Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wow let's formally verify the solc optimizer #47

Open
wants to merge 110 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
110 commits
Select commit Hold shift + click to select a range
6ce35e6
end.cage-deficit typo
rainbreak Jul 12, 2019
3b42add
end.cage remove lemmas
rainbreak Jul 12, 2019
97c8efb
end.cage timeouts
rainbreak Jul 12, 2019
f1a3441
end.cage: add lemmas and preconditions
rainbreak Jul 12, 2019
06accab
end.cage: missing vars and ranges
rainbreak Jul 12, 2019
8e7d7f1
end.cage: vow.vat == end.vat
rainbreak Jul 12, 2019
0f47c81
add fail gas estimation for drip of {Jug, Pot}
mhhf Jul 12, 2019
991f8ce
lemmas; how I think they should be
MrChico Jul 10, 2019
2e53ba7
flush some dirty lemmas to resources.k
MrChico Jul 11, 2019
22a5773
end.cage: vow=/=vat in all cases
rainbreak Jul 12, 2019
ab36b19
big timeouts for remaining proofs
rainbreak Jul 12, 2019
dcc76b4
end.skip: missing vat,ilk matching
rainbreak Jul 12, 2019
1d0774d
frob-same typos
rainbreak Jul 12, 2019
1cb538c
bite: vat,ilk matching assumption
rainbreak Jul 12, 2019
aeff513
update to new dapp build output
rainbreak Jul 12, 2019
0be1b17
rename posMinSInt256 to pow255
rainbreak Jul 12, 2019
8795adf
whitespace
rainbreak Jul 13, 2019
863712b
subuu, adduu lemmas
MrChico Jul 13, 2019
599d200
frob-same long timeout
rainbreak Jul 13, 2019
0b51f25
dirty_lemmas: lemma for SDIV with negative second arg
MrChico Jul 13, 2019
aeb869e
end.cage: incorrect lemma name, iff
rainbreak Jul 14, 2019
bbcb3f4
lemmas: remove bad SDIV lemma
MrChico Jul 14, 2019
21b00c5
vat.frob-diff, flapper.tend extra long timeouts
rainbreak Jul 14, 2019
0db94b3
dss.md: try to fix End.skip spec
livnev Jul 14, 2019
fc0e1c4
fix drip fail gas
mhhf Jul 15, 2019
50f1b41
rules.k: SDIV with positive second argument lemma
MrChico Jul 15, 2019
2c676dc
config: increased memory for hard proofs
rainbreak Jul 15, 2019
339f725
dss.md/End.skip: add Rate_i condition for mului
livnev Jul 15, 2019
07542b1
timeouts: bite
rainbreak Jul 15, 2019
573c272
bite: grab preconditions
rainbreak Jul 15, 2019
74762ad
bite: constrain cat gem balance
rainbreak Jul 16, 2019
205ae90
bite: kick preconditions
rainbreak Jul 16, 2019
0171539
timeouts: skip
rainbreak Jul 16, 2019
34eada9
DSToken.transferFrom: don't assume src =/= CALLER_ID
MrChico Jul 17, 2019
8b5df14
correct a -Word lemma and add a -Word lemma
MrChico Jul 17, 2019
6aad5b2
add some dirty lemas which might solve some stuff
mhhf Jul 17, 2019
4d70b6b
adapt lemmas to new arith. normalform
mhhf Jul 19, 2019
edba713
dirty_lemmas: simplify 0 <= X >= 0 to X == 0
MrChico Jul 19, 2019
e897a75
change martin rules to solve constrains on the z3 level
mhhf Jul 20, 2019
b6def59
fix drip lemma
mhhf Jul 20, 2019
