Showing preview only (7,061K chars total). Download the full file or copy to clipboard to get everything.
Repository: certikfoundation/deepsea
Branch: master
Commit: 34991fc6bec9
Files: 589
Total size: 81.9 MB
Directory structure:
gitextract_ibtqno7a/
├── .gitignore
├── CompCert-LICENSE.txt
├── README.md
├── binaries/
│ ├── MacOS/
│ │ ├── dsc
│ │ ├── dsc_antchain
│ │ └── minicc
│ └── linux/
│ ├── dsc
│ ├── dsc_antchain
│ └── minicc
├── contracts/
│ ├── amm/
│ │ ├── .csdp.cache
│ │ ├── .lia.cache
│ │ ├── .nia.cache
│ │ ├── .nra.cache
│ │ ├── amm/
│ │ │ ├── RefineAMM.v
│ │ │ ├── _CoqProject
│ │ │ ├── prf.v
│ │ │ ├── prf_int.v
│ │ │ └── subdir.mk
│ │ ├── amm.ds
│ │ ├── cst_man.v
│ │ ├── math_lemma.v
│ │ └── prf_int.v
│ ├── amm-i.wasm
│ ├── amm-i.wat
│ ├── amm-r.wasm
│ ├── amm-r.wat
│ ├── auction/
│ │ ├── auction/
│ │ │ └── FunctionalCorrectness.v
│ │ ├── auction.ds
│ │ ├── auction.wasm
│ │ └── test.js
│ ├── defi/
│ │ ├── amm_dsmodel.ucl
│ │ └── defi.ds
│ ├── fpblind/
│ │ ├── build.sh
│ │ ├── fpblind/
│ │ │ ├── CertiKOS.v
│ │ │ ├── DataTypeOps.v
│ │ │ ├── DataTypes.v
│ │ │ ├── EdsgerIdents.v
│ │ │ ├── LSrcBLINDAUCTION.v
│ │ │ ├── LSrcEVMOPCODE.v
│ │ │ ├── LayerBLINDAUCTION.v
│ │ │ ├── LayerEVMOPCODE.v
│ │ │ ├── Makefile.conf
│ │ │ ├── ObjBlindAuctionCode.v
│ │ │ ├── ObjSimBlindAuction.v
│ │ │ ├── RefineBLINDAUCTION.v
│ │ │ ├── Symbols.v
│ │ │ └── _CoqProject
│ │ ├── fpblind.ds
│ │ ├── fpblind.sol
│ │ ├── prf.v
│ │ ├── prf.v.crashcoqide
│ │ ├── spblind/
│ │ │ ├── CertiKOS.v
│ │ │ ├── DataTypeOps.v
│ │ │ ├── DataTypeProofs.v
│ │ │ ├── DataTypes.v
│ │ │ ├── EdsgerIdents.v
│ │ │ ├── LSimBLINDAUCTION.v
│ │ │ ├── LSimEVMOPCODE.v
│ │ │ ├── LSrcBLINDAUCTION.v
│ │ │ ├── LSrcEVMOPCODE.v
│ │ │ ├── LayerBLINDAUCTION.v
│ │ │ ├── LayerEVMOPCODE.v
│ │ │ ├── Makefile
│ │ │ ├── Makefile.conf
│ │ │ ├── ObjBlindAuctionCode.v
│ │ │ ├── ObjBlindAuctionCodeProofs.v
│ │ │ ├── ObjSimBlindAuction.v
│ │ │ ├── ObjSimEVMOpcode.v
│ │ │ ├── RefineBLINDAUCTION.v
│ │ │ ├── Symbols.v
│ │ │ ├── _CoqProject
│ │ │ ├── extraction/
│ │ │ │ ├── Makefile
│ │ │ │ └── Tester.ml
│ │ │ └── subdir.mk
│ │ └── spblind.ds
│ ├── livevar/
│ │ ├── clash.dot
│ │ ├── livevar.dot
│ │ ├── livevar.ds
│ │ ├── livevar_clash.dot
│ │ └── lv.dot
│ ├── olive/
│ │ ├── Olive.ds
│ │ ├── lockable.ds
│ │ └── test.js
│ ├── simplestorage/
│ │ └── simplestorage.ds
│ ├── swaps/
│ │ ├── build.sh
│ │ ├── impl.v
│ │ ├── prf_setup.v
│ │ ├── swaps_general/
│ │ │ ├── CertiKOS.v
│ │ │ ├── DataTypeOps.v
│ │ │ ├── DataTypeProofs.v
│ │ │ ├── DataTypes.v
│ │ │ ├── EdsgerIdents.v
│ │ │ ├── LSimEVMOPCODE.v
│ │ │ ├── LSimSWAPCONTRACT.v
│ │ │ ├── LSrcEVMOPCODE.v
│ │ │ ├── LSrcSWAPCONTRACT.v
│ │ │ ├── LayerEVMOPCODE.v
│ │ │ ├── LayerSWAPCONTRACT.v
│ │ │ ├── ObjSimDiGraph.v
│ │ │ ├── ObjSimEVMOpcode.v
│ │ │ ├── ObjSimSwapContract.v
│ │ │ ├── ObjSwapContractCode.v
│ │ │ ├── ObjSwapContractCodeProofs.v
│ │ │ ├── RefineSWAPCONTRACT.v
│ │ │ ├── Symbols.v
│ │ │ ├── extraction/
│ │ │ │ ├── Makefile
│ │ │ │ └── Tester.ml
│ │ │ └── subdir.mk
│ │ ├── swaps_general.ds
│ │ ├── swaps_threeway/
│ │ │ ├── extraction/
│ │ │ │ └── Makefile
│ │ │ └── subdir.mk
│ │ ├── swaps_threeway.ds
│ │ └── threeway_prf.v
│ ├── token/
│ │ ├── test.js
│ │ ├── token/
│ │ │ ├── FunctionalCorrectness.v
│ │ │ ├── Invariant.v
│ │ │ ├── Makefile
│ │ │ ├── Makefile.conf
│ │ │ ├── ManualRefinement.v
│ │ │ ├── ObjFixedSupplyTokenCodeProofs.v
│ │ │ ├── RefineFIXEDSUPPLYTOKEN.v
│ │ │ ├── _CoqProject
│ │ │ ├── prf.v
│ │ │ └── subdir.mk
│ │ ├── token.ds
│ │ ├── token.wasm
│ │ └── token.wat
│ └── wasmtest/
│ ├── address/
│ │ ├── address-i.wasm
│ │ ├── address-i.wat
│ │ ├── address-r.wasm
│ │ ├── address-r.wat
│ │ ├── address.ds
│ │ ├── address.js
│ │ └── address_test.js
│ ├── arith/
│ │ ├── arith-i.wasm
│ │ ├── arith-i.wat
│ │ ├── arith-r.wasm
│ │ ├── arith-r.wat
│ │ ├── arith.ds
│ │ └── arith.js
│ ├── asserts/
│ │ ├── asserts-i.wasm
│ │ ├── asserts-i.wat
│ │ ├── asserts-r.wasm
│ │ ├── asserts-r.wat
│ │ ├── asserts.ds
│ │ └── asserts.js
│ ├── builtins/
│ │ ├── builtins-i.wasm
│ │ ├── builtins-i.wat
│ │ ├── builtins-r.wasm
│ │ ├── builtins-r.wat
│ │ ├── builtins.ds
│ │ └── builtins.js
│ ├── events/
│ │ ├── events-i.wasm
│ │ ├── events-i.wat
│ │ ├── events-r.wasm
│ │ ├── events-r.wat
│ │ ├── events.ds
│ │ └── events.js
│ ├── for/
│ │ ├── for-i.wasm
│ │ ├── for-i.wat
│ │ ├── for-r.wasm
│ │ ├── for-r.wat
│ │ ├── for.ds
│ │ └── for.js
│ ├── index.js
│ ├── init-single.sh
│ ├── keccak256/
│ │ ├── keccak256-i.wasm
│ │ ├── keccak256-i.wat
│ │ ├── keccak256-r.wasm
│ │ ├── keccak256-r.wat
│ │ ├── keccak256.ds
│ │ └── keccak256.js
│ ├── layers1/
│ │ ├── layers1-i.wasm
│ │ ├── layers1-i.wat
│ │ ├── layers1-r.wasm
│ │ ├── layers1-r.wat
│ │ ├── layers1.ds
│ │ └── layers1.js
│ ├── lib/
│ │ ├── keccak256.wasm
│ │ ├── keccak256.wat
│ │ ├── wrapper.wasm
│ │ └── wrapper.wat
│ ├── match-int/
│ │ ├── match-int-i.wasm
│ │ ├── match-int-i.wat
│ │ ├── match-int-r.wasm
│ │ ├── match-int-r.wat
│ │ ├── match-int.ds
│ │ └── match-int.js
│ ├── run_test.sh
│ ├── struct/
│ │ ├── struct-i.wasm
│ │ ├── struct-i.wat
│ │ ├── struct-r.wasm
│ │ ├── struct-r.wat
│ │ ├── struct.ds
│ │ └── struct.js
│ ├── testEWASM.sh
│ └── utils.js
├── minic_unittests/
│ ├── basic_constructor.mc
│ ├── comments.mc
│ ├── declarations.mc
│ ├── expressions.mc
│ ├── functions.mc
│ ├── methods.mc
│ ├── statements.mc
│ ├── test_bytecode.sh
│ └── test_parse_and_print.sh
├── src/
│ ├── Edsger/
│ │ ├── abi.ml
│ │ ├── abi.mli
│ │ ├── ast.ml
│ │ ├── ast.mli
│ │ ├── astcommon.ml
│ │ ├── astcommon.mli
│ │ ├── config.h
│ │ ├── coqgen.ml
│ │ ├── dune
│ │ ├── edsger.ml
│ │ ├── lexer.mll
│ │ ├── make_parser.sh
│ │ ├── makefile_model
│ │ ├── metadata.ml
│ │ ├── minicgen.ml
│ │ ├── parser.ml
│ │ ├── parser.mli
│ │ ├── parser.mly
│ │ ├── parsetree.ml
│ │ ├── parsetree.mli
│ │ ├── typecheck.ml
│ │ └── uclidgen.ml
│ ├── Makefile
│ ├── OpenSC/
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── src/
│ │ │ ├── .gitignore
│ │ │ ├── Makefile
│ │ │ ├── abi.ml
│ │ │ ├── ast.ml
│ │ │ ├── dune
│ │ │ ├── example_contract/
│ │ │ │ ├── auction.sc
│ │ │ │ ├── simpleStorage.sc
│ │ │ │ ├── simpleToken.sc
│ │ │ │ ├── test-simpleStorage.js
│ │ │ │ ├── test-simpleToken.js
│ │ │ │ ├── test-token.js
│ │ │ │ ├── test.sc
│ │ │ │ └── token.sc
│ │ │ ├── opensc.ml
│ │ │ ├── parser.mly
│ │ │ ├── sast.ml
│ │ │ ├── scanner.mll
│ │ │ ├── semant.ml
│ │ │ ├── test.ml
│ │ │ ├── test2.ml
│ │ │ ├── test3.ml
│ │ │ ├── test4.ml
│ │ │ ├── testfolder/
│ │ │ │ └── scanner.mll
│ │ │ └── translateMinic.ml
│ │ └── testcase/
│ │ ├── 01_check_var_exist_succ.sc
│ │ ├── 02_check_var_exist_fail.sc
│ │ ├── 03_check_var_duplicate_announce_fail.sc
│ │ ├── 04_check_func_exist_succ.sc
│ │ ├── 05_check_func_exist_fail.sc
│ │ ├── 06_check_func_duplicate_announce_fail.sc
│ │ ├── 07_check_func_duplicate_implement_fail.sc
│ │ ├── 08_check_func_constructor_announce_once_fail.sc
│ │ ├── 09_check_func_constructor_announce_once_fail2.sc
│ │ ├── 10_check_var_in_method_succ.sc
│ │ ├── 11_check_var_duplicate_in_method_fail.sc
│ │ ├── 12_check_var_method_miss_args_fail.sc
│ │ ├── 13_check_var_method_redundant_args_fail.sc
│ │ ├── 14_check_var_args_unmatch_decl_type_fail.sc
│ │ ├── 15_check_var_duplicate_with_global_var_in_args_fail.sc
│ │ ├── 16_check_var_in_method_type_succ.sc
│ │ ├── 17_check_var_in_method_return_type_succ.sc
│ │ ├── 18_check_var_in_method_return_type_fail.sc
│ │ ├── 19_check_binop_add_sub_succ.sc
│ │ ├── 20_check_binop_add_sub_fail.sc
│ │ ├── 21_check_binop_times_divide_succ.sc
│ │ ├── 22_check_binop_times_divide_fail.sc
│ │ ├── 23_check_binop_eq_neq_succ.sc
│ │ ├── 24_check_binop_eq_neq_fail.sc
│ │ ├── 25_check_binop_lgt_rgt_eq_succ.sc
│ │ ├── 26_check_binop_lgt_rgt_eq_fail.sc
│ │ ├── 27_check_binop_and_or_succ.sc
│ │ ├── 28_check_binop_and_or_fail.sc
│ │ ├── 29_check_binop_passign_succ.sc
│ │ ├── 30_check_binop_passign_fail.sc
│ │ ├── 31_check_binop_combine01_succ.sc
│ │ ├── 32_check_binop_combine02_succ.sc
│ │ ├── 33_check_binop_combine03_succ.sc
│ │ ├── 34_check_binop_combine04_succ.sc
│ │ ├── 35_check_map_query_succ.sc
│ │ ├── 36_check_map_id_err_fail.sc
│ │ ├── 37_check_map_not_map_type_fail.sc
│ │ ├── 38_check_map_query_value_miss_fail.sc
│ │ ├── 39_check_map_query_redundant_fail.sc
│ │ ├── 40_check_map_query_wrong_type_fail.sc
│ │ ├── 41_check_map_query_key_type_not_allowed_fail.sc
│ │ ├── 42_check_map_query_assign_succ.sc
│ │ └── 43_check_map_query_assign_unmatch_fail.sc
│ ├── README.md
│ ├── Runtime.v
│ ├── _CoqProject
│ ├── backend/
│ │ ├── AST.v
│ │ ├── AbstractData.v
│ │ ├── Cop.v
│ │ ├── Ctypes.v
│ │ ├── Environments/
│ │ │ ├── AllEnvironments.v
│ │ │ ├── ExtEnv.v
│ │ │ ├── Globalenvs.v
│ │ │ ├── HashEnv.v
│ │ │ └── StackEnv.v
│ │ ├── Events.v
│ │ ├── Expressions/
│ │ │ ├── ExpMiniC.v
│ │ │ ├── ExpStacked.v
│ │ │ └── SemanticsMiniC.v
│ │ ├── GasModel.v
│ │ ├── IndexLib.v
│ │ ├── MachineModel.v
│ │ ├── MachineModelLow.v
│ │ ├── MemoryModel.v
│ │ ├── Options.v
│ │ ├── Smallstep.v
│ │ ├── Statements/
│ │ │ └── StmtMiniC.v
│ │ ├── SymbolicKeccak.v
│ │ ├── TempModel.v
│ │ ├── Values/
│ │ │ ├── HighValues.v
│ │ │ └── LowValues.v
│ │ ├── extraction/
│ │ │ ├── ASM.ml
│ │ │ ├── ASM.mli
│ │ │ ├── AST.ml
│ │ │ ├── AST.mli
│ │ │ ├── Ascii.ml
│ │ │ ├── Ascii.mli
│ │ │ ├── BinInt.ml
│ │ │ ├── BinInt.mli
│ │ │ ├── BinNat.ml
│ │ │ ├── BinNat.mli
│ │ │ ├── BinNums.ml
│ │ │ ├── BinNums.mli
│ │ │ ├── BinNumsExt.ml
│ │ │ ├── BinNumsExt.mli
│ │ │ ├── BinPos.ml
│ │ │ ├── BinPos.mli
│ │ │ ├── BinPosDef.ml
│ │ │ ├── BinPosDef.mli
│ │ │ ├── BuiltinSemanticsExt.ml
│ │ │ ├── BuiltinSemanticsExt.mli
│ │ │ ├── BytecodeExt.ml
│ │ │ ├── Compiled.ml
│ │ │ ├── Compiled.mli
│ │ │ ├── Cop.ml
│ │ │ ├── Cop.mli
│ │ │ ├── CopExt.ml
│ │ │ ├── CopExt.mli
│ │ │ ├── Coqlib.ml
│ │ │ ├── Coqlib.mli
│ │ │ ├── Ctypes.ml
│ │ │ ├── Ctypes.mli
│ │ │ ├── CtypesExt.ml
│ │ │ ├── CtypesExt.mli
│ │ │ ├── Datatypes.ml
│ │ │ ├── Datatypes.mli
│ │ │ ├── DatatypesExt.ml
│ │ │ ├── DatatypesExt.mli
│ │ │ ├── Decimal.ml
│ │ │ ├── Decimal.mli
│ │ │ ├── EVM.ml
│ │ │ ├── EVM.mli
│ │ │ ├── EVMExt.ml
│ │ │ ├── EVMExt.mli
│ │ │ ├── ExpCintptr.ml
│ │ │ ├── ExpCintptr.mli
│ │ │ ├── ExpMiniC.ml
│ │ │ ├── ExpMiniC.mli
│ │ │ ├── ExpStacked.ml
│ │ │ ├── ExpStacked.mli
│ │ │ ├── ExprCompile.ml
│ │ │ ├── ExprCompile.mli
│ │ │ ├── Float.ml
│ │ │ ├── Float.mli
│ │ │ ├── FramesLabelsCintptr.ml
│ │ │ ├── FramesLabelsCintptr.mli
│ │ │ ├── Gen.ml
│ │ │ ├── Gen.mli
│ │ │ ├── Gen0.ml
│ │ │ ├── Gen0.mli
│ │ │ ├── Gen1.ml
│ │ │ ├── Gen1.mli
│ │ │ ├── Gen10.ml
│ │ │ ├── Gen10.mli
│ │ │ ├── Gen2.ml
│ │ │ ├── Gen2.mli
│ │ │ ├── Gen3.ml
│ │ │ ├── Gen3.mli
│ │ │ ├── Gen4.ml
│ │ │ ├── Gen4.mli
│ │ │ ├── Gen5.ml
│ │ │ ├── Gen5.mli
│ │ │ ├── Gen6.ml
│ │ │ ├── Gen6.mli
│ │ │ ├── Gen7.ml
│ │ │ ├── Gen7.mli
│ │ │ ├── Gen8.ml
│ │ │ ├── Gen8.mli
│ │ │ ├── Gen9.ml
│ │ │ ├── Gen9.mli
│ │ │ ├── GlobalenvCompile.ml
│ │ │ ├── GlobalenvCompile.mli
│ │ │ ├── Globalenvs.ml
│ │ │ ├── Globalenvs.mli
│ │ │ ├── Glue.ml
│ │ │ ├── Glue.mli
│ │ │ ├── IndexLib.ml
│ │ │ ├── IndexLib.mli
│ │ │ ├── Int0.ml
│ │ │ ├── Int0.mli
│ │ │ ├── Integers.ml
│ │ │ ├── Integers.mli
│ │ │ ├── Labels.ml
│ │ │ ├── Labels.mli
│ │ │ ├── Language.ml
│ │ │ ├── Language.mli
│ │ │ ├── Language0.ml
│ │ │ ├── Language0.mli
│ │ │ ├── LanguageExt.ml
│ │ │ ├── LanguageExt.mli
│ │ │ ├── List0.ml
│ │ │ ├── List0.mli
│ │ │ ├── LowValues.ml
│ │ │ ├── LowValues.mli
│ │ │ ├── MachineModel.ml
│ │ │ ├── MachineModel.mli
│ │ │ ├── MachineModelExt.ml
│ │ │ ├── Maps0.ml
│ │ │ ├── Maps0.mli
│ │ │ ├── MemoryModel.ml
│ │ │ ├── MemoryModel.mli
│ │ │ ├── Monad.ml
│ │ │ ├── Monad.mli
│ │ │ ├── NameTablesExt.ml
│ │ │ ├── Nat0.ml
│ │ │ ├── Nat0.mli
│ │ │ ├── OptErrMonad.ml
│ │ │ ├── OptErrMonad.mli
│ │ │ ├── OptionMonad.ml
│ │ │ ├── OptionMonad.mli
│ │ │ ├── Options.ml
│ │ │ ├── Options.mli
│ │ │ ├── Peano.ml
│ │ │ ├── Peano.mli
│ │ │ ├── PeanoNat.ml
│ │ │ ├── PeanoNat.mli
│ │ │ ├── Printing.ml
│ │ │ ├── Semantics.ml
│ │ │ ├── Semantics.mli
│ │ │ ├── Semantics0.ml
│ │ │ ├── Semantics0.mli
│ │ │ ├── Semantics1.ml
│ │ │ ├── Semantics1.mli
│ │ │ ├── Semantics2.ml
│ │ │ ├── Semantics2.mli
│ │ │ ├── Semantics3.ml
│ │ │ ├── Semantics3.mli
│ │ │ ├── Specif.ml
│ │ │ ├── Specif.mli
│ │ │ ├── StackEnv.ml
│ │ │ ├── StackEnv.mli
│ │ │ ├── StmCompile.ml
│ │ │ ├── StmCompile.mli
│ │ │ ├── StmtCGraph.ml
│ │ │ ├── StmtCGraph.mli
│ │ │ ├── StmtCintptr.ml
│ │ │ ├── StmtCintptr.mli
│ │ │ ├── StmtClinear.ml
│ │ │ ├── StmtClinear.mli
│ │ │ ├── StmtClocal.ml
│ │ │ ├── StmtClocal.mli
│ │ │ ├── StmtExpressionless.ml
│ │ │ ├── StmtExpressionless.mli
│ │ │ ├── StmtMiniC.ml
│ │ │ ├── StmtMiniC.mli
│ │ │ ├── StmtStacked.ml
│ │ │ ├── StmtStacked.mli
│ │ │ ├── String0.ml
│ │ │ ├── String0.mli
│ │ │ ├── Structure.ml
│ │ │ ├── Structure.mli
│ │ │ ├── TempModelLow.ml
│ │ │ ├── TempModelLow.mli
│ │ │ ├── Trees.ml
│ │ │ ├── Trees.mli
│ │ │ ├── Types.ml
│ │ │ ├── Types.mli
│ │ │ ├── Values.ml
│ │ │ ├── Values.mli
│ │ │ ├── ZArith_dec.ml
│ │ │ ├── ZArith_dec.mli
│ │ │ ├── Zpower.ml
│ │ │ ├── Zpower.mli
│ │ │ └── dune
│ │ └── phase/
│ │ └── MiniC/
│ │ ├── BigstepSemantics.v
│ │ └── Semantics.v
│ ├── backend.mlpack
│ ├── cclib/
│ │ ├── Coqlib.v
│ │ ├── Errors.v
│ │ ├── Integers.v
│ │ └── Maps.v
│ ├── core/
│ │ ├── Cval.v
│ │ ├── HyperType.v
│ │ ├── HyperTypeInst.v
│ │ ├── MemoryModel.v
│ │ ├── SEnv.v
│ │ ├── Syntax.v
│ │ ├── SynthesisExpr.v
│ │ ├── SynthesisFunc.v
│ │ └── SynthesisStmt.v
│ ├── dune-project
│ ├── dune-workspace
│ ├── lib/
│ │ ├── ArithInv.v
│ │ ├── IndexedMaps.v
│ │ ├── LangDef.v
│ │ ├── Lens.v
│ │ ├── Monad/
│ │ │ ├── Applicative.v
│ │ │ ├── ContOptionMonad.v
│ │ │ ├── Functor.v
│ │ │ ├── Monad.v
│ │ │ ├── MonadExc.v
│ │ │ ├── MonadInv.v
│ │ │ ├── MonadLaws.v
│ │ │ ├── MonadPlus.v
│ │ │ ├── MonadReader.v
│ │ │ ├── MonadState.v
│ │ │ ├── MonadTrans.v
│ │ │ ├── MonadZero.v
│ │ │ ├── OptErrMonad.v
│ │ │ ├── OptErrMonadLaws.v
│ │ │ ├── OptionMonad.v
│ │ │ ├── OptionMonadLaws.v
│ │ │ ├── RunStateTInv.v
│ │ │ ├── StateMonad.v
│ │ │ ├── StateMonadLaws.v
│ │ │ └── StateMonadOption.v
│ │ ├── OProp.v
│ │ ├── SimpleIndexedMaps.v
│ │ └── SimpleMaps.v
│ ├── minic/
│ │ ├── dune
│ │ ├── minicc.ml
│ │ └── src/
│ │ ├── ast.ml
│ │ ├── astExt.ml
│ │ ├── dune
│ │ ├── lexer.mll
│ │ ├── parser.mly
│ │ └── typecheck.ml
│ └── opam
└── unittests/
├── .gitignore
├── README.md
├── amm_test.ts
├── builtins_test.ts
├── chain.ts
├── conflux-chain.ts
├── contracts/
│ ├── address.ds
│ ├── amm.ds
│ ├── asserts.ds
│ ├── builtins.ds
│ ├── constructor.ds
│ ├── constructor2.ds
│ ├── events.ds
│ ├── forloop.ds
│ ├── keccak256.ds
│ ├── layers1.ds
│ ├── match-int.ds
│ ├── simple_call.ds
│ └── struct.ds
├── cut_amm.sh
├── ethereum-chain.ts
├── events_test.ts
├── keccak256_test.ts
├── package.json
├── reference/
│ ├── README.md
│ ├── events.sol
│ └── keccak256.sol
├── replace_addresses.sh
├── run_unittests.sh
├── start_conflux.sh
├── test-unittest.ts
├── tests.ts
├── tests.yml
├── tethys.toml
├── tsconfig.json
└── utils.ts
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
*.vo
*.glob
*.aux
.coqdeps.d
core.make
core.make.conf
*_build
*.merlin
================================================
FILE: CompCert-LICENSE.txt
================================================
All files in this distribution are part of the CompCert verified compiler.
The CompCert verified compiler is Copyright by Institut National de
Recherche en Informatique et en Automatique (INRIA) and
AbsInt Angewandte Informatik GmbH.
The CompCert verified compiler is distributed under the terms of the
INRIA Non-Commercial License Agreement given below or under the terms
of a Software Usage Agreement of AbsInt Angewandte Informatik GmbH.
The latter is a separate contract document.
The INRIA Non-Commercial License Agreement is a non-free license that
grants you the right to use the CompCert verified compiler for
educational, research or evaluation purposes only, but prohibits
any commercial use.
For commercial use you need a Software Usage Agreement from
AbsInt Angewandte Informatik GmbH.
The following files in this distribution are dual-licensed both under
the INRIA Non-Commercial License Agreement and under the Free Software
Foundation GNU General Public License, either version 2 or (at your
option) any later version:
all files in the lib/ directory
all files in the common/ directory
cfrontend/C2C.ml
cfrontend/Clight.v
cfrontend/ClightBigstep.v
cfrontend/Cop.v
cfrontend/CPragmas.ml
cfrontend/Csem.v
cfrontend/Cstrategy.v
cfrontend/Csyntax.v
cfrontend/Ctypes.v
cfrontend/Ctyping.v
cfrontend/PrintClight.ml
cfrontend/PrintCsyntax.ml
backend/Cminor.v
backend/PrintCminor.ml
all files in the cparser/ directory
all files in the exportclight/ directory
the Archi.v, CBuiltins.ml, and extractionMachdep.v files
in directories arm, powerpc, riscV, x86, x86_32, x86_64
extraction/extraction.v
configure
Makefile
Makefile.extr
Makefile.menhir
A copy of the GNU General Public License version 2 is included below.
The choice between the two licenses for the files listed above is left
to the user. If you opt for the GNU General Public License, these
files are free software and can be used both in commercial and
non-commercial contexts, subject to the terms of the GNU General
Public License.
The files contained in the flocq/ directory and its subdirectories are
taken from the Flocq project, http://flocq.gforge.inria.fr/. The files
contained in the MenhirLib directory are taken from the Menhir
project, http://gallium.inria.fr/~fpottier/menhir/. The files from the
Flocq project and the files in the MenhirLib directory are Copyright
2010-2019 INRIA and distributed under the terms of the GNU Lesser
General Public Licence, either version 3 of the licence, or (at your
option) any later version. A copy of the GNU Lesser General Public
Licence version 3 is included below.
The files contained in the runtime/ directory and its subdirectories
are Copyright 2013-2017 INRIA and distributed under the terms of the BSD
3-clause license, included below.
----------------------------------------------------------------------
INRIA Non-Commercial License Agreement for the CompCert verified compiler
1. Background: Institut National de Recherche en Informatique et en
Automatique (the "Provider") developed the CompCert verified
compiler (the "Software") and seeks to distribute the Software for
public use and benefit.
2. Grant: The Provider hereby grants to you a revocable, nonexclusive,
nontransferable, royalty-free and worldwide license (the "License")
to use the Software solely for educational, research, or evaluation
purposes, in accordance with Paragraph 3 below and subject to the
terms and conditions of this License Agreement (the
"Agreement"). The License entitles you to use the Software to
conduct research or education and to create Derivative Works solely
for academic, non-commercial research endeavors of the Licensee (A
"Derivative Work" is a work that is a modification of, enhancement
to, derived from, or based upon the Software).
3. Limitations on Use: The License is limited to noncommercial
use. Noncommercial use relates only to educational, research,
personal or evaluation purposes. Any other use is commercial use.
You may not use the Software in connection with any activities
which purpose is to procure a commercial gain to you or others.
4. Limitations on Distribution: If you distribute the Software or any
derivative works of the Software, you will distribute them under
the same terms and conditions as in this License, and you will not
grant other rights to the Software or derivative works that are
different from those provided by this License.
5. Ownership: The Software and the accompanying documentation are
licensed, not sold, to you. The Software is a proprietary product
of the Provider and is protected under French copyright law and
international treaty revisions. The Provider retains all rights not
specifically granted to you hereunder, including ownership of the
Software and all copyrights, trade secrets, or other intellectual
property rights in the Software and any accompanying information.
6. Publication Credit: You agree to acknowledge the INRIA CompCert
research project with appropriate citations in any publication or
presentation containing research results obtained in whole or in
part through the use of the Software.
7. Term of License: The License is effective upon receipt by you of
the Software and shall continue until terminated. The License will
terminate immediately without notice by the Provider if you fail to
comply with the terms and conditions of this Agreement. Upon
termination of this License, you shall immediately discontinue all
use of the Software provided hereunder, and return to the Provider
or destroy the original and all copies of all such Software. All of
your obligations under this Agreement shall survive the termination
of the License.
8. Warranty: THE PROVIDER MAKES NO REPRESENTATIONS ABOUT THE
SUITABILITY, USE, OR PERFORMANCE OF THIS SOFTWARE OR ABOUT ANY
CONTENT OR INFORMATION MADE ACCESSIBLE BY THE SOFTWARE, FOR ANY
PURPOSE. THE SOFTWARE IS PROVIDED "AS IS," WITHOUT EXPRESS OR
IMPLIED WARRANTIES INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NONINFRINGEMENT WITH RESPECT TO THE SOFTWARE. THE PROVIDER IS NOT
OBLIGATED TO SUPPORT OR ISSUE UPDATES TO THE SOFTWARE.
9. Limitation on Liability: This Software is provided free of charge
and, accordingly, the Provider shall not be liable under any theory
for any damages suffered by you or any user of the Software. UNDER
NO CIRCUMSTANCES SHALL PROVIDER BE LIABLE TO YOU OR ANY OTHER
PERSON FOR ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR
CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT
LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER
FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER ECONOMIC LOSS OR
COMMERCIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THIS
SOFTWARE, EVEN IF PROVIDER SHALL HAVE BEEN INFORMED OF THE
POSSIBILITY OF SUCH DAMAGES, OR FOR ANY THIRD-PARTY CLAIMS.
10. Disputes: The Parties agree to attempt to settle amicably any
controversy or claim arising under this Agreement or a breach of
this Agreement. Thereafter, both parties agree that all disputes
between them arising out of or relating to this Agreement, shall
be submitted to non-binding mediation unless the parties mutually
agree otherwise. All parties agree to exercise their best effort
in good faith to resolve all disputes in mediation. This Agreement
shall be governed and construed in accordance with the laws of
France.
11. Entire Agreement: This Agreement contains the entire agreement
between the parties with respect to the subject matter hereof, and
it shall not be modified or amended except by an instrument in
writing signed by both parties hereto.
----------------------------------------------------------------------
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
----------------------------------------------------------------------
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates
the terms and conditions of version 3 of the GNU General Public
License, supplemented by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser
General Public License, and the "GNU GPL" refers to version 3 of the GNU
General Public License.
"The Library" refers to a covered work governed by this License,
other than an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided
by the Library, but which is not otherwise based on the Library.
Defining a subclass of a class defined by the Library is deemed a mode
of using an interface provided by the Library.
A "Combined Work" is a work produced by combining or linking an
Application with the Library. The particular version of the Library
with which the Combined Work was made is also called the "Linked
Version".
The "Minimal Corresponding Source" for a Combined Work means the
Corresponding Source for the Combined Work, excluding any source code
for portions of the Combined Work that, considered in isolation, are
based on the Application, and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the
object code and/or source code for the Application, including any data
and utility programs needed for reproducing the Combined Work from the
Application, but excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License
without being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a
facility refers to a function or data to be supplied by an Application
that uses the facility (other than as an argument passed when the
facility is invoked), then you may convey a copy of the modified
version:
a) under this License, provided that you make a good faith effort to
ensure that, in the event an Application does not supply the
function or data, the facility still operates, and performs
whatever part of its purpose remains meaningful, or
b) under the GNU GPL, with none of the additional permissions of
this License applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from
a header file that is part of the Library. You may convey such object
code under terms of your choice, provided that, if the incorporated
material is not limited to numerical parameters, data structure
layouts and accessors, or small macros, inline functions and templates
(ten or fewer lines in length), you do both of the following:
a) Give prominent notice with each copy of the object code that the
Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license
document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that,
taken together, effectively do not restrict modification of the
portions of the Library contained in the Combined Work and reverse
engineering for debugging such modifications, if you also do each of
the following:
a) Give prominent notice with each copy of the Combined Work that
the Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during
execution, include the copyright notice for the Library among
these notices, as well as a reference directing the user to the
copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this
License, and the Corresponding Application Code in a form
suitable for, and under terms that permit, the user to
recombine or relink the Application with a modified version of
the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying
Corresponding Source.
1) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (a) uses at run time
a copy of the Library already present on the user's computer
system, and (b) will operate properly with a modified version
of the Library that is interface-compatible with the Linked
Version.
e) Provide Installation Information, but only if you would otherwise
be required to provide such information under section 6 of the
GNU GPL, and only to the extent that such information is
necessary to install and execute a modified version of the
Combined Work produced by recombining or relinking the
Application with a modified version of the Linked Version. (If
you use option 4d0, the Installation Information must accompany
the Minimal Corresponding Source and Corresponding Application
Code. If you use option 4d1, you must provide the Installation
Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the
Library side by side in a single library together with other library
facilities that are not Applications and are not covered by this
License, and convey such a combined library under terms of your
choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based
on the Library, uncombined with any other library facilities,
conveyed under the terms of this License.
b) Give prominent notice with the combined library that part of it
is a work based on the Library, and explaining where to find the
accompanying uncombined form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions
of the GNU Lesser General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the
Library as you received it specifies that a certain numbered version
of the GNU Lesser General Public License "or any later version"
applies to it, you have the option of following the terms and
conditions either of that published version or of any later version
published by the Free Software Foundation. If the Library as you
received it does not specify a version number of the GNU Lesser
General Public License, you may choose any version of the GNU Lesser
General Public License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide
whether future versions of the GNU Lesser General Public License shall
apply, that proxy's public statement of acceptance of any version is
permanent authorization for you to choose that version for the
Library.
----------------------------------------------------------------------
BSD License
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the <organization> nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL <COPYRIGHT
HOLDER> BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
================================================
FILE: README.md
================================================
# The DeepSEA Language
You can download a zip file from the [releases
page](https://github.com/shentufoundation/deepsea/releases). Please see the [DeepSEA language reference](https://github.com/shentufoundation/deepsea/blob/master/DeepSEA%20language%20reference.pdf) for installation and usage instructions.
The zip file includes pre-built binaries for Linux (Ubuntu) and MacOS. Since they use some system libraries, it is possible that they will not work on every version of Linux or MacOS. It is also easy to build the binaries from source yourself, following the instructions in the `src` directory.
The DeepSEA compiler includes files taken and modified from CompCert, so it is developed pursuant to the CompCert licence. In particular, it may only be used for educational, research, personal or evaluation purposes, and not for commercial use.
