Skip to content

Commit ae61860

Browse files
authored
Clean stale architecture surfaces
Squash merge PR #1950 after review: CI green, no unresolved review threads, and no bugs found in the cleanup diff.
1 parent 23e46d2 commit ae61860

42 files changed

Lines changed: 843 additions & 384 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

Compiler/MainPatched.lean

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,15 @@ import Compiler.ParityPacks
55
import Verity.Core.Intrinsics
66

77
/-!
8+
## Transitional Patch-Enabled Entrypoint
9+
10+
`Compiler.Main` is the canonical `verity-compiler` entrypoint. This module is
11+
kept only for the separate `verity-compiler-patched` binary while patch-enabled
12+
Solidity-parity output is compared against the baseline compiler in CI. Remove
13+
this module and fold any still-required patch flags into `Compiler.MainDriver`
14+
once parity-pack/patched-Yul CI no longer needs a separate baseline-vs-patched
15+
artifact set.
16+
817
## CLI Argument Parsing
918
1019
Supports:

Compiler/Proofs/README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -29,16 +29,16 @@ All three layers carry zero project-specific axioms.
2929

3030
## Layer 2 Boundary Status
3131

32-
The `SupportedSpec` split and current boundary are recorded in [`artifacts/layer2_boundary_catalog.json`](../../artifacts/layer2_boundary_catalog.json). The `calls.helpers` sub-interface tracks internal helper call coverage.
32+
The `SupportedSpec` split and current `SupportedBodyInterface.stmtList` boundary are recorded in [`artifacts/layer2_boundary_catalog.json`](../../artifacts/layer2_boundary_catalog.json). The `calls.helpers` sub-interface tracks internal helper call coverage.
3333

3434
**What is proved:**
3535
- Generic whole-contract theorem for the supported fragment
3636
- The helper-free conservative-extension goal is now closed: `interpretIRWithInternalsZeroConservativeExtensionGoal_closed`
37-
- Conservative-extension decomposition: `InterpretIRWithInternalsZeroConservativeExtensionGoal`, `InterpretIRWithInternalsZeroConservativeExtensionDispatchGoal`, `InterpretIRWithInternalsZeroConservativeExtensionStmtSubgoals`
38-
- Lift theorems: `interpretIRWithInternalsZeroConservativeExtensionGoal_of_dispatchGoal`, `interpretIRWithInternalsZeroConservativeExtensionInterfaces_of_stmtSubgoals`
37+
- Conservative-extension decomposition: `InterpretIRWithInternalsZeroConservativeExtensionGoal`, `InterpretIRWithInternalsZeroConservativeExtensionDispatchGoal`, `InterpretIRWithInternalsZeroConservativeExtensionInterfaces`, `InterpretIRWithInternalsZeroConservativeExtensionStmtSubgoals`, `interpretIRWithInternalsZeroConservativeExtensionStmtSubgoals_closed`
38+
- Lift theorems: `interpretIRWithInternalsZeroConservativeExtensionGoal_of_dispatchGoal`, `interpretIRWithInternalsZeroConservativeExtensionInterfaces_of_stmtCompatibility`, `interpretIRWithInternalsZeroConservativeExtensionInterfaces_of_stmtSubgoals`
3939
- Helper-aware theorem variants: `compile_preserves_semantics_with_helper_proofs_and_helper_ir_goal`, `compile_preserves_semantics_with_helper_proofs_and_helper_ir_closed`
4040
- Expr-statement builtin classification via `exprStmtUsesDedicatedBuiltinSemantics`, with direct helper-free lemmas for `stop`, `mstore`, `revert`, `return`, and mapping-slot `sstore`
41-
- The helper-aware compiled target provides total fuel-indexed helper-aware IR semantics
41+
- The helper-aware compiled target provides total fuel-indexed helper-aware IR semantics through `evalIRExprWithInternals`
4242
- The legacy-compatible external-body Yul subset witness is derived from the supported body interface
4343

4444
**Remaining work ([#1638](https://github.com/lfglabs-dev/verity/issues/1638)):**

