X4; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,val p)])`, W64_GEN_TAC `p:num` THEN X_GEN_TAC `z:int64` THEN W64_GEN_TAC `m:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `a:num`] THEN diff --git a/arm/proofs/bignum_sub_p25519.ml b/arm/proofs/bignum_sub_p25519.ml index 3c789ff4..b17e5d5b 100644 --- a/arm/proofs/bignum_sub_p25519.ml +++ b/arm/proofs/bignum_sub_p25519.ml @@ -55,7 +55,7 @@ let BIGNUM_SUB_P25519_CORRECT = time prove (m < p_25519 /\ n < p_25519 ==> &(bignum_from_memory (z,4) s) = (&m - &n) rem &p_25519)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_sub_p256.ml b/arm/proofs/bignum_sub_p256.ml index c5c56ea0..26c22831 100644 --- a/arm/proofs/bignum_sub_p256.ml +++ b/arm/proofs/bignum_sub_p256.ml @@ -55,7 +55,7 @@ let BIGNUM_SUB_P256_CORRECT = time prove (m < p_256 /\ n < p_256 ==> &(bignum_from_memory (z,4) s) = (&m - &n) rem &p_256)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_sub_p256k1.ml b/arm/proofs/bignum_sub_p256k1.ml index 483fdad2..b7d31916 100644 --- a/arm/proofs/bignum_sub_p256k1.ml +++ b/arm/proofs/bignum_sub_p256k1.ml @@ -55,7 +55,7 @@ let BIGNUM_SUB_P256K1_CORRECT = time prove (m < p_256k1 /\ n < p_256k1 ==> &(bignum_from_memory (z,4) s) = (&m - &n) rem &p_256k1)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_sub_p384.ml b/arm/proofs/bignum_sub_p384.ml index 2a6f4dc1..4852fa2f 100644 --- a/arm/proofs/bignum_sub_p384.ml +++ b/arm/proofs/bignum_sub_p384.ml @@ -65,7 +65,7 @@ let BIGNUM_SUB_P384_CORRECT = time prove (m < p_384 /\ n < p_384 ==> &(bignum_from_memory (z,6) s) = (&m - &n) rem &p_384)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_sub_p521.ml b/arm/proofs/bignum_sub_p521.ml index 6e27d007..a23bc28b 100644 --- a/arm/proofs/bignum_sub_p521.ml +++ b/arm/proofs/bignum_sub_p521.ml @@ -72,7 +72,7 @@ let BIGNUM_SUB_P521_CORRECT = time prove (m < p_521 /\ n < p_521 ==> &(bignum_from_memory (z,9) s) = (&m - &n) rem &p_521)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_sub_sm2.ml b/arm/proofs/bignum_sub_sm2.ml index b753bc1f..0f831675 100644 --- a/arm/proofs/bignum_sub_sm2.ml +++ b/arm/proofs/bignum_sub_sm2.ml @@ -55,7 +55,7 @@ let BIGNUM_SUB_SM2_CORRECT = time prove (m < p_sm2 /\ n < p_sm2 ==> &(bignum_from_memory (z,4) s) = (&m - &n) rem &p_sm2)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_tolebytes_p521.ml b/arm/proofs/bignum_tolebytes_p521.ml index edd78ff7..df7b2121 100644 --- a/arm/proofs/bignum_tolebytes_p521.ml +++ b/arm/proofs/bignum_tolebytes_p521.ml @@ -167,7 +167,7 @@ let BIGNUM_TOLEBYTES_P521_CORRECT = time prove bignum_from_memory(x,9) s = n) (\s. read PC s = word (pc + 0x210) /\ read (memory :> bytelist(z,66)) s = bytelist_of_num 66 n) - (MAYCHANGE [PC; X2] ,, + (MAYCHANGE [PC; X2] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,66)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_tomont_p256.ml b/arm/proofs/bignum_tomont_p256.ml index 7a244f73..ddbb6d4c 100644 --- a/arm/proofs/bignum_tomont_p256.ml +++ b/arm/proofs/bignum_tomont_p256.ml @@ -317,7 +317,7 @@ let BIGNUM_TOMONT_P256_CORRECT = time prove bignum_from_memory (z,4) s = (2 EXP 256 * a) MOD p_256) (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_tomont_p256k1.ml b/arm/proofs/bignum_tomont_p256k1.ml index 9ebaa0b4..8bce3f25 100644 --- a/arm/proofs/bignum_tomont_p256k1.ml +++ b/arm/proofs/bignum_tomont_p256k1.ml @@ -76,7 +76,7 @@ let BIGNUM_TOMONT_P256K1_CORRECT = time prove bignum_from_memory (z,4) s = (2 EXP 256 * a) MOD p_256k1) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_tomont_p384.ml b/arm/proofs/bignum_tomont_p384.ml index 70d5140c..251ac5a5 100644 --- a/arm/proofs/bignum_tomont_p384.ml +++ b/arm/proofs/bignum_tomont_p384.ml @@ -402,7 +402,7 @@ let BIGNUM_TOMONT_P384_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12] ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_tomont_p521.ml b/arm/proofs/bignum_tomont_p521.ml index a199eaa4..3201fe05 100644 --- a/arm/proofs/bignum_tomont_p521.ml +++ b/arm/proofs/bignum_tomont_p521.ml @@ -127,7 +127,7 @@ let BIGNUM_TOMONT_P521_CORRECT = time prove (\s. read PC s = word (pc + 0xac) /\ bignum_from_memory (z,9) s = (2 EXP 576 * n) MOD p_521) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN diff --git a/arm/proofs/bignum_tomont_sm2.ml b/arm/proofs/bignum_tomont_sm2.ml index 180663c5..2d6bde9f 100644 --- a/arm/proofs/bignum_tomont_sm2.ml +++ b/arm/proofs/bignum_tomont_sm2.ml @@ -147,7 +147,7 @@ let BIGNUM_TOMONT_SM2_CORRECT = time prove bignum_from_memory (z,4) s = (2 EXP 256 * a) MOD p_sm2) (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_triple_p256.ml b/arm/proofs/bignum_triple_p256.ml index ce5598ff..43d5536c 100644 --- a/arm/proofs/bignum_triple_p256.ml +++ b/arm/proofs/bignum_triple_p256.ml @@ -76,7 +76,7 @@ let BIGNUM_TRIPLE_P256_CORRECT = time prove (\s. read PC s = word (pc + 0x80) /\ bignum_from_memory (z,4) s = (3 * n) MOD p_256) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_triple_p256k1.ml b/arm/proofs/bignum_triple_p256k1.ml index 0af39a31..fdf6d277 100644 --- a/arm/proofs/bignum_triple_p256k1.ml +++ b/arm/proofs/bignum_triple_p256k1.ml @@ -72,7 +72,7 @@ let BIGNUM_TRIPLE_P256K1_CORRECT = time prove bignum_from_memory (z,4) s = (3 * a) MOD p_256k1) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `a:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN diff --git a/arm/proofs/bignum_triple_p384.ml b/arm/proofs/bignum_triple_p384.ml index 129328e8..95343f3c 100644 --- a/arm/proofs/bignum_triple_p384.ml +++ b/arm/proofs/bignum_triple_p384.ml @@ -86,7 +86,7 @@ let BIGNUM_TRIPLE_P384_CORRECT = time prove (\s. read PC s = word (pc + 0xa8) /\ bignum_from_memory (z,6) s = (3 * n) MOD p_384) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_triple_p521.ml b/arm/proofs/bignum_triple_p521.ml index 031e2daa..2c976bd7 100644 --- a/arm/proofs/bignum_triple_p521.ml +++ b/arm/proofs/bignum_triple_p521.ml @@ -127,7 +127,7 @@ let BIGNUM_TRIPLE_P521_CORRECT = time prove (n < p_521 ==> bignum_from_memory (z,9) s = (3 * n) MOD p_521)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/bignum_triple_sm2.ml b/arm/proofs/bignum_triple_sm2.ml index a2e95d34..18bb8612 100644 --- a/arm/proofs/bignum_triple_sm2.ml +++ b/arm/proofs/bignum_triple_sm2.ml @@ -72,7 +72,7 @@ let BIGNUM_TRIPLE_SM2_CORRECT = time prove (\s. read PC s = word (pc + 0x70) /\ bignum_from_memory (z,4) s = (3 * n) MOD p_sm2) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`] THEN diff --git a/arm/proofs/curve25519_ladderstep.ml b/arm/proofs/curve25519_ladderstep.ml index 1f749a9e..92dab2b9 100644 --- a/arm/proofs/curve25519_ladderstep.ml +++ b/arm/proofs/curve25519_ladderstep.ml @@ -1831,7 +1831,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2274,7 +2274,7 @@ let LOCAL_SQR_P25519_TAC = (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2642,7 +2642,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3065,7 +3065,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3403,7 +3403,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3453,7 +3453,7 @@ let LOCAL_SUB_4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3517,7 +3517,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3589,7 +3589,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3661,7 +3661,7 @@ let LOCAL_CMADD_4_TAC = 121666 * m + n) (mod p_25519)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3802,7 +3802,7 @@ let LOCAL_MUX_4_TAC = (\s. read PC s = pcout /\ read(memory :> bytes(word_add (read p3 t) (word n3),8 * 4)) s = (if b then n else m)) - (MAYCHANGE [PC; X0; X1; X2; X3] ,, + (MAYCHANGE [PC; X0; X1; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3846,6 +3846,7 @@ let LOCAL_MUXPAIR_4_TAC = read(memory :> bytes(word_add (read p4 t) (word n4),8 * 4)) s = (if b then n else m)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, + MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4); memory :> bytes(word_add (read p4 t) (word n4),8 * 4)])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -3897,7 +3898,7 @@ let CURVE25519_LADDERSTEP_CORRECT = time prove (montgomery_ladderstep curve25519 (~(b = word 0)) Q Qm Qn)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(rr,128); memory :> bytes(stackpointer,288)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/curve25519_ladderstep_alt.ml b/arm/proofs/curve25519_ladderstep_alt.ml index 0ae29892..f1be8243 100644 --- a/arm/proofs/curve25519_ladderstep_alt.ml +++ b/arm/proofs/curve25519_ladderstep_alt.ml @@ -1097,7 +1097,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1257,7 +1257,7 @@ let LOCAL_SQR_P25519_TAC = (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1423,7 +1423,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1578,7 +1578,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1731,7 +1731,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1781,7 +1781,7 @@ let LOCAL_SUB_4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1845,7 +1845,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1917,7 +1917,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1989,7 +1989,7 @@ let LOCAL_CMADD_4_TAC = 121666 * m + n) (mod p_25519)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2130,7 +2130,7 @@ let LOCAL_MUX_4_TAC = (\s. read PC s = pcout /\ read(memory :> bytes(word_add (read p3 t) (word n3),8 * 4)) s = (if b then n else m)) - (MAYCHANGE [PC; X0; X1; X2; X3] ,, + (MAYCHANGE [PC; X0; X1; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2174,6 +2174,7 @@ let LOCAL_MUXPAIR_4_TAC = read(memory :> bytes(word_add (read p4 t) (word n4),8 * 4)) s = (if b then n else m)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, + MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4); memory :> bytes(word_add (read p4 t) (word n4),8 * 4)])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -2225,7 +2226,7 @@ let CURVE25519_LADDERSTEP_ALT_CORRECT = time prove (montgomery_ladderstep curve25519 (~(b = word 0)) Q Qm Qn)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(rr,128); memory :> bytes(stackpointer,288)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/curve25519_pxscalarmul.ml b/arm/proofs/curve25519_pxscalarmul.ml index 6b08de50..38dda7f7 100644 --- a/arm/proofs/curve25519_pxscalarmul.ml +++ b/arm/proofs/curve25519_pxscalarmul.ml @@ -1844,7 +1844,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2287,7 +2287,7 @@ let LOCAL_SQR_P25519_TAC = (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2655,7 +2655,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3078,7 +3078,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3416,7 +3416,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3466,7 +3466,7 @@ let LOCAL_SUB_4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3530,7 +3530,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3602,7 +3602,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3674,7 +3674,7 @@ let LOCAL_CMADD_4_TAC = 121666 * m + n) (mod p_25519)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3816,7 +3816,7 @@ let LOCAL_MUX_4_TAC = (\s. read PC s = pcout /\ read(memory :> bytes(word_add (read p3 t) (word n3),8 * 4)) s = (if b then n else m)) - (MAYCHANGE [PC; X0; X1; X2; X3] ,, + (MAYCHANGE [PC; X0; X1; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3921,7 +3921,7 @@ let CURVE25519_PXSCALARMUL_CORRECT = time prove (bignum_pair_from_memory(res,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,64); memory :> bytes(stackpointer,256)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/curve25519_pxscalarmul_alt.ml b/arm/proofs/curve25519_pxscalarmul_alt.ml index abd094f6..c0f49b26 100644 --- a/arm/proofs/curve25519_pxscalarmul_alt.ml +++ b/arm/proofs/curve25519_pxscalarmul_alt.ml @@ -1110,7 +1110,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1270,7 +1270,7 @@ let LOCAL_SQR_P25519_TAC = (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1436,7 +1436,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1591,7 +1591,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1744,7 +1744,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1794,7 +1794,7 @@ let LOCAL_SUB_4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1858,7 +1858,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1930,7 +1930,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2002,7 +2002,7 @@ let LOCAL_CMADD_4_TAC = 121666 * m + n) (mod p_25519)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2144,7 +2144,7 @@ let LOCAL_MUX_4_TAC = (\s. read PC s = pcout /\ read(memory :> bytes(word_add (read p3 t) (word n3),8 * 4)) s = (if b then n else m)) - (MAYCHANGE [PC; X0; X1; X2; X3] ,, + (MAYCHANGE [PC; X0; X1; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2249,7 +2249,7 @@ let CURVE25519_PXSCALARMUL_ALT_CORRECT = time prove (bignum_pair_from_memory(res,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,64); memory :> bytes(stackpointer,256)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/curve25519_x25519.ml b/arm/proofs/curve25519_x25519.ml index e6039959..95a1cc80 100644 --- a/arm/proofs/curve25519_x25519.ml +++ b/arm/proofs/curve25519_x25519.ml @@ -3416,7 +3416,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4111,7 +4111,7 @@ let CURVE25519_X25519_CORRECT = time prove MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5; Q6; Q7; Q8; Q9; Q10; Q11; Q12; Q13; Q14; Q15; Q16; Q17; Q18; Q19; Q20; Q21; Q22; Q23; Q24; Q25; Q26; Q27; Q28; Q29; Q30; Q31] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,32); memory :> bytes(stackpointer,224)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/curve25519_x25519_alt.ml b/arm/proofs/curve25519_x25519_alt.ml index 31c1d941..27f748c5 100644 --- a/arm/proofs/curve25519_x25519_alt.ml +++ b/arm/proofs/curve25519_x25519_alt.ml @@ -3850,7 +3850,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4015,7 +4015,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4169,7 +4169,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4321,7 +4321,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4398,7 +4398,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4475,7 +4475,7 @@ let LOCAL_CMADD_4_TAC = 121666 * m + n) (mod p_25519)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4616,7 +4616,7 @@ let LOCAL_MUX_4_TAC = (\s. read PC s = pcout /\ read(memory :> bytes(word_add (read p3 t) (word n3),8 * 4)) s = (if b then n else m)) - (MAYCHANGE [PC; X0; X1; X2; X3] ,, + (MAYCHANGE [PC; X0; X1; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4919,7 +4919,7 @@ let CURVE25519_X25519_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,32); memory :> bytes(stackpointer,320)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/curve25519_x25519_byte.ml b/arm/proofs/curve25519_x25519_byte.ml index bb264515..62d023ca 100644 --- a/arm/proofs/curve25519_x25519_byte.ml +++ b/arm/proofs/curve25519_x25519_byte.ml @@ -3594,7 +3594,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4289,7 +4289,7 @@ let CURVE25519_X25519_BYTE_CORRECT = time prove MAYCHANGE [Q0; Q1; Q2; Q3; Q4; Q5; Q6; Q7; Q8; Q9; Q10; Q11; Q12; Q13; Q14; Q15; Q16; Q17; Q18; Q19; Q20; Q21; Q22; Q23; Q24; Q25; Q26; Q27; Q28; Q29; Q30; Q31] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,32); memory :> bytes(stackpointer,224)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/curve25519_x25519_byte_alt.ml b/arm/proofs/curve25519_x25519_byte_alt.ml index 0918efbd..1832ec84 100644 --- a/arm/proofs/curve25519_x25519_byte_alt.ml +++ b/arm/proofs/curve25519_x25519_byte_alt.ml @@ -4028,7 +4028,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4193,7 +4193,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4347,7 +4347,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4499,7 +4499,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4576,7 +4576,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4653,7 +4653,7 @@ let LOCAL_CMADD_4_TAC = 121666 * m + n) (mod p_25519)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -4794,7 +4794,7 @@ let LOCAL_MUX_4_TAC = (\s. read PC s = pcout /\ read(memory :> bytes(word_add (read p3 t) (word n3),8 * 4)) s = (if b then n else m)) - (MAYCHANGE [PC; X0; X1; X2; X3] ,, + (MAYCHANGE [PC; X0; X1; X2; X3] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -5097,7 +5097,7 @@ let CURVE25519_X25519_BYTE_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,32); memory :> bytes(stackpointer,320)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/curve25519_x25519base.ml b/arm/proofs/curve25519_x25519base.ml index 4df38235..5e861f61 100644 --- a/arm/proofs/curve25519_x25519base.ml +++ b/arm/proofs/curve25519_x25519base.ml @@ -6078,7 +6078,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6526,7 +6526,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6946,7 +6946,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -7016,7 +7016,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -7090,7 +7090,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -7176,7 +7176,7 @@ let CURVE25519_X25519BASE_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,32); memory :> bytes(stackpointer,448)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/curve25519_x25519base_alt.ml b/arm/proofs/curve25519_x25519base_alt.ml index f6eb12cc..2dba3c83 100644 --- a/arm/proofs/curve25519_x25519base_alt.ml +++ b/arm/proofs/curve25519_x25519base_alt.ml @@ -5352,7 +5352,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5517,7 +5517,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5669,7 +5669,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5739,7 +5739,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5813,7 +5813,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5899,7 +5899,7 @@ let CURVE25519_X25519BASE_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,32); memory :> bytes(stackpointer,448)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/curve25519_x25519base_byte.ml b/arm/proofs/curve25519_x25519base_byte.ml index 7e4b1570..411fe423 100644 --- a/arm/proofs/curve25519_x25519base_byte.ml +++ b/arm/proofs/curve25519_x25519base_byte.ml @@ -6196,7 +6196,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6654,7 +6654,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -7084,7 +7084,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -7154,7 +7154,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -7228,7 +7228,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -7314,7 +7314,7 @@ let CURVE25519_X25519BASE_BYTE_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,32); memory :> bytes(stackpointer,448)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/curve25519_x25519base_byte_alt.ml b/arm/proofs/curve25519_x25519base_byte_alt.ml index 86981371..0bf029c2 100644 --- a/arm/proofs/curve25519_x25519base_byte_alt.ml +++ b/arm/proofs/curve25519_x25519base_byte_alt.ml @@ -5472,7 +5472,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5637,7 +5637,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5789,7 +5789,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5859,7 +5859,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5933,7 +5933,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6019,7 +6019,7 @@ let CURVE25519_X25519BASE_BYTE_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,32); memory :> bytes(stackpointer,448)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/decode.ml b/arm/proofs/decode.ml index 3523fe2b..1c392667 100644 --- a/arm/proofs/decode.ml +++ b/arm/proofs/decode.ml @@ -1014,20 +1014,42 @@ let PURE_DECODE_CONV = int_compute_add_convs rw; num_compute_add_convs rw; add_thms [obind; LET_END_DEF] rw; - add_conv (`_BITMATCH:(N)word->(num->B->bool)->B`, 2, BITMATCH_MEMO_CONV) rw; + (* Do not add _BITMATCH. These will be covered by conceal_bitmatch. *) add_conv (`_MATCH:A->(A->B->bool)->B`, 2, MATCH_CONV) rw; + (* components and instructions *) List.iter (fun tm -> add_conv (tm, 1, REG_CONV) rw) [`XREG'`; `WREG'`; `QREG'`; `DREG'`; `XREG_SP`; `WREG_SP`]; add_thms [arm_adcop; arm_addop; arm_adv_simd_expand_imm; - arm_bfmop; arm_ccop; arm_csop; arm_logop; arm_lsvop; + arm_bfmop; arm_ccop; arm_csop; arm_ldst; arm_ldst_q; arm_ldst_d; arm_ldstb; arm_ldstp; arm_ldstp_q; arm_ldstp_d; - arm_ldst2; arm_movop] rw; + arm_ldst2] rw; + (* .. that have bitmatch exprs inside *) + List.iter (fun def_th -> + let Some (conceal_th, opaque_const, opaque_arity, opaque_def, opaque_conv) = + conceal_bitmatch (concl def_th) in + (* bitmatch concealed under opaque_const *) + let concealed_def_th = GEN_REWRITE_RULE I [conceal_th] def_th in + add_thms [concealed_def_th] rw; + (* add a conversion for this *) + add_conv (opaque_const, opaque_arity, opaque_conv) rw + ) [arm_logop; arm_movop; arm_lsvop]; + add_thms [QLANE] rw; add_conv (`Condition`, 1, CONDITION_CONV) rw; (* decode functions *) - add_thms [decode; decode_encode_BL] rw; - add_thms [decode_shift; decode_extendtype] rw; + add_thms [decode_encode_BL] rw; add_conv (`decode_bitmask`, 3, DECODE_BITMASK_CONV) rw; + (* .. that have bitmatch exprs inside *) + List.iter (fun def_th -> + let Some (conceal_th, opaque_const, opaque_arity, opaque_def, opaque_conv) = + conceal_bitmatch (concl def_th) in + (* bitmatch concealed under opaque_const *) + let concealed_def_th = GEN_REWRITE_RULE I [conceal_th] def_th in + add_thms [concealed_def_th] rw; + (* add a conversion for this *) + add_conv (opaque_const, opaque_arity, opaque_conv) rw + ) [decode; decode_shift; decode_extendtype]; + rw in let the_conv = WEAK_CBV_CONV decode_rw in fun t -> diff --git a/arm/proofs/edwards25519_decode.ml b/arm/proofs/edwards25519_decode.ml index b8769d75..5d9fd1ef 100644 --- a/arm/proofs/edwards25519_decode.ml +++ b/arm/proofs/edwards25519_decode.ml @@ -783,7 +783,7 @@ let LOCAL_MUL_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -1229,7 +1229,7 @@ let LOCAL_NSQR_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -1850,7 +1850,7 @@ let EDWARDS25519_DECODE_CORRECT = time prove (ed25519_decode n))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 8); memory :> bytes(stackpointer,192)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/edwards25519_decode_alt.ml b/arm/proofs/edwards25519_decode_alt.ml index c934dca8..c4a05258 100644 --- a/arm/proofs/edwards25519_decode_alt.ml +++ b/arm/proofs/edwards25519_decode_alt.ml @@ -542,7 +542,7 @@ let LOCAL_MUL_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -705,7 +705,7 @@ let LOCAL_NSQR_P25519_CORRECT = time prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, X_GEN_TAC `z:int64` THEN W64_GEN_TAC `k:num` THEN MAP_EVERY X_GEN_TAC [`x:int64`; `n:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN @@ -1140,7 +1140,7 @@ let EDWARDS25519_DECODE_ALT_CORRECT = time prove (ed25519_decode n))) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,8 * 8); memory :> bytes(stackpointer,192)])`, MAP_EVERY X_GEN_TAC diff --git a/arm/proofs/edwards25519_encode.ml b/arm/proofs/edwards25519_encode.ml index eaa4b796..0c828d31 100644 --- a/arm/proofs/edwards25519_encode.ml +++ b/arm/proofs/edwards25519_encode.ml @@ -110,7 +110,7 @@ let EDWARDS25519_ENCODE_CORRECT = time prove (x < p_25519 /\ y < p_25519 ==> read (memory :> bytelist(z,32)) s = bytelist_of_num 32 (ed25519_encode (&x,&y)))) - (MAYCHANGE [PC; X2; X3; X4; X5; X6] ,, + (MAYCHANGE [PC; X2; X3; X4; X5; X6] ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(z,32)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `p:int64`; `x:num`; `y:num`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; diff --git a/arm/proofs/edwards25519_epadd.ml b/arm/proofs/edwards25519_epadd.ml index c5231f8e..0df1f08b 100644 --- a/arm/proofs/edwards25519_epadd.ml +++ b/arm/proofs/edwards25519_epadd.ml @@ -1930,7 +1930,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2380,7 +2380,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2802,7 +2802,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2847,7 +2847,7 @@ let LOCAL_DOUBLE_4_TAC = 2 * n)) (MAYCHANGE [PC; X0; X1; X2; X3] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2896,7 +2896,7 @@ let LOCAL_SUB_4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2961,7 +2961,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3034,7 +3034,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3104,7 +3104,7 @@ let EDWARDS25519_EPADD_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/edwards25519_epadd_alt.ml b/arm/proofs/edwards25519_epadd_alt.ml index f4e24c4d..a1889362 100644 --- a/arm/proofs/edwards25519_epadd_alt.ml +++ b/arm/proofs/edwards25519_epadd_alt.ml @@ -1120,7 +1120,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1287,7 +1287,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1441,7 +1441,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1486,7 +1486,7 @@ let LOCAL_DOUBLE_4_TAC = 2 * n)) (MAYCHANGE [PC; X0; X1; X2; X3] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1535,7 +1535,7 @@ let LOCAL_SUB_4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1600,7 +1600,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1673,7 +1673,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1743,7 +1743,7 @@ let EDWARDS25519_EPADD_ALT_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/edwards25519_epdouble.ml b/arm/proofs/edwards25519_epdouble.ml index 9b8cb7af..04180fa3 100644 --- a/arm/proofs/edwards25519_epdouble.ml +++ b/arm/proofs/edwards25519_epdouble.ml @@ -1536,7 +1536,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1985,7 +1985,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2323,7 +2323,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2370,7 +2370,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2441,7 +2441,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2516,7 +2516,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2589,7 +2589,7 @@ let EDWARDS25519_EPDOUBLE_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,160)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/edwards25519_epdouble_alt.ml b/arm/proofs/edwards25519_epdouble_alt.ml index 0e069565..3b74c964 100644 --- a/arm/proofs/edwards25519_epdouble_alt.ml +++ b/arm/proofs/edwards25519_epdouble_alt.ml @@ -880,7 +880,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1046,7 +1046,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1199,7 +1199,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1246,7 +1246,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1317,7 +1317,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1392,7 +1392,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1465,7 +1465,7 @@ let EDWARDS25519_EPDOUBLE_ALT_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,160)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/edwards25519_pdouble.ml b/arm/proofs/edwards25519_pdouble.ml index 70cda82a..727579fa 100644 --- a/arm/proofs/edwards25519_pdouble.ml +++ b/arm/proofs/edwards25519_pdouble.ml @@ -1351,7 +1351,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1800,7 +1800,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2138,7 +2138,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2185,7 +2185,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2256,7 +2256,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2331,7 +2331,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2404,7 +2404,7 @@ let EDWARDS25519_PDOUBLE_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,160)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/edwards25519_pdouble_alt.ml