2014-04-18 02:34:25 +04:00
|
|
|
/*
|
2016-01-19 22:31:37 +03:00
|
|
|
* Copyright (c) 2013-2016 Galois, Inc.
|
2014-04-18 02:34:25 +04:00
|
|
|
* Distributed under the terms of the BSD3 license (see LICENSE file)
|
|
|
|
*/
|
|
|
|
|
|
|
|
module Cryptol where
|
|
|
|
|
2015-06-06 01:47:12 +03:00
|
|
|
/**
|
|
|
|
* The value corresponding to a numeric type.
|
|
|
|
*/
|
2018-06-21 01:06:19 +03:00
|
|
|
primitive demote : {val, rep} Literal val rep => rep
|
2015-06-06 01:47:12 +03:00
|
|
|
|
2016-08-13 03:12:34 +03:00
|
|
|
infixr 5 ==>
|
|
|
|
infixr 10 \/
|
|
|
|
infixr 15 /\
|
2017-10-03 00:56:33 +03:00
|
|
|
infix 20 ==, ===, !=, !==
|
|
|
|
infix 30 >, >=, <, <=, <$, >$, <=$, >=$
|
|
|
|
infixr 40 ||
|
|
|
|
infixl 45 ^
|
|
|
|
infixr 50 &&
|
2015-06-10 21:55:54 +03:00
|
|
|
infixr 60 #
|
2017-08-05 03:02:10 +03:00
|
|
|
infixl 70 <<, <<<, >>, >>>, >>$
|
2015-06-10 21:55:54 +03:00
|
|
|
infixl 80 +, -
|
2017-08-05 03:02:10 +03:00
|
|
|
infixl 90 *, /, %, /$, %$
|
2015-06-10 21:55:54 +03:00
|
|
|
infixr 95 ^^
|
|
|
|
infixl 100 @, @@, !, !!
|
2015-06-05 04:35:12 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Add two values.
|
|
|
|
* * For words, addition uses modulo arithmetic.
|
|
|
|
* * Structured values are added element-wise.
|
|
|
|
*/
|
2015-06-04 08:29:36 +03:00
|
|
|
primitive (+) : {a} (Arith a) => a -> a -> a
|
|
|
|
|
2015-06-06 01:47:12 +03:00
|
|
|
/**
|
|
|
|
* For words, subtraction uses modulo arithmetic.
|
|
|
|
* Structured values are subtracted element-wise. Defined as:
|
|
|
|
* a - b = a + negate b
|
|
|
|
* See also: `negate'.
|
|
|
|
*/
|
|
|
|
primitive (-) : {a} (Arith a) => a -> a -> a
|
|
|
|
|
|
|
|
/**
|
|
|
|
* For words, multiplies two words, modulus 2^^a.
|
|
|
|
* Structured values are multiplied element-wise.
|
|
|
|
*/
|
|
|
|
primitive (*) : {a} (Arith a) => a -> a -> a
|
|
|
|
|
|
|
|
/**
|
|
|
|
* For words, divides two words, modulus 2^^a.
|
|
|
|
* Structured values are divided element-wise.
|
|
|
|
*/
|
|
|
|
primitive (/) : {a} (Arith a) => a -> a -> a
|
|
|
|
|
|
|
|
/**
|
|
|
|
* For words, takes the modulus of two words, modulus 2^^a.
|
|
|
|
* Over structured values, operates element-wise.
|
|
|
|
* Be careful, as this will often give unexpected results due to interaction of
|
|
|
|
* the two moduli.
|
|
|
|
*/
|
|
|
|
primitive (%) : {a} (Arith a) => a -> a -> a
|
|
|
|
|
|
|
|
/**
|
|
|
|
* For words, takes the exponent of two words, modulus 2^^a.
|
|
|
|
* Over structured values, operates element-wise.
|
|
|
|
* Be careful, due to its fast-growing nature, exponentiation is prone to
|
|
|
|
* interacting poorly with defaulting.
|
|
|
|
*/
|
|
|
|
primitive (^^) : {a} (Arith a) => a -> a -> a
|
|
|
|
|
2015-06-09 01:58:46 +03:00
|
|
|
/**
|
2015-06-06 01:47:12 +03:00
|
|
|
* Log base two.
|
2016-02-19 21:08:20 +03:00
|
|
|
*
|
2015-06-06 01:47:12 +03:00
|
|
|
* For words, computes the ceiling of log, base 2, of a number.
|
|
|
|
* Over structured values, operates element-wise.
|
|
|
|
*/
|
2015-06-09 01:58:46 +03:00
|
|
|
primitive lg2 : {a} (Arith a) => a -> a
|
2015-06-06 01:47:12 +03:00
|
|
|
|
|
|
|
|
2014-04-18 02:34:25 +04:00
|
|
|
type Bool = Bit
|
2015-06-06 01:47:12 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* The constant True. Corresponds to the bit value 1.
|
|
|
|
*/
|
2015-06-05 04:35:12 +03:00
|
|
|
primitive True : Bit
|
2015-06-06 01:47:12 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* The constant False. Corresponds to the bit value 0.
