ubt 0.4.1

Unified Binary Tree implementation based on EIP-7864
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358

# Makefile for UBT Formal Verification

# Rocq 9.1+ uses "rocq compile", earlier versions use rocqc/coqc
# Try rocq (9.1+), then rocqc (9.0), then coqc (legacy Coq)
ROCQ_EXISTS := $(shell which rocq 2>/dev/null)
ifdef ROCQ_EXISTS
  COQC := rocq compile
  COQDEP := rocq dep
  STDLIB_PATH :=
else
  COQC := $(shell which rocqc 2>/dev/null || echo coqc)
  COQDEP := $(shell which rocqdep 2>/dev/null || echo coqdep)
  # For Coq 8.x, we need to map the standard library to Stdlib
  # This provides compatibility with code using "From Stdlib Require"
  COQ_THEORIES := $(shell $(COQC) -where 2>/dev/null)/theories
  STDLIB_PATH := -Q $(COQ_THEORIES) Stdlib
endif

# Path to RocqOfRust library
# Can be overridden: make linking ROCQOFRUST_PATH=/custom/path
# See docs/LINKING_LAYER_SETUP.md for setup instructions
ROCQOFRUST_PATH ?= $(HOME)/pse/paradigm/rocq-of-rust/RocqOfRust

# Path to rocq-of-rust-interp library (submodule)
INTERP_LIB_PATH ?= lib/rocq-of-rust-interp/src

# Flags for our code (specs, simulations, proofs)
# STDLIB_PATH is set for Coq 8.x compatibility with "From Stdlib" imports
COQFLAGS := $(STDLIB_PATH) -Q specs UBT.Specs -Q simulations UBT.Sim -Q proofs UBT.Proofs

# QuickChick library path (auto-detected via opam)
QUICKCHICK_PATH := $(shell opam var coq-quickchick:lib 2>/dev/null)
COQFLAGS_QC := $(COQFLAGS) $(if $(QUICKCHICK_PATH),-Q $(QUICKCHICK_PATH) QuickChick,)

# Flags for translated code (needs RocqOfRust)
# Note: Uses -Q src src to match the auto-generated "Require Export src.xxx" paths
COQFLAGS_TRANS := $(STDLIB_PATH) -R $(ROCQOFRUST_PATH) RocqOfRust -Q src src

# Source files
SPEC_FILES := specs/tree_spec.v specs/embedding_spec.v
SIM_FILES := $(wildcard simulations/*.v)
PROOF_FILES := $(wildcard proofs/*.v)
# Core proofs (without QuickChick dependency)
PROOF_CORE_FILES := proofs/correctness.v
TRANS_FILES := $(wildcard src/*.v)

ALL_V := $(SPEC_FILES) $(SIM_FILES) $(PROOF_FILES)
ALL_VO := $(ALL_V:.v=.vo)
TRANS_VO := $(TRANS_FILES:.v=.vo)
LINKING_FILES := $(wildcard linking/*.v)
LINKING_VO := $(LINKING_FILES:.v=.vo)

# Flags for linking layer (needs RocqOfRust + simulations + src + interp library)
COQFLAGS_LINKING := $(STDLIB_PATH) -R $(ROCQOFRUST_PATH) RocqOfRust -Q simulations UBT.Sim -Q src src -Q linking UBT.Linking -Q $(INTERP_LIB_PATH) RocqInterp

.PHONY: all clean specs simulations proofs proofs-core quickchick quickchick-ci test translate translation linking extract extract-test extract-clean docs docs-clean check-deps help ci ci-full audit verify-axioms check-admits

all: specs simulations proofs

# Combined test target: builds proofs and runs QuickChick
test: proofs-core quickchick
	@echo "All tests passed!"

# Build specifications
specs: $(SPEC_FILES:.v=.vo)

# Build simulations (depends on specs)
simulations: specs $(SIM_FILES:.v=.vo)

# Build proofs (depends on simulations) - requires QuickChick
proofs: simulations $(PROOF_FILES:.v=.vo)

# Build core proofs only (no QuickChick dependency) - for CI
proofs-core: simulations $(PROOF_CORE_FILES:.v=.vo)

# Run QuickChick property-based tests (requires coq-quickchick)
# Full tests: 10,000 per property (50,000 total)
quickchick: simulations proofs/quickchick_tests.vo
	@echo "QuickChick tests completed successfully!"

# Run QuickChick CI tests (reduced count for faster CI builds)
# CI tests: 1,000 per property (5,000 total)
quickchick-ci: simulations proofs/quickchick_tests_ci.vo
	@echo "QuickChick CI tests completed successfully!"

