Add Concrete Syntax for Unstructured Programs in Strata Core#1196
Open
PROgram52bc wants to merge 73 commits into
Open
Add Concrete Syntax for Unstructured Programs in Strata Core#1196PROgram52bc wants to merge 73 commits into
PROgram52bc wants to merge 73 commits into
Conversation
Address PR review comments: note that the GOTO backend could be refactored into a two-stage pipeline (structured→cfg, then cfg→GOTO) to eliminate the pattern matching on Procedure.Body.
- Add Body.getCfg accessor (mirrors getStructured) - CoreToCBMC: throw error on CFG body instead of returning [] - StatementEval: interpret CFG bodies by linearizing blocks - Grammar: add comment explaining why 'branch' is used instead of 'if' (DDM registers tokens globally, causing conflict with if-statement)
… with CFG as body
- WF.lean: replace .stmts with case-split premises (bodyIsStructured) - Procedure.lean: replace isEmpty with isAbstract/isStructured/isCfg, remove Body.stmts definition - ProcedureInlining test: remove unused getStmts helper - Boole test: use explicit pattern matching with comment - Update all .body.stmts usages to explicit match expressions - Fix ProcBodyVerifyCorrect proof to use new WF structure
PROgram52bc
changed the title
Resolve conflicts in: - Strata/Languages/Boole/Verify.lean: drop HEAD's registerCommandSymbols/initFVarIsOp in favor of main2's globalVarTypes-based getFVarIsOp. - Strata/Languages/Core/ObligationExtraction.lean: combine HEAD's extractFromCmd refactor with main2's convertMetaDataPropertyType helper. - Strata/Languages/Core/SMTEncoder.lean: drop `private` on lMonoTyToTermType to expose for Verifier.lean cross-module use. - Strata/Languages/Core/Verifier.lean: take main2's encodeDeclarationsAbstract signature (it gained per-phase pctx tracking) and pass pctx through encodeCore. - Strata/Transform/ProcBodyVerifyCorrect.lean: keep HEAD's `ss` from destructuring proc.body = .structured ss (main2 still treated proc.body as a list directly). - Strata/Transform/StructuredToUnstructured.lean: keep HEAD's loop contract metadata on .condGoto / .goto transfers (main2's transfer ctors lacked the md argument). - StrataTest/DL/Imperative/StepStmtTest.lean: keep HEAD's explicit Bool.or_false simp. - StrataTest/DL/SMT/TranslateTests.lean: take main2's added arity-error tests. - StrataTest/Languages/Core/Examples/Seq.lean: take main2's added bounds-check obligation expectations.
github-actions
Bot
removed
dependencies
atomb
requested changes
May 27, 2026
Contributor
atomb
left a comment
atomb
left a comment
There was a problem hiding this comment.
I think this mostly looks great, but it's big enough that my list of comments and small requests got kind of long. :)
Changes from review: - BasicBlock.lean: drop `:= .empty` default on `DetTransferCmd.goto`; cascade explicit `synthesizedMd` provenance through `StructuredToUnstructured.lean` (`detCmdBlock`, `flushCmds`, the loop measure-decrease block) and update `ProcedureEvalCFGTests.lean` callers to pass `.empty` explicitly. Loops/Exit golden outputs gain the synthesized provenance prefix on transfers that previously appeared without metadata. - Grammar.lean: change `transfer_cond_goto` syntax to `branch (cond) goto X else goto Y` (symmetric); update `CFGSimple.core.st` and `CFGParseTests.lean` to match. - FormatCore.lean: split `transferToCST` into deterministic-only and a new `nondetTransferToCST` for `NondetTransferCmd`; drop the `$__nondet_` fvar sniff in the Det path. Det path always emits `transfer_goto`/`transfer_cond_goto`. - StatementEval.lean: replace stale `runCFG` docstring (it was describing `runCall`); restore `runCall` docstring; reword the runCFG nondet branch error message to point at symbolic / nondeterministic-goto conditions. - StatementSemantics.lean: fix `CoreCFGStepStar` docstring (`_enableNesting` → `cmd`) and drop the dead reference to the deleted `NestedInductiveRestriction.lean`. - CoreToGOTOPipeline.lean: add brief docstrings to the now-public `renameIdent` / `renameExpr` / `renameCmd`. - Boole/Verify.lean: typo (`Boole dialect` → `the Boole dialect`). - E2E_CoreToGOTO.lean: rewrite stale TODO; this helper uses the direct path because `injectPropertySummary` pattern-matches on `Core.Statement`. - NestedInductiveRestriction.lean: deleted (per reviewer: tests should pin desired behavior, not unwanted restrictions). Deferred to follow-up PRs (per discussion): O(n^2) list-append rewrite in `typeCheckCFG`; dataflow-aware type checking across CFG blocks; `coreCFGToGotoTransform` ↔ `detCFGToGotoTransform` deduplication (revisit once the two-stage pipeline is stable on `htd/smack`).
…back Project policy disallows new panic! calls. The unrepresentable >2-target case now logs an error via the existing ToCSTM error pattern and falls back to transfer_return, matching how lconstToExpr/lopToExpr handle unknown-construct cases.
