feat: redesign mvcgen' for a new meta theory #13978
Closed
volodeyka wants to merge 86 commits into
Closed
Conversation
….Elab.Tactic.Do.Options` for configuration. Update multiple tactics to conditionally dispatch based on the new option, replacing the legacy `new_proof_mode` references.
…ging spec theorems with pattern-based matching and migration support for the new `new_wp_monad` configuration.
…nstruction from specs, enhancing the handling of proof terms and verification conditions in the new `new_wp_monad` context.
…ruction This commit introduces a new file `Logic.lean` containing definitions and theorems related to lattice logic operations, including the construction of backward rules for logical expressions. Key features include mappings of logic operators to their corresponding lemmas and the implementation of helper functions for equality lifting and distribution. Additionally, tests for various logical operations are included to ensure correctness and functionality.
This commit introduces a new file `Match.lean` that implements the `mkBackwardRuleForSplit` function, which creates reusable backward rules for splitting `ite`, `dite`, or matchers. The file includes a comprehensive test suite to validate the functionality of the backward rule construction, ensuring correct handling of various monadic setups and logical expressions.
This commit updates the `Intros.lean` file by refactoring the introduction procedures for handling variables and hypotheses in VCGen goals. The `IntroRules` structure has been removed in favor of directly using `VCGen.IntroRules`. New methods for goal simplification and variable introduction have been added, enhancing the handling of excess state arguments and improving the overall functionality of the Loom tactics.
This commit introduces a new file `Types.lean` within the Loom Tactic namespace, implementing the VCGen module. Key features include the definition of the `dischargeTactic` type for handling various discharge strategies, structures for caching backward rules and context management, and the VCGen monad for stateful computations. This addition enhances the Loom framework's capabilities for generating and managing verification conditions in proof tasks.
This commit introduces a new file `RuleCache.lean` that implements caching for various backward rule construction functions within the Loom Tactic namespace. Key features include cached versions of `tryMkBackwardRuleFromSpec`, `mkBackwardRuleForSplit`, and `mkBackwardRuleForLogic`, which enhance performance by storing previously computed rules based on specific cache keys. This addition improves the efficiency of verification condition generation and management in the Loom framework.
This commit introduces a new file `Solve.lean` that implements the main `solve` step for handling verification conditions in the Loom Tactic namespace. Key features include the classification of goals into various types, such as trivial, lattice, and EPost components, along with the core logic for decomposing goals into subgoals. This addition enhances the Loom framework's capability to manage complex verification conditions and improves the overall efficiency of the proof process.
This commit introduces two new files: `Driver.lean` and `Frontend.lean`, which implement the core functionality for the `lmvcgen` tactic in the Loom framework. The `Driver` module manages the worklist for verification condition generation, handling invariant subgoals, and emitting verification conditions. The `Frontend` module parses user input for the `lmvcgen` tactic, constructs the necessary context, and integrates with the VCGen process. These additions enhance the Loom framework's capabilities for managing complex proof tasks and improve user interaction with the verification condition generation process.
…tic file This commit updates the `lakefile.lean` to enable precompilation of modules for the Loom package, enhancing build performance. Additionally, the obsolete `ShareExt.lean` file has been removed, streamlining the codebase and eliminating unused functionality related to the Loom Tactic namespace.
This commit updates various test files in the Loom framework to replace the obsolete `@[lspec]` attribute with the new `@[spec]` attribute for theorem specifications. Additionally, the `set_option new_wp_monad true` is added to several files to enable the new WP monad configuration. These changes enhance consistency across the test suite and align with recent updates in the Loom Tactic namespace.
This commit introduces the `WPInfo` structure in the Loom Tactic namespace, which encapsulates common metadata for goals related to weakest-precondition applications. The structure includes fields for the `wp` function head, core arguments, and extra arguments. Additionally, helper definitions for accessing specific components of `WPInfo` are provided, enhancing the framework's ability to manage and utilize weakest-precondition information in verification tasks.
This commit updates several functions in the Loom Tactic namespace to leverage the newly introduced `WPInfo` structure. The changes include modifying function signatures and internal logic to use `WPInfo` for managing arguments and types, enhancing code clarity and maintainability. Functions affected include `mkBackwardRuleForSplit`, `mkSimpBackwardProof`, and `tryMkBackwardRuleFromSpec`, among others. This refactor improves the handling of weakest-precondition applications and aligns with recent structural enhancements in the Loom framework.
…for program categorization. Refactor `classifyGoalKind` to `classifyGoal`, integrating `WPInfo` for improved handling of weakest-precondition applications. This update streamlines the classification process and enhances code clarity.
