Defining invariant that CachedAnalysis must hold, update PrecondElim#704
Merged
MikaelMayer merged 49 commits intomainfrom Apr 9, 2026
Merged
Conversation
… call graph (#702) PrecondElim generates WF procedures but did not update the cached call graph, which prevented FilterProcedures from being used after PrecondElim in the selective verification pipeline. - Add CallGraph.addLeafNode for inserting nodes with no callees - Update PrecondElim to register generated WF procedures in the call graph - Move the second FilterProcedures.run after PrecondElim in the Verifier - Document the CachedAnalyses call graph invariant
…ysis-m # Conflicts: # Strata/Languages/Core/CallGraph.lean # Strata/Transform/PrecondElim.lean
…ysis-m # Conflicts: # Strata/Languages/Core/Verifier.lean
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
…ttps://github.com/strata-org/strata into issue-702-defining-invariant-that-cachedanalysis-m
This comment has been minimized.
This comment has been minimized.
MikaelMayer
commented
Apr 1, 2026
Contributor
Author
MikaelMayer
left a comment
MikaelMayer
left a comment
There was a problem hiding this comment.
Clean, well-scoped PR. The invariant documentation is clear and the addLeafNode / addWFProcToCallGraph pattern is easy to follow. One issue: the recFuncBlock case is missing the call graph update.
This comment has been minimized.
This comment has been minimized.
CallElim maintains the call graph by decrementing edges when it inlines contracts, so the call-graph closure is accurate after transforms. Replace the manual keepSet filtering with a second FilterProcedures.run call that targets the requested procedures plus their WF procedures.
This comment has been minimized.
This comment has been minimized.
…edures.run FilterProcedures.run follows the call-graph closure, which pulls prelude functions (List_take, List_drop, etc.) back into the program after CallElim. Use a simple HashSet filter on the exact target procedures and their WF procedures to avoid verifying prelude helpers.
This comment has been minimized.
This comment has been minimized.
Remove the manual keepSet filtering and reuse filterProceduresPipelinePhase as a second pass after CallElim and PrecondElim. This works because: - CallElim maintains the call graph via decrementEdge - PrecondElim registers WF procedures as leaf nodes with noFilter := true - FilterProcedures.run respects noFilter and uses call-graph closure
This comment has been minimized.
This comment has been minimized.
…ysis-m # Conflicts: # Strata/Languages/Core/Verifier.lean
The second FilterProcedures pass (after CallElim and PrecondElim) was keeping WF procedures for prelude functions due to their noFilter flag, causing extra body_calls obligations to appear in pyAnalyze test output. Fix: add a respectNoFilter parameter to FilterProcedures.run and disable it for the post-transform pass. The post-transform pass now explicitly includes target WF procedure names via PrecondElim.wfProcName instead of relying on noFilter.
MikaelMayer
commented
Apr 7, 2026
Add respectNoFilter parameter to filterProceduresPipelinePhase and reuse it in corePipelinePhases instead of inline code.
…ysis-m # Conflicts: # Strata/Languages/Core/Verifier.lean
aqjune-aws
reviewed
Apr 9, 2026
atomb
reviewed
Apr 9, 2026
aqjune-aws
approved these changes
Apr 9, 2026
atomb
approved these changes
Apr 9, 2026
MikaelMayer
deleted the
issue-702-defining-invariant-that-cachedanalysis-m
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #702
Problem
PrecondElimgenerates WF (well-formedness) checking procedures but did not update the cached call graph. This meant any downstream transform relying on the call graph would see stale data afterPrecondElim.Solution
CachedAnalysesinvariant: when the call graph is present, it must reflect the current program's procedure call structure. Transforms must update it or invalidate it.CallGraph.addLeafNodefor inserting nodes with no callees (updates bothcalleesandcallersmaps to keep their key sets consistent).PrecondElimto register generated precondition-WF procedures as leaf nodes in the call graph (they contain only assert/assume statements and make no procedure calls).keepSetfiltering in the selective verification pipeline with a secondFilterProcedures.runpass. SinceCallElimmaintains the call graph precisely (viadecrementEdge) andPrecondElimnow registers WF procs as leaf nodes withnoFilter := true, the call-graph closure is accurate after transforms andFilterProceduresworks correctly — no manual filtering needed.filterProceduresPipelinePhasewith arespectNoFilterparameter so both the initial and post-transform filter phases reuse the same helper.Testing
All existing tests pass, including selective verification, NoFilterWFProc, CallElim, and InlineAssertionMetadata tests.