================================================
FILE: binaries/MacOS/dsc
================================================
[File too large to display: 11.9 MB]
================================================
FILE: binaries/MacOS/dsc_antchain
================================================
[File too large to display: 11.9 MB]
================================================
FILE: binaries/linux/dsc
================================================
[File too large to display: 18.3 MB]
================================================
FILE: binaries/linux/dsc_antchain
================================================
[File too large to display: 18.3 MB]
================================================
FILE: binaries/linux/minicc
================================================
[File too large to display: 14.9 MB]
================================================
FILE: contracts/amm/.csdp.cache
================================================
================================================
FILE: contracts/amm/amm/RefineAMM.v
================================================
(* WARNING: This file is generated by Edsger, the DeepSEA compiler.
All modification will be lost when regenerating. *)
(* Module amm.RefineAMM for amm.ds *)
Require Import BinPos.
Require Import DeepSpec.Runtime.
Require Import DeepSpec.Linking.
Require Import amm.EdsgerIdents.
Require Import amm.DataTypes.
Require Import amm.DataTypeOps.
Require Import amm.DataTypeProofs.
Require Import layerlib.LayerCalculusLemma.
Require Import layerlib.RefinementTactic.
Require Import layerlib.RefinementTacticAux.
Require Import liblayers.compcertx.MakeProgram.
Require Import liblayers.compcertx.MemWithData.
Require Import amm.LayerAMM.
Require Import amm.LSimAMMLIB.
Section EdsgerGen.
Context {mem}`{Hmem: Mem.MemoryModel mem}.
Context`{Hmwd: UseMemWithData mem}.
Context`{make_program_ops: !MakeProgramOps Clight.function Ctypes.type Clight.fundef Ctypes.type}.
Context`{Hmake_program: !MakeProgram Clight.function Ctypes.type Clight.fundef Ctypes.type}.
Instance GlobalLayerSpec : LayerSpecClass := {
make_program_ops := make_program_ops;
Hmake_program := Hmake_program;
GetHighData := global_abstract_data_type
}.
Context`{global_abdata : !GlobalAbData init_global_abstract_data global_low_level_invariant}.
Context`{CTXT_prf : !Layer_AMM_Context_prf}.
Context`{AMMLIB_pres_inv : !AMMLIB_preserves_invariants}.
Context`{AMM_pres_inv : !AMM_preserves_invariants}.
Existing Instances AMM_overlay_spec AMM_underlay_spec.
Record relate_RData (j : meminj) (habd : GetHighData) (labd : GetLowData) : Prop
:= mkrelate_RData {
(* FixedSupplyToken *)
FixedSupplyToken__totalSupply_re : ;
FixedSupplyToken_balances_re : ;
FixedSupplyToken_allowances_re : ;
(* FixedSupplyToken1 *)
FixedSupplyToken1__totalSupply_re : ;
FixedSupplyToken1_balances_re : ;
FixedSupplyToken1_allowances_re : ;
(* LiquidityToken *)
LiquidityToken__totalSupply_re : ;
LiquidityToken_balances_re : ;
LiquidityToken_allowances_re :
}.
Record match_RData (habd : GetHighData) (m : mem) (j : meminj) : Prop
:= MATCH_RDATA {
AutomatedMarketMaker__token0_ma : variable_match AutomatedMarketMaker_AutomatedMarketMaker__token0_var habd m;
AutomatedMarketMaker__token1_ma : variable_match AutomatedMarketMaker_AutomatedMarketMaker__token1_var habd m;
AutomatedMarketMaker__owner_ma : variable_match AutomatedMarketMaker_AutomatedMarketMaker__owner_var habd m;
AutomatedMarketMaker__reserve0_ma : variable_match AutomatedMarketMaker_AutomatedMarketMaker__reserve0_var habd m;
AutomatedMarketMaker__reserve1_ma : variable_match AutomatedMarketMaker_AutomatedMarketMaker__reserve1_var habd m;
AutomatedMarketMaker_blockTimestampLast_ma : variable_match AutomatedMarketMaker_AutomatedMarketMaker_blockTimestampLast_var habd m;
AutomatedMarketMaker_price0CumulativeLast_ma : variable_match AutomatedMarketMaker_AutomatedMarketMaker_price0CumulativeLast_var habd m;
AutomatedMarketMaker_price1CumulativeLast_ma : variable_match AutomatedMarketMaker_AutomatedMarketMaker_price1CumulativeLast_var habd m;
AutomatedMarketMaker_kLast_ma : variable_match AutomatedMarketMaker_AutomatedMarketMaker_kLast_var habd m
}.
Local Hint Resolve MATCH_RDATA.
Global Instance rel_ops: CompatRelOps GetHighDataX GetLowDataX :=
{
relate_AbData f d1 d2 := relate_RData f d1 d2;
match_AbData d1 m f := match_RData d1 m f;
new_glbl := var_AutomatedMarketMaker_AutomatedMarketMaker__token0_ident :: var_AutomatedMarketMaker_AutomatedMarketMaker__token1_ident :: var_AutomatedMarketMaker_AutomatedMarketMaker__owner_ident :: var_AutomatedMarketMaker_AutomatedMarketMaker__reserve0_ident :: var_AutomatedMarketMaker_AutomatedMarketMaker__reserve1_ident :: var_AutomatedMarketMaker_AutomatedMarketMaker_blockTimestampLast_ident :: var_AutomatedMarketMaker_AutomatedMarketMaker_price0CumulativeLast_ident :: var_AutomatedMarketMaker_AutomatedMarketMaker_price1CumulativeLast_ident :: var_AutomatedMarketMaker_AutomatedMarketMaker_kLast_ident :: nil
}.
Global Instance AutomatedMarketMaker_AutomatedMarketMaker__token0_hyper_ltype_static :
HyperLTypeStatic AutomatedMarketMaker_AutomatedMarketMaker__token0_var new_glbl.
Proof.
split; try solve
[ Decision.decision
| simpl; auto
| simpl AutomatedMarketMaker_AutomatedMarketMaker__token0_var.(ltype_offset);
rewrite Int256.unsigned_zero; apply Z.divide_0_r ].
Qed.
Global Instance AutomatedMarketMaker_AutomatedMarketMaker__token1_hyper_ltype_static :
HyperLTypeStatic AutomatedMarketMaker_AutomatedMarketMaker__token1_var new_glbl.
Proof.
split; try solve
[ Decision.decision
| simpl; auto
| simpl AutomatedMarketMaker_AutomatedMarketMaker__token1_var.(ltype_offset);
rewrite Int256.unsigned_zero; apply Z.divide_0_r ].
Qed.
Global Instance AutomatedMarketMaker_AutomatedMarketMaker__owner_hyper_ltype_static :
HyperLTypeStatic AutomatedMarketMaker_AutomatedMarketMaker__owner_var new_glbl.
Proof.
split; try solve
[ Decision.decision
| simpl; auto
| simpl AutomatedMarketMaker_AutomatedMarketMaker__owner_var.(ltype_offset);
rewrite Int256.unsigned_zero; apply Z.divide_0_r ].
Qed.
Global Instance AutomatedMarketMaker_AutomatedMarketMaker__reserve0_hyper_ltype_static :
HyperLTypeStatic AutomatedMarketMaker_AutomatedMarketMaker__reserve0_var new_glbl.
Proof.
split; try solve
[ Decision.decision
| simpl; auto
| simpl AutomatedMarketMaker_AutomatedMarketMaker__reserve0_var.(ltype_offset);
rewrite Int256.unsigned_zero; apply Z.divide_0_r ].
Qed.
Global Instance AutomatedMarketMaker_AutomatedMarketMaker__reserve1_hyper_ltype_static :
HyperLTypeStatic AutomatedMarketMaker_AutomatedMarketMaker__reserve1_var new_glbl.
Proof.
split; try solve
[ Decision.decision
| simpl; auto
| simpl AutomatedMarketMaker_AutomatedMarketMaker__reserve1_var.(ltype_offset);
rewrite Int256.unsigned_zero; apply Z.divide_0_r ].
Qed.
Global Instance AutomatedMarketMaker_AutomatedMarketMaker_blockTimestampLast_hyper_ltype_static :
HyperLTypeStatic AutomatedMarketMaker_AutomatedMarketMaker_blockTimestampLast_var new_glbl.
Proof.
split; try solve
[ Decision.decision
| simpl; auto
| simpl AutomatedMarketMaker_AutomatedMarketMaker_blockTimestampLast_var.(ltype_offset);
rewrite Int256.unsigned_zero; apply Z.divide_0_r ].
Qed.
Global Instance AutomatedMarketMaker_AutomatedMarketMaker_price0CumulativeLast_hyper_ltype_static :
HyperLTypeStatic AutomatedMarketMaker_AutomatedMarketMaker_price0CumulativeLast_var new_glbl.
Proof.
split; try solve
[ Decision.decision
| simpl; auto
| simpl AutomatedMarketMaker_AutomatedMarketMaker_price0CumulativeLast_var.(ltype_offset);
rewrite Int256.unsigned_zero; apply Z.divide_0_r ].
Qed.
Global Instance AutomatedMarketMaker_AutomatedMarketMaker_price1CumulativeLast_hyper_ltype_static :
HyperLTypeStatic AutomatedMarketMaker_AutomatedMarketMaker_price1CumulativeLast_var new_glbl.
Proof.
split; try solve
[ Decision.decision
| simpl; auto
| simpl AutomatedMarketMaker_AutomatedMarketMaker_price1CumulativeLast_var.(ltype_offset);
rewrite Int256.unsigned_zero; apply Z.divide_0_r ].
Qed.
Global Instance AutomatedMarketMaker_AutomatedMarketMaker_kLast_hyper_ltype_static :
HyperLTypeStatic AutomatedMarketMaker_AutomatedMarketMaker_kLast_var new_glbl.
Proof.
split; try solve
[ Decision.decision
| simpl; auto
| simpl AutomatedMarketMaker_AutomatedMarketMaker_kLast_var.(ltype_offset);
rewrite Int256.unsigned_zero; apply Z.divide_0_r ].
Qed.
Lemma relate_incr:
forall abd abd' f f',
relate_RData f abd abd' ->
inject_incr f f' ->
relate_RData f' abd abd'.
Proof.
inversion 1; subst; intros; simpl in *.
repeat match goal with
| H : _ /\ _ |- _ => destruct H
end.
repeat (constructor; simpl; eauto).
Qed.
Global Instance rel_prf: CompatRel GetHighDataX GetLowDataX.
Proof.
constructor; [ destruct 1 .. |]; intros.
- constructor; eapply inject_match_correct; eauto with typeclass_instances.
- constructor; eapply store_match_correct; eauto with typeclass_instances.
- constructor; eapply alloc_match_correct; eauto with typeclass_instances.
- constructor; eapply free_match_correct; eauto with typeclass_instances.
- constructor; eapply storebytes_match_correct; eauto with typeclass_instances.
- eapply relate_incr; eauto.
Qed.
(*
Local Instance: ExternalCallsOps (mwd GetLowDataX) := CompatExternalCalls.compatlayer_extcall_ops AMMLIB_Layer.
Local Instance: CompilerConfigOps _ := CompatExternalCalls.compatlayer_compiler_config_ops AMMLIB_Layer.
*)
Instance AMM_hypermem : MemoryModel.HyperMem
:= { Hcompatrel := {| crel_prf := rel_prf |} }.
Class AMM_Underlay_preserves_invariants := {
AMM_Underlay_FixedSupplyToken_constructor_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) FixedSupplyToken_constructor_spec | 5;
AMM_Underlay_FixedSupplyToken_balanceOf_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) FixedSupplyToken_balanceOf_spec | 5;
AMM_Underlay_FixedSupplyToken_transfer_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) FixedSupplyToken_transfer_spec | 5;
AMM_Underlay_FixedSupplyToken_approve_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) FixedSupplyToken_approve_spec | 5;
AMM_Underlay_FixedSupplyToken_transferFrom_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) FixedSupplyToken_transferFrom_spec | 5;
AMM_Underlay_FixedSupplyToken1_constructor_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) FixedSupplyToken1_constructor_spec | 5;
AMM_Underlay_FixedSupplyToken1_balanceOf_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) FixedSupplyToken1_balanceOf_spec | 5;
AMM_Underlay_FixedSupplyToken1_transfer_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) FixedSupplyToken1_transfer_spec | 5;
AMM_Underlay_FixedSupplyToken1_approve_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) FixedSupplyToken1_approve_spec | 5;
AMM_Underlay_FixedSupplyToken1_transferFrom_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) FixedSupplyToken1_transferFrom_spec | 5;
AMM_Underlay_LiquidityToken_constructor_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) LiquidityToken_constructor_spec | 5;
AMM_Underlay_LiquidityToken_mint_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) LiquidityToken_mint_spec | 5;
AMM_Underlay_LiquidityToken_burn_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) LiquidityToken_burn_spec | 5;
AMM_Underlay_LiquidityToken_totalSupply_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) LiquidityToken_totalSupply_spec | 5;
AMM_Underlay_LiquidityToken_balanceOf_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) LiquidityToken_balanceOf_spec | 5;
AMM_Underlay_LiquidityToken_transfer_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) LiquidityToken_transfer_spec | 5;
AMM_Underlay_LiquidityToken_approve_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) LiquidityToken_approve_spec | 5;
AMM_Underlay_LiquidityToken_transferFrom_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) LiquidityToken_transferFrom_spec | 5;
AMM_Underlay_AutomatedMarketMakerLib_constructor_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) AutomatedMarketMakerLib_constructor_spec | 5;
AMM_Underlay_AutomatedMarketMakerLib_getAmountIn_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) AutomatedMarketMakerLib_getAmountIn_spec | 5;
AMM_Underlay_AutomatedMarketMakerLib_getBalanceAdjusted_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) AutomatedMarketMakerLib_getBalanceAdjusted_spec | 5;
AMM_Underlay_AutomatedMarketMakerLib_min_preserves_invariants :>
CompatGenSem.PreservesInvariants (HD := cdataLow) AutomatedMarketMakerLib_min_spec | 5
}.
Instance AMM'AMMLIB_preserves_invariants : AMM_Underlay_preserves_invariants.
Proof. esplit; apply AMMLIB_pres_inv. Defined.
(*
Lemma passthrough_correct:
sim (crel (CompatRel0 := rel_prf) _ _) AMM_Layer_passthrough AMMLIB_Layer.
Proof.
Local Opaque simRR mapsto layer_mapsto_primitive.
unfold GlobalLayerSpec, MemoryModel.GetHighDataX.
simpl.
sim_oplus; simpl.
Local Transparent simRR mapsto layer_mapsto_primitive.
Qed.*)
End EdsgerGen.
================================================
FILE: contracts/amm/amm/_CoqProject
================================================
-R ../../.. DeepSpec
-R . amm
./EdsgerIdents.v
./DataTypes.v
./DataTypeOps.v
./DataTypeProofs.v
./LayerAMMLIB.v
./LayerAMM.v
./ObjFixedSupplyTokenCodeProofs.v
./ObjFixedSupplyToken1CodeProofs.v
./ObjLiquidityTokenCodeProofs.v
./ObjAutomatedMarketMakerCodeProofs.v
================================================
FILE: contracts/amm/amm/prf.v
================================================
Require Import amm.DataTypes.
Require Import amm.DataTypeOps.
Require Import lib.Monad.StateMonadOption.
Require Import cclib.Maps.
Require Import cclib.Integers.
Require Import ZArith.
Require Import core.HyperTypeInst.
Require Import backend.MachineModel.
Require Import amm.LayerAMMLIB.
Require Import amm.LayerAMM.
Definition state := global_abstract_data_type.
Definition init_state := init_global_abstract_data.
Definition wei := Z.
Definition addr := int256.
Definition blocknumber := int256.
Existing Instance GlobalLayerSpec.
Section step.
Context (contract_address : addr).
Section mstep.
(* These are the parameters which are constant within a given block. *)
Context (coinbase : int256)
(timestamp : int256)
(number : int256)
(balance : int256 -> int256)
(blockhash : int256 -> int256)
(prev_contract_state : state).
Definition make_machine_env (caller: addr)
: machine_env state
:= {| me_address := contract_address;
me_origin := caller;
me_caller := caller; (* need update after every control-flow transfer *)
me_callvalue := Int256.repr (0);
me_coinbase := coinbase;
me_timestamp := timestamp;
me_number := number;
me_balance := balance;
me_blockhash := blockhash;
(* not implemented *)
me_transfer _ _ _ _ _ := False;
me_callmethod _ _ _ _ _ _ _ _ _ _ := False;
me_log _ _ _ := prev_contract_state;
|}.
Import MonadNotation.
Definition lif {A:Type}
(caller : addr)
(cmd : machine_env state -> osT global_abstract_data_type A)
: osT state A :=
st <- get;;
let me := make_machine_env caller in
match runStateT (cmd me) st with
| None => mzero
| Some (v, st') => put st' ;; ret v
end.
(* osT state int256 =
state transformer with option monad, state is state, and value is int256 *)
Print osT. (* = fun D : Type => stateT D option *)
Print stateT. (* (S : Type) (m : Type -> Type) (t : Type) : Type := mkStateT
{ runStateT : S -> m (t * S)%type } *)
Print runStateT. (* takes monad transformer, state, returns m (t * S) *)
(* How the state of the system changes in a single method call made by player p. *)
Inductive mstep u (st st' : state) : Prop :=
| FixedSupplyToken_constructor_step : forall r , runStateT (FixedSupplyToken_constructor_opt (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| FixedSupplyToken_totalSupply_step : forall r , runStateT (FixedSupplyToken_totalSupply_opt (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| FixedSupplyToken_balanceOf_step : forall r tokenOwner, runStateT (FixedSupplyToken_balanceOf_opt tokenOwner (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| FixedSupplyToken_transfer_step : forall r toA tokens, runStateT (FixedSupplyToken_transfer_opt toA tokens (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| FixedSupplyToken_approve_step : forall r spender tokens, runStateT (FixedSupplyToken_approve_opt spender tokens (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| FixedSupplyToken_transferFrom_step : forall r fromA toA tokens, runStateT (FixedSupplyToken_transferFrom_opt fromA toA tokens (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| FixedSupplyToken1_constructor_step : forall r , runStateT (FixedSupplyToken1_constructor_opt (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| FixedSupplyToken1_totalSupply_step : forall r , runStateT (FixedSupplyToken1_totalSupply_opt (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| FixedSupplyToken1_balanceOf_step : forall r tokenOwner, runStateT (FixedSupplyToken1_balanceOf_opt tokenOwner (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| FixedSupplyToken1_transfer_step : forall r toA tokens, runStateT (FixedSupplyToken1_transfer_opt toA tokens (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| FixedSupplyToken1_approve_step : forall r spender tokens, runStateT (FixedSupplyToken1_approve_opt spender tokens (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| FixedSupplyToken1_transferFrom_step : forall r fromA toA tokens, runStateT (FixedSupplyToken1_transferFrom_opt fromA toA tokens (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| LiquidityToken_constructor_step : forall r , runStateT (LiquidityToken_constructor_opt (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| LiquidityToken_mint_step : forall r toA value, runStateT (LiquidityToken_mint_opt toA value (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| LiquidityToken_burn_step : forall r fromA value, runStateT (LiquidityToken_burn_opt fromA value (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| LiquidityToken_totalSupply_step : forall r , runStateT (LiquidityToken_totalSupply_opt (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| LiquidityToken_balanceOf_step : forall r tokenOwner, runStateT (LiquidityToken_balanceOf_opt tokenOwner (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| LiquidityToken_transfer_step : forall r toA tokens, runStateT (LiquidityToken_transfer_opt toA tokens (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| LiquidityToken_approve_step : forall r spender tokens, runStateT (LiquidityToken_approve_opt spender tokens (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| LiquidityToken_transferFrom_step : forall r fromA toA tokens, runStateT (LiquidityToken_transferFrom_opt fromA toA tokens (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMakerLib_constructor_step : forall r , runStateT (AutomatedMarketMakerLib_constructor_opt (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMakerLib_getAmountIn_step : forall r balance amountOut reserve, runStateT (AutomatedMarketMakerLib_getAmountIn_opt balance amountOut reserve (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMakerLib_getBalanceAdjusted_step : forall r balance amountIn, runStateT (AutomatedMarketMakerLib_getBalanceAdjusted_opt balance amountIn (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMakerLib_min_step : forall r x y, runStateT (AutomatedMarketMakerLib_min_opt x y (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMaker_constructor_step : forall r , runStateT (AutomatedMarketMaker_constructor_opt (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMaker_mint_step : forall r toA, runStateT (AutomatedMarketMaker_mint_opt toA (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMaker_burn_step : forall r toA, runStateT (AutomatedMarketMaker_burn_opt toA (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMaker_simpleSwap0_step : forall r toA, runStateT (AutomatedMarketMaker_simpleSwap0_opt toA (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMaker_swap_step : forall r amount0Out amount1Out toA, runStateT (AutomatedMarketMaker_swap_opt amount0Out amount1Out toA (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMaker_skim_step : forall r toA, runStateT (AutomatedMarketMaker_skim_opt toA (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMaker_sync_step : forall r , runStateT (AutomatedMarketMaker_sync_opt (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMaker_k_step : forall r , runStateT (AutomatedMarketMaker_k_opt (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMaker_quote0_step : forall r amount0, runStateT (AutomatedMarketMaker_quote0_opt amount0 (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMaker_getAmountOut0_step : forall r amount0In, runStateT (AutomatedMarketMaker_getAmountOut0_opt amount0In (make_machine_env u)) st = Some (r, st') -> mstep u st st'
| AutomatedMarketMaker_getAmountIn0_step : forall r amount0Out, runStateT (AutomatedMarketMaker_getAmountIn0_opt amount0Out (make_machine_env u)) st = Some (r, st') -> mstep u st st'
.
(* We can compute a new block by letting the players call the contract
in some arbitrary order. *)
Inductive multi_mstep : state -> state -> Prop :=
| multi_mstep_reflexive : forall (st : state), multi_mstep st st
| multi_mstep_transitive : forall (st st' st'' : state) u,
multi_mstep st st' -> mstep u st' st'' -> multi_mstep st st''.
(* A block is sufficiently synchronous if every player got a chance to submit a
transaction to to. *)
(* TODO, I think this definition is fine for now, but it seems little too clever,
should probably re-state this using some straightforward tracking of the states
we pass through. *)
Definition multi_mstep_synchronous st1 st2 :=
forall u, exists st st',
multi_mstep st1 st /\ mstep u st st' /\ multi_mstep st' st2.
(* Here are a bunch of induction principles inspired by linear temporal logic. *)
(* Prove that some property P holds "globally", i.e. for each state along a
path.
You can also specify a property Pprev which is known to hold for the
prev_contract_state. If not needed, it can just be True.
*)
Lemma multi_mstep_Global_ind : forall (Pprev P : state -> Prop),
(forall u st st', Pprev prev_contract_state -> P st -> mstep u st st' -> P st') ->
Pprev prev_contract_state -> forall st st', P st -> multi_mstep st st' -> P st'.
Proof.
induction 4; eauto.
Qed.
(*
(* Prove that P holds "until" Q along a path.
"Until" is a liveness assertion, so we need the synchronicity assumption. *)
Lemma multi_mstep_Until_ind : forall (Pprev P Q : state -> Prop),
(forall p st st', Pprev prev_contract_state -> P st -> In p players
-> mstep p st st' -> (P st' \/ Q st')) ->
Pprev prev_contract_state ->
forall st,
P st -> exists st', multi_mstep st st' -> (P st' \/ Q st').
Proof.
induction 4; eauto *)
End mstep.
Definition Int256_incr x := Int256.add x Int256.one.
Inductive bstep (n : blocknumber) : state -> state -> Prop :=
| bstep_step : forall coinbase timestamp balance blockhash st st',
multi_mstep coinbase timestamp n balance blockhash st st st' ->
bstep n st st'.
Inductive multi_bstep : blocknumber -> state -> blocknumber -> state -> Prop :=
| multi_bstep_reflexive : forall n (st : state), multi_bstep n st n st
| multi_bstep_transitive : forall n n' (st st' st'' : state),
multi_bstep n st n' st' -> bstep (Int256_incr n') st' st'' -> multi_bstep n st (Int256_incr n') st''.
(* multi_bstep is the step relation without any synchronicity assumption.
This is sufficient to prove some safety properties, but for most interesting
theorems we instead need to use this synchronous version: *)
Inductive bstep_synch (n : blocknumber) : state -> state -> Prop :=
| bstep_synch_step : forall coinbase timestamp balance blockhash st st',
multi_mstep_synchronous coinbase timestamp n balance blockhash st st st' ->
bstep_synch n st st'.
Inductive multi_bstep_synch : blocknumber -> state -> blocknumber -> state -> Prop :=
| multi_bstep_synch_reflexive : forall n (st : state), multi_bstep_synch n st n st
| multi_bstep_synch_transitive : forall n n' (st st' st'' : state),
multi_bstep_synch n st n' st' -> bstep_synch (Int256_incr n') st' st'' -> multi_bstep_synch n st (Int256_incr n') st''.
Lemma multi_bstep_Global_ind : forall (P : state -> Prop),
(forall coinbase timestamp number balance blockhash prev_block u st st',
P prev_block
-> P st
-> mstep coinbase timestamp number balance blockhash prev_block u st st'
-> P st')
-> forall n st n' st',
P st -> multi_bstep n st n' st' -> P st'.
Proof.
induction 3.
- auto.
- inversion H2; subst.
eapply multi_mstep_Global_ind with (st:=st') (prev_contract_state := st').
+ intros.
refine (H _ _ _ _ _ _ _ _ _ _ _ H6); auto.
+ apply IHmulti_bstep; assumption.
+ apply IHmulti_bstep; assumption.
+ exact H3.
Qed.
End step.
Section DeepSEAGenericProof.
Lemma Int256Tree_reduce : forall (i: int256) (v: Z) (t: Int256Tree.t Z), Int256Tree.get_default 0%Z i (Int256Tree.set i v t) = v.
Proof.
intros.
unfold Int256Tree.get_default.
rewrite Int256Tree.gss .
reflexivity.
Qed.
Lemma Int256Tree_mreduce : forall (i j : int256) (v v': Z) (t: Int256Tree.t Z),
i <> j ->
Int256Tree.get_default 0%Z i (Int256Tree.set j v' (Int256Tree.set i v t)) = v.
Proof.
intros.
unfold Int256Tree.get_default.
rewrite Int256Tree.gso.
rewrite Int256Tree.gss.
reflexivity.
exact H.
Qed.
Lemma Int256Tree_mireduce : forall (i j k : int256) (v v': Z) (t: Int256Tree.t Z),
i <> j ->
i <> k ->
j <> k ->
Int256Tree.get_default 0%Z i (Int256Tree.set j v' (Int256Tree.set k v t)) =
Int256Tree.get_default 0%Z i t.
Proof.
intros.
unfold Int256Tree.get_default.
rewrite Int256Tree.gso.
rewrite Int256Tree.gso.
reflexivity.
exact H0.
exact H.
Qed.
Lemma add_sub_inv : forall (i j : Z32), (i + j - i)%Z = j.
Proof.
intros.
omega.
Qed.
End DeepSEAGenericProof.
Section Proof.
Context (* (strategies : strategy_tuple) *)
(initial_balances : addr -> Z)
(contract_address : int256).
Context (init_bt init_rt : int256)
(init_coinbase : int256)
(init_timestamp : int256)
(init_number : int256)
(init_blockhash : int256 -> int256)
(pre_init_state init_state : state).
(* These are the parameters which are constant within a given block. *)
Context (coinbase : int256)
(timestamp : int256)
(number : int256)
(balance : int256 -> int256)
(blockhash : int256 -> int256)
(prev_contract_state : state).
Require Import lib.Monad.RunStateTInv.
Require Import lib.ArithInv.
Definition make_machine_env_wrapped prev_st user :=
make_machine_env contract_address coinbase timestamp number balance blockhash prev_st user.
Lemma make_machine_env_caller_eq : forall st caller, me_caller (make_machine_env_wrapped st caller) = caller.
Proof. auto. Qed.
Lemma make_machine_env_address_eq : forall st caller, me_address (make_machine_env_wrapped st caller) = contract_address.
Proof. auto. Qed.
Transparent FixedSupplyToken_constructor_opt.
Transparent FixedSupplyToken_totalSupply_opt.
Transparent FixedSupplyToken_balanceOf_opt.
Transparent FixedSupplyToken_transfer_opt.
Transparent FixedSupplyToken_approve_opt.
Transparent FixedSupplyToken_transferFrom_opt.
Transparent FixedSupplyToken1_constructor_opt.
Transparent FixedSupplyToken1_totalSupply_opt.
Transparent FixedSupplyToken1_balanceOf_opt.
Transparent FixedSupplyToken1_transfer_opt.
Transparent FixedSupplyToken1_approve_opt.
Transparent FixedSupplyToken1_transferFrom_opt.
Transparent LiquidityToken_constructor_opt.
Transparent LiquidityToken_mint_opt.
Transparent LiquidityToken_burn_opt.
Transparent LiquidityToken_totalSupply_opt.
Transparent LiquidityToken_balanceOf_opt.
Transparent LiquidityToken_transfer_opt.
Transparent LiquidityToken_approve_opt.
Transparent LiquidityToken_transferFrom_opt.
Transparent AutomatedMarketMakerLib_constructor_opt.
Transparent AutomatedMarketMakerLib_getAmountIn_opt.
Transparent AutomatedMarketMakerLib_getBalanceAdjusted_opt.
Transparent AutomatedMarketMakerLib_min_opt.
Transparent AutomatedMarketMaker_constructor_opt.
Transparent AutomatedMarketMaker_mint_opt.
Transparent AutomatedMarketMaker_burn_opt.
Transparent AutomatedMarketMaker_simpleSwap0_opt.
Transparent AutomatedMarketMaker_swap_opt.
Transparent AutomatedMarketMaker_skim_opt.
Transparent AutomatedMarketMaker_sync_opt.
Transparent AutomatedMarketMaker_k_opt.
Transparent AutomatedMarketMaker_quote0_opt.
Transparent AutomatedMarketMaker_getAmountOut0_opt.
Transparent AutomatedMarketMaker_getAmountIn0_opt.
Definition FixedSupplyToken_address := (Int256.repr 65587).
Definition FixedSupplyToken1_address := (Int256.repr 65586).
Definition LiquidityToken_address := (Int256.repr 65585).
Definition AutomatedMarketMaker_address := (Int256.repr 65584).
Definition not_contract_address (addr: int256) :=
addr <> FixedSupplyToken_address /\
addr <> FixedSupplyToken1_address /\
addr <> LiquidityToken_address /\
addr <> AutomatedMarketMaker_address.
Axiom taddr : contract_address = AutomatedMarketMaker_address.
Ltac rds :=
unfold FixedSupplyToken_constructor_opt in *;
unfold FixedSupplyToken_totalSupply_opt in *;
unfold FixedSupplyToken_balanceOf_opt in *;
unfold FixedSupplyToken_transfer_opt in *;
unfold FixedSupplyToken_approve_opt in *;
unfold FixedSupplyToken_transferFrom_opt in *;
unfold FixedSupplyToken1_constructor_opt in *;
unfold FixedSupplyToken1_totalSupply_opt in *;
unfold FixedSupplyToken1_balanceOf_opt in *;
unfold FixedSupplyToken1_transfer_opt in *;
unfold FixedSupplyToken1_approve_opt in *;
unfold FixedSupplyToken1_transferFrom_opt in *;
unfold LiquidityToken_constructor_opt in *;
unfold LiquidityToken_mint_opt in *;
unfold LiquidityToken_burn_opt in *;
unfold LiquidityToken_totalSupply_opt in *;
unfold LiquidityToken_balanceOf_opt in *;
unfold LiquidityToken_transfer_opt in *;
unfold LiquidityToken_approve_opt in *;
unfold LiquidityToken_transferFrom_opt in *;
unfold AutomatedMarketMakerLib_constructor_opt in *;
unfold AutomatedMarketMakerLib_getAmountIn_opt in *;
unfold AutomatedMarketMakerLib_getBalanceAdjusted_opt in *;
unfold AutomatedMarketMakerLib_min_opt in *;
unfold AutomatedMarketMaker_constructor_opt in *;
unfold AutomatedMarketMaker_mint_opt in *;
unfold AutomatedMarketMaker_burn_opt in *;
unfold AutomatedMarketMaker_simpleSwap0_opt in *;
unfold AutomatedMarketMaker_swap_opt in *;
unfold AutomatedMarketMaker_skim_opt in *;
unfold AutomatedMarketMaker_sync_opt in *;
unfold AutomatedMarketMaker_k_opt in *;
unfold AutomatedMarketMaker_quote0_opt in *;
unfold AutomatedMarketMaker_getAmountOut0_opt in *;
unfold AutomatedMarketMaker_getAmountIn0_opt in *;
inv_runStateT;
subst;
inv_arith;
simpl;
try rewrite make_machine_env_caller_eq in *;
try rewrite make_machine_env_address_eq in *;
try rewrite Int256Tree_reduce in *;
try rewrite Int256Tree_mreduce in *;
try rewrite Int256Tree_mireduce in *;
auto.
Definition compute_k (s: state) :=
Z.mul (AutomatedMarketMaker__reserve0 s) (AutomatedMarketMaker__reserve1 s).
Definition get_balance0 (s: state) (a: addr) :=
(Int256Tree.get_default (0%Z)
a (FixedSupplyToken_balances s)).
Definition get_balance1 (s: state) (a: addr) :=
(Int256Tree.get_default 0%Z
a (FixedSupplyToken1_balances s)).
(* need to transfer balance first, assume token0 transfer first *)
(* should have been approve and then transferFrom, here we are hacking a bit *)
(* prove that after every possible function call, whichever layers, the
k = _reserve0 * _reserve1 is strictly increasing for simpleSwap0:
newState = simpleSwap0 oldState /\ compute_k newState > compute_k oldState *)
Theorem increasing_k_simpleSwap0 : (forall r r'
(s s' s'' : state)
(trader : addr)
(swapAmount0 : Z32),
(swapAmount0 > 0)%Z -> (* trasferring an amount > 0 *)
((AutomatedMarketMaker__reserve0 s) > 0)%Z ->
((AutomatedMarketMaker__reserve1 s) > 0)%Z ->
not_contract_address trader ->
get_balance0 s AutomatedMarketMaker_address = (AutomatedMarketMaker__reserve0 s) -> (* assumes that the reserve is the same as balance at s *)
get_balance1 s AutomatedMarketMaker_address = (AutomatedMarketMaker__reserve1 s) ->
runStateT (FixedSupplyToken_transfer_opt AutomatedMarketMaker_address swapAmount0 (make_machine_env_wrapped s trader)) s = Some (r, s') ->
runStateT (AutomatedMarketMaker_simpleSwap0_opt trader (make_machine_env_wrapped s trader)) s' = Some (r', s'') ->
Z.lt (compute_k s) (compute_k s'')).
Proof.
intros.
unfold get_balance0 in *.
unfold get_balance1 in *.
unfold compute_k.
unfold AutomatedMarketMaker_simpleSwap0_opt in *.
unfold FixedSupplyToken1_transfer_opt in *.
unfold FixedSupplyToken_balanceOf_opt in *.
unfold FixedSupplyToken1_balanceOf_opt in *.
unfold FixedSupplyToken_transfer_opt in *.
inv_runStateT.
rds.
repeat match goal with
| [ |- context[AutomatedMarketMaker__reserve1 ?X]] => remember (AutomatedMarketMaker__reserve1 X) as R1
end.
repeat match goal with
| [ |- context[AutomatedMarketMaker__reserve0 ?X]] => remember (AutomatedMarketMaker__reserve0 X) as R0
end.
match goal with
| [ |- context[Z.mul (Z.add ?X _) _]] => replace X with R0 (* rewrite -> H1 *)
end.
match goal with
| [ |- context[Z.sub ?X _]] => replace X with R1
end.
remember swapAmount0 as delta0.
End Proof.
================================================
FILE: contracts/amm/amm/prf_int.v
================================================
Require Import amm.DataTypes.
Require Import amm.DataTypeOps.
Require Import amm.LayerAMM.
Require Import lib.Monad.StateMonadOption.
Require Import cclib.Maps.
Require Import cclib.Integers.
Require Import ZArith.
Require Import core.HyperTypeInst.
(* for `hashvalue`, maybe should move that to some different file. *)
Require Import backend.MachineModel.
(* PROOFS:
2. balance tracks reserve
3. increasing k -> algebra
4. no path independence, splitting trades is strictly more expensive -> algebra, appendix D
5. liquidity token economics is right, i.e., UNI-V2 tracks the actual share of pool --> actually, where is the trading of UNI-V2 Pair tokens? What is its value?
