List of all "un-alignments":

• infinite loops

Please feel free to comment if you notice anything that seems to belong to this list

Currently, the compile times are pretty bad, and there's almost no incrementally while compiling.
There are a lot of ML modules lacking a signature, so that is probably the reason.

Plan transition from v1 to v2.

• start transition when all hacspec/specs are passing
• repository names
• update website
• update book
• archiving old version

• binary releases for ocaml
  Though those binaries are not static. Though for distribution, we also release JS.
• build ocaml from cargo we actually don't want to do this any longer

related to #43

High level diagram of hacspec architecture and organisation.

wip: https://github.com/hacspec/hacspec-v2/blob/franziskus/architecture-v1/architecture.excalidraw

There seems to be an issue with the unification of spans. The following code fails in the "Desugar_direct_and_mut" phase.

pub fn a_test () {

}

pub fn b_test () {
    a_test()
}

This is because List.reduce_exn is given an empty list.

In the future, we may expect backends in the HOL theorem provers, agda/lean/idris and haskell/ocaml, ...

Would it be worth making the target language explicit?
I'm also thinking of projects like

https://www.gilith.com/opentheory/
and
deducti
that are trying to provide cross prover technology.

Just a suggestion to also link to the DeterminateSystems Nix installer in the readme as it comes with flake support preconfigured.

Track progress of the hacspec linter, linting for the hacspec subset.

The language definition right now is in the book.

• refine syntax
• document syntax
• write syntax tests
• implement linter for this syntax

• add a check to script.sh that node is in PATH
• figure out what is the minimal version VERSION of nodejs so that engine/utils/ocaml_of_json_schema/ocaml_of_json_schema.js works
• add a check to script.sh that node is at least version VERSION

Two traits in the same namespace in Rust can share method names.
This is not true in some backends (for instance F*).

We need a phase that globally adds prefixes or suffixes to such methods whose name collides.

The F* case

In F*, a trait is translated as a typeclass. F* treats typeclasses as records, but generates a top-level let for each field (aka trait methods), with an implicit meta argument that takes care of resolving the correct instance when called.

The issue is thus that two typeclasses sharing a method name will attempt to generate two let bindings with the same name.

If we have #20, we can stop relying on F* typeclasses entirely and this issue will disappear.

Add support for parsing secret_bytes and secret_arrays.

Have a fork of the rust playground with an option for running Hax for a given backend. (I have some WIP proto, but it's very outdated)

Another option would be to write something from scratch, maybe that would be easier.

Make a custom playground dedicated to running Hax.

I already have a prototype for this. Would need half a day to make it work, and a bit more to make it nice.

Currently there is no easy way of grouping recursive items from a backend.
However, the feature is already implemented in module engine/lib/dependencies.ml.

Related to that, there is #396.
But this is completely orthogonal: we should still have a simple way for backends to view a set of items as a set of recursive bundles.

Thus, this issue is about exposing a function item list -> item list list using what already exists in engine/lib/dependencies.ml.

The frontend browses items of a crate in an order that causes this bug.
Some data in the Rust compiler is kept in a Steal, which is basically a box whose content can be stolen, that is pulled out of the memory (rustc uses arenas)

Thus, the order in which we browse the crate to export every item matters: sometimes I inspect things that happens to be stolen before because of some previous inspections.
This is particularly true for constants, it seems.

Status: mostly fixed

• @geonnave's bug (#27 (comment)) is fixed
• @franziskuskiefer's bug (#27 (comment)) is fixed

However, I tried Hax on core, and I get new stolen stuff. Thus, there exists some scenarios in which this still fails.

This issue is about any expression that can yield an early return: ?, return, continue, break.

The engine has a module side_effect_utils.ml that deals with any expression with side effects: its approach is to hoist every side effect within an expression.

After applying this side effect phase, expressions are trees with let, if, match, loop nodes, and the side-effects occur only on rhs of lets.

