From cda8a1bd7561aaade6286aeda141b36969d22a17 Mon Sep 17 00:00:00 2001 From: Ralf Anton Beier Date: Sun, 31 May 2026 08:34:40 +0200 Subject: [PATCH] chore(rivet): mark shipped requirements as implemented MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Brings the rivet traceability requirement statuses in line with what has actually shipped on main. 24 draft + 2 planned (SR-33, SR-35) → implemented; SR-34 and SR-36 deliberately held at `planned`. Basis (status `implemented` = code exists and works, full test suite green; NOT `verified` = per-requirement formal verification, which is a separate pass): - SR-35 DWARF address remap → shipped v0.16–v0.20 (DwarfHandling::Remap, dwarf.rs); in-tree witness oracle passes. NB its stated verification is a cross-repo witness smoke that is NOT yet done — hence implemented, not verified. - SR-33 cross-component stream fusion → v0.9.0 (#141). - SR-31 multiply-instantiated detection → LS-M-5, ls_m_5_* regression test. - SR-19 deterministic output → LS-A-15. - SR-1..SR-25 (parser / canonical-ABI / merger / adapter / wrapping) → foundational subsystems shipped across v0.1–v0.20; exercised end-to-end by the wasmtime runtime tests (real components fused + executed). Held at `planned` (honesty — not on main): - SR-34 static stream validation: (i)/(iii) merged, (iv) is in the unmerged PR #210, (ii) bounded-capacity is N/A. Flip to implemented when #210 merges. - SR-36 synthesised DWARF DIEs for adapters: DWARF Phase 3 (#144), not started. `rivet validate` error count is unchanged (164 pre-existing schema-drift / broken-link errors, none introduced by this change). Co-Authored-By: Claude Opus 4.8 (1M context) --- safety/requirements/safety-requirements.yaml | 52 ++++++++++---------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/safety/requirements/safety-requirements.yaml b/safety/requirements/safety-requirements.yaml index b9d22a4..0b5f338 100644 --- a/safety/requirements/safety-requirements.yaml +++ b/safety/requirements/safety-requirements.yaml @@ -25,7 +25,7 @@ artifacts: description: > The parser shall extract all core modules from a component, including those nested within component instances at any depth. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -46,7 +46,7 @@ artifacts: description: > The parser shall extract every import and export entry declared by a component, preserving names, types, and kind. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -65,7 +65,7 @@ artifacts: canonical_abi_element_size shall return the correctly aligned element size for all Canonical ABI types, including records with heterogeneous field alignments. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -91,7 +91,7 @@ artifacts: The parser shall reject components that do not pass wasmparser validation with feature flags locked to the Component Model baseline spec. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -116,7 +116,7 @@ artifacts: The resolver shall match every import to exactly one export with a matching interface name and compatible type. Ambiguous matches (multiple exports with the same name) shall produce an error. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -141,7 +141,7 @@ artifacts: type into the correct CopyLayout. Types with inner pointer fields (strings, lists, records containing pointers) shall be classified as Elements with inner_pointers, not as Bulk. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -168,7 +168,7 @@ artifacts: component appears after all components it imports from. Dependency cycles shall be detected and reported as an error (or handled by cycle-tolerant sort with documented semantics). - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -198,7 +198,7 @@ artifacts: The merger shall compute each component's function base offset as the cumulative sum of all preceding components' total function counts (imports + defined functions). - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -220,7 +220,7 @@ artifacts: The rewriter shall remap indices in all instruction types that reference functions, memories, tables, globals, or types. This includes multi-index instructions (memory.copy, memory.init). - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -248,7 +248,7 @@ artifacts: The merger shall reindex data segment memory indices, element segment table indices, and global indices in init expressions using the correct per-kind base offset. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -269,7 +269,7 @@ artifacts: description: > The merger shall process components in the same order as the resolver's topological sort output. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -292,7 +292,7 @@ artifacts: resolved cross-component call whose signature includes pointer types (string, list, record with pointer fields) in multi-memory mode. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -310,7 +310,7 @@ artifacts: description: > The adapter shall call cabi_realloc using the post-merge function index of the destination component's allocator. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -334,7 +334,7 @@ artifacts: indices for all memory.copy, i32.load, and i32.store instructions. Source = caller's memory, destination = callee's memory for arguments; reversed for return values. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -359,7 +359,7 @@ artifacts: description: > The adapter shall compute list copy byte length as element_count multiplied by canonical_abi_element_size of the element type. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -381,7 +381,7 @@ artifacts: each inner pointer to reference the destination memory. The loop stride shall equal canonical_abi_element_size. The loop shall process exactly element_count iterations. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -407,7 +407,7 @@ artifacts: String transcoding adapters shall produce valid output encoding for all valid input, including characters outside the BMP (surrogate pair handling for UTF-16). - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -426,7 +426,7 @@ artifacts: The adapter shall emit instructions in the correct order: cabi_realloc before memory.copy, memory.copy before callee function call. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -448,7 +448,7 @@ artifacts: description: > Given identical input component bytes and identical FuserConfig, meld shall produce byte-identical output across invocations. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -469,7 +469,7 @@ artifacts: out-of-bounds index, malformed input), meld shall abort with a diagnostic error. Partial or best-effort output shall not be produced. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -496,7 +496,7 @@ artifacts: each canon lower shall reference the correct memory index and cabi_realloc for the importing component. The stubs module shall define all memories needed by the fused module. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -545,7 +545,7 @@ artifacts: module:field name but different type signatures. In multi-memory mode, imports from different components shall be kept separate even if they share the same name, to allow per-component canon lower configuration. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -596,7 +596,7 @@ artifacts: The adapter shall pass resource handles through cross-component calls without modification (no pointer copy or fixup). Resource drop functions shall be forwarded directly. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -645,7 +645,7 @@ artifacts: may support multi-module component output (per cfallin's "simple component" proposal), but until then, fail-fast rejection is required. - status: draft + status: implemented tags: [stpa-derived] links: - type: derives-from @@ -724,7 +724,7 @@ artifacts: (b) different-memory (multi-memory): `stream_read` → in-module copy loop → `stream_write` chain, with `cabi_realloc` null-guard policy per LS-A-7. - status: planned + status: implemented tags: [roadmap, p3-async, v0.9.0] links: - type: derives-from @@ -780,7 +780,7 @@ artifacts: `.debug_str` / `.debug_abbrev` pass through with string-pool dedup / byte-equal merge. End-to-end verified by witness MC/DC integration: ≥ X% of `br_if` byte offsets in fused output resolve to source. - status: planned + status: implemented tags: [roadmap, dwarf, witness-mc-dc, v0.10.0] links: - type: derives-from