Skip to content

cvlr-spec: basic primitives for specifications #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1arie1 wants to merge 61 commits into
base: main
Choose a base branch
from
Open

cvlr-spec: basic primitives for specifications #37

1arie1 wants to merge 61 commits into from

Conversation

@1arie1
Copy link
Collaborator

@1arie1 1arie1 commented Dec 17, 2025

Introduces basic primitives to write function specification (pre- and post-conditions), invariants, and general Boolean expressions. Expressions can be evaluated, assumed, or asserted. Introduces macros to automatically generate rules from specifications.

@1arie1 1arie1 requested a review from caballa December 17, 2025 17:46
@1arie1 1arie1 mentioned this pull request Dec 17, 2025
Closed
caballa
caballa approved these changes Dec 18, 2025
View reviewed changes
Copy link
Collaborator

@caballa caballa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amazing

1arie1 added 25 commits December 19, 2025 16:54
@1arie1
cvlr-lock
b945468
@1arie1
chore: tests for cvlr_log macro
7dc652e
@1arie1
feat: first draft of cvlr-spec
efce922
@1arie1
refactor: split into multiple files
71b7e42
@1arie1
feat: CvlrLemma and related macros
05111f3 
also includes various cleanups in cvlr-spec
and exposure of cvlr-spec in cvlr.
@1arie1
chore: tests and formatting
77ba808
@1arie1
chore: documentation for CvlrLemma and relations
d57de95
@1arie1
feat: cvlr_predicate macro to define predicates
0eed7ad 
Converts a rust function int a CvlrBoolExpr predicate
@1arie1
fix: use __cvlr_ prefix for temporary variables
ae480a3 
cvlr_assert series of macros introduce local variables to avoid
evaulating their arguments multiple times. The variable names
should be unique to avoid shadowing.

We are using `__cvlr_` prefix since it is unique enough.
@1arie1
cargo-fmt
4c581dc
@1arie1
fix: use cvlr::spec in generated code
9fc7550 
We have cvlr_spec crate that is re-exported in cvlr as cvlr::spec
We expect most users to use cvlr rather than sub-crates individually.
@1arie1
chore: re-export cvlr_predicate in cvlr
5e6557e 
re-exporting as cvlr::predicate
@1arie1
feat: adapter to convert one-state to two-state
c5e09f6 
Useful for converting state predicates to post-conditions
@1arie1
chore: tests and docs for ToTwoState
82a88fd
@1arie1
feat: rewrite cvlr-spec with assoc types
60e4aa5 
An alternative design in which associated types are used to represent
that context over which a BoolExpr operates.

This design allow programatic access to the context form the BoolExpr.

Also replace StatePair with a tuple of contexts.
@1arie1
chore: tests and docs for new cvlr-spec design
696df37
@1arie1
feat: extend BoolExpr to evaluate over states
ec4d8c6 
Currently, only evaluation over two states (or one state) is supported.

Two-state evaluation is used in specification to evaluate over pre- and
post-state, together.

A predicate that is single state is evaluated on the first state of
the two-state pair. For that reason, in CvlrSpec, post-state is given
first.
@1arie1
chore: update cvlr::predicate to match cvlr-spec
ef5b1c8
@1arie1
chore: update expanded test files
11349f5
@1arie1
refactor: fmt and clippy warnings
8f34652
@1arie1
feat: macros to generate rules for specs
a8fa80c
@1arie1
feat: macro that generates a single rule
32eed16
@1arie1
chore: tests for cvlr_rule_for_spec macro
9d283f1
@1arie1
chore: docs and tests for macros in cvlr-spec
c959ea7
@1arie1
chore: cargo-fmt
65d9da6
1arie1 added 17 commits December 19, 2025 16:55
@1arie1
feat: remove guarded expressions from assert_that
0cd14ac
@1arie1
feat: assert_that descends into if-else expr
8b5b1a6 
```
cvlr_assert_that!{if guard { flag } else { true }}
```

expands to
```
if guard {
    ::cvlr_asserts::cvlr_assert_checked(flag);
} else {
    ()
};
```

and `cvlr_assert_that!(true)` expands to `()`
@1arie1
chore: in cvlr_predicate, use eager evaluation
aeb25a7 
Generated `eval` function exits as soon as one of the expressions
is false
@1arie1
feat: log scope start and end in asserts/assumes
a80ae0e
@1arie1
chore: allow trailing semicolon in cvlr_spec
6f1a50a
@1arie1
chore: fix tests for assert/assume macros
f07edba
@1arie1
chore: rename CvlrBoolExpr into CvlrFormula
6955a46
@1arie1
feat: introduce CvlrPredicate trait
71c08fd 
CvlrPredicate is a marker trait that all predicates must implement.

A CvlrFormula is either a constnat CvlrTrue, a predicate, or a boolean
combination of CvlrFormulas.
@1arie1
chore: more tests for cvlr_predicate
ffc2ed8 
The case of if-without-else is broken for evaluation.
The current eager evaluation scheme is difficult to implement in this
case.

Let binidngs are also broken because they are collected now separately
from the expression statements.

Fixing this requires a more serious overhaul.
@1arie1
chore: minor issues in documentation
4002849
@1arie1
fix: switch cvlr_predicate to use lazy evaluation
a23b95f 
This is on the way of supporting if-without-else, but in the current
variant it still does not work as expected.
@1arie1
chore: runtime test for cvlr_predicate macro
2da4656
@1arie1
chore: reimplement cvlr_predicate macro
91ae946 
Using cvlr::predicate attributed local functions instead of
cvlr_def_predicate macro.
@1arie1
feat: add form 2 of cvlr_lemma macro
28e1e41 
Add form 2 of cvlr_lemma macro that allows for pre-built predicates.

This form is useful when you already have predicates defined or want to use
composed expressions.

update tests and documentation to match
@1arie1
chore: cargo-lock
b0a81c1
@1arie1
chore: fix dependencies for cvlr-log tests
b0f7375
@1arie1
chore: cargo-lock
9488476
@1arie1 1arie1 force-pushed the cvlr-spec-rewrite branch from d9d59a6 to 42cb3da Compare January 6, 2026 15:16
1arie1 added 8 commits January 6, 2026 16:50
@1arie1
fix: close scope in assert macros
7cf1be6 
assert macros log assertion and values. These are enclosed in a scope.
The bug was not closing the scope correctly using log_scope_end.
@1arie1
chore: make Lemmas public
2704117 
Lemmas are intendend to be used in multiple contexts.
Make them public by default.

We might add explicit visibility modifier later if needed.
@1arie1
feat: two-state predicate in cvlr_predicate macro
02c6855 
Add support for two-state predicates in cvlr_predicate macro.

Two-state predicates are predicates that take two arguments:
- The first argument is the post-state context
- The second argument is the pre-state context

The macro generates a struct that implements CvlrFormula and
CvlrPredicate.
@1arie1
chore: update expand tests after all the changes
4e5d758
@1arie1
chore: fmt on cvlr::predicate macro
0fe4fb7
@1arie1
chore: fmt on tests
0535907
@1arie1
fix: incorrect order of assume and assert in lemma
19de0d2 
CvlrLemma::apply() was essentially same as verify()
@1arie1
feat: cvlr_and_pif macro
1929213 
Add cvlr_and_pif macro to cvlr-spec.

cvlr_and_pif is a macro that composes a list of predicates
using cvlr_and.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@caballa caballa caballa approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@1arie1 @caballa