6. MOD: slippage control
7. ... cost of manipulation (hard)
*)
(* global_abstract_data_type *)
Definition state := global_abstract_data_type.
Definition init_state := init_global_abstract_data.
Definition wei := Z.
Definition addr := int256.
Definition blocknumber := int256.
Existing Instance GlobalLayerSpec.
Section step.
Context (token0_address token1_address amm_address : addr).
Section mstep.
(* These are the parameters which are constant within a given block. *)
Context (coinbase : int256)
(timestamp : int256)
(number : int256)
(balance : int256 -> int256)
(blockhash : int256 -> int256)
(prev_contract_state : state).
Definition make_machine_env (caller: addr)
: machine_env state
:= {| me_address := amm_address;
me_origin := caller;
me_caller := caller;
me_callvalue := Int256.repr (0);
me_coinbase := coinbase;
me_timestamp := timestamp;
me_number := number;
me_balance := balance;
me_blockhash := blockhash;
(* not implemented *)
me_transfer _ _ _ _ _ := False;
me_callmethod _ _ _ _ _ _ _ _ _ _ := False;
me_log _ _ _ := prev_contract_state;
|}.
Import MonadNotation.
Definition lif {A:Type}
(caller : addr)
(cmd : machine_env state -> osT global_abstract_data_type A)
: osT state A :=
st <- get;;
let me := make_machine_env caller in
match runStateT (cmd me) st with
| None => mzero
| Some (v, st') => put st' ;; ret v
end.
Definition lifted_simpleSwap0 :=
fun (caller: addr) (callvalue: wei) (toA: addr) => lif caller
(AutomatedMarketMaker_simpleSwap0_opt toA).
Definition lifted_LiquidityToken_mint :=
fun (caller: addr) (callvalue: wei) (toA: addr) (value: Z) => lif caller
(LiquidityToken_mint_opt toA value).
(* osT state int256 =
state transformer with option monad, state is state, and value is int256 *)
Print osT. (* = fun D : Type => stateT D option *)
Print stateT. (* (S : Type) (m : Type -> Type) (t : Type) : Type := mkStateT
{ runStateT : S -> m (t * S)%type } *)
Print runStateT. (* takes monad transformer, state, returns m (t * S) *)
(* How the state of the system changes in a single method call made by player p. *)
(* for simplicity we only model functions that modify states and can be called by user *)
Inductive mstep u (st st' : state) : Prop :=
(* fixed supply tokens *)
| FixedSupplyToken0_transfer_step :
forall toA tokens r, runStateT (FixedSupplyToken_transfer_opt toA tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| FixedSupplyToken1_transfer_step :
forall toA tokens r, runStateT (FixedSupplyToken1_transfer_opt toA tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| FixedSupplyToken0_approve_step :
forall spender tokens r, runStateT (FixedSupplyToken_approve_opt spender tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| FixedSupplyToken1_approve_step :
forall spender tokens r, runStateT (FixedSupplyToken1_approve_opt spender tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| FixedSupplyToken0_transferFrom_step :
forall fromA toA tokens r, runStateT (FixedSupplyToken_transferFrom_opt fromA toA tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| FixedSupplyToken1_transferFrom_step :
forall fromA toA tokens r, runStateT (FixedSupplyToken1_transferFrom_opt fromA toA tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
(* amm *)
| AutomatedMarketMaker_mint_step :
forall toA r, runStateT (AutomatedMarketMaker_mint_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| AutomatedMarketMaker_burn_step :
forall toA r, runStateT (AutomatedMarketMaker_burn_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| AutomatedMarketMaker_simpleSwap0_step :
forall toA r, runStateT (AutomatedMarketMaker_simpleSwap0_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
.
(* How the state of the system changes in a single method call made by player p. *)
(* for simplicity we only model functions that modify states and can be called by user *)
Inductive mstep_amm u (st st' : state) : Prop :=
(* amm *)
| AutomatedMarketMaker_mint_ammstep :
forall toA r, runStateT (AutomatedMarketMaker_mint_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep_amm u st st'
| AutomatedMarketMaker_burn_ammstep :
forall toA r, runStateT (AutomatedMarketMaker_burn_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep_amm u st st'
| AutomatedMarketMaker_simpleSwap0_ammstep :
forall toA r, runStateT (AutomatedMarketMaker_simpleSwap0_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep_amm u st st'
| AutomatedMarketMaker_skim_ammstep :
forall toA r, runStateT (AutomatedMarketMaker_skim_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep_amm u st st'
| AutomatedMarketMaker_sync_ammstep :
forall r, runStateT (AutomatedMarketMaker_sync_opt (make_machine_env u)) st = Some (r, st')
-> mstep_amm u st st'
.
(* We can compute a new block by letting the players call the contract
in some arbitrary order. *)
Inductive multi_mstep : state -> state -> Prop :=
| multi_mstep_reflexive : forall (st : state), multi_mstep st st
| multi_mstep_transitive : forall (st st' st'' : state) u,
multi_mstep st st' -> mstep u st' st'' -> multi_mstep st st''.
(* A block is sufficiently synchronous if every player got a chance to submit a
transaction to to. *)
(* TODO, I think this definition is fine for now, but it seems little too clever,
should probably re-state this using some straightforward tracking of the states
we pass through. *)
Definition multi_mstep_synchronous st1 st2 :=
forall u, exists st st',
multi_mstep st1 st /\ mstep u st st' /\ multi_mstep st' st2.
(* Here are a bunch of induction principles inspired by linear temporal logic. *)
(* Prove that some property P holds "globally", i.e. for each state along a
path.
You can also specify a property Pprev which is known to hold for the
prev_contract_state. If not needed, it can just be True.
*)
Lemma multi_mstep_Global_ind : forall (Pprev P : state -> Prop),
(forall u st st', Pprev prev_contract_state -> P st -> mstep u st st' -> P st') ->
Pprev prev_contract_state -> forall st st', P st -> multi_mstep st st' -> P st'.
Proof.
induction 4; eauto.
Qed.
(*
(* Prove that P holds "until" Q along a path.
"Until" is a liveness assertion, so we need the synchronicity assumption. *)
Lemma multi_mstep_Until_ind : forall (Pprev P Q : state -> Prop),
(forall p st st', Pprev prev_contract_state -> P st -> In p players
-> mstep p st st' -> (P st' \/ Q st')) ->
Pprev prev_contract_state ->
forall st,
P st -> exists st', multi_mstep st st' -> (P st' \/ Q st').
Proof.
induction 4; eauto *)
End mstep.
Definition Int256_incr x := Int256.add x Int256.one.
Inductive bstep (n : blocknumber) : state -> state -> Prop :=
| bstep_step : forall coinbase timestamp balance blockhash st st',
multi_mstep coinbase timestamp n balance blockhash st st st' ->
bstep n st st'.
Inductive multi_bstep : blocknumber -> state -> blocknumber -> state -> Prop :=
| multi_bstep_reflexive : forall n (st : state), multi_bstep n st n st
| multi_bstep_transitive : forall n n' (st st' st'' : state),
multi_bstep n st n' st' -> bstep (Int256_incr n') st' st'' -> multi_bstep n st (Int256_incr n') st''.
(* multi_bstep is the step relation without any synchronicity assumption.
This is sufficient to prove some safety properties, but for most interesting
theorems we instead need to use this synchronous version: *)
Inductive bstep_synch (n : blocknumber) : state -> state -> Prop :=
| bstep_synch_step : forall coinbase timestamp balance blockhash st st',
multi_mstep_synchronous coinbase timestamp n balance blockhash st st st' ->
bstep_synch n st st'.
Inductive multi_bstep_synch : blocknumber -> state -> blocknumber -> state -> Prop :=
| multi_bstep_synch_reflexive : forall n (st : state), multi_bstep_synch n st n st
| multi_bstep_synch_transitive : forall n n' (st st' st'' : state),
multi_bstep_synch n st n' st' -> bstep_synch (Int256_incr n') st' st'' -> multi_bstep_synch n st (Int256_incr n') st''.
Lemma multi_bstep_Global_ind : forall (P : state -> Prop),
(forall coinbase timestamp number balance blockhash prev_block u st st',
P prev_block
-> P st
-> mstep coinbase timestamp number balance blockhash prev_block u st st'
-> P st')
-> forall n st n' st',
P st -> multi_bstep n st n' st' -> P st'.
Proof.
induction 3.
- auto.
- inversion H2; subst.
eapply multi_mstep_Global_ind with (st:=st') (prev_contract_state := st').
+ intros.
refine (H _ _ _ _ _ _ _ _ _ _ _ H6); auto.
+ apply IHmulti_bstep; assumption.
+ apply IHmulti_bstep; assumption.
+ exact H3.
Qed.
End step.
Section DeepSEAGenericProof.
Lemma Int256Tree_reduce : forall (i: int256) (v: Z) (t: Int256Tree.t Z), Int256Tree.get_default 0%Z i (Int256Tree.set i v t) = v.
Proof.
intros.
unfold Int256Tree.get_default.
rewrite Int256Tree.gss .
reflexivity.
Qed.
Lemma Int256Tree_mreduce : forall (i j : int256) (v v': Z) (t: Int256Tree.t Z),
i <> j ->
Int256Tree.get_default 0%Z i (Int256Tree.set j v' (Int256Tree.set i v t)) = v.
Proof.
intros.
unfold Int256Tree.get_default.
rewrite Int256Tree.gso.
rewrite Int256Tree.gss.
reflexivity.
exact H.
Qed.
Lemma Int256Tree_mireduce : forall (i j k : int256) (v v': Z) (t: Int256Tree.t Z),
i <> j ->
i <> k ->
j <> k ->
Int256Tree.get_default 0%Z i (Int256Tree.set j v' (Int256Tree.set k v t)) =
Int256Tree.get_default 0%Z i t.
Proof.
intros.
unfold Int256Tree.get_default.
rewrite Int256Tree.gso.
rewrite Int256Tree.gso.
reflexivity.
exact H0.
exact H.
Qed.
Lemma add_sub_inv : forall (i j : Z32), (i + j - i)%Z = j.
Proof.
intros.
omega.
Qed.
(* Lemmas on Inequalities over Z *)
Lemma ZInEq_ladd : (forall (i j k : Z32), (i > j + k <-> i - k > j)%Z).
Proof.
intros. omega.
Qed.
Hint Rewrite ZInEq_ladd : ZInEq.
Axiom ZInEq_multpos : (forall (a b c : Z32), c > 0 -> a > b <-> a * c > b * c)%Z.
Hint Rewrite ZInEq_multpos : ZInEq.
Axiom ZInEq_ldiv : (forall (a b c : Z32), b > 0 -> a / b > c <-> a > b * c)%Z.
Axiom ZInEq_denadd : (forall (a b c : Z32), c > 0 -> a / b > a / (b + c))%Z.
Lemma increasing_k_math : forall (i j k : Z), (i > 0 -> j > 0 -> k > 0 ->
i * j < (i + k) * (j - (k * 997 * j) / (i * 1000 + k * 997)))%Z.
Proof.
From Coq Require Import ZArith Psatz.
Open Scope Z_scope.
simpl. Fail lia. Print Lia.lia. Print Lia.zchecker_no_abstract.
intros.
(*
psatz Z 100.
lia.
assert (forall (v v' v'' : Z), v'' > 0 -> v < v' -> v * v'' < v' * v'').
intros.
pose (H19 := H16 (v * v'') (v' * v'')); clearbody H19.
apply H19.
unfold Z.sub.
apply mul_sub_distr.
pose (H17 := H16 (i * j) ((i + k) * (j - k * 997 * j / (i * 1000 + k * 997))) (i * 1000 + k * 997)); clearbody H17.
*)
assert (0 < (i * 1000 + k * 997)). omega.
(* multiplied both sides by the denominator of the divisor and needed to use comparisons between "(W / V) * V" and W *)
pose (Zmult_nc:=(Zmult_lt_compat_r (i * j) ((i + k) * (j - k * 997 * j / (i * 1000 + k * 997))) (i * 1000 + k * 997) H2)); clearbody Zmult_nc.
Admitted.
End DeepSEAGenericProof.
Section AMMProof.
Context (token0_address token1_address amm_address : addr).
Context (* (strategies : strategy_tuple) *)
(initial_balances : addr -> Z)
(contract_address : int256).
Context (init_bt init_rt : int256)
(init_coinbase : int256)
(init_timestamp : int256)
(init_number : int256)
(init_blockhash : int256 -> int256)
(pre_init_state init_state : state).
(* These are the parameters which are constant within a given block. *)
Context (coinbase : int256)
(timestamp : int256)
(number : int256)
(balance : int256 -> int256)
(blockhash : int256 -> int256)
(prev_contract_state : state).
Require Import lib.Monad.RunStateTInv.
Require Import lib.ArithInv.
Definition compute_k (s: state) :=
Z.mul (AutomatedMarketMaker__reserve0 s) (AutomatedMarketMaker__reserve1 s).
Definition get_balance0 (s: state) (a: addr) :=
(Int256Tree.get_default (0%Z)
a (FixedSupplyToken_balances s)).
Definition get_balance1 (s: state) (a: addr) :=
(Int256Tree.get_default 0%Z
a (FixedSupplyToken1_balances s)).
Definition make_machine_env_wrapped prev_st user :=
make_machine_env amm_address coinbase timestamp number balance blockhash prev_st user.
Lemma make_machine_env_caller_eq : forall st caller, me_caller (make_machine_env_wrapped st caller) = caller.
Proof. auto. Qed.
Lemma make_machine_env_address_eq : forall st caller, me_address (make_machine_env_wrapped st caller) = amm_address.
Proof. auto. Qed.
Transparent FixedSupplyToken_constructor_opt.
Transparent FixedSupplyToken_totalSupply_opt.
Transparent FixedSupplyToken_balanceOf_opt.
Transparent FixedSupplyToken_transfer_opt.
Transparent FixedSupplyToken_approve_opt.
Transparent FixedSupplyToken_transferFrom_opt.
Transparent FixedSupplyToken1_constructor_opt.
Transparent FixedSupplyToken1_totalSupply_opt.
Transparent FixedSupplyToken1_balanceOf_opt.
Transparent FixedSupplyToken1_transfer_opt.
Transparent FixedSupplyToken1_approve_opt.
Transparent FixedSupplyToken1_transferFrom_opt.
Transparent LiquidityToken_constructor_opt.
Transparent LiquidityToken_mint_opt.
Transparent LiquidityToken_burn_opt.
Transparent LiquidityToken_totalSupply_opt.
Transparent LiquidityToken_balanceOf_opt.
Transparent LiquidityToken_transfer_opt.
Transparent LiquidityToken_approve_opt.
Transparent LiquidityToken_transferFrom_opt.
Transparent AutomatedMarketMakerLib_constructor_opt.
Transparent AutomatedMarketMakerLib_getAmountIn_opt.
Transparent AutomatedMarketMakerLib_getBalanceAdjusted_opt.
Transparent AutomatedMarketMakerLib_min_opt.
Transparent AutomatedMarketMaker_constructor_opt.
Transparent AutomatedMarketMaker_mint_opt.
Transparent AutomatedMarketMaker_burn_opt.
Transparent AutomatedMarketMaker_simpleSwap0_opt.
Transparent AutomatedMarketMaker_swap_opt.
Transparent AutomatedMarketMaker_skim_opt.
Transparent AutomatedMarketMaker_sync_opt.
Transparent AutomatedMarketMaker_k_opt.
Transparent AutomatedMarketMaker_quote0_opt.
Transparent AutomatedMarketMaker_getAmountOut0_opt.
Transparent AutomatedMarketMaker_getAmountIn0_opt.
Definition FixedSupplyToken_address := (Int256.repr 65587).
Definition FixedSupplyToken1_address := (Int256.repr 65586).
Definition LiquidityToken_address := (Int256.repr 65585).
Definition AutomatedMarketMaker_address := (Int256.repr 65584).
Ltac rds :=
unfold FixedSupplyToken_constructor_opt in *;
unfold FixedSupplyToken_totalSupply_opt in *;
unfold FixedSupplyToken_balanceOf_opt in *;
unfold FixedSupplyToken_transfer_opt in *;
unfold FixedSupplyToken_approve_opt in *;
unfold FixedSupplyToken_transferFrom_opt in *;
unfold FixedSupplyToken1_constructor_opt in *;
unfold FixedSupplyToken1_totalSupply_opt in *;
unfold FixedSupplyToken1_balanceOf_opt in *;
unfold FixedSupplyToken1_transfer_opt in *;
unfold FixedSupplyToken1_approve_opt in *;
unfold FixedSupplyToken1_transferFrom_opt in *;
unfold LiquidityToken_constructor_opt in *;
unfold LiquidityToken_mint_opt in *;
unfold LiquidityToken_burn_opt in *;
unfold LiquidityToken_totalSupply_opt in *;
unfold LiquidityToken_balanceOf_opt in *;
unfold LiquidityToken_transfer_opt in *;
unfold LiquidityToken_approve_opt in *;
unfold LiquidityToken_transferFrom_opt in *;
unfold AutomatedMarketMakerLib_constructor_opt in *;
unfold AutomatedMarketMakerLib_getAmountIn_opt in *;
unfold AutomatedMarketMakerLib_getBalanceAdjusted_opt in *;
unfold AutomatedMarketMakerLib_min_opt in *;
unfold AutomatedMarketMaker_constructor_opt in *;
unfold AutomatedMarketMaker_mint_opt in *;
unfold AutomatedMarketMaker_burn_opt in *;
unfold AutomatedMarketMaker_simpleSwap0_opt in *;
unfold AutomatedMarketMaker_swap_opt in *;
unfold AutomatedMarketMaker_skim_opt in *;
unfold AutomatedMarketMaker_sync_opt in *;
unfold AutomatedMarketMaker_k_opt in *;
unfold AutomatedMarketMaker_quote0_opt in *;
unfold AutomatedMarketMaker_getAmountOut0_opt in *;
unfold AutomatedMarketMaker_getAmountIn0_opt in *;
inv_runStateT;
subst;
inv_arith;
simpl in *;
try rewrite make_machine_env_caller_eq in *;
try rewrite make_machine_env_address_eq in *;
try rewrite Int256Tree_reduce in *;
try rewrite Int256Tree_mreduce in *;
try rewrite Int256Tree_mireduce in *;
auto.
(* need to transfer balance first, assume token0 transfer first *)
(* should have been approve and then transferFrom, here we are hacking a bit *)
(* prove that after every possible function call, whichever layers, the
k = _reserve0 * _reserve1 is strictly increasing for simpleSwap0:
newState = simpleSwap0 oldState /\ compute_k newState > compute_k oldState *)
Theorem increasing_k_simpleSwap0 : (forall r r'
(s s' s'' : state)
(trader : addr)
(swapAmount0 : Z32),
(swapAmount0 > 0)%Z -> (* trasferring an amount > 0 *)
((AutomatedMarketMaker__reserve0 s) > 0)%Z ->
((AutomatedMarketMaker__reserve1 s) > 0)%Z ->
amm_address <> trader ->
get_balance0 s amm_address = (AutomatedMarketMaker__reserve0 s) -> (* assumes that the reserve is the same as balance at s *)
get_balance1 s amm_address = (AutomatedMarketMaker__reserve1 s) ->
runStateT (FixedSupplyToken_transfer_opt amm_address swapAmount0 (make_machine_env_wrapped s trader)) s = Some (r, s') ->
runStateT (AutomatedMarketMaker_simpleSwap0_opt trader (make_machine_env_wrapped s amm_address)) s' = Some (r', s'') ->
Z.lt (compute_k s) (compute_k s'')).
Proof.
intros.
unfold get_balance0 in H0.
unfold get_balance1 in H1.
unfold AutomatedMarketMaker_simpleSwap0_opt in *.
unfold FixedSupplyToken1_transfer_opt in *.
unfold FixedSupplyToken_balanceOf_opt in *.
unfold FixedSupplyToken1_balanceOf_opt in *.
unfold FixedSupplyToken_transfer_opt in *.
inv_runStateT.
rewrite -> make_machine_env_caller_eq in *.
rewrite -> make_machine_env_address_eq in *.
subst.
inv_arith.
unfold compute_k.
simpl.
rewrite Int256Tree_reduce in *.
rewrite Int256Tree_mreduce in *.
repeat match goal with
| [ |- context[AutomatedMarketMaker__reserve1 ?X]] => remember (AutomatedMarketMaker__reserve1 X) as R1
end.
repeat match goal with
| [ |- context[AutomatedMarketMaker__reserve0 ?X]] => remember (AutomatedMarketMaker__reserve0 X) as R0
end.
match goal with
| [ |- context[Z.mul (Z.add ?X _) _]] => replace X with R0 (* rewrite -> H1 *)
end.
match goal with
| [ |- context[Z.sub ?X _]] => replace X with R1
end.
remember swapAmount0 as delta0.
pose (IKM := increasing_k_math R0 R1 delta0 H0 H1 H); clearbody IKM.
rewrite add_sub_inv.
exact IKM.
exact H2.
Qed.
Lemma balance_tracks_reserve_inv : forall u s s',
u <> amm_address ->
get_balance0 s amm_address = (AutomatedMarketMaker__reserve0 s) ->
get_balance1 s amm_address = (AutomatedMarketMaker__reserve1 s) ->
mstep_amm amm_address coinbase timestamp number balance blockhash prev_contract_state u s s' ->
get_balance0 s amm_address = (AutomatedMarketMaker__reserve0 s') /\
get_balance1 s amm_address = (AutomatedMarketMaker__reserve1 s').
Proof.
intros u s s' Hun Hps0 Hps1 Hstp.
unfold get_balance0 in *.
unfold get_balance1 in *.
destruct Hstp; rds. (* FIXME: rds should be able to automatically solve all the goals if we have
machine_env updating implemented *)
Admitted.
Axiom anything : False.
(* splitting trades is strictly more expensive, if you split one trade into two trades with combined
same amount, then you swapped for less alternative tokens *)
Theorem path_dependency : forall r r' rd rd' rd'' rd'''
(s s' s'' sd' sd'' sd''' sd'''' : state)
(trader : addr)
(swapAmount0 : Z32)
(swapAmount0D0 swapAmount0D1 : Z32),
(swapAmount0D0 > 0)%Z ->
(swapAmount0D1 > 0)%Z ->
(swapAmount0D0 + swapAmount0D1 = swapAmount0)%Z ->
(swapAmount0 > 0)%Z -> (* trasferring an amount > 0 *)
((AutomatedMarketMaker__reserve0 s) > 0)%Z ->
((AutomatedMarketMaker__reserve1 s) > 0)%Z ->
amm_address <> trader ->
get_balance0 s amm_address = (AutomatedMarketMaker__reserve0 s) -> (* assumes that the reserve is the same as balance at s *)
get_balance1 s amm_address = (AutomatedMarketMaker__reserve1 s) ->
(* swapping in one trade *)
runStateT (FixedSupplyToken0_transfer_opt amm_address swapAmount0 (make_machine_env_wrapped s trader)) s = Some (r, s') ->
runStateT (AutomatedMarketMaker_simpleSwap0_opt trader (make_machine_env_wrapped s amm_address)) s' = Some (r', s'') ->
(* swapping in two trades *)
runStateT (FixedSupplyToken0_transfer_opt amm_address swapAmount0D0 (make_machine_env_wrapped s trader)) s = Some (rd, sd') ->
runStateT (AutomatedMarketMaker_simpleSwap0_opt trader (make_machine_env_wrapped s amm_address)) sd' = Some (rd', sd'') ->
runStateT (FixedSupplyToken0_transfer_opt amm_address swapAmount0D1 (make_machine_env_wrapped s trader)) sd'' = Some (rd'', sd''') ->
runStateT (AutomatedMarketMaker_simpleSwap0_opt trader (make_machine_env_wrapped s amm_address)) sd''' = Some (rd''', sd'''') ->
(* the ending balance is different *)
(r' > rd' + rd''')%Z.
Proof.
(* generic tactic *)
intros.
unfold get_balance0 in *.
unfold get_balance1 in *.
Time rds. (* finish in 182 secs, or 3m2s *)
rewrite !H6. rewrite !H7.
remember (AutomatedMarketMaker__reserve0 m121) as a.
remember (AutomatedMarketMaker__reserve1 m121) as b.
remember (swapAmount0D0) as c.
remember (swapAmount0D1) as d.
rewrite !add_sub_inv. (* need inequality rewriting rules *)
assert (d * 997 * R1 / (R0 * 1000 + d * 997) > d * 997 * R1 / (R0 * 1000 + d * 997 + d' * 997))%Z.
assert (d' * 997 > 0)%Z. omega.
match goal with
| [ |- context[Z.gt (Z.div ?A ?B) (Z.div ?A (Z.add ?B ?C))]] => pose (HZInEq_denadd := ZInEq_denadd A B C H31); clearbody HZInEq_denadd
end.
exact HZInEq_denadd.
apply H31.
rewrite Zgt_trans.
nia.
unfold AutomatedMarketMaker_simpleSwap0_opt in *.
unfold FixedSupplyToken1_transfer_opt in *.
unfold FixedSupplyToken0_balanceOf_opt in *.
unfold FixedSupplyToken1_balanceOf_opt in *.
unfold FixedSupplyToken0_transfer_opt in *.
Opaque bind ret get gets put modify guard mzero.
Import MonadNotation.
inv_runStateT1 H13.
subst.
inv_arith.
simpl in *.
inv_runStateT1 H12.
subst.
autorewrite with updates in *.
rewrite !Int256Tree_reduce in *.
simpl in *.
inv_arith.
inv_runStateT1 H11.
subst.
simpl in *.
autorewrite with updates in *.
inv_arith.
rewrite !(@Int256Tree_Properties.get_default_so _ (0%Z) a25 a) in * by (exact H22).
rewrite !Int256Tree_Properties.get_default_ss in *.
inv_runStateT1 H9.
subst.
simpl in *.
autorewrite with updates in *.
inv_arith.
inv_runStateT1 H8.
subst.
simpl in *.
autorewrite with updates in *.
rewrite !Int256Tree_Properties.get_default_ss in *.
inv_runStateT1 H10.
subst.
simpl in *.
autorewrite with updates in *.
rewrite !Int256Tree_Properties.get_default_ss in *.
(* These lines are to test if the resulting proof term can be checked reasonably quickly, but it seems it works. *)
(* destruct anything.
Time Qed. *)
Admitted.
================================================
FILE: contracts/amm/amm/subdir.mk
================================================
# WARNING: This file is generated by Edsger, the DeepSEA compiler.
# All modification will be lost when regenerating.
amm_FILES = \
amm/CertiKOS.v \
amm/DataTypeOps.v \
amm/DataTypeProofs.v \
amm/DataTypes.v \
amm/EdsgerIdents.v \
amm/LSimAMM.v \
amm/LSimAMMLIB.v \
amm/LSrcAMM.v \
amm/LSrcAMMLIB.v \
amm/LayerAMM.v \
amm/LayerAMMLIB.v \
amm/ObjAutomatedMarketMakerCode.v \
amm/ObjAutomatedMarketMakerCodeProofs.v \
amm/ObjAutomatedMarketMakerLibCode.v \
amm/ObjAutomatedMarketMakerLibCodeProofs.v \
amm/ObjFixedSupplyToken1Code.v \
amm/ObjFixedSupplyToken1CodeProofs.v \
amm/ObjFixedSupplyTokenCode.v \
amm/ObjFixedSupplyTokenCodeProofs.v \
amm/ObjLiquidityTokenCode.v \
amm/ObjLiquidityTokenCodeProofs.v \
amm/ObjSimAutomatedMarketMaker.v \
amm/ObjSimAutomatedMarketMakerLib.v \
amm/ObjSimFixedSupplyToken.v \
amm/ObjSimFixedSupplyToken1.v \
amm/ObjSimLiquidityToken.v \
amm/RefineAMM.v \
amm/Symbols.v
================================================
FILE: contracts/amm/amm.ds
================================================
(* TODO: add emit Events *)
(* PROOFS:
1. change re-defined layers
2. balance tracks reserve
3. increasing k -> algebra
4. no path independence, splitting trades is strictly more expensive -> algebra, appendix D
5. liquidity token economics is right, i.e., UNI-V2 tracks the actual share of pool --> actually, where is the trading of UNI-V2 Pair tokens? What is its value?
6. MOD: slippage control
7. ... cost of manipulation (hard)
*)
object signature ERC20Interface = {
constructor : unit -> unit;
mint : address * int -> unit;
burn : address * int -> unit;
totalSupply : unit -> int;
balanceOf : address -> int;
transfer : address * int -> bool;
approve : address * int -> bool;
transferFrom : address * address * int -> bool
}
object LiquidityToken : ERC20Interface {
let _totalSupply : int := 0
let balances : mapping[address] int := mapping_init
let allowances : mapping[address] mapping[address] int := mapping_init
let constructor () =
balances[msg_sender] := 100000
let mint (toA, value) =
let totalSupply = _totalSupply in
_totalSupply := totalSupply + value;
let to_bal = balances[toA] in
balances[toA] := to_bal + value
let burn (fromA, value) =
let totalSupply = _totalSupply in
_totalSupply := totalSupply - value;
let from_bal = balances[fromA] in
balances[fromA] := from_bal - value
let totalSupply () =
let bal0 = balances[address(0x0)] in
let totalSupply = _totalSupply in
let resultU = totalSupply - bal0 in
resultU
let balanceOf tokenOwner =
let bal = balances[tokenOwner] in
let resultU = bal in
resultU
let transfer(toA, tokens) =
let fromA = msg_sender in
let from_bal = balances[fromA] in
let to_bal = balances[toA] in
assert (fromA <> toA /\ from_bal >= tokens);
balances[fromA] := from_bal-tokens;
balances[toA] := to_bal+tokens;
let resultU = true in
resultU
let approve (spender, tokens) =
allowances[msg_sender][spender] := tokens;
let resultU = true in
resultU
let transferFrom (fromA, toA, tokens) =
let from_bal = balances[fromA] in
let to_bal = balances[toA] in
let allowed = allowances[fromA][toA] in
assert (fromA <> toA /\ from_bal >= tokens /\ allowed >= tokens);
balances[fromA] := from_bal-tokens;
balances[toA] := to_bal+tokens;
let resultU = true in
resultU
}
object signature FixedERC20Interface = {
constructor : unit -> unit;
const totalSupply : unit -> int;
balanceOf : address -> int;
transfer : address * int -> bool;
approve : address * int -> bool;
transferFrom : address * address * int -> bool
}
object FixedSupplyToken : FixedERC20Interface {
let _totalSupply : int := 100000
let balances : mapping[address] int := mapping_init
let allowances : mapping[address] mapping[address] int := mapping_init
let constructor () =
_totalSupply := 100000;
balances[msg_sender] := 100000
let totalSupply () =
let bal0 = balances[address(0x0)] in
let totalSupply = _totalSupply in
let resultU = totalSupply - bal0 in
resultU
let balanceOf tokenOwner =
let bal = balances[tokenOwner] in
let resultU = bal in
resultU
let transfer(toA, tokens) =
let fromA = msg_sender in
let from_bal = balances[fromA] in
let to_bal = balances[toA] in
assert (fromA <> toA /\ from_bal >= tokens);
balances[fromA] := from_bal-tokens;
balances[toA] := to_bal+tokens;
let resultU = true in
resultU
let approve (spender, tokens) =
allowances[msg_sender][spender] := tokens;
let resultU = true in
resultU
let transferFrom (fromA, toA, tokens) =
let from_bal = balances[fromA] in
let to_bal = balances[toA] in
let allowed = allowances[fromA][toA] in
assert (fromA <> toA /\ from_bal >= tokens /\ allowed >= tokens);
balances[fromA] := from_bal-tokens;
balances[toA] := to_bal+tokens;
let resultU = true in
resultU
}
(* this AMM supports ERC20 tokens, ETH can be incorporated as WETH for trading *)
object signature AMMInterface = {
constructor : unit -> unit;
(* swap : int * int * address -> unit; *)
coarsed simpleSwap0 : address -> int; (* transfer token0 to amm, results number of token1 swapped *)
(* router *)
(* swapTokensForExactTokens
swapExactTokensForTokens
addLiquidity (* why restrain the liquidity to not depreciating an asset too much? *)
removeLiquidity *)
(* fund management functions *)
coarsed mint : address -> unit; (* provide liquidity to this pair *)
coarsed burn : address -> unit; (* remove liquidity from this pair *)
coarsed skim : address -> unit; (* arbitrage to force balances to match reserves *)
coarsed sync : unit -> unit; (* force reserves to match balances *)
k : unit -> int; (* get the constant product *)
(* oracles *)
(* we do not provide Uniswap V2 version of smoothed oracles at this moment *)
quote0 : int -> int; (* given some amount of an asset and pair reserves, returns an equivalent amount of the other asset *)
getAmountOut0 : int -> int; (* given an input amount of an asset and pair reserves, returns the maximum output amount of the other asset *)
getAmountIn0 : int -> int; (* given an output amount of an asset and pair reserves, returns a required input amount of the other asset *)
}
(* assuming 0.3% txn fee, excluding the 0.05% additional fee in Uniswap V2 design *)
(* we do not support liquidity tokens at the moment *)
object AutomatedMarketMaker
( liquidityToken: ERC20Interface,
erc20Token0: FixedERC20Interface,
erc20Token1: FixedERC20Interface) : AMMInterface {
let _token0 : address := address(0xdac17f958d2ee523a2206206994597c13d831ec7) (* USDT *)
let _token1 : address := address(0x6b175474e89094c44da98b954eedeac495271d0f) (* DAI *)
let _owner : address := address(0x0)
let _reserve0 : int := 0
let _reserve1 : int := 0
let blockTimestampLast : int := 0 (* new oracle *)
let price0CumulativeLast : int := 0 (* new oracle *)
let price1CumulativeLast : int := 0 (* new oracle *)
let kLast : int := 0 (* reserve0 * reserve1, as of immediately after the most recent liquidity event *)
let constructor () =
_owner := msg_sender
(* transfer token0 and token1 to this contract, then mint liquidity tokens *)
let mint (toA) =
let reserve0 = _reserve0 in
let reserve1 = _reserve1 in
let balance0 = erc20Token0.balanceOf(this_address) in
let balance1 = erc20Token1.balanceOf(this_address) in
let amount0 = balance0 - reserve0 in
let amount1 = balance1 - reserve1 in
(* update reserve 0 and reserve 1 *)
let totalSupply = liquidityToken.totalSupply() in
let liquidity = if totalSupply = 0
then
begin
liquidityToken.mint(address(0x0), 1000); (* lock the first liquidity tokens*)
amount0 * amount1 - 1000 (* in Uniswap this should be square-rooted *)
end
else
let x = amount0 * totalSupply / reserve0 in
let y = amount1 * totalSupply / reserve1 in
if x < y then x else y
in
assert (liquidity > 0);
liquidityToken.mint(toA, liquidity);
_reserve0 := balance0;
_reserve1 := balance1
(* need toA first transfer liquidity tokens to this contract, then operate *)
(* it does not use ERC20 style allowances, just direct transfer *)
let burn (toA) =
let reserve0 = _reserve0 in
let reserve1 = _reserve1 in
let balance0 = erc20Token0.balanceOf(this_address) in
let balance1 = erc20Token1.balanceOf(this_address) in
let liquidity = liquidityToken.balanceOf(this_address) in
let totalSupply = liquidityToken.totalSupply() in
let amount0 = liquidity * balance0 / totalSupply in
let amount1 = liquidity * balance1 / totalSupply in
assert (amount0 > 0 /\ amount1 > 0);
liquidityToken.burn(this_address, liquidity);
let success = erc20Token0.transfer(toA, amount0) in
assert (success);
let success = erc20Token1.transfer(toA, amount1) in
assert (success);
let balance0 = erc20Token0.balanceOf(this_address) in
let balance1 = erc20Token1.balanceOf(this_address) in
_reserve0 := balance0;
_reserve1 := balance1
(* adhere to the stanford paper formalization, targeted for vanilla proof *)
let simpleSwap0 (toA) =
let reserve0 = _reserve0 in
let reserve1 = _reserve1 in
let balance0 = erc20Token0.balanceOf(this_address) in
let balance1 = erc20Token1.balanceOf(this_address) in
let amount0In = balance0 - reserve0 in
let token0 = _token0 in
let token1 = _token1 in
assert (toA <> token0 /\ toA <> token1);
assert (amount0In > 0);
assert (reserve0 > 0 /\ reserve1 > 0);
let amountInWithFee = amount0In * 997 in
let numerator = amountInWithFee * reserve1 in
let denominator = reserve0 * 1000 + amountInWithFee in
let result = numerator / denominator in
let success = erc20Token1.transfer(toA, result) in
assert (success);
let balance0 = erc20Token0.balanceOf(this_address) in
let balance1 = erc20Token1.balanceOf(this_address) in
_reserve0 := balance0;
_reserve1 := balance1;
let resultU = result in
resultU
(* derives from Uniswap V2 flashswap, but not flashswap since DeepSEA does not allow control-flow aggregation *)
(* first transfer tokens to this contract, then call swap to swap them *)
(* notice this does not refund, so possibly not optimal rate *)
(* let swap (amount0Out, amount1Out, toA) =
assert (amount0Out > 0 \/ amount1Out > 0);
let reserve0 = _reserve0 in
let reserve1 = _reserve1 in
let token0 = _token0 in
let token1 = _token1 in
assert (amount0Out < reserve0 /\ amount1Out < reserve1);
assert (toA <> token0 /\ toA <> token1);
(* check the assets satisfy what is wanted *)
let balance0 = erc20Token0.balanceOf(this_address) in
let balance1 = erc20Token1.balanceOf(this_address) in
(* we can prove that balance > reserve here *)
let amount0In = helper.getAmountIn(balance0, 0, reserve0) in (* balance0 - reserve0 *)
let amount1In = helper.getAmountIn(balance1, 0, reserve1) in
assert (amount0In > 0 \/ amount1In > 0);
let balance0Adjusted = helper.getBalanceAdjusted(balance0 - amount0Out, amount0In) in
let balance1Adjusted = helper.getBalanceAdjusted(balance1 - amount1Out, amount1In) in
assert (balance0Adjusted * balance1Adjusted > reserve0 * reserve1 * 1000 * 1000);
(* sending money *)
let _ = if amount0Out > 0 then
let success = erc20Token0.transfer(toA, amount0Out) in
assert (success);
()
else
()
in
let _ = if amount1Out > 0 then
let success = erc20Token1.transfer(toA, amount1Out) in
assert (success);
()
else
()
in
(* flash swap style: sent money (amount0Out, amount1Out) to msg_sender, now wait to get back *)
(* after got money back *)
(* let balance0 = erc20Token0.balanceOf(this_address) in
let balance1 = erc20Token1.balanceOf(this_address) in
let amount0In = helper.getAmountIn(balance0, amount0Out, reserve0) in
let amount1In = helper.getAmountIn(balance1, amount1Out, reserve1) in
assert (amount0In > 0 \/ amount1In > 0);
let balance0Adjusted = helper.getBalanceAdjusted(balance0, amount0In) in
let balance1Adjusted = helper.getBalanceAdjusted(balance1, amount1In) in
assert (balance0Adjusted * balance1Adjusted > reserve0 * reserve1 * 1000 * 1000); *)
(* update the reserves, also update the oracle if possible *)
_reserve0 := balance0;
_reserve1 := balance1 *)
let skim (toA) =
let reserve0 = _reserve0 in
let reserve1 = _reserve1 in
let balance0 = erc20Token0.balanceOf(this_address) in
let balance1 = erc20Token1.balanceOf(this_address) in
let skim0 = balance0 - reserve0 in
let skim1 = balance1 - reserve1 in
let success = erc20Token0.transfer(toA, skim0) in
assert (success);
let success = erc20Token1.transfer(toA, skim1) in
assert (success)
let sync () =
let balance0 = erc20Token0.balanceOf(this_address) in
let balance1 = erc20Token1.balanceOf(this_address) in
_reserve0 := balance0;
_reserve1 := balance1
let k () =
let reserve0 = _reserve0 in
let reserve1 = _reserve1 in
let resultU = reserve0 * reserve1 in
resultU
(* Uniswap did not use Q112 library to do this computation *)
(* given amount0 of token0, the equivalent value in token1 *)
let quote0 (amount0) =
assert (amount0 > 0);
let reserve0 = _reserve0 in
let reserve1 = _reserve1 in
assert (reserve0 > 0 /\ reserve1 > 0); (* prove that this can be dropped? *)
let resultU = amount0 * reserve1 / reserve0 in
resultU
let getAmountOut0 (amount0In) =
assert (amount0In > 0);
let reserve0 = _reserve0 in
let reserve1 = _reserve1 in
assert (reserve0 > 0 /\ reserve1 > 0);
let amountInWithFee = amount0In * 997 in
let numerator = amountInWithFee * reserve1 in
let denominator = reserve0 * 1000 + amountInWithFee in
let resultU = numerator / denominator in
resultU
let getAmountIn0 (amount0Out) =
assert (amount0Out > 0);
let reserve0 = _reserve0 in
let reserve1 = _reserve1 in
assert (reserve0 > 0 /\ reserve1 > 0);
let numerator = reserve1 * amount0Out * 1000 in
let denominator = (reserve0 - amount0Out) * 997 in
let resultU = (numerator / denominator) + 1 in
resultU
}
layer signature AMMLibSig = {
erc20Token0 : FixedERC20Interface;
erc20Token1 : FixedERC20Interface;
liquidityToken : ERC20Interface;
}
layer AMMLIB : [{}] AMMLibSig = {
erc20Token0 = address(0x10033) <: FixedSupplyToken;
erc20Token1 = address(0x10032) <: (clone FixedSupplyToken); (* cloned an object *)
liquidityToken = address(0x10031) <: LiquidityToken;
}
layer signature AMMSig = {
amm : AMMInterface
}
layer AMM : [AMMLibSig] AMMSig = {
amm = address(0x10030) <: AutomatedMarketMaker
}
layer COMPLETE = AMM @ AMMLIB
================================================
FILE: contracts/amm/cst_man.v
================================================
Add LoadPath "./amm" as amm.
