https://github.com/EasyCrypt/easycrypt
Revision 3f4a0bd5596888cd8d28b97687d477942187aa5f authored by Pierre-Yves Strub on 11 June 2022, 06:10:21 UTC, committed by Adrien Koutsos on 13 June 2022, 09:22:31 UTC
Loops' epilogs must now be deterministic and loop/calls-free.
This forbids the following unsoundness:
```
require import AllCore DBool.
module E = {
var i,j : int
proc foo () = {
var c;
i <- 0;
j <- 0;
c <- false;
while (!c) {
i <- i + 1;
j <- j + 1;
c <$ {0,1};
}
return i = j;
}
proc bar () = {
var c;
i <- 0;
j <- 0;
c <- false;
while (!c) {
i <- i + 1;
c <$ {0,1};
}
c <- false;
while (!c) {
j <- j + 1;
c <$ {0,1};
}
return i = j;
}
}.
equiv bad : E.foo ~ E.bar : true ==> ={res}.
proof.
proc.
fission{1} 4!1 @1,2. by sim.
qed.
```
Fix #210
1 parent b9af81d
Tip revision: 3f4a0bd5596888cd8d28b97687d477942187aa5f authored by Pierre-Yves Strub on 11 June 2022, 06:10:21 UTC
In loop fusion/fission, add more constraints on the epilog
In loop fusion/fission, add more constraints on the epilog
Tip revision: 3f4a0bd
| File | Mode | Size |
|---|---|---|
| ChaChaPoly | ||
| MEE-CBC | ||
| UC | ||
| cost | ||
| cramer-shoup | ||
| incomplete | ||
| old | ||
| plug-and-pray | ||
| prg-tutorial | ||
| to-port | ||
| Dice4_6.ec | -rw-r--r-- | 2.8 KB |
| FundamentalLemma.ec | -rw-r--r-- | 2.1 KB |
| PIR.ec | -rw-r--r-- | 12.8 KB |
| PRG.ec | -rw-r--r-- | 16.9 KB |
| Pedersen.ec | -rw-r--r-- | 5.0 KB |
| SchnorrPK.ec | -rw-r--r-- | 4.8 KB |
| Upto.ec | -rw-r--r-- | 4.8 KB |
| WhileSampling.ec | -rw-r--r-- | 702 bytes |
| async-while.ec | -rw-r--r-- | 1.8 KB |
| br93.ec | -rw-r--r-- | 26.4 KB |
| elgamal.ec | -rw-r--r-- | 3.1 KB |
| hashed_elgamal_generic.ec | -rw-r--r-- | 8.0 KB |
| hashed_elgamal_std.ec | -rw-r--r-- | 6.3 KB |
| vonNeumann.eca | -rw-r--r-- | 3.0 KB |
Computing file changes ...
