Add U256 arithmetic functions (#73)

bbyalcinkaya · rv-auditor · web-flow · commit 5ba0798dbfb8 · 2025-04-15T12:29:54.000Z
* refactor integer.md using hostCallAux

* implement u256 arithmetic

* implement noop `authorize_as_curr_contract`

* Set Version: 0.1.62

* Set Version: 0.1.63

* add comments for max/min int helpers

---------

Co-authored-by: devops &lt;devops@runtimeverification.com&gt;
diff --git a/package/version b/package/version
@@ -1 +1 @@
-0.1.62
+0.1.63
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"
 
 [tool.poetry]
 name = "komet"
-version = "0.1.62"
+version = "0.1.63"
 description = "K tooling for the Soroban platform"
 authors = [
     "Runtime Verification, Inc. <contact@runtimeverification.com>",
diff --git a/src/komet/kdist/soroban-semantics/data.md b/src/komet/kdist/soroban-semantics/data.md
@@ -60,6 +60,7 @@ various contexts:
         | I64(Int)                                 [symbol(SCVal:I64)]
         | U128(Int)                                [symbol(SCVal:U128)]
         | I128(Int)                                [symbol(SCVal:I128)]
+        | U256(Int)                                [symbol(SCVal:U256)]
         | ScVec(List)                              [symbol(SCVal:Vec)]      // List<HostVal> or List<ScVal>
         | ScMap(Map)                               [symbol(SCVal:Map)]      // Map<ScVal, HostVal> or Map<ScVal, ScVal>
         | ScAddress(Address)                       [symbol(SCVal:Address)]
@@ -159,6 +160,8 @@ module HOST-OBJECT
     rule getTag(U128(I))       => 68    requires notBool( I <=Int #maxU64small ) // U64small and U128small have the same width
     rule getTag(I128(I))       => 11    requires          #minI64small <=Int I andBool I <=Int #maxI64small
     rule getTag(I128(I))       => 69    requires notBool( #minI64small <=Int I andBool I <=Int #maxI64small )
+    rule getTag(U256(I))       => 12    requires          I <=Int #maxU64small
+    rule getTag(U256(I))       => 70    requires notBool( I <=Int #maxU64small ) // U64small and U128small have the same width
     rule getTag(ScVec(_))      => 75
     rule getTag(ScMap(_))      => 76
     rule getTag(ScAddress(_))  => 77
@@ -176,14 +179,33 @@ module HOST-OBJECT
     rule getTagWithFlag(true, Symbol(_)) => 74
     rule getTagWithFlag(_,    SCV)       => getTag(SCV)      [owise]
    
-    // 64-bit integers that fit in 56 bits
-    syntax Int ::= "#maxU64small"     [macro]
-                 | "#maxI64small"     [macro]
-                 | "#minI64small"     [macro]
- // -----------------------------------------
-    rule #maxU64small => 72057594037927935
-    rule #maxI64small => 36028797018963967
-    rule #minI64small => -36028797018963968
+    // Define the max/min values of small 64-bit integers that fit in 56 bits.
+    // These are used to check whether an i64 can be embedded directly as a "small" HostVal
+    // based on the small integer definition in [CAP-046-01](https://github.com/stellar/stellar-protocol/blob/master/core/cap-0046-01).md#tag-values)
+    syntax Int ::= "#maxU64small"     [macro]  // Maximum unsigned small int: 2^56 - 1
+                 | "#maxI64small"     [macro]  // Maximum signed small int: 2^55 - 1
+                 | "#minI64small"     [macro]  // Minimum signed small int: -2^55
+ // -----------------------------------------------------------------------------------------
+    rule #maxU64small => maxInt(i56, Unsigned)
+    rule #maxI64small => maxInt(i56, Signed)
+    rule #minI64small => minInt(i56, Signed)
+
+    // Helpers for computing max/min values given a bit width and signedness.
+    syntax Int ::= maxInt(IWidth, Signedness)      [function, total]
+                 | minInt(IWidth, Signedness)      [function, total]
+ // ----------------------------------------------------------------
+    // For unsigned: max = 2^W - 1, min = 0
+    rule maxInt(W, Unsigned) => #pow(W) -Int 1
+    rule minInt(_, Unsigned) => 0
+
+    // For signed: max = 2^(W - 1) - 1, min = -2^(W - 1)
+    rule maxInt(W, Signed)   => #pow1(W) -Int 1
+    rule minInt(W, Signed)   => 0 -Int #pow1(W)
+
+    // refactor small int checks using this
+    syntax Bool ::= inRangeInt(IWidth, Signedness, Int)  [function, total, symbol(inRangeInt)]
+ // ------------------------------------------------------------------------------------------
+    rule inRangeInt(W, SG, I) => minInt(W, SG) <=Int I andBool I <=Int maxInt(W, SG)
 
     syntax ScVal ::= ScValOrDefault(KItem, ScVal)   [function, total, symbol(ScValOrDefault)]
  // ---------------------------------------------------------
@@ -261,6 +283,8 @@ module HOST-OBJECT
       requires getTag(VAL) ==Int 11
        andBool definedSigned(i56, getBody(VAL))
 