(*From Coq Require Import ssreflect ssrfun ssrbool.
Set Implicit Arguments.
Unset Strict Implicit.
Unset Printing Implicit Defensive.*)
Require Import Reals.
Require Import Lra.
Require Import Lia.
Require Import Interval.Tactic.
Require Import Interval.Real.Taylor.
Require Import Interval.Poly.Datatypes.
Require Import Interval.Poly.Taylor_poly.
Require Import Interval.Poly.Taylor_model_sharp.
Require Import Interval.Interval.Interval_compl.
Require Import DeepSpec.lib.Monad.Monad.
Require Import amm.LayerAMM.
Require Import BinPos.
Require Import DeepSpec.Runtime.
Require Import amm.EdsgerIdents.
Require Import amm.DataTypes.
Require Import amm.DataTypeOps.
Require Import amm.DataTypeProofs.
Require Import DeepSpec.lib.Monad.Monad.
Require Import DeepSpec.lib.Monad.MonadState.
Require Import DeepSpec.lib.Monad.StateMonad.
Require Import DeepSpec.lib.Monad.OptionMonad.
Require Import DeepSpec.lib.Monad.MonadZero.
Require Import DeepSpec.core.SynthesisStmt.
Require Import DeepSpec.core.SynthesisFunc.
Require Import backend.MachineModel.
Existing Instance MonadState_DS.
Existing Instance MonadZero_DS.
Require Export amm.LayerAMMLIB.
From Coquelicot Require Import Coquelicot.
Require Import Interval.Missing.Coquelicot.
Import DeepSpec.lib.Monad.Monad.MonadNotation.
Module TR := TaylorPoly FullR PolR.
Module SPoly := SeqPoly FullR.
Section C_man.
Import core.MemoryModel.
Context {memModelOps : MemoryModelOps mem}.
Definition state := global_abstract_data_type.
Definition init_state := init_global_abstract_data.
Definition wei := Z.
Definition addr := int256.
Definition blocknumber := int256.
Existing Instance GlobalLayerSpec.
Context`{global_abdata : !GlobalAbData init_global_abstract_data global_low_level_invariant}.
Open Scope R_scope.
Require Import lib.Monad.RunStateTInv.
Require Import lib.ArithInv.
Definition reserve_beta (s : state) : Z := (DataTypeOps.AutomatedMarketMaker__reserve0 s).
Definition reserve_alpha (s : state) : Z := (DataTypeOps.AutomatedMarketMaker__reserve1 s).
Definition get_balance0 (s: state) (a: addr) :=
(Int256Tree.get_default (0%Z)
a (FixedSupplyToken_balances s)).
Context (token0_address token1_address amm_address : addr).
Context (coinbase : int256)
(timestamp : int256)
(number : int256)
(balance : int256 -> int256)
(blockhash : int256 -> int256)
(prev_contract_state : state).
Definition make_machine_env (caller: addr)
: machine_env state
:= {| me_address := amm_address;
me_origin := caller;
me_caller := caller;
me_callvalue := Int256.repr (0);
me_coinbase := coinbase;
me_timestamp := timestamp;
me_number := number;
me_chainid := Int256.zero;
me_selfbalance := Int256.zero;
me_balance := balance;
me_blockhash := blockhash;
(* not implemented *)
me_transfer _ _ d := (Int256.one, d);
me_callmethod _ _ _ _ _ _ _ _ _ _ := False;
me_log _ _ _ := prev_contract_state;
|}.
Set Typeclasses Debug.
Variable (s s': state).
Variables (a toA : addr).
Variable (r : Z32).
Definition delta_beta : Z := (get_balance0 s a) - (reserve_beta s).
Hypothesis del_alp : runStateT (AutomatedMarketMaker_simpleSwap0_opt toA (make_machine_env a)) s = Some (r , s').
Definition delta_alpha : Z := r.
Definition market_price : R := (IZR (delta_beta))/(IZR (delta_alpha)).
Definition eps : R := (IZR ((reserve_beta s) + delta_beta)/ (IZR ((reserve_alpha s) - delta_alpha) * market_price)) - (1%R).
Definition f (x : R) := x + (1 / x).
Definition kappa := (5/100)%R. (* approximation of (3/2) - (sqrt 2).*)
Definition T_f_1 (n : nat) :=
match n with
| 0%nat => (fun x => sqrt(1+x) + (1/sqrt (1 + x)))
| 1%nat => (fun x => 1/(2* sqrt(1+x)) - (1/ (2 * (1 + x) * (sqrt (1 + x)))))
| 2%nat => (fun x => (2 - x)/ (4 * ((1 + x)^2) * sqrt(1 +x)))
| _ => (fun x => 0%R)
end.
Lemma lower_bnd : forall eta , 0 <= eta <= 1 ->
(2 - eta) / (8 * ((1 + eta)^2) * sqrt (1 + eta)) >= 1 / 48.
Proof. intros.
interval with (i_bisect eta).
Qed.
Lemma pos_deriv : forall x: R, x >= 1 ->
1 - (1/ sqrt(1 + x)) - 5/100 >= 0.
Proof. intros.
interval.
Qed.
Definition extended_f (x : R) : R :=
((sqrt(1 + x) - 1)^2 - ((5/100) * (1 + x))).
Definition extended_f' (x : R) : R :=
1 - (1/ sqrt(1 + x)) - 5/100.
Definition P_gt_1 (x : R) : Prop := (x >=1)%R.
Lemma is_deriv_f : forall (x : R),
P_gt_1 x ->
Derive.is_derive extended_f x (extended_f' x).
Proof. intros.
unfold extended_f.
unfold extended_f'.
apply (is_derive_minus (fun x0 : R => (sqrt (1 + x0) - 1)^2 ) (fun x0 : R => 5 / 100 * (1 + x0)) x
(1 - 1/ sqrt (1 + x)) (5 / 100)).
+ replace (1 - 1 / sqrt (1 + x)) with (scal (1 / (2 * sqrt (1 + x))) (2 * (sqrt (1 + x) - 1))).
apply (is_derive_comp (fun x0 : R => x0 ^ 2) (fun x0 : R => sqrt (1 + x0) -1) x (2 * (sqrt (1 +x) -1)) (1 / (2 * sqrt (1 + x)))).
++ replace 2 with (INR 2 * 1).
replace (sqrt (1 + x) -1) with ((sqrt (1+x) -1) ^ Init.Nat.pred 2) at 2.
apply (is_derive_pow (fun x0 : R => x0) 2%nat (sqrt (1 +x)-1) 1).
replace 1 with (@one R_Ring) at 3.
apply (@is_derive_id R_AbsRing).
unfold one. simpl. reflexivity.
unfold Init.Nat.pred. simpl. lra.
change (INR 2) with 2. lra.
++ replace (1 / (2 * sqrt (1+x))) with (1 / (2 * sqrt (1+x)) - 0) by lra.
apply (is_derive_minus (fun x0 : R => sqrt (1 + x0)) (fun x0 : R => 1%R) x (1 / (2 * sqrt (1 + x))) (0%R)).
- replace (1 / (2 * sqrt (1 + x))) with (scal 1 (1 / (2 * sqrt (1 + x)))).
apply (is_derive_comp (fun x0 : R => sqrt x0) (fun x0 : R => 1 + x0) x (1 / (2 * sqrt (1 + x))) 1).
apply (is_derive_sqrt (fun x0 : R => x0) (1 +x) 1).
replace 1 with (@one R_Ring) at 2.
apply (@is_derive_id R_AbsRing).
unfold one. simpl. reflexivity. unfold P_gt_1 in H. lra.
replace 1 with (0 + 1) at 1 by lra.
apply (is_derive_plus (fun x0 : R => 1%R) (fun x0 : R => x0) x 0 1).
replace 0 with (@zero R_Ring).
apply (@is_derive_const R_AbsRing).
unfold zero. simpl. reflexivity.
replace 1 with (@one R_Ring).
apply (@is_derive_id R_AbsRing).
unfold one. simpl. reflexivity.
unfold scal. simpl. unfold mult. simpl. lra.
replace 0 with (@zero R_Ring).
apply (@is_derive_const R_AbsRing).
unfold zero. simpl. reflexivity.
unfold scal. simpl. unfold mult. simpl.
rewrite -> !Rmult_minus_distr_l. field. apply not_eq_sym. apply Rlt_not_eq.
unfold P_gt_1 in H. interval.
+ replace (5/100) with (5/100 * 1) at 1 by lra.
apply (is_derive_scal (fun x0 : R => 1 + x0) x (5/100) 1).
replace 1 with (0 + 1) at 1 by lra.
apply (is_derive_plus (fun x0 : R => 1%R) (fun x0 : R => x0) x 0 1).
replace 0 with (@zero R_Ring).
apply (@is_derive_const R_AbsRing).
unfold zero. simpl. reflexivity.
replace 1 with (@one R_Ring).
apply (@is_derive_id R_AbsRing).
unfold one. simpl. reflexivity.
Qed.
Lemma eps_sq : eps >= 1 ->
(sqrt(1 + eps) - 1)^2 - ((5/100) * (1 + eps)) >= 0.
Proof. intros.
assert (Hcon : Stdlib.connected P_gt_1).
{ unfold Stdlib.connected. intros. unfold P_gt_1. unfold P_gt_1 in H0.
destruct H2. apply (Rge_trans z x 1). apply Rle_ge. apply H2. apply H0. }
assert (Hincr : (Rincr P_gt_1 extended_f)).
{ apply (Rderive_pos_imp_incr Hcon is_deriv_f).
unfold Rpos_over. intros. apply Rge_le. unfold extended_f'.
apply pos_deriv. unfold P_gt_1 in H0. apply H0. }
assert (H_incr_implies : (extended_f 1) >= 0 -> (Rincr P_gt_1 extended_f) ->
eps >= 1 -> ((sqrt(1 + eps) - 1)^2 - ((5/100) * (1 + eps))) >= 0).
{ intros.
replace ((sqrt (1 + eps) - 1) ^ 2 - 5 / 100 * (1 + eps)) with (extended_f eps).
assert (H_1 : extended_f 1 >=0).
{ unfold extended_f. interval. }
assert (H_2 : extended_f eps >= extended_f 1).
{ unfold Rincr in Hincr. apply Rle_ge. apply Hincr.
unfold P_gt_1. lra. unfold P_gt_1. apply H. apply Rge_le . apply H. }
apply (Rge_trans (extended_f eps) (extended_f 1) 0).
apply H_2.
apply H_1.
unfold extended_f.
reflexivity. }
apply H_incr_implies.
unfold extended_f. simpl.
interval. apply Hincr. apply H.
Qed.
Ltac deriv_sqrt x := try (apply (derivable_pt_lim_comp (fun x0 : R => 1 + x0) (fun x0 : R => sqrt x0) x (1) (1 / (2 * (sqrt (1 + x))))));
try (replace 1%R with (0 + 1)%R at 1 by lra);
try (apply (derivable_pt_lim_plus (fun x0 : R => 1) id x 0 1));
try (apply derivable_pt_lim_const);
try (apply derivable_pt_lim_id);
try (replace (1 / (2 * sqrt (1 + x))) with (/ (2 * sqrt (1 + x))) by lra);
try (apply derivable_pt_lim_sqrt);
try (apply Fourier_util.Rlt_zero_pos_plus1).
Lemma deriv_lim_T_f : forall (k : nat) (x : R),
(k <= 1)%nat ->
0 < x < 1 ->
derivable_pt_lim (T_f_1 k) x (T_f_1 (S k) x).
Proof. intros.
assert (Hk : (k =0)%nat \/ (k = 1)%nat) by lia.
destruct Hk.
- rewrite -> H1. simpl.
replace (1 / (2 * sqrt (1 + x)) - 1 / (2 * (1 + x) * sqrt (1 + x))) with
(1 / (2 * sqrt (1 + x)) + - 1 / (2 * (1 + x) * sqrt (1 + x))) by lra.
apply (derivable_pt_lim_plus (fun x0 : R => sqrt (1 + x0)) (fun x0 : R => 1 / sqrt (1 + x0)) x (1 / (2 * sqrt (1 + x)))
(- 1 / (2 * (1 + x) * sqrt (1 + x)))).
-- replace (1 / (2 * sqrt (1 + x))) with (1 / (2 * sqrt (1 + x)) * 1) by lra.
apply (derivable_pt_lim_comp (fun x0 : R => 1 + x0) (fun x0 : R => sqrt x0) x (1) (1 / (2 * (sqrt (1 + x))))).
replace 1%R with (0 + 1)%R at 1 by lra.
apply (derivable_pt_lim_plus (fun x0 : R => 1) id x 0 1).
apply derivable_pt_lim_const.
apply derivable_pt_lim_id.
replace (1 / (2 * sqrt (1 + x))) with (/ (2 * sqrt (1 + x))) by lra.
apply derivable_pt_lim_sqrt.
apply Fourier_util.Rlt_zero_pos_plus1.
destruct H0. apply H0.
-- replace (-1 / (2 * (1 + x) * sqrt (1 + x))) with (-1 / (1 + x) * / (2 * sqrt (1 + x))).
apply (derivable_pt_lim_comp (fun x0 : R => sqrt (1 + x0)) (fun x0 : R => 1 / x0) x (/ (2 * sqrt (1 + x))) (-1 / (1 + x))).
replace (/ (2 * sqrt (1 + x))) with (1 / (2 * sqrt (1 + x)) * 1) by lra.
apply (derivable_pt_lim_comp (fun x0 : R => 1 + x0) (fun x0 : R => sqrt x0) x (1) (1 / (2 * (sqrt (1 + x))))).
replace 1%R with (0 + 1)%R at 1 by lra.
apply (derivable_pt_lim_plus (fun x0 : R => 1) id x 0 1).
apply derivable_pt_lim_const.
apply derivable_pt_lim_id.
replace (1 / (2 * sqrt (1 + x))) with (/ (2 * sqrt (1 + x))) by lra.
apply derivable_pt_lim_sqrt.
apply Fourier_util.Rlt_zero_pos_plus1.
destruct H0. apply H0.
replace (-1 / (1 + x)) with ((0 * sqrt (1 + x) - 1 * 1) / (sqrt (1 + x))²).
apply (derivable_pt_lim_div (fun x0 : R => 1%R) (fun x0 : R => x0) (sqrt (1 + x)) 0 1).
apply derivable_pt_lim_const.
apply derivable_pt_lim_id.
apply not_eq_sym.
apply Rlt_not_eq.
apply sqrt_lt_R0.
apply Fourier_util.Rlt_zero_pos_plus1.
destruct H0. apply H0.
replace (0 * sqrt (1 + x)) with 0 by lra.
replace (0 - 1* 1) with (-1)%R by lra.
rewrite -> Rsqr_sqrt. reflexivity. apply Rlt_le.
apply Fourier_util.Rlt_zero_pos_plus1. destruct H0. apply H0.
unfold Rdiv.
field. split.
apply not_eq_sym.
apply Rlt_not_eq.
apply sqrt_lt_R0.
apply Fourier_util.Rlt_zero_pos_plus1.
destruct H0. apply H0.
apply not_eq_sym.
apply Rlt_not_eq.
apply Fourier_util.Rlt_zero_pos_plus1.
destruct H0. apply H0.
- rewrite -> H1. simpl.
replace ((2 - x) / (4 * ((1 + x) * ((1 + x) * 1)) * sqrt (1 + x))) with
((-1 / (4 * (1 + x) * sqrt (1 + x))) - (-3/(4 * (1 + x) * (1 + x) * sqrt (1 + x)))).
apply (derivable_pt_lim_minus (fun x0 : R => 1 / (2 * sqrt (1 + x0))) (fun x0 : R => 1 / (2 * (1 + x0) * sqrt (1 + x0))) x (-1 / (4 * (1 + x) * sqrt (1 + x)))
(-3/(4 * (1 + x) * (1 + x) * sqrt (1 + x)))).
-- replace (-1 / (4 * (1 + x) * sqrt (1 + x))) with (1 / 2 * (- 1 / (2 * (1 + x) * sqrt (1 + x)))).
apply (derivable_pt_lim_locally_ext (mult_real_fct (1/2) (fun x0 : R => 1 / sqrt (1 + x0))) (fun x0 : R => 1 / (2 * sqrt (1 + x0)) ) x 0 1
(1 / 2 * (- 1 / (2 * (1 + x) * sqrt (1 + x))))). apply H0.
intros. unfold mult_real_fct. field. apply not_eq_sym. apply Rlt_not_eq.
apply sqrt_lt_R0. apply Fourier_util.Rlt_zero_pos_plus1. destruct H2. apply H2.
apply (derivable_pt_lim_scal (fun x0 : R => 1 / sqrt (1 + x0)) (1/2)%R x (- 1 / (2 * (1 + x) * sqrt (1 + x)))).
replace (-1 / (2 * (1 + x) * sqrt (1 + x))) with (-1 / (1 + x) * / (2 * sqrt (1 + x))).
apply (derivable_pt_lim_comp (fun x0 : R => sqrt (1 + x0)) (fun x0 : R => 1 / x0) x (/ (2 * sqrt (1 + x))) (-1 / (1 + x))).
replace (/ (2 * sqrt (1 + x))) with (1 / (2 * sqrt (1 + x)) * 1) by lra.
apply (derivable_pt_lim_comp (fun x0 : R => 1 + x0) (fun x0 : R => sqrt x0) x (1) (1 / (2 * (sqrt (1 + x))))).
replace 1%R with (0 + 1)%R at 1 by lra.
apply (derivable_pt_lim_plus (fun x0 : R => 1) id x 0 1).
apply derivable_pt_lim_const.
apply derivable_pt_lim_id.
replace (1 / (2 * sqrt (1 + x))) with (/ (2 * sqrt (1 + x))) by lra.
apply derivable_pt_lim_sqrt.
apply Fourier_util.Rlt_zero_pos_plus1.
destruct H0. apply H0.
replace (-1 / (1 + x)) with ((0 * sqrt (1 + x) - 1 * 1) / (sqrt (1 + x))²).
apply (derivable_pt_lim_div (fun x0 : R => 1%R) (fun x0 : R => x0) (sqrt (1 + x)) 0 1).
apply derivable_pt_lim_const.
apply derivable_pt_lim_id.
apply not_eq_sym.
apply Rlt_not_eq.
apply sqrt_lt_R0.
apply Fourier_util.Rlt_zero_pos_plus1.
destruct H0. apply H0.
replace (0 * sqrt (1 + x)) with 0 by lra.
replace (0 - 1* 1) with (-1)%R by lra.
Search (sqrt (_))².
rewrite -> Rsqr_sqrt. reflexivity. apply Rlt_le.
apply Fourier_util.Rlt_zero_pos_plus1. destruct H0. apply H0.
unfold Rdiv.
field. split.
apply not_eq_sym.
apply Rlt_not_eq.
apply sqrt_lt_R0.
apply Fourier_util.Rlt_zero_pos_plus1.
destruct H0. apply H0.
apply not_eq_sym.
apply Rlt_not_eq.
apply Fourier_util.Rlt_zero_pos_plus1.
destruct H0. apply H0.
field. split. apply not_eq_sym. apply Rlt_not_eq. apply sqrt_lt_R0.
apply Fourier_util.Rlt_zero_pos_plus1. destruct H0. apply H0. apply not_eq_sym.
apply Rlt_not_eq. apply Fourier_util.Rlt_zero_pos_plus1. destruct H0. apply H0.
-- replace (-3 / (4 * (1 + x) * (1 + x) * sqrt (1 + x))) with
((1/ 2) * (-3 / (2 * (1 + x) * (1 + x) * sqrt (1 + x)))).
apply (derivable_pt_lim_locally_ext (mult_real_fct (1/2) (fun x0 : R => 1 / ((1 + x0) * sqrt (1 + x0))))
(fun x0 : R => 1 / (2 * (1 + x0)* sqrt (1 + x0)) ) x 0 1
(1 / 2 * (- 3 / (2 * (1 + x) * (1 + x) * sqrt (1 + x))))). apply H0.
intros. unfold mult_real_fct. field. split. apply not_eq_sym. apply Rlt_not_eq.
apply sqrt_lt_R0. apply Fourier_util.Rlt_zero_pos_plus1. destruct H2. apply H2.
apply not_eq_sym. apply Rlt_not_eq.
apply Fourier_util.Rlt_zero_pos_plus1. destruct H2. apply H2.
apply (derivable_pt_lim_scal (fun x0 : R => 1 / ((1 + x0) * sqrt (1 + x0))) (1/2)%R x (- 3 / (2 * (1 + x) * (1 + x) * sqrt (1 + x)))).
replace (-3 / (2 * (1 + x) * (1 + x) * sqrt (1 + x))) with
( -1 / ((1 + x) * (1 + x) * (1 + x)) * (3 / 2 * sqrt (1 + x))).
apply (derivable_pt_lim_comp (fun x0 : R => (1 + x0) * sqrt (1 + x0))
(fun x0 : R => 1 / x0) x ((3 / 2) * sqrt (1 + x)) (-1 / ((1 + x) * (1 + x) * (1 + x)))).
++ replace (3 / 2 * sqrt (1 + x)) with (1 * sqrt (1 + x) + (1 + x) * (1 / (2 * sqrt (1 + x)))).
apply (derivable_pt_lim_locally_ext (mult_fct (fun x0 : R => 1 + x0) (fun x0 : R => sqrt (1 + x0)))
(fun x0 : R => (1 + x0) * (sqrt (1 + x0))) x 0 1 (1 * sqrt (1 + x) + (1 + x) * (1 / (2 * sqrt (1 + x))))).
apply H0. intros.
unfold mult_fct. reflexivity.
apply (derivable_pt_lim_mult (fun x0 : R => 1 + x0) (fun x0 : R => sqrt (1 + x0)) x 1 (1/ (2 * sqrt (1 + x)))).
replace 1%R with (0 + 1)%R at 1 by lra.
apply (derivable_pt_lim_plus (fun x0 : R => 1) id x 0 1).
apply derivable_pt_lim_const.
apply derivable_pt_lim_id.
replace (1 / (2 * sqrt (1 + x))) with (1 / (2 * sqrt (1 + x)) * 1) by lra.
apply (derivable_pt_lim_comp (fun x0 : R => 1 + x0) (fun x0 : R => sqrt x0) x 1 (1 / (2 * sqrt (1 + x)))).
replace 1%R with (0 + 1)%R at 1 by lra.
apply (derivable_pt_lim_plus (fun x0 : R => 1) id x 0 1).
apply derivable_pt_lim_const.
apply derivable_pt_lim_id.
replace (1 / (2 * sqrt (1 + x))) with (/ (2 * sqrt (1 + x))) by lra.
apply derivable_pt_lim_sqrt.
apply Fourier_util.Rlt_zero_pos_plus1. destruct H0. apply H0.
replace ((1 + x) * (1 / (2 * sqrt (1 + x)))) with ((1 + x) / (2 * sqrt (1 + x))) by lra.
replace ((1 + x) / (2 * sqrt (1 + x))) with (sqrt (1 + x) / 2).
lra.
apply (Stdlib.Rdiv_eq_reg (sqrt (1 + x)) 2 (1 + x) (2 * sqrt (1 + x))).
replace (sqrt (1 + x) * (2 * sqrt (1 + x))) with (2 * (sqrt (1 + x) * sqrt (1 + x))) by lra.
apply (Rmult_eq_compat_l 2 (sqrt (1 + x) * sqrt (1 + x)) (1 + x)).
apply sqrt_sqrt. apply Rlt_le. apply Fourier_util.Rlt_zero_pos_plus1. destruct H0. apply H0.
apply not_eq_sym. apply Rlt_not_eq. lra. apply not_eq_sym. apply Rlt_not_eq.
apply Rmult_lt_0_compat. lra. apply sqrt_lt_R0. apply Fourier_util.Rlt_zero_pos_plus1. destruct H0. apply H0.
replace (-1 / ((1 + x) * (1 + x) * (1 + x))) with ((0 *((1 + x) * sqrt (1 + x)) - 1 * 1) / ((1 + x) * sqrt (1 + x))²).
apply (derivable_pt_lim_locally_ext ((fun x0 : R => 1) / (fun x0 : R => x0))%F (fun x0 : R => 1 / x0) ((1 + x) * sqrt (1 + x)) 0 3
((0 * ((1 + x) * sqrt (1 + x)) - 1 * 1) /((1 + x) * sqrt (1 + x))²)).
split. interval. interval. intros. unfold div_fct. reflexivity.
apply (derivable_pt_lim_div (fun x0 : R => 1%R) (fun x0 : R => x0) ((1 + x) * sqrt (1 + x)) 0 1).
apply derivable_pt_lim_const.
apply derivable_pt_lim_id.
apply not_eq_sym. apply Rlt_not_eq. apply Rmult_lt_0_compat. apply Fourier_util.Rlt_zero_pos_plus1.
destruct H0. apply H0. apply sqrt_lt_R0. apply Fourier_util.Rlt_zero_pos_plus1. destruct H0. apply H0.
replace (0 * ((1 + x) * sqrt (1 + x)) - 1 * 1) with (-1)%R by lra.
rewrite -> Rsqr_mult.
rewrite -> Rsqr_sqrt.
rewrite -> Rsqr_pow2. field.
apply not_eq_sym. apply Rlt_not_eq. apply Fourier_util.Rlt_zero_pos_plus1. destruct H0. apply H0.
apply Rlt_le. apply Fourier_util.Rlt_zero_pos_plus1. destruct H0. apply H0.
ring_simplify.
replace (-1 / ((1 + x) * (1 + x) * (1 + x)) * (3 / 2) *sqrt (1 + x)) with
(-1 / ((1 + x) * (1 + x) * (1 +x)) * (3 * sqrt (1 + x)/ 2)) by lra.
replace (-1 / ((1 + x) * (1 + x) * (1 + x)) * (3 * sqrt (1 + x) / 2)) with
((-1 * (3 * sqrt (1+ x)) /(((1 +x) * (1 + x) * (1 + x)) * 2))).
eapply Stdlib.Rdiv_eq_reg.
assert (forall x y z : R, (x * y) * z = x * (y * z)).
{ intros. ring. }
assert (sqrt (1+x) ^ 2 = 1+x).
{ unfold pow. replace (sqrt (1 + x) * 1) with (sqrt (1 + x)) by lra.
apply sqrt_sqrt. apply Rlt_le. lra. }
field_simplify. rewrite !H3. field.
apply not_eq_sym. apply Rlt_not_eq. apply Rmult_lt_0_compat ; try lra.
apply Rmult_lt_0_compat ; try lra. apply Rmult_lt_0_compat; lra.
apply not_eq_sym. apply Rlt_not_eq. apply Rmult_lt_0_compat ; try lra.
apply Rmult_lt_0_compat ; try lra. apply sqrt_lt_R0. lra.
assert (forall x y z w : R, w <> 0 -> z <> 0 -> (x * y) / (z * w) = (x / z) * (y / w)).
{ intros. field. split. apply H2. apply H3. }
apply (H2 (-1)%R (3 * sqrt (1 + x)) ((1 + x) * (1 + x) * (1 + x)) 2). lra.
apply not_eq_sym. apply Rlt_not_eq. apply Rmult_lt_0_compat ; try lra.
apply Rmult_lt_0_compat ; try lra.
symmetry. replace (-3)%R with (1 *-3)%R at 1 by lra.
replace 4%R with (2 * 2)%R at 1 by lra.
assert (forall x y z w : R, w <> 0 -> z <> 0 -> (x * y) / (z * w) = (x / z) * (y / w)).
{ intros. field. split. apply H2. apply H3. }
replace (2 * 2 * (1 + x) * (1 + x) * sqrt (1 + x)) with
(2 * (2 * (1 + x) * (1 + x) * sqrt (1 + x))) by lra.
apply (H2 1 (-3)%R 2 (2 * (1 + x) * (1 + x) * sqrt (1 + x))).
apply not_eq_sym. apply Rlt_not_eq. apply Rmult_lt_0_compat ; try lra.
apply Rmult_lt_0_compat ; try lra. apply sqrt_lt_R0. lra. lra.
rewrite -> (Rdiv_minus (-1)%R (4 * (1 + x) * sqrt (1 + x)) (-3)%R (4 * (1 + x) * (1 + x) * sqrt (1 + x))).
field. split. apply not_eq_sym. apply Rlt_not_eq. apply sqrt_lt_R0. lra.
apply not_eq_sym. apply Rlt_not_eq. lra.
apply not_eq_sym. apply Rlt_not_eq. apply Rmult_lt_0_compat ; try lra. apply sqrt_lt_R0. lra.
apply not_eq_sym. apply Rlt_not_eq. apply Rmult_lt_0_compat ; try lra. apply Rmult_lt_0_compat ; try lra.
apply sqrt_lt_R0. lra.
Qed.
Lemma cont_lim_T_f : forall (k : nat) (x : R),
(k <= 1)%nat ->
0 <= x <= 1 -> continuity_pt (T_f_1 k) x.
Proof. intros.
assert (Hk : (k =0)%nat \/ (k = 1)%nat) by lia.
destruct Hk.
- rewrite -> H1. simpl.
apply (continuity_pt_plus (fun x0 : R => sqrt (1 +x0)) (fun x0 : R => 1 / sqrt (1 + x0)) x).
apply (continuity_pt_comp (fun x0 : R => 1 + x0) (fun x0 : R => sqrt x0) x).
apply (continuity_pt_plus (fun x0 : R => 1%R) (fun x0 : R => x0) x).
apply (continuity_pt_const (fun _ : R => 1) x).
unfold constant. reflexivity.
apply (continuity_pt_id x).
apply (continuity_pt_sqrt (1 +x)). lra.
apply (continuity_pt_comp (fun x0 : R => sqrt ( 1 + x0)) (fun x0 : R => 1/ x0) x).
apply (continuity_pt_comp (fun x0 : R => 1 + x0) (fun x0 : R => sqrt x0) x).
apply (continuity_pt_plus (fun x0 : R => 1%R) (fun x0 : R => x0) x).
apply (continuity_pt_const (fun _ : R => 1) x).
unfold constant. reflexivity.
apply (continuity_pt_id x).
apply (continuity_pt_sqrt (1 +x)). lra.
apply (continuity_pt_locally_ext (/ (fun x0 : R => x0))%F (fun x0 : R => 1/ x0) 1 (sqrt (1 +x))). lra.
intros. unfold inv_fct. lra.
apply (continuity_pt_inv (fun x0 : R => x0) (sqrt (1 +x))).
apply (continuity_pt_id (sqrt (1 +x))).
apply not_eq_sym. apply Rlt_not_eq. interval.