# Build translated Rust code (requires RocqOfRust library)
translation: $(TRANS_VO)

# Build linking layer (requires RocqOfRust + simulations + translation)
linking: simulations translation $(LINKING_VO)

# Compile spec/sim/proof .v to .vo
specs/%.vo: specs/%.v
	$(COQC) $(COQFLAGS) $<

simulations/%.vo: simulations/%.v
	$(COQC) $(COQFLAGS) $<

proofs/%.vo: proofs/%.v
	$(COQC) $(COQFLAGS_QC) $<

# Compile translated .v to .vo
src/%.vo: src/%.v
	@if [ ! -d "$(ROCQOFRUST_PATH)" ]; then \
		echo "Error: RocqOfRust not found at $(ROCQOFRUST_PATH)"; \
		echo "See docs/LINKING_LAYER_SETUP.md for setup instructions."; \
		exit 1; \
	elif [ ! -f "$(ROCQOFRUST_PATH)/M.vo" ]; then \
		echo "Error: RocqOfRust not compiled. Run: cd $(ROCQOFRUST_PATH) && make"; \
		exit 1; \
	else \
		$(COQC) $(COQFLAGS_TRANS) $<; \
	fi

# Compile linking .v to .vo
linking/%.vo: linking/%.v
	@if [ ! -d "$(ROCQOFRUST_PATH)" ]; then \
		echo ""; \
		echo "==========================================================="; \
		echo "ERROR: RocqOfRust library not found"; \
		echo "==========================================================="; \
		echo ""; \
		echo "Expected location: $(ROCQOFRUST_PATH)"; \
		echo ""; \
		echo "Setup instructions:"; \
		echo "  1. git clone https://github.com/formal-land/rocq-of-rust.git ~/pse/paradigm/rocq-of-rust"; \
		echo "  2. cd ~/pse/paradigm/rocq-of-rust/RocqOfRust"; \
		echo "  3. eval \$$(opam env --switch=rocq-9)"; \
		echo "  4. make -j4"; \
		echo ""; \
		echo "Or specify custom path:"; \
		echo "  make linking ROCQOFRUST_PATH=/your/path/RocqOfRust"; \
		echo ""; \
		echo "See docs/LINKING_LAYER_SETUP.md for full documentation."; \
		echo "==========================================================="; \
		exit 1; \
	elif [ ! -f "$(ROCQOFRUST_PATH)/M.vo" ]; then \
		echo ""; \
		echo "==========================================================="; \
		echo "ERROR: RocqOfRust library not compiled"; \
		echo "==========================================================="; \
		echo ""; \
		echo "Found directory: $(ROCQOFRUST_PATH)"; \
		echo "But M.vo is missing (library not built)."; \
		echo ""; \
		echo "Run:"; \
		echo "  cd $(ROCQOFRUST_PATH)"; \
		echo "  eval \$$(opam env --switch=rocq-9)"; \
		echo "  make -j4"; \
		echo ""; \
		echo "See docs/LINKING_LAYER_SETUP.md for full documentation."; \
		echo "==========================================================="; \
		exit 1; \
	else \
		$(COQC) $(COQFLAGS_LINKING) $<; \
	fi

# Explicit dependencies for linking layer
linking/ubt_execution.vo: linking/types.vo
linking/MRun.vo: linking/ubt_execution.vo
linking/operations.vo: linking/types.vo linking/ubt_execution.vo linking/MRun.vo
linking/interpreter.vo: linking/operations.vo linking/types.vo linking/ubt_execution.vo linking/MRun.vo
linking/fuel_bridge.vo: linking/MRun.vo linking/interpreter.vo linking/ubt_execution.vo
linking/axiom_elimination.vo: linking/interpreter.vo linking/operations.vo linking/types.vo
linking/field_stepping.vo: linking/interpreter.vo linking/operations.vo linking/types.vo
linking/get_stepping.vo: linking/interpreter.vo linking/types.vo linking/operations.vo linking/field_stepping.vo linking/MRun.vo linking/fuel_bridge.vo
linking/iterator_stepping.vo: linking/interpreter.vo linking/types.vo linking/operations.vo simulations/iterator.vo
linking/insert_stepping.vo: linking/interpreter.vo linking/types.vo linking/operations.vo linking/field_stepping.vo linking/MRun.vo linking/fuel_bridge.vo
linking/root_hash_stepping.vo: linking/interpreter.vo linking/iterator_stepping.vo linking/types.vo linking/operations.vo linking/field_stepping.vo linking/MRun.vo linking/fuel_bridge.vo
linking/ubt_stepping.vo: linking/types.vo linking/operations.vo
linking/hashmap_bridge.vo: simulations/tree.vo