|
|
|
|
*/
|
2015-06-05 04:35:12 +03:00
|
|
|
primitive False : Bit
|
|
|
|
|
2015-06-09 01:58:46 +03:00
|
|
|
/**
|
|
|
|
* Returns the twos complement of its argument.
|
|
|
|
* Over structured values, operates element-wise.
|
|
|
|
* negate a = ~a + 1
|
|
|
|
*/
|
|
|
|
primitive negate : {a} (Arith a) => a -> a
|
|
|
|
|
|
|
|
/**
|
2017-05-24 19:09:28 +03:00
|
|
|
* Bitwise complement. The prefix notation '~ x'
|
|
|
|
* is syntactic sugar for 'complement x'.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2017-09-15 23:33:56 +03:00
|
|
|
primitive complement : {a} (Logic a) => a -> a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Less-than. Only works on comparable arguments.
|
2017-08-03 02:39:07 +03:00
|
|
|
*
|
|
|
|
* Bitvectors are compared using unsigned arithmetic.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2015-07-04 00:19:56 +03:00
|
|
|
primitive (<) : {a} (Cmp a) => a -> a -> Bit
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Greater-than of two comparable arguments.
|
2017-08-03 02:39:07 +03:00
|
|
|
*
|
|
|
|
* Bitvectors are compared using unsigned arithmetic.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2015-07-04 00:19:56 +03:00
|
|
|
primitive (>) : {a} (Cmp a) => a -> a -> Bit
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Less-than or equal of two comparable arguments.
|
2017-08-03 02:39:07 +03:00
|
|
|
*
|
|
|
|
* Bitvectors are compared using unsigned arithmetic.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2015-07-04 00:19:56 +03:00
|
|
|
primitive (<=) : {a} (Cmp a) => a -> a -> Bit
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Greater-than or equal of two comparable arguments.
|
2017-08-03 02:39:07 +03:00
|
|
|
*
|
|
|
|
* Bitvectors are compared using unsigned arithmetic.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2015-07-04 00:19:56 +03:00
|
|
|
primitive (>=) : {a} (Cmp a) => a -> a -> Bit
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Compares any two values of the same type for equality.
|
|
|
|
*/
|
2015-07-04 00:19:56 +03:00
|
|
|
primitive (==) : {a} (Cmp a) => a -> a -> Bit
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Compares any two values of the same type for inequality.
|
|
|
|
*/
|
2015-07-04 00:19:56 +03:00
|
|
|
primitive (!=) : {a} (Cmp a) => a -> a -> Bit
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
2017-05-24 19:09:28 +03:00
|
|
|
* Compare the outputs of two functions for equality.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
(===) : {a, b} (Cmp b) => (a -> b) -> (a -> b) -> (a -> Bit)
|
2015-06-09 01:58:46 +03:00
|
|
|
f === g = \ x -> f x == g x
|
|
|
|
|
|
|
|
/**
|
2017-05-24 19:09:28 +03:00
|
|
|
* Compare the outputs of two functions for inequality.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
(!==) : {a, b} (Cmp b) => (a -> b) -> (a -> b) -> (a -> Bit)
|
2015-06-09 01:58:46 +03:00
|
|
|
f !== g = \x -> f x != g x
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the smaller of two comparable arguments.
|
2017-08-03 02:39:07 +03:00
|
|
|
* Bitvectors are compared using unsigned arithmetic.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
|
|
|
min : {a} (Cmp a) => a -> a -> a
|
|
|
|
min x y = if x < y then x else y
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the greater of two comparable arguments.
|
2017-08-03 02:39:07 +03:00
|
|
|
* Bitvectors are compared using unsigned arithmetic.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
|
|
|
max : {a} (Cmp a) => a -> a -> a
|
|
|
|
max x y = if x > y then x else y
|
|
|
|
|
2017-08-03 02:39:07 +03:00
|
|
|
|
|
|
|
/**
|
2017-08-17 03:34:22 +03:00
|
|
|
* 2's complement signed less-than.
|
2017-08-03 02:39:07 +03:00
|
|
|
*/
|
2017-08-07 22:37:46 +03:00
|
|
|
primitive (<$) : {a} (SignedCmp a) => a -> a -> Bit
|
2017-08-03 02:39:07 +03:00
|
|
|
|
|
|
|
/**
|
2017-08-17 03:34:22 +03:00
|
|
|
* 2's complement signed greater-than.
|
2017-08-03 02:39:07 +03:00
|
|
|
*/
|
2017-08-07 22:37:46 +03:00
|
|
|
(>$) : {a} (SignedCmp a) => a -> a -> Bit
|
2017-08-05 03:02:10 +03:00
|
|
|
x >$ y = y <$ x
|
2017-08-03 02:39:07 +03:00
|
|
|
|
|
|
|
/**
|
2017-08-17 03:34:22 +03:00
|
|
|
* 2's complement signed less-than-or-equal.
|
2017-08-03 02:39:07 +03:00
|
|
|
*/
|
2017-08-07 22:37:46 +03:00
|
|
|
(<=$) : {a} (SignedCmp a) => a -> a -> Bit
|
2017-08-05 03:02:10 +03:00
|
|
|
x <=$ y = ~(y <$ x)
|
2017-08-03 02:39:07 +03:00
|
|
|
|
|
|
|
/**
|
2017-08-17 03:34:22 +03:00
|
|
|
* 2's complement signed greater-than-or-equal.