Contracts/Legacy/SpecAliases.lean

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
import Compiler.CompilationModel
2+
import Contracts.Counter
3+
import Contracts.SimpleStorage
4+
import Contracts.Owned
5+
import Contracts.OwnedCounter
6+
import Contracts.SafeCounter
7+
import Contracts.Ledger
8+
import Contracts.Vault
9+
import Contracts.SimpleToken
10+
import Contracts.ERC20
11+
import Contracts.ERC721
12+
13+
namespace Compiler.Specs
14+
15+
open Compiler.CompilationModel
16+
17+
/-!
18+
Legacy compatibility aliases for historical tests and callers that predate the
19+
macro-generated canonical spec names (`Contracts.<Name>.spec`).
20+
21+
New code should import the canonical contract module and use the generated
22+
`spec` value directly. Keep this module only while old tests and downstream
23+
callers are being migrated.
24+
-/
25+
26+
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
27+
def simpleStorageSpec : CompilationModel := Contracts.SimpleStorage.spec
28+
29+
/-- Legacy compatibility shim preserving the historical 3-function Counter surface. -/
30+
def counterSpec : CompilationModel :=
31+
let canonical := Contracts.Counter.spec
32+
{ canonical with
33+
functions := canonical.functions.filter fun fn =>
34+
fn.name = "increment" || fn.name = "decrement" || fn.name = "getCount" }
35+
36+
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
37+
def ownedSpec : CompilationModel := Contracts.Owned.spec
38+
39+
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
40+
def ledgerSpec : CompilationModel := Contracts.Ledger.spec
41+
42+
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
43+
def vaultSpec : CompilationModel := Contracts.Vault.spec
44+
45+
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
46+
def ownedCounterSpec : CompilationModel := Contracts.OwnedCounter.spec
47+
48+
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
49+
def simpleTokenSpec : CompilationModel := Contracts.SimpleToken.spec
50+
51+
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
52+
def safeCounterSpec : CompilationModel := Contracts.SafeCounter.spec
53+
54+
/-- ERC20 spec alias for test/proof convenience. Uses the macro-generated spec. -/
55+
def erc20Spec : CompilationModel := Contracts.ERC20.spec
56+
57+
/-- ERC721 spec alias for test/proof convenience. Uses the macro-generated spec. -/
58+
def erc721Spec : CompilationModel := Contracts.ERC721.spec
59+
60+
end Compiler.Specs

Contracts/SpecAliases.lean

Lines changed: 6 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -1,51 +1,8 @@
1-
import Compiler.CompilationModel
2-
import Contracts.Counter
3-
import Contracts.SimpleStorage
4-
import Contracts.Owned
5-
import Contracts.OwnedCounter
6-
import Contracts.SafeCounter
7-
import Contracts.Ledger
8-
import Contracts.Vault
9-
import Contracts.SimpleToken
10-
import Contracts.ERC20
11-
import Contracts.ERC721
1+
import Contracts.Legacy.SpecAliases
122

13-
namespace Compiler.Specs
3+
/-!
4+
Deprecated compatibility import.
145
15-
open Compiler.CompilationModel
16-
17-
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
18-
def simpleStorageSpec : CompilationModel := Contracts.SimpleStorage.spec
19-
20-
/-- Legacy compatibility shim preserving the historical 3-function Counter surface. -/
21-
def counterSpec : CompilationModel :=
22-
let canonical := Contracts.Counter.spec
23-
{ canonical with
24-
functions := canonical.functions.filter fun fn =>
25-
fn.name = "increment" || fn.name = "decrement" || fn.name = "getCount" }
26-
27-
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
28-
def ownedSpec : CompilationModel := Contracts.Owned.spec
29-
30-
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
31-
def ledgerSpec : CompilationModel := Contracts.Ledger.spec
32-
33-
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
34-
def vaultSpec : CompilationModel := Contracts.Vault.spec
35-
36-
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
37-
def ownedCounterSpec : CompilationModel := Contracts.OwnedCounter.spec
38-
39-
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
40-
def simpleTokenSpec : CompilationModel := Contracts.SimpleToken.spec
41-
42-
/-- Legacy compatibility alias. Canonical source is macro-generated. -/
43-
def safeCounterSpec : CompilationModel := Contracts.SafeCounter.spec
44-
45-
/-- ERC20 spec alias for test/proof convenience. Uses the macro-generated spec. -/
46-
def erc20Spec : CompilationModel := Contracts.ERC20.spec
47-
48-
/-- ERC721 spec alias for test/proof convenience. Uses the macro-generated spec. -/
49-
def erc721Spec : CompilationModel := Contracts.ERC721.spec
50-
51-
end Compiler.Specs
6+
Use `Contracts.Legacy.SpecAliases` for the legacy aliases, or import the
7+
canonical contract module and use `Contracts.<Name>.spec` directly in new code.
8+
-/

Contracts/Specs.lean

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,14 @@
22
Contracts.Specs: Declarative Contract Specifications
33
44
Shipped compiler inputs are the macro-generated `CompilationModel` values
5-
emitted by `verity_contract`. This module keeps compatibility aliases for
6-
existing tests and the manual `cryptoHashSpec` special case.
5+
emitted by `verity_contract`. Legacy aliases live under
6+
`Contracts.Legacy.SpecAliases`; this module keeps the manual `cryptoHashSpec`
7+
special case plus the current compatibility `allSpecs` list while callers
8+
migrate to generated canonical names.
79
-/
810

911
import Compiler.CompilationModel
10-
import Contracts.SpecAliases
12+
import Contracts.Legacy.SpecAliases
1113

