Encode a verification condition into SMT-LIB format.
This function encodes the path conditions (P) and obligation (Q) into SMT, then emits check-sat commands to determine satisfiability and/or validity.
When both checks are requested, uses check-sat-assuming for efficiency:
- Satisfiability: (check-sat-assuming (Q)) tests if P ∧ Q is satisfiable
- Validity: (check-sat-assuming ((not Q))) tests if P ∧ ¬Q is satisfiable
When only one check is requested, uses assert + check-sat:
- For satisfiability: (assert Q) (check-sat) tests P ∧ Q
- For validity: (assert (not Q)) (check-sat) tests P ∧ ¬Q
Note: The obligation term Q is encoded without negation. Negation is applied when needed for the validity check (line 64 for check-sat-assuming, line 77 for assert).
Equations
- One or more equations did not get rendered due to their size.
Instances For
Instances For
Equations
- Core.SMT.getSolverPrelude "z3" = do Strata.SMT.Solver.setOption "smt.mbqi" "false" Strata.SMT.Solver.setOption "auto_config" "false"
- Core.SMT.getSolverPrelude "cvc5" = pure ()
- Core.SMT.getSolverPrelude x✝ = pure ()
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Analysis outcome of a verification condition based on two SMT queries:
- satisfiabilityProperty: result of checking P ∧ Q (is the property satisfiable given the path condition?)
- validityProperty: result of checking P ∧ ¬Q (can the property be false given the path condition?)
The 9 possible outcomes and their interpretations. For cover statements, any outcome where P ∧ Q is sat displays as ✅ (cover satisfied). Unreachable covers display as ❌ (error) instead of ⛔ (warning).
Emoji Label P ∧ Q P ∧ ¬Q Reachable Deductive BugFinding BugFinding+Complete Meaning
✅ always true and is reachable sat unsat yes pass pass pass Property always true, reachable from declaration entry ❌ always false and is reachable unsat sat yes error error error Property always false, reachable from declaration entry 🔶 can be both true and false and is reachable sat sat yes error note error Reachable, solver found models for both the property and its negation ⛔ unreachable unsat unsat no warning warning warning Dead code, path unreachable ➕ can be true and is reachable sat unknown yes error note note Property can be true and is reachable, unknown if always true ✖️ always false if reached unsat unknown unknown error error error Property always false if reached, unknown if reachable ➖ can be false and is reachable unknown sat yes error note error Property can be false and is reachable, unknown if always false ✔️ always true if reached unknown unsat unknown pass pass pass Property always true if reached, unknown if reachable ❓ unknown unknown unknown unknown error note note Both checks inconclusive
- satisfiabilityProperty : SMT.Result
- validityProperty : SMT.Result
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- Core.instReprVCOutcome = { reprPrec := Core.instReprVCOutcome.repr }
Equations
- Core.instInhabitedVCOutcome = { default := { satisfiabilityProperty := Imperative.SMT.Result.unknown, validityProperty := Imperative.SMT.Result.unknown } }
Equations
- o.passAndReachable = match o.satisfiabilityProperty, o.validityProperty with | Imperative.SMT.Result.sat cex, Imperative.SMT.Result.unsat => true | x, x_1 => false
Instances For
Equations
- o.alwaysFalseAndReachable = match o.satisfiabilityProperty, o.validityProperty with | Imperative.SMT.Result.unsat, Imperative.SMT.Result.sat cex => true | x, x_1 => false
Instances For
Equations
- o.canBeTrueOrFalseAndIsReachable = match o.satisfiabilityProperty, o.validityProperty with | Imperative.SMT.Result.sat cex, Imperative.SMT.Result.sat cex_1 => true | x, x_1 => false
Instances For
Equations
- o.unreachable = match o.satisfiabilityProperty, o.validityProperty with | Imperative.SMT.Result.unsat, Imperative.SMT.Result.unsat => true | x, x_1 => false
Instances For
Equations
- o.satisfiableValidityUnknown = match o.satisfiabilityProperty, o.validityProperty with | Imperative.SMT.Result.sat cex, Imperative.SMT.Result.unknown => true | x, x_1 => false
Instances For
Equations
- o.alwaysFalseReachabilityUnknown = match o.satisfiabilityProperty, o.validityProperty with | Imperative.SMT.Result.unsat, Imperative.SMT.Result.unknown => true | x, x_1 => false
Instances For
Equations
- o.canBeFalseAndIsReachable = match o.satisfiabilityProperty, o.validityProperty with | Imperative.SMT.Result.unknown, Imperative.SMT.Result.sat cex => true | x, x_1 => false
Instances For
Equations
- o.passReachabilityUnknown = match o.satisfiabilityProperty, o.validityProperty with | Imperative.SMT.Result.unknown, Imperative.SMT.Result.unsat => true | x, x_1 => false
Instances For
Equations
- o.unknown = match o.satisfiabilityProperty, o.validityProperty with | Imperative.SMT.Result.unknown, Imperative.SMT.Result.unknown => true | x, x_1 => false
Instances For
True when either SMT property is .err (solver returned an error on
a specific check, as opposed to the outer VCResult.outcome being
.error due to an encoding failure).