|
2017-08-03 02:39:07 +03:00
|
|
|
*/
|
2017-08-07 22:37:46 +03:00
|
|
|
(>=$) : {a} (SignedCmp a) => a -> a -> Bit
|
2017-08-05 03:02:10 +03:00
|
|
|
x >=$ y = ~(x <$ y)
|
2017-08-03 02:39:07 +03:00
|
|
|
|
|
|
|
/**
|
2017-08-17 03:34:22 +03:00
|
|
|
* 2's complement signed division. Division rounds toward 0.
|
2017-08-03 02:39:07 +03:00
|
|
|
*/
|
2017-08-17 03:34:22 +03:00
|
|
|
primitive (/$) : {a} (Arith a) => a -> a -> a
|
2017-08-03 02:39:07 +03:00
|
|
|
|
|
|
|
/**
|
2017-08-17 03:34:22 +03:00
|
|
|
* 2's complement signed remainder. Division rounds toward 0.
|
2017-08-03 02:39:07 +03:00
|
|
|
*/
|
2017-08-17 03:34:22 +03:00
|
|
|
primitive (%$) : {a} (Arith a) => a -> a -> a
|
2017-08-03 02:39:07 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Unsigned carry. Returns true if the unsigned addition of the given
|
|
|
|
* bitvector arguments would result in an unsigned overflow.
|
|
|
|
*/
|
|
|
|
primitive carry : {n} (fin n) => [n] -> [n] -> Bit
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Signed carry. Returns true if the 2's complement signed addition of the
|
|
|
|
* given bitvector arguments would result in a signed overflow.
|
|
|
|
*/
|
|
|
|
primitive scarry : {n} (fin n, n >= 1) => [n] -> [n] -> Bit
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Signed borrow. Returns true if the 2's complement signed subtraction of the
|
|
|
|
* given bitvector arguments would result in a signed overflow.
|
|
|
|
*/
|
|
|
|
sborrow : {n} (fin n, n >= 1) => [n] -> [n] -> Bit
|
2017-08-05 03:03:23 +03:00
|
|
|
sborrow x y = ( x <$ (x-y) ) ^ y@0
|
2017-08-03 02:39:07 +03:00
|
|
|
|
2017-08-05 03:04:29 +03:00
|
|
|
/**
|
|
|
|
* Zero extension of a bitvector.
|
|
|
|
*/
|
2018-06-28 20:40:37 +03:00
|
|
|
zext : {m, n} (fin m, m >= n) => [n] -> [m]
|
2017-08-05 03:04:29 +03:00
|
|
|
zext x = zero # x
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sign extension of a bitvector.
|
|
|
|
*/
|
2018-06-28 20:40:37 +03:00
|
|
|
sext : {m, n} (fin m, m >= n, n >= 1) => [n] -> [m]
|
2017-08-05 03:04:29 +03:00
|
|
|
sext x = newbits # x
|
|
|
|
where newbits = if x@0 then ~zero else zero
|
|
|
|
|
2016-08-13 03:12:34 +03:00
|
|
|
/**
|
|
|
|
* Short-cutting boolean conjuction function.
|
|
|
|
* If the first argument is False, the second argument
|
|
|
|
* is not evaluated.
|
|
|
|
*/
|
|
|
|
(/\) : Bit -> Bit -> Bit
|
|
|
|
x /\ y = if x then y else False
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Short-cutting boolean disjuction function.
|
|
|
|
* If the first argument is True, the second argument
|
|
|
|
* is not evaluated.
|
|
|
|
*/
|
|
|
|
(\/) : Bit -> Bit -> Bit
|
|
|
|
x \/ y = if x then True else y
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Short-cutting logical implication.
|
|
|
|
* If the first argument is False, the second argument is
|
|
|
|
* not evaluated.
|
|
|
|
*/
|
|
|
|
(==>) : Bit -> Bit -> Bit
|
|
|
|
a ==> b = if a then b else True
|
|
|
|
|
2015-06-09 01:58:46 +03:00
|
|
|
/**
|
|
|
|
* Logical `and' over bits. Extends element-wise over sequences, tuples.
|
|
|
|
*/
|
2017-09-15 23:33:56 +03:00
|
|
|
primitive (&&) : {a} (Logic a) => a -> a -> a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Logical `or' over bits. Extends element-wise over sequences, tuples.
|
|
|
|
*/
|
2017-09-15 23:33:56 +03:00
|
|
|
primitive (||) : {a} (Logic a) => a -> a -> a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Logical `exclusive or' over bits. Extends element-wise over sequences, tuples.
|
|
|
|
*/
|
2017-09-15 23:33:56 +03:00
|
|
|
primitive (^) : {a} (Logic a) => a -> a -> a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Gives an arbitrary shaped value whose bits are all False.
|
|
|
|
* ~zero likewise gives an arbitrary shaped value whose bits are all True.