+    rule fromSmall(VAL) => U256(getBody(VAL))      requires getTag(VAL) ==Int 12
+
     rule fromSmall(VAL) => Symbol(decode6bit(getBody(VAL)))
                                                    requires getTag(VAL) ==Int 14
 
@@ -290,6 +314,7 @@ module HOST-OBJECT
     rule toSmall(I128(I))       => fromBodyAndTag(#unsigned(i56, I), 11)
       requires #minI64small <=Int I andBool I <=Int #maxI64small
        andBool definedUnsigned(i56, I)
+    rule toSmall(U256(I))       => fromBodyAndTag(I, 12)              requires I <=Int #maxU64small
     rule toSmall(Symbol(S))     => fromBodyAndTag(encode6bit(S), 14)  requires lengthString(S) <=Int 9
     rule toSmall(_)             => HostVal(-1)                        [owise]
 
@@ -363,11 +388,15 @@ module HOST-OBJECT
     rule #pow(i56)  => 72057594037927936
     rule #pow1(i56) => 36028797018963968
 
-    syntax IWidth ::= "i128"
- // ------------------------------------
+    syntax IWidth ::= "i128"     [symbol(i128)]
+                    | "i256"     [symbol(i256)]
+ // -------------------------------------------
     rule #width(i128) => 128
     rule #pow(i128)   => 340282366920938463463374607431768211456
     rule #pow1(i128)  => 170141183460469231731687303715884105728
+    rule #width(i256) => 256
+    rule #pow(i256)   => 115792089237316195423570985008687907853269984665640564039457584007913129639936
+    rule #pow1(i256)  => 57896044618658097711785492504343953926634992332820282019728792003956564819968
 
 ```
 
@@ -419,6 +448,7 @@ For scalar types the comparison is straightforward.
     rule compare(I64(A),  I64(B))  => compareInt(A, B)
     rule compare(U128(A), U128(B)) => compareInt(A, B)
     rule compare(I128(A), I128(B)) => compareInt(A, B)
+    rule compare(U256(A), U256(B)) => compareInt(A, B)
     rule compare(ScAddress(A), ScAddress(B)) => compareAddress(A, B)
     rule compare(Symbol(A), Symbol(B))       => compareString(A, B)
     rule compare(ScBytes(A), ScBytes(B))     => compareBytes(A, B)
@@ -539,8 +569,7 @@ corresponding values.
     // Duration                      => 8
     rule ScValTypeOrd(U128(_))       => 9
     rule ScValTypeOrd(I128(_))       => 10
-    // U256                          => 11
-    // I256                          => 12
+    rule ScValTypeOrd(U256(_))       => 11
     rule ScValTypeOrd(ScBytes(_))    => 13
     rule ScValTypeOrd(ScString(_))   => 14
     rule ScValTypeOrd(Symbol(_))     => 15
diff --git a/src/komet/kdist/soroban-semantics/host/address.md b/src/komet/kdist/soroban-semantics/host/address.md
@@ -27,6 +27,19 @@ module HOST-ADDRESS
         <locals>
           0 |-> < i64 > _      // Address
         </locals>
+```
+
+## authorize_as_curr_contract
+
+```k
+    rule [hostfun-authorize-as-curr-contract]:
+        <instrs> hostCall ( "a" , "3" , [ i64  .ValTypes ] -> [ i64  .ValTypes ] )
+              => toSmall(Void)
+                 ...
+        </instrs>
+        <locals>
+          0 |-> < i64 > _
+        </locals>
 
 endmodule
 ```
diff --git a/src/komet/kdist/soroban-semantics/host/integer.md b/src/komet/kdist/soroban-semantics/host/integer.md
@@ -4,6 +4,7 @@ requires "../configuration.md"
 
 module HOST-INTEGER
     imports CONFIG-OPERATIONS
+    imports WASM-OPERATIONS
 
     syntax InternalInstr ::= "returnU64"       [symbol(returnU64)]
                            | "returnI64"       [symbol(returnI64)]
@@ -35,14 +36,13 @@ module HOST-INTEGER
 
     rule [hostfun-obj-from-u64]:
         <instrs> hostCall ( "i" , "_" , [ i64  .ValTypes ] -> [ i64  .ValTypes ] )
-              => #waitCommands
+              => allocObject(U64(I))
               ~> returnHostVal
                  ...
         </instrs>
         <locals>
           0 |-> < i64 > I
         </locals>
-        <k> (.K => allocObject(U64(I))) ... </k>
 
     rule [hostfun-obj-from-i64]:
         <instrs> hostCall ( "i" , "1" , [ i64  .ValTypes ] -> [ i64  .ValTypes ] )
@@ -77,36 +77,12 @@ module HOST-INTEGER
         </locals>
         <k> (.K => allocObject( U128((HIGH <<Int 64) |Int LOW)) ) ... </k>
 
