To use the verifier and/or Lean, follow the installation instructions in this repository's main README file.
To run the verifier on math.cairo
, first activate the Python environment with version v.0.10.1.
Use the command
export CAIRO_PATH="{path to src}"
where {path_to_src}
is the path to the src
folder in this repository. Then execute the following
in this directory:
python ../../cairo_verify.py math.cairo
This will compile math.cairo
and construct the relevant Lean files. In this directory, the files
bool_spec.lean
and math_spec.lean
contain Hoare specifications of all the functions that are in
the dependency chain from functions in math.cairo
. The command
lean --make math_spec.lean
checks the specifications in those files and confirms that they are well formed.
The verifier also creates a folder, verification
, which contains a file , math_code.lean
. This
is a Lean description of the assembly code generated by the compiler. These descriptions can be
evaluated with Lean's #eval
function and the numbers that are output can be compared to the data
in a STARK proof.
For each of the functions in math.cairo
(as well as the dependencies, though in this case there
aren't any functions in bool.cairo
), the verifier also generates a Lean proof that the compiled
code satisfies the Hoare specification, relative to the model of Cairo execution specified in
lean/semantics/cpu.lean
. (The formalization in lean/semantics/air_encoding
shows that the
algebraic encoding of that execution model is correct, using polynomials that can again be compared
to the data used in a STARK proof.) Use
lean --make verification/*.lean
to check all the proofs and generate the compiled .olean
files.
Users are free to modify the user specifications in he specification files (in this case
math_spec.lean
) and add anything else they want there, provided they prove that their
specifications follow from the Hoare specifications. Running
lean --make math_spec.lean
again on the modified files guarantees that these files are correct, and running
lean --make verification/*.lean
again guarantees that the compiled code meets the new user specifications.
Running the verifier on math.cairo
again generates the Lean descriptions of the code, the Hoare
specifications, and the correctness proofs from scratch. But it is careful to replace the Hoare
specifications in the specification files without overwriting changes that the user has made. Thus
users can run the verifier whenever the code changes and then go back and repair anything that has
broken in the specification files.