|
|
|
|
*/
|
2017-09-16 02:37:44 +03:00
|
|
|
primitive zero : {a} (Zero a) => a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
2016-08-19 20:17:36 +03:00
|
|
|
/**
|
|
|
|
* Converts a bitvector to a non-negative integer in the range 0 to 2^^n-1.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive toInteger : {bits} (fin bits) => [bits] -> Integer
|
2016-08-19 20:17:36 +03:00
|
|
|
|
|
|
|
/**
|
2018-06-22 03:05:33 +03:00
|
|
|
* Converts an unbounded integer to another arithmetic type. When converting
|
|
|
|
* to the bitvector type [n], the value is reduced modulo 2^^n.
|
2016-08-19 20:17:36 +03:00
|
|
|
*/
|
2018-06-22 02:59:01 +03:00
|
|
|
primitive fromInteger : {a} (Arith a) => Integer -> a
|
2016-08-19 20:17:36 +03:00
|
|
|
|
2018-06-15 20:13:09 +03:00
|
|
|
/**
|
|
|
|
* Converts an integer modulo n to an unbounded integer in the range 0 to n-1.
|
|
|
|
*/
|
|
|
|
primitive fromZ : {n} (fin n, n >= 1) => Z n -> Integer
|
|
|
|
|
2015-06-09 01:58:46 +03:00
|
|
|
/**
|
|
|
|
* Left shift. The first argument is the sequence to shift, the second is the
|
|
|
|
* number of positions to shift by.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive (<<) : {n, ix, a} (fin ix, Zero a) => [n]a -> [ix] -> [n]a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Right shift. The first argument is the sequence to shift, the second is the
|
|
|
|
* number of positions to shift by.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive (>>) : {n, ix, a} (fin ix, Zero a) => [n]a -> [ix] -> [n]a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Left rotate. The first argument is the sequence to rotate, the second is the
|
|
|
|
* number of positions to rotate by.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive (<<<) : {n, ix, a} (fin n, fin ix) => [n]a -> [ix] -> [n]a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Right rotate. The first argument is the sequence to rotate, the second is
|
|
|
|
* the number of positions to rotate by.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive (>>>) : {n, ix, a} (fin n, fin ix) => [n]a -> [ix] -> [n]a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
2017-08-03 02:39:07 +03:00
|
|
|
/**
|
|
|
|
* 2's complement signed (arithmetic) right shift. The first argument
|
|
|
|
* is the sequence to shift (considered as a signed value),
|
|
|
|
* the second argument is the number of positions to shift
|
|
|
|
* by (considered as an unsigned value).
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive (>>$) : {n, ix} (fin n, n >= 1, fin ix) => [n] -> [ix] -> [n]
|
2017-08-03 02:39:07 +03:00
|
|
|
|
|
|
|
|
|
|
|
|
2017-11-15 22:37:06 +03:00
|
|
|
/**
|
|
|
|
* Concatenates two sequences. On bitvectors, the most-significant bits
|
|
|
|
* are in the left argument, and the least-significant bits are in the right.
|
|
|
|
*/
|
2015-06-09 01:58:46 +03:00
|
|
|
primitive (#) : {front, back, a} (fin front) => [front]a -> [back]a
|
|
|
|
-> [front + back] a
|
|
|
|
|
|
|
|
/**
|
2017-11-15 22:37:06 +03:00
|
|
|
* Splits a sequence into a pair of sequences.
|
|
|
|
* 'splitAt z = (x, y)' iff 'x # y = z'.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
|
|
|
primitive splitAt : {front, back, a} (fin front) => [front + back]a
|
|
|
|
-> ([front]a, [back]a)
|
2017-11-15 22:37:06 +03:00
|
|
|
|
2015-06-09 01:58:46 +03:00
|
|
|
/**
|
2017-11-15 22:37:06 +03:00
|
|
|
* Concatenates a list of sequences.
|
|
|
|
* 'join' is the inverse function to 'split'.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
|
|
|
primitive join : {parts, each, a} (fin each) => [parts][each]a
|
|
|
|
-> [parts * each]a
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Splits a sequence into 'parts' groups with 'each' elements.
|
2017-11-15 22:37:06 +03:00
|
|
|
* 'split' is the inverse function to 'join'.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
|
|
|
primitive split : {parts, each, a} (fin each) => [parts * each]a
|
|
|
|
-> [parts][each]a
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Reverses the elements in a sequence.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive reverse : {n, a} (fin n) => [n]a -> [n]a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
2018-06-29 00:14:11 +03:00
|
|
|
* Transposes a matrix.
|
|
|
|
* Satisfies the property 'transpose m @ i @ j == m @ j @ i'.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive transpose : {rows, cols, a} [rows][cols]a -> [cols][rows]a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Index operator. The first argument is a sequence. The second argument is
|
|
|
|
* the zero-based index of the element to select from the sequence.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive (@) : {n, a, ix} (fin ix) => [n]a -> [ix] -> a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Bulk index operator. The first argument is a sequence. The second argument
|
|
|
|
* is a sequence of the zero-based indices of the elements to select.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
(@@) : {n, k, ix, a} (fin ix) => [n]a -> [k][ix] -> [k]a
|
2018-04-19 02:50:39 +03:00
|
|
|
xs @@ is = [ xs @ i | i <- is ]
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Reverse index operator. The first argument is a finite sequence. The second
|
|
|
|
* argument is the zero-based index of the element to select, starting from the
|
|
|
|
* end of the sequence.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive (!) : {n, a, ix} (fin n, fin ix) => [n]a -> [ix] -> a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Bulk reverse index operator. The first argument is a finite sequence. The
|
|
|
|
* second argument is a sequence of the zero-based indices of the elements to
|
2016-08-13 02:13:32 +03:00
|
|
|
* select, starting from the end of the sequence.