-    rule [hostfun-obj-to-u128-lo64]:
-        <instrs> hostCall ( "i" , "4" , [ i64  .ValTypes ] -> [ i64  .ValTypes ] )
-              => loadObject(HostVal(VAL))
-              ~> u128low64
-                 ...
-        </instrs>
-        <locals>
-          0 |-> < i64 > VAL
-        </locals>
-
-    syntax InternalInstr ::= "u128low64"      [symbol(u128low64)]
- // ---------------------------------------------------------------
-    rule [u128-low64]:
-        <instrs> u128low64 => i64.const I ... </instrs> // 'i64.const N' chops N to 64 bits
+    rule [hostCallAux-obj-to-u128-lo64]:
+        <instrs> hostCallAux ( "i" , "4" ) => i64.const I ... </instrs> // 'i64.const N' chops N to 64 bits
         <hostStack> U128(I) : S => S </hostStack>
 
-    rule [hostfun-obj-to-u128-hi64]:
-        <instrs> hostCall ( "i" , "5" , [ i64  .ValTypes ] -> [ i64  .ValTypes ] )
-              => loadObject(HostVal(VAL))
-              ~> u128high64
-                 ...
-        </instrs>
-        <locals>
-          0 |-> < i64 > VAL
-        </locals>
-
-    syntax InternalInstr ::= "u128high64"      [symbol(u128high64)]
- // ---------------------------------------------------------------
-    rule [u128-high64]:
-        <instrs> u128high64 => i64.const (I >>Int 64) ... </instrs>
+    rule [hostCallAux-obj-to-u128-hi64]:
+        <instrs> hostCallAux ( "i" , "5" ) => i64.const (I >>Int 64) ... </instrs>
         <hostStack> U128(I) : S => S </hostStack>
       [preserves-definedness] // 'X >>Int K' is defined for positive K
 
@@ -122,39 +98,150 @@ module HOST-INTEGER
         </locals>
       requires definedSigned(i128, (HIGH <<Int 64) |Int LOW )
 
-    rule [hostfun-obj-to-i128-lo64]:
-        <instrs> hostCall ( "i" , "7" , [ i64 .ValTypes ] -> [ i64  .ValTypes ] )
-              => loadObject(HostVal(VAL))
-              ~> i128lo64
-                 ...
-        </instrs>
-        <locals>
-          0 |-> < i64 > VAL
-        </locals>
-
-    syntax InternalInstr ::= "i128lo64"   [symbol(i128lo64)]
- // --------------------------------------------------------
-    rule [i128lo64]:
-        <instrs> i128lo64 => i64.const (#unsigned(i128, I)) ... </instrs>
+    rule [hostCallAux-obj-to-i128-lo64]:
+        <instrs> hostCallAux ( "i" , "7" ) => i64.const (#unsigned(i128, I)) ... </instrs>
         <hostStack> I128(I) : S => S </hostStack>
       requires definedUnsigned(i128, I)
       [preserves-definedness]
 
-    rule [hostfun-obj-to-i128-hi64]:
-        <instrs> hostCall ( "i" , "8" , [ i64 .ValTypes ] -> [ i64  .ValTypes ] )
-              => loadObject(HostVal(VAL))
-              ~> i128hi64
+    rule [hostCallAux-obj-to-i128-hi64]:
+        <instrs> hostCallAux ( "i" , "8" ) => i64.const (I >>Int 64) ... </instrs>
+        <hostStack> I128(I) : S => S </hostStack>
+```
+
+## obj_from_u256_pieces
+
+```k
+    rule [hostfun-obj-from-u256-pieces]:
+        <instrs> hostCall ( "i" , "9" , [ i64 i64 i64  i64  .ValTypes ] -> [ i64  .ValTypes ] )
+              => allocObject( U256(
+                       (HI_HI <<Int 192) 
+                  |Int (HI_LO <<Int 128) 
+                  |Int (LO_HI <<Int 64) 
+                  |Int  LO_LO
+                ))
+              ~> returnHostVal
                  ...
         </instrs>
         <locals>
-          0 |-> < i64 > VAL
+          0 |-> < i64 > HI_HI
+          1 |-> < i64 > HI_LO
+          2 |-> < i64 > LO_HI
+          3 |-> < i64 > LO_LO
         </locals>
+```
 
