Skip to content

docs: add verification status documentation#23

Closed
Th0rgal wants to merge 1 commit intomainfrom
docs/verification-status
Closed

docs: add verification status documentation#23
Th0rgal wants to merge 1 commit intomainfrom
docs/verification-status

Conversation

@Th0rgal
Copy link
Copy Markdown
Member

@Th0rgal Th0rgal commented Feb 14, 2026
edited by cursor bot
Loading

Summary

Add comprehensive verification status documentation that provides visibility into the verification architecture, current progress, and roadmap.

What This PR Does

Introduces detailed documentation to help contributors, researchers, and users understand:

  1. Complete verification architecture (Layers 1-3)
  2. Current status of each layer
  3. Concrete next steps for completing Layer 3
  4. Property test coverage statistics
  5. Trust assumptions vs. verified components

New Documentation

docs/VERIFICATION_STATUS.md

Comprehensive guide covering:

Verification Layers:

  • Layer 1 (EDSL ≡ ContractSpec): ✅ 100% Complete - All 7 contracts, 228 properties proven
  • Layer 2 (ContractSpec → IR): ✅ 100% Complete - All IR generation with preservation proofs
  • Layer 3 (IR → Yul): 🔄 In Progress - Semantics complete, statement equivalence pending

Layer 3 Blocker Analysis:

  • Preservation theorem exists but requires stmt_equiv hypothesis
  • Needs statement-level equivalence proofs for each IR/Yul instruction type
  • Fuel-parametric approach scaffolding in place
  • Concrete next steps documented:
    1. Prove variable assignment equivalence
    2. Prove storage operation equivalence
    3. Prove control flow equivalence
    4. Prove termination equivalence
    5. Compose using existing scaffolding
  • Alternative approaches documented if current method proves too complex

Property Test Coverage:

  • Current (main): 53.1% (155/292 properties)
  • After pending PRs: 63.4% (185/292 properties)
  • Remaining 89 exclusions: ALL proof-only (cannot be tested in Foundry)
  • Property extraction essentially complete

Trust Assumptions:

  • Trusted: solc Yul compiler, EVM semantics, function selectors
  • Verified: EDSL → ContractSpec, ContractSpec → IR, IR interpreter
  • Mitigations documented for each trust assumption

Roadmap:

  • Short term (1-2 months): Complete Layer 3, merge property PRs
  • Medium term (3-6 months): Selector proofs, Yul→EVM bridge
  • Long term (6-12 months): Production integration, automation

README.md Updates

Added prominent link to verification status documentation showing current progress.

Why This Is High-Leverage

For Contributors:

  • Clear understanding of what needs to be done for Layer 3
  • Documented proof patterns and infrastructure
  • Concrete next steps vs. vague "in progress"

For Researchers:

  • Complete picture of verification architecture
  • Trust assumptions clearly stated
  • Can evaluate approach vs. other formal verification systems

For Users:

  • Understand what's proven vs. what's trusted
  • See verification progress over time
  • Know which contracts are fully verified

For Maintainers:

  • Single source of truth for verification status
  • Helps prioritize future work
  • Documents architectural decisions

Key Insights

  1. Layer 3 is well-structured: Preservation theorem exists, just needs statement-level lemmas
  2. Property extraction complete: All addressable properties covered (89 remaining are proof-only)
  3. Layers 1-2 production-ready: 100% complete with comprehensive test coverage
  4. Clear path forward: Concrete next steps identified for Layer 3 completion

Testing

Documentation reviewed for:

  • ✅ Technical accuracy (cross-referenced with source code)
  • ✅ Completeness (all layers covered)
  • ✅ Clarity (accessible to different audiences)
  • ✅ Actionability (concrete next steps provided)

Benefits

  • Onboarding: New contributors can quickly understand project state
  • Transparency: Clear about what's complete vs. in-progress vs. trusted
  • Planning: Roadmap helps coordinate future work
  • Communication: Stakeholders can see verification progress
  • Maintenance: Single source of truth prevents knowledge fragmentation

🤖 Generated with Claude Code

Note

Low Risk
Documentation-only changes (new markdown + README edit) with no impact on code, proofs, or build/test behavior.