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
(!!) : {n, k, ix, a} (fin n, fin ix) => [n]a -> [k][ix] -> [k]a
|
2018-04-19 02:50:39 +03:00
|
|
|
xs !! is = [ xs ! i | i <- is ]
|
2015-06-09 01:58:46 +03:00
|
|
|
|
2016-08-10 00:47:43 +03:00
|
|
|
/**
|
|
|
|
* Update the given sequence with new value at the given index position.
|
|
|
|
* The first argument is a sequence. The second argument is the zero-based
|
|
|
|
* index of the element to update, starting from the front of the sequence.
|
|
|
|
* The third argument is the new element. The return value is the
|
|
|
|
* initial sequence updated so that the indicated index has the given value.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive update : {n, a, ix} (fin ix) => [n]a -> [ix] -> a -> [n]a
|
2016-08-10 00:47:43 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Update the given sequence with new value at the given index position.
|
|
|
|
* The first argument is a sequence. The second argument is the zero-based
|
|
|
|
* index of the element to update, starting from the end of the sequence.
|
|
|
|
* The third argument is the new element. The return value is the
|
|
|
|
* initial sequence updated so that the indicated index has the given value.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive updateEnd : {n, a, ix} (fin n, fin ix) => [n]a -> [ix] -> a -> [n]a
|
2016-08-10 00:47:43 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Perform a series of updates to a sequence. The first argument is
|
|
|
|
* the initial sequence to update. The second argument is a sequence
|
2016-08-17 00:36:46 +03:00
|
|
|
* of indices, and the third argument is a sequence of values.
|
2016-08-10 00:47:43 +03:00
|
|
|
* This function applies the 'update' function in sequence with the
|
|
|
|
* given update pairs.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
updates : {n, k, ix, a} (fin ix, fin k) => [n]a -> [k][ix] -> [k]a -> [n]a
|
2016-08-17 00:36:46 +03:00
|
|
|
updates xs0 idxs vals = xss!0
|
2016-08-10 00:47:43 +03:00
|
|
|
where
|
|
|
|
xss = [ xs0 ] #
|
|
|
|
[ update xs i b
|
2016-08-17 00:36:46 +03:00
|
|
|
| xs <- xss
|
|
|
|
| i <- idxs
|
|
|
|
| b <- vals
|
|
|
|
]
|
2016-08-10 00:47:43 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Perform a series of updates to a sequence. The first argument is
|
|
|
|
* the initial sequence to update. The second argument is a sequence
|
2016-08-17 00:36:46 +03:00
|
|
|
* of indices, and the third argument is a sequence of values.
|
2016-08-10 00:47:43 +03:00
|
|
|
* This function applies the 'updateEnd' function in sequence with the
|
|
|
|
* given update pairs.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
updatesEnd : {n, k, ix, a} (fin n, fin ix, fin k) => [n]a -> [k][ix] -> [k]a -> [n]a
|
2016-08-17 00:36:46 +03:00
|
|
|
updatesEnd xs0 idxs vals = xss!0
|
2016-08-10 00:47:43 +03:00
|
|
|
where
|
|
|
|
xss = [ xs0 ] #
|
|
|
|
[ updateEnd xs i b
|
2016-08-17 00:36:46 +03:00
|
|
|
| xs <- xss
|
|
|
|
| i <- idxs
|
|
|
|
| b <- vals
|
|
|
|
]
|
2016-08-10 00:47:43 +03:00
|
|
|
|
2017-05-24 19:09:28 +03:00
|
|
|
/**
|
|
|
|
* A finite arithmetic sequence starting with 'first' and 'next',
|
|
|
|
* stopping when the values would wrap around modulo '2^^bits'.
|
|
|
|
*
|
|
|
|
* '[a,b..]' is syntactic sugar for 'fromThen`{first=a,next=b}'.
|
2018-06-21 01:06:19 +03:00
|
|
|
* '[a..]' is syntactic sugar for 'fromThen`{first=a,next=a+1}'.
|
2017-05-24 19:09:28 +03:00
|
|
|
*/
|
2015-06-09 01:58:46 +03:00
|
|
|
primitive fromThen : {first, next, bits, len}
|
|
|
|
( fin first, fin next, fin bits
|
|
|
|
, bits >= width first, bits >= width next
|
|
|
|
, lengthFromThen first next bits == len) => [len][bits]
|
|
|
|
|
2017-05-24 19:09:28 +03:00
|
|
|
/**
|
|
|
|
* A finite sequence counting up from 'first' to 'last'.
|
|
|
|
*
|
|
|
|
* '[a..b]' is syntactic sugar for 'fromTo`{first=a,last=b}'.
