You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adds three new FV-amenable targets to TARGETS.md and RESEARCH.md, bringing the total to 10 identified targets (in the main branch, excluding targets in open PRs).
Constructor-enforced predicate: no whitespace/injection chars in option names.
Why These Targets
Target 8 β UnicodeCharacterUtilities: Two pure character-classification functions grounded in the C# Language Specification. For ASCII (0β127), all 128 cases are enumerable. The key subsumption theorem IsIdentifierStartCharacter(c) β IsIdentifierPartCharacter(c) is a structural invariant with direct safety implications β a source generator that violates this would produce invalid C# identifiers. The inverse direction provides evidence-by-example that the predicate is not vacuously true. Decidable via native_decide.
Target 9 β TestNodeUid: The simplest structural-equality target in the codebase. Wraps a single string field; Equals is other?.Value == value. All three equivalence-relation axioms (reflexivity, symmetry, transitivity) are immediately provable by decide/simp, as are operator-consistency theorems (== β Equals). Ideal first fully-proved Lean file once the toolchain is available.
Target 10 β CommandLineOption name validation: The constructor loop βi, char.IsLetterOrDigit(name[i]) β¨ name[i] = '-' β¨ name[i] = '?' is a constructor-time pre/post-condition invariant. Proving this demonstrates that once an option is constructed, its name cannot contain spaces, shell metacharacters, or injection sequences. Security-relevant property. Character predicate is decidable for all 128 ASCII codepoints via native_decide.
Files Changed
formal-verification/TARGETS.md β added rows 8β10 and updated Priority Order and Notes sections
formal-verification/RESEARCH.md β added research sections for Targets 8, 9, and 10 with rationale, properties to verify, and modelling approximations
Next Steps for These Targets
All three targets are at Phase 1 (identified). Next step is Task 2 (informal spec extraction) for each, followed by Task 3 (Lean 4 formal spec) once the Lean toolchain is available in the runner environment.
π¬ This PR was automatically created by the Lean Squad formal verification agent.
π¬ Lean Squad β Task 1: Research & Target Identification
Summary
Adds three new FV-amenable targets to
TARGETS.mdandRESEARCH.md, bringing the total to 10 identified targets (in the main branch, excluding targets in open PRs).New Targets
UnicodeCharacterUtilities.IsIdentifierStartCharacter/IsIdentifierPartCharactersrc/Analyzers/MSTest.SourceGeneration/Helpers/UnicodeCharacterUtilities.csTestNodeUidequality and implicit conversionsrc/Platform/Microsoft.Testing.Platform/Messages/TestNodeUid.csCommandLineOptionname-character invariantsrc/Platform/Microsoft.Testing.Platform/CommandLine/CommandLineOption.csWhy These Targets
Target 8 β
UnicodeCharacterUtilities: Two pure character-classification functions grounded in the C# Language Specification. For ASCII (0β127), all 128 cases are enumerable. The key subsumption theoremIsIdentifierStartCharacter(c) β IsIdentifierPartCharacter(c)is a structural invariant with direct safety implications β a source generator that violates this would produce invalid C# identifiers. The inverse direction provides evidence-by-example that the predicate is not vacuously true. Decidable vianative_decide.Target 9 β
TestNodeUid: The simplest structural-equality target in the codebase. Wraps a singlestringfield;Equalsisother?.Value == value. All three equivalence-relation axioms (reflexivity, symmetry, transitivity) are immediately provable bydecide/simp, as are operator-consistency theorems (==βEquals). Ideal first fully-proved Lean file once the toolchain is available.Target 10 β
CommandLineOptionname validation: The constructor loopβi, char.IsLetterOrDigit(name[i]) β¨ name[i] = '-' β¨ name[i] = '?'is a constructor-time pre/post-condition invariant. Proving this demonstrates that once an option is constructed, its name cannot contain spaces, shell metacharacters, or injection sequences. Security-relevant property. Character predicate is decidable for all 128 ASCII codepoints vianative_decide.Files Changed
formal-verification/TARGETS.mdβ added rows 8β10 and updated Priority Order and Notes sectionsformal-verification/RESEARCH.mdβ added research sections for Targets 8, 9, and 10 with rationale, properties to verify, and modelling approximationsNext Steps for These Targets
All three targets are at Phase 1 (identified). Next step is Task 2 (informal spec extraction) for each, followed by Task 3 (Lean 4 formal spec) once the Lean toolchain is available in the runner environment.
Note
This was originally intended as a pull request, but the git push operation failed.
Workflow Run: View run details and download patch artifact
The patch file is available in the
agentartifact in the workflow run linked above.To create a pull request with the changes:
Show patch preview (159 of 159 lines)