Note early return is one of the different possible side effects. Also, one cannot rewrite early returns without considering other side effects: for instance, early returns can interact badly with mutation.

From there:

• CfIntoMonads lifts early return bottom up into various monads.
• we also want a phase that attempts to restructure control flow, to push early returns to end positions.

Road map

• resugar questions marks (Rustc rewrite ? with returns);
• add a phase that transforms early returns into monadic constructions;
  • test this monadic phase;
  • fix bugs;
• add a phase that attempts at reformulating control flow to avoid early returns (i.e. we'd better do if c {return e1} return e2 -> return (if c {e1} {e2}) than a monadic transformation) (see #393 and #254);
• wrap the monadic and reformulation phase into another phase that decides heuristically which looks best.
• support continue/return within loops: #196

Original issue

This is related to the question mark operator, since e? actually expands to a match whose one branch is a return statement.

TODOs:

• add a phase that transforms early returns into monadic constructions;
• fix the current monadic encoding #399;
• add a phase that attempts at reformulating control flow to avoid early returns (i.e. we'd better do if c {return e1} return e2 -> return (if c {e1} {e2}) than a monadic transformation) (see #393);
• add a phase that tries both monadic and control-flow reformulation phases and decides heuristically which seems better;
• figure out how to translate code containing the ? operator nicely (some resugaring?).

We could also go a step further and use something like bors.

Originally posted by @franziskuskiefer in #57 (comment)

I tried to build the docker image on a mac m1 and got the following:

$ docker build -f .docker/Dockerfile . -t hacspec-v2
 => [2/6] COPY . /circus-sources
 => [3/6] RUN cd /circus-sources && git init && git add .
 => ERROR [4/6] RUN nix-env -iA cachix -f https://cachix.org/api/v1/install
------
 > [4/6] RUN nix-env -iA cachix -f https://cachix.org/api/v1/install:
#8 1.244 installing 'cachix-1.3.3'
#8 1.479 copying path '/nix/store/6yjms3wa9f2hrpmbzk7ivm1s9jz2m0sw-busybox-static-x86_64-unknown-linux-musl-1.36.0' from 'https://cache.nixos.org'...

(... truncated ...)

#8 12.65 copying path '/nix/store/aly587hv5cyjsbl0fy4ps3lyy7r8cr8n-cachix-1.3.3' from 'https://cache.nixos.org'...
#8 14.67 error: unable to load seccomp BPF program: Invalid argument
#8 14.67 (use '--show-trace' to show detailed location information)
------
executor failed running [/bin/sh -c nix-env -iA cachix -f https://cachix.org/api/v1/install]: exit code: 1

Possible solution

In this issue I learned that it could be fixed by adding filter-syscalls = false to nix.conf (which indeed makes the build work).

A possible solution is to modify the Dockerfile as follows (although it does not seem super safe to disable filter-syscalls).

diff --git a/.docker/Dockerfile b/.docker/Dockerfile
index 0a46de5..e960589 100644
--- a/.docker/Dockerfile
+++ b/.docker/Dockerfile
@@ -3,6 +3,8 @@

 FROM nixpkgs/nix-flakes

+RUN [ "$(uname)" = Darwin ] && echo "filter-syscalls = false" >> /etc/nix/nix.conf
+
 # Prepare the sources
 COPY . /circus-sources
 RUN cd /circus-sources && git init && git add .

Versions

• Mac M1, MacOS Ventura 13.2.1 (22D68)
• Docker version 20.10.24, build 297e128

Add documentation how to get started with this repository.