|
|
|
|
*/
|
2018-06-16 03:17:54 +03:00
|
|
|
primitive fromTo : {first, last, a} (fin last, last >= first, Literal last a) =>
|
|
|
|
[1 + (last - first)]a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
2017-05-24 19:09:28 +03:00
|
|
|
/**
|
|
|
|
* A finite arithmetic sequence starting with 'first' and 'next',
|
|
|
|
* stopping when the values reach or would skip over 'last'.
|
|
|
|
*
|
|
|
|
* '[a,b..c]' is syntactic sugar for 'fromThenTo`{first=a,next=b,last=c}'.
|
|
|
|
*/
|
2018-06-16 03:45:57 +03:00
|
|
|
primitive fromThenTo : {first, next, last, a, len}
|
|
|
|
( fin first, fin next, fin last
|
|
|
|
, Literal first a, Literal next a, Literal last a
|
|
|
|
, lengthFromThenTo first next last == len) => [len]a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
2017-05-24 19:09:28 +03:00
|
|
|
/**
|
|
|
|
* An infinite sequence counting up from the given starting value.
|
|
|
|
* '[x...]' is syntactic sugar for 'infFrom x'.
|
|
|
|
*/
|
2018-06-22 03:57:13 +03:00
|
|
|
primitive infFrom : {a} (Arith a) => a -> [inf]a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
2017-05-24 19:09:28 +03:00
|
|
|
/**
|
|
|
|
* An infinite arithmetic sequence starting with the given two values.
|
|
|
|
* '[x,y...]' is syntactic sugar for 'infFromThen x y'.
|
|
|
|
*/
|
2018-06-22 04:24:12 +03:00
|
|
|
primitive infFromThen : {a} (Arith a) => a -> a -> [inf]a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
2018-06-29 00:14:11 +03:00
|
|
|
primitive error : {a, len} (fin len) => [len][8] -> a
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
|
|
|
|
/**
|
2015-12-31 20:46:13 +03:00
|
|
|
* Performs multiplication of polynomials over GF(2).
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
pmult : {u, v} (fin u, fin v) => [1 + u] -> [1 + v] -> [1 + u + v]
|
2018-04-15 16:56:20 +03:00
|
|
|
pmult x y = last zs
|
|
|
|
where
|
|
|
|
zs = [0] # [ (z << 1) ^ (if yi then 0 # x else 0) | yi <- y | z <- zs ]
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
2015-12-31 20:46:13 +03:00
|
|
|
* Performs division of polynomials over GF(2).
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
pdiv : {u, v} (fin u, fin v) => [u] -> [v] -> [u]
|
2018-04-15 16:56:20 +03:00
|
|
|
pdiv x y = [ z ! degree | z <- zs ]
|
|
|
|
where
|
2018-06-29 00:14:11 +03:00
|
|
|
degree : [width v]
|
|
|
|
degree = last (ds : [1 + v]_)
|
|
|
|
where ds = [0/0] # [if yi then i else d | yi <- reverse y | i <- [0..v] | d <- ds ]
|
2018-04-15 16:56:20 +03:00
|
|
|
|
2018-06-29 00:14:11 +03:00
|
|
|
reduce : [v] -> [v]
|
2018-04-15 16:56:20 +03:00
|
|
|
reduce u = if u ! degree then u ^ y else u
|
|
|
|
|
2018-06-29 00:14:11 +03:00
|
|
|
zs : [u][v]
|
2018-04-15 16:56:20 +03:00
|
|
|
zs = [ tail (reduce z # [xi]) | z <- [0] # zs | xi <- x ]
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
2015-12-31 20:46:13 +03:00
|
|
|
* Performs modulus of polynomials over GF(2).
|
2015-06-09 01:58:46 +03:00
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
pmod : {u, v} (fin u, fin v) => [u] -> [1 + v] -> [v]
|
2018-04-15 16:56:20 +03:00
|
|
|
pmod x y = if y == 0 then 0/0 else last zs
|
|
|
|
where
|
2018-06-29 00:14:11 +03:00
|
|
|
degree : [width v]
|
|
|
|
degree = last (ds : [2 + v]_)
|
|
|
|
where ds = [0/0] # [if yi then i else d | yi <- reverse y | i <- [0..v] | d <- ds ]
|
2018-04-15 16:56:20 +03:00
|
|
|
|
2018-06-29 00:14:11 +03:00
|
|
|
reduce : [1 + v] -> [1 + v]
|
2018-04-15 16:56:20 +03:00
|
|
|
reduce u = if u ! degree then u ^ y else u
|
|
|
|
|
2018-06-29 00:14:11 +03:00
|
|
|
powers : [inf][1 + v]
|
2018-04-15 16:56:20 +03:00
|
|
|
powers = [reduce 1] # [ reduce (p << 1) | p <- powers ]
|
|
|
|
|
|
|
|
zs = [0] # [ z ^ (if xi then tail p else 0) | xi <- reverse x | p <- powers | z <- zs ]
|
2015-06-09 01:58:46 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Generates random values from a seed. When called with a function, currently
|
|
|
|
* generates a function that always returns zero.
