Write footprint computation + soundness (#1990 part 2/3)#2007
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
* Add events-preserving helper IR body wrapper * Assemble top-level scalar event body bridge * Document top-level scalar event boundary * Refresh print axioms artifact * Split scalar event function proofs * Add scalar event function interface bridges * Add scalar event contract extraction bridges * Derive scalar event function disjoint witnesses * Add scalar event function compile wrapper * Refresh scalar event axiom audit * Narrow scalar event doc claims to function level * Add scalar event contract wrapper
First-class Call.Result for external calls (#1891)
Finite mapping slot non-alias certificates (#2001)
Model stateful external interactions (#1963)
CodeData layout and CREATE2 derivation surface (#2023)
…data Decode projected struct-array bytes calldata (#1975)
Single-fold validation surface (#1986)
Explicit role declarations (#1894)
Proof-backed CEI safety surface (#1892)
Oracle summaries for typed external reads (#1964)
# Conflicts: # PrintAxioms.lean
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 64c3949. Configure here.
| (branches : List (String × List String × List Stmt)) : | ||
| validateStmtParamReferencesInBranches fnName params branches = | ||
| validateStmtParamReferencesInBranches_viaFold fnName params branches := by | ||
| rfl |
There was a problem hiding this comment.
Unused _viaFold duplicate definitions and trivial theorems
Low Severity
Each of the four validator families (validateStmtParamReferences, validateReturnShapes, validateNoUnsupportedAdtConstruct, validateNoRuntimeReturnsInConstructor) plus exprContainsAdtConstruct gains a _viaFold function clone and _eq_viaFold theorem — totalling ~15 new definitions and ~15 trivial rfl theorems. Every _viaFold function is definitionally identical to its original (e.g., stmt.checkRec f vs Stmt.checkRec f stmt), and a grep confirms none of the _viaFold names are referenced anywhere outside their own _eq_viaFold theorems. This is dead code that adds maintenance burden.
Additional Locations (2)
Reviewed by Cursor Bugbot for commit 64c3949. Configure here.
1 participant
Summary
Compiler/Proofs/Frames.lean:Expr.staticValue,Stmt.writeFootprint,Stmt.writeFootprintList. The footprint returnssomefor analyzable statements (letVar, assignVar, literal-offset mstore, tstore, require, return, stop, ite, statement lists) andnonefor dynamic shapes.stmtWritesOnly_writeFootprint/stmtListWritesOnly_writeFootprint, and derivesexecStmt_frame_rule_writeFootprint/execStmts_frame_rule_writeFootprintso the frame rule applies automatically from syntax.PrintAxioms.lean(zero new axioms).Stacked on #2005 (part 1/3). Part 3 (coupling invariants /
SegmentSim/ composition rules) follows. Toward #1990.Test plan
lake build Verity Contracts Compiler PrintAxioms→ "Build completed successfully."generate_print_axioms.py+refresh_verification_artifacts.sh→[refresh] PASSmake check→ "All checks passed."Note
Medium Risk
Touches validation traversal, external-call/trust reporting, and whole-contract correctness theorems; changes are mostly proof-facing and tested via smoke/compile-driver checks, but errors in footprint or dispatch bridges could affect proof claims.
Overview
Adds computable IR write footprints in
Compiler/Proofs/Frames.lean(Expr.staticValue,Stmt.writeFootprint/writeFootprintList) with soundness theorems linking footprints toStmtWritesOnlyand automatic frame-rule lemmas (execStmt_frame_rule_writeFootprint, etc.), registered inPrintAxioms.lean.Beyond the footprint slice, the diff widens compiler proof and product surfaces: a whole-contract scalar-events theorem (
compile_preserves_semantics_with_scalar_events) plusScalarEventSmokeinContractFeatureTest.lean; a public CEI proof bridge (CEISafety.lean); contract-level scalar-event documentation updates inAUDIT.md.Trust and externals: ECM modules gain stateful external summaries (
StatefulExternalinECM.lean,externalSummaryon modules); trust/assumption JSON addsexternalSummaries, mutability, and selectors;oracleSummary/typedReadWordSummaryModulerefactors oracle lowering with source-shaped assumption names.Macro / DSL:
rolesblocks onverity_contract, explicit access-control theorems,callResultlowering totryExternalCallBind, view interface calls via oracle summary (reject multi-word view returns);cei_safesmoke showing it does not bypass CEI without trust exits; dynamic bytes/string args for linked externals and helper calls.Infrastructure: validation passes switch to
Stmt.checkRec/Expr.foldBoolwith_viaFoldrfl lemmas; mapping-slot non-alias certificates; newVerity/Core/Model/CodeData.lean(SSTORE2 layouts, CREATE2 preimage); executableCall.Resultstub; compile-driver trust tests updated for new JSON shapes.Reviewed by Cursor Bugbot for commit 64c3949. Bugbot is set up for automated code reviews on this repo. Configure here.