[codex] Preserve outer parameter links in loop invariants#150
Merged
Conversation
test: cover loop invariant outer parameter linkage
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses a verification soundness/usability gap where user-supplied loop invariants replace inferred preconditions and unintentionally break the link between a function’s entry argument representation (OuterFnParam) and the corresponding “current local” parameter value, preventing fact transfer for non-flow locals.
Changes:
- Add an
Env::is_non_flow_localhelper to detect locals tracked in the non-flow environment map. - When binding
OuterFnParambasic-block parameters, add an ad-hoc equality assumption to equate theOuterFnParamtemp with the current local term for non-flow locals. - Add paired UI tests demonstrating pass/fail behavior for invariants that refer to function arguments.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| tests/ui/pass/loop_invariant_outer_param.rs | Adds a passing UI test showing an invariant can preserve/prove a postcondition involving a function argument. |
| tests/ui/fail/loop_invariant_outer_param.rs | Adds a failing UI test showing the postcondition cannot be proven when the invariant does not relate the loop value to the argument. |
| src/refine/env.rs | Introduces is_non_flow_local to distinguish locals tracked in locals vs flow_locals. |
| src/analyze/basic_block.rs | Adds a workaround equality assumption to preserve OuterFnParam ↔ current-local linkage for non-flow locals under user invariants. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
OuterFnParamvalues when binding basic-block parametersRoot cause
A user-supplied loop invariant replaces the inferred basic-block precondition. The current local and its stable function-entry
OuterFnParamare then bound independently, so the solver cannot transfer facts between them even though a non-flow local's representation cannot change.