|
|
|
|
*/
|
2016-01-20 05:17:34 +03:00
|
|
|
primitive random : {a} [256] -> a
|
2015-06-06 01:47:12 +03:00
|
|
|
|
2014-04-18 02:34:25 +04:00
|
|
|
type String n = [n][8]
|
|
|
|
type Word n = [n]
|
|
|
|
type Char = [8]
|
|
|
|
|
2018-06-29 00:14:11 +03:00
|
|
|
take : {front, back, a} (fin front) => [front + back]a -> [front]a
|
2014-04-18 02:34:25 +04:00
|
|
|
take (x # _) = x
|
|
|
|
|
2018-06-29 00:14:11 +03:00
|
|
|
drop : {front, back, a} (fin front) => [front + back]a -> [back]a
|
2014-04-18 02:34:25 +04:00
|
|
|
drop ((_ : [front] _) # y) = y
|
|
|
|
|
2018-06-29 00:14:11 +03:00
|
|
|
tail : {n, a} [1 + n]a -> [n]a
|
2014-04-18 02:34:25 +04:00
|
|
|
tail xs = drop`{1} xs
|
|
|
|
|
2018-04-19 03:01:24 +03:00
|
|
|
/**
|
|
|
|
* Return the left-most element of a sequence.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
head : {n, a} [1 + n]a -> a
|
2018-03-17 01:10:17 +03:00
|
|
|
head xs = xs @ 0
|
|
|
|
|
2018-04-19 03:01:24 +03:00
|
|
|
/**
|
|
|
|
* Return the right-most element of a sequence.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
last : {n, a} (fin n) => [1 + n]a -> a
|
2018-03-17 01:10:17 +03:00
|
|
|
last xs = xs ! 0
|
|
|
|
|
2018-06-29 00:14:11 +03:00
|
|
|
width : {bits, n, a} (fin n, fin bits, bits >= width n) => [n]a -> [bits]
|
|
|
|
width _ = `n
|
2014-04-18 02:34:25 +04:00
|
|
|
|
|
|
|
undefined : {a} a
|
|
|
|
undefined = error "undefined"
|
|
|
|
|
2018-06-29 00:14:11 +03:00
|
|
|
groupBy : {each, parts, a} (fin each) => [parts * each]a -> [parts][each]a
|
2014-04-18 02:34:25 +04:00
|
|
|
groupBy = split`{parts=parts}
|
2016-05-05 03:54:08 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Define the base 2 logarithm function in terms of width
|
|
|
|
*/
|
|
|
|
type lg2 n = width (max n 1 - 1)
|
2016-05-13 04:44:06 +03:00
|
|
|
|
|
|
|
/**
|
2016-07-14 00:16:33 +03:00
|
|
|
* Debugging function for tracing. The first argument is a string,
|
|
|
|
* which is prepended to the printed value of the second argument.
|
|
|
|
* This combined string is then printed when the trace function is
|
|
|
|
* evaluated. The return value is equal to the third argument.
|
|
|
|
*
|
|
|
|
* The exact timing and number of times the trace message is printed
|
|
|
|
* depend on the internal details of the Cryptol evaluation order,
|
|
|
|
* which are unspecified. Thus, the output produced by this
|
|
|
|
* operation may be difficult to predict.
|
2016-05-13 04:44:06 +03:00
|
|
|
*/
|
2017-06-16 19:58:11 +03:00
|
|
|
primitive trace : {n, a, b} (fin n) => [n][8] -> a -> b -> b
|
2016-05-13 04:44:06 +03:00
|
|
|
|
2016-07-14 00:16:33 +03:00
|
|
|
/**
|
|
|
|
* Debugging function for tracing values. The first argument is a string,
|
|
|
|
* which is prepended to the printed value of the second argument.
|
|
|
|
* This combined string is then printed when the trace function is
|
|
|
|
* evaluated. The return value is equal to the second argument.
|
|
|
|
*
|
|
|
|
* The exact timing and number of times the trace message is printed
|
|
|
|
* depend on the internal details of the Cryptol evaluation order,
|
|
|
|
* which are unspecified. Thus, the output produced by this
|
|
|
|
* operation may be difficult to predict.
|
|
|
|
*/
|
2017-06-16 19:58:11 +03:00
|
|
|
traceVal : {n, a} (fin n) => [n][8] -> a -> a
|
2016-05-13 04:44:06 +03:00
|
|
|
traceVal msg x = trace msg x x
|
2018-05-24 01:48:31 +03:00
|
|
|
|
|
|
|
/* Functions previously in Cryptol::Extras */
|
|
|
|
|
|
|
|
/**
|
2018-05-24 23:23:26 +03:00
|
|
|
* Conjunction of all bits in a sequence.
|
2018-05-24 01:48:31 +03:00
|
|
|
*/
|
|
|
|
and : {n} (fin n) => [n]Bit -> Bit
|
|
|
|
and xs = ~zero == xs
|
|
|
|
|
|
|
|
/**
|
2018-05-24 23:23:26 +03:00
|
|
|
* Disjunction of all bits in a sequence.
|
2018-05-24 01:48:31 +03:00
|
|
|
*/
|
|
|
|
or : {n} (fin n) => [n]Bit -> Bit
|
|
|
|
or xs = zero != xs
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Conjunction after applying a predicate to all elements.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
all : {n, a} (fin n) => (a -> Bit) -> [n]a -> Bit
|
2018-05-24 01:48:31 +03:00
|
|
|
all f xs = and (map f xs)
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Disjunction after applying a predicate to all elements.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
any : {n, a} (fin n) => (a -> Bit) -> [n]a -> Bit
|
2018-05-24 01:48:31 +03:00
|
|
|
any f xs = or (map f xs)
|
|
|
|
|
|
|
|
/**
|
2018-05-24 23:23:26 +03:00
|
|
|
* Map a function over a sequence.