1214
namespace Compiler.Specs
1315

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ Verity proves that compilation preserves behavior at three stages. Each layer is
4040

4141
**Layer 1** (EDSL to CompilationModel): the `verity_contract` macro generates both an executable Lean program and a compiler-facing model from a single definition. Per-contract bridge theorems prove they agree.
4242

43-
**Layer 2** (CompilationModel to IR): a generic whole-contract theorem covers the supported fragment with zero axioms. No per-contract proof effort needed. `forEach` support is deliberately partial: zero-bound loops with supported bodies and arbitrary literal-bound empty-body loops are proved, while positive non-empty loop bodies remain outside the current theorem.
43+
**Layer 2** (CompilationModel to IR): a generic whole-contract theorem covers the supported fragment with zero axioms. No per-contract proof effort needed. Internal helper calls now exist at the source level, and helper-summary proof reuse is available in source-semantics lemmas, but that reuse is not yet fully consumed through the generic body/IR theorem path. ECMs, typed interface calls, external calls, and low-level call/returndata mechanics are trust-reported or compiler-supported rather than fully proof-modeled. Constructors, fallback/receive, events/logs, typed errors, proxy/delegatecall, local obligations, and richer storage-layout features remain outside the generic proof fragment or partial. `forEach` support is deliberately partial: zero-bound loops with supported bodies and arbitrary literal-bound empty-body loops are proved, while positive non-empty loop bodies remain outside the current theorem.
4444

4545
**Layer 3** (IR to Yul): all statement types are proven equivalent. The dispatch bridge is an explicit theorem hypothesis, not an axiom.
4646