1d4b4cc
update some dirty lemmas, i totally screwed up once
mhhf Jul 21, 2019
afe4d77
fix codependend stuff in drip of Jug
mhhf Jul 21, 2019
6bb5a88
inRangeSInt( 0 -Int X) if X <= pow255
MrChico Jul 21, 2019
6bdadf2
dss: End.skim: switch position of Art_iu and Rate
MrChico Jul 21, 2019
b106396
add rule for drip of Jug
mhhf Jul 21, 2019
771f582
remove redundant rule
mhhf Jul 21, 2019
750850f
oops
mhhf Jul 21, 2019
b858c5b
Remove bad rule in dirty lemmaS
MrChico Jul 22, 2019
0c60237
adapt some 0 - X lemmas
mhhf Jul 22, 2019
0115eb2
Flipper is not Vat in skip
mhhf Jul 22, 2019
02ee7a9
support reasoning about A == 0 from z3 to k
mhhf Jul 22, 2019
77de191
jug.drip: remove redundant iff, add fold lemma
rainbreak Jul 24, 2019
452c02c
end.skim,bail: redundant iff conditions
rainbreak Jul 24, 2019
863ff49
long timeouts/memory for cat.bite,end.cage
rainbreak Jul 24, 2019
42129cd
desperatelly try to make skip of End work
mhhf Jul 23, 2019
9d85dee
fix drip of jug pass gas
mhhf Jul 24, 2019
61a071e
Cat_bite-full_pass improvement
mhhf Jul 25, 2019
f6729b5
End_cage*_fail_rough gas lemmas to speed up gas lemma speedup
mhhf Jul 26, 2019
d31c425
do stuff
mhhf Jul 26, 2019
2717a9b
cat.bite: correct min branching, int ranges
rainbreak Jul 26, 2019
f374109
fuck you gas expressions, i'll do it the dirty way
mhhf Jul 27, 2019
00b07d9
typo in bite-full of Cat
mhhf Jul 27, 2019
ee00c86
cat.bite-full typo
rainbreak Jul 27, 2019
a8935a0
cat bite-lump should be run as well
mhhf Jul 27, 2019
0728449
fix typo in skip of End
mhhf Jul 28, 2019
22566e6
increase timeout for cat_bite pass
mhhf Jul 28, 2019
008d6b8
Add lemmas for Vat_fork-same_fail and extend gas reach simplification
mhhf Jul 29, 2019
a670da5
redo Cat_bite-lump_pass due to gas
mhhf Jul 29, 2019
b577571
give End_skip_pass room to breathe
mhhf Jul 29, 2019
2b554b9
dafuq are you doing End_skip_fail_rough?
mhhf Jul 29, 2019
e4e8c80
Cat_bite-full_fail_rough dirty lemmas
mhhf Jul 29, 2019
4149528
Cat_bite-lump_fail - biggest spec ever
mhhf Jul 29, 2019
762686a
vat.frob: remove redundant condition
rainbreak Jul 29, 2019
56f8d4d
vat.frob: split specs on dink,dart!=0
rainbreak Jul 29, 2019
5193ac0
vat.frob-diff distinct names
rainbreak Jul 29, 2019
fe041cd
fork-same longer timeout
rainbreak Jul 29, 2019
cf74079
dss: bump to fixed frob
MrChico Jul 30, 2019
88e8f47
dss: bump to include external functions
rainbreak Jul 30, 2019
944bfd5
bump dss for real
rainbreak Jul 30, 2019
3795ee5
dirty_lemmas: correct sgninterp lemma range
MrChico Aug 1, 2019
86ded61
split frob-same on dart==0
rainbreak Aug 2, 2019
a8df014
bump dss
rainbreak Aug 3, 2019
2f62c18
rate != 0 for initialised ilks
rainbreak Aug 3, 2019
9c8778e
specialise skip to nonzero tab / rate
rainbreak Aug 3, 2019
f64dd21
Revert "bump dss"