|
2018-05-24 01:48:31 +03:00
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
map : {n, a, b} (a -> b) -> [n]a -> [n]b
|
2018-05-24 01:48:31 +03:00
|
|
|
map f xs = [f x | x <- xs]
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Functional left fold.
|
|
|
|
*
|
|
|
|
* foldl (+) 0 [1,2,3] = ((0 + 1) + 2) + 3
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
foldl : {n, a, b} (fin n) => (a -> b -> a) -> a -> [n]b -> a
|
2018-05-24 01:48:31 +03:00
|
|
|
foldl f acc xs = ys ! 0
|
2018-05-24 23:23:26 +03:00
|
|
|
where ys = [acc] # [f a x | a <- ys | x <- xs]
|
2018-05-24 01:48:31 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Functional right fold.
|
|
|
|
*
|
|
|
|
* foldr (-) 0 [1,2,3] = 0 - (1 - (2 - 3))
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
foldr : {n, a, b} (fin n) => (a -> b -> b) -> b -> [n]a -> b
|
2018-05-24 01:48:31 +03:00
|
|
|
foldr f acc xs = ys ! 0
|
2018-05-24 23:23:26 +03:00
|
|
|
where ys = [acc] # [f x a | a <- ys | x <- reverse xs]
|
2018-05-24 01:48:31 +03:00
|
|
|
|
|
|
|
/**
|
2018-05-24 23:23:26 +03:00
|
|
|
* Compute the sum of the values in the sequence.
|
2018-05-24 01:48:31 +03:00
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
sum : {n, a} (fin n, Arith a) => [n]a -> a
|
|
|
|
sum xs = foldl (+) (fromInteger 0) xs
|
2018-05-24 01:48:31 +03:00
|
|
|
|
|
|
|
/**
|
2018-05-24 23:23:26 +03:00
|
|
|
* Scan left is like a foldl that also emits the intermediate values.
|
2018-05-24 01:48:31 +03:00
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
scanl : {n, b, a} (b -> a -> b) -> b -> [n]a -> [n+1]b
|
2018-05-24 01:48:31 +03:00
|
|
|
scanl f acc xs = ys
|
2018-05-24 23:23:26 +03:00
|
|
|
where ys = [acc] # [f a x | a <- ys | x <- xs]
|
2018-05-24 01:48:31 +03:00
|
|
|
|
|
|
|
/**
|
2018-05-24 23:23:26 +03:00
|
|
|
* Scan right is like a foldr that also emits the intermediate values.
|
2018-05-24 01:48:31 +03:00
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
scanr : {n, a, b} (fin n) => (a -> b -> b) -> b -> [n]a -> [n+1]b
|
2018-05-24 01:48:31 +03:00
|
|
|
scanr f acc xs = reverse ys
|
2018-05-24 23:23:26 +03:00
|
|
|
where ys = [acc] # [f x a | a <- ys | x <- reverse xs]
|
2018-05-24 01:48:31 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Repeat a value.
|
|
|
|
*/
|
|
|
|
repeat : {n, a} a -> [n]a
|
|
|
|
repeat x = [ x | _ <- zero : [n] ]
|
|
|
|
|
|
|
|
/**
|
|
|
|
* `elem x xs` Returns true if x is equal to a value in xs.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
elem : {n, a} (fin n, Cmp a) => a -> [n]a -> Bit
|
2018-05-24 01:48:31 +03:00
|
|
|
elem a xs = any (\x -> x == a) xs
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a list of tuples from two lists.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
zip : {n, a, b} [n]a -> [n]b -> [n](a, b)
|
2018-05-24 01:48:31 +03:00
|
|
|
zip xs ys = [(x,y) | x <- xs | y <- ys]
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a list by applying the function to each pair of elements in the input.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
zipWith : {n, a, b, c} (a -> b -> c) -> [n]a -> [n]b -> [n]c
|
2018-05-24 01:48:31 +03:00
|
|
|
zipWith f xs ys = [f x y | x <- xs | y <- ys]
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Transform a function into uncurried form.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
uncurry : {a, b, c} (a -> b -> c) -> (a, b) -> c
|
2018-05-24 23:23:26 +03:00
|
|
|
uncurry f = \(a, b) -> f a b
|
2018-05-24 01:48:31 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Transform a function into curried form.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
curry : {a, b, c} ((a, b) -> c) -> a -> b -> c
|
2018-05-24 23:23:26 +03:00
|
|
|
curry f = \a b -> f (a, b)
|
2018-05-24 01:48:31 +03:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Map a function iteratively over a seed value, producing an infinite
|
|
|
|
* list of successive function applications.
|
|
|
|
*/
|
2018-06-29 00:14:11 +03:00
|
|
|
iterate : {a} (a -> a) -> a -> [inf]a
|
2018-05-24 01:48:31 +03:00
|
|
|
iterate f x = [x] # [ f v | v <- iterate f x ]
|