-    syntax InternalInstr ::= "i128hi64"   [symbol(i128hi64)]
- // --------------------------------------------------------
-    rule [i128hi64]:
-        <instrs> i128hi64 => i64.const (I >>Int 64) ... </instrs>
-        <hostStack> I128(I) : S => S </hostStack>
+## u256_val_from_be_bytes
 
+Convert a 32-byte `Bytes` object to `U256`.
+
+```k
+    rule [hostCallAux-u256-val-from-be-bytes]:
+        <instrs> hostCallAux ( "i" , "a" )
+              => allocObject( U256( Bytes2Int(BS, BE, Unsigned) ) )
+              ~> returnHostVal
+                 ...
+        </instrs>
+        <hostStack> ScBytes(BS) : S => S </hostStack>
+      requires lengthBytes(BS) ==Int 32
+```
+
+## u256_val_to_be_bytes
+
+```k
+    rule [hostCallAux-u256-val-to-be-bytes]:
+        <instrs> hostCallAux ( "i" , "b" )
+              => allocObject( ScBytes( Int2Bytes(32, I, BE) ) )
+              ~> returnHostVal
+                 ...
+        </instrs>
+        <hostStack> U256(I) : S => S </hostStack>
+```
+
+## obj_to_u256_hi_hi
+
+```k
+    rule [hostCallAux-obj-to-u256-hi-hi]:
+        <instrs> hostCallAux ( "i" , "c" ) => i64.const (I >>Int 192) ... </instrs>
+        <hostStack> U256(I) : S => S </hostStack>
+```
+
+## obj_to_u256_hi_lo
+
+```k
+    rule [hostCallAux-obj-to-u256-hi-lo]:
+        <instrs> hostCallAux ( "i" , "d" ) => i64.const (I >>Int 128) ... </instrs>
+        <hostStack> U256(I) : S => S </hostStack>
+```
+
+## obj_to_u256_lo_hi
+
+```k
+    rule [hostCallAux-obj-to-u256-lo-hi]:
+        <instrs> hostCallAux ( "i" , "e" ) => i64.const (I >>Int 64) ... </instrs>
+        <hostStack> U256(I) : S => S </hostStack>
+```
+
+## obj_to_u256_lo_lo
+
+```k
+    rule [hostCallAux-obj-to-u256-lo-lo]:
+        <instrs> hostCallAux ( "i" , "f" ) => i64.const I ... </instrs>
+        <hostStack> U256(I) : S => S </hostStack>
+```
+
+## u256_add
+
+```k
+    rule [hostCallAux-u256-add]:
+        <instrs> hostCallAux ( "i" , "n" )
+              => allocObject( U256( A +Int B ) )
+              ~> returnHostVal
+                 ...
+        </instrs>
+        <hostStack> U256(A) : U256(B) : S => S </hostStack>
+      requires inRangeInt(i256, Unsigned, A +Int B)
+```
+
+## u256_sub
+
+```k
+    rule [hostCallAux-u256-sub]:
+        <instrs> hostCallAux ( "i" , "o" )
+              => allocObject( U256( A -Int B ) )
+              ~> returnHostVal
+                 ...
+        </instrs>
+        <hostStack> U256(A) : U256(B) : S => S </hostStack>
+      requires inRangeInt(i256, Unsigned, A -Int B)
+```
+
+## u256_mul
+
+```k
+    rule [hostCallAux-u256-mul]:
+        <instrs> hostCallAux ( "i" , "p" )
+              => allocObject( U256( A *Int B ) )
+              ~> returnHostVal
+                 ...
+        </instrs>
+        <hostStack> U256(A) : U256(B) : S => S </hostStack>
+      requires inRangeInt(i256, Unsigned, A *Int B)
+```
+
+## u256_div
+
+```k
+    rule [hostCallAux-u256-div]:
+        <instrs> hostCallAux ( "i" , "q" )
+              => allocObject( U256( A /Int B ) )
+              ~> returnHostVal
+                 ...
+        </instrs>
+        <hostStack> U256(A) : U256(B) : S => S </hostStack>
+      requires 0 =/=Int B
+```
+
+```k
 endmodule
 ```
diff --git a/src/tests/integration/data/soroban/contracts/test_integers/src/lib.rs b/src/tests/integration/data/soroban/contracts/test_integers/src/lib.rs
diff --git a/src/tests/integration/data/u256.wast b/src/tests/integration/data/u256.wast