rainbreak Aug 3, 2019
b36edfb
bump dss
rainbreak Aug 3, 2019
a735b8f
remove unused vars
rainbreak Aug 3, 2019
088acdf
further specialise frob-same
rainbreak Aug 3, 2019
27a0244
timeouts
rainbreak Aug 3, 2019
4214b3a
match frob-diff and frob-same layout
rainbreak Aug 3, 2019
c50c35e
remove excess conditions
rainbreak Aug 3, 2019
d80732c
longer timeouts
rainbreak Aug 3, 2019
f133147
skim,bail: remove redundant conditions
rainbreak Aug 4, 2019
7ce177c
more memory for skim,bail
rainbreak Aug 4, 2019
c50d8ca
skip: remove redundant conditions
rainbreak Aug 4, 2019
19799d5
skip: remove redundant condition
rainbreak Aug 4, 2019
afd7dac
lemma for skim, bail rate * -art
rainbreak Aug 6, 2019
0cd07e8
Revert "skip: remove redundant condition"
rainbreak Aug 6, 2019
0942633
timeouts
rainbreak Aug 6, 2019
2742a8b
another skim lemma
rainbreak Aug 6, 2019
13783ab
be explicit with skim,bail term
rainbreak Aug 6, 2019
7414be6
skim lemma matching
rainbreak Aug 7, 2019
e0f379c
frob zero-dink
rainbreak Aug 7, 2019
769908d
explicit lemma for skim,bail
rainbreak Aug 7, 2019
413de94
fix bite-full of Cat lemma dirty, hope this will work
mhhf Aug 13, 2019
939c16e
bite: use explicit int range
rainbreak Aug 14, 2019
dcdf34c
bite: force lemma application with no preconditions
rainbreak Aug 14, 2019
009b4fe
remove unrestricted lemma
mhhf Aug 15, 2019
d8040c0
Makefile: enable solc optimizer when building
livnev Aug 21, 2019
61bfbbc
flush dirty_lemmas.k.md
livnev Aug 23, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ all: dapp spec
dapp:
dapp --version
git submodule update --init --recursive
cd $(DAPP_DIR) && dapp --use solc:0.5.9 build && cd ../
cd $(DAPP_DIR) && SOLC_FLAGS="--optimize --optimize-runs 1000000" dapp --use solc:0.5.9 build && cd ../

dapp-clean:
cd $(DAPP_DIR) && dapp clean && cd ../
Expand Down
137 changes: 87 additions & 50 deletions config.json
Original file line number Diff line number Diff line change
Expand Up @@ -14,87 +14,124 @@
},
"implementations": {
"Vat": {
"solc_output": "./dss/out/vat.sol.json"
"src": "src/vat.sol"
},
"Vow": {
"src": "src/vow.sol"
},
"Dai": {
"solc_output": "./dss/out/dai.sol.json"
"src": "src/dai.sol"
},
"Jug": {
"solc_output": "./dss/out/jug.sol.json"
"src": "src/jug.sol"
},
"Pot": {
"solc_output": "./dss/out/pot.sol.json"
},
"Vow": {
"solc_output": "./dss/out/vow.sol.json"
"src": "src/pot.sol"
},
"Cat": {
"solc_output": "./dss/out/cat.sol.json"
"src": "src/cat.sol"
},
"GemJoin": {
"solc_output": "./dss/out/join.sol.json"
"src": "src/join.sol"
},
"DaiJoin": {
"solc_output": "./dss/out/join.sol.json"
},
"VatLike": {
"name" : "Vat",
"solc_output": "./dss/out/vat.sol.json"
},
"VowLike": {
"name" : "Vow",
"solc_output": "./dss/out/vow.sol.json"
"src": "src/join.sol"
},
"Flipper": {