Documentation

• readme
• blog: https://github.com/hacspec/blog | https://hacspec.org/blog/
• website: https://github.com/hacspec/hacspec.github.io | https://hacspec.org/
• book: https://github.com/hacspec/book | https://hacspec.org/book/
• rust docs: on all crates, especially on cargo-hax
• ocaml docs (see issue #436)
• examples & demos: https://github.com/hacspec/hax/tree/main/examples

Tasks

• installation instructions
• cli instructions
• update/replace book
  • User
    • Examples
    • Tutorials
    • Proofs
      • F*
      • Coq
      • libcore
  • Contributing
    • Structure
    • Cargo command
    • Frontend
    • Engine
    • Backends
    • Utilities
    • Library & Macros
    • libcore
• Architecture & Design technical documentation
• Architecture & Design blog post
• Update website
• Update readme

We should have both:

• CLI options
• Rust attributes

We should be able to express "everything but foo" and "nothing but foo" (at the module level)

• #51
• #50

Type synonyms are expanded by Rust before we hook in.
We should have a best-effort strategy for recovering as much as possible those synonyms.

Given a type synonym definition and an expanded type, I think it will be relatively easy to check whether the expanded type can be reformulated using the type synonym.
This combined with span information and HIR/surface AST analysis, we should get some nice synonym recovering.

Maybe just resugar when HIR information is available

• define update policy, e.g. update every 3 months
• update GH actions (1.67 -> stable)

For now, the frontend supports only concrete literals, we need arbitrary expressions.

(ordered) Todo list

1. the expr and ty engine AST are currently not mutually recursive, make them mut. rec.
2. update the inlining PPX so that we can easily inline definitions in a let bundle
3. make array type contain an expression
4. update all phases
5. add consts generics everywhere
6. test

• tls_cryptolib (fstar: ❌CE0001¹, coq: ❌CE0001¹)
• hacspec-curve25519 (fstar: ✅, coq: ✅)
• hacspec-chacha20 (fstar: ✅, coq: ✅)
• hacspec-ristretto (fstar: ✅, coq: ✅)
• hacspec-linalg (fstar: ✅, coq: ✅)
• hacspec-merlin (fstar: ❌CE0002², coq: ❌CE0002²)
• hacspec-poly1305 (fstar: ✅, coq: ✅)
• hacspec-chacha20poly1305 (fstar: ✅, coq: ✅)
• hacspec-gimli (fstar: ✅, coq: ✅)
• hacspec-sha1 (fstar: ✅, coq: ✅)
• hacspec-sha256 (fstar: ✅, coq: ✅)
• hacspec-sha3 (fstar: ✅, coq: ✅)
• hacspec-ntru-prime (fstar: ✅, coq: ✅)
• hacspec-riot-bootloader (fstar: ✅, coq: ✅)
• hacspec-riot-runqueue (fstar: ✅, coq: ✅)
• hacspec-hmac (fstar: ✅, coq: ✅)
• hacspec-hkdf (fstar: ✅, coq: ✅)
• hacspec-p256 (fstar: ✅, coq: ✅)
• hacspec-bls12-381 (fstar: ✅, coq: ✅)
• hacspec-ecdsa-p256-sha256 (fstar: ✅, coq: ✅)
• hacspec-aes (fstar: ✅, coq: ✅)
• hacspec-aes-jazz (fstar: ✅, coq: ✅)
• hacspec-gf128 (fstar: ✅, coq: ✅)
• hacspec-aes128-gcm (fstar: ✅, coq: ✅)
• hacspec-bls12-381-hash (fstar: ✅, coq: ✅)
• hacspec-ed25519 (fstar: ✅, coq: ✅)
• hacspec-edwards25519 (fstar: ✅, coq: ✅)
• hacspec-edwards25519-hash (fstar: ✅, coq: ✅)
• hacspec-edwards25519-ecvrf (fstar: ✅, coq: ✅)
• hacspec-rsa-pkcs1 (fstar: ✅, coq: ✅)
• hacspec-bip-340 (fstar: ✅, coq: ✅)
• hacspec-rsa-fdh-vrf (fstar: ✅, coq: ✅)
• hacspec-xor (fstar: ✅, coq: ✅)

We require nodejs as a external dependency (depext), on mac it yielded huge amount of installation, this I disabled it in setup.sh script with the flag assume-depexts on Opam's cli.