- rewrite -> H1. simpl.
apply (continuity_pt_minus (fun x0 : R => 1 / (2 * sqrt (1 + x0))) (fun x0 : R => 1 / (2 * (1 + x0) * sqrt (1 + x0))) x).
apply (continuity_pt_comp (fun x0 : R => 2 * sqrt ( 1 + x0)) (fun x0 : R => 1/ x0) x).
apply (continuity_pt_locally_ext ((fun x0 : R => 2%R) * (fun x0 : R => sqrt (1 + x0)))%F
(fun x0 : R => 2 * sqrt ( 1 + x0)) 1 x). lra. intros. unfold mult_fct. reflexivity.
apply (continuity_pt_mult (fun _ : R => 2) (fun x0 : R => sqrt (1 + x0)) x).
apply (continuity_pt_const (fun _ : R => 2) x).
unfold constant. reflexivity.
apply (continuity_pt_comp (fun x0 : R => 1 + x0) (fun x0 : R => sqrt x0) x).
apply (continuity_pt_plus (fun x0 : R => 1%R) (fun x0 : R => x0) x).
apply (continuity_pt_const (fun _ : R => 1) x).
unfold constant. reflexivity.
apply (continuity_pt_id x).
apply (continuity_pt_sqrt (1 +x)). lra.
apply (continuity_pt_locally_ext (/ (fun x0 : R => x0))%F (fun x0 : R => 1/ x0) 1 (2 * sqrt (1 +x))). lra.
intros. unfold inv_fct. Locate "/". lra.
apply (continuity_pt_inv (fun x0 : R => x0) (2 * sqrt (1 +x))).
apply (continuity_pt_id (2 * sqrt (1 +x))).
apply not_eq_sym. apply Rlt_not_eq. apply Rmult_lt_0_compat. lra. interval.
apply (continuity_pt_comp (fun x0 : R => 2 * (1 + x0) * sqrt ( 1 + x0)) (fun x0 : R => 1/ x0) x).
apply (continuity_pt_locally_ext
((fun x0 : R => 2%R) * (fun x0 : R => ((1 + x0) * sqrt (1 + x0))%R))%F
(fun x0 : R => 2 * (1 + x0) * sqrt ( 1 + x0))
1 x). lra. intros. unfold mult_fct.
lra.
apply continuity_pt_mult.
apply continuity_pt_const. unfold constant. reflexivity.
apply (continuity_pt_locally_ext
((fun x0 : R => (1 + x0)%R) * (fun x0 : R => sqrt (1 + x0)))%F
(fun x0 : R => (1 + x0) * sqrt (1 + x0)) 1 x). lra. intros. unfold mult_fct. reflexivity.
apply continuity_pt_mult.
apply continuity_pt_plus.
apply continuity_pt_const. unfold constant. reflexivity.
apply continuity_pt_id.
apply (continuity_pt_comp (fun x0 : R => 1 + x0) (fun x0 : R => sqrt x0) x).
apply (continuity_pt_plus (fun x0 : R => 1%R) (fun x0 : R => x0) x).
apply (continuity_pt_const (fun _ : R => 1) x).
unfold constant. reflexivity.
apply (continuity_pt_id x).
apply (continuity_pt_sqrt (1 +x)). lra.
apply (continuity_pt_locally_ext (/ (fun x0 : R => x0))%F (fun x0 : R => 1/ x0) 1 (2 * (1 + x) * sqrt (1 +x))). lra.
intros. unfold inv_fct. Locate "/". lra.
apply (continuity_pt_inv (fun x0 : R => x0) (2 * (1 + x) * sqrt (1 +x))).
apply continuity_pt_id.
apply not_eq_sym. apply Rlt_not_eq. apply Rmult_lt_0_compat. lra. interval.
Qed.
Lemma taylor_m : 0 < eps <= 1 ->
exists eta ,
(0 <> eps -> (0 < eta < eps \/ eps < eta < 0)) /\ sqrt (1 + eps) + 1/sqrt(1 + eps) -2 = (((2 - eta) / (8* ((1 + eta)^2) * sqrt (1 + eta))) * eps^2).
Proof. intros.
About Taylor.Taylor_Lagrange.
edestruct (Taylor.Taylor_Lagrange 0 1 1 T_f_1) with 0 eps.
++ apply deriv_lim_T_f.
++ apply cont_lim_T_f.
++ interval.
++ lra.
++ exists x.
destruct H0 as [H1 H2]. cbn in H1.
split.
- apply H2.
- rewrite !Rplus_0_r in H1.
rewrite !Rminus_0_r in H1.
rewrite !sqrt_1 in H1.
rewrite !Rcomplements.Rdiv_1 in H1.
rewrite !Rmult_1_r in H1.
rewrite !Rcomplements.Rminus_eq_0 in H1.
rewrite !Rmult_0_l in H1.
replace (1 + 1 + 0)%R with 2%R in H1 by lra.
replace (1 + 1)%R with 2%R in H1 by lra.
unfold pow. rewrite !Rmult_1_r. rewrite -> H1.
field.
assert (Hsqrt : x > -1 -> sqrt (1 + x) <> 0).
{ intros. apply not_eq_sym. apply Rlt_not_eq. apply sqrt_lt_R0. lra. }
assert (Heps : 0 < x < eps ).
{ destruct H2 ; lra. }
split.
apply Hsqrt. lra. lra.
Qed.
Lemma cst_func_0_1 : 0 <= eps <= 1 ->
sqrt (1 + eps) + 1/sqrt(1 + eps) -2 >= (1/48) * (eps ^2).
Proof. intros.
assert (Heq_dec : {0 < eps} + {0 = eps}).
{ apply Rle_lt_or_eq_dec. destruct H. apply H. }
destruct Heq_dec.
+ destruct taylor_m as [eta H2].
lra.
destruct H2 as [H2a H2b].
assert (Heta : (2 - eta) / (8 * (1 + eta) ^ 2 * sqrt (1 + eta)) >= 1/48).
{ apply lower_bnd. destruct H2a.
apply Rlt_not_eq. apply r0.
split. apply Rlt_le. apply H0.
destruct H. apply Rlt_le. apply (Rlt_le_trans eta eps 1).
destruct H0. apply H2. apply H1.
assert (Hc : eps < 0).
{ destruct H0. apply (Rlt_trans eps eta 0). apply H0. apply H1. } lra. }
rewrite -> H2b.
apply (Rmult_ge_compat_r (eps^2) ((2 - eta) /
(8 * (1 + eta) ^ 2 * sqrt (1 + eta))) (1/48)).
apply Rle_ge. apply pow2_ge_0. apply Heta.
+ rewrite <- e. simpl.
replace (1 + 0)%R with 1%R by lra.
replace (0 * 1)%R with 0%R by lra.
rewrite !sqrt_1. lra.
Qed.
Lemma cst_func_ge_1 : eps >= 1 ->
sqrt ( 1 + eps) + (1 / sqrt (1 + eps)) -2 >= ((5/100) * sqrt (1 + eps)).
Proof. intros.
apply (Rminus_ge (sqrt ( 1 + eps) + (1 / sqrt (1 + eps)) -2) ((5/100) * sqrt (1 + eps))).
replace (sqrt (1 + eps) + 1 / sqrt (1 + eps) - 2 - 5 / 100 * sqrt (1 + eps)) with
((1 / sqrt ( 1 + eps)) * ((sqrt(1 + eps) - 1)^2 - ((5/100) * (1 + eps)))).
replace 0%R with ((1 / sqrt (1 + eps)) * 0) by lra.
apply (Rmult_ge_compat_l (1 / sqrt ( 1 + eps)) ((sqrt(1 + eps) - 1)^2 - ((5/100) * (1 + eps))) 0%R).
interval. apply eps_sq. apply H.
assert (Hsqr : (sqrt (1 + eps))^2 = 1 + eps).
{ unfold pow. replace (sqrt (1 + eps) * 1) with (sqrt (1 + eps)) by lra. apply sqrt_sqrt. interval. }
field_simplify ; try interval. rewrite !Hsqr. field ; interval.
Qed.
End C_man.
================================================
FILE: contracts/amm/math_lemma.v
================================================
Require Import ZArith.
Require Import DeepSpec.cclib.Integers.
Require Import Zorder.
Require Import Lia.
Require Import QArith.
Require Import Lqa.
Require Import QArith_base.
(* to solve the inequality in prt_inf.v , first solev it in Q using some standard arithmetic properties,
then use properties of inject and transitivity of < to show it holds over Z *)
(*Axiom ZInEq_multpos : (forall (a b c : Z32), c > 0 -> a > b <-> a * c > b * c)%Z.
Hint Rewrite ZInEq_multpos : ZInEq.
Axiom ZInEq_ldiv : (forall (a b c : Z32), b > 0 -> a / b > c <-> a > b * c)%Z.
Axiom ZInEq_denadd : (forall (a b c : Z32), c > 0 -> a / b > a / (b + c))%Z.
*)
(* Properties of fractions *)
(* this axiom is a lemma in a later version of the standard library *)
Axiom Qinv_plus_distr : forall a b c, ( c > 0 -> ((a + b)/c = a/c + b/c))%Q .
Axiom Qinv_minus_distr : forall a b c, ( c > 0 -> ((a - b)/c = a/c - b/c))%Q.
Axiom Qinv_mult : forall a b, (a * / b = a / b)%Q.
Notation "[ i ]" := (inject_Z i) : Q_scope.
Lemma common_denom : forall (a b c : Q), (c > 0 -> ((a - (b/c)) == (a*c - b)/c))%Q.
Proof. intros.
setoid_replace a with (a * c / c) at 1.
setoid_rewrite <- Qinv_minus_distr. reflexivity. lra.
Search ( _ * _)%Q.
symmetry. apply Qdiv_mult_l.
apply Qnot_eq_sym.
apply Qlt_not_eq. lra.
Qed.
Lemma mul_denom : forall ( a b c d : Q), (d > 0 -> a*d < b*c -> a < b*(c/d))%Q.
Proof. intros.
replace (b * (c / d)) with (b * c / d).
Search (_ / _)%Q.
apply Qlt_shift_div_l. apply H. apply H0.
unfold Qdiv. Search (_ * _)%Q. Admitted.
Lemma increasing_k_math_rat : forall (i j k : Q), (i > 0 -> j > 0 -> k > 0 ->
i * j < (i + k) * (j - (k * [997] * j) / (i * [1000] + k * [997])))%Q.
Proof. intros.
assert (H1a : [1000] >0 ).
{ change 0 with [0]. rewrite <- Zlt_Qlt. lia. }
assert (H1b : [997] >0).
{ change 0 with [0]. rewrite <- Zlt_Qlt. lia. }
setoid_replace (j - k * [997]* j / (i * [1000] + k*[997]))%Q with
(((j * (i * [1000] + k * [997])) - (k * [997] *j))/ (i * [1000] + k * [997]))%Q.
+ apply (mul_denom (i * j)%Q (i + k)%Q (j * (i * [1000] + k * [997]) - k * [997] * j)%Q
(i * [1000] + k * [997])%Q ).
nra. ring_simplify.
assert (H2 : (997 < 1000)%Z).
{ lia. }
eapply Qplus_lt_r. repeat apply Qmult_lt_r ; auto.
+ eapply common_denom. nra.
Qed.
Search inject_Z.
Lemma inject_Z_minus : forall x y , [x - y] = [x] - [y].
Proof. intros.
change (x - y)%Z with (x + - y) %Z.
rewrite -> inject_Z_plus. rewrite -> inject_Z_opp.
change ([x] + - [y])%Q with ([x] - [y])%Q. reflexivity.
Qed.
Lemma inject_Z_div_pos : forall x y , (x > 0)%Z -> (y > 0)%Z -> ([x / y] <= [x] / [y])%Q.
Proof. intros.
rewrite -> (Z_div_mod_eq x y).
destruct (x mod y)%Z eqn : Hrem.
+ replace (y * (x / y) + 0)%Z with (y * (x / y))%Z by lia.
replace (y * (x / y))%Z with ((x / y) * y)%Z by lia.
rewrite -> Z.div_mul.
rewrite -> inject_Z_mult.
setoid_rewrite -> Qdiv_mult_l.
apply Qle_refl.
apply Qnot_eq_sym.
apply Qlt_not_eq.
change 0 with [0]. rewrite <- Zlt_Qlt. lia.
apply Z.neq_sym. apply Z.lt_neq. lia.
+ replace (y * (x / y))%Z with ((x / y) * y)%Z by lia.
rewrite -> Z.div_add_l.
repeat rewrite -> inject_Z_plus.
rewrite -> inject_Z_mult.
assert (Hpos : (Z.pos p / y)%Z = 0%Z).
{ apply Z.div_small. rewrite <- Hrem. apply Z_mod_lt. lia. }
rewrite -> Hpos.
rewrite -> Qinv_plus_distr.
setoid_rewrite -> Qdiv_mult_l.
rewrite -> Qplus_le_r.
replace ([Z.pos p] / [y])%Q with ([Z.pos p] * (/ [y]))%Q .
apply Qmult_le_0_compat.
change 0 with [0]. rewrite <- Zle_Qle. lia.
apply Qinv_le_0_compat.
change 0 with [0].
rewrite <- Zle_Qle.
apply Z.lt_le_incl. lia.
apply Qinv_mult.
apply Qnot_eq_sym.
apply Qlt_not_eq.
change 0 with [0] ; rewrite <- Zlt_Qlt; lia.
change 0 with [0] ; rewrite <- Zlt_Qlt; lia.
apply Z.neq_sym. apply Z.lt_neq. lia.
+ assert (Hneg : (0 <= (x mod y) < y)%Z).
{ apply Z_mod_lt. lia. }
rewrite -> Hrem in Hneg.
lia.
+ lia.
Qed.
Lemma Qminus_le_l : forall x y z , x >= y -> z - x <= z - y.
Proof. Admitted.
Lemma increasing_k_math : forall (i j k : Z), (i > 0 -> j > 0 -> k > 0 ->
i * j < (i + k) * (j - (k * 997 * j) / (i * 1000 + k * 997)))%Z.
Proof. intros.
rewrite -> Zlt_Qlt.
repeat rewrite -> inject_Z_mult.
repeat rewrite -> inject_Z_plus.
rewrite -> inject_Z_minus.
assert (Hineq1 : [j] - [k * 997 * j]/[i * 1000 + k * 997] <=
[j] - [k * 997 * j / (i * 1000 + k * 997)]).
{ eapply Qminus_le_l. eapply inject_Z_div_pos.
Search (_ > _)%Z (_ > _) %Z (_ * _ > _)%Z. repeat (apply Zmult_gt_0_compat). lia. lia. lia. lia. }
assert ( Hineq2 : [i] * [j] < ([i] + [k]) * ([j] - [k * 997 * j] / [i * 1000 + k * 997])).
{ repeat rewrite -> inject_Z_mult.
rewrite -> inject_Z_plus.
repeat rewrite -> inject_Z_mult.
apply (increasing_k_math_rat [i] [j] [k]) ;
change 0 with [0]; rewrite <- Zlt_Qlt; lia. }
apply (Qlt_le_trans ([i] * [j]) (([i] + [k]) *
([j] -
[k * 997 * j] / [i * 1000 + k * 997])) (([i] + [k]) * ([j] -
[k * 997 * j / (i * 1000 + k * 997)]))).
apply Hineq2.
rewrite Qmult_le_l.
apply Hineq1.
assert (Hq1 : [i] > 0).
{ change 0 with [0]. rewrite <- Zlt_Qlt. lia. }
assert (Hq2 : [k] > 0).
{ change 0 with [0]. rewrite <- Zlt_Qlt. lia. }
lra.
Qed.
Search (_ < _)%Z (_ < _)%Z (_ - _ < _ - _)%Z.
(*Lemma mul_denom : forall ( a b c d : Z), (a > 0 -> c > 0 -> d > 0 ->
a*d < b*c -> a < b*c/d)%Z .
Proof.
Admitted.
Lemma common_denom : forall (a b c : Z) , ( c > 0 -> (a + (b/c)) = (a*c + b)/c )%Z.
Proof. Admitted.
Lemma increasing_k_math : forall (i j k : Z), (i > 0 -> j > 0 -> k > 0 ->
i * j < (i + k) * (j - (k * 997 * j) / (i * 1000 + k * 997)))%Z.
Proof. intros.
replace (j - k * 997 * j / (i * 1000 + k * 997))%Z with
(((j * (i * 1000 + k * 997)) - (k * 997 *j))/ (i * 1000 + k * 997))%Z.
+ apply (mul_denom (i * j)%Z (i + k)%Z (j * (i * 1000 + k * 997) - k * 997 * j)%Z
(i * 1000 + k * 997)%Z ). replace (i * j < (i + k) * ((j * (i * 1000 + k * 997) - k * 997 * j) /
(i * 1000 + k * 997)))%Z with
(i * j * (i * 1000 + k * 997) < (i + k) * (j * (i * 1000 + k * 997) - k * 997 * j))%Z.
replace (i * j * (i * 1000 + k * 997))%Z with (i * j * i * 1000 + i *j * k * 997)%Z by lia.
replace ((i + k) * (j * (i * 1000 + k * 997) - k * 997 * j))%Z with
((i + k) * (j * i * 1000 + j * k * 997 - k * 997 *j))%Z by lia.
replace (j * k * 997)%Z with (k * 997 * j)%Z by lia.
replace (j * i * 1000 + k * 997 * j - k * 997 * j)% Z with (j * i * 1000)%Z by lia.
replace ((i + k) * (j * i * 1000))%Z with (i * j * i * 1000 + k * j * i * 1000)%Z by lia.
replace (i * j * i * 1000 + i * j * k * 997)%Z with
(i * j * k * 997 + i * j * i * 1000)%Z by lia.
replace (i * j * i * 1000 + k * j * i * 1000)%Z with (k * j * i * 1000 + i * j * i * 1000)%Z by lia.
eapply Zplus_lt_compat_r.
replace (i * j * k * 997)%Z with (997 * i * j * k)%Z by lia.
replace (k * j * i * 1000)%Z with (1000 * i * j * k)%Z by lia.
eapply Zmult_gt_0_lt_compat_r. apply H1.
eapply Zmult_gt_0_lt_compat_r. apply H0.
eapply Zmult_gt_0_lt_compat_r. apply H. lia. eapply mul_denom.
From Coq Require Import ZArith Psatz.
Open Scope Z_scope.
simpl. Fail lia. Print Lia.lia. Print Lia.zchecker_no_abstract.
intros.
(*
psatz Z 100.
lia.
assert (forall (v v' v'' : Z), v'' > 0 -> v < v' -> v * v'' < v' * v'').
intros.
pose (H19 := H16 (v * v'') (v' * v'')); clearbody H19.
apply H19.
unfold Z.sub.
apply mul_sub_distr.
pose (H17 := H16 (i * j) ((i + k) * (j - k * 997 * j / (i * 1000 + k * 997))) (i * 1000 + k * 997)); clearbody H17.
*)
assert (0 < (i * 1000 + k * 997)). omega.
(* multiplied both sides by the denominator of the divisor and needed to use comparisons between "(W / V) * V" and W *)
pose (Zmult_nc:=(Zmult_lt_compat_r (i * j) ((i + k) * (j - k * 997 * j / (i * 1000 + k * 997))) (i * 1000 + k * 997) H2)); clearbody Zmult_nc.
Admitted.*)
================================================
FILE: contracts/amm/prf_int.v
================================================
Add LoadPath "./amm" as amm.
Require Import amm.DataTypes.
Require Import amm.DataTypeOps.
Require Import amm.LayerAMM.
Require Import lib.Monad.StateMonadOption.
Require Import cclib.Maps.
Require Import cclib.Integers.
Require Import ZArith.
Require Import core.HyperTypeInst.
(* for `hashvalue`, maybe should move that to some different file. *)
Require Import backend.MachineModel.
Require Import amm.splitting_trades.
(* PROOFS:
2. balance tracks reserve
3. increasing k -> algebra
4. no path independence, splitting trades is strictly more expensive -> algebra, appendix D
5. liquidity token economics is right, i.e., UNI-V2 tracks the actual share of pool --> actually, where is the trading of UNI-V2 Pair tokens? What is its value?
6. MOD: slippage control
7. ... cost of manipulation (hard)
*)
Section WithMem.
Import core.MemoryModel.
Context {memModelOps : MemoryModelOps mem}.
(* global_abstract_data_type *)
Definition state := global_abstract_data_type.
Definition init_state := init_global_abstract_data.
Definition wei := Z.
Definition addr := int256.
Definition blocknumber := int256.
Existing Instance GlobalLayerSpec.
Section step.
Context (token0_address token1_address amm_address : addr).
Section mstep.
(* These are the parameters which are constant within a given block. *)
Context (coinbase : int256)
(timestamp : int256)
(number : int256)
(balance : int256 -> int256)
(blockhash : int256 -> int256)
(prev_contract_state : state).
Definition make_machine_env (caller: addr)
: machine_env state
:= {| me_address := amm_address;
me_origin := caller;
me_caller := caller;
me_callvalue := Int256.repr (0);
me_coinbase := coinbase;
me_timestamp := timestamp;
me_number := number;
me_chainid := Int256.zero;
me_selfbalance := Int256.zero;
me_balance := balance;
me_blockhash := blockhash;
(* not implemented *)
me_transfer _ _ d := (Int256.one, d);
me_callmethod _ _ _ _ _ _ _ _ _ _ := False;
me_log _ _ _ := prev_contract_state;
|}.
Import MonadNotation.
Definition lif {A:Type}
(caller : addr)
(cmd : machine_env state -> osT global_abstract_data_type A)
: osT state A :=
st <- get;;
let me := make_machine_env caller in
match runStateT (cmd me) st with
| None => mzero
| Some (v, st') => put st' ;; ret v
end.
Set Typeclasses Debug.
Definition lifted_simpleSwap0 :=
fun (caller: addr) (callvalue: wei) (toA: addr) => lif caller
(AutomatedMarketMaker_simpleSwap0_opt toA).
About lifted_simpleSwap0.
About AutomatedMarketMaker_simpleSwap0_opt.
Definition lifted_LiquidityToken_mint :=
fun (caller: addr) (callvalue: wei) (toA: addr) (value: Z) => lif caller
(LiquidityToken_mint_opt toA value).
(* osT state int256 =
state transformer with option monad, state is state, and value is int256 *)
Print osT. (* = fun D : Type => stateT D option *)
Print stateT. (* (S : Type) (m : Type -> Type) (t : Type) : Type := mkStateT
{ runStateT : S -> m (t * S)%type } *)
Print runStateT. (* takes monad transformer, state, returns m (t * S) *)
(* How the state of the system changes in a single method call made by player p. *)
(* for simplicity we only model functions that modify states and can be called by user *)
Inductive mstep u (st st' : state) : Prop :=
(* fixed supply tokens *)
(*TODO: fix these definitions. *)
| FixedSupplyToken_transfer_step :
forall toA tokens r, runStateT (FixedSupplyToken_transfer_opt toA tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| FixedSupplyToken1_transfer_step :
forall toA tokens r, runStateT (FixedSupplyToken1_transfer_opt toA tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| FixedSupplyToken_approve_step :
forall spender tokens r, runStateT (FixedSupplyToken_approve_opt spender tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| FixedSupplyToken1_approve_step :
forall spender tokens r, runStateT (FixedSupplyToken1_approve_opt spender tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| FixedSupplyToken0_transferFrom_step :
forall fromA toA tokens r, runStateT (FixedSupplyToken_transferFrom_opt fromA toA tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| FixedSupplyToken1_transferFrom_step :
forall fromA toA tokens r, runStateT (FixedSupplyToken1_transferFrom_opt fromA toA tokens (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
(* amm *)
| AutomatedMarketMaker_mint_step :
forall toA r, runStateT (AutomatedMarketMaker_mint_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| AutomatedMarketMaker_burn_step :
forall toA r, runStateT (AutomatedMarketMaker_burn_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
| AutomatedMarketMaker_simpleSwap0_step :
forall toA r, runStateT (AutomatedMarketMaker_simpleSwap0_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep u st st'
.
About mstep.
(* How the state of the system changes in a single method call made by player p. *)
(* for simplicity we only model functions that modify states and can be called by user *)
Inductive mstep_amm u (st st' : state) : Prop :=
(* amm *)
| AutomatedMarketMaker_mint_ammstep :
forall toA r, runStateT (AutomatedMarketMaker_mint_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep_amm u st st'
| AutomatedMarketMaker_burn_ammstep :
forall toA r, runStateT (AutomatedMarketMaker_burn_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep_amm u st st'
| AutomatedMarketMaker_simpleSwap0_ammstep :
forall toA r, runStateT (AutomatedMarketMaker_simpleSwap0_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep_amm u st st'
| AutomatedMarketMaker_skim_ammstep :
forall toA r, runStateT (AutomatedMarketMaker_skim_opt toA (make_machine_env u)) st = Some (r, st')
-> mstep_amm u st st'
| AutomatedMarketMaker_sync_ammstep :
forall r, runStateT (AutomatedMarketMaker_sync_opt (make_machine_env u)) st = Some (r, st')
-> mstep_amm u st st'
.
(* We can compute a new block by letting the players call the contract
in some arbitrary order. *)
Inductive multi_mstep : state -> state -> Prop :=
| multi_mstep_reflexive : forall (st : state), multi_mstep st st
| multi_mstep_transitive : forall (st st' st'' : state) u,
multi_mstep st st' -> mstep u st' st'' -> multi_mstep st st''.
(* A block is sufficiently synchronous if every player got a chance to submit a
transaction to to. *)
(* TODO, I think this definition is fine for now, but it seems little too clever,
should probably re-state this using some straightforward tracking of the states
we pass through. *)
Definition multi_mstep_synchronous st1 st2 :=
forall u, exists st st',
multi_mstep st1 st /\ mstep u st st' /\ multi_mstep st' st2.
(* Here are a bunch of induction principles inspired by linear temporal logic. *)
(* Prove that some property P holds "globally", i.e. for each state along a
path.
You can also specify a property Pprev which is known to hold for the
prev_contract_state. If not needed, it can just be True.
*)
Lemma multi_mstep_Global_ind : forall (Pprev P : state -> Prop),
(forall u st st', Pprev prev_contract_state -> P st -> mstep u st st' -> P st') ->
Pprev prev_contract_state -> forall st st', P st -> multi_mstep st st' -> P st'.
Proof.
induction 4; eauto.
Qed.
(*
(* Prove that P holds "until" Q along a path.
"Until" is a liveness assertion, so we need the synchronicity assumption. *)
Lemma multi_mstep_Until_ind : forall (Pprev P Q : state -> Prop),
(forall p st st', Pprev prev_contract_state -> P st -> In p players
-> mstep p st st' -> (P st' \/ Q st')) ->
Pprev prev_contract_state ->
forall st,
P st -> exists st', multi_mstep st st' -> (P st' \/ Q st').
Proof.
induction 4; eauto *)
End mstep.
Definition Int256_incr x := Int256.add x Int256.one.
Inductive bstep (n : blocknumber) : state -> state -> Prop :=
| bstep_step : forall coinbase timestamp balance blockhash st st',
multi_mstep coinbase timestamp n balance blockhash st st st' ->
bstep n st st'.
Inductive multi_bstep : blocknumber -> state -> blocknumber -> state -> Prop :=
| multi_bstep_reflexive : forall n (st : state), multi_bstep n st n st
| multi_bstep_transitive : forall n n' (st st' st'' : state),
multi_bstep n st n' st' -> bstep (Int256_incr n') st' st'' -> multi_bstep n st (Int256_incr n') st''.
(* multi_bstep is the step relation without any synchronicity assumption.
This is sufficient to prove some safety properties, but for most interesting
theorems we instead need to use this synchronous version: *)
Inductive bstep_synch (n : blocknumber) : state -> state -> Prop :=
| bstep_synch_step : forall coinbase timestamp balance blockhash st st',
multi_mstep_synchronous coinbase timestamp n balance blockhash st st st' ->
bstep_synch n st st'.
Inductive multi_bstep_synch : blocknumber -> state -> blocknumber -> state -> Prop :=
| multi_bstep_synch_reflexive : forall n (st : state), multi_bstep_synch n st n st
| multi_bstep_synch_transitive : forall n n' (st st' st'' : state),
multi_bstep_synch n st n' st' -> bstep_synch (Int256_incr n') st' st'' -> multi_bstep_synch n st (Int256_incr n') st''.
Lemma multi_bstep_Global_ind : forall (P : state -> Prop),
(forall coinbase timestamp number balance blockhash prev_block u st st',
P prev_block
-> P st
-> mstep coinbase timestamp number balance blockhash prev_block u st st'
-> P st')
-> forall n st n' st',
P st -> multi_bstep n st n' st' -> P st'.
Proof.
induction 3.
- auto.
- inversion H2; subst.
eapply multi_mstep_Global_ind with (st:=st') (prev_contract_state := st').
+ intros.
refine (H _ _ _ _ _ _ _ _ _ _ _ H6); auto.
+ apply IHmulti_bstep; assumption.
+ apply IHmulti_bstep; assumption.
+ exact H3.
Qed.
End step.
Section DeepSEAGenericProof.
Lemma Int256Tree_reduce : forall (i: int256) (v: Z) (t: Int256Tree.t Z), Int256Tree.get_default 0%Z i (Int256Tree.set i v t) = v.
Proof.
intros.
unfold Int256Tree.get_default.
rewrite Int256Tree.gss .
reflexivity.
Qed.
Lemma Int256Tree_mreduce : forall (i j : int256) (v v': Z) (t: Int256Tree.t Z),
i <> j ->
Int256Tree.get_default 0%Z i (Int256Tree.set j v' (Int256Tree.set i v t)) = v.
Proof.
intros.
unfold Int256Tree.get_default.
rewrite Int256Tree.gso.
rewrite Int256Tree.gss.
reflexivity.
exact H.
Qed.
Lemma Int256Tree_mireduce : forall (i j k : int256) (v v': Z) (t: Int256Tree.t Z),
i <> j ->
i <> k ->
j <> k ->
Int256Tree.get_default 0%Z i (Int256Tree.set j v' (Int256Tree.set k v t)) =
Int256Tree.get_default 0%Z i t.
Proof.
intros.
unfold Int256Tree.get_default.
rewrite Int256Tree.gso.
rewrite Int256Tree.gso.
reflexivity.
exact H0.
exact H.
Qed.
Lemma add_sub_inv : forall (i j : Z32), (i + j - i)%Z = j.
Proof.
intros.
omega.
Qed.
(* Lemmas on Inequalities over Z *)
Lemma ZInEq_ladd : (forall (i j k : Z32), (i > j + k <-> i - k > j)%Z).
Proof.
intros. omega.
Qed.
Hint Rewrite ZInEq_ladd : ZInEq.
Axiom ZInEq_multpos : (forall (a b c : Z32), c > 0 -> a > b <-> a * c > b * c)%Z.
Hint Rewrite ZInEq_multpos : ZInEq.
Axiom ZInEq_ldiv : (forall (a b c : Z32), b > 0 -> a / b > c <-> a > b * c)%Z.
Axiom ZInEq_denadd : (forall (a b c : Z32), c > 0 -> a / b > a / (b + c))%Z.
Lemma increasing_k_math : forall (i j k : Z), (i > 0 -> j > 0 -> k > 0 ->
i * j < (i + k) * (j - (k * 997 * j) / (i * 1000 + k * 997)))%Z.
Proof.
From Coq Require Import ZArith Psatz.
Open Scope Z_scope.
simpl. Fail lia. Print Lia.lia. Print Lia.zchecker_no_abstract.
intros.
(*
psatz Z 100.
lia.
assert (forall (v v' v'' : Z), v'' > 0 -> v < v' -> v * v'' < v' * v'').
intros.
pose (H19 := H16 (v * v'') (v' * v'')); clearbody H19.
apply H19.
unfold Z.sub.
apply mul_sub_distr.
pose (H17 := H16 (i * j) ((i + k) * (j - k * 997 * j / (i * 1000 + k * 997))) (i * 1000 + k * 997)); clearbody H17.
*)
assert (0 < (i * 1000 + k * 997)). omega.
(* multiplied both sides by the denominator of the divisor and needed to use comparisons between "(W / V) * V" and W *)
pose (Zmult_nc:=(Zmult_lt_compat_r (i * j) ((i + k) * (j - k * 997 * j / (i * 1000 + k * 997))) (i * 1000 + k * 997) H2)); clearbody Zmult_nc.
Admitted.
End DeepSEAGenericProof.
Section AMMProof.
Context (token0_address token1_address amm_address : addr).
Context (* (strategies : strategy_tuple) *)
(initial_balances : addr -> Z)
(contract_address : int256).
Context (init_bt init_rt : int256)
(init_coinbase : int256)
(init_timestamp : int256)
(init_number : int256)
(init_blockhash : int256 -> int256)
(pre_init_state init_state : state).
(* These are the parameters which are constant within a given block. *)
Context (coinbase : int256)
(timestamp : int256)
(number : int256)
(balance : int256 -> int256)
(blockhash : int256 -> int256)
(prev_contract_state : state).
Require Import lib.Monad.RunStateTInv.
Require Import lib.ArithInv.
Definition compute_k (s: state) :=
Z.mul (AutomatedMarketMaker__reserve0 s) (AutomatedMarketMaker__reserve1 s).
Definition get_balance0 (s: state) (a: addr) :=
(Int256Tree.get_default (0%Z)
a (FixedSupplyToken_balances s)).
Definition get_balance1 (s: state) (a: addr) :=
(Int256Tree.get_default 0%Z
a (FixedSupplyToken1_balances s)).
Definition make_machine_env_wrapped prev_st user :=
make_machine_env amm_address coinbase timestamp number balance blockhash prev_st user.
Lemma make_machine_env_caller_eq : forall st caller, me_caller (make_machine_env_wrapped st caller) = caller.
Proof. auto. Qed.
Lemma make_machine_env_address_eq : forall st caller, me_address (make_machine_env_wrapped st caller) = amm_address.
Proof. auto. Qed.
Transparent AutomatedMarketMaker_simpleSwap0_opt.
Transparent FixedSupplyToken1_balanceOf_opt.
Transparent FixedSupplyToken_balanceOf_opt.
Transparent FixedSupplyToken_transfer_opt.
Transparent FixedSupplyToken1_transfer_opt.
(* need to transfer balance first, assume token0 transfer first *)
(* should have been approve and then transferFrom, here we are hacking a bit *)
(* prove that after every possible function call, whichever layers, the
k = _reserve0 * _reserve1 is strictly increasing for simpleSwap0:
newState = simpleSwap0 oldState /\ compute_k newState > compute_k oldState *)
Theorem increasing_k_simpleSwap0 : (forall r r'
(s s' s'' : state)
(trader : addr)
(swapAmount0 : Z32),
(swapAmount0 > 0)%Z -> (* trasferring an amount > 0 *)
((AutomatedMarketMaker__reserve0 s) > 0)%Z ->
((AutomatedMarketMaker__reserve1 s) > 0)%Z ->
amm_address <> trader ->
get_balance0 s amm_address = (AutomatedMarketMaker__reserve0 s) -> (* assumes that the reserve is the same as balance at s *)
get_balance1 s amm_address = (AutomatedMarketMaker__reserve1 s) ->
runStateT (FixedSupplyToken_transfer_opt amm_address swapAmount0 (make_machine_env_wrapped s trader)) s = Some (r, s') ->
runStateT (AutomatedMarketMaker_simpleSwap0_opt trader (make_machine_env_wrapped s amm_address)) s' = Some (r', s'') ->
Z.lt (compute_k s) (compute_k s'')).
Proof.
intros.
unfold get_balance0 in H0.
unfold get_balance1 in H1.
unfold AutomatedMarketMaker_simpleSwap0_opt in *.
unfold FixedSupplyToken_transfer_opt in *.
unfold FixedSupplyToken_balanceOf_opt in *.
unfold FixedSupplyToken_balanceOf_opt in *.
unfold FixedSupplyToken_transfer_opt in *.
inv_runStateT.
rewrite -> make_machine_env_caller_eq in *.
rewrite -> make_machine_env_address_eq in *.
subst.
inv_arith.
unfold compute_k.
simpl.
(* TODO: this proof now doesn't work, try to figure out what went wrong. *)
(*
rewrite Int256Tree_reduce in *.
rewrite Int256Tree_mreduce in *.
repeat match goal with
| [ |- context[AutomatedMarketMaker__reserve1 ?X]] => remember (AutomatedMarketMaker__reserve1 X) as R1
end.
repeat match goal with
| [ |- context[AutomatedMarketMaker__reserve0 ?X]] => remember (AutomatedMarketMaker__reserve0 X) as R0
end.
match goal with
| [ |- context[Z.mul (Z.add ?X _) _]] => replace X with R0 (* rewrite -> H1 *)
end.
match goal with
| [ |- context[Z.sub ?X _]] => replace X with R1
end.
remember swapAmount0 as delta0.
pose (IKM := increasing_k_math R0 R1 delta0 H0 H1 H); clearbody IKM.
rewrite add_sub_inv.
exact IKM.
exact H2.
Qed.
*)
Admitted.
Transparent AutomatedMarketMaker_mint_opt.
Transparent AutomatedMarketMaker_burn_opt.
Transparent AutomatedMarketMaker_skim_opt.
Transparent AutomatedMarketMaker_sync_opt.
Transparent LiquidityToken_burn_opt.