"solc_output": "./dss/out/flip.sol.json"
"src": "src/flip.sol"
},
"Flopper": {
"solc_output": "./dss/out/flop.sol.json"
"src": "src/flop.sol"
},
"Flapper": {
"solc_output": "./dss/out/flap.sol.json"
"src": "src/flap.sol"
},
"DSToken": {
"solc_output": "./dss/out/test/vat.t.sol.json"
"src": "lib/ds-token/src/token.sol"
},
"End": {
"solc_output": "./dss/out/end.sol.json"
"src": "src/end.sol"
},
"DSValue": {
"solc_output": "./dss/out/test/end.t.sol.json"
"src": "lib/ds-value/src/value.sol"
},
"Spotter": {
"solc_output": "./dss/out/spot.sol.json"
"src": "src/spot.sol"
}
},
"split_fail":[
],
"timeouts": {
"Vat_grab_pass_rough": "4h",
"Vat_grab_fail_rough": "4h",
"Vat_frob-diff_pass_rough": "4h",
"Vat_frob-diff_fail_rough": "4h",
"Vat_fork-diff_pass_rough": "4h",
"Vat_fork-diff_fail_rough": "4h",
"Vat_fork-same_pass_rough": "4h",
"Vat_fork-same_fail_rough": "4h",
"End_free_pass_rough": "3.5h",
"End_skim_pass_rough": "3h",
"End_skim_fail_rough": "4h",
"End_bail_pass_rough": "3h",
"End_bail_fail_rough": "4h",
"End_skip_pass_rough": "4h",
"End_skip_fail_rough": "4h",
"Flipper_dent_fail_rough": "6h",
"Flopper_dent_fail_rough": "4h",
"Flipper_tend_fail_rough": "8h",
"Flapper_tend_fail_rough": "12h",
"Flapper_deal_fail_rough": "8h",
"Pot_drip_fail_rough": "5m",
"Jug_drip_fail_rough": "5m",
"Vow_cage-surplus_fail_rough": "8h",
"Vow_cage-deficit_fail_rough": "8h",
"Vow_cage-balance_fail_rough": "8h"
"Vat_grab_pass_rough": "16h",
"Vat_grab_fail_rough": "16h",
"Vat_frob-diff-nonzero_pass_rough": "16h",
"Vat_frob-diff-nonzero_fail_rough": "2d",
"Vat_frob-diff-zero-dink_pass_rough": "16h",
"Vat_frob-diff-zero-dink_fail_rough": "2d",
"Vat_frob-diff-zero-dink_pass": "36h",
"Vat_frob-diff-zero-dart_pass_rough": "16h",
"Vat_frob-diff-zero-dart_fail_rough": "2d",
"Vat_frob-diff-zero_pass_rough": "16h",
"Vat_frob-diff-zero_fail_rough": "2d",
"Vat_frob-same-nonzero_pass_rough": "16h",
"Vat_frob-same-nonzero_fail_rough": "2d",
"Vat_frob-same-zero-dink_pass_rough": "16h",
"Vat_frob-same-zero-dink_fail_rough": "2d",
"Vat_frob-same-zero-dink_pass": "2d",
"Vat_frob-same-zero-dart_pass_rough": "16h",
"Vat_frob-same-zero-dart_fail_rough": "2d",
"Vat_frob-same-zero_pass_rough": "16h",
"Vat_frob-same-zero_fail_rough": "2d",
"Vat_fork-diff_pass_rough": "16h",
"Vat_fork-diff_fail_rough": "16h",
"Vat_fork-same_pass_rough": "16h",
"Vat_fork-same_fail_rough": "2d",
"Cat_bite-full_pass_rough": "3d",
"Cat_bite-full_pass": "3d",
"Cat_bite-full_fail_rough": "3d",
"Cat_bite-lump_pass_rough": "3d",
"Cat_bite-lump_pass": "46h",
"Cat_bite-lump_fail_rough": "3d",
"End_free_pass_rough": "16h",
"End_skim_pass_rough": "16h",
"End_skim_fail_rough": "24h",
"End_bail_pass_rough": "16h",
"End_bail_fail_rough": "24h",
"End_skip_pass_rough": "42h",
"End_skip_pass": "42h",
