test(c5.1): real-AffineScript-emitted .wasm fixtures + regenerate workflow (closes typed-wasm#35 part 2)#81
Merged
Conversation
…kflow Closes the C5.1 ask in typed-wasm#35 part 2 with a 4-fixture corpus of real affinescript-emitted .wasm bytes paired with the .affine sources that produced them. What this PR adds: - `tests/fixtures/c5_real/` (8 files + README.adoc): - 01_clean_linear.affine + .wasm — Ok(()) — @linear consumed - 02_shared_borrow_twice.affine + .wasm — Ok(()) — ref Int read twice - 03_partial_drop.affine + .wasm — LinearNotUsed + LinearDroppedOnSomePath - 04_excl_alias.affine + .wasm — ExclBorrowAliased Captured 2026-05-27 against affinescript HEAD 21edc159caee06a930cb7339b3e729ed5627b823 (OCaml 4.14.2 opam switch). - `tests/cross_compat_real.rs` — 5 tests asserting the verifier reaches the expected verdict on each vendored .wasm. Includes a sanity test that flags any missing fixture file (catches rebases that drop a .wasm while leaving the test in place). - `.github/workflows/c5-regenerate.yml` — PR-gated regeneration workflow: installs OCaml, checks out affinescript at the pinned SHA, builds the compiler, re-emits each .wasm from source into a scratch dir, and byte-diffs against the vendored bytes. Drift in affinescript codegen surfaces as a failed check with a clear remediation message. Only runs on PRs touching the fixture directory or the workflow itself (heavy job; not appropriate per-PR). Coverage vs the synthetic table: cross_compat.rs (synthetic) — 10 tests — parity oracle cross_compat_real.rs (real) — 5 tests — cross-check against actual affinescript codegen Gaps deferred to follow-ups (documented in fixtures README): - Duplicate-Linear violation fixture — the affinescript source-level borrow checker correctly rejects double-move; producing a real .wasm with a Linear param loaded twice needs either a source-level escape hatch (none exists) or a hand-built fixture outside C5.1. - Multi-module fixtures (cross-module Linear-call clean / Linear-twice; isolated vs shared memory pair) — need a multi-module affinescript build harness; tracked separately. Verification: $ cargo test --test cross_compat_real # 5 pass $ cargo test # 47 pass (42 prior + 5 new) Refs typed-wasm#35 (this is part 2) Refs typed-wasm#34 (parent) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
…fore dune build Two fixes surfaced by the workflow's first CI run on PR #81: 1. ocaml/setup-ocaml@v3 was unpinned — governance/Workflow security linter rejected. Pinned to commit e32b06a (the v3 tag's current target). 2. `opam exec -- dune build` failed with "Command not found 'dune'" because the affinescript opam deps (including dune itself) had not been installed. Added an `opam install . --deps-only --yes` step before the build. Both are workflow-only changes; no fixture or test changes. Refs typed-wasm#81 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
that referenced
this pull request
May 27, 2026
…HANGELOG + STATE.a2ml + PRODUCTION-PATH) (#85) ## Summary Documentation rollup for the 2026-05-27 L2-L6 / L15 carrier-ABI session. **No new logic** — mirrors what already landed in PRs #76, #77, #78, #81 into the docs surface so future readers and AI agents see the same story everywhere. ## Files touched ### Human-readable - **`LEVEL-STATUS.md`** — Coverage section gets a per-level enforcement table (L7/L10/L13 ✓ enforced; L2–L6/L15 proposal-stage; L14/L16 out of scope). Open gating items numbered with issue/PR refs. - **`CHANGELOG.md`** — new `[Unreleased]` section "2026-05-27 Phase 2 carrier-ABI design + C5.1 corpus" listing 3 PRs, 1 resolved issue, 2 cross-repo reviews, test-surface deltas. - **`docs/PRODUCTION-PATH.adoc`** — §Phase 2 cross-links proposal 0001, the `unstable-l2` codec pre-stage, and the access-site option A decision. ### Machine-readable - **`.machine_readable/6a2/STATE.a2ml`** — `last-updated` bumped, session line rewritten, milestones added (L13 enforcement 100%, proposal 0001 30%, `unstable-l2` codec 100%, L15 carrier 30%, access-site carrier 15%, C5.1 corpus 100%), test-surface split (default 47 + opt-in 9), `critical-next-actions` reordered around the proposal sequence. New `[carrier-abi]` and `[c5-real-fixtures]` sections. ## What this PR does NOT do - No code changes in `crates/typed-wasm-verify/`. - No proposal-content edits (PR #76's `7520f00` amendment already added Open Question #6). - No new tests. - Doesn't promote proposal 0001 — still `[draft]` until cross-repo reviewers respond. ## Test plan - [x] AsciiDoc / Markdown render cleanly - [x] No git-cliff regeneration needed (manual `[Unreleased]` edit per the existing convention) - [ ] CI green Refs typed-wasm#76 (proposal 0001) Refs typed-wasm#77 (unstable-l2 codec) Refs typed-wasm#78 (access-site carrier — option A) Refs typed-wasm#81 (C5.1 corpus) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