Transparent LiquidityToken_mint_opt.
Transparent LiquidityToken_totalSupply_opt.
Transparent LiquidityToken_balanceOf_opt.
(* Without this, "subst" seems to run forever when there are many equalities in the context. *)
Unset Regular Subst Tactic.
Ltac rds :=
unfold AutomatedMarketMaker_mint_opt in *;
unfold AutomatedMarketMaker_burn_opt in *;
unfold AutomatedMarketMaker_simpleSwap0_opt in *;
unfold AutomatedMarketMaker_skim_opt in *;
unfold AutomatedMarketMaker_sync_opt in *;
unfold LiquidityToken_totalSupply_opt in *;
unfold LiquidityToken_balanceOf_opt in *;
unfold LiquidityToken_burn_opt in *;
unfold LiquidityToken_mint_opt in *;
unfold FixedSupplyToken1_transfer_opt in *;
unfold FixedSupplyToken_balanceOf_opt in *;
unfold FixedSupplyToken1_balanceOf_opt in *;
unfold FixedSupplyToken_transfer_opt in *;
inv_runStateT;
subst;
inv_arith;
simpl in *;
try rewrite make_machine_env_caller_eq in *;
try rewrite make_machine_env_address_eq in *;
autorewrite with updates in *;
try rewrite !Int256Tree_Properties.get_default_ss in *;
try rewrite !Int256Tree_Properties.get_default_so in *;
(* try rewrite Int256Tree_reduce in *;
try rewrite Int256Tree_mreduce in *; *)
try rewrite Int256Tree_mireduce in *;
auto.
Lemma balance_tracks_reserve_inv : forall u s s',
u <> amm_address ->
get_balance0 s amm_address = (AutomatedMarketMaker__reserve0 s) ->
get_balance1 s amm_address = (AutomatedMarketMaker__reserve1 s) ->
mstep_amm amm_address coinbase timestamp number balance blockhash prev_contract_state u s s' ->
get_balance0 s amm_address = (AutomatedMarketMaker__reserve0 s') /\
get_balance1 s amm_address = (AutomatedMarketMaker__reserve1 s').
Proof.
intros u s s' Hun Hps0 Hps1 Hstp.
unfold get_balance0 in *.
unfold get_balance1 in *.
(*
destruct Hstp; rds. (* FIXME: rds should be able to automatically solve all the goals if we have
machine_env updating implemented *)
*)
Admitted.
Axiom anything : False.
(* splitting trades is strictly more expensive, if you split one trade into two trades with combined
same amount, then you swapped for less alternative tokens *)
Theorem path_dependency : forall r r' rd rd' rd'' rd'''
(s s' s'' sd' sd'' sd''' sd'''' : state)
(trader : addr)
(swapAmount0 : Z32)
(swapAmount0D0 swapAmount0D1 : Z32),
(swapAmount0D0 > 0)%Z ->
(swapAmount0D1 > 0)%Z ->
(swapAmount0D0 + swapAmount0D1 = swapAmount0)%Z ->
(swapAmount0 > 0)%Z -> (* trasferring an amount > 0 *)
((AutomatedMarketMaker__reserve0 s) > 0)%Z ->
((AutomatedMarketMaker__reserve1 s) > 0)%Z ->
amm_address <> trader ->
get_balance0 s amm_address = (AutomatedMarketMaker__reserve0 s) -> (* assumes that the reserve is the same as balance at s *)
get_balance1 s amm_address = (AutomatedMarketMaker__reserve1 s) ->
(* swapping in one trade *)
runStateT (FixedSupplyToken_transfer_opt amm_address swapAmount0 (make_machine_env_wrapped s trader)) s = Some (r, s') ->
runStateT (AutomatedMarketMaker_simpleSwap0_opt trader (make_machine_env_wrapped s amm_address)) s' = Some (r', s'') ->
(* swapping in two trades *)
runStateT (FixedSupplyToken_transfer_opt amm_address swapAmount0D0 (make_machine_env_wrapped s trader)) s = Some (rd, sd') ->
runStateT (AutomatedMarketMaker_simpleSwap0_opt trader (make_machine_env_wrapped s amm_address)) sd' = Some (rd', sd'') ->
runStateT (FixedSupplyToken_transfer_opt amm_address swapAmount0D1 (make_machine_env_wrapped s trader)) sd'' = Some (rd'', sd''') ->
runStateT (AutomatedMarketMaker_simpleSwap0_opt trader (make_machine_env_wrapped s amm_address)) sd''' = Some (rd''', sd'''') ->
(* the ending balance is different *)
(r' > rd' + rd''')%Z.
Proof.
(* generic tactic *)
intros.
(*replace (r' > rd' + rd''')%Z with (r' -(rd' + rd''') > 0)%Z.
eapply split_trade_int.*)
unfold get_balance0 in *.
unfold get_balance1 in *.
(* Time rds. (* finish in 182 secs, or 3m2s *) (* Seems a bit faster with Unset Regular Subst. *) *)
unfold AutomatedMarketMaker_mint_opt in *;
unfold AutomatedMarketMaker_burn_opt in *;
unfold AutomatedMarketMaker_simpleSwap0_opt in *;
unfold AutomatedMarketMaker_skim_opt in *;
unfold AutomatedMarketMaker_sync_opt in *;
unfold LiquidityToken_totalSupply_opt in *;
unfold LiquidityToken_balanceOf_opt in *;
unfold LiquidityToken_burn_opt in *;
unfold LiquidityToken_mint_opt in *;
unfold FixedSupplyToken1_transfer_opt in *;
unfold FixedSupplyToken_balanceOf_opt in *;
unfold FixedSupplyToken1_balanceOf_opt in *;
unfold FixedSupplyToken_transfer_opt in *;
inv_runStateT;
subst.
inv_arith;
simpl in *;
try rewrite make_machine_env_caller_eq in *;
try rewrite make_machine_env_address_eq in *.
autorewrite with updates in *.
try rewrite !Int256Tree_Properties.get_default_ss in *.
try rewrite Int256Tree_mireduce in * by congruence .
try rewrite !Int256Tree_Properties.get_default_so in * by congruence.
(* try rewrite Int256Tree_reduce in *;
try rewrite Int256Tree_mreduce in *; *)
rewrite !Int256Tree_Properties.get_default_ss in *.
subst.
rewrite !H6. rewrite !H7.
remember (swapAmount0D0) as c.
remember (swapAmount0D1) as d.
remember (AutomatedMarketMaker__reserve0 m92) as a.
remember (AutomatedMarketMaker__reserve1 m92) as b.
autorewrite with updates.
rewrite !Int256Tree_Properties.get_default_ss.
rewrite !add_sub_inv. (* need inequality rewtiting rules *)
(*assert (d * 997 * R1 / (R0 * 1000 + d * 997) > d * 997 * R1 / (R0 * 1000 + d * 997 + d' * 997))%Z.
assert (d' * 997 > 0)%Z. omega.
match goal with
| [ |- context[Z.gt (Z.div ?A ?B) (Z.div ?A (Z.add ?B ?C))]] => pose (HZInEq_denadd := ZInEq_denadd A B C H31); clearbody HZInEq_denadd
end.
exact HZInEq_denadd.
apply H31.
rewrite Zgt_trans.
nia.
unfold AutomatedMarketMaker_simpleSwap0_opt in *.
unfold FixedSupplyToken1_transfer_opt in *.
unfold FixedSupplyToken0_balanceOf_opt in *.
unfold FixedSupplyToken1_balanceOf_opt in *.
unfold FixedSupplyToken0_transfer_opt in *.
Opaque bind ret get gets put modify guard mzero.
Import MonadNotation.
inv_runStateT1 H13.
subst.
inv_arith.
simpl in *.
inv_runStateT1 H12.
subst.
autorewrite with updates in *.
rewrite !Int256Tree_reduce in *.
simpl in *.
inv_arith.
inv_runStateT1 H11.
subst.
simpl in *.
autorewrite with updates in *.
inv_arith.
rewrite !(@Int256Tree_Properties.get_default_so _ (0%Z) a25 a) in * by (exact H22).
rewrite !Int256Tree_Properties.get_default_ss in *.
inv_runStateT1 H9.
subst.
simpl in *.
autorewrite with updates in *.
inv_arith.
inv_runStateT1 H8.
subst.
simpl in *.
autorewrite with updates in *.
rewrite !Int256Tree_Properties.get_default_ss in *.
inv_runStateT1 H10.
subst.
simpl in *.
autorewrite with updates in *.
rewrite !Int256Tree_Properties.get_default_ss in *.
*)
(* These lines are to test if the resulting proof term can be checked reasonably quickly, but it seems it works. *)
(* destruct anything.
Time Qed. *)
Admitted.
End AMMProof.
End WithMem.
================================================
FILE: contracts/amm-i.wat
================================================
(module
(import "ethereum" "finish" (func $finish (param i32 i32) (result )))
(memory 1)
(data (i32.const 0) "\00\61\73\6d\01\00\00\00\01\c9\01\24\60\00\01\7f\60\01\7f\01\7f\60\01\7f\01\7f\60\01\7f\01\7f\60\03\7f\7f\7f\01\7f\60\01\7f\01\7f\60\00\01\7f\60\00\01\7f\60\01\7f\01\7f\60\01\7f\01\7f\60\01\7f\01\7f\60\02\7f\7f\01\7f\60\00\01\7f\60\03\7f\7f\7f\01\7f\60\02\7f\7f\01\7f\60\02\7f\7f\01\7f\60\00\01\7f\60\02\7f\7f\01\7f\60\02\7f\7f\01\7f\60\02\7f\7f\01\7f\60\02\7f\7f\01\7f\60\01\7f\01\7f\60\02\7f\7f\01\7f\60\03\7f\7f\7f\01\7f\60\01\7f\01\7f\60\03\7f\7f\7f\01\7f\60\01\7f\00\60\02\7f\7f\00\60\02\7e\7f\01\7f\60\03\7f\7f\7f\00\60\04\7e\7f\7f\7f\01\7f\60\00\01\7e\60\07\7f\7f\7f\7f\7f\7f\7f\00\60\01\7e\00\60\05\7e\7f\7f\7f\7f\01\7f\60\00\00\02\d3\04\19\08\65\74\68\65\72\65\75\6d\0a\67\65\74\41\64\64\72\65\73\73\00\1a\08\65\74\68\65\72\65\75\6d\12\67\65\74\45\78\74\65\72\6e\61\6c\42\61\6c\61\6e\63\65\00\1b\08\65\74\68\65\72\65\75\6d\0c\67\65\74\42\6c\6f\63\6b\48\61\73\68\00\1c\08\65\74\68\65\72\65\75\6d\0c\63\61\6c\6c\44\61\74\61\43\6f\70\79\00\1d\08\65\74\68\65\72\65\75\6d\0f\67\65\74\43\61\6c\6c\44\61\74\61\53\69\7a\65\00\00\08\65\74\68\65\72\65\75\6d\0c\63\61\6c\6c\44\65\6c\65\67\61\74\65\00\1e\08\65\74\68\65\72\65\75\6d\0c\73\74\6f\72\61\67\65\53\74\6f\72\65\00\1b\08\65\74\68\65\72\65\75\6d\0b\73\74\6f\72\61\67\65\4c\6f\61\64\00\1b\08\65\74\68\65\72\65\75\6d\09\67\65\74\43\61\6c\6c\65\72\00\1a\08\65\74\68\65\72\65\75\6d\0c\67\65\74\43\61\6c\6c\56\61\6c\75\65\00\1a\08\65\74\68\65\72\65\75\6d\10\67\65\74\42\6c\6f\63\6b\43\6f\69\6e\62\61\73\65\00\01\08\65\74\68\65\72\65\75\6d\12\67\65\74\42\6c\6f\63\6b\44\69\66\66\69\63\75\6c\74\79\00\1a\08\65\74\68\65\72\65\75\6d\0a\67\65\74\47\61\73\4c\65\66\74\00\1f\08\65\74\68\65\72\65\75\6d\10\67\65\74\42\6c\6f\63\6b\47\61\73\4c\69\6d\69\74\00\1f\08\65\74\68\65\72\65\75\6d\0d\67\65\74\54\78\47\61\73\50\72\69\63\65\00\1a\08\65\74\68\65\72\65\75\6d\03\6c\6f\67\00\20\08\65\74\68\65\72\65\75\6d\0e\67\65\74\42\6c\6f\63\6b\4e\75\6d\62\65\72\00\1f\08\65\74\68\65\72\65\75\6d\0b\67\65\74\54\78\4f\72\69\67\69\6e\00\1a\08\65\74\68\65\72\65\75\6d\06\75\73\65\47\61\73\00\21\08\65\74\68\65\72\65\75\6d\11\67\65\74\42\6c\6f\63\6b\54\69\6d\65\73\74\61\6d\70\00\1f\08\65\74\68\65\72\65\75\6d\06\72\65\76\65\72\74\00\1b\08\65\74\68\65\72\65\75\6d\11\67\65\74\52\65\74\75\72\6e\44\61\74\61\53\69\7a\65\00\00\08\65\74\68\65\72\65\75\6d\0e\72\65\74\75\72\6e\44\61\74\61\43\6f\70\79\00\1d\08\65\74\68\65\72\65\75\6d\04\63\61\6c\6c\00\22\08\65\74\68\65\72\65\75\6d\06\66\69\6e\69\73\68\00\1b\03\23\22\0b\0b\0b\01\1a\23\01\23\00\01\02\03\04\05\06\07\08\09\0a\0b\0c\0d\0e\0f\10\11\12\13\14\15\16\17\18\19\05\03\01\00\14\06\10\03\7f\01\41\00\0b\7f\01\41\00\0b\7f\01\41\00\0b\07\11\02\06\6d\65\6d\6f\72\79\02\00\04\6d\61\69\6e\00\20\0a\8e\da\03\22\43\01\02\7f\20\00\41\01\20\01\41\01\71\1b\21\03\02\40\20\01\41\01\75\22\01\45\0d\00\03\40\20\00\20\00\6c\22\00\41\01\20\01\41\01\71\1b\20\03\6c\21\03\20\01\41\01\75\22\02\21\01\20\02\0d\00\0b\0b\20\03\0b\04\00\20\00\0b\04\00\20\00\0b\07\00\20\00\41\7f\73\0b\0a\00\41\80\02\20\00\36\02\00\0b\09\00\41\80\02\41\04\10\14\0b\24\00\20\00\41\18\74\20\00\41\08\74\41\80\80\fc\07\71\72\20\00\41\08\76\41\80\fe\03\71\20\00\41\18\76\72\72\0b\c5\06\00\10\04\24\00\23\00\41\03\4d\04\40\41\15\10\1d\10\1e\05\01\0b\23\00\41\04\6b\24\00\41\04\24\01\41\80\06\41\00\41\04\10\03\41\80\06\28\02\00\10\1f\24\02\23\02\41\c2\f0\89\d3\06\46\04\40\23\00\41\20\46\45\04\40\41\dc\01\10\1d\10\1e\05\01\0b\41\20\24\01\41\80\06\23\01\41\04\10\03\41\80\06\28\02\00\10\1f\23\01\41\20\6a\24\01\10\22\24\01\41\80\02\23\01\36\02\00\41\80\02\41\04\10\18\05\23\02\41\c4\96\bf\cd\78\46\04\40\23\00\41\20\46\45\04\40\41\dd\01\10\1d\10\1e\05\01\0b\41\20\24\01\41\80\06\23\01\41\04\10\03\41\80\06\28\02\00\10\1f\23\01\41\20\6a\24\01\10\23\24\01\41\80\02\23\01\36\02\00\41\80\02\41\04\10\18\05\23\02\41\bf\d4\b3\c1\78\46\04\40\23\00\41\20\46\45\04\40\41\de\01\10\1d\10\1e\05\01\0b\41\20\24\01\41\80\06\23\01\41\04\10\03\41\80\06\28\02\00\10\1f\23\01\41\20\6a\24\01\10\24\24\01\41\80\02\23\01\36\02\00\41\80\02\41\04\10\18\05\23\02\41\8a\c8\e9\ec\06\46\04\40\23\00\41\e0\00\46\45\04\40\41\df\01\10\1d\10\1e\05\01\0b\41\20\24\01\41\80\06\23\01\41\04\10\03\41\80\06\28\02\00\10\1f\23\01\41\20\6a\24\01\41\80\06\23\01\41\04\10\03\41\80\06\28\02\00\10\1f\23\01\41\20\6a\24\01\41\80\06\23\01\41\04\10\03\41\80\06\28\02\00\10\1f\23\01\41\20\6a\24\01\10\25\24\01\41\80\02\23\01\36\02\00\41\80\02\41\04\10\18\05\23\02\41\f7\9e\97\e1\7b\46\04\40\23\00\41\20\46\45\04\40\41\e0\01\10\1d\10\1e\05\01\0b\41\20\24\01\41\80\06\23\01\41\04\10\03\41\80\06\28\02\00\10\1f\23\01\41\20\6a\24\01\10\26\24\01\41\80\02\23\01\36\02\00\41\80\02\41\04\10\18\05\23\02\41\e9\95\5b\46\04\40\23\00\41\00\46\45\04\40\41\e1\01\10\1d\10\1e\05\01\0b\41\20\24\01\10\27\24\01\41\80\02\23\01\36\02\00\41\80\02\41\04\10\18\05\23\02\41\e1\98\d0\a7\7b\46\04\40\23\00\41\00\46\45\04\40\41\e2\01\10\1d\10\1e\05\01\0b\41\20\24\01\10\28\24\01\41\80\02\23\01\36\02\00\41\80\02\41\04\10\18\05\23\02\41\bc\d4\cd\b4\7d\46\04\40\23\00\41\20\46\45\04\40\41\e3\01\10\1d\10\1e\05\01\0b\41\20\24\01\41\80\06\23\01\41\04\10\03\41\80\06\28\02\00\10\1f\23\01\41\20\6a\24\01\10\29\24\01\41\80\02\23\01\36\02\00\41\80\02\41\04\10\18\05\23\02\41\cf\ac\fb\bd\06\46\04\40\23\00\41\20\46\45\04\40\41\e4\01\10\1d\10\1e\05\01\0b\41\20\24\01\41\80\06\23\01\41\04\10\03\41\80\06\28\02\00\10\1f\23\01\41\20\6a\24\01\10\2a\24\01\41\80\02\23\01\36\02\00\41\80\02\41\04\10\18\05\23\02\41\fd\d7\ee\9e\07\46\04\40\23\00\41\20\46\45\04\40\41\e5\01\10\1d\10\1e\05\01\0b\41\20\24\01\41\80\06\23\01\41\04\10\03\41\80\06\28\02\00\10\1f\23\01\41\20\6a\24\01\10\2b\24\01\41\80\02\23\01\36\02\00\41\80\02\41\04\10\18\05\41\16\10\1d\10\1e\0b\0b\0b\0b\0b\0b\0b\0b\0b\0b\0b\89\51\01\05\7f\41\a0\12\41\c0\12\36\02\00\41\a0\12\41\a0\12\28\02\00\41\e0\00\6a\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\a7\04\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\24\00\24\01\41\00\41\09\36\02\00\41\04\41\00\36\02\00\41\08\41\00\36\02\00\41\0c\41\00\36\02\00\41\10\41\00\36\02\00\41\80\04\41\00\36\02\00\41\80\02\23\00\36\02\00\41\84\02\23\01\36\02\00\41\90\ce\00\ad\41\00\41\80\04\41\80\02\41\08\10\17\1a\41\80\06\41\00\10\15\10\16\41\80\06\28\02\00\41\84\06\28\02\00\41\88\06\28\02\00\41\8c\06\28\02\00\41\90\06\28\02\00\41\94\06\28\02\00\41\98\06\28\02\00\41\9c\06\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\20\6a\24\02\23\02\41\20\6b\28\02\00\23\02\41\1c\6b\28\02\00\23\02\41\18\6b\28\02\00\23\02\41\14\6b\28\02\00\23\02\41\10\6b\28\02\00\23\02\41\0c\6b\28\02\00\23\02\41\08\6b\28\02\00\23\02\41\04\6b\28\02\00\24\00\41\9c\08\23\00\36\02\00\24\00\41\98\08\23\00\36\02\00\24\00\41\94\08\23\00\36\02\00\24\00\41\90\08\23\00\36\02\00\24\00\41\8c\08\23\00\36\02\00\24\00\41\88\08\23\00\36\02\00\24\00\41\84\08\23\00\36\02\00\24\00\41\80\08\23\00\36\02\00\41\a0\8d\06\24\00\41\80\04\23\00\36\02\00\41\80\08\41\80\04\10\06\01\01\01\01\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\a7\04\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\24\00\24\01\41\00\41\09\36\02\00\41\04\41\00\36\02\00\41\08\41\00\36\02\00\41\0c\41\00\36\02\00\41\10\41\00\36\02\00\41\80\04\41\00\36\02\00\41\80\02\23\00\36\02\00\41\84\02\23\01\36\02\00\41\90\ce\00\ad\41\00\41\80\04\41\80\02\41\08\10\17\1a\41\80\06\41\00\10\15\10\16\41\80\06\28\02\00\41\84\06\28\02\00\41\88\06\28\02\00\41\8c\06\28\02\00\41\90\06\28\02\00\41\94\06\28\02\00\41\98\06\28\02\00\41\9c\06\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\20\6a\24\02\23\02\41\20\6b\28\02\00\23\02\41\1c\6b\28\02\00\23\02\41\18\6b\28\02\00\23\02\41\14\6b\28\02\00\23\02\41\10\6b\28\02\00\23\02\41\0c\6b\28\02\00\23\02\41\08\6b\28\02\00\23\02\41\04\6b\28\02\00\24\00\41\9c\08\23\00\36\02\00\24\00\41\98\08\23\00\36\02\00\24\00\41\94\08\23\00\36\02\00\24\00\41\90\08\23\00\36\02\00\24\00\41\8c\08\23\00\36\02\00\24\00\41\88\08\23\00\36\02\00\24\00\41\84\08\23\00\36\02\00\24\00\41\80\08\23\00\36\02\00\41\a0\8d\06\24\00\41\80\04\23\00\36\02\00\41\80\08\41\80\04\10\06\01\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\a6\04\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\24\00\24\01\41\00\41\09\36\02\00\41\04\41\00\36\02\00\41\08\41\00\36\02\00\41\0c\41\00\36\02\00\41\10\41\00\36\02\00\41\80\04\41\00\36\02\00\41\80\02\23\00\36\02\00\41\84\02\23\01\36\02\00\41\90\ce\00\ad\41\00\41\80\04\41\80\02\41\08\10\17\1a\41\80\06\41\00\10\15\10\16\41\80\06\28\02\00\41\84\06\28\02\00\41\88\06\28\02\00\41\8c\06\28\02\00\41\90\06\28\02\00\41\94\06\28\02\00\41\98\06\28\02\00\41\9c\06\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\20\6a\24\02\23\02\41\20\6b\28\02\00\23\02\41\1c\6b\28\02\00\23\02\41\18\6b\28\02\00\23\02\41\14\6b\28\02\00\23\02\41\10\6b\28\02\00\23\02\41\0c\6b\28\02\00\23\02\41\08\6b\28\02\00\23\02\41\04\6b\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\00\6a\41\80\06\10\08\41\80\06\28\02\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\00\6a\28\02\00\24\00\24\01\41\00\41\09\36\02\00\41\04\41\00\36\02\00\41\08\41\00\36\02\00\41\0c\41\00\36\02\00\41\10\41\00\36\02\00\41\80\04\41\00\36\02\00\41\80\02\23\00\36\02\00\41\84\02\23\01\36\02\00\41\90\ce\00\ad\41\00\41\80\04\41\80\02\41\08\10\17\1a\41\80\06\41\00\10\15\10\16\41\80\06\28\02\00\41\84\06\28\02\00\41\88\06\28\02\00\41\8c\06\28\02\00\41\90\06\28\02\00\41\94\06\28\02\00\41\98\06\28\02\00\41\9c\06\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\41\20\6a\24\02\23\02\41\20\6b\28\02\00\23\02\41\1c\6b\28\02\00\23\02\41\18\6b\28\02\00\23\02\41\14\6b\28\02\00\23\02\41\10\6b\28\02\00\23\02\41\0c\6b\28\02\00\23\02\41\08\6b\28\02\00\23\02\41\04\6b\28\02\00\24\00\41\9c\08\23\00\36\02\00\24\00\41\98\08\23\00\36\02\00\24\00\41\94\08\23\00\36\02\00\24\00\41\90\08\23\00\36\02\00\24\00\41\8c\08\23\00\36\02\00\24\00\41\88\08\23\00\36\02\00\24\00\41\84\08\23\00\36\02\00\24\00\41\80\08\23\00\36\02\00\41\a0\8d\06\24\00\41\80\04\23\00\36\02\00\41\80\08\41\80\04\10\06\01\01\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\a7\04\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\24\00\24\01\41\00\41\09\36\02\00\41\04\41\00\36\02\00\41\08\41\00\36\02\00\41\0c\41\00\36\02\00\41\10\41\00\36\02\00\41\80\04\41\00\36\02\00\41\80\02\23\00\36\02\00\41\84\02\23\01\36\02\00\41\90\ce\00\ad\41\00\41\80\04\41\80\02\41\08\10\17\1a\41\80\06\41\00\10\15\10\16\41\80\06\28\02\00\41\84\06\28\02\00\41\88\06\28\02\00\41\8c\06\28\02\00\41\90\06\28\02\00\41\94\06\28\02\00\41\98\06\28\02\00\41\9c\06\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\20\6a\24\02\23\02\41\20\6b\28\02\00\23\02\41\1c\6b\28\02\00\23\02\41\18\6b\28\02\00\23\02\41\14\6b\28\02\00\23\02\41\10\6b\28\02\00\23\02\41\0c\6b\28\02\00\23\02\41\08\6b\28\02\00\23\02\41\04\6b\28\02\00\24\00\41\9c\08\23\00\36\02\00\24\00\41\98\08\23\00\36\02\00\24\00\41\94\08\23\00\36\02\00\24\00\41\90\08\23\00\36\02\00\24\00\41\8c\08\23\00\36\02\00\24\00\41\88\08\23\00\36\02\00\24\00\41\84\08\23\00\36\02\00\24\00\41\80\08\23\00\36\02\00\41\a0\8d\06\24\00\41\80\04\23\00\36\02\00\41\80\08\41\80\04\10\06\01\01\01\01\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\a7\04\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\24\00\24\01\41\00\41\09\36\02\00\41\04\41\00\36\02\00\41\08\41\00\36\02\00\41\0c\41\00\36\02\00\41\10\41\00\36\02\00\41\80\04\41\00\36\02\00\41\80\02\23\00\36\02\00\41\84\02\23\01\36\02\00\41\90\ce\00\ad\41\00\41\80\04\41\80\02\41\08\10\17\1a\41\80\06\41\00\10\15\10\16\41\80\06\28\02\00\41\84\06\28\02\00\41\88\06\28\02\00\41\8c\06\28\02\00\41\90\06\28\02\00\41\94\06\28\02\00\41\98\06\28\02\00\41\9c\06\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\20\6a\24\02\23\02\41\20\6b\28\02\00\23\02\41\1c\6b\28\02\00\23\02\41\18\6b\28\02\00\23\02\41\14\6b\28\02\00\23\02\41\10\6b\28\02\00\23\02\41\0c\6b\28\02\00\23\02\41\08\6b\28\02\00\23\02\41\04\6b\28\02\00\24\00\41\9c\08\23\00\36\02\00\24\00\41\98\08\23\00\36\02\00\24\00\41\94\08\23\00\36\02\00\24\00\41\90\08\23\00\36\02\00\24\00\41\8c\08\23\00\36\02\00\24\00\41\88\08\23\00\36\02\00\24\00\41\84\08\23\00\36\02\00\24\00\41\80\08\23\00\36\02\00\41\a0\8d\06\24\00\41\80\04\23\00\36\02\00\41\80\08\41\80\04\10\06\01\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\a6\04\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\24\00\24\01\41\00\41\09\36\02\00\41\04\41\00\36\02\00\41\08\41\00\36\02\00\41\0c\41\00\36\02\00\41\10\41\00\36\02\00\41\80\04\41\00\36\02\00\41\80\02\23\00\36\02\00\41\84\02\23\01\36\02\00\41\90\ce\00\ad\41\00\41\80\04\41\80\02\41\08\10\17\1a\41\80\06\41\00\10\15\10\16\41\80\06\28\02\00\41\84\06\28\02\00\41\88\06\28\02\00\41\8c\06\28\02\00\41\90\06\28\02\00\41\94\06\28\02\00\41\98\06\28\02\00\41\9c\06\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\20\6a\24\02\23\02\41\20\6b\28\02\00\23\02\41\1c\6b\28\02\00\23\02\41\18\6b\28\02\00\23\02\41\14\6b\28\02\00\23\02\41\10\6b\28\02\00\23\02\41\0c\6b\28\02\00\23\02\41\08\6b\28\02\00\23\02\41\04\6b\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\00\6a\41\80\06\10\08\41\80\06\28\02\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\00\6a\28\02\00\24\00\24\01\41\00\41\09\36\02\00\41\04\41\00\36\02\00\41\08\41\00\36\02\00\41\0c\41\00\36\02\00\41\10\41\00\36\02\00\41\80\04\41\00\36\02\00\41\80\02\23\00\36\02\00\41\84\02\23\01\36\02\00\41\90\ce\00\ad\41\00\41\80\04\41\80\02\41\08\10\17\1a\41\80\06\41\00\10\15\10\16\41\80\06\28\02\00\41\84\06\28\02\00\41\88\06\28\02\00\41\8c\06\28\02\00\41\90\06\28\02\00\41\94\06\28\02\00\41\98\06\28\02\00\41\9c\06\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\41\20\6a\24\02\23\02\41\20\6b\28\02\00\23\02\41\1c\6b\28\02\00\23\02\41\18\6b\28\02\00\23\02\41\14\6b\28\02\00\23\02\41\10\6b\28\02\00\23\02\41\0c\6b\28\02\00\23\02\41\08\6b\28\02\00\23\02\41\04\6b\28\02\00\24\00\41\9c\08\23\00\36\02\00\24\00\41\98\08\23\00\36\02\00\24\00\41\94\08\23\00\36\02\00\24\00\41\90\08\23\00\36\02\00\24\00\41\8c\08\23\00\36\02\00\24\00\41\88\08\23\00\36\02\00\24\00\41\84\08\23\00\36\02\00\24\00\41\80\08\23\00\36\02\00\41\a0\8d\06\24\00\41\80\04\23\00\36\02\00\41\80\08\41\80\04\10\06\01\01\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\af\04\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\24\00\24\01\41\00\41\09\36\02\00\41\04\41\00\36\02\00\41\08\41\00\36\02\00\41\0c\41\00\36\02\00\41\10\41\00\36\02\00\41\80\04\41\00\36\02\00\41\80\02\23\00\36\02\00\41\84\02\23\01\36\02\00\41\90\ce\00\ad\41\00\41\80\04\41\80\02\41\08\10\17\1a\41\80\06\41\00\10\15\10\16\41\80\06\28\02\00\41\84\06\28\02\00\41\88\06\28\02\00\41\8c\06\28\02\00\41\90\06\28\02\00\41\94\06\28\02\00\41\98\06\28\02\00\41\9c\06\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\20\6a\24\02\23\02\41\20\6b\28\02\00\23\02\41\1c\6b\28\02\00\23\02\41\18\6b\28\02\00\23\02\41\14\6b\28\02\00\23\02\41\10\6b\28\02\00\23\02\41\0c\6b\28\02\00\23\02\41\08\6b\28\02\00\23\02\41\04\6b\28\02\00\24\00\41\9c\08\23\00\36\02\00\24\00\41\98\08\23\00\36\02\00\24\00\41\94\08\23\00\36\02\00\24\00\41\90\08\23\00\36\02\00\24\00\41\8c\08\23\00\36\02\00\24\00\41\88\08\23\00\36\02\00\24\00\41\84\08\23\00\36\02\00\24\00\41\80\08\23\00\36\02\00\41\00\24\00\41\80\04\23\00\36\02\00\41\80\08\41\80\04\10\06\01\01\01\01\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\ae\04\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\28\02\00\24\00\24\01\41\00\41\09\36\02\00\41\04\41\00\36\02\00\41\08\41\00\36\02\00\41\0c\41\00\36\02\00\41\10\41\00\36\02\00\41\80\04\41\00\36\02\00\41\80\02\23\00\36\02\00\41\84\02\23\01\36\02\00\41\90\ce\00\ad\41\00\41\80\04\41\80\02\41\08\10\17\1a\41\80\06\41\00\10\15\10\16\41\80\06\28\02\00\41\84\06\28\02\00\41\88\06\28\02\00\41\8c\06\28\02\00\41\90\06\28\02\00\41\94\06\28\02\00\41\98\06\28\02\00\41\9c\06\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\c0\00\6a\41\20\6a\24\02\23\02\41\20\6b\28\02\00\23\02\41\1c\6b\28\02\00\23\02\41\18\6b\28\02\00\23\02\41\14\6b\28\02\00\23\02\41\10\6b\28\02\00\23\02\41\0c\6b\28\02\00\23\02\41\08\6b\28\02\00\23\02\41\04\6b\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\00\6a\41\80\06\10\08\41\80\06\28\02\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\00\6a\28\02\00\24\00\24\01\41\00\41\09\36\02\00\41\04\41\00\36\02\00\41\08\41\00\36\02\00\41\0c\41\00\36\02\00\41\10\41\00\36\02\00\41\80\04\41\00\36\02\00\41\80\02\23\00\36\02\00\41\84\02\23\01\36\02\00\41\90\ce\00\ad\41\00\41\80\04\41\80\02\41\08\10\17\1a\41\80\06\41\00\10\15\10\16\41\80\06\28\02\00\41\84\06\28\02\00\41\88\06\28\02\00\41\8c\06\28\02\00\41\90\06\28\02\00\41\94\06\28\02\00\41\98\06\28\02\00\41\9c\06\28\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\24\02\24\00\23\02\41\1c\6a\23\00\36\02\00\24\00\23\02\41\18\6a\23\00\36\02\00\24\00\23\02\41\14\6a\23\00\36\02\00\24\00\23\02\41\10\6a\23\00\36\02\00\24\00\23\02\41\0c\6a\23\00\36\02\00\24\00\23\02\41\08\6a\23\00\36\02\00\24\00\23\02\41\04\6a\23\00\36\02\00\24\00\23\02\41\00\6a\23\00\36\02\00\41\a0\12\28\02\00\41\e0\00\6b\41\20\6a\41\20\6a\24\02\23\02\41\20\6b\28\02\00\23\02\41\1c\6b\28\02\00\23\02\41\18\6b\28\02\00\23\02\41\14\6b\28\02\00\23\02\41\10\6b\28\02\00\23\02\41\0c\6b\28\02\00\23\02\41\08\6b\28\02\00\23\02\41\04\6b\28\02\00\24\00\41\9c\08\23\00\36\02\00\24\00\41\98\08\23\00\36\02\00\24\00\41\94\08\23\00\36\02\00\24\00\41\90\08\23\00\36\02\00\24\00\41\8c\08\23\00\36\02\00\24\00\41\88\08\23\00\36\02\00\24\00\41\84\08\23\00\36\02\00\24\00\41\80\08\23\00\36\02\00\41\a0\8d\06\24\00\41\80\
gitextract_ibtqno7a/
├── .gitignore
├── CompCert-LICENSE.txt
├── README.md
├── binaries/
│ ├── MacOS/
│ │ ├── dsc
│ │ ├── dsc_antchain
│ │ └── minicc
│ └── linux/
│ ├── dsc
│ ├── dsc_antchain
│ └── minicc
├── contracts/
│ ├── amm/
│ │ ├── .csdp.cache
│ │ ├── .lia.cache
│ │ ├── .nia.cache
│ │ ├── .nra.cache
│ │ ├── amm/
│ │ │ ├── RefineAMM.v
│ │ │ ├── _CoqProject
│ │ │ ├── prf.v
│ │ │ ├── prf_int.v
│ │ │ └── subdir.mk
│ │ ├── amm.ds
│ │ ├── cst_man.v
│ │ ├── math_lemma.v
│ │ └── prf_int.v
│ ├── amm-i.wasm
│ ├── amm-i.wat
│ ├── amm-r.wasm
│ ├── amm-r.wat
│ ├── auction/
│ │ ├── auction/
│ │ │ └── FunctionalCorrectness.v
│ │ ├── auction.ds
│ │ ├── auction.wasm
│ │ └── test.js
│ ├── defi/
│ │ ├── amm_dsmodel.ucl
│ │ └── defi.ds
│ ├── fpblind/
│ │ ├── build.sh
│ │ ├── fpblind/
│ │ │ ├── CertiKOS.v
│ │ │ ├── DataTypeOps.v
│ │ │ ├── DataTypes.v
│ │ │ ├── EdsgerIdents.v
│ │ │ ├── LSrcBLINDAUCTION.v
│ │ │ ├── LSrcEVMOPCODE.v
│ │ │ ├── LayerBLINDAUCTION.v
