Skip to content

Add contract and transparency pass#16

Draft
keyboardDrummer wants to merge 317 commits intomainfrom
issue-924-contract-and-proof-pass
Draft

Add contract and transparency pass#16
keyboardDrummer wants to merge 317 commits intomainfrom
issue-924-contract-and-proof-pass

Conversation

@keyboardDrummer
Copy link
Copy Markdown
Owner

@keyboardDrummer keyboardDrummer commented Apr 21, 2026
edited
Loading

Builds on:

No longer, maybe we can close this:

Summary

Add these passes:

  • [New] EliminateReturnStatements: rewrite return to exit statements, needed for the next pass.
  • [New] ContractPass: translate away pre and postconditions entirely by introducing assertion and assumptions at call sites and at procedure starts and ends
  • [New] TransparencyPass: for each Core procedure, generate a function with the same signature and name suffixed with $asFunction. If a Core procedure is marked as transparent, attempt to generate a functional version of it, where assertions are erased and all calls are to functional versions. Tie the functional version to the procedure using a free postcondition.
  • [Existing] Lift assertions, assumptions and procedure calls when they occur in expressions.
  • [Follow-up] AxiomatizeExpressionAssumptionsPass: erase assumptions in Core function expressions by introducing functions and axioms.

The effect of the contract and transparency pass:

  1. Allow postconditions on functions
  2. Allow calling procedures from contracts
  3. Improve diagnostics related to contracts, using the correct verbiage "precondition" and "postcondition" instead of "assertion"
  4. Allow transparent procedures IF they have an expression body
  5. Allow assertions in transparent procedures and functions

The combined effect of 2 and 4 is that there is no more difference between Laurel functions and transparent procedures.

TODO

  • Differentiate between bugs and user errors in LaurelToCoreTranslator translateExpr
  • Add a free postcondition to the Core procedure to tie it to its functional counterpart.
  • Lift all calls inside expressions in Core procedure bodies, since they are calls to procedures and are not allowed.
  • Let all remaining calls from expressions - which is all calls in Core functions, and all calls in the free procedure postconditions - be to Core functions, and other calls to procedures.
  • Rename FunctionsAndProofsProgram to UnorderedCoreWithLaurelTypes and FunctionsAndProof.lean to TransparencyPass.lean

Follow-up work

  • Remove the 'functional' keyword from the Laurel grammar
  • Lift assumptions in expressions to axioms.
  • In the transparency phase, if something has no asserts and only calls functions, only create a function and no procedure
  • Move the transparency phase so its Core->Core instead of UnorderedCoreWithLaurelTypes -> UnorderedCoreWithLaurelTypes

keyboardDrummer and others added 30 commits April 20, 2026 14:09
@keyboardDrummer
Undo using Core for let expressions
da34998
@keyboardDrummer
Merge remote-tracking branch 'fork/inline-local-variables-in-expressi…
c70b79e 
…ons' into issue-924-contract-and-proof-pass
@keyboardDrummer
Fixes
01e6109
@keyboardDrummer
Fixes
6ff746d
@keyboardDrummer
Fixes
f4c1b98
@keyboardDrummer
Test improvement
966973b
@keyboardDrummer
Fixes
0120b14
@keyboardDrummer
Fix
e32563a
@keyboardDrummer
Fix
8ff1914
@keyboardDrummer
Fix test
64da7ad
@keyboardDrummer
Test fix
62424d5
@keyboardDrummer
Use core && || and ==>
aa00ff8
@keyboardDrummer
Fixes
e1e1e9a
@keyboardDrummer
Fix
82a9748
@keyboardDrummer
Fixes
e4f0745
@keyboardDrummer
Fixes
d4f5a65
@keyboardDrummer
Don't call safe functions from functions
5721413
@keyboardDrummer
Move diagnostic check for instance procedures
5bde4e4
@keyboardDrummer
Undo Core changes
9ae82a4
@keyboardDrummer
Update LaurelGrammar
405fd0a
@keyboardDrummer
Grammar fix so ensures clauses without opaque are not dropped
2387080
@keyboardDrummer-bot
Fix AbstractToConcreteTreeTranslator to nest ensures/modifies inside …
edf5a72 
…opaqueSpec

- Changed procedureToOp to produce opaqueSpec op with ensures and modifies
  as nested args (matching the grammar), instead of separate top-level args
- Added missing opaque keyword in MapStmtExprTest and T2_ModifiesClauses tests
@keyboardDrummer
Tweak
9b82817
@keyboardDrummer
Bring back .ite in shortcircuit op translation
6a5484d
@keyboardDrummer
Fix test
bba17ea
@keyboardDrummer
Fix test
70b4e57
@keyboardDrummer
Fix test
d754312
@keyboardDrummer
Fix test
a903376
@keyboardDrummer
Fix for inferHoleTest
a56175f
@keyboardDrummer
Update test
7e99c08
keyboardDrummer-bot and others added 23 commits May 1, 2026 18:36
@keyboardDrummer-bot
Revert: restore servicelib_Storage_ label filter in AnalyzeLaurelTest
3800ad0
@keyboardDrummer-bot
Refactor: avoid stmtExprToVar where Variable can be captured directly
4592a65 
At most call sites, a Variable was wrapped in StmtExpr.Var to create a
StmtExprMd, then immediately unwrapped by stmtExprToVar. Instead, keep
the VariableMd and use it directly in Assign targets.

