-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Refactor extraction to build an easycrypt AST, then pretty-print it. #846
Conversation
The fixes to the testing infrastructure should be moved to a different PR (and merged quickly). The removal of extraction for safety deserves a changelog entry and misses some cleaning in the |
@bgregoir, to answer your question. Yes, this PR is interesting for the changes I'm doing in the EC extraction for checking soundness of the Cryptoline approach. I think it will make the code much cleaner. Maybe a little remark that came to me while looking at the code: I don't really understand why the |
@lyonel2017 Thanks for spotting this, it should be removed. The back-story is that the current change tries very hard to replicate the output of the previous extraction in order to make sure to not break the logic somewhere, since I have not seen a way to test the extraction. The newline is an artifact of this, but should indeed be removed (along with a few idiosyncrasies in the pretty-printing). |
Some additional remarks.
|
@lyonel2017 Thanks for the feedback. I have basically no experience with OCaml, any suggestion is welcome. If I understand correctly, for Regarding the types for identifier of variables and record, tuples, and modules access, how would that look like? For the use of functors to manage Normal vs ConstantTime, that's a bit how it was done before, which resulted in a lot of code duplication. It's definitely possible to do better using that technique, but I fear that it makes the code overall a bit more complex. Something I'd like to do before merging this PR is to minimize differences between between Normal and ConstantTime modes. Many of these differences are actually artifacts of how code evolved in two modules, producing different (but semantically equivalent) outputs, and until now I tried to avoid changing the output. In the end, I propose to revisit the functor question once this cleanup is done. |
type ec_type = ...
type ec_op = ...
type ec_var = {
var_name = string
var_type = ec_type
}
type ec_expr =
...
| Efun of (ec_var list) * ec_expr
| Eproj of ec_expr * int (* projection of tuple *)
| Evar of ec_var
| Eop of ec_op
| Eapp of ec_expr * ec_expr list
... Record access uses a projection operator in EC, if I've understood correctly (maybe wrong). The case is therefore taken into account by
module type Model = sig
....
val assign : env -> lval -> expr -> instr
...
end.
module Normal : Model = struct
....
let assign env l e =
let e = toec_cast env (ty_lval lv) e in
[toec_lval1 env lv e]
....
end.
module ConstantTime : Model = struct
....
let assign env l e =
let tys = [ty_expr e] in
(ec_leaks_e env e) @
ec_call env [lv] tys tys (toec_expr env e)
....
end.
module EC (M: Model) = struct
.....
and toec_instr asmOp env i =
match i.i_desc with
| Cassgn (lv, _, _, (Parr_init _ as e)) ->
(ec_leaks_e env e) @
[toec_lval1 env lv (ec_ident "witness")]
| Cassgn (lv, _, _, e) -> M.assign env lv e
| .......
....
end |
@vbgl This has now been rebased following last week's discussion (first step of the plan). I think that it's best to merge this PR in its current state, and defer further cleanups/improvements to future PRs. For future reference, possible improvements are:
|
This prepares for pretty-printing easycrypt code based on an AST. (We will ensure that the AST-based pretty-printing produces exactly the same output as the current pretty-printing.)
This allows to simplify the code and make it easier to extend.
The main commit is the last one (
31b149b7
) and does not change the extracted.ec
for all test cases (besides the amount of whitespace).The first 4 commits prepare for testing the changes, then
9a26005f
fixes a bug in the extraction,d0b25cdb
removes the unused safety extraction, and4957f20f
changes the parentheses and whitespace (the code from that commit is completely over-written in31b149b7
, but that allows to check that31b149b7
is a no-op).I left the option for setting the pretty-printing width (
205e83c2
) and the comparison test scripts (0db786d3
), but they can be removed if deemed not useful.cc @bgregoir