Skip to content

GOTO backend: Core-to-GOTO translation, CBMC pipeline tests, and CI#289

Merged
tautschnig merged 24 commits intomainfrom
tautschnig/ToCProverGOTO-Stmt
Mar 5, 2026
Merged

GOTO backend: Core-to-GOTO translation, CBMC pipeline tests, and CI#289
tautschnig merged 24 commits intomainfrom
tautschnig/ToCProverGOTO-Stmt

Conversation

@tautschnig
Copy link
Contributor

@tautschnig tautschnig commented Dec 22, 2025
edited
Loading

Description of changes:

Core-to-GOTO translation

Translate Strata Core programs to CProver GOTO binary format for CBMC
verification. Covers all Imperative statement types, Core commands,
procedure contracts, calls, axioms, datatypes, and source locations.

ToCProverGOTO.lean:

  • Handle block, ite, loop, exit, funcDecl statements
  • Emit loop invariants (#spec_loop_invariant) and measures (#spec_decreases)
  • Detect unresolved exit statements (targeting nonexistent labels) and abort
  • Extract helpers: emitGoto, emitCondGoto, emitLabel, patchGotoTargets

LambdaToCProverGOTO.lean (new, in Strata/Backends/CBMC/GOTO/):

  • Map all arithmetic, comparison, boolean, bitvector, real, string,
    and regex operators to GOTO equivalents
  • Signed BV operations (SDiv, SMod, SLt, SLe, SGt, SGe): cast operands
    to signedbv via typecast so CBMC interprets them correctly
  • Euclidean integer division/modulo (Int.Div, Int.SafeDiv, Int.Mod,
    Int.SafeMod): encode as compound expressions built from truncating
    div/mod with correction terms
  • BV hex encoding for all widths (was 32-bit only)
  • Support BV extract, old(expr), quantifiers, ternary, Map.const

CoreToCProverGOTO.lean (new, in Strata/Backends/CBMC/GOTO/):

  • End-to-end Core program to GOTO translation
  • Call LHS type lookup from program context (not hardcoded)

InstToJson.lean:

  • Extend JSON serialization for GOTO programs with function entries
  • Deduplicate symbol collection and operator JSON generation

StrataMain.lean:

  • Add coreAnalyzeToGoto, laurelAnalyzeToGoto, pyAnalyzeToGoto commands
  • Translate procedure calls to FUNCTION_CALL instructions at any nesting
  • Lift local funcDecl to top-level GOTO functions
  • Emit contracts, axioms, distinct decls, global variables
  • Propagate source locations from metadata to GOTO instructions

Code reorganization

Production GOTO translation code moved from StrataTest/ to
Strata/Backends/CBMC/GOTO/ (LambdaToCProverGOTO.lean,
CoreToCProverGOTO.lean). Test files in StrataTest/ now import from
the production modules and contain only test code.

Tests and CI

  • Unit tests for expression, type, and statement translation
  • E2E tests for the Core-to-GOTO contracts pipeline (49 test cases)
  • Laurel and Python CBMC pipeline test suites with property-level
    expected output matching (CBMC properties checked by line number)
  • CI workflow (cbmc.yml) builds CBMC from source with string support,
    regex, and bounds-check patches; runs all CBMC test suites
  • Laurel pipeline uses --z3 for SMT-based string reasoning

Documentation

  • CoreToGOTO_Gaps.md: translation coverage, soundness principles,
    operator semantics decisions, and remaining open gaps

Co-authored-by: Kiro kiro-agent@users.noreply.github.com

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@tautschnig tautschnig force-pushed the tautschnig/ToCProverGOTO-Stmt branch from b7a830b to 7b8e91f Compare December 22, 2025 18:02
shigoel
shigoel reviewed Dec 22, 2025
View reviewed changes
@atomb
Copy link
Contributor

atomb commented Jan 6, 2026

One general comment on this: I have plans to add unstructured CFGs in Strata (started in #202), and it would probably make sense in the long run to have a a pipeline that does Strata Stmt -> Strata CFG -> GOTO instruction CFG. I'd paused work on #202 because it wasn't clear what we'd use it for right now, but I could finish it up and merge it if you think it'd be useful for this PR.

@tautschnig
Copy link
Contributor Author

tautschnig commented Jan 7, 2026

One general comment on this: I have plans to add unstructured CFGs in Strata (started in #202), and it would probably make sense in the long run to have a a pipeline that does Strata Stmt -> Strata CFG -> GOTO instruction CFG. I'd paused work on #202 because it wasn't clear what we'd use it for right now, but I could finish it up and merge it if you think it'd be useful for this PR.

There'll certainly be interactions between your PR and this one, but I'm happy for these to be worked on in either order: if #202 goes in first, this PR will be updated, else #202 should likely include changes to GOTO instruction support (which I'm then happy to contribute myself).

@tautschnig tautschnig marked this pull request as ready for review January 7, 2026 11:16
@tautschnig tautschnig requested a review from atomb as a code owner January 7, 2026 11:16
Copilot AI review requested due to automatic review settings January 7, 2026 11:16
@tautschnig tautschnig requested review from a team and aqjune-aws as code owners January 7, 2026 11:16
Copilot AI reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends the transformation functionality from imperative commands to GOTO instructions by adding support for all statement types (.block, .ite, .loop, and .goto), not just the previously-supported .cmd statements.