artifacts/feature_ownership.json

Lines changed: 172 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,172 @@
1+
{
2+
"schema_version": 1,
3+
"description": "Authoritative ownership and proof-boundary status for major Verity feature surfaces. Use this to distinguish source syntax, compiler lowering, proof coverage, trust reporting, and compatibility shims.",
4+
"status_values": [
5+
"supported",
6+
"partial",
7+
"unsupported",
8+
"not_applicable"
9+
],
10+
"surfaces": [
11+
{
12+
"id": "source_internal_helpers",
13+
"name": "Source-level internal helper functions",
14+
"owner": "Verity.Macro / Compiler.CompilationModel / Compiler.Proofs.SourceSemantics",
15+
"source_supported": "supported",
16+
"compile_supported": "supported",
17+
"proof_modeled": "partial",
18+
"trust_reported": "not_applicable",
19+
"deprecated": false,
20+
"canonical_entrypoints": [
21+
"Verity/Macro/Translate.lean",
22+
"Compiler/CompilationModel.lean",
23+
"Compiler/Proofs/SourceSemantics.lean"
24+
],
25+
"notes": "Internal helpers stay out of ABI dispatch. Helper-summary reuse is available in source-semantics lemmas but is not yet fully consumed through the generic body/IR theorem path."
26+
},
27+
{
28+
"id": "typed_external_interface_calls",
29+
"name": "Typed external interface calls",
30+
"owner": "Verity.Macro / Compiler.Modules.Calls",
31+
"source_supported": "supported",
32+
"compile_supported": "supported",
33+
"proof_modeled": "unsupported",
34+
"trust_reported": "supported",
35+
"deprecated": false,
36+
"canonical_entrypoints": [
37+
"Verity/Macro/Translate.lean",
38+
"Compiler/Modules/Calls.lean",
39+
"docs/EXTERNAL_CALL_MODULES.md"
40+
],
41+
"notes": "Interface dot calls lower through the standard ABI-call ECM surface and remain explicit trust-report entries."
42+
},
43+
{
44+
"id": "low_level_call_returndata",
45+
"name": "Low-level calls and returndata mechanics",
46+
"owner": "Compiler.CompilationModel / Compiler.Modules.Calls",
47+
"source_supported": "partial",
48+
"compile_supported": "supported",
49+
"proof_modeled": "unsupported",
50+
"trust_reported": "supported",
51+
"deprecated": false,
52+
"canonical_entrypoints": [
53+
"Compiler/CompilationModel.lean",
54+
"Compiler/CompilationModel/Compile.lean",
55+
"Compiler/Modules/Calls.lean",
56+
"docs/INTERPRETER_FEATURE_MATRIX.md"
57+
],
58+
"notes": "call/staticcall/delegatecall and returndata plumbing are compiler-supported and tested, but outside proof interpreters."
59+
},
60+
{
61+
"id": "constructors_fallback_receive",
62+
"name": "Constructors, fallback, and receive",
63+
"owner": "Verity.Macro / Compiler.CompilationModel",
64+
"source_supported": "partial",
65+
"compile_supported": "partial",
66+
"proof_modeled": "partial",
67+
"trust_reported": "supported",
68+
"deprecated": false,
69+
"canonical_entrypoints": [
70+
"Verity/Macro/Translate.lean",
71+
"Compiler/CompilationModel.lean",
72+
"docs/VERIFICATION_STATUS.md"
73+
],
74+
"notes": "Constructor and special-entrypoint syntax exists, but the generic proof fragment only covers selected initialization and entrypoint shapes."
75+
},
76+
{
77+
"id": "events_logs_typed_errors",
78+
"name": "Events, logs, and typed errors",
79+
"owner": "Verity.Macro / Compiler.CompilationModel",
80+
"source_supported": "supported",
81+
"compile_supported": "supported",
82+
"proof_modeled": "partial",
83+
"trust_reported": "supported",
84+
"deprecated": false,
85+
"canonical_entrypoints": [
86+
"Verity/Macro/Translate.lean",
87+
"Compiler/CompilationModel/Compile.lean",
88+
"docs/EXTERNAL_CALL_MODULES.md"
89+
],
90+
"notes": "User-facing forms compile, while raw logs and richer ABI payload mechanics remain proof-boundary surfaces."
91+
},
92+
{
93+
"id": "rich_storage_layout",
94+
"name": "Rich storage layout features",
95+
"owner": "Verity.Macro / Compiler.CompilationModel",
96+
"source_supported": "partial",
97+
"compile_supported": "partial",
98+
"proof_modeled": "partial",
99+
"trust_reported": "supported",
100+
"deprecated": false,
101+
"canonical_entrypoints": [
102+
"Verity/Macro/Translate.lean",
103+
"Compiler/CompilationModel/StorageLayout.lean",
104+
"docs/SOLIDITY_PARITY_PROFILE.md"
105+
],
106+
"notes": "Many scalar, mapping, struct, packed-word, and ERC-7201 forms are present, but compatibility layout features are not all inside the generic proof fragment."
107+
},
108+
{
109+
"id": "foreach_positive_nonempty",
110+
"name": "Positive non-empty forEach bodies",
111+
"owner": "Compiler.Proofs.IRGeneration",
112+
"source_supported": "supported",
113+
"compile_supported": "supported",
114+
"proof_modeled": "partial",
115+
"trust_reported": "not_applicable",
116+
"deprecated": false,
117+
"canonical_entrypoints": [
118+
"Compiler/Proofs/IRGeneration/GenericInduction.lean",
119+
"artifacts/layer2_boundary_catalog.json",
120+
"docs/VERIFICATION_STATUS.md"
121+
],
122+
"notes": "Zero-bound supported bodies and literal-bound empty bodies are covered. Positive non-empty loop bodies remain outside the current generic theorem."
123+
},
124+
{
125+
"id": "legacy_spec_aliases",
126+
"name": "Legacy CompilationModel spec aliases",
127+
"owner": "Contracts.Legacy",
128+
"source_supported": "not_applicable",
129+
"compile_supported": "supported",
130+
"proof_modeled": "not_applicable",
131+
"trust_reported": "not_applicable",
132+
"deprecated": true,
133+
"canonical_entrypoints": [
134+
"Contracts/Legacy/SpecAliases.lean",
135+
"Contracts/SpecAliases.lean"
136+
],
137+
"notes": "Historical names remain available through a compatibility namespace. New code should import the canonical contract module and use Contracts.<Name>.spec directly."
138+
},
139+
{
140+
"id": "patched_compiler_entrypoint",
141+
"name": "Patch-enabled compiler binary",
142+
"owner": "Compiler.MainPatched",
143+
"source_supported": "not_applicable",
144+
"compile_supported": "supported",
145+
"proof_modeled": "not_applicable",
146+
"trust_reported": "supported",
147+
"deprecated": false,
148+
"canonical_entrypoints": [
149+
"Compiler/Main.lean",
150+
"Compiler/MainPatched.lean",
151+
"lakefile.lean",
152+
"packages/verity-compiler/lakefile.lean"
153+
],
154+
"notes": "The canonical compiler binary is Compiler.Main / verity-compiler. MainPatched remains as the intentionally separate parity and patch-enabled binary."
155+
},
156+
{
157+
"id": "external_call_with_return_ecm_name",
158+
"name": "externalCallWithReturn ECM module name",
159+
"owner": "Compiler.Modules.Calls",
160+
"source_supported": "not_applicable",
161+
"compile_supported": "supported",
162+
"proof_modeled": "unsupported",
163+
"trust_reported": "supported",
164+
"deprecated": true,
165+
"canonical_entrypoints": [
166+
"Compiler/Modules/Calls.lean",
167+
"docs/EXTERNAL_CALL_MODULES.md"
168+
],
169+
"notes": "The public API is Calls.withReturn / Calls.withReturnModule. The old module name remains in emitted metadata for compatibility and should be migrated in a future focused PR."
170+
}
171+
]
172+
}

0 commit comments

Comments
 (0)