b/arm/proofs/edwards25519_pdouble_alt.ml index ad0ff5de..ee9fa62a 100644 --- a/arm/proofs/edwards25519_pdouble_alt.ml +++ b/arm/proofs/edwards25519_pdouble_alt.ml @@ -775,7 +775,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -941,7 +941,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1094,7 +1094,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1141,7 +1141,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1212,7 +1212,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1287,7 +1287,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1360,7 +1360,7 @@ let EDWARDS25519_PDOUBLE_ALT_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,160)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/edwards25519_pepadd.ml b/arm/proofs/edwards25519_pepadd.ml index 1ea6f97e..452dd410 100644 --- a/arm/proofs/edwards25519_pepadd.ml +++ b/arm/proofs/edwards25519_pepadd.ml @@ -1548,7 +1548,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1998,7 +1998,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2420,7 +2420,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2465,7 +2465,7 @@ let LOCAL_DOUBLE_4_TAC = 2 * n)) (MAYCHANGE [PC; X0; X1; X2; X3] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2514,7 +2514,7 @@ let LOCAL_SUB_4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2579,7 +2579,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2652,7 +2652,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2722,7 +2722,7 @@ let EDWARDS25519_PEPADD_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/edwards25519_pepadd_alt.ml b/arm/proofs/edwards25519_pepadd_alt.ml index 692e5923..5c91a141 100644 --- a/arm/proofs/edwards25519_pepadd_alt.ml +++ b/arm/proofs/edwards25519_pepadd_alt.ml @@ -894,7 +894,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1061,7 +1061,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1215,7 +1215,7 @@ let LOCAL_ADD_4_TAC = m + n)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1260,7 +1260,7 @@ let LOCAL_DOUBLE_4_TAC = 2 * n)) (MAYCHANGE [PC; X0; X1; X2; X3] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1309,7 +1309,7 @@ let LOCAL_SUB_4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1374,7 +1374,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1447,7 +1447,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1517,7 +1517,7 @@ let EDWARDS25519_PEPADD_ALT_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/edwards25519_scalarmulbase.ml b/arm/proofs/edwards25519_scalarmulbase.ml index 8e67d30f..296427df 100644 --- a/arm/proofs/edwards25519_scalarmulbase.ml +++ b/arm/proofs/edwards25519_scalarmulbase.ml @@ -6270,7 +6270,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6718,7 +6718,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -7138,7 +7138,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -7208,7 +7208,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -7282,7 +7282,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -7370,7 +7370,7 @@ let EDWARDS25519_SCALARMULBASE_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,64); memory :> bytes(stackpointer,448)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/edwards25519_scalarmulbase_alt.ml b/arm/proofs/edwards25519_scalarmulbase_alt.ml index be2287e7..c6c49572 100644 --- a/arm/proofs/edwards25519_scalarmulbase_alt.ml +++ b/arm/proofs/edwards25519_scalarmulbase_alt.ml @@ -5464,7 +5464,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5629,7 +5629,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5781,7 +5781,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5851,7 +5851,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -5925,7 +5925,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6014,7 +6014,7 @@ let EDWARDS25519_SCALARMULBASE_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,64); memory :> bytes(stackpointer,448)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/edwards25519_scalarmuldouble.ml b/arm/proofs/edwards25519_scalarmuldouble.ml index c84322d4..7584c6a7 100644 --- a/arm/proofs/edwards25519_scalarmuldouble.ml +++ b/arm/proofs/edwards25519_scalarmuldouble.ml @@ -8528,7 +8528,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -8978,7 +8978,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -9402,7 +9402,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -9741,7 +9741,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -9813,7 +9813,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -9890,7 +9890,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -9980,7 +9980,7 @@ let LOCAL_EPDOUBLE_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,160)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN @@ -10087,7 +10087,7 @@ let LOCAL_PDOUBLE_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,160)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN @@ -10201,7 +10201,7 @@ let LOCAL_EPADD_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN @@ -10349,7 +10349,7 @@ let LOCAL_PEPADD_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN @@ -10492,7 +10492,7 @@ let EDWARDS25519_SCALARMULDOUBLE_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,64); memory :> bytes(stackpointer,1632)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/edwards25519_scalarmuldouble_alt.ml b/arm/proofs/edwards25519_scalarmuldouble_alt.ml index c090064a..b863d27b 100644 --- a/arm/proofs/edwards25519_scalarmuldouble_alt.ml +++ b/arm/proofs/edwards25519_scalarmuldouble_alt.ml @@ -5929,7 +5929,7 @@ let LOCAL_MUL_P25519_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6101,7 +6101,7 @@ let LOCAL_MUL_4_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6261,7 +6261,7 @@ let LOCAL_SQR_4_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6415,7 +6415,7 @@ let LOCAL_ADD_TWICE4_TAC = m + n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6487,7 +6487,7 @@ let LOCAL_DOUBLE_TWICE4_TAC = 2 * n) (mod p_25519))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6564,7 +6564,7 @@ let LOCAL_SUB_TWICE4_TAC = &m - &n) (mod (&p_25519)))) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -6654,7 +6654,7 @@ let LOCAL_EPDOUBLE_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,160)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN @@ -6761,7 +6761,7 @@ let LOCAL_PDOUBLE_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,160)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN @@ -6875,7 +6875,7 @@ let LOCAL_EPADD_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN @@ -7023,7 +7023,7 @@ let LOCAL_PEPADD_CORRECT = time prove (bignum_quadruple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,128); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN @@ -7166,7 +7166,7 @@ let EDWARDS25519_SCALARMULDOUBLE_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(res,64); memory :> bytes(stackpointer,1632)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/equiv.ml b/arm/proofs/equiv.ml index b1c43fd5..6a083d79 100644 --- a/arm/proofs/equiv.ml +++ b/arm/proofs/equiv.ml @@ -26,6 +26,11 @@ let get_bytelist_length (ls:term): int = failwith (Printf.sprintf "get_bytelist_length: cannot get the length of `%s`" (string_of_term ls));; +(* returns true if t is `read events `. *) +let is_read_events t = + match t with + | Comb (Comb (Const ("read", _), Const ("events", _)), _) -> true + | _ -> false;; let define_mc_from_intlist (newname:string) (ops:int list) = let charlist = List.concat_map @@ -535,8 +540,6 @@ let ARM_N_STEPS_TAC th snums stname_suffix stnames_no_discard dead_value_info = end) snums;; - - (* ------------------------------------------------------------------------- *) (* Definitions for stating program equivalence. *) (* ------------------------------------------------------------------------- *) @@ -584,7 +587,7 @@ let get_input_output_regs let output_comps: term list ref = ref [] in let normalize_word_expr t = rhs (concl ((DEPTH_CONV NORMALIZE_ADD_SUBTRACT_WORD_CONV THENC REWRITE_CONV[WORD_ADD_0]) t)) in - let is_interesting_reg t = not (is_comb t) && t <> `PC` in + let is_interesting_reg t = not (is_comb t) && t <> `PC` && t <> `events` in let update_comps (pc_begin,pc_end) = (* Input and output components *) for i = pc_begin to pc_end do @@ -805,10 +808,6 @@ let map_output_regs if name_of f <> "arm_decode" then failwith "Unknown inst" else let name_right,comp_updates_right = get_inst_info (last args) in - let find_index f l = - let rec fn l i = - match l with | [] -> None | h::t -> if f h then Some i else fn t (1+i) in - fn l 0 in let update_idx = find_index (fun l,_ -> l = output_reg_right) comp_updates_right in match update_idx with @@ -1018,7 +1017,8 @@ let build_maychanges regs extra = mk_icomb (`MAYCHANGE`,mk_list (qregs, `:(armstate,int128)component`)); mk_icomb (`MAYCHANGE`,mk_list (flags, `:(armstate,bool)component`)); extra; - `MAYCHANGE [PC]`];; + `MAYCHANGE [PC]`; + `MAYCHANGE [events]`];; (* maychanges: `(MAYCHANGE [..] ,, MAYCHANGE ...)` combine MAYCHANGE of fragmented memory accesses of constant sizes into @@ -1121,11 +1121,17 @@ let simplify_maychanges: term -> term = (* now rebuild maychange terms! *) let result = ref zero in - let join_result (comps:term list): unit = - if comps = [] then () else - let mterm = mk_icomb (maychange_const, mk_flist comps) in - if !result = zero then result := mterm - else result := mk_icomb(mk_icomb (seq_const,mterm),!result) in + let rec join_result (comps:term list): unit = + match comps with + | [] -> () + | first_comp::comps -> + let fcty = type_of first_comp in + let comps0,comps1 = List.partition (fun c -> type_of c = fcty) + comps in + let mterm = mk_icomb (maychange_const, mk_flist (first_comp::comps0)) in + (if !result = zero then result := mterm + else result := mk_icomb(mk_icomb (seq_const,mterm),!result)); + join_result comps1 in let _ = join_result !maychange_regs64 in let _ = join_result !maychange_regs128 in let _ = join_result !maychange_others in @@ -1146,6 +1152,12 @@ let simplify_maychanges: term -> term = MAYCHANGE [memory :> bytes64 (x:int64)] ,, MAYCHANGE [memory :> bytes64 (word_add y (word 24))] ,, MAYCHANGE [memory :> bytes64 (word_add y (word 16))]`;; + TODO: + simplify_maychanges + `MAYCHANGE [memory :> bytes64 (word_add z (word (8 * 4 * i)))] ,, + MAYCHANGE [memory :> bytes64 (word_add z (word (8 * 4 * i + 8)))] ,, + MAYCHANGE [memory :> bytes64 (word_add z (word (8 * 4 * i + 16)))] ,, + MAYCHANGE [memory :> bytes64 (word_add z (word (8 * 4 * i + 24)))]`;; *) let SIMPLIFY_MAYCHANGES_TAC = @@ -1393,11 +1405,13 @@ let ARM_N_STEPS_AND_REWRITE_TAC execth (snums:int list) (inst_map: int list) (* Reading flags may not have 'read flag s = ..' form, but just 'read flag s' or '~(read flag s)'. They don't need to be rewritten. - Also, 'read PC' should not be rewritten as well. Collect them + Also, 'read PC' and 'read events' should not be rewritten as well. Collect them separately. *) let new_state_eqs_norewrite,new_state_eqs = List.partition - (fun th -> not (is_eq (concl th)) || (is_read_pc (lhs (concl th)))) + (fun th -> not (is_eq (concl th)) + || (is_read_pc (lhs (concl th))) + || (is_read_events (lhs (concl th)))) new_state_eqs in (* filter out regs from new_state_eqs that are regs_to_avoid_abbrev. diff --git a/arm/proofs/instruction.ml b/arm/proofs/instruction.ml index d583fcda..3c7c6526 100644 --- a/arm/proofs/instruction.ml +++ b/arm/proofs/instruction.ml @@ -7,6 +7,35 @@ (* Simplified model of aarch64 (64-bit ARM) semantics. *) (* ========================================================================= *) +(*** We start with defining an observable microarchitectural event. + *** This is used to describe the safety property of assembly programs such as + *** the constant-time property. + *** We define that an instruction raises an observable microarchitectural + *** event if its cycles/power consumption/anything that can be observed by + *** a side-channel attacker can vary depending on the inputs of + *** the instruction. For example, instructions taking a constant number of + *** cycles like ADD do not raise an observable event, whereas cond branch does. + *** Its kinds (EventLoad/Store/...) describe the events distinguishable from + *** each other by the attacker, and their parameters describe the values + *** that are inputs and/or outputs of the instructions that will affect the + *** observed cycles/etc. + *** An opcode of instruction is not a parameter of the event, even if the + *** number of taken cycles may depend on opcode. This relies on an assumption + *** that a program is public information. + *** One instruction can raise multiple events (e.g., one that reads PC from + *** the memory and jumps to the address, even though this case will not exist + *** in Arm). + ***) +let armevent_INDUCT, armevent_RECURSION = define_type + "armevent = + // (address, byte length) + EventLoad (int64#num) + // (address, byte length) + | EventStore (int64#num) + // (src pc, destination pc) + | EventJump (int64#int64) + ";; + (*** For convenience we lump the stack pointer in as general register 31. *** The indexing is cleaner for a 32-bit enumeration via words, and in *** fact in some settings this may be interpreted correctly when register 31 @@ -26,7 +55,8 @@ let armstate_INDUCT,armstate_RECURSION,armstate_COMPONENTS = registers : 5 word->int64; // 31 general-purpose registers plus SP simdregisters: 5 word->int128; // 32 SIMD registers flags: 4 word; // NZCV flags - memory: 64 word -> byte // memory + memory: 64 word -> byte; // memory + events: armevent list // Observable uarch events }";; let bytes_loaded = new_definition @@ -782,7 +812,7 @@ let MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI = REWRITE_RULE (new_definition `MAYCHANGE_REGS_AND_FLAGS_PERMITTED_BY_ABI = MAYCHANGE [PC] ,, MAYCHANGE MODIFIABLE_GPRS ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE MODIFIABLE_UPPER_SIMD_REGS ,, MAYCHANGE SOME_FLAGS`);; + MAYCHANGE MODIFIABLE_UPPER_SIMD_REGS ,, MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]`);; (* ------------------------------------------------------------------------- *) (* General register-register instructions. *) @@ -893,7 +923,10 @@ let arm_ASRV = define let arm_B = define `arm_B (off:28 word) = - \s. (PC := word_add (word_sub (read PC s) (word 4)) (word_sx off)) s`;; + \s. let pc = word_sub (read PC s) (word 4) in + let pc_next = word_add pc (word_sx off) in + (PC := pc_next ,, + events := CONS (EventJump (pc,pc_next)) (read events s)) s`;; let arm_BFM = define `arm_BFM Rd Rn immr imms = @@ -953,15 +986,20 @@ let arm_BIT = define let arm_BL = define `arm_BL (off:28 word) = - \s. let pc = read PC s in - (X30 := pc ,, - PC := word_add (word_sub pc (word 4)) (word_sx off)) s`;; + \s. let pc_incr = read PC s in + let pc = word_sub pc_incr (word 4) in + let pc_next = word_add pc (word_sx off) in + (X30 := pc_incr ,, + PC := pc_next ,, + events := CONS (EventJump (pc,pc_next)) (read events s)) s`;; let arm_BL_ABSOLUTE = define `arm_BL_ABSOLUTE (target:64 word) = - \s. let pc = read PC s in - (X30 := pc ,, - PC := target) s`;; + \s. let pc_incr = read PC s in + let pc = word_sub pc_incr (word 4) in + (X30 := pc_incr ,, + PC := target ,, + events := CONS (EventJump (pc,target)) (read events s)) s`;; (*** For conditional branches, including CBZ and CBNZ the offset is ***) (*** encoded as a 19-bit word that's turned into a 21-bit word multiplied ***) @@ -969,21 +1007,30 @@ let arm_BL_ABSOLUTE = define let arm_Bcond = define `arm_Bcond cc (off:21 word) = - \s. (PC := if condition_semantics cc s - then word_add (word_sub (read PC s) (word 4)) (word_sx off) - else read PC s) s`;; + \s. let pc = word_sub (read PC s) (word 4) in + let pc_next = if condition_semantics cc s + then word_add pc (word_sx off) + else read PC s in + (PC := pc_next ,, + events := CONS (EventJump (pc,pc_next)) (read events s)) s`;; let arm_CBNZ = define `arm_CBNZ Rt (off:21 word) = - \s. (PC := if ~(read Rt s = word 0) - then word_add (word_sub (read PC s) (word 4)) (word_sx off) - else read PC s) s`;; + \s. let pc = word_sub (read PC s) (word 4) in + let pc_next = if ~(read Rt s = word 0) + then word_add pc (word_sx off) + else read PC s in + (PC := pc_next ,, + events := CONS (EventJump (pc,pc_next)) (read events s)) s`;; let arm_CBZ = define - `arm_CBZ Rt (off:21 word) = - \s. (PC := if read Rt s = word 0 - then word_add (word_sub (read PC s) (word 4)) (word_sx off) - else read PC s) s`;; + `arm_CBZ Rt (off:21 word) = + \s. let pc = word_sub (read PC s) (word 4) in + let pc_next = if read Rt s = word 0 + then word_add pc (word_sx off) + else read PC s in + (PC := pc_next ,, + events := CONS (EventJump (pc,pc_next)) (read events s)) s`;; let arm_CCMN = define `arm_CCMN Rm Rn (nzcv:4 word) cc = @@ -1254,7 +1301,10 @@ let arm_ORR_VEC = define let arm_RET = define `arm_RET Rn = - \s. (PC := read Rn s) s`;; + \s. let pc = word_sub (read PC s) (word 4) in + let pc_next = read Rn s in + (PC := pc_next ,, + events := CONS (EventJump (pc,pc_next)) (read events s)) s`;; let arm_REV64_VEC = define `arm_REV64_VEC Rd Rn esize = @@ -1921,6 +1971,8 @@ let arm_LDR = define (offset_writesback off ==> orthogonal_components Rt Rn) then Rt := read (memory :> wbytes addr) s ,, + events := CONS (EventLoad (addr,dimindex (:N) DIV 8)) + (read events s) ,, (if offset_writesback off then Rn := word_add base (offset_writeback off) else (=)) @@ -1934,6 +1986,8 @@ let arm_STR = define (offset_writesback off ==> orthogonal_components Rt Rn) then memory :> wbytes addr := read Rt s ,, + events := CONS (EventStore (addr,dimindex (:N) DIV 8)) + (read events s) ,, (if offset_writesback off then Rn := word_add base (offset_writeback off) else (=)) @@ -1947,6 +2001,7 @@ let arm_LDRB = define (offset_writesback off ==> orthogonal_components Rt Rn) then Rt := word_zx (read (memory :> bytes8 addr) s) ,, + events := CONS (EventLoad (addr,1)) (read events s) ,, (if offset_writesback off then Rn := word_add base (offset_writeback off) else (=)) @@ -1960,6 +2015,7 @@ let arm_STRB = define (offset_writesback off ==> orthogonal_components Rt Rn) then memory :> bytes8 addr := word_zx (read Rt s) ,, + events := CONS (EventStore (addr,1)) (read events s) ,, (if offset_writesback off then Rn := word_add base (offset_writeback off) else (=)) @@ -1981,6 +2037,7 @@ let arm_LDP = define let w = dimindex(:N) DIV 8 in Rt1 := read (memory :> wbytes addr) s ,, Rt2 := read (memory :> wbytes(word_add addr (word w))) s ,, + events := CONS (EventLoad (addr,2 * w)) (read events s) ,, (if offset_writesback off then Rn := word_add base (offset_writeback off) else (=)) @@ -1998,6 +2055,7 @@ let arm_STP = define let w = dimindex(:N) DIV 8 in memory :> wbytes addr := read Rt1 s ,, memory :> wbytes(word_add addr (word w)) := read Rt2 s ,, + events := CONS (EventStore (addr,2 * w)) (read events s) ,, (if offset_writesback off then Rn := word_add base (offset_writeback off) else (=)) @@ -2115,6 +2173,7 @@ let arm_LD2 = define else if esize = 16 then word_deinterleave8_y tmp else word_deinterleave16_y tmp in (Rt := x),, (Rtt := y) ,, + events := CONS (EventLoad (eaddr,32)) (read events s) ,, (if offset_writesback off then Rn := word_add address (offset_writeback off) else (=)) @@ -2129,6 +2188,7 @@ let arm_LD2 = define else if esize = 16 then word_deinterleave4_y tmp else word_deinterleave8_y tmp in (Rt := word_zx x:(128)word),, (Rtt := word_zx y:(128)word) ,, + events := CONS (EventLoad (eaddr,16)) (read events s) ,, (if offset_writesback off then Rn := word_add address (offset_writeback off) else (=))) @@ -2158,6 +2218,7 @@ let arm_ST2 = define else if esize = 16 then word_interleave4 x y else word_interleave8 x y in memory :> wbytes eaddr := tmp) ,, + events := CONS (EventStore (eaddr,datasize DIV 4)) (read events s) ,, (if offset_writesback off then Rn := word_add address (offset_writeback off) else (=)) @@ -2191,6 +2252,7 @@ let arm_LD1R = define else word_duplicate ((read (memory :> wbytes addr) s):(8)word)) in (Rt := (word_zx replicated):(128)word)) ,, + events := CONS (EventLoad (addr,esize DIV 8)) (read events s) ,, (if offset_writesback off then Rn := word_add base (offset_writeback off) else (=)) @@ -2684,17 +2746,29 @@ let arm_SUBS_ALT = prove let arm_CBNZ_ALT = prove (`arm_CBNZ Rt (off:21 word) = - \s. (PC := if ~(val(read Rt s) = 0) + \s. let pc_next = if ~(val(read Rt s) = 0) then word_add (word_sub (read PC s) (word 4)) (word_sx off) - else read PC s) s`, - REWRITE_TAC[VAL_EQ_0; arm_CBNZ]);; + else read PC s in + (PC := pc_next ,, + events := CONS (EventJump + (word_sub (read PC s) (word 4),pc_next)) + (read events s)) s`, + REWRITE_TAC[VAL_EQ_0; arm_CBNZ] THEN + CONV_TAC (DEPTH_CONV let_CONV) THEN + REWRITE_TAC[]);; let arm_CBZ_ALT = prove (`arm_CBZ Rt (off:21 word) = - \s. (PC := if val(read Rt s) = 0 + \s. let pc_next = if val(read Rt s) = 0 then word_add (word_sub (read PC s) (word 4)) (word_sx off) - else read PC s) s`, - REWRITE_TAC[VAL_EQ_0; arm_CBZ]);; + else read PC s in + (PC := pc_next ,, + events := CONS (EventJump + (word_sub (read PC s) (word 4),pc_next)) + (read events s)) s`, + REWRITE_TAC[VAL_EQ_0; arm_CBZ] THEN + CONV_TAC (DEPTH_CONV let_CONV) THEN + REWRITE_TAC[]);; (* ------------------------------------------------------------------------- *) (* MOV is an alias of MOVZ when Rm is an immediate *) diff --git a/arm/proofs/p256_montjadd.ml b/arm/proofs/p256_montjadd.ml index d1415a90..a0850e6a 100644 --- a/arm/proofs/p256_montjadd.ml +++ b/arm/proofs/p256_montjadd.ml @@ -601,7 +601,7 @@ let LOCAL_MONTSQR_P256_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, SUBGOAL_THEN `bignum_montsqr_p256_core_mc = SUB_LIST (0x334, LENGTH bignum_montsqr_p256_core_mc) @@ -633,7 +633,7 @@ let LOCAL_MONTSQR_P256_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[fst P256_MONTJADD_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC P256_MONTJADD_CORE_EXEC @@ -670,7 +670,7 @@ let LOCAL_MONTMUL_P256_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, SUBGOAL_THEN `bignum_montmul_p256_core_mc = SUB_LIST (0, LENGTH bignum_montmul_p256_core_mc) p256_montjadd_core_mc` MP_TAC THENL [ @@ -702,7 +702,7 @@ let LOCAL_MONTMUL_P256_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[fst P256_MONTJADD_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC P256_MONTJADD_CORE_EXEC @@ -736,7 +736,7 @@ let LOCAL_SUB_P256_CORRECT = (m < p_256 /\ n < p_256 ==> &(bignum_from_memory (z,4) s) = (&m - &n) rem &p_256)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, SUBGOAL_THEN `bignum_sub_p256_mc = SUB_LIST (0x558, 0x48) p256_montjadd_core_mc` MP_TAC THENL [ @@ -762,7 +762,7 @@ let LOCAL_SUB_P256_CORRECT = (m < p_256 /\ n < p_256 ==> &(bignum_from_memory (z,4) s) = (&m - &n) rem &p_256)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, REWRITE_TAC[fst P256_MONTJADD_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC @@ -905,7 +905,7 @@ let P256_MONTJADD_UNOPT_CORE_CORRECT = time prove X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,224)])`, REWRITE_TAC[FORALL_PAIR_THM;fst P256_MONTJADD_CORE_EXEC] THEN @@ -1074,7 +1074,7 @@ let P256_MONTJADD_UNOPT_CORRECT = time prove X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,224)])`, ARM_SUB_LIST_OF_MC_TAC P256_MONTJADD_UNOPT_CORE_CORRECT @@ -1145,7 +1145,7 @@ let equiv_goal = mk_equiv_statement X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,224)]` p256_montjadd_opt_mc 0x18 0x309c @@ -1153,7 +1153,7 @@ let equiv_goal = mk_equiv_statement X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,224)]` (vsubst [mk_small_numeral( @@ -1285,7 +1285,7 @@ let P256_MONTJADD_CORRECT = prove( X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,224)])`, diff --git a/arm/proofs/p256_montjadd_alt.ml b/arm/proofs/p256_montjadd_alt.ml index 3a69acae..827ae136 100644 --- a/arm/proofs/p256_montjadd_alt.ml +++ b/arm/proofs/p256_montjadd_alt.ml @@ -2015,7 +2015,7 @@ let LOCAL_MONTSQR_P256_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2125,7 +2125,7 @@ let LOCAL_MONTMUL_P256_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2235,7 +2235,7 @@ let LOCAL_SUB_P256_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2326,7 +2326,7 @@ let LOCAL_AMONTSQR_P256_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -2528,7 +2528,7 @@ let P256_MONTJADD_ALT_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,224)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p256_montjdouble.ml b/arm/proofs/p256_montjdouble.ml index 21c41782..722a6901 100644 --- a/arm/proofs/p256_montjdouble.ml +++ b/arm/proofs/p256_montjdouble.ml @@ -793,7 +793,7 @@ let LOCAL_MONTSQR_P256_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, SUBGOAL_THEN `bignum_montsqr_p256_core_mc = SUB_LIST (0x334, LENGTH bignum_montsqr_p256_core_mc) @@ -825,7 +825,7 @@ let LOCAL_MONTSQR_P256_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[fst P256_MONTJDOUBLE_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC P256_MONTJDOUBLE_CORE_EXEC @@ -861,7 +861,7 @@ let LOCAL_MONTMUL_P256_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, SUBGOAL_THEN `bignum_montmul_p256_core_mc = SUB_LIST (0, LENGTH bignum_montmul_p256_core_mc) p256_montjdouble_core_mc` MP_TAC THENL [ @@ -893,7 +893,7 @@ let LOCAL_MONTMUL_P256_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 4)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[fst P256_MONTJDOUBLE_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC P256_MONTJDOUBLE_CORE_EXEC @@ -926,7 +926,7 @@ let LOCAL_SUB_P256_CORRECT = (m < p_256 /\ n < p_256 ==> &(bignum_from_memory (z,4) s) = (&m - &n) rem &p_256)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, SUBGOAL_THEN `bignum_sub_p256_mc = SUB_LIST (0x558, 0x48) p256_montjdouble_core_mc` MP_TAC THENL [ @@ -952,7 +952,7 @@ let LOCAL_SUB_P256_CORRECT = (m < p_256 /\ n < p_256 ==> &(bignum_from_memory (z,4) s) = (&m - &n) rem &p_256)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, REWRITE_TAC[fst P256_MONTJDOUBLE_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC @@ -1001,7 +1001,7 @@ let LOCAL_WEAKADD_P256_TAC = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1080,7 +1080,7 @@ let LOCAL_ADD_P256_CORRECT = (m < p_256 /\ n < p_256 ==> bignum_from_memory (z,4) s = (m + n) MOD p_256)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, SUBGOAL_THEN `bignum_add_p256_mc = SUB_LIST (0x5a0, 92) p256_montjdouble_core_mc` MP_TAC THENL [ @@ -1107,7 +1107,7 @@ let LOCAL_ADD_P256_CORRECT = (m < p_256 /\ n < p_256 ==> bignum_from_memory (z,4) s = (m + n) MOD p_256)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,4)])`, REWRITE_TAC[fst P256_MONTJDOUBLE_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC @@ -1155,7 +1155,7 @@ let LOCAL_CMSUBC9_P256_TAC = X10; X11; X12] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1320,7 +1320,7 @@ let LOCAL_CMSUB41_P256_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1481,7 +1481,7 @@ let LOCAL_CMSUB38_P256_TAC = X10; X11; X12] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1746,7 +1746,7 @@ let P256_MONTJDOUBLE_UNOPT_CORE_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM;fst P256_MONTJDOUBLE_CORE_EXEC] THEN @@ -1878,7 +1878,7 @@ let equiv_goal = mk_equiv_statement `MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)]` p256_montjdouble_opt_mc 