Key Changes:

  • Implemented mutual recursive functions Stmt.toGotoInstructions and Block.toGotoInstructions to handle all statement constructors
  • Added comprehensive test coverage with 10 test cases covering basic, nested, and edge-case scenarios

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
Strata/DL/Imperative/ToCProverGOTO.lean Adds mutual recursive transformation functions for statements and blocks, handling control flow constructs (blocks, conditionals, loops, gotos) with proper label generation and GOTO instruction patching
StrataTest/Backends/CBMC/ToCProverGOTO.lean Adds 10 comprehensive test cases covering all new statement types including basic transformations, nested control flow, empty branches/bodies, and assertions/assumptions within control structures

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@shigoel shigoel enabled auto-merge January 7, 2026 15:31
@atomb
Copy link
Contributor

atomb commented Jan 7, 2026

One general comment on this: I have plans to add unstructured CFGs in Strata (started in #202), and it would probably make sense in the long run to have a a pipeline that does Strata Stmt -> Strata CFG -> GOTO instruction CFG. I'd paused work on #202 because it wasn't clear what we'd use it for right now, but I could finish it up and merge it if you think it'd be useful for this PR.

There'll certainly be interactions between your PR and this one, but I'm happy for these to be worked on in either order: if #202 goes in first, this PR will be updated, else #202 should likely include changes to GOTO instruction support (which I'm then happy to contribute myself).

I mostly just wanted to make sure we're both aware of each other's work. Since this PR seems just about ready to go, and #202 still needs some tests which I won't have a chance to add right away, let's go ahead and merge this one and update #202 later.

@tautschnig tautschnig marked this pull request as draft February 19, 2026 10:42
@tautschnig tautschnig marked this pull request as draft February 19, 2026 10:42
auto-merge was automatically disabled February 19, 2026 10:42

Pull request was converted to draft

auto-merge was automatically disabled February 19, 2026 10:42

Pull request was converted to draft

@tautschnig tautschnig self-assigned this Feb 19, 2026
@tautschnig tautschnig force-pushed the tautschnig/ToCProverGOTO-Stmt branch 6 times, most recently from f74b7a5 to af9b21d Compare February 24, 2026 22:26
@tautschnig tautschnig mentioned this pull request Feb 24, 2026
Closed
@tautschnig tautschnig force-pushed the tautschnig/ToCProverGOTO-Stmt branch from af9b21d to 32db60d Compare February 26, 2026 08:56
@tautschnig tautschnig marked this pull request as ready for review February 26, 2026 09:27
@tautschnig tautschnig requested a review from Copilot February 26, 2026 09:27
shigoel
shigoel reviewed Mar 5, 2026
View reviewed changes
shigoel
shigoel reviewed Mar 5, 2026
View reviewed changes
shigoel
shigoel reviewed Mar 5, 2026
View reviewed changes
shigoel
shigoel reviewed Mar 5, 2026
View reviewed changes
shigoel
shigoel reviewed Mar 5, 2026
View reviewed changes
shigoel
shigoel reviewed Mar 5, 2026
View reviewed changes
shigoel
shigoel previously approved these changes Mar 5, 2026
View reviewed changes
@tautschnig
Merge remote-tracking branch 'origin/main' into tautschnig/ToCProverG…
bbdc607 
…OTO-Stmt
@tautschnig
Adapt GOTO translation to LExpr prettyName addition (#496)
c92a83a 
PR #496 added an optional prettyName field to LExpr.abs and LExpr.quant
constructors. Update pattern matches in LambdaToCProverGOTO.lean and
StrataMain.lean to include the new parameter.
@tautschnig
Map Int.SafeDivT and Int.SafeModT to GOTO div/mod (#510)
1de4b2a 
PR #510 added safe truncating division/modulo operators with
division-by-zero preconditions. Map them to the same GOTO operators
as their non-safe counterparts (Int.DivT/Int.ModT), since the
precondition check is handled separately by the Laurel-to-Core
translation.
@tautschnig
Expand DFCC acronym in gaps doc
0876d5e
aqjune-aws
aqjune-aws approved these changes Mar 5, 2026
View reviewed changes
Copy link
Contributor

@aqjune-aws aqjune-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. :)

@tautschnig tautschnig dismissed andrewmwells-amazon’s stale review March 5, 2026 22:00

Dismissing as stale, we can revisit the .py.st concern if need be.

@tautschnig tautschnig added this pull request to the merge queue Mar 5, 2026
Merged via the queue into main with commit 7a463d2 Mar 5, 2026
15 checks passed
@tautschnig tautschnig deleted the tautschnig/ToCProverGOTO-Stmt branch March 5, 2026 23:44
MikaelMayer added a commit that referenced this pull request Mar 6, 2026
@MikaelMayer
Merge main into statement-type-declarations
ca19077 
Resolve conflicts with module conversion (#523) and GOTO backend (#289):
- Convert TypeConstructor.lean to module with public section
- Fix namespace resolution for TypeConstructor across module boundaries
- Add typeDecl case to ToCProverGOTO
- Remove unused mkParamName, deduplicate typeConArgsToCST
- Address PR review comments
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@shigoel shigoel shigoel approved these changes

@aqjune-aws aqjune-aws aqjune-aws approved these changes

@atomb atomb Awaiting requested review from atomb

@fabiomadge fabiomadge Awaiting requested review from fabiomadge fabiomadge is a code owner

@andrewmwells-amazon andrewmwells-amazon Awaiting requested review from andrewmwells-amazon

@keyboardDrummer keyboardDrummer Awaiting requested review from keyboardDrummer keyboardDrummer is a code owner

Assignees

@keyboardDrummer keyboardDrummer

@shigoel shigoel

@andrewmwells-amazon andrewmwells-amazon

@aqjune-aws aqjune-aws

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@tautschnig @atomb @keyboardDrummer @shigoel @andrewmwells-amazon @aqjune-aws