"End_skip_fail_rough": "36h",
"Flipper_dent_fail_rough": "16h",
"Flopper_dent_fail_rough": "16h",
"Flipper_tend_fail_rough": "16h",
"Flapper_tend_fail_rough": "2d",
"Flapper_deal_fail_rough": "16h",
"Pot_drip_fail_rough": "16h",
"Jug_drip_fail_rough": "16h",
"Vow_cage-surplus_fail_rough": "16h",
"Vow_cage-deficit_fail_rough": "16h",
"Vow_cage-balance_fail_rough": "16h",
"End_cage-surplus_fail_rough": "35h",
"End_cage-deficit_fail_rough": "35h",
"End_cage-balance_fail_rough": "35h"
},
"memory" : {
"Vat_frob-diff-nonzero_fail_rough": "25G",
"Vat_frob-diff-zero-dink_fail_rough": "20G",
"Vat_frob-diff-zero-dart_fail_rough": "20G",
"Vat_frob-diff-zero_fail_rough": "20G",
"Vat_frob-same-nonzero_fail_rough": "25G",
"Vat_frob-same-zero_fail_rough": "25G",
"Flapper_tend_fail_rough": "20G",
"Cat_bite-full_pass_rough": "22G",
"Cat_bite-full_pass": "22G",
"Cat_bite-full_fail_rough": "30G",
"Cat_bite-lump_pass_rough": "22G",
"Cat_bite-lump_pass": "22G",
"Cat_bite-lump_fail_rough": "35G",
"End_skip_pass_rough": "20G",
"End_skip_fail_rough": "20G",
"End_skim_fail_rough": "20G",
"End_bail_fail_rough": "20G"
},
"dapp_root": "./dss",
"host": "127.0.0.1:8080"
Expand Down
2 changes: 1 addition & 1 deletion dss
Submodule dss updated 14 files
+1 −9 README.md
+12 −12 src/cat.sol
+10 −10 src/dai.sol
+33 −33 src/end.sol
+11 −11 src/flap.sol
+10 −10 src/flip.sol
+10 −10 src/flop.sol
+13 −13 src/join.sol
+9 −9 src/jug.sol
+9 −9 src/pot.sol
+8 −8 src/spot.sol
+15 −12 src/test/vat.t.sol
+19 −19 src/vat.sol
+20 −20 src/vow.sol
139 changes: 0 additions & 139 deletions src/dirty_lemmas.k.md
Original file line number Diff line number Diff line change
@@ -1,142 +1,3 @@
This is an example for rules that won't affect the proof hashes
this should be "flushed" once in a while to the real lemmas.k file

```k
rule WM[ N := #take(X, WS) ] => WM [ N := #asByteStackInWidth(#asWord(#take(X, WS)), X) ]

rule 1 |Int bool2Word(X) => 1

rule bool2Word(X) |Int 1 => 1

rule 1 &Int bool2Word(X) => bool2Word(X)

rule bool2Word(X) &Int 1 => bool2Word(X)

syntax Int ::= "posMinSInt256"
rule posMinSInt256 => 57896044618658097711785492504343953926634992332820282019728792003956564819968 [macro] /* 2^255 */

rule 0 -Word X => #unsigned(0 -Int X)
requires 0 <=Int X
andBool X <=Int posMinSInt256
/*
proof:

1) rule W0 -Word W1 => chop( (W0 +Int pow256) -Int W1 ) requires W0 <Int W1
2) rule chop ( I:Int ) => I modInt pow256 [concrete, smt-lemma]
3) rule W0 -Word W1 => chop( W0 -Int W1 ) requires W0 >=Int W1

Assume X != 0:

0 < X : 0 -W X =(1)=> chop( pow256 - X )
0 < pow256 - X < pow256 : chop( pow256 - X ) =(2)=> pow256 - X

Assume X == 0:

0 == X : 0 -W 0 =(3)=> chop( 0 - 0 )
*/


// rule 0 <Int #signed(#if X ==K 0 #then 0 #else pow256 -Int X #fi) => false
