feat: bound kernel recursion by maxRecDepth

[Kha]

This PR makes the kernel's (kernel) deep recursion detected error deterministic by bounding kernel type checking with the existing maxRecDepth option instead of the physical stack size. The limit previously depended on the native stack, so it varied across platforms, builds, and optimization levels and could not be reproduced reliably; it is now a function of maxRecDepth alone and is raised the usual way with set_option maxRecDepth <num>.

To avoid rejecting existing code that already fits within maxRecDepth during elaboration, the kernel is allowed to recurse up to a fixed multiple (currently 16×) of the configured value before reporting deep recursion; this is sufficient for lean4/Mathlib to build. Since the absolute value of maxRecDepth has no inherent meaning, this multiplier should not lead to surprising behavior.

The value is threaded to the kernel entry points (lean_add_decl, lean_elab_add_decl) alongside maxHeartbeats and tracked with a thread-local recursion-depth counter checked at the type checker's recursive entry points (infer, whnf, isDefEq). The former physical-stack-based budget in the structural Expr comparison is removed. The standalone debugging entry points Kernel.check / Kernel.whnf / Kernel.isDefEq remain unbounded.

This PR also improves the decide +kernel failure report: when the kernel rejects the proof and the tactic's lazy diagnostic itself exceeds maxRecDepth while re-reducing the instance, the tactic now surfaces the kernel's actual error (using tryCatchRuntimeEx, since maxRecDepth is a runtime exception that ordinary try/catch re-raises) instead of an opaque [Error pretty printing: …].

Finally, a couple of kernel-heavy benchmarks that legitimately recurse deeply gain an explicit maxRecDepth (string_simp_ne's O(n) String.ofList verification), and a new test pins the deterministic, option-controlled behavior.

[Kha]

!bench

[leanprover-radar]

Benchmark results for 183982a against c47a0c7 are in. There are significant results. @Kha

• 🟥 build exited with code 1
• 🟥 other exited with code 1

No significant changes detected.

[leanprover-bot]

Reference manual CI status:

• ❗ Reference manual CI can not be attempted yet, as the nightly-testing-2026-05-28 tag does not exist there yet. We will retry when you push more commits. If you rebase your branch onto nightly-with-manual, reference manual CI should run now. You can force reference manual CI using the force-manual-ci label. (2026-06-04 12:23:02)

[mathlib-lean-pr-testing]

Mathlib CI status (docs):

• 💥 Mathlib branch lean-pr-testing-13956 build failed against this PR. (2026-06-04 13:12:43) View Log
• ✅ Mathlib branch lean-pr-testing-13956 has successfully built against this PR. (2026-06-05 13:40:08) View Log

[Kha]

!bench

[leanprover-radar]

Benchmark results for 62082bb against c47a0c7 are in. There are significant results. @Kha

• ✅ build//instructions: -8.9G (-0.08%)

Large changes (2✅)

• ✅ elab/big_omega//instructions: -507.3M (-2.35%)
• ✅ elab/big_omega_MT//instructions: -510.4M (-2.35%)

Small changes (20✅, 1🟥)

Too many entries to display here. View the full report on radar instead.

[leanprover-radar]

Benchmark results for 62082bb against c47a0c7 are in. (These commits have already been benchmarked in a previous command.) There are significant results. @Kha

• ✅ build//instructions: -8.9G (-0.08%)

Large changes (2✅)

• ✅ elab/big_omega//instructions: -507.3M (-2.35%)
• ✅ elab/big_omega_MT//instructions: -510.4M (-2.35%)

Small changes (20✅, 1🟥)

Too many entries to display here. View the full report on radar instead.

[Kha]

!bench mathlib

[leanprover-radar]

Benchmark results for leanprover-community/mathlib4-nightly-testing@49f5b1e against leanprover-community/mathlib4-nightly-testing@8a9ccb2 are in. No significant results found. @Kha

• 🟥 build//instructions: +121.0G (+0.07%)

Small changes (2🟥)

• 🟥 build/module/Mathlib.Lean.Environment//instructions: +89.4M (+5.37%)
• 🟥 build/profile/initialization//wall-clock: +10s (+4.04%)