│ │ │ ├── LayerEVMOPCODE.v
│ │ │ ├── Makefile.conf
│ │ │ ├── ObjBlindAuctionCode.v
│ │ │ ├── ObjSimBlindAuction.v
│ │ │ ├── RefineBLINDAUCTION.v
│ │ │ ├── Symbols.v
│ │ │ └── _CoqProject
│ │ ├── fpblind.ds
│ │ ├── fpblind.sol
│ │ ├── prf.v
│ │ ├── prf.v.crashcoqide
│ │ ├── spblind/
│ │ │ ├── CertiKOS.v
│ │ │ ├── DataTypeOps.v
│ │ │ ├── DataTypeProofs.v
│ │ │ ├── DataTypes.v
│ │ │ ├── EdsgerIdents.v
│ │ │ ├── LSimBLINDAUCTION.v
│ │ │ ├── LSimEVMOPCODE.v
│ │ │ ├── LSrcBLINDAUCTION.v
│ │ │ ├── LSrcEVMOPCODE.v
│ │ │ ├── LayerBLINDAUCTION.v
│ │ │ ├── LayerEVMOPCODE.v
│ │ │ ├── Makefile
│ │ │ ├── Makefile.conf
│ │ │ ├── ObjBlindAuctionCode.v
│ │ │ ├── ObjBlindAuctionCodeProofs.v
│ │ │ ├── ObjSimBlindAuction.v
│ │ │ ├── ObjSimEVMOpcode.v
│ │ │ ├── RefineBLINDAUCTION.v
│ │ │ ├── Symbols.v
│ │ │ ├── _CoqProject
│ │ │ ├── extraction/
│ │ │ │ ├── Makefile
│ │ │ │ └── Tester.ml
│ │ │ └── subdir.mk
│ │ └── spblind.ds
│ ├── livevar/
│ │ ├── clash.dot
│ │ ├── livevar.dot
│ │ ├── livevar.ds
│ │ ├── livevar_clash.dot
│ │ └── lv.dot
│ ├── olive/
│ │ ├── Olive.ds
│ │ ├── lockable.ds
│ │ └── test.js
│ ├── simplestorage/
│ │ └── simplestorage.ds
│ ├── swaps/
│ │ ├── build.sh
│ │ ├── impl.v
│ │ ├── prf_setup.v
│ │ ├── swaps_general/
│ │ │ ├── CertiKOS.v
│ │ │ ├── DataTypeOps.v
│ │ │ ├── DataTypeProofs.v
│ │ │ ├── DataTypes.v
│ │ │ ├── EdsgerIdents.v
│ │ │ ├── LSimEVMOPCODE.v
│ │ │ ├── LSimSWAPCONTRACT.v
│ │ │ ├── LSrcEVMOPCODE.v
│ │ │ ├── LSrcSWAPCONTRACT.v
│ │ │ ├── LayerEVMOPCODE.v
│ │ │ ├── LayerSWAPCONTRACT.v
│ │ │ ├── ObjSimDiGraph.v
│ │ │ ├── ObjSimEVMOpcode.v
│ │ │ ├── ObjSimSwapContract.v
│ │ │ ├── ObjSwapContractCode.v
│ │ │ ├── ObjSwapContractCodeProofs.v
│ │ │ ├── RefineSWAPCONTRACT.v
│ │ │ ├── Symbols.v
│ │ │ ├── extraction/
│ │ │ │ ├── Makefile
│ │ │ │ └── Tester.ml
│ │ │ └── subdir.mk
│ │ ├── swaps_general.ds
│ │ ├── swaps_threeway/
│ │ │ ├── extraction/
│ │ │ │ └── Makefile
│ │ │ └── subdir.mk
│ │ ├── swaps_threeway.ds
│ │ └── threeway_prf.v
│ ├── token/
│ │ ├── test.js
│ │ ├── token/
│ │ │ ├── FunctionalCorrectness.v
│ │ │ ├── Invariant.v
│ │ │ ├── Makefile
│ │ │ ├── Makefile.conf
│ │ │ ├── ManualRefinement.v
│ │ │ ├── ObjFixedSupplyTokenCodeProofs.v
│ │ │ ├── RefineFIXEDSUPPLYTOKEN.v
│ │ │ ├── _CoqProject
│ │ │ ├── prf.v
│ │ │ └── subdir.mk
│ │ ├── token.ds
│ │ ├── token.wasm
│ │ └── token.wat
│ └── wasmtest/
│ ├── address/
│ │ ├── address-i.wasm
│ │ ├── address-i.wat
│ │ ├── address-r.wasm
│ │ ├── address-r.wat
│ │ ├── address.ds
│ │ ├── address.js
│ │ └── address_test.js
│ ├── arith/
│ │ ├── arith-i.wasm
│ │ ├── arith-i.wat
│ │ ├── arith-r.wasm
│ │ ├── arith-r.wat
│ │ ├── arith.ds
│ │ └── arith.js
│ ├── asserts/
│ │ ├── asserts-i.wasm
│ │ ├── asserts-i.wat
│ │ ├── asserts-r.wasm
│ │ ├── asserts-r.wat
│ │ ├── asserts.ds
│ │ └── asserts.js
│ ├── builtins/
│ │ ├── builtins-i.wasm
│ │ ├── builtins-i.wat
│ │ ├── builtins-r.wasm
│ │ ├── builtins-r.wat
│ │ ├── builtins.ds
│ │ └── builtins.js
│ ├── events/
│ │ ├── events-i.wasm
│ │ ├── events-i.wat
│ │ ├── events-r.wasm
│ │ ├── events-r.wat
│ │ ├── events.ds
│ │ └── events.js
│ ├── for/
│ │ ├── for-i.wasm
│ │ ├── for-i.wat
│ │ ├── for-r.wasm
│ │ ├── for-r.wat
│ │ ├── for.ds
│ │ └── for.js
│ ├── index.js
│ ├── init-single.sh
│ ├── keccak256/
│ │ ├── keccak256-i.wasm
│ │ ├── keccak256-i.wat
│ │ ├── keccak256-r.wasm
│ │ ├── keccak256-r.wat
│ │ ├── keccak256.ds
│ │ └── keccak256.js
│ ├── layers1/
│ │ ├── layers1-i.wasm
│ │ ├── layers1-i.wat
│ │ ├── layers1-r.wasm
│ │ ├── layers1-r.wat
│ │ ├── layers1.ds
│ │ └── layers1.js
│ ├── lib/
│ │ ├── keccak256.wasm
│ │ ├── keccak256.wat
│ │ ├── wrapper.wasm
│ │ └── wrapper.wat
│ ├── match-int/
│ │ ├── match-int-i.wasm
│ │ ├── match-int-i.wat
│ │ ├── match-int-r.wasm
│ │ ├── match-int-r.wat
│ │ ├── match-int.ds
│ │ └── match-int.js
│ ├── run_test.sh
│ ├── struct/
│ │ ├── struct-i.wasm
│ │ ├── struct-i.wat
│ │ ├── struct-r.wasm
│ │ ├── struct-r.wat
│ │ ├── struct.ds
│ │ └── struct.js
│ ├── testEWASM.sh
│ └── utils.js
├── minic_unittests/
│ ├── basic_constructor.mc
│ ├── comments.mc
│ ├── declarations.mc
│ ├── expressions.mc
│ ├── functions.mc
│ ├── methods.mc
│ ├── statements.mc
│ ├── test_bytecode.sh
│ └── test_parse_and_print.sh
├── src/
│ ├── Edsger/
│ │ ├── abi.ml
│ │ ├── abi.mli
│ │ ├── ast.ml
│ │ ├── ast.mli
│ │ ├── astcommon.ml
│ │ ├── astcommon.mli
│ │ ├── config.h
│ │ ├── coqgen.ml
│ │ ├── dune
│ │ ├── edsger.ml
│ │ ├── lexer.mll
│ │ ├── make_parser.sh
│ │ ├── makefile_model
│ │ ├── metadata.ml
│ │ ├── minicgen.ml
│ │ ├── parser.ml
│ │ ├── parser.mli
│ │ ├── parser.mly
│ │ ├── parsetree.ml
│ │ ├── parsetree.mli
│ │ ├── typecheck.ml
│ │ └── uclidgen.ml
│ ├── Makefile
│ ├── OpenSC/
│ │ ├── LICENSE
│ │ ├── README.md
│ │ ├── src/
│ │ │ ├── .gitignore
│ │ │ ├── Makefile
│ │ │ ├── abi.ml
│ │ │ ├── ast.ml
│ │ │ ├── dune
│ │ │ ├── example_contract/
│ │ │ │ ├── auction.sc
│ │ │ │ ├── simpleStorage.sc
│ │ │ │ ├── simpleToken.sc
│ │ │ │ ├── test-simpleStorage.js
│ │ │ │ ├── test-simpleToken.js
│ │ │ │ ├── test-token.js
│ │ │ │ ├── test.sc
│ │ │ │ └── token.sc
│ │ │ ├── opensc.ml
│ │ │ ├── parser.mly
│ │ │ ├── sast.ml
│ │ │ ├── scanner.mll
│ │ │ ├── semant.ml
│ │ │ ├── test.ml
│ │ │ ├── test2.ml
│ │ │ ├── test3.ml
│ │ │ ├── test4.ml
│ │ │ ├── testfolder/
│ │ │ │ └── scanner.mll
│ │ │ └── translateMinic.ml
│ │ └── testcase/
│ │ ├── 01_check_var_exist_succ.sc
│ │ ├── 02_check_var_exist_fail.sc
│ │ ├── 03_check_var_duplicate_announce_fail.sc
│ │ ├── 04_check_func_exist_succ.sc
│ │ ├── 05_check_func_exist_fail.sc
│ │ ├── 06_check_func_duplicate_announce_fail.sc
│ │ ├── 07_check_func_duplicate_implement_fail.sc
│ │ ├── 08_check_func_constructor_announce_once_fail.sc
│ │ ├── 09_check_func_constructor_announce_once_fail2.sc
│ │ ├── 10_check_var_in_method_succ.sc
│ │ ├── 11_check_var_duplicate_in_method_fail.sc
│ │ ├── 12_check_var_method_miss_args_fail.sc
│ │ ├── 13_check_var_method_redundant_args_fail.sc
│ │ ├── 14_check_var_args_unmatch_decl_type_fail.sc
│ │ ├── 15_check_var_duplicate_with_global_var_in_args_fail.sc
│ │ ├── 16_check_var_in_method_type_succ.sc
│ │ ├── 17_check_var_in_method_return_type_succ.sc
│ │ ├── 18_check_var_in_method_return_type_fail.sc
│ │ ├── 19_check_binop_add_sub_succ.sc
│ │ ├── 20_check_binop_add_sub_fail.sc
│ │ ├── 21_check_binop_times_divide_succ.sc
│ │ ├── 22_check_binop_times_divide_fail.sc
│ │ ├── 23_check_binop_eq_neq_succ.sc
│ │ ├── 24_check_binop_eq_neq_fail.sc
│ │ ├── 25_check_binop_lgt_rgt_eq_succ.sc
│ │ ├── 26_check_binop_lgt_rgt_eq_fail.sc
│ │ ├── 27_check_binop_and_or_succ.sc
│ │ ├── 28_check_binop_and_or_fail.sc
│ │ ├── 29_check_binop_passign_succ.sc
│ │ ├── 30_check_binop_passign_fail.sc
│ │ ├── 31_check_binop_combine01_succ.sc
│ │ ├── 32_check_binop_combine02_succ.sc
│ │ ├── 33_check_binop_combine03_succ.sc
│ │ ├── 34_check_binop_combine04_succ.sc
│ │ ├── 35_check_map_query_succ.sc
│ │ ├── 36_check_map_id_err_fail.sc
│ │ ├── 37_check_map_not_map_type_fail.sc
│ │ ├── 38_check_map_query_value_miss_fail.sc
│ │ ├── 39_check_map_query_redundant_fail.sc
│ │ ├── 40_check_map_query_wrong_type_fail.sc
│ │ ├── 41_check_map_query_key_type_not_allowed_fail.sc
│ │ ├── 42_check_map_query_assign_succ.sc
│ │ └── 43_check_map_query_assign_unmatch_fail.sc
│ ├── README.md
│ ├── Runtime.v
│ ├── _CoqProject
│ ├── backend/
│ │ ├── AST.v
│ │ ├── AbstractData.v
│ │ ├── Cop.v
│ │ ├── Ctypes.v
│ │ ├── Environments/
│ │ │ ├── AllEnvironments.v
│ │ │ ├── ExtEnv.v
│ │ │ ├── Globalenvs.v
│ │ │ ├── HashEnv.v
│ │ │ └── StackEnv.v
│ │ ├── Events.v
│ │ ├── Expressions/
│ │ │ ├── ExpMiniC.v
│ │ │ ├── ExpStacked.v
│ │ │ └── SemanticsMiniC.v
│ │ ├── GasModel.v
│ │ ├── IndexLib.v
│ │ ├── MachineModel.v
│ │ ├── MachineModelLow.v
│ │ ├── MemoryModel.v
│ │ ├── Options.v
│ │ ├── Smallstep.v
│ │ ├── Statements/
│ │ │ └── StmtMiniC.v
│ │ ├── SymbolicKeccak.v
│ │ ├── TempModel.v
│ │ ├── Values/
│ │ │ ├── HighValues.v
│ │ │ └── LowValues.v
│ │ ├── extraction/
│ │ │ ├── ASM.ml
│ │ │ ├── ASM.mli
│ │ │ ├── AST.ml
│ │ │ ├── AST.mli
│ │ │ ├── Ascii.ml
│ │ │ ├── Ascii.mli
│ │ │ ├── BinInt.ml
│ │ │ ├── BinInt.mli
│ │ │ ├── BinNat.ml
│ │ │ ├── BinNat.mli
│ │ │ ├── BinNums.ml
│ │ │ ├── BinNums.mli
│ │ │ ├── BinNumsExt.ml
│ │ │ ├── BinNumsExt.mli
│ │ │ ├── BinPos.ml
│ │ │ ├── BinPos.mli
│ │ │ ├── BinPosDef.ml
│ │ │ ├── BinPosDef.mli
│ │ │ ├── BuiltinSemanticsExt.ml
│ │ │ ├── BuiltinSemanticsExt.mli
│ │ │ ├── BytecodeExt.ml
│ │ │ ├── Compiled.ml
│ │ │ ├── Compiled.mli
│ │ │ ├── Cop.ml
│ │ │ ├── Cop.mli
│ │ │ ├── CopExt.ml
│ │ │ ├── CopExt.mli
│ │ │ ├── Coqlib.ml
│ │ │ ├── Coqlib.mli
│ │ │ ├── Ctypes.ml
│ │ │ ├── Ctypes.mli
│ │ │ ├── CtypesExt.ml
│ │ │ ├── CtypesExt.mli
│ │ │ ├── Datatypes.ml
│ │ │ ├── Datatypes.mli
│ │ │ ├── DatatypesExt.ml
│ │ │ ├── DatatypesExt.mli
│ │ │ ├── Decimal.ml
│ │ │ ├── Decimal.mli
│ │ │ ├── EVM.ml
│ │ │ ├── EVM.mli
│ │ │ ├── EVMExt.ml
│ │ │ ├── EVMExt.mli
│ │ │ ├── ExpCintptr.ml
│ │ │ ├── ExpCintptr.mli
│ │ │ ├── ExpMiniC.ml
│ │ │ ├── ExpMiniC.mli
│ │ │ ├── ExpStacked.ml
│ │ │ ├── ExpStacked.mli
│ │ │ ├── ExprCompile.ml
│ │ │ ├── ExprCompile.mli
│ │ │ ├── Float.ml
│ │ │ ├── Float.mli
│ │ │ ├── FramesLabelsCintptr.ml
│ │ │ ├── FramesLabelsCintptr.mli
│ │ │ ├── Gen.ml
│ │ │ ├── Gen.mli
│ │ │ ├── Gen0.ml
│ │ │ ├── Gen0.mli
│ │ │ ├── Gen1.ml
│ │ │ ├── Gen1.mli
│ │ │ ├── Gen10.ml
│ │ │ ├── Gen10.mli
│ │ │ ├── Gen2.ml
│ │ │ ├── Gen2.mli
│ │ │ ├── Gen3.ml
│ │ │ ├── Gen3.mli
│ │ │ ├── Gen4.ml
│ │ │ ├── Gen4.mli
│ │ │ ├── Gen5.ml
│ │ │ ├── Gen5.mli
│ │ │ ├── Gen6.ml
│ │ │ ├── Gen6.mli
│ │ │ ├── Gen7.ml
│ │ │ ├── Gen7.mli
│ │ │ ├── Gen8.ml
│ │ │ ├── Gen8.mli
│ │ │ ├── Gen9.ml
│ │ │ ├── Gen9.mli
│ │ │ ├── GlobalenvCompile.ml
│ │ │ ├── GlobalenvCompile.mli
│ │ │ ├── Globalenvs.ml
│ │ │ ├── Globalenvs.mli
│ │ │ ├── Glue.ml
│ │ │ ├── Glue.mli
│ │ │ ├── IndexLib.ml
│ │ │ ├── IndexLib.mli
│ │ │ ├── Int0.ml
│ │ │ ├── Int0.mli
│ │ │ ├── Integers.ml
│ │ │ ├── Integers.mli
│ │ │ ├── Labels.ml
│ │ │ ├── Labels.mli
│ │ │ ├── Language.ml
│ │ │ ├── Language.mli
│ │ │ ├── Language0.ml
│ │ │ ├── Language0.mli
│ │ │ ├── LanguageExt.ml
│ │ │ ├── LanguageExt.mli
│ │ │ ├── List0.ml
│ │ │ ├── List0.mli
│ │ │ ├── LowValues.ml
│ │ │ ├── LowValues.mli
│ │ │ ├── MachineModel.ml
│ │ │ ├── MachineModel.mli
│ │ │ ├── MachineModelExt.ml
│ │ │ ├── Maps0.ml
│ │ │ ├── Maps0.mli
│ │ │ ├── MemoryModel.ml
│ │ │ ├── MemoryModel.mli
│ │ │ ├── Monad.ml
│ │ │ ├── Monad.mli
│ │ │ ├── NameTablesExt.ml
│ │ │ ├── Nat0.ml
│ │ │ ├── Nat0.mli
│ │ │ ├── OptErrMonad.ml
│ │ │ ├── OptErrMonad.mli
│ │ │ ├── OptionMonad.ml
│ │ │ ├── OptionMonad.mli
│ │ │ ├── Options.ml
│ │ │ ├── Options.mli
│ │ │ ├── Peano.ml
│ │ │ ├── Peano.mli
│ │ │ ├── PeanoNat.ml
│ │ │ ├── PeanoNat.mli
│ │ │ ├── Printing.ml
│ │ │ ├── Semantics.ml
│ │ │ ├── Semantics.mli
│ │ │ ├── Semantics0.ml
│ │ │ ├── Semantics0.mli
│ │ │ ├── Semantics1.ml
│ │ │ ├── Semantics1.mli
│ │ │ ├── Semantics2.ml
│ │ │ ├── Semantics2.mli
│ │ │ ├── Semantics3.ml
│ │ │ ├── Semantics3.mli
│ │ │ ├── Specif.ml
│ │ │ ├── Specif.mli
│ │ │ ├── StackEnv.ml
│ │ │ ├── StackEnv.mli
│ │ │ ├── StmCompile.ml
│ │ │ ├── StmCompile.mli
│ │ │ ├── StmtCGraph.ml
│ │ │ ├── StmtCGraph.mli
│ │ │ ├── StmtCintptr.ml
│ │ │ ├── StmtCintptr.mli
│ │ │ ├── StmtClinear.ml
│ │ │ ├── StmtClinear.mli
│ │ │ ├── StmtClocal.ml
│ │ │ ├── StmtClocal.mli
│ │ │ ├── StmtExpressionless.ml
│ │ │ ├── StmtExpressionless.mli
│ │ │ ├── StmtMiniC.ml
│ │ │ ├── StmtMiniC.mli
│ │ │ ├── StmtStacked.ml
│ │ │ ├── StmtStacked.mli
│ │ │ ├── String0.ml
│ │ │ ├── String0.mli
│ │ │ ├── Structure.ml
│ │ │ ├── Structure.mli
│ │ │ ├── TempModelLow.ml
│ │ │ ├── TempModelLow.mli
│ │ │ ├── Trees.ml
│ │ │ ├── Trees.mli
│ │ │ ├── Types.ml
│ │ │ ├── Types.mli
│ │ │ ├── Values.ml
│ │ │ ├── Values.mli
│ │ │ ├── ZArith_dec.ml
│ │ │ ├── ZArith_dec.mli
│ │ │ ├── Zpower.ml
│ │ │ ├── Zpower.mli
│ │ │ └── dune
│ │ └── phase/
│ │ └── MiniC/
│ │ ├── BigstepSemantics.v
│ │ └── Semantics.v
│ ├── backend.mlpack
│ ├── cclib/
│ │ ├── Coqlib.v
│ │ ├── Errors.v
│ │ ├── Integers.v
│ │ └── Maps.v
│ ├── core/
│ │ ├── Cval.v
│ │ ├── HyperType.v
│ │ ├── HyperTypeInst.v
│ │ ├── MemoryModel.v
│ │ ├── SEnv.v
│ │ ├── Syntax.v
│ │ ├── SynthesisExpr.v
│ │ ├── SynthesisFunc.v
│ │ └── SynthesisStmt.v
│ ├── dune-project
│ ├── dune-workspace
│ ├── lib/
│ │ ├── ArithInv.v
│ │ ├── IndexedMaps.v
│ │ ├── LangDef.v
│ │ ├── Lens.v
│ │ ├── Monad/
│ │ │ ├── Applicative.v
│ │ │ ├── ContOptionMonad.v
│ │ │ ├── Functor.v
│ │ │ ├── Monad.v
│ │ │ ├── MonadExc.v
│ │ │ ├── MonadInv.v
│ │ │ ├── MonadLaws.v
│ │ │ ├── MonadPlus.v
│ │ │ ├── MonadReader.v
│ │ │ ├── MonadState.v
│ │ │ ├── MonadTrans.v
│ │ │ ├── MonadZero.v
│ │ │ ├── OptErrMonad.v
│ │ │ ├── OptErrMonadLaws.v
│ │ │ ├── OptionMonad.v
│ │ │ ├── OptionMonadLaws.v
│ │ │ ├── RunStateTInv.v
│ │ │ ├── StateMonad.v
│ │ │ ├── StateMonadLaws.v
│ │ │ └── StateMonadOption.v
│ │ ├── OProp.v
│ │ ├── SimpleIndexedMaps.v
│ │ └── SimpleMaps.v
│ ├── minic/
│ │ ├── dune
│ │ ├── minicc.ml
│ │ └── src/
│ │ ├── ast.ml
│ │ ├── astExt.ml
│ │ ├── dune
│ │ ├── lexer.mll
│ │ ├── parser.mly
│ │ └── typecheck.ml
│ └── opam
└── unittests/
├── .gitignore
├── README.md
├── amm_test.ts
├── builtins_test.ts
├── chain.ts
├── conflux-chain.ts
├── contracts/
│ ├── address.ds
│ ├── amm.ds
│ ├── asserts.ds
│ ├── builtins.ds
│ ├── constructor.ds
│ ├── constructor2.ds
│ ├── events.ds
│ ├── forloop.ds
│ ├── keccak256.ds
│ ├── layers1.ds
│ ├── match-int.ds
│ ├── simple_call.ds
│ └── struct.ds
├── cut_amm.sh
├── ethereum-chain.ts
├── events_test.ts
├── keccak256_test.ts
├── package.json
├── reference/
│ ├── README.md
│ ├── events.sol
│ └── keccak256.sol
├── replace_addresses.sh
├── run_unittests.sh
├── start_conflux.sh
├── test-unittest.ts
├── tests.ts
├── tests.yml
├── tethys.toml
├── tsconfig.json
└── utils.ts
SYMBOL INDEX (113 symbols across 28 files)
FILE: contracts/auction/test.js
constant DEADLINE (line 71) | const DEADLINE = 1000;
constant CREATOR (line 72) | const CREATOR = provider.getSigner(0);
function deploy (line 74) | async function deploy(deadline) {
function read (line 83) | async function read(auction) {
function show (line 91) | async function show(auction) {
function testConstructor (line 100) | async function testConstructor() {
function testBids (line 114) | async function testBids () {
function main (line 178) | async function main() {
FILE: contracts/olive/test.js
function deploy (line 91) | async function deploy() {
FILE: contracts/token/test.js
function deploy (line 58) | async function deploy() {
FILE: contracts/wasmtest/address/address.js
function generate (line 10) | function generate(funcSig, arg1, arg2) {
FILE: contracts/wasmtest/address/address_test.js
function printTest (line 48) | function printTest(name, success) {
function deploy (line 52) | async function deploy() {
FILE: contracts/wasmtest/arith/arith.js
function generate (line 10) | function generate(funcSig, arg1, arg2) {
FILE: contracts/wasmtest/asserts/asserts.js
function generate (line 10) | function generate(funcSig, arg1, arg2) {
FILE: contracts/wasmtest/builtins/builtins.js
function generate (line 10) | function generate(funcSig, arg1, arg2) {
FILE: contracts/wasmtest/events/events.js
function generate (line 10) | function generate(funcSig, arg1, arg2) {
FILE: contracts/wasmtest/for/for.js
function generate (line 10) | function generate(funcSig, arg1, arg2) {
FILE: contracts/wasmtest/index.js
class Environment (line 11) | class Environment {
method constructor (line 12) | constructor() {
method setCallData (line 31) | setCallData(callData) {
method getStorage (line 46) | getStorage(storage) {
method setStorage (line 49) | setStorage(storage) {
class Interface (line 55) | class Interface {
method exports (line 56) | get exports() {
method constructor (line 80) | constructor(env) {
method connect (line 113) | async connect() {
method getMemory (line 123) | getMemory(offset, length) {
method setMemory (line 126) | setMemory(offset, length, value) {
method takeGas (line 130) | takeGas(amount) {
method useGas (line 136) | useGas(gas) {
method getCallDataSize (line 140) | getCallDataSize() {
method callDataCopy (line 146) | callDataCopy(resultOffset, dataOffset, length) {
method storageStore (line 155) | storageStore(pathOffset, valueOffset) {
method storageLoad (line 162) | storageLoad(pathOffset, valueOffset) {
method log (line 176) | log(dataOffset, dataLength, numberOfTopics, topic1, topic2, topic3, to...
method finish (line 206) | finish(dataOffset, dataLength) {
method revert (line 212) | revert(dataOffset, dataLength) {
method callStatic (line 222) | callStatic(gas, addressOffset, dataOffset, dataLength) {
method call (line 243) | call(gas, addressOffset, valueOffset, dataOffset, dataLength) {
method callDelegate (line 267) | callDelegate(gas, addressOffset, dataOffset, dataLength) {
method getReturnDataSize (line 288) | getReturnDataSize() {
method returnDataCopy (line 294) | returnDataCopy(resultOffset, dataOffset, length) {
method getCaller (line 302) | getCaller(resultOffset) {
method getCallValue (line 308) | getCallValue(resultOffset) {
method getGasLeft (line 314) | getGasLeft() {
method getTxGasPrice (line 320) | getTxGasPrice(valueOffset) {
method getTxOrigin (line 327) | getTxOrigin(resultOffset) {
method getBlockCoinbase (line 334) | getBlockCoinbase(resultOffset) {
method getBlockDifficulty (line 341) | getBlockDifficulty(resultOffset) {
method getBlockGasLimit (line 348) | getBlockGasLimit() {
method getBlockNumber (line 354) | getBlockNumber() {
method getBlockTimestamp (line 360) | getBlockTimestamp() {
method getBlockHash (line 366) | getBlockHash(number, resultOffset) {
method getExternalBalance (line 374) | getExternalBalance(addressOffset, resultOffset) {
method getAddress (line 383) | getAddress(resultOffset) {
method print32 (line 390) | print32(value) {
class VM (line 395) | class VM {
method constructor (line 396) | constructor(path) {
method instantiate (line 401) | async instantiate() {
method run (line 406) | run(callData, storage, env) {
function main (line 427) | async function main(path, callData, storage, env) {
FILE: contracts/wasmtest/keccak256/keccak256.js
function generate (line 10) | function generate(funcSig, arg1, arg2) {
FILE: contracts/wasmtest/layers1/layers1.js
function generate (line 10) | function generate(funcSig, arg1, arg2) {
FILE: contracts/wasmtest/match-int/match-int.js
function generate (line 10) | function generate(funcSig, arg1, arg2) {
FILE: contracts/wasmtest/struct/struct.js
function generate (line 10) | function generate(funcSig, arg1, arg2) {
FILE: src/OpenSC/src/example_contract/test-simpleStorage.js
function deploy (line 44) | async function deploy() {
FILE: src/OpenSC/src/example_contract/test-simpleToken.js
function deploy (line 66) | async function deploy() {
FILE: src/OpenSC/src/example_contract/test-token.js
function deploy (line 73) | async function deploy() {
FILE: unittests/amm_test.ts
function runTest (line 5) | async function runTest(chains: Chain[]) {
FILE: unittests/builtins_test.ts
function runTest (line 4) | async function runTest(chain: Chain) {
FILE: unittests/chain.ts
type Chain (line 1) | interface Chain {
type Event (line 14) | interface Event {
FILE: unittests/conflux-chain.ts
class ConfluxChain (line 7) | class ConfluxChain implements Chain {
method constructor (line 13) | constructor(verbose=false) {
method getLogger (line 28) | private getLogger(verbose: boolean): Logger {
method deployContract (line 39) | async deployContract(jsonFilename: string, constructorArgs=[]) {
method callRead (line 52) | async callRead(func: string, args=[]){
method callWrite (line 56) | async callWrite(func: string, args=[], options={}) {
method isRead (line 66) | isRead(func: string): boolean {
method callMethod (line 72) | async callMethod(func: string, args=[], options={}) {
method getContractAddress (line 82) | getContractAddress(): string {
method getAccountAddress (line 86) | async getAccountAddress(): Promise<string> {
method getBlockTimestamp (line 90) | async getBlockTimestamp(blockNumber: number): Promise<number> {
method getBlockParentHash (line 95) | async getBlockParentHash(blockNumber: number): Promise<string> {
method hashToString (line 100) | hashToString(hash: any): string {
method getEvents (line 104) | async getEvents(): Promise<Event[]> {
type Logger (line 122) | interface Logger {
FILE: unittests/ethereum-chain.ts
class EthereumChain (line 7) | class EthereumChain implements Chain {
method constructor (line 15) | constructor() {
method deployContract (line 23) | async deployContract(jsonFilename: string, constructorArgs=[]) {
method deployContracts (line 33) | async deployContracts(jsonFilenames: string[], constructorArgs: any[][...
method callRead (line 45) | async callRead(func: string, args=[]) {
method callWrite (line 49) | async callWrite(func: string, args=[], options={}) {
method isRead (line 54) | isRead(func: string): boolean {
method callMethod (line 60) | async callMethod(func: string, args=[], options={}) {
method getContractAddress (line 69) | getContractAddress(): string {
method getContractAddresses (line 73) | getContractAddresses(): string[] {
method getAccountAddress (line 77) | async getAccountAddress(): Promise<string> {
method getBlockTimestamp (line 85) | async getBlockTimestamp(blockNumber: number): Promise<number> {
method getBlockParentHash (line 90) | async getBlockParentHash(blockNumber: number): Promise<string> {
method hashToString (line 95) | hashToString(hash: any): string {
method getEvents (line 99) | async getEvents(): Promise<Event[]> {
FILE: unittests/events_test.ts
function runTest (line 4) | async function runTest(chain: Chain) {
FILE: unittests/keccak256_test.ts
function checkHash (line 5) | function checkHash(chain: Chain, hash1, vals: string[]) {
function runTest (line 9) | async function runTest(chain: Chain) {
FILE: unittests/test-unittest.ts
function runTest (line 4) | async function runTest(
FILE: unittests/tests.ts
function main (line 12) | async function main() {
FILE: unittests/utils.ts
function getJsonFilename (line 1) | function getJsonFilename(filename: string): string {
function padName (line 10) | function padName(name: string): string {
function printTest (line 14) | function printTest(name: string, success: boolean) {
function cleanCombined (line 18) | function cleanCombined(combined: {}): abiBytecode {
type abiBytecode (line 28) | interface abiBytecode {
Condensed preview — 589 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (7,311K chars).
[
{
"path": ".gitignore",
"chars": 71,
"preview": "*.vo\n*.glob\n*.aux\n.coqdeps.d\ncore.make\ncore.make.conf\n*_build\n*.merlin\n"
},
{
"path": "CompCert-LICENSE.txt",
"chars": 35248,
"preview": "All files in this distribution are part of the CompCert verified compiler.\n\nThe CompCert verified compiler is Copyright "
},
{
"path": "README.md",
"chars": 855,
"preview": "# The DeepSEA Language\n\nYou can download a zip file from the [releases\npage](https://github.com/shentufoundation/deepsea"
},
{
"path": "contracts/amm/.csdp.cache",
"chars": 0,
"preview": ""
},
{
"path": "contracts/amm/amm/RefineAMM.v",
"chars": 12695,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/amm/amm/_CoqProject",
"chars": 264,
"preview": "-R ../../.. DeepSpec\n-R . amm\n./EdsgerIdents.v\n./DataTypes.v\n./DataTypeOps.v\n./DataTypeProofs.v\n./LayerAMMLIB.v\n./LayerA"
},
{
"path": "contracts/amm/amm/prf.v",
"chars": 21639,
"preview": "Require Import amm.DataTypes.\nRequire Import amm.DataTypeOps.\nRequire Import lib.Monad.StateMonadOption.\nRequire Import "
},
{
"path": "contracts/amm/amm/prf_int.v",
"chars": 25016,
"preview": "Require Import amm.DataTypes.\nRequire Import amm.DataTypeOps.\nRequire Import amm.LayerAMM.\nRequire Import lib.Monad.Stat"
},
{
"path": "contracts/amm/amm/subdir.mk",
"chars": 914,
"preview": "# WARNING: This file is generated by Edsger, the DeepSEA compiler.\n# All modification will be lost when regener"
},
{
"path": "contracts/amm/amm.ds",
"chars": 14045,
"preview": "(* TODO: add emit Events *)\n\n(* PROOFS: \n 1. change re-defined layers\n 2. balance tracks reserve\n 3. increasing k "
},
{
"path": "contracts/amm/cst_man.v",
"chars": 30943,
"preview": "Add LoadPath \"./amm\" as amm.\n\n(*From Coq Require Import ssreflect ssrfun ssrbool.\nSet Implicit Arguments.\nUnset Strict I"
},
{
"path": "contracts/amm/math_lemma.v",
"chars": 8667,
"preview": "Require Import ZArith.\nRequire Import DeepSpec.cclib.Integers.\nRequire Import Zorder.\nRequire Import Lia.\nRequire Import"
},
{
"path": "contracts/amm/prf_int.v",
"chars": 24920,
"preview": "Add LoadPath \"./amm\" as amm.\n\nRequire Import amm.DataTypes.\nRequire Import amm.DataTypeOps.\nRequire Import amm.LayerAMM."
},
{
"path": "contracts/amm-i.wat",
"chars": 185188,
"preview": "(module\n (import \"ethereum\" \"finish\" (func $finish (param i32 i32) (result )))\n (memory 1)\n (data (i32.const 0) \"\\0"
},
{
"path": "contracts/amm-r.wat",
"chars": 433753,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param i32) (result i32)))\n (type (;2;) (func ("
},
{
"path": "contracts/auction/auction/FunctionalCorrectness.v",
"chars": 2347,
"preview": "Require Import backend.MachineModel.\nRequire Import cclib.Integers.\nRequire Import LayerAUCTION.\nRequire Import backend."
