[{"data":1,"prerenderedAt":4},["ShallowReactive",2],{"8iKbDGRgiy":3},"\u003Cdiv align=\"center\">\n\n![SP1 Lean](./.github/assets/header.png)\n\nFormal verification of SP1 Hypercube zkVM arithmetization\n\n\u003C/div>\n\n## Overview\n\nThis repository provides formal specifications and proofs for the arithmetization of the SP1 Hypercube zkVM using the Lean 4 theorem prover, we formally verify that the constraint systems used in SP1's AIR (Algebraic Intermediate Representation) in addition to constraints implied by the lookup argument, correctly implement the RISC-V ISA semantics.\n\n## Repository Structure\n\nThe codebase is organized into three main libraries:\n\n### SP1Foundations\nFoundational definitions and utilities used throughout the verification:\n- **Field arithmetic**: Finite field operations over the KoalaBear field\n- **BitVec operations**: Bit vector manipulation and properties\n- **Constraints**: Framework for defining and reasoning about AIR constraints\n- **Register model**: RISC-V register state and operations\n- **SailM monad**: Integration with RISC-V formal semantics from Sail\n- **Memory model**: Memory consistency and checking infrastructure\n\n### SP1Operations\nDefinitions of RISC-V instruction operations and their constraint encodings:\n- **Readers**: Instruction decoding for different RISC-V types (R-type, I-type, J-type, etc.)\n- **Operations**: Constraint definitions for individual operations (add, mul, shift, etc.)\n- **CPU state management**: Program counter and state transitions\n\n### SP1Chips\nFormal correctness proofs for individual instruction chips:\n- **Arithmetic**: Add, Sub, Mul, DivRem, Addw, Subw\n- **Logical**: Bitwise operations (AND, OR, XOR)\n- **Comparison**: Lt (less than) operations\n- **Shifts**: ShiftLeft, ShiftRight\n- **Memory**: Load/Store operations (byte, half, word, double)\n- **Control flow**: Jal, Jalr, Branch instructions\n- **Immediate**: Addi, UType instructions\n\nEach chip contains:\n- Constraint definitions that encode the operation\n- A `spec_*` function defining the RISC-V semantics\n- An `sp1_*` function defining the SP1 operation\n- A `correct_*` theorem proving equivalence\n\n## How It Works\n\nFor each RISC-V instruction, we prove that:\n\n1. **The constraints are satisfiable**: When the instruction executes correctly, there exists an assignment to the constraint variables\n2. **The constraints are sound**: Any satisfying assignment corresponds to a valid RISC-V execution.\n\nThe proofs connect two representations:\n- **RISC-V Semantics**: Formal specification from the Sail RISC-V model\n- **SP1 Constraints**: Polynomial constraints used in the SP1 zkVM\n\nExample from `AddChip.lean`:\n```lean\ntheorem correct_add\n  (Main : Vector (Fin KB) 34)\n  (s : SailState)\n  (cstrs : (constraints Main).allHold)\n  (h_is_real : Main[33] = 1)\n  (state_cstrs : (constraints Main).initialState s) :\n  let op_c := sp1_op_c Main\n  let op_b := sp1_op_b Main\n  let op_a := sp1_op_a Main\n  (spec_add (.Regidx op_c) (.Regidx op_b) (.Regidx op_a)).run s = (sp1_add Main).run s\n```\n\nThis theorem states that when all constraints hold, the SP1 add operation produces the same result as the RISC-V specification.\n\n## Constraints\nConstraints come from two sources:\n- Constraints implied by the lookup argument.\n- Constraints implied by the equations.\n\n## Building\n\n### Prerequisites\n- [Lean 4](https://github.com/leanprover/lean4) (v4.23.0-rc2)\n- [Lake](https://github.com/leanprover/lake) (Lean's build tool)\n\n### Build Instructions\n\n```bash\n# Clone the repository\ngit clone https://github.com/succinctlabs/sp1-lean\ncd sp1-lean\n\n# Build the project\nlake build\n```\n\n## Dependencies\n\n- **[Mathlib](https://github.com/leanprover-community/mathlib4)**: Lean's mathematics library (v4.23.0-rc2)\n- **[Lean_RV64D](https://github.com/succinctlabs/sail-riscv-lean)**: Formal RISC-V semantics extracted from Sail\n",1780846764740]