0x18 0x1778 @@ -1886,7 +1886,7 @@ let equiv_goal = mk_equiv_statement X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)]` (vsubst [mk_small_numeral( @@ -2015,7 +2015,7 @@ let P256_MONTJDOUBLE_CORRECT = prove( X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)])`, diff --git a/arm/proofs/p256_montjdouble_alt.ml b/arm/proofs/p256_montjdouble_alt.ml index 773f9ff3..e78b16b7 100644 --- a/arm/proofs/p256_montjdouble_alt.ml +++ b/arm/proofs/p256_montjdouble_alt.ml @@ -1152,7 +1152,7 @@ let LOCAL_MONTSQR_P256_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1261,7 +1261,7 @@ let LOCAL_MONTMUL_P256_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1370,7 +1370,7 @@ let LOCAL_SUB_P256_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1464,7 +1464,7 @@ let LOCAL_WEAKADD_P256_TAC = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1555,7 +1555,7 @@ let LOCAL_ADD_P256_TAC = 8 * 4)) s = (m + n) MOD p_256)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1676,7 +1676,7 @@ let LOCAL_CMSUBC9_P256_TAC = X10; X11; X12] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1841,7 +1841,7 @@ let LOCAL_CMSUB41_P256_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2002,7 +2002,7 @@ let LOCAL_CMSUB38_P256_TAC = X10; X11; X12] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2266,7 +2266,7 @@ let P256_MONTJDOUBLE_ALT_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p256_montjmixadd.ml b/arm/proofs/p256_montjmixadd.ml index 1d151a60..6e657ebb 100644 --- a/arm/proofs/p256_montjmixadd.ml +++ b/arm/proofs/p256_montjmixadd.ml @@ -2124,7 +2124,7 @@ let LOCAL_MONTSQR_P256_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2307,7 +2307,7 @@ let LOCAL_MONTMUL_P256_TAC = X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2751,7 +2751,7 @@ let LOCAL_SUB_P256_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2951,7 +2951,7 @@ let P256_MONTJMIXADD_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p256_montjmixadd_alt.ml b/arm/proofs/p256_montjmixadd_alt.ml index 1fcd12de..6e7f194c 100644 --- a/arm/proofs/p256_montjmixadd_alt.ml +++ b/arm/proofs/p256_montjmixadd_alt.ml @@ -1446,7 +1446,7 @@ let LOCAL_MONTSQR_P256_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1556,7 +1556,7 @@ let LOCAL_MONTMUL_P256_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1666,7 +1666,7 @@ let LOCAL_SUB_P256_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1757,7 +1757,7 @@ let LOCAL_AMONTSQR_P256_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -1974,7 +1974,7 @@ let P256_MONTJMIXADD_ALT_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p384_montjadd.ml b/arm/proofs/p384_montjadd.ml index 91c767ac..efd5c018 100644 --- a/arm/proofs/p384_montjadd.ml +++ b/arm/proofs/p384_montjadd.ml @@ -1021,7 +1021,7 @@ let LOCAL_MONTSQR_P384_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, SUBGOAL_THEN `bignum_montsqr_p384_core_mc = SUB_LIST (0x67c, LENGTH bignum_montsqr_p384_core_mc) @@ -1052,7 +1052,7 @@ let LOCAL_MONTSQR_P384_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[fst P384_MONTJADD_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC P384_MONTJADD_CORE_EXEC @@ -1089,7 +1089,7 @@ let LOCAL_MONTMUL_P384_CORRECT = X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, SUBGOAL_THEN `bignum_montmul_p384_core_mc = SUB_LIST (16, LENGTH bignum_montmul_p384_core_mc) @@ -1125,7 +1125,7 @@ let LOCAL_MONTMUL_P384_CORRECT = MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6); memory :> bytes(word_sub stackpointer (word 48),48)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[fst P384_MONTJADD_CORE_EXEC] THEN ARM_ADD_RETURN_STACK_TAC ~pre_post_nsteps:(4,4) @@ -1161,7 +1161,7 @@ let LOCAL_SUB_P384_CORRECT = (m < p_384 /\ n < p_384 ==> &(bignum_from_memory (z,6) s) = (&m - &n) rem &p_384)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, SUBGOAL_THEN `bignum_sub_p384_mc = SUB_LIST (0xb48, 112) p384_montjadd_core_mc` MP_TAC THENL [ @@ -1187,7 +1187,7 @@ let LOCAL_SUB_P384_CORRECT = (m < p_384 /\ n < p_384 ==> &(bignum_from_memory (z,6) s) = (&m - &n) rem &p_384)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, REWRITE_TAC[fst P384_MONTJADD_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC @@ -1329,7 +1329,7 @@ let P384_MONTJADD_UNOPT_CORE_CORRECT = time prove X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,384)])`, REWRITE_TAC[FORALL_PAIR_THM;fst P384_MONTJADD_CORE_EXEC] THEN @@ -1545,7 +1545,7 @@ let equiv_goal = mk_equiv_statement X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,384)]` p384_montjadd_opt_mc 0x18 0x63a0 @@ -1553,7 +1553,7 @@ let equiv_goal = mk_equiv_statement X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,384)]` (vsubst [mk_small_numeral( @@ -1682,7 +1682,7 @@ let P384_MONTJADD_UNOPT_CORE_CORRECT_SP = time prove X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,384)])`, @@ -1744,7 +1744,7 @@ let P384_MONTJADD_CORRECT = prove( X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,384)])`, diff --git a/arm/proofs/p384_montjadd_alt.ml b/arm/proofs/p384_montjadd_alt.ml index 3cbcb677..cdb33e36 100644 --- a/arm/proofs/p384_montjadd_alt.ml +++ b/arm/proofs/p384_montjadd_alt.ml @@ -4497,7 +4497,7 @@ let LOCAL_MONTSQR_P384_TAC = X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4633,7 +4633,7 @@ let LOCAL_MONTMUL_P384_TAC = X20; X21; X22] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4768,7 +4768,7 @@ let LOCAL_SUB_P384_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4861,7 +4861,7 @@ let LOCAL_AMONTSQR_P384_TAC = X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -5075,7 +5075,7 @@ let P384_MONTJADD_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,336)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p384_montjdouble.ml b/arm/proofs/p384_montjdouble.ml index 05ef78bc..acc1e4e8 100644 --- a/arm/proofs/p384_montjdouble.ml +++ b/arm/proofs/p384_montjdouble.ml @@ -1470,7 +1470,7 @@ let LOCAL_MONTSQR_P384_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, SUBGOAL_THEN `bignum_montsqr_p384_core_mc = SUB_LIST (0x67c, LENGTH bignum_montsqr_p384_core_mc) @@ -1501,7 +1501,7 @@ let LOCAL_MONTSQR_P384_CORRECT = X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[fst P384_MONTJDOUBLE_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC P384_MONTJDOUBLE_CORE_EXEC @@ -1538,7 +1538,7 @@ let LOCAL_MONTMUL_P384_CORRECT = X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, SUBGOAL_THEN `bignum_montmul_p384_core_mc = SUB_LIST (16, LENGTH bignum_montmul_p384_core_mc) @@ -1574,7 +1574,7 @@ let LOCAL_MONTMUL_P384_CORRECT = MAYCHANGE MODIFIABLE_SIMD_REGS ,, MAYCHANGE [memory :> bytes(z,8 * 6); memory :> bytes(word_sub stackpointer (word 48),48)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, REWRITE_TAC[fst P384_MONTJDOUBLE_CORE_EXEC] THEN ARM_ADD_RETURN_STACK_TAC ~pre_post_nsteps:(4,4) @@ -1610,7 +1610,7 @@ let LOCAL_SUB_P384_CORRECT = (m < p_384 /\ n < p_384 ==> &(bignum_from_memory (z,6) s) = (&m - &n) rem &p_384)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, SUBGOAL_THEN `bignum_sub_p384_mc = SUB_LIST (0xb48, 112) p384_montjdouble_core_mc` MP_TAC THENL [ @@ -1636,7 +1636,7 @@ let LOCAL_SUB_P384_CORRECT = (m < p_384 /\ n < p_384 ==> &(bignum_from_memory (z,6) s) = (&m - &n) rem &p_384)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, REWRITE_TAC[fst P384_MONTJDOUBLE_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC @@ -1670,7 +1670,7 @@ let LOCAL_ADD_P384_CORRECT = (m < p_384 /\ n < p_384 ==> bignum_from_memory (z,6) s = (m + n) MOD p_384)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, SUBGOAL_THEN `bignum_add_p384_mc = SUB_LIST (0xbb8, 156) p384_montjdouble_core_mc` MP_TAC THENL [ @@ -1697,7 +1697,7 @@ let LOCAL_ADD_P384_CORRECT = (m < p_384 /\ n < p_384 ==> bignum_from_memory (z,6) s = (m + n) MOD p_384)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,6)])`, REWRITE_TAC[fst P384_MONTJDOUBLE_CORE_EXEC] THEN ARM_ADD_RETURN_NOSTACK_TAC @@ -1747,7 +1747,7 @@ let LOCAL_WEAKADD_P384_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; fst P384_MONTJDOUBLE_CORE_EXEC] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1842,7 +1842,7 @@ let LOCAL_CMSUBC9_P384_TAC = X10; X11; X12; X13; X14; X15] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; fst P384_MONTJDOUBLE_CORE_EXEC] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1993,7 +1993,7 @@ let LOCAL_CMSUB41_P384_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; fst P384_MONTJDOUBLE_CORE_EXEC] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2165,7 +2165,7 @@ let LOCAL_CMSUB38_P384_TAC = X10; X11; X12; X13; X14; X15] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; fst P384_MONTJDOUBLE_CORE_EXEC] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2433,7 +2433,7 @@ let P384_MONTJDOUBLE_UNOPT_CORE_CORRECT = time prove X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,384)])`, REWRITE_TAC[FORALL_PAIR_THM;fst P384_MONTJDOUBLE_CORE_EXEC] THEN @@ -2571,7 +2571,7 @@ let equiv_goal = mk_equiv_statement X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,384)]` p384_montjdouble_opt_mc 0x18 0x3050 @@ -2579,7 +2579,7 @@ let equiv_goal = mk_equiv_statement X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,384)]` (vsubst [mk_small_numeral( @@ -2706,7 +2706,7 @@ let P384_MONTJDOUBLE_UNOPT_CORE_CORRECT_SP = time prove X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes (p3,144); memory :> bytes (stackpointer,384)])`, @@ -2766,7 +2766,7 @@ let P384_MONTJDOUBLE_CORRECT = prove( X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,384)])`, diff --git a/arm/proofs/p384_montjdouble_alt.ml b/arm/proofs/p384_montjdouble_alt.ml index afa6f0ac..fefadf18 100644 --- a/arm/proofs/p384_montjdouble_alt.ml +++ b/arm/proofs/p384_montjdouble_alt.ml @@ -2388,7 +2388,7 @@ let LOCAL_MONTSQR_P384_TAC = X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2523,7 +2523,7 @@ let LOCAL_MONTMUL_P384_TAC = X20; X21; X22] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2657,7 +2657,7 @@ let LOCAL_SUB_P384_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2753,7 +2753,7 @@ let LOCAL_WEAKADD_P384_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2844,7 +2844,7 @@ let LOCAL_ADD_P384_TAC = 8 * 6)) s = (m + n) MOD p_384)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2965,7 +2965,7 @@ let LOCAL_CMSUBC9_P384_TAC = X10; X11; X12; X13; X14; X15] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3114,7 +3114,7 @@ let LOCAL_CMSUB41_P384_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3284,7 +3284,7 @@ let LOCAL_CMSUB38_P384_TAC = X10; X11; X12; X13; X14; X15] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3550,7 +3550,7 @@ let P384_MONTJDOUBLE_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,336)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p384_montjmixadd.ml b/arm/proofs/p384_montjmixadd.ml index cc221335..bd887316 100644 --- a/arm/proofs/p384_montjmixadd.ml +++ b/arm/proofs/p384_montjmixadd.ml @@ -4425,7 +4425,7 @@ let LOCAL_MONTSQR_P384_TAC = X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4698,7 +4698,7 @@ let LOCAL_MONTMUL_P384_TAC = X20; X21; X22; X23] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -5208,7 +5208,7 @@ let LOCAL_SUB_P384_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -5411,7 +5411,7 @@ let P384_MONTJMIXADD_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,288)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p384_montjmixadd_alt.ml b/arm/proofs/p384_montjmixadd_alt.ml index f5fedeff..2a046f1e 100644 --- a/arm/proofs/p384_montjmixadd_alt.ml +++ b/arm/proofs/p384_montjmixadd_alt.ml @@ -3167,7 +3167,7 @@ let LOCAL_MONTSQR_P384_TAC = X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3303,7 +3303,7 @@ let LOCAL_MONTMUL_P384_TAC = X20; X21; X22] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3438,7 +3438,7 @@ let LOCAL_SUB_P384_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3531,7 +3531,7 @@ let LOCAL_AMONTSQR_P384_TAC = X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 6)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -3760,7 +3760,7 @@ let P384_MONTJMIXADD_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,144); memory :> bytes(stackpointer,288)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p521_jadd.ml b/arm/proofs/p521_jadd.ml index 5e1dc030..7f541161 100644 --- a/arm/proofs/p521_jadd.ml +++ b/arm/proofs/p521_jadd.ml @@ -1563,7 +1563,7 @@ let LOCAL_SQR_P521_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, SUBGOAL_THEN `bignum_sqr_p521_core_mc = @@ -1595,7 +1595,7 @@ let LOCAL_SQR_P521_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(word_sub stackpointer (word 48),48)])`, ARM_ADD_RETURN_STACK_TAC P521_JADD_EXEC @@ -1633,7 +1633,7 @@ let LOCAL_MUL_P521_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)])`, SUBGOAL_THEN `bignum_mul_p521_core_mc = @@ -1666,7 +1666,7 @@ let LOCAL_MUL_P521_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(word_sub stackpointer (word 144),144)])`, ARM_ADD_RETURN_STACK_TAC P521_JADD_EXEC @@ -1700,7 +1700,7 @@ let LOCAL_SUB_P521_CORRECT = prove (m < p_521 /\ n < p_521 ==> &(bignum_from_memory (z,9) s) = (&m - &n) rem &p_521)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; @@ -1841,7 +1841,7 @@ let P521_JADD_CORRECT = time prove X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,216); memory :> bytes(stackpointer,720)])`, REWRITE_TAC[FORALL_PAIR_THM; fst P521_JADD_EXEC] THEN diff --git a/arm/proofs/p521_jadd_alt.ml b/arm/proofs/p521_jadd_alt.ml index 8dcd229b..afe1428a 100644 --- a/arm/proofs/p521_jadd_alt.ml +++ b/arm/proofs/p521_jadd_alt.ml @@ -5927,7 +5927,7 @@ let LOCAL_SQR_P521_TAC = X21; X22; X23; X24; X25] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -6165,7 +6165,7 @@ let LOCAL_MUL_P521_TAC = X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -6373,7 +6373,7 @@ let LOCAL_SUB_P521_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -6500,7 +6500,7 @@ let P521_JADD_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,216); memory :> bytes(stackpointer,512)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p521_jdouble.ml b/arm/proofs/p521_jdouble.ml index 5ba2c342..e9e9139e 100644 --- a/arm/proofs/p521_jdouble.ml +++ b/arm/proofs/p521_jdouble.ml @@ -1857,7 +1857,7 @@ let LOCAL_SQR_P521_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, SUBGOAL_THEN `bignum_sqr_p521_core_mc = @@ -1889,7 +1889,7 @@ let LOCAL_SQR_P521_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(word_sub stackpointer (word 48),48)])`, ARM_ADD_RETURN_STACK_TAC P521_JDOUBLE_EXEC @@ -1927,7 +1927,7 @@ let LOCAL_MUL_P521_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)])`, SUBGOAL_THEN `bignum_mul_p521_core_mc = @@ -1960,7 +1960,7 @@ let LOCAL_MUL_P521_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(word_sub stackpointer (word 144),144)])`, ARM_ADD_RETURN_STACK_TAC P521_JDOUBLE_EXEC @@ -2006,7 +2006,7 @@ let LOCAL_ADD_P521_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES;fst P521_JDOUBLE_EXEC] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2113,7 +2113,7 @@ let LOCAL_SUB_P521_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; fst P521_JDOUBLE_EXEC] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2201,7 +2201,7 @@ let LOCAL_CMSUBC9_P521_TAC = X19; X20; X21; X22; X23] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; fst P521_JDOUBLE_EXEC] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2469,7 +2469,7 @@ let LOCAL_CMSUB41_P521_TAC = X10; X11; X12; X13; X14; X15] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; fst P521_JDOUBLE_EXEC] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2775,7 +2775,7 @@ let LOCAL_CMSUB38_P521_TAC = X19; X20; X21; X22; X23] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES; fst P521_JDOUBLE_EXEC] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3122,7 +3122,7 @@ let P521_JDOUBLE_CORRECT = time prove X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,216); memory :> bytes(stackpointer,656)])`, REWRITE_TAC[FORALL_PAIR_THM; fst P521_JDOUBLE_EXEC] THEN diff --git a/arm/proofs/p521_jdouble_alt.ml b/arm/proofs/p521_jdouble_alt.ml index 09082f84..b14bb999 100644 --- a/arm/proofs/p521_jdouble_alt.ml +++ b/arm/proofs/p521_jdouble_alt.ml @@ -2805,7 +2805,7 @@ let LOCAL_SQR_P521_TAC = X21; X22; X23; X24; X25] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3041,7 +3041,7 @@ let LOCAL_MUL_P521_TAC = X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3248,7 +3248,7 @@ let LOCAL_ADD_P521_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3355,7 +3355,7 @@ let LOCAL_SUB_P521_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3445,7 +3445,7 @@ let LOCAL_WEAKMUL_P521_TAC = X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3631,7 +3631,7 @@ let LOCAL_CMSUBC9_P521_TAC = X19; X20; X21; X22; X23] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3899,7 +3899,7 @@ let LOCAL_CMSUB41_P521_TAC = X10; X11; X12; X13; X14; X15] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4205,7 +4205,7 @@ let LOCAL_CMSUB38_P521_TAC = X19; X20; X21; X22; X23] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4550,7 +4550,7 @@ let P521_JDOUBLE_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,216); memory :> bytes(stackpointer,512)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p521_jmixadd.ml b/arm/proofs/p521_jmixadd.ml index faa7e6b7..6aed7555 100644 --- a/arm/proofs/p521_jmixadd.ml +++ b/arm/proofs/p521_jmixadd.ml @@ -1427,7 +1427,7 @@ let LOCAL_SQR_P521_CORRECT = prove ==> bignum_from_memory (z,9) s = (n EXP 2) MOD p_521)) (MAYCHANGE [PC; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`; `returnaddress:int64`] THEN @@ -2122,7 +2122,7 @@ let LOCAL_MUL_P521_CORRECT = prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bignum(word_add stackpointer (word 432),9)])`, MAP_EVERY X_GEN_TAC @@ -3015,7 +3015,7 @@ let LOCAL_SUB_P521_CORRECT = prove (m < p_521 /\ n < p_521 ==> &(bignum_from_memory (z,9) s) = (&m - &n) rem &p_521)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; @@ -3167,7 +3167,7 @@ let P521_JMIXADD_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,216); memory :> bytes(stackpointer,512)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p521_jmixadd_alt.ml b/arm/proofs/p521_jmixadd_alt.ml index 4cfe2beb..f0493c21 100644 --- a/arm/proofs/p521_jmixadd_alt.ml +++ b/arm/proofs/p521_jmixadd_alt.ml @@ -4138,7 +4138,7 @@ let LOCAL_SQR_P521_TAC = X21; X22; X23; X24; X25] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4376,7 +4376,7 @@ let LOCAL_MUL_P521_TAC = X20; X21; X22; X23; X24] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4584,7 +4584,7 @@ let LOCAL_SUB_P521_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4725,7 +4725,7 @@ let P521_JMIXADD_ALT_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,216); memory :> bytes(stackpointer,432)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/p521_jscalarmul.ml b/arm/proofs/p521_jscalarmul.ml index 5d50dccc..5a2b38cd 100644 --- a/arm/proofs/p521_jscalarmul.ml +++ b/arm/proofs/p521_jscalarmul.ml @@ -3367,7 +3367,7 @@ let LOCAL_SQR_P521_SUBR_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, SUBGOAL_THEN `bignum_sqr_p521_core_mc = @@ -3399,7 +3399,7 @@ let LOCAL_SQR_P521_SUBR_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(word_sub stackpointer (word 48),48)])`, ARM_ADD_RETURN_STACK_TAC P521_JSCALARMUL_EXEC @@ -3426,7 +3426,7 @@ let LOCAL_MUL_P521_SUBR_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(stackpointer,80)])`, SUBGOAL_THEN `bignum_mul_p521_core_mc = @@ -3459,7 +3459,7 @@ let LOCAL_MUL_P521_SUBR_CORRECT = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bytes(word_sub stackpointer (word 144),144)])`, ARM_ADD_RETURN_STACK_TAC P521_JSCALARMUL_EXEC @@ -3481,7 +3481,7 @@ let LOCAL_SUB_P521_SUBR_CORRECT = prove (m < p_521 /\ n < p_521 ==> &(bignum_from_memory (z,9) s) = (&m - &n) rem &p_521)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; @@ -3620,7 +3620,7 @@ let LOCAL_ADD_P521_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3723,7 +3723,7 @@ let LOCAL_SUB_P521_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3807,7 +3807,7 @@ let LOCAL_CMSUBC9_P521_TAC = X19; X20; X21; X22; X23] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4071,7 +4071,7 @@ let LOCAL_CMSUB41_P521_TAC = X10; X11; X12; X13; X14; X15] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4373,7 +4373,7 @@ let LOCAL_CMSUB38_P521_TAC = X19; X20; X21; X22; X23] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4749,7 +4749,7 @@ let LOCAL_JDOUBLE_CORRECT = time prove X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,216); memory :> bytes(stackpointer,656)])`, REWRITE_TAC[FORALL_PAIR_THM; fst P521_JSCALARMUL_EXEC] THEN @@ -4869,7 +4869,7 @@ let LOCAL_JADD_CORRECT = time prove X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28; X30] ,, MAYCHANGE MODIFIABLE_SIMD_REGS ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,216); memory :> bytes(stackpointer,720)])`, REWRITE_TAC[FORALL_PAIR_THM; fst P521_JSCALARMUL_EXEC] THEN diff --git a/arm/proofs/p521_jscalarmul_alt.ml b/arm/proofs/p521_jscalarmul_alt.ml index 517f5628..da01d082 100644 --- a/arm/proofs/p521_jscalarmul_alt.ml +++ b/arm/proofs/p521_jscalarmul_alt.ml @@ -2673,7 +2673,7 @@ let LOCAL_SQR_P521_SUBR_CORRECT = prove (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `n:num`; `pc:num`; `returnaddress:int64`] THEN @@ -2901,7 +2901,7 @@ let LOCAL_MUL_P521_SUBR_CORRECT = prove (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9); memory :> bignum(word_add stackpointer (word 432),9)])`, MAP_EVERY X_GEN_TAC @@ -3096,7 +3096,7 @@ let LOCAL_SUB_P521_SUBR_CORRECT = prove (m < p_521 /\ n < p_521 ==> &(bignum_from_memory (z,9) s) = (&m - &n) rem &p_521)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bignum(z,9)])`, MAP_EVERY X_GEN_TAC [`z:int64`; `x:int64`; `y:int64`; `m:num`; `n:num`; @@ -3235,7 +3235,7 @@ let LOCAL_ADD_P521_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3338,7 +3338,7 @@ let LOCAL_SUB_P521_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3422,7 +3422,7 @@ let LOCAL_CMSUBC9_P521_TAC = X19; X20; X21; X22; X23] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3686,7 +3686,7 @@ let LOCAL_CMSUB41_P521_TAC = X10; X11; X12; X13; X14; X15] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3988,7 +3988,7 @@ let LOCAL_CMSUB38_P521_TAC = X19; X20; X21; X22; X23] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 9)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -4362,7 +4362,7 @@ let LOCAL_JDOUBLE_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,216); memory :> bytes(stackpointer,512)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN @@ -4480,7 +4480,7 @@ let LOCAL_JADD_CORRECT = time prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22; X23; X24; X25; X26; X27; X28; X29; X30] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,216); memory :> bytes(stackpointer,576)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/secp256k1_jadd.ml b/arm/proofs/secp256k1_jadd.ml index 0963919a..d3c757b5 100644 --- a/arm/proofs/secp256k1_jadd.ml +++ b/arm/proofs/secp256k1_jadd.ml @@ -2801,7 +2801,7 @@ let LOCAL_SQR_P256K1_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -3161,7 +3161,7 @@ let LOCAL_MUL_P256K1_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3551,7 +3551,7 @@ let LOCAL_SUB_P256K1_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3683,7 +3683,7 @@ let SECP256K1_JADD_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,224)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/secp256k1_jadd_alt.ml b/arm/proofs/secp256k1_jadd_alt.ml index f3ae2cfb..0712bb7c 100644 --- a/arm/proofs/secp256k1_jadd_alt.ml +++ b/arm/proofs/secp256k1_jadd_alt.ml @@ -1789,7 +1789,7 @@ let LOCAL_SQR_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -1928,7 +1928,7 @@ let LOCAL_MUL_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2067,7 +2067,7 @@ let LOCAL_SUB_P256K1_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2199,7 +2199,7 @@ let SECP256K1_JADD_ALT_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,224)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/secp256k1_jdouble.ml b/arm/proofs/secp256k1_jdouble.ml index 219dd31a..f8defcfb 100644 --- a/arm/proofs/secp256k1_jdouble.ml +++ b/arm/proofs/secp256k1_jdouble.ml @@ -1303,7 +1303,7 @@ let LOCAL_SQR_P256K1_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -1662,7 +1662,7 @@ let LOCAL_MUL_P256K1_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2050,7 +2050,7 @@ let LOCAL_ROUGHSQR_P256K1_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 5)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -2330,7 +2330,7 @@ let LOCAL_ROUGHMUL_P256K1_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 5)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2637,7 +2637,7 @@ let LOCAL_WEAKDOUBLE_P256K1_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -2747,7 +2747,7 @@ let LOCAL_CMSUBC9_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2967,7 +2967,7 @@ let LOCAL_CMSUB38_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3203,7 +3203,7 @@ let LOCAL_CMSUB41_P256K1_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3381,7 +3381,7 @@ let SECP256K1_JDOUBLE_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,384)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/secp256k1_jdouble_alt.ml b/arm/proofs/secp256k1_jdouble_alt.ml index 39de2552..8a6acc89 100644 --- a/arm/proofs/secp256k1_jdouble_alt.ml +++ b/arm/proofs/secp256k1_jdouble_alt.ml @@ -822,7 +822,7 @@ let LOCAL_SQR_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -961,7 +961,7 @@ let LOCAL_MUL_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1098,7 +1098,7 @@ let LOCAL_ROUGHSQR_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 5)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -1176,7 +1176,7 @@ let LOCAL_ROUGHMUL_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 5)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1250,7 +1250,7 @@ let LOCAL_WEAKDOUBLE_P256K1_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -1360,7 +1360,7 @@ let LOCAL_CMSUBC9_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1580,7 +1580,7 @@ let LOCAL_CMSUB38_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1816,7 +1816,7 @@ let LOCAL_CMSUB41_P256K1_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1994,7 +1994,7 @@ let SECP256K1_JDOUBLE_ALT_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,384)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/secp256k1_jmixadd.ml b/arm/proofs/secp256k1_jmixadd.ml index ffd8786b..c8545691 100644 --- a/arm/proofs/secp256k1_jmixadd.ml +++ b/arm/proofs/secp256k1_jmixadd.ml @@ -2016,7 +2016,7 @@ let LOCAL_SQR_P256K1_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -2376,7 +2376,7 @@ let LOCAL_MUL_P256K1_TAC = X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2766,7 +2766,7 @@ let LOCAL_SUB_P256K1_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2912,7 +2912,7 @@ let SECP256K1_JMIXADD_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20; X21; X22] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/secp256k1_jmixadd_alt.ml b/arm/proofs/secp256k1_jmixadd_alt.ml index d6ce4e5c..833e62ac 100644 --- a/arm/proofs/secp256k1_jmixadd_alt.ml +++ b/arm/proofs/secp256k1_jmixadd_alt.ml @@ -1284,7 +1284,7 @@ let LOCAL_SQR_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -1423,7 +1423,7 @@ let LOCAL_MUL_P256K1_TAC = X10; X11; X12; X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1562,7 +1562,7 @@ let LOCAL_SUB_P256K1_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1708,7 +1708,7 @@ let SECP256K1_JMIXADD_ALT_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/sha256.ml b/arm/proofs/sha256.ml index 6d941fdf..a4a56982 100644 --- a/arm/proofs/sha256.ml +++ b/arm/proofs/sha256.ml @@ -1,3 +1,8 @@ +(* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT-0 + *) + (** Carl Kwan: ARM SHA256 intrinsics in HOL Light **) needs "Library/words.ml";; diff --git a/arm/proofs/sha512.ml b/arm/proofs/sha512.ml index 12b5d1d3..918a24d3 100644 --- a/arm/proofs/sha512.ml +++ b/arm/proofs/sha512.ml @@ -1,3 +1,8 @@ +(* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT-0 + *) + (** Carl Kwan: ARM SHA512 intrinsics in HOL Light **) needs "Library/words.ml";; diff --git a/arm/proofs/simulator.ml b/arm/proofs/simulator.ml index 1ac31e85..e44ee836 100755 --- a/arm/proofs/simulator.ml +++ b/arm/proofs/simulator.ml @@ -126,7 +126,7 @@ let template = Q20; Q21; Q22; Q23; Q24; Q25; Q26; Q27; Q28; Q29; Q30; Q31] ,, MAYCHANGE [memory :> bytes(stackpointer,256)] ,, - MAYCHANGE SOME_FLAGS)`;; + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`;; let num_two_to_64 = Num.num_of_string "18446744073709551616";; diff --git a/arm/proofs/sm2_montjadd.ml b/arm/proofs/sm2_montjadd.ml index 4f3556a3..97ca7853 100644 --- a/arm/proofs/sm2_montjadd.ml +++ b/arm/proofs/sm2_montjadd.ml @@ -2906,7 +2906,7 @@ let LOCAL_MONTSQR_SM2_TAC = X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3089,7 +3089,7 @@ let LOCAL_MONTMUL_SM2_TAC = X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3540,7 +3540,7 @@ let LOCAL_SUB_SM2_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -3725,7 +3725,7 @@ let SM2_MONTJADD_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,224)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/sm2_montjadd_alt.ml b/arm/proofs/sm2_montjadd_alt.ml index 0dabbf01..d740b5b2 100644 --- a/arm/proofs/sm2_montjadd_alt.ml +++ b/arm/proofs/sm2_montjadd_alt.ml @@ -2040,7 +2040,7 @@ let LOCAL_MONTSQR_SM2_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2150,7 +2150,7 @@ let LOCAL_MONTMUL_SM2_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2260,7 +2260,7 @@ let LOCAL_SUB_SM2_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2351,7 +2351,7 @@ let LOCAL_AMONTSQR_SM2_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -2552,7 +2552,7 @@ let SM2_MONTJADD_ALT_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,224)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/sm2_montjdouble.ml b/arm/proofs/sm2_montjdouble.ml index b4e5d6fd..a7d6e392 100644 --- a/arm/proofs/sm2_montjdouble.ml +++ b/arm/proofs/sm2_montjdouble.ml @@ -1541,7 +1541,7 @@ let LOCAL_MONTSQR_SM2_TAC = X12; X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1723,7 +1723,7 @@ let LOCAL_MONTMUL_SM2_TAC = X13; X14; X15; X16; X17] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2173,7 +2173,7 @@ let LOCAL_SUB_SM2_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2267,7 +2267,7 @@ let LOCAL_WEAKADD_SM2_TAC = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2358,7 +2358,7 @@ let LOCAL_ADD_SM2_TAC = 8 * 4)) s = (m + n) MOD p_sm2)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2432,7 +2432,7 @@ let LOCAL_CMSUBC9_SM2_TAC = X10; X11; X12] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2603,7 +2603,7 @@ let LOCAL_CMSUB41_SM2_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2764,7 +2764,7 @@ let LOCAL_CMSUB38_SM2_TAC = X10; X11; X12] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -3034,7 +3034,7 @@ let SM2_MONTJDOUBLE_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/sm2_montjdouble_alt.ml b/arm/proofs/sm2_montjdouble_alt.ml index c3abe3e9..54cdfda8 100644 --- a/arm/proofs/sm2_montjdouble_alt.ml +++ b/arm/proofs/sm2_montjdouble_alt.ml @@ -1173,7 +1173,7 @@ let LOCAL_MONTSQR_SM2_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1282,7 +1282,7 @@ let LOCAL_MONTMUL_SM2_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1391,7 +1391,7 @@ let LOCAL_SUB_SM2_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1485,7 +1485,7 @@ let LOCAL_WEAKADD_SM2_TAC = (MAYCHANGE [PC; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1576,7 +1576,7 @@ let LOCAL_ADD_SM2_TAC = 8 * 4)) s = (m + n) MOD p_sm2)) (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8; X9; X10; X11] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1650,7 +1650,7 @@ let LOCAL_CMSUBC9_SM2_TAC = X10; X11; X12] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1821,7 +1821,7 @@ let LOCAL_CMSUB41_SM2_TAC = (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1982,7 +1982,7 @@ let LOCAL_CMSUB38_SM2_TAC = X10; X11; X12] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2252,7 +2252,7 @@ let SM2_MONTJDOUBLE_ALT_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/sm2_montjmixadd.ml b/arm/proofs/sm2_montjmixadd.ml index da22cd7a..ecb0ee5f 100644 --- a/arm/proofs/sm2_montjmixadd.ml +++ b/arm/proofs/sm2_montjmixadd.ml @@ -2075,7 +2075,7 @@ let LOCAL_MONTSQR_SM2_TAC = X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2258,7 +2258,7 @@ let LOCAL_MONTMUL_SM2_TAC = X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -2709,7 +2709,7 @@ let LOCAL_SUB_SM2_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -2909,7 +2909,7 @@ let SM2_MONTJMIXADD_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17; X19; X20] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/sm2_montjmixadd_alt.ml b/arm/proofs/sm2_montjmixadd_alt.ml index 08768f4e..99b95a6a 100644 --- a/arm/proofs/sm2_montjmixadd_alt.ml +++ b/arm/proofs/sm2_montjmixadd_alt.ml @@ -1457,7 +1457,7 @@ let LOCAL_MONTSQR_SM2_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1567,7 +1567,7 @@ let LOCAL_MONTMUL_SM2_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN @@ -1677,7 +1677,7 @@ let LOCAL_SUB_SM2_TAC = (MAYCHANGE [PC; X3; X4; X5; X6; X7; X8] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN REWRITE_TAC[BIGNUM_FROM_MEMORY_BYTES] THEN ENSURES_INIT_TAC "s0" THEN @@ -1768,7 +1768,7 @@ let LOCAL_AMONTSQR_SM2_TAC = X13; X14] ,, MAYCHANGE [memory :> bytes(word_add (read p3 t) (word n3),8 * 4)] ,, - MAYCHANGE SOME_FLAGS)` + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])` (REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS; NONOVERLAPPING_CLAUSES] THEN DISCH_THEN(REPEAT_TCL CONJUNCTS_THEN ASSUME_TAC) THEN ENSURES_INIT_TAC "s0" THEN @@ -1984,7 +1984,7 @@ let SM2_MONTJMIXADD_ALT_CORRECT = time prove (bignum_triple_from_memory(p3,4) s)) (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16; X17] ,, - MAYCHANGE SOME_FLAGS ,, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events] ,, MAYCHANGE [memory :> bytes(p3,96); memory :> bytes(stackpointer,192)])`, REWRITE_TAC[FORALL_PAIR_THM] THEN diff --git a/arm/proofs/word_bytereverse.ml b/arm/proofs/word_bytereverse.ml index 48663f1a..d457cbd8 100644 --- a/arm/proofs/word_bytereverse.ml +++ b/arm/proofs/word_bytereverse.ml @@ -46,7 +46,7 @@ let WORD_BYTEREVERSE_CORRECT = prove !i. i < 8 ==> word_subword (C_RETURN s) (8 * i,8) :byte = word_subword a (8 * (7 - i),8)) - (MAYCHANGE [PC; X0; X1; X2])`, + (MAYCHANGE [PC; X0; X1; X2] ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`a:int64`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN ARM_SIM_TAC WORD_BYTEREVERSE_EXEC (1--13) THEN diff --git a/arm/proofs/word_clz.ml b/arm/proofs/word_clz.ml index 743db2dc..3205509f 100644 --- a/arm/proofs/word_clz.ml +++ b/arm/proofs/word_clz.ml @@ -33,7 +33,7 @@ let WORD_CLZ_CORRECT = prove (\s. read PC s = word(pc + 0x4) /\ C_RETURN s = word(word_clz a)) (MAYCHANGE [PC; X0] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`a:int64`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN ARM_SIM_TAC WORD_CLZ_EXEC [1]);; diff --git a/arm/proofs/word_ctz.ml b/arm/proofs/word_ctz.ml index da17af99..7009577c 100644 --- a/arm/proofs/word_ctz.ml +++ b/arm/proofs/word_ctz.ml @@ -37,7 +37,7 @@ let WORD_CTZ_CORRECT = prove C_ARGUMENTS [a] s) (\s. read PC s = word(pc + 0x18) /\ C_RETURN s = word(word_ctz a)) - (MAYCHANGE [PC; X0; X1])`, + (MAYCHANGE [PC; X0; X1] ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`a:int64`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN ARM_SIM_TAC WORD_CTZ_EXEC (1--6) THEN diff --git a/arm/proofs/word_divstep59.ml b/arm/proofs/word_divstep59.ml index 94b48038..9eb04228 100644 --- a/arm/proofs/word_divstep59.ml +++ b/arm/proofs/word_divstep59.ml @@ -1023,7 +1023,7 @@ let WORD_DIVSTEP59_CORRECT = prove (MAYCHANGE [PC; X0; X1; X2; X3; X4; X5; X6; X7; X7; X8; X9; X10; X11; X12; X13; X14; X15; X16] ,, MAYCHANGE [memory :> bytes(m,32)] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, X_GEN_TAC `m:int64` THEN MAP_EVERY (fun t -> GEN_REWRITE_TAC I [FORALL_IVAL_GEN] THEN diff --git a/arm/proofs/word_max.ml b/arm/proofs/word_max.ml index 5b5b006c..b904c311 100644 --- a/arm/proofs/word_max.ml +++ b/arm/proofs/word_max.ml @@ -34,7 +34,7 @@ let WORD_MAX_CORRECT = prove (\s. read PC s = word(pc + 0x8) /\ C_RETURN s = word_umax a b) (MAYCHANGE [PC; X0] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`a:int64`; `b:int64`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN ARM_SIM_TAC WORD_MAX_EXEC (1--2) THEN POP_ASSUM_LIST(K ALL_TAC) THEN diff --git a/arm/proofs/word_min.ml b/arm/proofs/word_min.ml index 704db3d3..1422571f 100644 --- a/arm/proofs/word_min.ml +++ b/arm/proofs/word_min.ml @@ -34,7 +34,7 @@ let WORD_MIN_CORRECT = prove (\s. read PC s = word(pc + 0x8) /\ C_RETURN s = word_umin a b) (MAYCHANGE [PC; X0] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`a:int64`; `b:int64`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN ARM_SIM_TAC WORD_MIN_EXEC (1--2) THEN POP_ASSUM_LIST(K ALL_TAC) THEN diff --git a/arm/proofs/word_negmodinv.ml b/arm/proofs/word_negmodinv.ml index cf08b593..83954f5b 100644 --- a/arm/proofs/word_negmodinv.ml +++ b/arm/proofs/word_negmodinv.ml @@ -67,7 +67,7 @@ let WORD_NEGMODINV_CORRECT = prove (\s. read PC s = word(pc + 0x30) /\ (ODD(val a) ==> (val a * val(C_RETURN s) + 1 == 0) (mod (2 EXP 64)))) - (MAYCHANGE [PC; X0; X1; X2])`, + (MAYCHANGE [PC; X0; X1; X2] ,, MAYCHANGE [events])`, W64_GEN_TAC `a:num` THEN X_GEN_TAC `pc:num` THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN] THEN ENSURES_SEQUENCE_TAC `pc + 0xc` diff --git a/arm/proofs/word_popcount.ml b/arm/proofs/word_popcount.ml index 1b5c4352..b5e86b81 100644 --- a/arm/proofs/word_popcount.ml +++ b/arm/proofs/word_popcount.ml @@ -41,7 +41,7 @@ let WORD_POPCOUNT_CORRECT = prove C_ARGUMENTS [a] s) (\s. read PC s = word(pc + 0x28) /\ C_RETURN s = word(word_popcount a)) - (MAYCHANGE [PC; X0; X1])`, + (MAYCHANGE [PC; X0; X1] ,, MAYCHANGE [events])`, MAP_EVERY X_GEN_TAC [`a:int64`; `pc:num`] THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN ARM_SIM_TAC WORD_POPCOUNT_EXEC (1--10) THEN diff --git a/arm/proofs/word_recip.ml b/arm/proofs/word_recip.ml index f5364fe2..7765741f 100644 --- a/arm/proofs/word_recip.ml +++ b/arm/proofs/word_recip.ml @@ -75,7 +75,7 @@ let WORD_RECIP_CORRECT = prove ==> &2 pow 64 + &(val(C_RETURN s)) < &2 pow 128 / &(val a) /\ &2 pow 128 / &(val a) <= &2 pow 64 + &(val(C_RETURN s)) + &1)) (MAYCHANGE [PC; X0; X1; X2; X3; X4] ,, - MAYCHANGE SOME_FLAGS)`, + MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events])`, X_GEN_TAC `a:int64` THEN X_GEN_TAC `pc:num` THEN REWRITE_TAC[C_ARGUMENTS; C_RETURN; SOME_FLAGS] THEN diff --git a/arm/tutorial/bignum.ml b/arm/tutorial/bignum.ml index 591067a6..a445b6d7 100644 --- a/arm/tutorial/bignum.ml +++ b/arm/tutorial/bignum.ml @@ -73,7 +73,8 @@ let BIGNUM_SPEC = prove( (\s. read PC s = word retpc /\ read X0 s = word (if a = b then 1 else 0)) // Registers (and memory locations) that may change after execution - (MAYCHANGE [PC;X0;X2;X3;X4;X5] ,, MAYCHANGE SOME_FLAGS)`, + (MAYCHANGE [PC;X0;X2;X3;X4;X5] ,, MAYCHANGE SOME_FLAGS ,, + MAYCHANGE [events])`, REPEAT STRIP_TAC THEN (* Convert 'bignum_from_memory' into 'memory :> bytes (..)'