# Explicit dependencies for proofs layer
proofs/spec_linking.vo: simulations/tree.vo
proofs/multiproof.vo: simulations/tree.vo
proofs/correctness.vo: simulations/tree.vo

# Explicit dependencies for specs layer (tree_spec imports simulations)
specs/tree_spec.vo: simulations/tree.vo

# Explicit dependencies for simulations layer
simulations/tree.vo: simulations/crypto.vo
simulations/verkle.vo: simulations/tree.vo
simulations/security.vo: simulations/crypto.vo simulations/tree.vo
simulations/iterator.vo: simulations/tree.vo
simulations/serialization.vo: simulations/tree.vo
simulations/complexity.vo: simulations/tree.vo
simulations/streaming.vo: simulations/tree.vo
simulations/tree_build_stepping.vo: simulations/tree.vo simulations/streaming.vo
simulations/verkle_linking.vo: simulations/verkle.vo

# Generate dependencies
depend:
	$(COQDEP) $(COQFLAGS) $(ALL_V) > .depend

# Translate Rust to Rocq using rocq-of-rust
translate:
	@echo "Translating UBT Rust code to Rocq..."
	cd .. && cargo +nightly-2024-12-07 rocq-of-rust
	@echo "Translation complete. Check src/ for generated .v files."

# OCaml Extraction
# Flags for extraction (needs simulations)
COQFLAGS_EXTRACT := -Q specs UBT.Specs -Q simulations UBT.Sim -Q extraction UBT.Extract

# Extract to OCaml (depends on simulations being compiled)
extract: simulations extraction/extract.vo
	@echo "OCaml extraction complete!"
	@echo "Generated files:"
	@echo "  extraction/extracted.ml"
	@echo "  extraction/extracted.mli"
	@echo ""
	@echo "To compile the tests (optional):"
	@echo "  cd extraction && ocamlfind ocamlopt extracted.ml test_extracted.ml -o test_ubt"

extraction/extract.vo: extraction/extract.v
	$(COQC) $(COQFLAGS_EXTRACT) $<
	@if [ -f extracted.ml ]; then mv extracted.ml extracted.mli extraction/; fi

# Build and run extracted OCaml tests (optional - requires OCaml toolchain)
extract-test: extract
	@echo "Compiling extracted OCaml code..."
	@cd extraction && ocamlfind ocamlopt -package zarith -linkpkg extracted.ml test_extracted.ml -o test_ubt 2>/dev/null || \
		(ocamlopt extracted.ml test_extracted.ml -o test_ubt 2>/dev/null || \
		echo "OCaml compilation failed - this is optional, extracted.ml is still usable")
	@if [ -f extraction/test_ubt ]; then \
		echo "Running tests..."; \
		./extraction/test_ubt; \
	fi

extract-clean:
	rm -f extraction/*.vo extraction/*.glob extraction/*.vok extraction/*.vos
	rm -f extraction/extracted.ml extraction/extracted.mli
	rm -f extraction/test_ubt extraction/*.cmi extraction/*.cmx extraction/*.o

# Documentation generation using coqdoc
COQDOC := coqdoc
COQDOC_FLAGS := --toc --interpolate --utf8 --html \
	-Q specs UBT.Specs -Q simulations UBT.Sim -Q proofs UBT.Proofs
DOC_DIR := docs/html

# Generate HTML documentation
docs: specs simulations proofs
	@mkdir -p $(DOC_DIR)
	@echo "Generating HTML documentation..."
	$(COQDOC) $(COQDOC_FLAGS) -d $(DOC_DIR) \
		$(SPEC_FILES) $(SIM_FILES) $(PROOF_FILES)
	@echo "Documentation generated in $(DOC_DIR)/"
	@echo "Open docs/html/toc.html to browse."

# Clean generated documentation
docs-clean:
	rm -rf $(DOC_DIR)

# Clean generated files
clean: extract-clean docs-clean
	rm -f specs/*.vo specs/*.glob specs/*.vok specs/*.vos
	rm -f simulations/*.vo simulations/*.glob simulations/*.vok simulations/*.vos
	rm -f proofs/*.vo proofs/*.glob proofs/*.vok proofs/*.vos
	rm -f src/*.vo src/*.glob src/*.vok src/*.vos
	rm -f linking/*.vo linking/*.glob linking/*.vok linking/*.vos
	rm -f .depend