Delete script/check_derived_laws_port.sh (an unreferenced dev-only port-completeness checker) and revert the mleave macro in Std/Tactic/Do/Syntax.lean to master's version, dropping the now-unused Std.Internal.Do import. Keeps the assumption config field, which the new mvcgen' frontend reads. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
mvcgen' based on new meta theory mvcgen' based on new meta theory
mvcgen' based on new meta theory mvcgen' for a new meta theory
|
Mathlib CI status (docs):
|
Collaborator
|
Reference manual CI status:
|
sgraf812
added a commit
that referenced
this pull request
Jun 12, 2026
The solver lifts a pure precondition unconditionally when it sees one, as in #13978: an embedded `⌜φ⌝` before state-argument introduction, a bare proposition on the `Prop` lattice right after it. The lifted hypothesis is cached in `Scope.lastLiftedPre?`, and the targeted assumption step closes subsequent handoff VCs against it with a single defeq check, so no spec-rule sensitivity is needed; the rule construction returns to producing plain backward rules and the duplication guards before splits disappear. Co-authored-by: volodeyka <vovaglad00@gmail.com>
jgoldfar
pushed a commit
to jgoldfar/lean4
that referenced
this pull request
Jun 16, 2026
…eanprover#14015) This PR ports the experimental `mvcgen'` tactic to the new `Std.Internal.Do` meta theory, where verification-condition generation works on lattice entailments `pre ⊑ wp x post epost`. Two changes are visible at the proof surface: `mvcgen'` now eagerly introduces all state components as local hypotheses, so more facts reach `grind`; and loop invariants no longer have to restate the exceptional postcondition. Previously the invariant for a loop that can throw had to repeat the exception condition alongside the actual invariant: ```lean theorem throwing_loop_spec : ⦃fun s => ⌜s = 4⌝⦄ throwing_loop ⦃post⟨fun _ _ => ⌜False⌝, fun e s => ⌜e = 42 ∧ s = 4⌝⟩⦄ := by mvcgen' [throwing_loop] case inv1 => exact post⟨fun (xs, r) s => ⌜r ≤ 4 ∧ s = 4 ∧ r + xs.suffix.sum > 4⌝, fun e s => ⌜e = 42 ∧ s = 4⌝⟩ ``` Now the exceptional postcondition is taken from the surrounding `Triple`, so the invariant case carries only the invariant: ```lean theorem throwing_loop_spec : ⦃fun s => s = 4⦄ throwing_loop ⦃fun _ _ => False; fun e s => e = 42 ∧ s = 4⦄ := by mvcgen' [throwing_loop] case inv1 => exact ⟨fun (xs, r) s => r ≤ 4 ∧ s = 4 ∧ r + xs.suffix.sum > 4⟩ ``` The spec lemmas in `Std.Internal.Do.Triple.SpecLemmas` are registered with `@[spec]` and populate the new spec database, which also gains the `whileM`/`Lean.Loop` specifications, `Invariant.withEarlyReturnNewDo`, and pointwise entailment lemmas for state introduction. The port replays Vladimir Gladshtein's leanprover#13978 onto master's file structure. The solver diverges from the legacy algorithm in three points. Reflexivity runs on every entailment before the pure-precondition lifts, closing the leaf VCs where a spec precondition meets an identical goal precondition (`Q x ⊑ wp (pure x) Q E` ends in `Q x ⊑ Q x`) and instantiating spec parameters that occur only in rule premises. Reflexivity no longer assigns synthetic opaque metavariables, so function-typed invariant holes are not silently solved away. Pure preconditions are lifted into the local context as soon as they arise; the lifted hypothesis is cached in `Scope.lastLiftedPre?`, and a targeted assumption step closes the handoff VCs of subsequent spec applications against it. This is the second of two steps that land `vova/new-mvcgen` onto master. The first step (leanprover#13954) updated the `@[spec]` builtin attribute and regenerated `stage0`, so this PR reuses master's `stage0` and contains no generated C changes. Invariant suggestion (`invariants?`) yields no suggestions on the new surface; porting the suggestion analysis is deferred until `mvcgen'` replaces the legacy `mvcgen`. --------- Co-authored-by: volodeyka <vovaglad00@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR rewrites the experimental
mvcgen'tactic on top of a new meta theory from #12965.Except new meta theory, the main technical difference from the current
mvcgen'is that it, when solvingpre ⊑ wp x post eposteagerly introduces all the state components. In other words, if for a monadmwe are working with, the shape of the corresponding assertion languagePredisσ₁ → σ₂ → ⋯ → σₙ → l, then we will immediately introduces₁ : σ₁,s₂ : σ₂, … ,sₙ : σₙyieldingpre s₁ s₂ ⋯ sₙ ⊑ wp x post epost s₁ s₂ ⋯ sₙ. Most of the time, since we work withPredtype ofσ₁ → σ₂ → ⋯ → σₙ → Propshape,pre s₁ s₂ ⋯ sₙwould be of typePropand we can introduce it into a local context. This prevents us from information loss and potentially enables moregrindinternalization (since more facts are introduced to a local context).We also change how we specify the invariants for all kinds of loops, iterators, folds, maps and so on…
Before, if you had a loop throwing an exception inside, say,
when you call
mvgen'you should have specified the invariant together with a condition on exception:Now The condition on exception would be just assumed to be the one specified in the
Tripleglobally:This should make the invariant specification more straightforward.
Internally, the
Internal/VCGenrule-construction layer is split into aRuleConstruct/submodule by rule kind (Logic,Match,Simp,Spec), a newEPostmodule is added for exception-postcondition handling, and sharedTypes/Utilsmodules are introduced; the previous flatContext,Entails,Reduce,RuleConstruction, andUtilmodules are removed. Theassumptiondischarger is threaded from the frontend config through the driver into the solver.On the library side it reorganizes the
Std.Internal.Doorder/assertion metatheory into anOrder/namespace (Basic,Frame,Lemmas), renamingStd/Internal/Do/Frame.leantoStd/Internal/Do/Order/Frame.lean, and updates theStd.Internal.Do.Triple/WPspecs that build on it.This is the second of two steps that land
vova/new-mvcgenonto master. The first step (#13954) updated the@[spec]builtin attribute and regeneratedstage0, so this PR reuses master'sstage0and contains no generated C changes.