-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathverify_compiled_refinement.sh
More file actions
executable file
·158 lines (129 loc) · 4.93 KB
/
verify_compiled_refinement.sh
File metadata and controls
executable file
·158 lines (129 loc) · 4.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
#!/usr/bin/env bash
set -euo pipefail
ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
OUT_DIR="${COMPILED_REFINEMENT_OUT_DIR:-$ROOT_DIR/target/compiled-refinement}"
if [[ "$OUT_DIR" != /* ]]; then
OUT_DIR="$ROOT_DIR/$OUT_DIR"
fi
cd "$ROOT_DIR"
mkdir -p "$OUT_DIR"
require_file() {
local primary="$1"
local fallback="$2"
local label="$3"
if [[ -f "$primary" ]]; then
printf '%s\n' "$primary"
return 0
fi
if [[ -f "$fallback" ]]; then
printf '%s\n' "$fallback"
return 0
fi
echo "missing $label; run 'opam exec -- bash ./build_extraction.sh' or download the Coq CI artifact first" >&2
exit 1
}
COQ_VECTORS="$(require_file "formal/coq/extraction/coq_vectors.json" "coq_vectors.json" "Coq golden vectors")"
COQ_VARINT="$(require_file "formal/coq/extraction/coq_varint_refinement.json" "coq_varint_refinement.json" "Coq varint refinement summary")"
COQ_WITNESS="$(require_file "formal/coq/extraction/coq_witness_refinement.json" "coq_witness_refinement.json" "Coq witness refinement summary")"
echo "Building release refinement executables..."
cargo build --release \
--example generate_golden_vectors \
--example generate_varint_refinement \
--example generate_witness_refinement
RELEASE_EXAMPLES="$ROOT_DIR/target/release/examples"
RUST_VECTORS="$OUT_DIR/rust_vectors.release.json"
RUST_VARINT="$OUT_DIR/rust_varint_refinement.release.json"
RUST_WITNESS="$OUT_DIR/rust_witness_refinement.release.json"
CERTIFICATE="$OUT_DIR/compiled_refinement_certificate.json"
"$RELEASE_EXAMPLES/generate_golden_vectors" > "$RUST_VECTORS"
"$RELEASE_EXAMPLES/generate_varint_refinement" > "$RUST_VARINT"
"$RELEASE_EXAMPLES/generate_witness_refinement" > "$RUST_WITNESS"
python3 - "$COQ_VECTORS" "$COQ_VARINT" "$COQ_WITNESS" "$RUST_VECTORS" "$RUST_VARINT" "$RUST_WITNESS" "$CERTIFICATE" "$ROOT_DIR" <<'PY'
import hashlib
import json
import os
import platform
import subprocess
import sys
from pathlib import Path
(
coq_vectors_path,
coq_varint_path,
coq_witness_path,
rust_vectors_path,
rust_varint_path,
rust_witness_path,
certificate_path,
root_dir,
) = sys.argv[1:]
root = Path(root_dir)
def load_json(path):
with open(path, "r", encoding="utf-8") as handle:
return json.load(handle)
comparisons = {
"golden_vectors": (load_json(coq_vectors_path), load_json(rust_vectors_path)),
"varint_refinement": (load_json(coq_varint_path), load_json(rust_varint_path)),
"witness_refinement": (load_json(coq_witness_path), load_json(rust_witness_path)),
}
for name, (coq_value, rust_value) in comparisons.items():
if coq_value != rust_value:
print(f"=== COMPILED REFINEMENT MISMATCH: {name} ===")
print(f"Coq: {coq_value}")
print(f"Rust: {rust_value}")
sys.exit(1)
def command_output(*args):
return subprocess.check_output(args, cwd=root, text=True).strip()
def sha256(path):
h = hashlib.sha256()
with open(path, "rb") as handle:
for chunk in iter(lambda: handle.read(1024 * 1024), b""):
h.update(chunk)
return h.hexdigest()
tracked_inputs = [
"Cargo.lock",
"Cargo.toml",
"src/encoding.rs",
"src/kani_proofs.rs",
"src/lib.rs",
"src/params.rs",
"formal/coq/VarintConcrete.v",
"formal/coq/extraction/WitnessExtraction.v",
"formal/coq/extraction/witness_refinement.ml",
"formal/coq/extraction/varint_refinement.ml",
"examples/generate_golden_vectors.rs",
"examples/generate_varint_refinement.rs",
"examples/generate_witness_refinement.rs",
]
release_binaries = [
"target/release/examples/generate_golden_vectors",
"target/release/examples/generate_varint_refinement",
"target/release/examples/generate_witness_refinement",
]
generated_outputs = [
Path(rust_vectors_path).relative_to(root),
Path(rust_varint_path).relative_to(root),
Path(rust_witness_path).relative_to(root),
]
certificate = {
"validation": "compiled-artifact PO-8 translation validation",
"scope": {
"claim": "release binaries produce the same refinement summaries as the Coq-extracted artifacts over the modeled PO-8 domains",
"non_claim": "this is not a proof of rustc, LLVM, linker, CPU, or OS correctness",
},
"toolchain": {
"rustc": command_output("rustc", "-Vv"),
"cargo": command_output("cargo", "-Vv"),
"host": platform.platform(),
},
"inputs": {path: sha256(root / path) for path in tracked_inputs if (root / path).exists()},
"release_binaries": {path: sha256(root / path) for path in release_binaries},
"generated_outputs": {str(path): sha256(root / path) for path in generated_outputs},
"comparisons": {name: "match" for name in comparisons},
}
with open(certificate_path, "w", encoding="utf-8") as handle:
json.dump(certificate, handle, indent=2, sort_keys=True)
handle.write("\n")
print("=== SUCCESS ===")
print("Compiled release binaries match Coq-extracted PO-8 refinement artifacts.")
print(f"Certificate: {certificate_path}")
PY