# Check if dependencies are installed
check-deps:
	@which $(COQC) > /dev/null || (echo "Error: coqc not found. Install Rocq first." && exit 1)
	@echo "Rocq version: $$($(COQC) --version)"
	@if [ -d "$(ROCQOFRUST_PATH)" ]; then \
		echo "RocqOfRust: $(ROCQOFRUST_PATH)"; \
		if [ -f "$(ROCQOFRUST_PATH)/M.vo" ]; then \
			echo "RocqOfRust library: compiled"; \
		else \
			echo "RocqOfRust library: NOT compiled (run 'make' in RocqOfRust/)"; \
		fi \
	else \
		echo "RocqOfRust: NOT FOUND"; \
	fi

# CI Targets
# Basic CI build (for PRs)
ci: clean all linking
	@echo "CI build complete!"

# Full CI build with all checks (for release verification)
ci-full: ci extract docs audit check-admits
	@echo "Full CI verification complete!"

# Audit axioms and admits (generates report)
audit:
	@chmod +x scripts/count_axioms.sh
	@./scripts/count_axioms.sh | tee audit-report.txt

# List all axioms with counts (for review)
verify-axioms:
	@echo "=== Axiom Verification Report ==="
	@echo ""
	@echo "Axiom declarations:"
	@grep -rn '^Axiom' specs/ simulations/ proofs/ linking/ 2>/dev/null || echo "  (none in specs/sim/proofs/linking)"
	@echo ""
	@echo "Parameter declarations:"
	@grep -rn '^Parameter' specs/ simulations/ proofs/ linking/ 2>/dev/null || echo "  (none in specs/sim/proofs/linking)"
	@echo ""
	@echo "Summary:"
	@AXIOMS=$$(grep -rh '^Axiom' specs/ simulations/ proofs/ linking/ 2>/dev/null | wc -l); \
	PARAMS=$$(grep -rh '^Parameter' specs/ simulations/ proofs/ linking/ 2>/dev/null | wc -l); \
	echo "  Total Axioms: $$AXIOMS"; \
	echo "  Total Parameters: $$PARAMS"

# Threshold for allowed admits (set to current count)
ADMIT_THRESHOLD ?= 10

# Check admits don't exceed threshold
check-admits:
	@echo "Checking admit count against threshold ($(ADMIT_THRESHOLD))..."
	@ADMITS=$$(grep -rn '\badmit\.' proofs/ linking/ 2>/dev/null | wc -l | tr -d ' '); \
	if [ "$$ADMITS" -gt "$(ADMIT_THRESHOLD)" ]; then \
		echo "ERROR: admit count ($$ADMITS) exceeds threshold ($(ADMIT_THRESHOLD))"; \
		exit 1; \
	else \
		echo "OK: admit count ($$ADMITS) within threshold ($(ADMIT_THRESHOLD))"; \
	fi

# Help
help:
	@echo "UBT Formal Verification Makefile"
	@echo ""
	@echo "Targets:"
	@echo "  all         - Build specs, simulations, and proofs (default)"
	@echo "  specs       - Build specification files"
	@echo "  simulations - Build simulation files"
	@echo "  proofs      - Build proof files (requires QuickChick)"
	@echo "  proofs-core - Build core proofs (no QuickChick needed)"
	@echo "  quickchick  - Run QuickChick tests (full: 10k/property)"
	@echo "  quickchick-ci - Run QuickChick tests (CI: 1k/property)"
	@echo "  test        - Run all tests (proofs-core + quickchick)"
	@echo "  translation - Build translated Rust code (requires RocqOfRust)"
	@echo "  translate   - Re-translate Rust to Rocq (requires rocq-of-rust)"
	@echo "  linking     - Build linking layer (requires RocqOfRust)"
	@echo "  extract     - Extract to OCaml (generates extraction/extracted.ml)"
	@echo "  extract-test- Build and run OCaml tests (optional)"
	@echo "  extract-clean- Clean extraction artifacts"
	@echo "  docs        - Generate HTML documentation (coqdoc)"
	@echo "  docs-clean  - Remove generated documentation"
	@echo "  clean       - Remove all generated files"
	@echo "  check-deps  - Verify dependencies are installed"
	@echo "  ci          - CI build (clean + all + linking)"
	@echo "  ci-full     - Full CI with extraction, docs, audit, and checks"
	@echo "  audit       - Count axioms and admits, generate report"
	@echo "  verify-axioms - List all axioms with locations"
	@echo "  check-admits - Fail if admits exceed threshold"
	@echo "  help        - Show this message"
	@echo ""
	@echo "Prerequisites:"
	@echo "  - Rocq 9.x (opam switch rocq-9)"
	@echo "  - RocqOfRust library (for 'translation' and 'linking' targets)"
	@echo "  - coqdoc (included with Rocq, for 'docs' target)"

-include .depend