Open
Conversation
fabiomadge
force-pushed
the
fabiomadge/constrained-types
branch
from
1c60132 to
b2d41d6
Compare
fabiomadge
force-pushed
the
fabiomadge/early-return-soundness
branch
3 times, most recently
from
579e349 to
dd1139d
Compare
fabiomadge
force-pushed
the
fabiomadge/constrained-types
branch
8 times, most recently
from
fa3f500 to
566122e
Compare
fabiomadge
changed the title
fabiomadge
force-pushed
the
fabiomadge/constrained-types
branch
from
566122e to
e2ff8b6
Compare
fabiomadge
force-pushed
the
fabiomadge/constrained-types
branch
4 times, most recently
from
3586981 to
9c8f422
Compare
A Laurel-to-Laurel elimination pass (ConstrainedTypeElim.lean) that: - Adds requires for constrained-typed inputs - Adds ensures for constrained-typed outputs - Clears isFunctional when adding ensures (function postconditions not yet supported) - Inserts assert for local variable init and reassignment - Uses witness as default initializer for uninitialized constrained variables - Validates witnesses via synthetic procedures - Injects constraints into quantifier bodies (forall → implies, exists → and) - Resolves all constrained type references to base types - Handles capture avoidance in identifier substitution Core's call elimination handles caller-side argument asserts and return value assumes automatically via requires/ensures. Grammar: constrained type syntax Parser: parseConstrainedType + topLevelConstrainedType Test: T09_ConstrainedTypes — 25 test procedures
fabiomadge
force-pushed
the
fabiomadge/constrained-types
branch
from
9c8f422 to
afd9ee8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Constrained Types for Laurel
Adds constrained types to Laurel via a Laurel-to-Laurel elimination pass that inserts verification checks at type boundaries.
Syntax
How it works
The pass (
ConstrainedTypeElim.lean) eliminates constrained types by:requiresfor constrained-typed inputs — Core handles caller asserts and body assumes via call eliminationensuresfor constrained-typed outputs — Core handles body checks and caller assumesassertafter local variable init and reassignment of constrained-typed variablesforall(n: nat) => bodybecomesforall(n: int) => n >= 0 ==> body;existsuses&&The Core translator sees only base types and regular requires/ensures/assert — no translator changes needed beyond pipeline wiring.
Functions
Functions (
isFunctionalprocedures) with constrained return types haveisFunctionalcleared since the Laurel translator does not yet support function postconditions. A TODO marks this for restoration once that support lands.Changes
ConstrainedTypeElim.lean— the elimination passLaurelGrammar.st— constrained type syntaxConcreteToAbstractTreeTranslator.lean— parser forconstrainedkeywordLaurelToCoreTranslator.lean— pipeline wiring (import + pass + resolve)T09_ConstrainedTypes.lean— 24 test procedures covering inputs, outputs, assignments, arguments, nested types, functions, witnesses, quantifiers, capture avoidanceKnown limitations
resolveBaseType,getAllConstraints, andsubstIdarepartial— cyclic constrained type definitions loop forever; capture avoidance prevents a termination proof forsubstIdBy submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.