Skip to content

[F* lib] Tls codec panic freedom #1742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

[F* lib] Tls codec panic freedom #1742

wants to merge 8 commits into from

Conversation

@maximebuyse
Copy link
Contributor

F* core lib changes necessary for panic freedom of TLS codec:

  • Some additions, and corrections (like the error type of integer TryInto instances which can be Infallible or TryFromIntError depending on the integer types.
  • Corrections for while loops and invariants
  • F* backend change: distribute type coertions inside each component of a tuple instead of having a coertion on the tuple type (helps F* type checking)

@maximebuyse maximebuyse requested a review from a team as a code owner October 20, 2025 12:47
@maximebuyse maximebuyse requested review from W95Psp and clementblaudeau and removed request for W95Psp October 20, 2025 12:47
@maximebuyse maximebuyse changed the title Tls codec panic freedom [F* lib] Tls codec panic freedom Oct 20, 2025
clementblaudeau
clementblaudeau reviewed Oct 22, 2025
View reviewed changes
Copy link
Contributor

@clementblaudeau clementblaudeau left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Two points might need to be documented :

  1. Why do you need to replace some res by true ==> res ?
  2. Why inverting condition and invariant in functionalize_loops ? It might affect other backends

engine/lib/phases/phase_functionalize_loops.ml
let variant = UB.make_closure [ bpat ] variant variant.span in
UB.call fold_operator
[ condition; invariant; variant; init; body ]
[ invariant; condition; variant; init; body ]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the motivation here ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sometimes there are computations in the loop condition that can be proven panic free only using the invariant, this means in our encoding the invariant should come first so that it can be assumed to hold inside the condition.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understood. This will probably require some updates in the Lean Lib though (the Fold functions). Ping me if you want me to do it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is only for while loops, the lean backend produces Rust_primitives.Hax.while_loop, but I don't find the definition in the Lean lib. Is it because it is just not defined?

@maximebuyse
Copy link
Contributor Author

Looks good. Two points might need to be documented :

1. Why do you need to replace some `res` by `true ==> res` ?

2. Why inverting condition and invariant in `functionalize_loops` ? It might affect other backends

Thanks for the review. I answered in threads. I will probably remove the commented code, there are also some more things I want to add to this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@clementblaudeau clementblaudeau Awaiting requested review from clementblaudeau

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maximebuyse @clementblaudeau