🔍 Hypatia Security ScanFindings: 23 issues detected
View findings[
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/upload-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action actions/download-artifact@v4 needs attention",
"type": "unpinned_action",
"file": "release.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/SessionProtocol.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "assert_total bypasses totality checker (1 occurrences, CWE-704)",
"type": "assert_total",
"file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/SessionProtocol.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/Echo.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "assert_total bypasses totality checker (1 occurrences, CWE-704)",
"type": "assert_total",
"file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/Echo.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/ResourceCapabilities.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
},
{
"reason": "assert_total bypasses totality checker (1 occurrences, CWE-704)",
"type": "assert_total",
"file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/ResourceCapabilities.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "believe_me undermines formal verification (1 occurrences, CWE-704)",
"type": "believe_me",
"file": "/home/runner/work/typed-wasm/typed-wasm/src/abi/TypedWasm/ABI/ModuleIsolation.idr",
"action": "flag",
"rule_module": "code_safety",
"severity": "critical"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the C5.1 ask in typed-wasm#35 part 2 with a 4-fixture corpus of real
affinescript-emitted.wasmbytes paired with the.affinesources that produced them. Companion totests/cross_compat.rs(the synthetic-fixture parity oracle): this suite cross-checks the verifier against bytes a real producer actually emits.What this adds
tests/fixtures/c5_real/— 8 files + README.adoc:clean_linearOk(())@linearconsumed exactly onceshared_borrow_twiceOk(())ref Intread twice (allowed)partial_dropLinearNotUsed+LinearDroppedOnSomePathown Intconsumed in then-branch onlyexcl_aliasExclBorrowAliasedmut IntaliasedCaptured 2026-05-27 against
affinescriptHEAD21edc159caee06a930cb7339b3e729ed5627b823, OCaml 4.14.2 opam switch, defaultaffinescript compileoptions.tests/cross_compat_real.rs— 5 tests asserting the verifier reaches the expected verdict on each vendored.wasm. Includes a sanity test that flags any missing fixture file..github/workflows/c5-regenerate.yml— PR-gated regeneration workflow: installs OCaml, checks outaffinescriptat the pinned SHA, builds the compiler, re-emits each.wasmfrom source into a scratch dir, and byte-diffs against the vendored bytes. Drift inaffinescriptcodegen surfaces as a failed check with a remediation message. Only runs on PRs touching the fixture directory or the workflow itself (heavy job — not appropriate per-PR).Why vendored bytes (not build-at-PR-time)
The verifier crate's CI today doesn't build
affinescript. Provisioning OCaml + opam + the affinescript deps on every PR would be a heavy gate for what is fundamentally a parity check. Vendored bytes is the standard pattern (wasm-tools,wabt, etc) — fast, auditable, and the regenerate workflow catches drift ifaffinescript's codegen ever changes.Coverage
Gaps deferred to follow-ups (documented in fixtures README)
.wasmwith a Linear param loaded twice needs either a source-level escape hatch (none exists) or a hand-built fixture outside C5.1.affinescriptbuild harness; tracked separately.Test plan
cargo test --test cross_compat_real— 5 passcargo test— 47 pass (42 prior + 5 new).affinesource →affinescript compile→.wasm→verify_from_module→ expected verdictc5-regenerateworkflow validates the pinned SHA actually emits these bytes (first regenerate run is the proof)Refs typed-wasm#35 (this is part 2)
Refs typed-wasm#34 (parent issue)
🤖 Generated with Claude Code