PROgram52bc
commented
May 29, 2026
Contributor
Author
PROgram52bc
left a comment
PROgram52bc
left a comment
There was a problem hiding this comment.
Thanks for reading through such as tedious PR :) I addressed the comments you gave. Please let me know if there's anything you'd like to see differently.
Two tests merged from main2 used the pre-#1196 `proc.body : List Statement` shape. Adapt them to the new `Procedure.Body` sum (`structured` / `cfg`): - BvIntCastVerifyTests.lean (added by #1217): wrap the literal body list with `.structured`. - Boole/FeatureRequests/seq_empty_literal.lean (added by #1214): pattern- match `proc.body` and iterate the `.structured` arm; skip `.cfg` since the Boole-to-Core lowering does not produce CFG bodies.
atomb
previously approved these changes
May 29, 2026
Contributor
atomb
left a comment
atomb
left a comment
There was a problem hiding this comment.
I would like to continue propagating the change to remove default metadata, but that could be in a separate PR. Otherwise I think this looks great.
Contributor
Author
Thanks! |
…r keywords intact `GenSyntax.lean` extracts each string literal in an op's syntax def as a single keyword, so the previous `" else goto "` was being collapsed to `elsegoto` and added to the editor syntax-highlighting files (vscode + emacs). CI's `git diff --exit-code editors/` step then failed because the generated files drifted from the committed ones. Splitting the literal into `" else " "goto "` keeps `else` and `goto` as the two existing keywords. Parser behavior is unchanged: DDM tokenizes both forms identically.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add Support for Unstructured Programs in Strata Core
Description of changes
Prior to this PR, the only way to obtain unstructured programs was to apply
StructuredToUnstructuredtransformation..core.stfile examples illustrating the syntax of unstructured programs.Procedure.bodyto handle thecfgcase based on the contextAdaptation Methods for
Procedure.bodyUsespipelines, graph-level inlining).
Procedure.Bodysum type.(Bolded items are updates since the initial PR draft)
postconditionsValidadapted withCoreBodyExecTransform/CoreSpecification.leanProcedureCorrect.postconditionsValidTransform/ProcBodyVerifyCorrect.leanprocToVerifyStmt_is_structured(new helper theorem)sswitnesses viasubstTransform/ProcBodyVerifyCorrect.leanprocBodyVerify_procedureCorrectLanguages/Core/ObligationExtraction.leanextractGo_okproofLanguages/Core/ProcedureEval.leanevalLanguages/Core/ProcedureType.leantypeCheck,checkModificationRightsprocedureToGotoCtxViaCFGBackends/CBMC/GOTO/CoreToCProverGOTO.leantransformToGotoprocedureToGotoCtxViaCFGBackends/CBMC/GOTO/CoreToGOTOPipeline.leanprocedureToGotoCtxprocedureToGotoCtxViaCFGStrataTest/.../E2E_CoreToGOTO.leancoreToGotoJsonWithSummaryprocedureToGotoCtxViaCFGBackends/CBMC/CoreToCBMC.leancreateImplementationSymbolFromASTextractCallsFromStatementsvsextractCallsFromDetCFGLanguages/Core/CallGraph.leanextractCallsFromProcedureblockToCSTvsdetCFGToCSTLanguages/Core/DDMTransform/FormatCore.leanprocToCSTrunStmtvsrunCFGLanguages/Core/StatementEval.leanCommand.runCallCoreBodyExecwith two constructors, andCoreStepStarvsCoreCFGStepStarLanguages/Core/StatementSemantics.leanEvalCommand.call_semLang.corevsLang.coreCFGTransform/CoreSpecification.leanAssertValidInProceduretransformStmtsvstransformDetCFGTransform/PrecondElim.leanprecondElimeraseTypes,stripMetaData,getVarsimplemented and used for CFGLanguages/Core/Procedure.leaneraseTypes,stripMetaData,getVarsextractFromStatementsvsextractFromDetCFGLanguages/Core/ObligationExtraction.leanextractObligationsreturn .noneon CFG, skip inlining, because the inlined procedure could be structured or unstructured. Semantics is largely undefined.Transform/ProcedureInlining.leaninlineCallCmdstmtsToCFGvs identity, latter is a no-op.StrataTest/.../Loops.leansingleCFGTransform/LoopElim.leanloopElim[]for CFG (no local funcDecls in CFG bodies)Languages/Core/Core.leanbuildEnvLanguages/Core/ObligationExtraction.leanextractFromDetCFGthrowon CFG, due to incompatible return type ofList Statementinstead ofList CommandTransform/CoreTransform.leanrunProgramthrowon CFG, VC for CFG bodies to be implemented, proof to be adapted as well.Transform/ProcBodyVerify.leanprocToVerifyStmtTransform/ANFEncoder.leananfEncodeProgramTransform/ProcedureInlining.leanrenameAllLocalNamesStrataTest/Boole/global_readonly_call.leancallHelperwfstmts,wfloclnd,bodyExitsCoveredconditioned on structured procedures, props for CFG to be implementedLanguages/Core/WF.leanWFProcedurePropBy submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.