Skip to content

Add documentation to Core.Procedure#433

Open
tautschnig wants to merge 3 commits intomainfrom
tautschnig/procedure-docs
Open

Add documentation to Core.Procedure#433
tautschnig wants to merge 3 commits intomainfrom
tautschnig/procedure-docs

Conversation

@tautschnig
Copy link
Contributor

@tautschnig tautschnig commented Feb 17, 2026

Module-level documentation covering:

  • Concrete syntax of procedure declarations
  • Parameter modes (input vs output) and their semantics
  • Specification: modifies, requires, ensures
  • Free specifications (free requires, free ensures)
  • Labels on specification clauses
  • The old(expr) expression and its semantics (distribution, idempotence, global-only)
  • Call semantics (assert preconditions → havoc → assume postconditions)
  • Body verification
  • Type parameters (polymorphism)
  • A concrete example from the repository

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@tautschnig
Add documentation to Core.Procedure
71bdedf 
Module-level documentation (/-! ... -/) covering:
- Concrete syntax of procedure declarations
- Parameter modes (input vs output) and their semantics
- Specification: modifies, requires, ensures
- Free specifications (free requires, free ensures)
- Labels on specification clauses
- The old(expr) expression and its semantics (distribution, idempotence, global-only)
- Call semantics (assert preconditions → havoc → assume postconditions)
- Body verification
- Type parameters (polymorphism)
- A concrete example from the repository
Copilot AI review requested due to automatic review settings February 17, 2026 11:55
@tautschnig tautschnig requested a review from a team as a code owner February 17, 2026 11:55
@tautschnig
Copy link
Contributor Author

tautschnig commented Feb 17, 2026

It may be best to review this as rendered at docs/verso/_out/api/Strata/Languages/Core/Procedure.html.

Copilot AI reviewed Feb 17, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds comprehensive module-level documentation to Core.Procedure, describing Strata Core procedures as the main verification unit and documenting their syntax, specification constructs (modifies/requires/ensures), free clauses, labels, old(expr), call semantics, and polymorphic type parameters.

Changes:

  • Added a large module doc comment explaining procedure syntax and verification semantics.
  • Added/expanded docstrings on Procedure.Header, Procedure.CheckAttr, Procedure.Check, Procedure.Spec, and Procedure.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Strata/Languages/Core/Procedure.lean
The semantics of a call (see `CallElim` and `StatementSemantics`) are:

1. Evaluate the argument expressions `e₁, ..., eₙ`.
2. **Assert** each (non-free) precondition, substituting actuals for formals.
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This call-semantics section cites CallElim and says only non-free preconditions are asserted at call sites. However, the current CallElim transform generates asserts for all proc.spec.preconditions without filtering out clauses with check.attr == .Free, so free requires end up being checked after call elimination. Either adjust the doc to avoid attributing this behavior to CallElim, or (preferably) update CallElim to skip Free preconditions when generating asserts so the transform matches the stated semantics.

Suggested change
2. **Assert** each (non-free) precondition, substituting actuals for formals.
2. **Assert** each precondition, substituting actuals for formals.

Copilot uses AI. Check for mistakes.
Copy link
Contributor

@atomb atomb Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a bug in the implementation rather than the documentation. Nice catch, Copilot!

Strata/Languages/Core/Procedure.lean
```
procedure Name<TypeArgs>(x₁ : T₁, ..., xₙ : Tₙ) returns (y₁ : U₁, ..., yₘ : Uₘ)
spec {
modifies g₁, g₂, ...;
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The concrete syntax example shows a single modifies clause with a comma-separated list (modifies g₁, g₂, ...;), but the Core parser only supports one identifier per modifies spec element (modifies <Ident>;), repeated for multiple globals. Updating the snippet to match the actual grammar will avoid confusing users.

Suggested change
modifies g₁, g₂, ...;
modifies g₁;
modifies g₂;
...

Copilot uses AI. Check for mistakes.
Copy link
Contributor

@atomb atomb Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should update the concrete syntax to match the documentation, rather than the other way around.

atomb
atomb previously approved these changes Feb 17, 2026
View reviewed changes
Copy link
Contributor

@atomb atomb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be good to address the Copilot suggestions, but otherwise I think this is good.

One question I have, and this might be for a future PR, is how much of this text should be in the Core language definition document.

Strata/Languages/Core/Procedure.lean
```
procedure Name<TypeArgs>(x₁ : T₁, ..., xₙ : Tₙ) returns (y₁ : U₁, ..., yₘ : Uₘ)
spec {
modifies g₁, g₂, ...;
Copy link
Contributor

@atomb atomb Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should update the concrete syntax to match the documentation, rather than the other way around.

Strata/Languages/Core/Procedure.lean
The semantics of a call (see `CallElim` and `StatementSemantics`) are:

1. Evaluate the argument expressions `e₁, ..., eₙ`.
2. **Assert** each (non-free) precondition, substituting actuals for formals.
Copy link
Contributor

@atomb atomb Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a bug in the implementation rather than the documentation. Nice catch, Copilot!

andrewmwells-amazon and others added 2 commits February 17, 2026 10:44
@andrewmwells-amazon
Merge branch 'main' into tautschnig/procedure-docs
da7c0b3
@tautschnig
Update Strata/Languages/Core/Procedure.lean
63fb685 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@tautschnig tautschnig dismissed stale reviews from andrewmwells-amazon and atomb via 63fb685 February 18, 2026 10:46
@tautschnig
Copy link
Contributor Author

tautschnig commented Feb 18, 2026

One question I have, and this might be for a future PR, is how much of this text should be in the Core language definition document.

Added as further commit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@atomb atomb atomb left review comments

@andrewmwells-amazon andrewmwells-amazon andrewmwells-amazon left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tautschnig @atomb @andrewmwells-amazon