Another example for eHoare #845
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
namasikanam
force-pushed
the
eHoare-example
branch
2 times, most recently
from
43a5833 to
f7fcac0
Compare
namasikanam
force-pushed
the
eHoare-example
branch
from
f7fcac0 to
3161c60
Compare
namasikanam
force-pushed
the
eHoare-example
branch
from
3161c60 to
966efa8
Compare
strub
requested changes
Jan 10, 2026
namasikanam
force-pushed
the
eHoare-example
branch
from
966efa8 to
5fdfc42
Compare
A comprehensive example covering most functionality and features can be found in `examples/docgen/docgenbasic.ec` In short, the command-line syntax is as follows: `easycrypt docgen [-outdir <output-directory>] <source-file>`
add tests for conseq equiv phoare
* reduce in t_hF_or_bhF_or_eF * add reduction in call tactic
…a more robust pattern
All code that relates to module replacement is now usused and has been removed.
This commit makes the warning flags now explicit for the dev/ci environments and use the same set of warning flags for both of them. This will allow us to catch more warnings in the CI. For the release environment, we now use the default set of flags. As a side effect, this commit fixes the pretty printing of local variables (the actual code was not using the printing environment anymore to get the display name)
Currently, if the top-assumption is not an hypothesis, we let an low-tactic error message do escape. We now write a proper error message before this happens.
Check modules in types + properly classify declared modules as declared
ECO version is now 4. The trace field is optional. The -trace command line option triggers the trace recording in the generated .eco file.
The second goal generated from byehoare is unsound, in which the procedure arguments are bound in a free memory. This is a small bug introduced in #789 . We need to use the default memory (hr) of the program.
This logic is deliberately slightly less expressive than the one it replaces, which does not hinder usability in any cryptographic context, with the hope that it is simpler to maintain and verify.
Uses Sphinx + an extension that generates proofs viewable and navigable directly in the browser.
The spelling 'instanciate' is only acknowledged in the Wiktionary, while all other dictionaries prefer the spelling with a 't'. ex.: https://dictionary.cambridge.org/dictionary/english/instantiate
…ports fix: perform positivity check in type arguments of type constructors test: add a simple test file for positivity checking.
namasikanam
force-pushed
the
eHoare-example
branch
from
88ed518 to
7a76e83
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Another example for eHoare (done with @mzini). This example considers a nested loop which uniformly samples a boolean matrix of size$n \times m$ , and proves that the probably of sampling any boolean matrix of size $n \times m$ is no more than $2 ^ {- n \times m}$ .
My original purpose for this example was to figure out a game hopping in a big proof, but it turned out that this game hopping is not needed. But I think this is a good example for demonstrating how to do proof in eHoare.