forked from yetanotherflower/mm0
-
Notifications
You must be signed in to change notification settings - Fork 1
/
verifier.mm0
29 lines (24 loc) · 1.11 KB
/
verifier.mm0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import "x86.mm0";
import "mm0.mm0";
---------------------------------------
-- Specification of a valid verifier --
---------------------------------------
--| The actual verifier ELF
def Verifier: string;
--| The verifier file is a valid ELF file
theorem Verifier_basicElf: $ isBasicElf Verifier $;
--| Given `mm0_file` on input, the verifier always terminates,
--| ensuring that the final input is empty (the entire input was consumed),
--| the output is empty (it outputs nothing), and the theorems in the
--| mm0 file are derivable.
theorem Verifier_terminates {input output: nat} (k mm0_file: nat):
$ initialConfig Verifier mm0_file k ->
terminates_ensuring k (S\ input, {output |
input = 0 /\ output = 0 /\ Valid mm0_file}) $;
--| Unpacking the above claim: if we set up an initial configuration
--| such that `mm0_file` is on standard in, and it runs to completion
--| having consumed the input and produced no output with exit code 0,
--| then the theorems in the input are derivable.
theorem Verifier_Valid (k mm0_file i o: nat):
$ initialConfig Verifier mm0_file k /\ succeeds k 0 0 ->
Valid mm0_file $;