Equations
- o.hasSMTError = match o.satisfiabilityProperty, o.validityProperty with | Imperative.SMT.Result.err msg, x => true | x, Imperative.SMT.Result.err msg => true | x, x_1 => false
Instances For
Equations
- o.isPass = match o.validityProperty with | Imperative.SMT.Result.unsat => true | x => false
Instances For
Equations
- o.isSatisfiable = match o.satisfiabilityProperty with | Imperative.SMT.Result.sat cex => true | x => false
Instances For
Equations
Instances For
Equations
- o.isAlwaysTrue = o.isPass
Instances For
Equations
Instances For
Instances For
Instances For
Instances For
Instances For
Instances For
Instances For
Instances For
Instances For
Instances For
Instances For
Instances For
Instances For
Instances For
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
A counterexample model with values lifted to LExpr for display purposes. This is used for formatting counterexamples in a human-readable way using Core's expression formatter and for future use as program metadata.
Equations
Instances For
Equations
- One or more equations did not get rendered due to their size.
- Core.LExprModel.format [] = Std.Format.text ""
- Core.LExprModel.format [(id, e)] = Std.format "(" ++ Std.format id ++ Std.format ", " ++ Std.format (Core.formatCexValue✝ e) ++ Std.format ")"
Instances For
Equations
- Core.instToFormatLExprModel = { format := Core.LExprModel.format }
A collection of all information relevant to a verification condition's analysis.
- obligation : Imperative.ProofObligation Expression
- estate : Strata.SMT.EncoderState
- verbose : VerboseMode
- checkLevel : CheckLevel
- checkMode : VerificationMode
- lexprModel : LExprModel
model with values converted from
SMT.Termto CoreLExpr. The contents must be consistent with the outcome, if the outcome was a failure.
Instances For
Mask outcome properties that were not requested.
When PE (partial evaluation) resolves a check that wasn't requested by the
check mode/level, we set it to .unknown so the label function displays
the appropriate message for the checks that were actually requested.
For example, in minimal deductive mode we only request validity, so if PE
also determined satisfiability, we mask it to .unknown.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Compact single-line outcome string: emoji + label (e.g. "✅ pass", "❌ fail"). Uses the property, check level, and check mode stored in the result.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- vr.isImplementationError = match vr.outcome with | Except.error a => true | Except.ok a => false
Instances For
Equations
- vcResult.isNotSuccess = !vcResult.isSuccess
Instances For
Equations
- vr.isUnreachable = match vr.outcome with | Except.ok o => o.unreachable | Except.error a => false
Instances For
True when either SMT property inside a successful outcome is .err.
Complements isImplementationError, which covers the outer .error case.
Equations
- vr.hasSMTError = match vr.outcome with | Except.ok o => o.hasSMTError | Except.error a => false
Instances For
Equations
Instances For
Equations
- rs.format = Std.Format.joinSep (Array.map (fun (r : Core.VCResult) => Std.format Std.Format.line ++ Std.format r) rs).toList Std.Format.line
Instances For
Equations
- Core.instToFormatVCResults = { format := Core.VCResults.format }
Equations
- Core.instToStringVCResults = { toString := fun (rs : Core.VCResults) => toString rs.format }
Preprocess a proof obligation using partial evaluation (PE).
Returns PE-determined results for satisfiability and validity independently.
Each result is some r if PE can determine it, none if the solver is needed.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Invoke a backend engine and get the analysis result for a given proof obligation.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Run the Strata Core verification pipeline on a program: transform, type-check, partially evaluate, and discharge proof obligations via SMT. All program-wide transformations that occur before any analyses (including type inference) should be placed here.
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- Strata.Core.getProgram p ictx = Strata.TransM.run ictx (Strata.translateProgram p)
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
- start : Lean.Position
- ending : Lean.Position
- message : String
- type : DiagnosticType
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- Strata.instReprDiagnostic = { reprPrec := Strata.instReprDiagnostic.repr }
Equations
Equations
- One or more equations did not get rendered due to their size.
- Strata.instBEqDiagnostic.beq x✝¹ x✝ = false
Instances For
Equations
- One or more equations did not get rendered due to their size.
Instances For
Equations
- Strata.Core.VCResult.toDiagnostic files vcr = Option.map (fun (dm : Strata.DiagnosticModel) => Strata.DiagnosticModel.toDiagnostic files dm) (Strata.toDiagnosticModel vcr)