• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
      • Apt
      • Zfc
      • Acre
      • Milawa
      • Smtlink
      • Abnf
      • Vwsim
      • Isar
      • Pfcs
        • Proof-support
        • Semantics
          • Exec-proof-tree
          • Assertion-list->constr-list
          • Assertion-list->asg-list
          • Eval-expr
          • Eval-expr-list
          • Assignment-wfp
          • Assertion
          • Proof-outcome
          • Proof-list-outcome
          • Assertion-list-from
          • Definition-satp
          • Constraint-satp
          • Assignment
          • System-satp
          • Constraint-list-satp
          • Assertion-list
          • Assignment-list
          • Proof-trees
        • Lifting
        • R1cs-subset
        • Indexed-names
        • Well-formedness
        • Abstract-syntax
        • Concrete-syntax
        • R1cs-bridge
        • Parser-interface
      • Wp-gen
      • Dimacs-reader
      • Legacy-defrstobj
      • Proof-checker-array
      • Soft
      • C
      • Farray
      • Rp-rewriter
      • Instant-runoff-voting
      • Imp-language
      • Sidekick
      • Leftist-trees
      • Java
      • Taspi
      • Riscv
      • Bitcoin
      • Des
      • Ethereum
      • X86isa
      • Sha-2
      • Yul
      • Zcash
      • Proof-checker-itp13
      • Regex
      • ACL2-programming-language
      • Json
      • Jfkr
      • Equational
      • Cryptography
      • Poseidon
      • Where-do-i-place-my-book
      • Axe
      • Aleo
      • Bigmems
      • Builtins
      • Execloader
      • Solidity
      • Paco
      • Concurrent-programs
      • Bls12-377-curves
    • Debugging
    • Std
    • Community
    • Proof-automation
    • Macro-libraries
    • ACL2
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
    • Math
    • Testing-utilities
  • Pfcs

Semantics

Semantics of PFCSes.

A named relation denotes a predicate over a cartesian product of the prime field, where the number of factors of the cartesian product is the arity of the relation. The predicate holds exactly on the tuples of prime field elements that, when assigned to the parameters of the relation, satisfy all the constraints that define the relation. An equality constraint is satisfied when its evaluated left and right sides are equal. A relation application in the defining body of another one is satisfied when the predicate it denotes holds on the prime field elements that result from evaluating its argument expressions. There must be no recursion in the relation definitions for this to be well-defined. The body of a relation definition may include variables that are not among the formal parameters: these are regarded as existentially quantified, i.e. the predicate denoted by the relation holds on a tuple when there exist values for those extra variables that, together with the values of the tuple, satisfy all the constraints.

The semantics informally described above can be formalized, mathematically, as a function with the following characteristics. This mathematical semantic function takes the following inputs:

  1. A constraint, of type constraint.
  2. A list of definitions, of type definition-list.
  3. An assignment, i.e. a finite map from variables to prime field elements.
  4. The prime.

The mathematical semantic function returns one of the following possible outputs:

  • The boolean `true', indicating that, given the input list of definitions, the input constraint is satisfied by the input assignment.
  • The boolean `false', indicating that, given the input list of definitions, the input constraint is not satisfied by the input assignment.
  • An error, indicating that, given the input list of definitions, the input constraint cannot be evaluated as satisfied or not.

The third output happens when, for instance, the constraint references a variable that is not in the assignment, or a relation that is not in the list of definitions. This should never happen when the list of definitions is well-formed, as we plan to prove formally.

Attempting to define this mathematical semantic function in ACL2 runs into an issue. A constraint that is a call of a relation is satisfied when all the constraints that form the body of the relation are satisfied, in some assignment that extends the one that assigns the actual parameters to the formal parameters. This is an existential quantification, which is expressed via defun-sk in ACL2, but the mathematical semantic function we are describing is recursive, and a mutual recursion cannot involve a defun-sk in ACL2.

To overcome this issue, we formalize a logical proof system to derive assertions about the mathematical semantic function, and then we define the function in ACL2 in terms of the proof system.

Subtopics

Exec-proof-tree
Execute a proof tree.
Assertion-list->constr-list
Lift assertion->constr to lists.
Assertion-list->asg-list
Lift assertion->asg to lists.
Eval-expr
Evaluate an expression, given an assignment and a prime field.
Eval-expr-list
Lift eval-expr to lists.
Assignment-wfp
Check if an assignment is well-formed.
Assertion
Fixtype of semantic assertions.
Proof-outcome
Fixtype of semantic proof outcomes.
Proof-list-outcome
Fixtype of semantic proof list outcomes.
Assertion-list-from
Lift assertion to lists.
Definition-satp
Check if a sequence of prime field elements satisfies a named PFCS definition.
Constraint-satp
Semantic function checking if a constaint is satisfied, given a list of definitions, an assignment, and a prime field.
Assignment
Fixtype of assignments.
System-satp
Check if an assignment satisfies a system.
Constraint-list-satp
Semantic function saying if an assignment satisfies a list of constraints, given a list of definitions and a prime field.
Assertion-list
Fixtype of lists of semantic assertions.
Assignment-list
Fixtype of lists of assignments.
Proof-trees