. diff --git a/arm/tutorial/branch.ml b/arm/tutorial/branch.ml index d14720a6..284cdfcc 100644 --- a/arm/tutorial/branch.ml +++ b/arm/tutorial/branch.ml @@ -51,7 +51,9 @@ let branch_SPEC = prove( read X0 s = word_umax (word a) (word b)) // Registers (and memory locations) that may change after execution. // ',,' is composition of relations. - (MAYCHANGE [PC;X0] ,, MAYCHANGE SOME_FLAGS)`, + (MAYCHANGE [PC;X0] ,, MAYCHANGE SOME_FLAGS ,, + // Branch instructions raise observable microarchitectural events! + MAYCHANGE [events])`, (* Strips the outermost universal quantifier from the conclusion of a goal *) REPEAT STRIP_TAC THEN (* ENSURES_FINAL_STATE_TAC does not understand SOME_FLAGS in MAYCHANGE. Let's diff --git a/arm/tutorial/loop.ml b/arm/tutorial/loop.ml index d890a5b5..0fb56c44 100644 --- a/arm/tutorial/loop.ml +++ b/arm/tutorial/loop.ml @@ -48,7 +48,9 @@ let loop_SPEC = prove( (\s. read PC s = word retpc /\ read X0 s = word 20) // Registers (and memory locations) that may change after execution - (MAYCHANGE [PC;X0;X1] ,, MAYCHANGE SOME_FLAGS)`, + (MAYCHANGE [PC;X0;X1] ,, MAYCHANGE SOME_FLAGS ,, + // Branch instructions raise observable microarchitectural events! + MAYCHANGE [events])`, (* Unravel ARM flag registers! *) REWRITE_TAC[SOME_FLAGS] THEN REPEAT STRIP_TAC THEN diff --git a/arm/tutorial/memory.ml b/arm/tutorial/memory.ml index 44e66c8e..3e3f3275 100644 --- a/arm/tutorial/memory.ml +++ b/arm/tutorial/memory.ml @@ -52,7 +52,9 @@ let memory_SPEC = prove( // ',,' is composition of relations. (MAYCHANGE [PC;X2;X3] ,, // The memory locations may change. Record this. - MAYCHANGE [memory :> bytes64 (word loc0); memory :> bytes64 (word loc1)])`, + MAYCHANGE [memory :> bytes64 (word loc0); memory :> bytes64 (word loc1)] ,, + // Memory instructions raise observable microarchitectural events! + MAYCHANGE [events])`, (* Convert 'nonoverlapping' into 'nonoverlapping_modulo' and rewrite 'LENGTH memory_mc' with the concrete number. *) diff --git a/arm/tutorial/rel_equivtac.ml b/arm/tutorial/rel_equivtac.ml index ba599fa6..ef48c23f 100644 --- a/arm/tutorial/rel_equivtac.ml +++ b/arm/tutorial/rel_equivtac.ml @@ -84,9 +84,11 @@ let equiv_goal = mk_equiv_statement_simple eqin (* Input state equivalence *) eqout (* Output state equivalence *) mc (* First program machine code *) - `MAYCHANGE [PC; X10; X11; X12] ,, MAYCHANGE [memory :> bytes (outbuf, 8)]` + `MAYCHANGE [PC; X10; X11; X12] ,, MAYCHANGE [memory :> bytes (outbuf, 8)] ,, + MAYCHANGE [events]` mc2 (* Second program machine code *) - `MAYCHANGE [PC; X20; X21; X22] ,, MAYCHANGE [memory :> bytes (outbuf, 8)]`;; + `MAYCHANGE [PC; X20; X21; X22] ,, MAYCHANGE [memory :> bytes (outbuf, 8)] ,, + MAYCHANGE [events]`;; (* equiv_goal is: `forall pc pc2 inbuf outbuf. @@ -107,11 +109,13 @@ let equiv_goal = mk_equiv_statement_simple eqout (s,s2) outbuf) (\(s,s2) (s',s2'). (MAYCHANGE [PC; X10; X11; X12] ,, - MAYCHANGE [memory :> bytes (outbuf,8)]) + MAYCHANGE [memory :> bytes (outbuf,8)] ,, + MAYCHANGE [events]) s s' /\ (MAYCHANGE [PC; X20; X21; X22] ,, - MAYCHANGE [memory :> bytes (outbuf,8)]) + MAYCHANGE [memory :> bytes (outbuf,8)] ,, + MAYCHANGE [events]) s2 s2') (\s. 4) @@ -191,4 +195,4 @@ let EQUIV = prove(equiv_goal, let org_convs = !extra_word_CONV;; extra_word_CONV := (GEN_REWRITE_CONV I [])::org_convs;; ``` -*) \ No newline at end of file +*) diff --git a/arm/tutorial/rel_loop.ml b/arm/tutorial/rel_loop.ml index 5d8d5c05..1c99d9b3 100644 --- a/arm/tutorial/rel_loop.ml +++ b/arm/tutorial/rel_loop.ml @@ -57,8 +57,8 @@ let LOOP_EQUIV = prove( (?k. read X2 s1 = k /\ read X2 s2 = k)) // State components that may change. (\(s1,s2) (s1',s2'). - (MAYCHANGE [PC;X0;X2] ,, MAYCHANGE SOME_FLAGS) s1 s1' /\ - (MAYCHANGE [PC;X0;X2] ,, MAYCHANGE SOME_FLAGS) s2 s2') + (MAYCHANGE [PC;X0;X2] ,, MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]) s1 s1' /\ + (MAYCHANGE [PC;X0;X2] ,, MAYCHANGE SOME_FLAGS ,, MAYCHANGE [events]) s2 s2') // The number of small steps of the 'left' program and 'right' program. (\s. 4 * n - 1) (\s. 5 * n - 1)`, diff --git a/arm/tutorial/rel_reordertac.ml b/arm/tutorial/rel_reordertac.ml index 50d532bd..84fcba1f 100644 --- a/arm/tutorial/rel_reordertac.ml +++ b/arm/tutorial/rel_reordertac.ml @@ -101,9 +101,9 @@ let equiv_goal = mk_equiv_statement_simple eqin (* Input state equivalence *) eqout (* Output state equivalence *) mc (* First program machine code *) - `MAYCHANGE [PC; X10] ,, MAYCHANGE [memory :> bytes (outbuf, 16)]` + `MAYCHANGE [PC; X10] ,, MAYCHANGE [memory :> bytes (outbuf, 16)] ,, MAYCHANGE [events]` mc2 (* Second program machine code *) - `MAYCHANGE [PC; X10; X11] ,, MAYCHANGE [memory :> bytes (outbuf, 16)]`;; + `MAYCHANGE [PC; X10; X11] ,, MAYCHANGE [memory :> bytes (outbuf, 16)] ,, MAYCHANGE [events]`;; (* equiv_goal is: `forall pc pc2 inbuf outbuf. @@ -124,11 +124,13 @@ let equiv_goal = mk_equiv_statement_simple eqout (s,s2) inbuf outbuf) (\(s,s2) (s',s2'). (MAYCHANGE [PC; X10] ,, - MAYCHANGE [memory :> bytes (outbuf,16)]) + MAYCHANGE [memory :> bytes (outbuf,16)] ,, + MAYCHANGE [events]) s s' /\ (MAYCHANGE [PC; X10; X11] ,, - MAYCHANGE [memory :> bytes (outbuf,16)]) + MAYCHANGE [memory :> bytes (outbuf,16)] ,, + MAYCHANGE [events]) s2 s2') (\s. 6) @@ -182,4 +184,4 @@ let EQUIV = prove(equiv_goal, (** SUBGOAL 2. Maychange pair **) MONOTONE_MAYCHANGE_CONJ_TAC - ]);; \ No newline at end of file + ]);; diff --git a/codebuild/proofs.yml b/codebuild/proofs.yml index da9d1034..631ddbe9 100644 --- a/codebuild/proofs.yml +++ b/codebuild/proofs.yml @@ -11,7 +11,7 @@ phases: - opam init --disable-sandboxing # Build HOL Light - cd ${CODEBUILD_SRC_DIR_hol_light} - - git checkout 4eef6f604636cea7e0a22d287cc015d8fd116b5f + - git checkout c5e165f85dfb340a786dabd1073a24aa421dd61b - make switch-5 - eval $(opam env) - echo $(ocamlc -version) diff --git a/codebuild/sematests.yml b/codebuild/sematests.yml index 1898967d..182c33c2 100644 --- a/codebuild/sematests.yml +++ b/codebuild/sematests.yml @@ -14,7 +14,7 @@ phases: - opam init --disable-sandboxing # Build HOL Light - cd ${CODEBUILD_SRC_DIR_hol_light} - - git checkout 4eef6f604636cea7e0a22d287cc015d8fd116b5f + - git checkout c5e165f85dfb340a786dabd1073a24aa421dd61b - make switch-5 - eval $(opam env) - echo $(ocamlc -version) diff --git a/common/equiv.ml b/common/equiv.ml index bb828151..28b07f29 100644 --- a/common/equiv.ml +++ b/common/equiv.ml @@ -653,7 +653,7 @@ let ABBREV_READS_TAC (readth,readth2:thm*thm) (forget_expr:bool):tactic = (* If lhs is PC update, don't abbrevate it. Or, if rhs is already a variable, don't abbreviate it again. Don't try to prove the rhs of eq2. *) - if is_read_pc lhs || is_var rhs + if is_read_pc lhs || is_read_events lhs || is_var rhs then MAP_EVERY STRIP_ASSUME_TAC [readth;readth2] else let vname = mk_fresh_temp_name() in @@ -706,7 +706,7 @@ let ABBREV_READ_TAC (eqth:thm) (append_to:thm list ref):tactic = (* eq is: `read elem s = e` *) let lhs,rhs = dest_eq eq in (* If lhs is PC update, don't abbrevate it *) - if is_read_pc lhs then ASSUME_TAC eqth + if is_read_pc lhs || is_read_events lhs then ASSUME_TAC eqth else if get_read_component lhs = None then failwith "LHS is not read ..?" else let vname = mk_fresh_temp_name() in diff --git a/common/for_hollight.ml b/common/for_hollight.ml index 7a05ac30..a7fe945b 100644 --- a/common/for_hollight.ml +++ b/common/for_hollight.ml @@ -224,3 +224,129 @@ let BITMATCH_MEMO_CONV = failwith (sprintf "BITMATCH_MEMO_CONV: match failed: 0x%x" (Num.int_of_num nn)) end | _ -> failwith "BITMATCH_MEMO_CONV";; + + +(* ------------------------------------------------------------------------- *) +(* A term rewriter for extracting out a bitmatch subexpression and defining *) +(* it as a new constant. This is useful when BITMATCH_MEMO_CONV does not work*) +(* well. When the bitmatch uses the matching input variable inside its body *) +(* as well, BITMATCH_MEMO_CONV cannot work well because the body changes. *) +(* For example, *) +(* `bitmatch w with | [pattern] -> ...(w)... | [pattern] -> ...(w) | ...` *) +(* if w is instantiated with `word 0x12345678`, *) +(* the result is *) +(* `bitmatch (word 0x12345678) with | [pattern] -> ..(word 0x12345678) | ..`*) +(* This cannot hit the cache inside BITMATCH_MEMO_CONV unless `w` has exactly*) +(* been instantiated as the same value in the past. *) +(* ------------------------------------------------------------------------- *) + +(** Given a term t, + (1) Find the innermost bitmatch expression of t, + (2) Replace the innermost bitmatch expression with a new temporarily named + constant, and also create a definition between the constant and the + bitmatch expression + (3) create a conversion that takes "opaque_const const_word" and reduces + it using a decision tree of bitmatch. + Returns: Some (|-t=t', opaque_def, opaque_def arity, + |-opaque_def=bitmatch.., ) where t' is t with + the innermost bitmatch replaced iwth the opaque definition. +**) +let conceal_bitmatch: term -> (thm * term * int * thm * conv) option = + (* Find bitmatch that does not have another bitmatch as a subterm + If found, return (the bitmatch, bitmatch's input variable). + *) + let rec find_bitmatch (t:term): (term*term) option = + match t with + | Var(_,_) -> None + | Const(_,_) -> None + | Abs(_,y) -> find_bitmatch y + | Comb(x,y) -> begin + let t1 = find_bitmatch x in + if t1 <> None then t1 else + let t2 = find_bitmatch y in + if t2 <> None then t2 else + match x with + | Comb(Const("_BITMATCH", _), Var(_,_)) -> Some (t,rand x) + | _ -> None + end in + let fast_bitmatch_id = ref 0 in + fun t -> + match find_bitmatch t with + | None -> None (* No bitmatch found *) + | Some (bm,bvar) -> begin + (* Create a new opaque bitmatch definition *) + let newname = "__opaque_bitmatch_" ^ (string_of_int !fast_bitmatch_id) in + let _ = fast_bitmatch_id := !fast_bitmatch_id + 1 in + + (* Collect free variables. *) + let the_freevars = frees bm in + (* Position the first input parameter of bitmatch as the first argument + of the new opaque constant. *) + let the_freevars = filter (fun t -> t <> bvar) the_freevars in + let args = bvar::the_freevars in + let argtys = map type_of args in + + let newty = itlist mk_fun_ty argtys (type_of bm) in + let newdef_lhs = list_mk_comb (mk_var(newname,newty),args) in + let new_abbrev = new_definition(mk_eq(newdef_lhs, bm)) in + + (* Create a pos tree (decision tree) *) + let _, tr = bm_build_pos_tree bm in + + let bitwidth = Num.int_of_num (dest_finty (dest_word_ty (type_of bvar))) in + + let new_reducer:conv = fun tm -> + if not (is_comb tm) then failwith "not comb" else + let c,args = strip_comb tm in + match c,args with + | Const(the_name,_), ((Comb(Const("word",ty),n_tm))::args') + when the_name = newname -> + let nn = dest_numeral n_tm in + let n = dest_small_numeral n_tm in + let arr = Array.init bitwidth (fun i -> Some (n land (1 lsl i) != 0)) in + let th = hd (snd (snd (get_dt arr tr))) in + begin try + let ls, th' = inst_bitpat_numeral (hd (hyp th)) nn in + (GEN_REWRITE_CONV I [new_abbrev] THENC + GEN_REWRITE_CONV I [PROVE_HYP th' (INST ls th)]) tm + with _ -> + failwith (sprintf "conceal_bitmatch: match failed: 0x%x" n) + end + | _ -> failwith "" in + Some ((REWRITE_CONV[GSYM new_abbrev] t), mk_const(newname,[]), + length args, new_abbrev, new_reducer) + end;; + +(* Examples: + let Some (th,opaqueconst,arity,oth,reducer) = conceal_bitmatch (concl arm_logop);; + + Output: + val th : thm = + |- (forall opc N Rd Rn Rm. + arm_logop opc N Rd Rn Rm = + (bitmatch opc with + [0:2] -> SOME ((if N then arm_BIC else arm_AND) Rd Rn Rm) + | [1:2] -> SOME ((if N then arm_ORN else arm_ORR) Rd Rn Rm) + | [2:2] -> SOME ((if N then arm_EON else arm_EOR) Rd Rn Rm) + | [3:2] -> SOME ((if N then arm_BICS else arm_ANDS) Rd Rn Rm))) <=> + (forall opc N Rd Rn Rm. + arm_logop opc N Rd Rn Rm = __opaque_bitmatch_92 opc N Rd Rn Rm) + val opaqueconst : term = `__opaque_bitmatch_92` + val arity : int = 5 + val oth : thm = + |- forall opc N Rd Rn Rm. + __opaque_bitmatch_92 opc N Rd Rn Rm = + (bitmatch opc with + [0:2] -> SOME ((if N then arm_BIC else arm_AND) Rd Rn Rm) + | [1:2] -> SOME ((if N then arm_ORN else arm_ORR) Rd Rn Rm) + | [2:2] -> SOME ((if N then arm_EON else arm_EOR) Rd Rn Rm) + | [3:2] -> SOME ((if N then arm_BICS else arm_ANDS) Rd Rn Rm)) + val reducer : conv = (* a conversion that reduces `__opaque_bitmatch_92 ..`. *) + + Other examples: + conceal_bitmatch (concl arm_movop);; + conceal_bitmatch (concl arm_lsvop);; + conceal_bitmatch (concl decode_shift);; + conceal_bitmatch (concl decode_extendtype);; + conceal_bitmatch (concl decode);; +*) \ No newline at end of file diff --git a/common/misc.ml b/common/misc.ml index a370fc06..67585f27 100644 --- a/common/misc.ml +++ b/common/misc.ml @@ -14,17 +14,6 @@ needs "Library/pocklington.ml";; needs "Library/rstc.ml";; needs "Library/words.ml";; -(* ------------------------------------------------------------------------- *) -(* A function that checks no axiom was introduced from s2n-bignum *) -(* ------------------------------------------------------------------------- *) - -let check_axioms () = - let basic_axioms = [INFINITY_AX; SELECT_AX; ETA_AX] in - let l = filter (fun th -> not (mem th basic_axioms)) (axioms()) in - if l <> [] then - let msg = "[" ^ (String.concat ", " (map string_of_thm l)) ^ "]" in - failwith ("Unknown axiom exists: " ^ msg);; - (* ------------------------------------------------------------------------- *) (* Additional list operations and conversions on them. *) (* ------------------------------------------------------------------------- *) diff --git a/x86/Makefile b/x86/Makefile index c3ffffbb..9ad603f0 100644 --- a/x86/Makefile +++ b/x86/Makefile @@ -506,6 +506,9 @@ tutorial/rel_simp.native: tutorial/rel_simp2.o build_proofs: $(PROOF_BINS); +# Conservatively check that there is no redefinition of "check_axioms" +# '-I' excludes binary files (*.native). + ! grep -RI "check_axioms" . ../common/ --exclude="Makefile" build_tutorial: $(TUTORIAL_OBJ) $(TUTORIAL_PROOF_BINS); run_proofs: build_proofs $(PROOF_LOGS); diff --git a/x86/proofs/equiv.ml b/x86/proofs/equiv.ml index b952fe1c..d0eee17c 100644 --- a/x86/proofs/equiv.ml +++ b/x86/proofs/equiv.ml @@ -10,6 +10,7 @@ needs "x86/proofs/base.ml";; needs "common/equiv.ml";; + (* ------------------------------------------------------------------------- *) (* eventually_n_at_pc states that if pre/postconditions at pc/pc2 are *) (* satisfied at nth step, you can 'promote' eventually to eventually_n. *) diff --git a/x86/proofs/x86.ml b/x86/proofs/x86.ml index 97892ab7..6faec677 100644 --- a/x86/proofs/x86.ml +++ b/x86/proofs/x86.ml @@ -2510,6 +2510,10 @@ let is_read_rip t = (* For compatibility with is_read_pc in Arm *) let is_read_pc = is_read_rip;; +(* returns true if t is `read events `. + Currently this always returns false because x86 does not have events. *) +let is_read_events (t:term) = false;; + (*** decode_ths is an array from int offset i to *** Some `|- !s pc. bytes_loaded s pc *_mc *** ==> x86_decode s (word (pc+i)) (..inst..)`