- Rename freeVar to freeVarMd (returns VariableMd) and add freeVarExpr
  (returns StmtExprMd) for expression positions
- Change maybeExceptVar and nullcall_var to VariableMd
- Use mkVariableMd directly for targetExpr and fieldAccess
- stmtExprToVar is retained only for the 2 call sites where the
  StmtExprMd comes from translateExpr
@keyboardDrummer
Review comment
d6151eb
@keyboardDrummer
Improvements related to free postconditions and the unordered part of…
a2503e6 
… the pipeline
@keyboardDrummer
T8_Postconditions passes now
698682e
@keyboardDrummer-bot
Replace fragile line-number reference in comment with case-name refer…
346ff37 
…ence
@keyboardDrummer
update messages
964b2d6
@keyboardDrummer
Simplify a proof
fe42aba
@keyboardDrummer
Refactoring
7d53b9f
@keyboardDrummer
More comments
601512d
@keyboardDrummer-bot @keyboardDrummer
@tautschnig @shigoel @robin-aws @thanhnguyen-aws
Various Laurel resolver improvements - including disallowing transpar…
d95396f 
…ent procedures (strata-org#1076)

### Changes
#### Functional
- Add a resolution check that disallows transparent bodies on
non-functional procedures. A procedure declared with `procedure` (not
`function`) that has no `opaque` clause now emits a diagnostic:
`transparent bodies on procedures are not yet supported. Add 'opaque';
to make the procedure opaque`
- When a procedure has a body, always use the body to determine whether
it has heap parameters, instead of always using the modifies clause
- Improve error message when modifies clause can not be proven, so it
refers to "modifies clause" instead of "assertion"

#### Bug fixes and debugging improvements
- Fix a bug in Laurel's Resolution.lean that caused a later error "could
not infer type"
- Change the error "could not infer type" to "bug in Laurel: unknown
type encountered while translating to Core"
- Replace many usages of empty source locations with concrete ones
- Fix defaults for LaurelTranslateOptions and LaurelVerifyOptions

### Testing
- Many existing tests have been updated to add `opaque`
- Added the test `T20_TransparentBodyError.lean`

---------

Co-authored-by: keyboardDrummer-bot <keyboardDrummer-bot@users.noreply.github.com>
Co-authored-by: Remy Willems <rwillems@amazon.com>
Co-authored-by: Michael Tautschnig <mt@debian.org>
Co-authored-by: Shilpi Goel <shigoel@gmail.com>
Co-authored-by: Robin Salkeld <salkeldr@amazon.com>
Co-authored-by: thanhnguyen-aws <ntson@amazon.com>
@keyboardDrummer
Merge remote-tracking branch 'fork/merge-1076-1077' into issue-21-ass…
28eb58e 
…ign-variable-type
@keyboardDrummer
Merge remote-tracking branch 'origin/disallow-transparent-statement-b…
224e1b7 
…odies' into issue-21-assign-variable-type
@keyboardDrummer
Merge commit 'd95396fc61245' into issue-21-assign-variable-type
5244d5e
@keyboardDrummer
Check for multi-target function call
db66551
@keyboardDrummer
Merge remote-tracking branch 'origin/disallow-transparent-statement-b…
ec66975 
…odies' into issue-21-assign-variable-type
@keyboardDrummer
Tweaks
828e362
@keyboardDrummer
Add commit explaining the use of !
aeb1f22
@keyboardDrummer
Fix merge mistakes
4e04832
@keyboardDrummer
Remove bareVar usages
6226226
@keyboardDrummer
Refactoring
39af273
@keyboardDrummer
Improve printing of Laurel blocks so newlines are inserted
a26fe05
@keyboardDrummer
Merge remote-tracking branch 'origin/issue-21-assign-variable-type' i…
3ce6673 
…nto issue-924-contract-and-proof-pass
@keyboardDrummer keyboardDrummer force-pushed the issue-924-contract-and-proof-pass branch from da18905 to 3ce6673 Compare May 4, 2026 13:17
@github-actions github-actions Bot added the SMT label May 4, 2026
@github-actions github-actions Bot added the Git conflicts PR has merge conflicts with the base branch label May 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Core Git conflicts PR has merge conflicts with the base branch GOTO Laurel Python SMT

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@keyboardDrummer @keyboardDrummer-bot @tautschnig @shigoel @robin-aws @thanhnguyen-aws @olivier-aws @MikaelMayer @aqjune-aws