Skip to content

Commit 0a23a09

Browse files
avrabeclaude
andauthored
docs(rivet): VCR-DEC-003 — resolve witness provenance offset-domain (#396) (#521)
The one open item on the synth-provenance-v1 contract (#396) is resolved from synth's side, verified from code: synth's op_offsets are ABSOLUTE byte offsets into the original .wasm binary (wasm_decoder.rs feeds the whole module via Parser::new(0).parse_all + reads per-op offsets via into_iter_with_offsets), the same origin as walrus InstrLocId — so the join is direct, no normalization. Replaces the normalization caveat with the real invariant (both tools key off the same input .wasm bytes). Pending only witness's confirmation of the walrus side. Behavior-frozen: docs/traceability only. Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
1 parent 2d19ddb commit 0a23a09

1 file changed

Lines changed: 19 additions & 11 deletions

File tree

artifacts/verified-codegen-roadmap.yaml

Lines changed: 19 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1286,17 +1286,25 @@ artifacts:
12861286
branch object sequence (I64SetCond / I64Shl / I64DivU / …); preserved =
12871287
every 1:1 `br_if`.
12881288
1289-
ONE OPEN ITEM TO SETTLE BEFORE IMPLEMENTING (raised on #396): the offset
1290-
NORMALIZATION domain — synth's `op_offsets` are module-relative WASM byte
1291-
offsets (into the code section); witness's `InstrLocId` byte_offset must be
1292-
confirmed module-relative vs function-body-relative so the join is exact, not
1293-
off-by-a-function-header. Once witness confirms, the emitter is the
1294-
implementation milestone: thread a per-branch transformation label through
1295-
BOTH lowering paths (optimized `ir_to_arm` currently sets `source_line: None`
1296-
— provenance is dropped there today; the direct selector carries it) and
1297-
serialize `synth-provenance-v1` behind a CLI flag (frozen-safe: additive
1298-
output file, no `.text` change). NOT in scope for the contract-settling step;
1299-
tracked as the VCR-DBG/witness follow-up.
1289+
OFFSET-NORMALIZATION DOMAIN — RESOLVED on synth's side (#396, 2026-06-27):
1290+
synth's `op_offsets` are ABSOLUTE byte offsets into the original `.wasm`
1291+
binary, verified from code — `wasm_decoder.rs` feeds the whole module to
1292+
wasmparser (`Parser::new(0).parse_all(wasm_bytes)`, base 0) and reads per-op
1293+
offsets via `into_iter_with_offsets()` (whole-buffer positions, NOT
1294+
function-body-relative). walrus `InstrLocId` is the same origin (offset in
1295+
the original Wasm buffer), so the join is DIRECT — no per-function header
1296+
subtraction, no normalization. Pending only witness's confirmation of the
1297+
walrus side. The replacement invariant to carry in the contract: both tools
1298+
must key off the SAME input `.wasm` bytes (witness measures the module before
1299+
synth lowers it; if witness re-serializes via walrus, the `InstrLocId`s must
1300+
refer to the bytes synth then compiles).
1301+
1302+
Remaining = the EMITTER milestone (purely synth-internal): thread a per-branch
1303+
transformation label through BOTH lowering paths (optimized `ir_to_arm`
1304+
currently sets `source_line: None` — provenance is dropped there today; the
1305+
direct selector carries it) and serialize `synth-provenance-v1` behind a CLI
1306+
flag (frozen-safe: additive output file, no `.text` change). NOT in scope for
1307+
the contract-settling step; tracked as the VCR-DBG/witness follow-up.
13001308
status: proposed
13011309
tags: [witness, mcdc, traceability, provenance, vcr-dbg, decision, integration]
13021310
links:

0 commit comments

Comments
 (0)