feat(core): Add CoreSMT verification pipeline with incremental solver and diagnosis by MikaelMayer · Pull Request #475 · strata-org/Strata

MikaelMayer · 2026-02-23T20:19:15Z

Problem

Strata Core's existing verifier generates all VCs upfront via symbolic execution, encoding each to a separate SMT file. This prevents incremental verification where solver state is maintained across statements.

Additionally, Core.ExpressionMetadata was Unit, discarding source location information and making it impossible to report accurate positions in verification failures.

Solution

Core Expression Metadata: Unit → SourceRange

Core.ExpressionMetadata is changed from Unit to Strata.SourceRange so that:

Source locations are preserved through the B3→Core→CoreSMT pipeline
Diagnosed failures can be converted back to B3 with accurate source positions

All code constructing Core expressions with () now uses SourceRange.none or a proper range. The SyntaxMono macro (eb[...]) gains a defaultMetadata field on MkLExprParams (defaults to Unit.unit for generic params, overridden to SourceRange.none for Core). TermType.toSMTString is extracted as a pure function to avoid duplication.

CoreSMT Verification Pipeline

An SMTSolverInterface with push/pop support enables incremental verification. A diagnosis engine splits failing conjunctions and checks each conjunct individually to identify which assertions cannot be proved or which covers are refuted.

B3 Verifier Migration

The B3 verifier now uses the CoreSMT pipeline: B3 expressions are converted to Core (preserving source locations), verified via CoreSMT, and diagnosed failures are converted back to B3 for display.

Changes

Core.ExpressionMetadata: Unit → Strata.SourceRange
SyntaxMono macro: defaultMetadata field for type-appropriate metadata
TermType.toSMTString: extracted pure function to TermType.lean
isCoreSMT predicate, SMTSolverInterface, diagnosis engine, VCResult.diagnosis
B3 verifier migrated to CoreSMT pipeline
C_Simp/Verify.lean: csimpMetaToCore conversion (Unit → SourceRange)

Testing

All existing tests pass with the new pipeline.

…or Func - Added ToFormat for generic Func with proper constraints - Added [ToFormat T.IDMeta] to Factory.lean section variables - Removed unnecessary ToFormat instances from test files and Program.lean - Removed custom Env.format function (now uses default ToFormat) - Function bodies now display properly instead of showing <body>

- Resolved conflict in Factory.lean (Factory_wf moved to FactoryWF.lean in main) - Applied rotate_left fix to FactoryWF.lean

…rotate_left fix to FactoryWF

- Modified testFuncDeclSymbolic to show functions capture variables by reference - Function declared with n=10, then n mutated to 20, function uses n=20 at call time - Proof obligation correctly shows result should be 25 (5+20), not 15 (5+10) - Reverted Env.lean to main (custom scope formatting not needed)

…claration time - Functions now capture variable values at declaration time, not by reference - Free variables in function body are substituted with their current values from environment - Test demonstrates: n=10 at declaration, n=20 after mutation, function uses n=10 - Proof obligation correctly shows result is 15 (5+10), not 25 (5+20)

…checking

…lBlock

…duplication - Move generic Func structure to Strata/DL/Util/Func.lean - Add PureFunc to Imperative, removing Lambda->Imperative dependency - Fix funcDecl type checking to add function to type context - Remove duplicate renameLhs/substFvar from ProcedureInlining - Extract captureFreevars helper in StatementEval - Refine getVars to exclude formal parameters for funcDecl - Add type checking test for funcDecl

- Add WFfuncDeclProp structure in WF.lean checking input parameter uniqueness - Add LFunc.type_inputs_nodup theorem in Factory.lean - Add Function.typeCheck_inputs_nodup theorem in FunctionType.lean - Add listMap_keys_map_snd helper lemma in StatementWF.lean - Replace sorry in funcDecl case with complete proof

StrataMain.lean

Strata/DL/Lambda/LExpr.lean

Strata/Languages/B3/FromCore.lean

Strata/Languages/B3/Verifier.lean

MikaelMayer

Solid PR. The CoreSMT pipeline is well-structured with clean separation of concerns across State, IsCoreSMT, ExprTranslator, Diagnosis, StmtVerifier, and Verifier. The B3→Core→CoreSMT roundtrip with source location preservation is a meaningful improvement. A few issues to address before merging.

StrataMain.lean

Strata/Languages/Core/StatementSemantics.lean

Strata/Languages/Core/Verifier.lean

Strata/DL/SMT/TermType.lean

Strata/DL/SMT/SolverInterface.lean

Strata/Languages/B3/Verifier.lean

StrataTest/Languages/Python/expected_incremental/test_incremental_simple.expected

- Remove duplicate imports in StrataMain.lean - Fix indentation of Value.const in StatementSemantics.lean - Extract DiagnosedFailure types to CoreSMT.DiagnosisTypes to decouple Core.Verifier from CoreSMT.Diagnosis - Remove unused TermType.toSMTString - Remove unused mkCvc5Solver/mkSolverFromPath/mkSolverFromEnv helpers - Simplify ProcedureReport.results from List (VerificationReport × Option Unit) to List VerificationReport - Delete orphaned expected_incremental/ directory

Rename CoreSMT/DiagnosisTypes.lean → Core/DiagnosisTypes.lean and move types to Strata.Core namespace, since they are general diagnosis types not specific to the CoreSMT pipeline.