Overview
Adds a new docs/VERIFICATION_STATUS.md document that consolidates the verification architecture (Layers 1–3), current completion status, trust assumptions, property/differential testing coverage, and a roadmap/next steps for finishing Layer 3.

Updates README.md to fix a heading typo and add a prominent link to the new verification status page.

Written by Cursor Bugbot for commit 9ca686d. This will update automatically on new commits. Configure here.

@Th0rgal @claude
docs: add comprehensive verification status documentation
9ca686d 
Add detailed documentation of the verification architecture, current status,
and roadmap to help contributors understand the project state and next steps.

New Documentation:
- `docs/VERIFICATION_STATUS.md` - Complete verification status guide
  - Layer 1 (EDSL ≡ ContractSpec): 100% complete, all 7 contracts verified
  - Layer 2 (ContractSpec → IR): 100% complete, all IR generation proven
  - Layer 3 (IR → Yul): Semantics complete, statement equivalence pending
  - Property test coverage: 63% after pending PRs, 89 remaining all proof-only
  - Trust assumptions and verified components breakdown
  - Concrete next steps for completing Layer 3

Updated README.md:
- Added link to verification status documentation
- Shows current verification progress prominently

Key Insights Documented:
- Layer 3 blocker: Statement-level equivalence proofs needed
  - Requires proving each IR/Yul statement type matches
  - Fuel-parametric approach needs statement-level lemmas
  - Alternative approaches documented if current method is too complex
- Property extraction essentially complete (all addressable properties covered)
- Differential testing production-ready (10k+ tests, 8-shard CI)

Benefits:
- New contributors can understand verification architecture
- Clear roadmap for completing Layer 3
- Documents what's complete vs. what's blocked
- Helps stakeholders understand trust assumptions
- Provides concrete next steps for each verification layer

Target Audience:
- Researchers evaluating formal verification approaches
- Contributors wanting to help complete Layer 3
- Users understanding what's proven vs. trusted
- Maintainers tracking verification progress

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel bot commented Feb 14, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
dumbcontracts Ready Ready Preview, Comment Feb 14, 2026 8:50am

Request Review

Th0rgal added a commit that referenced this pull request Feb 14, 2026
@Th0rgal
Add verification documentation from PR #23
a58ce28
@Th0rgal Th0rgal mentioned this pull request Feb 14, 2026
Merged
@Th0rgal
Copy link
Copy Markdown
Member Author

Th0rgal commented Feb 14, 2026

Superseded by consolidated PR #24 which includes all changes

@Th0rgal Th0rgal closed this Feb 14, 2026
This was referenced Feb 15, 2026
Closed
Closed
@Th0rgal Th0rgal mentioned this pull request Mar 3, 2026
Closed
Th0rgal pushed a commit that referenced this pull request Apr 15, 2026
@claude
fix: harden CEI validation to treat internal calls as potential stora…
9b9a3d5 
…ge writes

The CEI (Checks-Effects-Interactions) validator previously used
`stmtIsPersistentWrite` which returned false for internal calls, so
a pattern like `externalCallBind(...); internalCall(helper, [...])` where
the helper writes storage would silently pass CEI validation.

Add `stmtMayPersistentlyWrite` — a conservative variant that treats
`internalCall` and `internalCallAssign` as potential persistent writes
(since their callee bodies are not visible at single-function scope).
Use it in the CEI write-after-call check.

Note: internal calls do NOT set `seenCall` for CEI purposes — each callee
function has its own CEI validation, so treating internal calls as both
interactions and writes would produce false positives on contracts like
DirectHelperCallSmoke.

Also fix a guard_pending state leak in generate_macro_property_tests.py
where `#guard_msgs in` / `#check_contract Foo` would incorrectly skip
the next `verity_contract` declaration (affected RolesCEISmoke,
ModifiesRolesSmoke, UnsafeCEICompliant property test generation).

Addresses P1 review threads #23 and #5 on PR #1731.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Th0rgal