fix(aspice): make swe1-has-verification satisfiers reachable (#652)#657
Conversation
The `swe1-has-verification` coverage rule lists `unit-verification` and `sw-integration-verification` as `verifies` satisfiers for `sw-req`, but those types' `verifies` link-fields only allowed `sw-detail-design` / `sw-arch-component` targets. `rivet validate` warned against its own embedded schema (`coverage-rule-consistency`, facets 1 & 2 of #648) and any `implemented` sw-req carried a permanent, unfixable lifecycle-coverage gap (facet 2). Widen `verifies` target-types on both verification types to include `sw-req` so the coverage rule is reachable. `swe4-verifies-swe3` still requires unit-verification to link `verifies -> sw-detail-design`; adding `sw-req` as an additional allowed target-type does not relax that source-side traceability rule. Regression test in `rivet-core/tests/schema_validation_rules.rs` merges the embedded `common` + `aspice` schemas and asserts `check_coverage_rule_consistency()` returns zero diagnostics. Fixes: REQ-148 Refs: REQ-010
📐 Rivet artifact deltaNo artifact changes in this PR. Code-only changes (renderer, CLI wiring, tests) don't touch the artifact graph. |
There was a problem hiding this comment.
⚠️ Performance Alert ⚠️
Possible performance regression was detected for benchmark 'Rivet Criterion Benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.20.
| Benchmark suite | Current: 897e2bc | Previous: a23af22 | Ratio |
|---|---|---|---|
store_insert/10000 |
15571643 ns/iter (± 809612) |
12404317 ns/iter (± 897535) |
1.26 |
This comment was automatically generated by workflow using github-action-benchmark.
…on reachability #652 (this PR) makes unit-verification / sw-integration-verification reach sw-req via `verifies`, completing REQ-237's #350 direction (a direct verification -> sw-req link without the full ASPICE chain). Three tests still encoded the pre-#652 behavior and now assert the corrected output: - schema::tests::from_type_can_link_respects_link_field_targets: unit-verification CAN now verifies -> sw-req; still respects the target list (rejects sw-arch-component, which is not among its targets). - explain_names_directly_linkable_verification_type: `validate --explain` now lists all three directly-linkable verification types and no longer annotates any as attaching only via the design chain. - lifecycle_gap_names_the_aspice_verification_chain: the gap hint now names the directly-linkable verification types; the chain hint was the stopgap for the pre-#652 schema and correctly no longer fires for sw-req. Verifies: REQ-178, REQ-237 Refs: REQ-010
…verifies-sw-req-track
|
Completed the failing test updates (pushed to this branch) + merged current The 3 failures were tests still encoding the pre-#652 behavior — all now assert the corrected output, verified locally:
Worth a look: #652 completes REQ-237/#350's own direction ("direct verification → sw-req without the full ASPICE chain"), so REQ-237's chain-naming hint no longer fires for aspice (Only Kani Proofs should remain red — the known exit-143 runner-shutdown infra flake.) |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Closes #652.
What
The embedded aspice schema warned against itself:
rivet validateon a clean aspice-schema project emitted twocoverage-rule-consistencywarnings because theswe1-has-verificationcoverage rule listsunit-verificationandsw-integration-verificationasverifiessatisfiers forsw-req, but those types'verifieslink-fields only allowedsw-detail-design/sw-arch-component— the satisfiers were unreachable (facets 1 & 2 of #648; facet 3 was fixed in #650). As a follow-on, anyimplementedsw-req carried a permanent, unfixablelifecycle-coverage-completegap because the coverage demanded exactly those unreachable satisfiers.This PR widens the
verifieslink-fieldtarget-typeson both types to includesw-req, so the coverage rule is reachable end-to-end.- name: unit-verification link-fields: - name: verifies link-type: verifies - target-types: [sw-detail-design] + target-types: [sw-detail-design, sw-req] - name: sw-integration-verification link-fields: - name: verifies link-type: verifies - target-types: [sw-arch-component, sw-detail-design] + target-types: [sw-arch-component, sw-detail-design, sw-req]Both new target-types carry an inline comment naming #652 and pointing back at the
swe1-has-verificationcoverage rule they exist to satisfy.Why this direction, not the other one
The alternative would be dropping
unit-verification/sw-integration-verificationfrom the coverage rule'sfrom-types. Rejected because:sw-req → sw-arch-component → sw-detail-design, but the reverse verification chain is expected to be evidenceable at any level — a consumer authoringunit-verification --verifies--> sw-reqis expressing "this test evidences the requirement directly," which ASPICE 4.0 SUP.10 BP1/BP2 treats as a valid trace.swe4-verifies-swe3(requireunit-verification.verifiesto include at least onesw-detail-design) is untouched — widening the allowed target-types does not relax that rule; it just permits an additional target alongside the required one.Acceptance criteria (from #652)
rivet validateon an aspice project emits zerocoverage-rule-consistencywarnings against the embedded schema.unit-verificationandsw-integration-verificationcan now formverifies → sw-req, so theswe1-has-verificationsatisfier reachability check inSchema::check_coverage_rule_consistency(rivet-core/src/schema.rs:1235) no longer fires.implementedsw-req with a real unit/integration verification linked reaches lifecycle-coverage-complete (no permanent unfixable gap).unit-verification --verifies--> SW-REQ-xorsw-integration-verification --verifies--> SW-REQ-xas the satisfier the coverage rule demands.rivet-core/tests/schema_validation_rules.rs::aspice_embedded_schema_has_no_coverage_rule_consistency_diagnostics— merges the embeddedcommon+aspiceand assertscheck_coverage_rule_consistency()returns[].Why draft
This session's egress policy is scoped to
pulseengine/rivetonly. The workspace transitively depends onpulseengine/rowan(git dependency inCargo.lock, pinned at9e7abd1…), which the proxy denies with a 403. I could not runcargo build -p rivet-core --testsorcargo testlocally in this session — the fetch ofrowancannot succeed. Please flip to Ready-for-review after CI (which has full scope) confirms:cargo test -p rivet-core --test schema_validation_rules aspice_embedded_schema_has_no_coverage_rule_consistency_diagnosticspasses on this branch,cargo test -p rivet-core --test schema_validation_rules aspice_embedded_schema_has_no_coverage_rule_consistency_diagnosticsfails onmain(proves the regression test is real),rivet validateon the rivet repo remains PASS.Test plan
schema_validation_rules.rsfails onmain(revert the two YAML changes, expect one diagnostic per unreachable from-type)rivet validateon an aspice-schema consumer project and confirm the twocoverage-rule-consistencywarnings are goneGenerated by Claude Code