- Restore eraseTypes to preserve metadata (regression fix) - Use normalizeExpr (erase types + metadata) in ProcedureInlining alpha-equiv - Use LExpr.metadata in FromCore.exprFromCore instead of manual match - Replace if-else op chains in FromCore with HashMap lookups - Remove stale comment in B3/Verifier.lean - Add sr abbrev in SMTEncoderDatatypeTest to reduce SourceRange.none noise - Remove stale visibility comment in ProcedureInlining.lean - Rename expected_interactive/ to expected_incremental/ - Make incremental a flag in run_py_analyze.sh; remove redundant skip - Extract verifyIncremental/verifyBatch helpers in StrataMain.lean

- Replace _ with m in FromCore.exprFromCore pattern matches to clarify we're using the correct metadata (same as outer sr) - Move VerificationReport/ProcedureReport from B3/Verifier to Core.Verifier since they're used in StrataVerify.lean (not B3-specific)

Strata/Languages/B3/FromCore.lean

- Remove sr variable in FromCore.exprFromCore, use m from pattern directly - Fix HashMap efficiency: map to functions taking SourceRange as argument - Make --incremental a proper flag in run_py_analyze.sh (independent of laurel)

StrataTest/Languages/Python/run_py_analyze.sh

COMMENTS_475.md

The --incremental flag now applies to whichever command is selected (pyAnalyze or pyAnalyzeLaurel), rather than forcing pyAnalyzeLaurel.

The --incremental flag only works with pyAnalyzeLaurel, not pyAnalyze. Updated script to error if --incremental is used without laurel. Updated CI to call: ./run_py_analyze.sh --incremental laurel

- SMTEncoder.lean: genRecursiveAxioms metadata parameter - LaurelToCoreTranslator.lean: all LExpr constructors - SMTEncoderDatatypeTest.lean: all LExpr constructors, move sr abbrev before section - SMT.lean: remove non-module imports (SolverInterface, State) - Translate.lean: LExpr.fvar/op metadata from DDM annotations

Main changed tryReadPythonSource to return (String × String) instead of (String × Lean.FileMap). Updated verifyIncremental/verifyBatch signatures and use Lean.FileMap.ofString at call sites.

Strata/Languages/Laurel/LaurelToCoreTranslator.lean

Extract SourceRange from expr.md (Laurel metadata) for literal constants instead of using SourceRange.none.

MikaelMayer and others added 30 commits January 27, 2026 11:14

Add support for function declarations within statement blocks

99ba9b8

Fix Factory_wf proof using rotate_left to reorder goals

6b1cdc2

Remove unnecessary Lambda namespace opening in Statement.lean

a8a4a0c

Remove unnecessary Lambda namespace opening in Program.lean

b8ec252

Remove B3 .gitignore (moved to .git/info/exclude for local use)

ed1f8ac

Clean up: revert ProcedureWF.lean to main, remove unnecessary comment

c6ede80

Merge main into add-func-decl-to-statements

77eb4fa

- Resolved conflict in Factory.lean (Factory_wf moved to FactoryWF.lean in main) - Applied rotate_left fix to FactoryWF.lean

Fix merge: add missing funcDecl cases in ProcedureInlining and apply …

62a5f70

…rotate_left fix to FactoryWF

Merge branch 'main' into add-func-decl-to-statements

a13b470

Fix merge: convert Format to String for EvalError.Misc

6797599

Fix merge: convert Format errors to DiagnosticModel in funcDecl type …

86f6c90

…checking

Merge branch 'main' into add-func-decl-to-statements

776a87d

Add polymorphic function test for funcDecl with evaluation verification

dbfe96e

Update semantics and proofs for FuncContext parameter in EvalStmt/Eva…

ebbab10

…lBlock

Merge branch 'main' into add-func-decl-to-statements

494dedc

Fix eval_stmts_set_comm proof after FuncContext refactor

c588f0c

Thread δ through semantics instead of FuncContext

93914c6

Merge branch 'main' into add-func-decl-to-statements

95a3386

Fix getVarsTrans to exclude formal parameters for funcDecl

a86b658

Fix funcDecl_sem case in EvalStmtRefinesContract theorem

92ab1f8

Update comment: funcDecl WF checks are TODO, not always true

dc17906

Add extendEval parameter to DetToNondetCorrect theorems

e673135

Merge main into add-func-decl-to-statements

e1ce657

Fix FactoryWF.lean to use LFuncWF instead of FuncWF after merge

049bff4

Merge branch 'main' into add-func-decl-to-statements

3183890