feat(formal): verify + wire Rows.v (P-11 record-row soundness)#648
Merged
Conversation
Rows.v landed in #639 as an explicitly-UNVERIFIED scaffold because the authoring container had no Coq toolchain. Installed Coq 8.18.0 (OCaml 4.14.1, the repo's pinned toolchain) and verified it: coqc -Q . ASFormal Rows.v -> clean Print Assumptions progress / preservation -> "Closed under the global context" (axiom-free, no Admitted) The hand-written proofs compiled first try. So promote the scaffold to a real, wired obligation: * formal/_CoqProject + formal/justfile `check`: add Rows (the recipe fails on any axiom/Admitted, so this now gates Rows too). * formal/Rows.v: replace the UNVERIFIED banner with the verified/wired note; drop the stale "Target:"/"lift into Siblings_Stated" wording. * formal/README.adoc: contents-table row + a "Record rows (P-11)" section. * docs/PROOF-NEEDS.adoc: new P-11 obligation row (mechanized); refresh the Coq-core counts to 18 files / 31 Print-Assumptions reports (also corrects the long-stale "13 files" intro line). * .hypatia-ignore: de-stale the Rows.v comment (now mechanized + wired). Full track re-verified end to end: 18 files, 31 closure reports, zero axioms. dune build clean; soundness-ledger gate green (SOUNDNESS.adoc untouched). Scope unchanged: Wave W0 (monomorphic extensible records); row-*variable* polymorphism is the W1 increment (P-11 row notes it). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01BbxKhXQwTvVgkYDgBMLJoa
🔍 Hypatia Security ScanFindings: 41 issues detected
View findings[
{
"reason": "Action denoland/setup-deno@v2 needs attention",
"type": "unpinned_action",
"file": "publish-jsr.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in instant-sync.yml",
"type": "secret_action_without_presence_gate",
"file": "instant-sync.yml",
"action": "peter-evans/repository-dispatch",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Shell execution -- validate input before passing to shell (1 occurrences, CWE-78)",
"type": "js_exec_sync",
"file": "/home/runner/work/affinescript/affinescript/packages/affinescript-cli/mod.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "Shell execution -- validate input before passing to shell (2 occurrences, CWE-78)",
"type": "js_exec_sync",
"file": "/home/runner/work/affinescript/affinescript/packages/affine-vscode/mod.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "Shell execution -- validate input before passing to shell (1 occurrences, CWE-78)",
"type": "js_exec_sync",
"file": "/home/runner/work/affinescript/affinescript/affinescript-vite/src/affine-plugin-improved.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "expect() in hot path (32 occurrences, CWE-754)",
"type": "expect_in_hot_path",
"file": "/home/runner/work/affinescript/affinescript/affinescriptiser/src/codegen/wasm_gen.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "expect() in hot path (29 occurrences, CWE-754)",
"type": "expect_in_hot_path",
"file": "/home/runner/work/affinescript/affinescript/affinescriptiser/src/codegen/affine_gen.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "unsafe block -- requires SAFETY comment (2 occurrences, CWE-676)",
"type": "unsafe_block",
"file": "/home/runner/work/affinescript/affinescript/runtime/src/panic.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "unsafe block -- requires SAFETY comment (1 occurrences, CWE-676)",
"type": "unsafe_block",
"file": "/home/runner/work/affinescript/affinescript/runtime/src/alloc.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "unsafe block -- requires SAFETY comment (3 occurrences, CWE-676)",
"type": "unsafe_block",
"file": "/home/runner/work/affinescript/affinescript/runtime/src/ffi.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Rows.v(P-11, record-row soundness) landed in #639 as an explicitly-unverified scaffold — the authoring container had no Coq toolchain, so it shipped un-wired with a loud UNVERIFIED banner. This PR closes that loop: I installed Coq 8.18.0 (OCaml 4.14.1 — the repo's pinned toolchain) and verified it.The hand-written proofs compiled first try, axiom-free, no
Admitted. So the scaffold is promoted to a real, wired obligation.Changes
formal/_CoqProject+formal/justfilecheck: addRows(the recipe fails on any axiom/Admitted, so this now gatesRowstoo).formal/Rows.v: UNVERIFIED banner → verified/wired note; dropped the stale "Target:" / "lift into Siblings_Stated" wording.formal/README.adoc: contents-table row + a "Record rows (P-11)" prose section.docs/PROOF-NEEDS.adoc: new P-11 obligation row (mechanized); refreshed Coq-core counts to 18 files / 31Print Assumptionsreports (also fixes the long-stale "13 files" intro line)..hypatia-ignore: de-stale theRows.vcomment (now mechanized + wired).Verification (run in this environment)
Rows.vre-verified standalone after the comment edits.dune buildclean;tools/check-soundness-ledger.shgreen (SOUNDNESS.adocuntouched).Scope
Unchanged from #639: Wave W0 (monomorphic extensible records — empty/extend/select/restrict over a
lacks-checked row). Row-variable polymorphism (true row polymorphism) is the W1 increment, noted on the P-11 row as the next rung.🤖 Generated with Claude Code
Generated by Claude Code