// requires 0 <=Int X
// andBool X <=Int posMinSInt256

/*
4) rule #signed(DATA) => DATA
requires 0 <=Int DATA andBool DATA <=Int maxSInt256

5) rule #signed(DATA) => DATA -Int pow256
requires maxSInt256 <Int DATA andBool DATA <=Int maxUInt256


Assume X == 0:
s(0) =(4)=> 0

Assume 0 < X <= posMinSInt256(2^255):

a) posMinSInt256(2^255) = maxSInt256(2^255 - 1) + 1

proof pow255 - 1 < pow256(2^256) - X <= pow256 - 1:
proof pow255 - 1 < pow256 - X
-pow255 - 1 < - X |-pow256
X < pow255 + 1 |*-1
X <= pow255
X <= posMinSInt256

proof pow256 - X <= pow256 - 1
-X <= -1 |-pow256
1 <= X |*-1


need: 0 <= X < maxSInt256


*/


rule #range(WS [ X := #padToWidth(32, Y) ], Z, 32, WSS) => #range(WS, Z, 32, WSS)
requires Z +Int 32 <Int X

// possibly wrong but i'll keep using it as a hack
rule #sizeWordStack(#range(WS, Y, Z, WSS), 0) => Z

//assume ecrec returns an address
rule maxUInt160 &Int #symEcrec(MSG, V, R, S) => #symEcrec(MSG, V, R, S)

rule 0 <=Int #symEcrec(MSG, V, R, S) => true
rule #symEcrec(MSG, V, R, S) <Int pow256 => true


syntax IntList ::= bytesToWords ( WordStack ) [function]
// --------------------------------------------------------------
rule bytesToWords ( WS )
=> #asWord(#take(#sizeWordStack(WS) modInt 32, WS)) byteStack2IntList(#drop(#sizeWordStack(WS) modInt 32, WS))
requires #sizeWordStack(WS) modInt 32 >Int 0
rule bytesToWords ( WS ) => byteStack2IntList(WS)
requires #sizeWordStack(WS) modInt 32 ==Int 0
rule keccak(WS) => keccakIntList(bytesToWords(WS))
requires ( notBool #isConcrete(WS) )
andBool notBool( #sizeWordStack(WS) modInt 32 ==Int 0)


rule chop(A +Int B) >Int A => (A +Int B <=Int maxUInt256)
requires #rangeUInt(256, A)
andBool #rangeUInt(256, B)

rule chop(X +Int (pow256 +Int Y)) >Int X => X +Int Y <Int 0
requires #rangeUInt(256, X)
andBool #rangeSInt(256, Y)
andBool Y <Int 0

rule chop(X *Int (pow256 +Int Y)) => X *Int (pow256 +Int Y)
requires #rangeSInt(256, X *Int Y)
andBool #rangeUInt(256, X)
andBool #rangeSInt(256, Y)

// todo: useful?
rule 0 <Int #signed(X) => #rangeSInt(256, X)
requires #rangeUInt(256, X)

// todo: useful?
rule X -Word Y <Int X => Y <Int X
requires #rangeUInt(256, X)
andBool #rangeUInt(256, Y)

// todo: useful?
rule (X -Word (Y *Int (pow256 +Int Z)) <Int X) => (X -Int (Y *Int (pow256 +Int Z)) >=Int 0)
requires #rangeUInt(256, X)
andBool #rangeUInt(256, Y *Int (pow256 +Int Z))

// todo: useful?
rule X -Word Y >Int X => Y >Int X
requires #rangeUInt(256, X)
andBool #rangeUInt(256, Y)

rule chop(chop(X *Int Y) /Int Y) ==K X => X *Int Y <=Int maxUInt256
requires #rangeUInt(256, X)
andBool #rangeUInt(256, Y)

rule notBool(A -Word (pow256 +Int B) <Int A) => (A -Int B >=Int minUInt256)
requires #rangeUInt(256, A)
andBool #rangeSInt(256, B)
andBool B <Int 0
```
Loading