},
{
"path": "contracts/auction/auction.ds",
"chars": 1620,
"preview": "object signature AuctionInterface = {\n constructor : uint -> unit;\n const getbid : unit -> uint;\n const getbid"
},
{
"path": "contracts/auction/test.js",
"chars": 5530,
"preview": "#!/usr/bin/env node\n\n// TODO: test withdrawals\n\nconst fs = require('fs');\nconst ethers = require('ethers');\nconst as"
},
{
"path": "contracts/defi/amm_dsmodel.ucl",
"chars": 26809,
"preview": "/* file automatically generated by DeepSEA */\n\nmodule dsmodel {\n\n type address = integer;\n\n input me_caller : address;"
},
{
"path": "contracts/defi/defi.ds",
"chars": 24537,
"preview": "(* ---> refer to concepts in Google Docs\n * price oracle\n * AMM (3 variants)\n * Lending\n * BZXDEX\n * SNXDEX\n\n keyw"
},
{
"path": "contracts/fpblind/build.sh",
"chars": 105,
"preview": " ../../_build/Edsger/edsger.byte fpblind.ds coq\ncd fpblind\n coq_makefile -f _CoqProject -o Makefile\nmake\n"
},
{
"path": "contracts/fpblind/fpblind/CertiKOS.v",
"chars": 3957,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/DataTypeOps.v",
"chars": 44438,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/DataTypes.v",
"chars": 660,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/EdsgerIdents.v",
"chars": 1739,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/LSrcBLINDAUCTION.v",
"chars": 3542,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/LSrcEVMOPCODE.v",
"chars": 1339,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/LayerBLINDAUCTION.v",
"chars": 75210,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/LayerEVMOPCODE.v",
"chars": 12210,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/Makefile.conf",
"chars": 3074,
"preview": "# This configuration file was generated by running:\n# coq_makefile -f _CoqProject -o Makefile\n\n\n########################"
},
{
"path": "contracts/fpblind/fpblind/ObjBlindAuctionCode.v",
"chars": 14893,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/ObjSimBlindAuction.v",
"chars": 19953,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/RefineBLINDAUCTION.v",
"chars": 8033,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/Symbols.v",
"chars": 1478,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/fpblind/_CoqProject",
"chars": 166,
"preview": "-R ../../.. DeepSpec\n\nEdsgerIdents.v\nDataTypeOps.v\nDataTypeProofs.v\nDataTypes.v\nLayerBLINDAUCTION.v\nLayerEVMOPCODE.v\nRef"
},
{
"path": "contracts/fpblind/fpblind.ds",
"chars": 7617,
"preview": "(* first-price sealed-blind auction *)\n\n(* Hacks\n - function arguments are tuples, no currying, I think this should be"
},
{
"path": "contracts/fpblind/fpblind.sol",
"chars": 4528,
"preview": "pragma solidity >0.4.23 <0.5.0;\n\ncontract BlindAuction {\n struct Bid {\n bytes32 blindedBid;\n uint depos"
},
{
"path": "contracts/fpblind/prf.v",
"chars": 37702,
"preview": "(*Add Rec LoadPath \"../../cclib\" as DeepSpec.cclib.\nAdd Rec LoadPath \"../../lib\" as DeepSpec.lib.\nAdd Rec LoadPath \"../."
},
{
"path": "contracts/fpblind/prf.v.crashcoqide",
"chars": 27333,
"preview": "Require Import fpblind.DataTypes.\nRequire Import fpblind.DataTypeOps.\nRequire Import fpblind.LayerBLINDAUCTION.\nRequire "
},
{
"path": "contracts/fpblind/spblind/CertiKOS.v",
"chars": 4324,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/DataTypeOps.v",
"chars": 43949,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/DataTypeProofs.v",
"chars": 868,
"preview": "(* Skeleton by Edgser for spblind.ds *)\nRequire Import BinPos.\nRequire Import DeepSpec.Runtime.\nRequire Import spblind.E"
},
{
"path": "contracts/fpblind/spblind/DataTypes.v",
"chars": 650,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/EdsgerIdents.v",
"chars": 1801,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/LSimBLINDAUCTION.v",
"chars": 266,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/LSimEVMOPCODE.v",
"chars": 222,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/LSrcBLINDAUCTION.v",
"chars": 3861,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/LSrcEVMOPCODE.v",
"chars": 1339,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/LayerBLINDAUCTION.v",
"chars": 96831,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/LayerEVMOPCODE.v",
"chars": 12210,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/Makefile",
"chars": 26699,
"preview": "###############################################################################\n## v # The Coq P"
},
{
"path": "contracts/fpblind/spblind/Makefile.conf",
"chars": 3098,
"preview": "# This configuration file was generated by running:\n# coq_makefile -f _CoqProject -o Makefile\n\n\n########################"
},
{
"path": "contracts/fpblind/spblind/ObjBlindAuctionCode.v",
"chars": 15847,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/ObjBlindAuctionCodeProofs.v",
"chars": 5558,
"preview": "(* Skeleton by Edgser for spblind.ds *)\nRequire Import BinPos.\nRequire Import DeepSpec.Runtime.\nRequire Import spblind.E"
},
{
"path": "contracts/fpblind/spblind/ObjSimBlindAuction.v",
"chars": 23619,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/ObjSimEVMOpcode.v",
"chars": 4675,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/RefineBLINDAUCTION.v",
"chars": 8009,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/Symbols.v",
"chars": 1531,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/fpblind/spblind/_CoqProject",
"chars": 166,
"preview": "-R ../../.. DeepSpec\n\nEdsgerIdents.v\nDataTypeOps.v\nDataTypeProofs.v\nDataTypes.v\nLayerBLINDAUCTION.v\nLayerEVMOPCODE.v\nRef"
},
{
"path": "contracts/fpblind/spblind/extraction/Makefile",
"chars": 158,
"preview": "lastfiles = HyperType.mli HyperTypeInst.mli DataTypeOps.mli EdsgerIdents.mli LayerEVMOPCODE.mli LSrcEVMOPCODE.mli Layer"
},
{
"path": "contracts/fpblind/spblind/extraction/Tester.ml",
"chars": 897,
"preview": "open LSrcEVMOPCODE\nopen LSrcBLINDAUCTION\n\nlet usage () = \n Printf.eprintf \"usage: extract (bytecode | debug)\\n\" ;\n exi"
},
{
"path": "contracts/fpblind/spblind/subdir.mk",
"chars": 609,
"preview": "# WARNING: This file is generated by Edsger, the DeepSEA compiler.\n# All modification will be lost when regener"
},
{
"path": "contracts/fpblind/spblind.ds",
"chars": 8013,
"preview": "(* second-price sealed-blind auction *)\n\ntype Bid = {\n _blindedBid : hashvalue;\n _deposit : uint;\n}\n\ntype Transfer"
},
{
"path": "contracts/livevar/clash.dot",
"chars": 907,
"preview": "digraph mygraph {\n node [shape=box];\n\" tempvar_c \"\n\" tempvar_c \" -> \" tempvar_d \"\n\" tempvar_c \" -> \" tempvar_25 \"\n\" tem"
},
{
"path": "contracts/livevar/livevar.dot",
"chars": 324,
"preview": "digraph mygraph {\n node [shape=box];\n\n \"entry\"\n \"entry\" -> \"5\"\n\"4 : tempvar_1 = 0x00\"\n\"4 : tempvar_1 = 0x00\" -> \"3 : "
},
{
"path": "contracts/livevar/livevar.ds",
"chars": 663,
"preview": "object signature OS = {\n f : unit -> unit;\n}\n\nobject O : OS {\n (* should succeed *)\n let f () =\n let a1 = 1 in\n "
},
{
"path": "contracts/livevar/livevar_clash.dot",
"chars": 41,
"preview": "digraph mygraph {\n node [shape=box];\n\n}\n"
},
{
"path": "contracts/livevar/lv.dot",
"chars": 3055,
"preview": "digraph mygraph {\n node [shape=box];\n\n \"entry\"\n \"entry\" -> \"21\"\n\"20 : tempvar_c = 0x01\"\n\"20 : tempvar_c = 0x01\" -> \"1"
},
{
"path": "contracts/olive/Olive.ds",
"chars": 6683,
"preview": "(* This contract is inspired by olive/contracts/Olive.sol , a very vanilla ERC20 token contract. *)\n\nobject signature Ow"
},
{
"path": "contracts/olive/lockable.ds",
"chars": 1396,
"preview": "event\n | Transfer (from : address indexed) (to_ : address indexed) (value : uint)\n | Approval (owner : address indexed"
},
{
"path": "contracts/olive/test.js",
"chars": 5651,
"preview": "#!/usr/bin/env node\n\nconst fs = require('fs');\nconst ethers = require(\"ethers\");\n\nif (process.argv.length != 3) {\n co"
},
{
"path": "contracts/simplestorage/simplestorage.ds",
"chars": 434,
"preview": "object signature SimpleStorageInterface = {\n get : unit -> uint;\n set : uint -> unit\n}\n\nobject SimpleStorage : SimpleS"
},
{
"path": "contracts/swaps/build.sh",
"chars": 101,
"preview": " ../../_build/Edsger/edsger.byte swaps.ds coq\ncd swaps\n coq_makefile -f _CoqProject -o Makefile\nmake\n"
},
{
"path": "contracts/swaps/impl.v",
"chars": 3265,
"preview": "Require Import BinPos.\nRequire Import DeepSpec.Runtime.\nRequire Import cclib.Maps. \n\n\nDefinition addr := int256.\nDefinit"
},
{
"path": "contracts/swaps/prf_setup.v",
"chars": 16162,
"preview": "Require Export swaps_threeway.DataTypes.\nRequire Export swaps_threeway.DataTypeOps.\nRequire Export swaps_threeway.LayerS"
},
{
"path": "contracts/swaps/swaps_general/CertiKOS.v",
"chars": 6358,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/DataTypeOps.v",
"chars": 251571,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/DataTypeProofs.v",
"chars": 570,
"preview": "(* Skeleton by Edgser for swaps_general.ds *)\nRequire Import BinPos.\nRequire Import DeepSpec.Runtime.\nRequire Import swa"
},
{
"path": "contracts/swaps/swaps_general/DataTypes.v",
"chars": 1215,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/EdsgerIdents.v",
"chars": 2607,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/LSimEVMOPCODE.v",
"chars": 284,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/LSimSWAPCONTRACT.v",
"chars": 290,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/LSrcEVMOPCODE.v",
"chars": 1397,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/LSrcSWAPCONTRACT.v",
"chars": 3259,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/LayerEVMOPCODE.v",
"chars": 222560,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/LayerSWAPCONTRACT.v",
"chars": 85728,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/ObjSimDiGraph.v",
"chars": 44649,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/ObjSimEVMOpcode.v",
"chars": 4717,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/ObjSimSwapContract.v",
"chars": 18034,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/ObjSwapContractCode.v",
"chars": 25323,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/ObjSwapContractCodeProofs.v",
"chars": 4111,
"preview": "(* Skeleton by Edgser for swaps_general.ds *)\nRequire Import BinPos.\nRequire Import DeepSpec.Runtime.\nRequire Import swa"
},
{
"path": "contracts/swaps/swaps_general/RefineSWAPCONTRACT.v",
"chars": 10313,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/Symbols.v",
"chars": 2112,
"preview": "(* WARNING: This file is generated by Edsger, the DeepSEA compiler.\n All modification will be lost when regen"
},
{
"path": "contracts/swaps/swaps_general/extraction/Makefile",
"chars": 158,
"preview": "lastfiles = HyperType.mli HyperTypeInst.mli DataTypeOps.mli EdsgerIdents.mli LayerEVMOPCODE.mli LSrcEVMOPCODE.mli Layer"
},
{
"path": "contracts/swaps/swaps_general/extraction/Tester.ml",
"chars": 897,
"preview": "open LSrcEVMOPCODE\nopen LSrcSWAPCONTRACT\n\nlet usage () = \n Printf.eprintf \"usage: extract (bytecode | debug)\\n\" ;\n exi"
},
{
"path": "contracts/swaps/swaps_general/subdir.mk",
"chars": 749,
"preview": "# WARNING: This file is generated by Edsger, the DeepSEA compiler.\n# All modification will be lost when regener"
},
{
"path": "contracts/swaps/swaps_general.ds",
"chars": 15171,
"preview": "(* atomic cross-chain swaps - general case *)\n\ntype addr := uint \ntype timeunit := uint (* in seconds? *)\n\ntype Transfer"
},
{
"path": "contracts/swaps/swaps_threeway/extraction/Makefile",
"chars": 158,
"preview": "lastfiles = HyperType.mli HyperTypeInst.mli DataTypeOps.mli EdsgerIdents.mli LayerEVMOPCODE.mli LSrcEVMOPCODE.mli Layer"
},
{
"path": "contracts/swaps/swaps_threeway/subdir.mk",
"chars": 735,
"preview": "# WARNING: This file is generated by Edsger, the DeepSEA compiler.\n# All modification will be lost when regener"
},
{
"path": "contracts/swaps/swaps_threeway.ds",
"chars": 5813,
"preview": "(* atomic cross-chain swaps - 3-way swap\n\t\t\t A one leader only, form a cycle. \n\t\t\t/ \\\n\t\t B - C \n*) \ntype Transfer = {"
},
{
"path": "contracts/swaps/threeway_prf.v",
"chars": 105985,
"preview": "Require Import prf_setup.\nRequire Import List.\nImport ListNotations.\nRequire Import lib.Monad.RunStateTInv.\nRequire Impo"
},
{
"path": "contracts/token/test.js",
"chars": 2726,
"preview": "#!/usr/bin/env node\n\n// const net = require('net');\n// const solc = require('solc');\nconst fs = require('fs');\nconst eth"
},
{
"path": "contracts/token/token/FunctionalCorrectness.v",
"chars": 2214,
"preview": "Require Import token.DataTypeOps.\nRequire Import token.LayerFIXEDSUPPLYTOKEN.\nRequire Import token.Invariant.\n\nRequire I"
},
{
"path": "contracts/token/token/Invariant.v",
"chars": 830,
"preview": "Require Import ZArith.\n\nRequire Import cclib.Maps.\nRequire Import token.DataTypeOps.\n\n(* This must match the constant de"
},
{
"path": "contracts/token/token/Makefile",
"chars": 26699,
"preview": "###############################################################################\n## v # The Coq P"
},
{
"path": "contracts/token/token/Makefile.conf",
"chars": 3140,
"preview": "# This configuration file was generated by running:\n# coq_makefile -f _CoqProject -o Makefile\n\n\n########################"
},
{
"path": "contracts/token/token/ManualRefinement.v",
"chars": 20882,
"preview": "Require Import backend.phase.MiniC.Language.\nRequire Import backend.phase.MiniC.BigstepSemantics.\nRequire Import backend"
},
{
"path": "contracts/token/token/ObjFixedSupplyTokenCodeProofs.v",
"chars": 10631,
"preview": "(* Skeleton by Edgser for token.ds *)\nRequire Import BinPos.\nRequire Import DeepSpec.Runtime.\nRequire Import DeepSpec.co"
},
{
"path": "contracts/token/token/RefineFIXEDSUPPLYTOKEN.v",
"chars": 1728,
"preview": "(* This should be automatically generated, but I put in a manually written version for now. *)\n\nRequire Import BinNums.\n"
},
{
"path": "contracts/token/token/_CoqProject",
"chars": 208,
"preview": "-R ../../.. DeepSpec\n-R . token\nEdsgerIdents.v\nDataTypeOps.v\nDataTypeProofs.v\nDataTypes.v\nLayerFIXEDSUPPLYTOKEN.v\nRefine"
},
{
"path": "contracts/token/token/prf.v",
"chars": 11121,
"preview": "Require Import token.DataTypes.\nRequire Import token.DataTypeOps.\nRequire Import lib.Monad.StateMonadOption.\nRequire Imp"
},
{
"path": "contracts/token/token/subdir.mk",
"chars": 469,
"preview": "# WARNING: This file is generated by Edsger, the DeepSEA compiler.\n# All modification will be lost when regener"
},
{
"path": "contracts/token/token.ds",
"chars": 1797,
"preview": "(* Loosely based on the \"sample fixed supply token contract\" from https://theethereum.wiki/w/index.php/ERC20_Token_Stand"
},
{
"path": "contracts/token/token.wat",
"chars": 13578,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param ) (result i32)))\n (type (;2;) (func (par"
},
{
"path": "contracts/wasmtest/address/address-i.wat",
"chars": 11665,
"preview": "(module\n (import \"ethereum\" \"finish\" (func $finish (param i32 i32) (result )))\n (memory 1)\n (data (i32.const 0) \"\\0"
},
{
"path": "contracts/wasmtest/address/address-r.wat",
"chars": 24784,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param ) (result i32)))\n (type (;2;) (func (par"
},
{
"path": "contracts/wasmtest/address/address.ds",
"chars": 564,
"preview": "object signature SimpleAddressInterface = {\n init : unit -> unit;\n get : unit -> address;\n set : address -> unit\n}\n\no"
},
{
"path": "contracts/wasmtest/address/address.js",
"chars": 1149,
"preview": "#!/usr/bin/env node\n'strict';\nlet main = require('../index');\n\nif (process.argv.length < 4) {\n console.log(`usage: ${"
},
{
"path": "contracts/wasmtest/address/address_test.js",
"chars": 2166,
"preview": "#!/usr/bin/env node\n\n// const net = require('net');\n// const solc = require('solc');\n\nconst bytecodeFilename = \"address."
},
{
"path": "contracts/wasmtest/arith/arith-i.wat",
"chars": 5740,
"preview": "(module\n (import \"ethereum\" \"finish\" (func $finish (param i32 i32) (result )))\n (memory 1)\n (data (i32.const 0) \"\\0"
},
{
"path": "contracts/wasmtest/arith/arith-r.wat",
"chars": 11907,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param i32 i32) (result i32)))\n (type (;2;) (fu"
},
{
"path": "contracts/wasmtest/arith/arith.ds",
"chars": 727,
"preview": "object signature ArithInterface = {\n add : uint * uint -> uint;\n sub : uint * uint -> uint;\n mul : uint * uint -> uin"
},
{
"path": "contracts/wasmtest/arith/arith.js",
"chars": 1237,
"preview": "#!/usr/bin/env node\n'strict';\nlet main = require('../index');\n\nif (process.argv.length != 6) {\n console.log(`usage: $"
},
{
"path": "contracts/wasmtest/asserts/asserts-i.wat",
"chars": 5332,
"preview": "(module\n (import \"ethereum\" \"finish\" (func $finish (param i32 i32) (result )))\n (memory 1)\n (data (i32.const 0) \"\\0"
},
{
"path": "contracts/wasmtest/asserts/asserts-r.wat",
"chars": 10310,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param ) (result i32)))\n (type (;2;) (func (par"
},
{
"path": "contracts/wasmtest/asserts/asserts.ds",
"chars": 442,
"preview": "object signature OS = {\n f : unit -> unit;\n g : unit -> unit;\n h : unit -> unit;\n i : unit -> unit;\n j : unit -> un"
},
{
"path": "contracts/wasmtest/asserts/asserts.js",
"chars": 1314,
"preview": "#!/usr/bin/env node\n'strict';\nlet main = require('../index');\n\nif (process.argv.length != 4) {\n console.log(`usage: $"
},
{
"path": "contracts/wasmtest/builtins/builtins-i.wat",
"chars": 47182,
"preview": "(module\n (import \"ethereum\" \"finish\" (func $finish (param i32 i32) (result )))\n (memory 1)\n (data (i32.const 0) \"\\0"
},
{
"path": "contracts/wasmtest/builtins/builtins-r.wat",
"chars": 108867,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param ) (result i32)))\n (type (;2;) (func (par"
},
{
"path": "contracts/wasmtest/builtins/builtins.ds",
"chars": 1577,
"preview": "object signature OS = {\n f : uint -> uint;\n \n const get_address : unit -> address;\n const get_origin : unit -> add"
},
{
"path": "contracts/wasmtest/builtins/builtins.js",
"chars": 1006,
"preview": "#!/usr/bin/env node\n'strict';\nlet main = require('../index');\n\nif (process.argv.length != 5) {\n console.log(`usage: $"
},
{
"path": "contracts/wasmtest/events/events-i.wat",
"chars": 8377,
"preview": "(module\n (import \"ethereum\" \"finish\" (func $finish (param i32 i32) (result )))\n (memory 1)\n (data (i32.const 0) \"\\0"
},
{
"path": "contracts/wasmtest/events/events-r.wat",
"chars": 15883,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param ) (result i32)))\n (import \"ethereum\" \"g"
},
{
"path": "contracts/wasmtest/events/events.ds",
"chars": 571,
"preview": "event\n | E1 (v : uint)\n\nevent\n E2 (v1 : uint) (v2 : bool)\n\nevent\n | IE1 (v : uint indexed)\n | IE2 (v1 : uint) (v2 "
},
{
"path": "contracts/wasmtest/events/events.js",
"chars": 1143,
"preview": "#!/usr/bin/env node\n'strict';\nlet main = require('../index');\n\nif (process.argv.length < 4) {\n console.log(`usage: ${"
},
{
"path": "contracts/wasmtest/for/for-i.wat",
"chars": 12976,
"preview": "(module\n (import \"ethereum\" \"finish\" (func $finish (param i32 i32) (result )))\n (memory 1)\n (data (i32.const 0) \"\\0"
},
{
"path": "contracts/wasmtest/for/for-r.wat",
"chars": 29762,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param i32) (result i32)))\n (type (;2;) (func ("
},
{
"path": "contracts/wasmtest/for/for.ds",
"chars": 422,
"preview": "object signature OS = {\n setThenGet : int -> int;\n multiply : int * int -> int;\n}\n\nobject O : OS {\n\n let _val : int :"
},
{
"path": "contracts/wasmtest/for/for.js",
"chars": 808,
"preview": "#!/usr/bin/env node\n'strict';\nlet main = require('../index');\n\nif (process.argv.length < 4) {\n console.log(`usage: ${"
},
{
"path": "contracts/wasmtest/index.js",
"chars": 16747,
"preview": "#!/usr/bin/env node\n\n'strict';\nlet fs = require('fs');\nlet utils = require('./utils');\nlet precompiled = {\n keccak256"
},
{
"path": "contracts/wasmtest/init-single.sh",
"chars": 726,
"preview": "#!/bin/bash\n\nset -xe\n\ncertikd unsafe-reset-all\nrm -rf ~/.certikd\nrm -rf ~/.certikcli\n\n# mkdir -p ~/.certikcli/config\n# c"
},
{
"path": "contracts/wasmtest/keccak256/keccak256-i.wat",
"chars": 15001,
"preview": "(module\n (import \"ethereum\" \"finish\" (func $finish (param i32 i32) (result )))\n (memory 1)\n (data (i32.const 0) \"\\0"
},
{
"path": "contracts/wasmtest/keccak256/keccak256-r.wat",
"chars": 33871,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param i32) (result i32)))\n (type (;2;) (func ("
},
{
"path": "contracts/wasmtest/keccak256/keccak256.ds",
"chars": 837,
"preview": "object signature OS = {\n const hash1 : uint -> hashvalue;\n const hash2 : uint * uint -> hashvalue;\n const hash2_1 : u"
},
{
"path": "contracts/wasmtest/keccak256/keccak256.js",
"chars": 1148,
"preview": "#!/usr/bin/env node\n'strict';\nlet main = require('../index');\n\nif (process.argv.length < 4) {\n console.log(`usage: ${"
},
{
"path": "contracts/wasmtest/layers1/layers1-i.wat",
"chars": 10246,
"preview": "(module\n (import \"ethereum\" \"finish\" (func $finish (param i32 i32) (result )))\n (memory 1)\n (data (i32.const 0) \"\\0"
},
{
"path": "contracts/wasmtest/layers1/layers1-r.wat",
"chars": 21387,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param ) (result i32)))\n (type (;2;) (func (par"
},
{
"path": "contracts/wasmtest/layers1/layers1.ds",
"chars": 722,
"preview": "object signature LowerInterface = {\n incr : unit -> unit; \n const get : unit -> int\n}\n\nobject Lower : LowerInterface {"
},
{
"path": "contracts/wasmtest/layers1/layers1.js",
"chars": 1141,
"preview": "#!/usr/bin/env node\n'strict';\nlet main = require('../index');\n\nif (process.argv.length < 4) {\n console.log(`usage: ${"
},
{
"path": "contracts/wasmtest/lib/keccak256.wat",
"chars": 74911,
"preview": "(module\n (type (;0;) (func (param i32 i32)))\n (type (;1;) (func (param i32 i32 i32) (result i32)))\n (type (;2;) (func"
},
{
"path": "contracts/wasmtest/lib/wrapper.wat",
"chars": 1783,
"preview": "(module\n (func $callHook (import \"ethereum\" \"call\") (param i32 i32 i32 i32 i32) (result i32))\n (func $callDelegateHook"
},
{
"path": "contracts/wasmtest/match-int/match-int-i.wat",
"chars": 3925,
"preview": "(module\n (import \"ethereum\" \"finish\" (func $finish (param i32 i32) (result )))\n (memory 1)\n (data (i32.const 0) \"\\0"
},
{
"path": "contracts/wasmtest/match-int/match-int-r.wat",
"chars": 6510,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param ) (result i32)))\n (import \"ethereum\" \"g"
},
{
"path": "contracts/wasmtest/match-int/match-int.ds",
"chars": 378,
"preview": "type Status [[int]] =\n | Ok [[= 0]]\n | Triggered [[= 1]]\n | Finalized [[= 2]]\n\nobject signature OS = {\n f : u"
},
{
"path": "contracts/wasmtest/match-int/match-int.js",
"chars": 1012,
"preview": "#!/usr/bin/env node\n'strict';\nlet main = require('../index');\n\nif (process.argv.length != 4) {\n console.log(`usage: $"
},
{
"path": "contracts/wasmtest/run_test.sh",
"chars": 116,
"preview": "cd $1\n../../../edsger.bc ./$1.ds ewasm > ./$1.wat\n../../../wasm_init.sh $1\ncd ..\n./$1/$1.js ./$1/$1-r.wasm $2 $3 $4\n"
},
{
"path": "contracts/wasmtest/struct/struct-i.wat",
"chars": 28213,
"preview": "(module\n (import \"ethereum\" \"finish\" (func $finish (param i32 i32) (result )))\n (memory 1)\n (data (i32.const 0) \"\\0"
},
{
"path": "contracts/wasmtest/struct/struct-r.wat",
"chars": 63754,
"preview": "(module\n (type (;0;) (func (param ) (result i32)))\n (type (;1;) (func (param i32 i32) (result i32)))\n (type (;2;) (fu"
},
{
"path": "contracts/wasmtest/struct/struct.ds",
"chars": 584,
"preview": "type addr := int\n\nobject signature OS = {\n\tinitialize : int * int -> unit;\n\thasOwner : unit -> int;\n\thasSupply : int -> "
},
{
"path": "contracts/wasmtest/struct/struct.js",
"chars": 1231,
"preview": "#!/usr/bin/env node\n'strict';\nlet main = require('../index');\n\nif (process.argv.length < 4) {\n console.log(`usage: ${"
},
{
"path": "contracts/wasmtest/testEWASM.sh",
"chars": 1076,
"preview": "set -xe\n\n#caddr=$(certikcli tx cvm deploy --ewasm ewasm/foobar.sol --from node0 --gas-prices 0.025uctk --gas-adjustment "
},
{
"path": "contracts/wasmtest/utils.js",
"chars": 439,
"preview": "module.exports = {\n to256CallData: data => {\n return BigInt(data).toString(16).padStart(64, '0');\n },\n t"
},
{
"path": "minic_unittests/basic_constructor.mc",
"chars": 98,
"preview": "int256 foo;\n\nvoid constructor() {\n\tint256 bar;\n\tint256 baz;\n\t\n\tbar = 0;\n\tbaz = bar;\n\tfoo = baz;\n}\n"
},
{
"path": "minic_unittests/comments.mc",
"chars": 224,
"preview": "void foo() {\n\n\t// single-line comment\n\n\t/* \tsimple\n\t\t\tmultiline \n\t\t\tcomment\n\t*/\n\n\t/* \tnested\n\t/* \tmulti /* line */\n\t\t\tco"
},
{
"path": "minic_unittests/declarations.mc",
"chars": 252,
"preview": "int8 foo1;\nint16 foo2;\nint32 foo3;\nint256 foo4;\nbool foo5;\nvoid foo6;\n\n// int256* foo7;\nint256[256] foo8;\nint256#[int256"
},
{
"path": "minic_unittests/expressions.mc",
"chars": 628,
"preview": "int256[3] array;\nint256#[bool] hashmap;\nstruct bar {\n bool one;\n int256#[int8] two;\n} mystruct;\n\nvoid foo(int256 tmp) "
},
{
"path": "minic_unittests/functions.mc",
"chars": 119,
"preview": "private int8 foo1() {}\nprivate int16 foo2() {}\nprivate int32 foo3() {}\nprivate int256 foo4() {}\nprivate bool foo5() {}\n"
},
{
"path": "minic_unittests/methods.mc",
"chars": 79,
"preview": "int8 foo1() {}\nint16 foo2() {}\nint32 foo3() {}\nint256 foo4() {}\nbool foo5() {}\n"
},
{
"path": "minic_unittests/statements.mc",
"chars": 543,
"preview": "private int256 foo() {\n\tint256 tmp;\n\n\ttmp = 0;\n\treturn tmp;\n}\n\nvoid bar(int256 tmp) {\n\ttmp = 0;\n\ttransfer(0, 1);\n\n\tfoo()"
},
{
"path": "minic_unittests/test_bytecode.sh",
"chars": 880,
"preview": "#!/bin/bash\n\nfail_count=0\npass_count=0\n\nminicc=../binaries/MacOS/minicc\ndsc=../binaries/MacOS/dsc\n\nskip_files=\"token_ant"
},
{
"path": "minic_unittests/test_parse_and_print.sh",
"chars": 1044,
"preview": "#!/bin/bash\n\n# Add deepsea (.ds) or minic (.mc) files to this directory to add new unit\n# tests. Deepsea files are first"
},
{
"path": "src/Edsger/abi.ml",
"chars": 5764,
"preview": "#include \"config.h\"\n\n(* Methods related to the Solidity ABI. Right now, the only thing here is the code to compute the m"
},
{
"path": "src/Edsger/abi.mli",
"chars": 299,
"preview": "open Ast\n\nval function_selector_of_method : a_method_definition -> string\nval function_selector_intval_of_method : a_m"
},
{
"path": "src/Edsger/ast.ml",
"chars": 28464,
"preview": "open Astcommon\n\ntype a_ctype =\n | ACtint\n | ACtchar\n | ACtvoid\n | ACtpointer of a_ctype\n | ACtarray of int * a_ctyp"
},
{
"path": "src/Edsger/ast.mli",
"chars": 9729,
"preview": "open Astcommon\n\ntype a_ctype =\n | ACtint\n | ACtchar\n | ACtvoid\n | ACtpointer of a_ctype\n | ACtarray of int * a_ctyp"
},
{
"path": "src/Edsger/astcommon.ml",
"chars": 2485,
"preview": "type ident = string\n\ntype builtin_type =\n | Tint\n | Tuint\n | Tbool\n | Tunit\n | Taddress\n (* EVM specifics *)\n | T"
},
{
"path": "src/Edsger/astcommon.mli",
"chars": 1218,
"preview": "type ident = string\n\ntype builtin_type =\n | Tint\n | Tuint\n | Tbool\n | Tunit\n | Taddress\n (* EVM specifics *)\n | T"
},
{
"path": "src/Edsger/config.h",
"chars": 17,
"preview": "#define REDACTED\n"
},
{
"path": "src/Edsger/coqgen.ml",
"chars": 214696,
"preview": "#include \"config.h\"\n\nopen Ast\nopen Astcommon\nopen Abi\n\ntype coqgen_env = {\n filename : string;\n project_name : string;"
},
{
"path": "src/Edsger/dune",
"chars": 360,
"preview": "(executable\n (name edsger)\n (modes byte exe)\n ; The line below is a hack to build a MacOS binary without libgmp.so.\n "
},
{
"path": "src/Edsger/edsger.ml",
"chars": 10408,
"preview": "#include \"config.h\"\n\nopen Ast\nopen Backend.BytecodeExt\nopen Minicgen\nopen Parser\nopen Parsetree\nopen Typecheck\nopen Meta"
},
{
"path": "src/Edsger/lexer.mll",
"chars": 3822,
"preview": "{\n#include \"config.h\"\n\nopen Parser\nopen Parsetree\n\nlet keyword_table =\n let tbl = Hashtbl.create 20 in\n List.iter (fun"
},
{
"path": "src/Edsger/make_parser.sh",
"chars": 285,
"preview": "#!/bin/bash\n\nroot=$(git rev-parse --show-toplevel)\nEdsger=$root/src/Edsger\n\nsource_file=$(mktemp)\nprocessed=$(mktemp)\npa"
},
{
"path": "src/Edsger/makefile_model",
"chars": 1464,
"preview": "\nlastsources = $(lastfiles:.mli=.ml)\nlibfiles = BinNums.mli BinPosDef.mli Datatypes.mli Specif.mli PeanoNat.mli Nat.mli "
},
{
"path": "src/Edsger/metadata.ml",
"chars": 945,
"preview": "open Cryptokit\nopen Yojson.Basic\nopen Std\n\nlet keccak s =\n let hash = hash_string (Hash.keccak 256) s in\n let l = List"
},
{
"path": "src/Edsger/minicgen.ml",
"chars": 50287,
"preview": "open Ast\nopen Astcommon\nopen Abi\n\nopen Backend\n open BinNumsExt\n open StmtMiniC\n open ExpMiniC\n module D = Datatypes"
},
{
"path": "src/Edsger/parser.ml",
"chars": 994164,
"preview": "\nmodule MenhirBasics = struct\n \n exception Error\n \n type token = \n | XOR\n | WITH\n | UNEQUAL\n | UINT of ("
},
{
"path": "src/Edsger/parser.mli",
"chars": 1137,
"preview": "\n(* The type of tokens. *)\n\ntype token = \n | XOR\n | WITH\n | UNEQUAL\n | UINT of (string)\n | TYPE\n | TRUSTED\n | TRA"
},
{
"path": "src/Edsger/parser.mly",
"chars": 30415,
"preview": "#include \"config.h\"\n\n%{\nopen Astcommon\nopen Parsetree\n\nlet make_loc (startpos, endpos) = {\n loc_start = startpos;\n loc"
},
{
"path": "src/Edsger/parsetree.ml",
"chars": 19065,
"preview": "open Astcommon\nopen Lexing\n\ntype location = {loc_start: position; loc_end: position;};;\n\nlet in_file name =\n let loc = "
},
{
"path": "src/Edsger/parsetree.mli",
"chars": 8439,
"preview": "open Astcommon\nopen Lexing\n\ntype location = {\n loc_start : Lexing.position;\n loc_end : Lexing.position;\n}\n\nval in_file"
},
{
"path": "src/Edsger/typecheck.ml",
"chars": 142125,
"preview": "#include \"config.h\"\n\nopen Ast\nopen Astcommon\nopen Parsetree\n\n\n(* Like a boolean, but \"false\" carries an error message. *"
},
{
"path": "src/Edsger/uclidgen.ml",
"chars": 27077,
"preview": "(* this file should generate UCLID5 code for the defi-verification project *)\n(* print from Ast*)\n\n(* type utype = \n | "
},
{
"path": "src/Makefile",
"chars": 520,
"preview": "core: core.make\n\tmake -f core.make\n\nclean: core.make\n\tmake -f core.make clean\n\trm -r _build\n\ncore.make: _CoqProject\n\tcoq"
},
{
"path": "src/OpenSC/LICENSE",
"chars": 1063,
"preview": "MIT License\n\nCopyright (c) 2020 OpenSC\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof "
},
{
"path": "src/OpenSC/README.md",
"chars": 4065,
"preview": "# OpenSC\nA toy project of programming language for smart contract written in `Ocaml`. \nThis is final project for COMS W4"
},
{
"path": "src/OpenSC/src/.gitignore",
"chars": 40,
"preview": "# extra ocaml file\nparser.ml\nparser.mli\n"
},
{
"path": "src/OpenSC/src/Makefile",
"chars": 124,
"preview": ".PHONY: opensc\n\nall: opensc\n\nopensc:\n\tocamlbuild -pkg cryptokit -I backend opensc.native\n\nclean:\n\trm -f *.cmo *.cmi *.na"
},
{
"path": "src/OpenSC/src/abi.ml",
"chars": 3845,
"preview": "(* Methods related to the Solidity ABI. Right now, the only thing here is the code to compute the method name hashes. \n\n"
},
{
"path": "src/OpenSC/src/ast.ml",
"chars": 5339,
"preview": "type op = Add | Sub | Times | Divide | Equal | Neq | And | Or | LGT | RGT | LGTEQ | RGTEQ | PASSIGN\n\ntype typ = \n\t| Boo"
}
]
// ... and 389 more files (download for full content)
About this extraction
This page contains the full source code of the certikfoundation/deepsea GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 589 files (81.9 MB), approximately 1.8M tokens, and a symbol index with 113 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.