But Ubuntu ships a pretty old opam (2.0.5 released in 2019...), which lacks the flag assume-depexts.

Add CI for all parts in this repository to ensure things don't break.

• build & release the toolchain
  • build (without Nix) on:
    • Mac
    • Linux
    • Windows (requires #4)
      opam is not able to install gmp and pkgconf, we need to install those manually in the GH Action
  • JS
  • Using Nix
• run on hacspec/specs
  (that's done using Nix)
• run backends
  • F*
  • Coq

Currently, attributes are translated from the rust compiler to our THIR' JSON file, but we drop them in the module Import_thir in the engine.

• have attributes on item
• have attributes on expression
• have attributes on other specific places (e.g. arms)

ocaml_of_json_schema.js is a script that takes a JSON Schema created by schemars and outputs an OCaml module with type definitions, (yo)JSON serializers and deserializers.

We would like to drop the dependency on NodeJS at build time, so the idea here would be to replace that script with an OCaml (or Rust) program.

• F*
• Coq
• EasyCrypt

The coq backend should at a minimum be able to parse all the examples, that we can do in V2.

Hacspec_lib currently has got some macros that pretend to eat Rust expressions, but this is sort of a lie: it's only tokens that we choose to process, independently to the Rust compiler, as expressions.
Thus, we lose everything semantical from the Rust compiler.
One example is name resolution: we have no way to decide to which namespace belongs a constant for example.

This is related to #22: we should not address this issue unless while redesigning the library, we find we truly need such macros.

• have an error architecture in OCaml & Rust
• make all phases and backends to throw errors properly

Consider the following code:

trait Show {
    fn show(self) -> String;
}
// Let's name this impl. `ShowStr`
impl Show for &str {
    fn show(self) -> String {
        self.to_string()
    }
}
// Let's name this impl. `ShowU8`
impl Show for u8 {
    fn show(self) -> String {
        format!("{}", self)
    }
}
// Let's name this impl. `ShowVec`
impl<T: Show, U: Show> Show for (T, U) {
    fn show(self) -> String {
        format!("({}, {})", self.0.show(), self.1.show())
    }
}

The expression (1, "a").show() is for now translated as a call to the method show of the typeclass/trait Show with argument (1, "a").
Some backends might have no typeclasses or traits, and some (like F*) have typeclasses mechanisms whose inference mechanism is not great.

Thus, we need the frontend to derive the implementation expressions (i.e. ShowVec ShowU8 ShowStr for (1, "a").show()).

Edit: we've got another constraint.
In the engine, we often transform some patterns (i.e. mutation, loops) into function calls that are trait methods.
Thus, maybe we should not do impl resolution in Rust, but on the OCaml side. Or do both: we should anyway export as much info in the frontend, but we'll need to do some impl resolution in the engine.

Status: @sonmarcho has some great prototype for that 🎉

Status (2023-12-21): this was done by #249 on the frontend side, and will be completed in the engine by #372

Start by making everything in hacpsec/specs work with the new lib while getting rid of hacspec specific types like arrays and seqs.

• define core and std parts (feature guarded)
• polynomials
• big int
• array helper
• secret integers/marker

• frontend/diagnostics & frontend/linter: move from diagnostics::error::error_name() to diagnostics::Kind::ErrorName
• engine: move from failwith and custom raises to actual diagnostics

We should have a generic printer for the whole AST (that is, with every feature enabled) to something that looks like Rust, so that it's easy to inspect, for debugging purposes.

External Rust items have no special treatment in the frontend.
We need to collect them to produce interface files in the various backends so that one can provide models in the backends for external crates.
For instance, Hacspec_lib is an external crate, and we would like Circus to generate an interface each backend should implement.

TODO:

• the frontend should collect every item signature for every external crate;
• the frontend should mark which external item is used by the exported crate;
• have an interface generation mode for backends.