From 27a40563ed01acf2ef951afac2f1764553572025 Mon Sep 17 00:00:00 2001 From: Andreas Rossberg Date: Thu, 26 Mar 2026 17:02:46 +0100 Subject: [PATCH 01/15] [spec] Define soundness rules in SpecTec --- .../wasm-3.0/2.1-validation.types.spectec | 3 + .../2.3-validation.instructions.spectec | 2 +- .../wasm-3.0/4.1-execution.values.spectec | 17 + .../7.1-soundness.configurations.spectec | 339 +++++++++++++ .../wasm-latest/2.1-validation.types.spectec | 3 + .../2.3-validation.instructions.spectec | 2 +- .../wasm-latest/4.1-execution.values.spectec | 17 + .../7.1-soundness.configurations.spectec | 339 +++++++++++++ spectec/test-frontend/TEST.md | 470 ++++++++++++++++-- 9 files changed, 1149 insertions(+), 43 deletions(-) create mode 100644 specification/wasm-3.0/7.1-soundness.configurations.spectec create mode 100644 specification/wasm-latest/7.1-soundness.configurations.spectec diff --git a/specification/wasm-3.0/2.1-validation.types.spectec b/specification/wasm-3.0/2.1-validation.types.spectec index eac31a1408..692f986dea 100644 --- a/specification/wasm-3.0/2.1-validation.types.spectec +++ b/specification/wasm-3.0/2.1-validation.types.spectec @@ -24,6 +24,9 @@ rule Heaptype_ok/typeuse: C |- typeuse : OK -- Typeuse_ok: C |- typeuse : OK +rule Heaptype_ok/bot: + C |- BOT : OK + rule Reftype_ok: C |- REF NULL? heaptype : OK -- Heaptype_ok: C |- heaptype : OK diff --git a/specification/wasm-3.0/2.3-validation.instructions.spectec b/specification/wasm-3.0/2.3-validation.instructions.spectec index a893c85c13..9990490585 100644 --- a/specification/wasm-3.0/2.3-validation.instructions.spectec +++ b/specification/wasm-3.0/2.3-validation.instructions.spectec @@ -637,7 +637,7 @@ rule Instrs_ok/frame: rule Expr_ok: C |- instr* : t* - -- Instrs_ok: C |- instr* : eps ->_(eps) t* + -- Instrs_ok: C |- instr* : eps -> t* ;; Constant expressions diff --git a/specification/wasm-3.0/4.1-execution.values.spectec b/specification/wasm-3.0/4.1-execution.values.spectec index b6951b99ee..6237c93ac0 100644 --- a/specification/wasm-3.0/4.1-execution.values.spectec +++ b/specification/wasm-3.0/4.1-execution.values.spectec @@ -81,6 +81,23 @@ rule Val_ok/ref: -- Ref_ok: s |- ref : rt +;; Field values + +relation Packval_ok: store |- packval : packtype +relation Fieldval_ok: store |- fieldval : storagetype + +rule Packval_ok: + s |- PACK pt c : pt + +rule Fieldval_ok/val: + s |- val : t + -- Val_ok: s |- val : t + +rule Fieldval_ok/packval: + s |- packval : pt + -- Packval_ok: s |- packval : pt + + ;; External addresses relation Externaddr_ok: store |- externaddr : externtype hint(macro "%externaddr") diff --git a/specification/wasm-3.0/7.1-soundness.configurations.spectec b/specification/wasm-3.0/7.1-soundness.configurations.spectec new file mode 100644 index 0000000000..37ba3f4d39 --- /dev/null +++ b/specification/wasm-3.0/7.1-soundness.configurations.spectec @@ -0,0 +1,339 @@ +;; Administrative instructions + +relation Instr_ok2: store; context |- instr : instrtype +relation Instrs_ok2: store; context |- instr* : instrtype +relation Expr_ok2: store; context |- expr : resulttype + +rule Instr_ok2/plain: + s; C |- instr : t_1* ->_(x*) t_2* + -- Instr_ok: C |- instr : t_1* ->_(x*) t_2* + +rule Instr_ok2/ref: + s; C |- ref : eps -> rt + -- Ref_ok: s |- ref : rt + +rule Instr_ok2/label: + s; C |- LABEL_ n `{instr'*} instr* : eps -> t* + -- Instrs_ok2: s; C |- instr'* : t'^n ->_(x'*) t* + -- Instrs_ok2: s; {LABELS (t')^n} ++ C |- instr* : eps ->_(x*) t* + +rule Instr_ok2/frame: + s; C |- FRAME_ n `{f} instr* : eps -> t^n + -- Frame_ok: s |- f : C' + -- Expr_ok2: s; C' |- instr* : t^n + +rule Instr_ok2/handler: + s; C |- HANDLER_ n `{catch*} instr* : t_1* -> t_2* + -- (Catch_ok: C |- catch : OK)* + -- Instrs_ok2: s; C |- instr* : t_1* ->_(x*) t_2* + +rule Instr_ok2/trap: + s; C |- TRAP : t_1* -> t_2* + -- Instrtype_ok: C |- t_1* -> t_2* : OK + + +rule Instrs_ok2/empty: + s; C |- eps : eps -> eps + +rule Instrs_ok2/seq: + s; C |- instr_1 instr_2* : t_1* ->_(x_1* x_2*) t_3* + -- Instr_ok2: s; C |- instr_1 : t_1* ->_(x_1*) t_2* + -- (if C.LOCALS[x_1] = init t)* + -- Instrs_ok2: s; $with_locals(C, x_1*, (SET t)*) |- instr_2* : t_2* ->_(x_2*) t_3* + +rule Instrs_ok2/sub: + s; C |- instr* : it' + -- Instrs_ok2: s; C |- instr* : it + -- Instrtype_sub: C |- it <: it' + -- Instrtype_ok: C |- it' : OK + +;; TODO(3, rossberg): allow omitting parens +rule Instrs_ok2/frame: + s; C |- instr* : (t* t_1*) ->_(x*) (t* t_2*) + -- Instrs_ok2: s; C |- instr* : t_1* ->_(x*) t_2* + -- Resulttype_ok: C |- t* : OK + + +rule Expr_ok2: + s; C |- instr* : t* + -- Instrs_ok2: s; C |- instr* : eps -> t* + + +;; Instances + +relation Taginst_ok: store |- taginst : tagtype +relation Globalinst_ok: store |- globalinst : globaltype +relation Meminst_ok: store |- meminst : memtype +relation Tableinst_ok: store |- tableinst : tabletype +relation Funcinst_ok: store |- funcinst : deftype +relation Datainst_ok: store |- datainst : datatype +relation Eleminst_ok: store |- eleminst : elemtype +relation Exportinst_ok: store |- exportinst : OK +relation Structinst_ok: store |- structinst : OK +relation Arrayinst_ok: store |- arrayinst : OK +relation Exninst_ok: store |- exninst : OK + +rule Taginst_ok: + s |- {TYPE jt} : jt + -- Tagtype_ok: {} |- jt : OK + +rule Globalinst_ok: + s |- {TYPE mut? t, VALUE val} : mut? t + -- Globaltype_ok: {} |- mut? t : OK + -- Val_ok: s |- val : t + +rule Meminst_ok: + s |- {TYPE at `[n..m] PAGE, BYTES b*} : at `[n..m] PAGE + -- Memtype_ok: {} |- at `[n..m] PAGE : OK + -- if |b*| = $(n * $($(64 * $Ki))) + +rule Tableinst_ok: + s |- {TYPE at `[n..m] rt, REFS ref*} : at `[n..m] rt + -- Tabletype_ok: {} |- at `[n..m] rt : OK + -- if |ref*| = n + -- (Ref_ok: s |- ref : rt)* + +rule Funcinst_ok: + s |- {TYPE dt, MODULE moduleinst, CODE func} : dt + -- Deftype_ok: {} |- dt : OK + -- Moduleinst_ok: s |- moduleinst : C + ---- + -- Func_ok: C |- func : dt' + -- Deftype_sub: C |- dt' <: dt + +rule Datainst_ok: + s |- {BYTES b*} : OK + +rule Eleminst_ok: + s |- {TYPE rt, REFS ref*} : rt + -- Reftype_ok: {} |- rt : OK + -- (Ref_ok: s |- ref : rt)* + +rule Exportinst_ok: + s |- {NAME nm, ADDR xa} : OK + -- Externaddr_ok: s |- xa : xt + + +rule Structinst_ok: + s |- {TYPE dt, FIELDS fv*} : OK + -- Expand: dt ~~ STRUCT (mut? zt)* + -- (Fieldval_ok: s |- fv : zt)* + +rule Arrayinst_ok: + s |- {TYPE dt, FIELDS fv*} : OK + -- Expand: dt ~~ ARRAY (mut? zt) + -- (Fieldval_ok: s |- fv : zt)* + +rule Exninst_ok: + s |- {TAG ta, FIELDS val*} : OK + -- if dt = s.TAGS[ta].TYPE + -- Expand: dt ~~ FUNC t* -> eps + -- (Val_ok: s |- val : t)* + + +;; Modules + +relation Moduleinst_ok: store |- moduleinst : context + +rule Moduleinst_ok: + s |- { TYPES deftype*, + TAGS tagaddr*, + GLOBALS globaladdr*, + MEMS memaddr*, + TABLES tableaddr*, + FUNCS funcaddr*, + DATAS dataaddr*, + ELEMS elemaddr*, + EXPORTS exportinst* } : + { TYPES deftype*, + RECS subtype*, + TAGS tagtype*, + GLOBALS globaltype*, + MEMS memtype*, + TABLES tabletype*, + FUNCS deftype_F*, + DATAS datatype*, + ELEMS elemtype*, + REFS (i)^(i<|funcaddr*|) + } + -- (Deftype_ok: {} |- deftype : OK)* + -- (Externaddr_ok: s |- TAG tagaddr : TAG tagtype)* + ---- + -- (Externaddr_ok: s |- GLOBAL globaladdr : GLOBAL globaltype)* + -- (Externaddr_ok: s |- FUNC funcaddr : FUNC deftype_F)* + ---- + -- (Externaddr_ok: s |- MEM memaddr : MEM memtype)* + -- (Externaddr_ok: s |- TABLE tableaddr : TABLE tabletype)* + ---- + -- (Datainst_ok: s |- s.DATAS[dataaddr] : datatype)* + -- (Eleminst_ok: s |- s.ELEMS[elemaddr] : elemtype)* + ---- + -- (Exportinst_ok: s |- exportinst : OK)* + -- if $disjoint_(name, (exportinst.NAME)*) + ---- + -- (if exportinst.ADDR <- (TAG tagaddr)* (GLOBAL globaladdr)* (MEM memaddr)* (TABLE tableaddr)* (FUNC funcaddr)*)* + + +;; Store + +relation Store_ok: |- store : OK + +rule Store_ok: + |- s : OK + -- (Taginst_ok: s |- taginst : tagtype)* + -- (Globalinst_ok: s |- globalinst : globaltype)* + ---- + -- (Meminst_ok: s |- meminst : memtype)* + -- (Tableinst_ok: s |- tableinst : tabletype)* + ---- + -- (Funcinst_ok: s |- funcinst : deftype)* + -- (Datainst_ok: s |- datainst : datatype)* + -- (Eleminst_ok: s |- eleminst : elemtype)* + ---- + -- (Structinst_ok: s |- structinst : OK)* + -- (Arrayinst_ok: s |- arrayinst : OK)* + -- (Exninst_ok: s |- exninst : OK)* + ---- + -- (NotImmReachable: `~ (REF.STRUCT_ADDR a) >>_s (REF.STRUCT_ADDR a))^(a<|structinst*|) + -- (NotImmReachable: `~ (REF.ARRAY_ADDR a) >>_s (REF.ARRAY_ADDR a))^(a<|arrayinst*|) + -- (NotImmReachable: `~ (REF.EXN_ADDR a) >>_s (REF.EXN_ADDR a))^(a<|exninst*|) + ---- + -- if s = {TAGS taginst*, GLOBALS globalinst*, MEMS meminst*, TABLES tableinst*, FUNCS funcinst*, + DATAS datainst*, ELEMS eleminst*, STRUCTS structinst*, ARRAYS arrayinst*, EXNS exninst*} + + +relation ImmReachable: fieldval >>_store fieldval +relation NotImmReachable: `~ fieldval >>_store fieldval + +;; HACK: emulate premise negation +;; TODO(rossberg): directly support negation in IL +def $NotImmReachable(fieldval, store, fieldval) : bool +def $NotImmReachable(fv_1, s, fv_2) = false -- ImmReachable: fv_1 >>_s fv_2 +def $NotImmReachable(fv_1, s, fv_2) = true -- otherwise + +rule NotImmReachable: `~ fv_1 >>_s fv_2 -- if $NotImmReachable(fv_1, s, fv_2) + + +rule ImmReachable/trans: + fv_1 >>_s fv_2 + -- ImmReachable: fv_1 >>_s fv' + -- ImmReachable: fv' >>_s fv_2 + +rule ImmReachable/ref.struct: + (REF.STRUCT_ADDR a) >>_s s.STRUCTS[a].FIELDS[i] + -- Expand: s.STRUCTS[a].TYPE ~~ STRUCT ft* + -- if ft*[i] = zt + +rule ImmReachable/ref.array: + (REF.ARRAY_ADDR a) >>_s s.ARRAYS[a].FIELDS[i] + -- Expand: s.ARRAYS[a].TYPE ~~ ARRAY zt + +rule ImmReachable/ref.exn: + (REF.EXN_ADDR a) >>_s s.EXNS[a].FIELDS[i] + +rule ImmReachable/ref.extern: + (REF.EXTERN ref) >>_s ref + + +;; Store extension + +relation Extend_taginst: taginst `<= taginst +relation Extend_globalinst: globalinst `<= globalinst +relation Extend_meminst: meminst `<= meminst +relation Extend_tableinst: tableinst `<= tableinst +relation Extend_funcinst: funcinst `<= funcinst +relation Extend_datainst: datainst `<= datainst +relation Extend_eleminst: eleminst `<= eleminst +relation Extend_structinst: structinst `<= structinst +relation Extend_arrayinst: arrayinst `<= arrayinst +relation Extend_exninst: exninst `<= exninst +relation Extend_store: store `<= store + +rule Extend_taginst: + {TYPE jt} `<= {TYPE jt} + +rule Extend_globalinst: + {TYPE mut? t, VALUE val} `<= {TYPE mut? t, VALUE val'} + -- if mut? = MUT \/ val = val' + +rule Extend_meminst: + {TYPE at `[n..m] PAGE, BYTES b*} `<= {TYPE at `[n'..m] PAGE, BYTES b'*} + -- if n <= n' + -- if |b*| <= |b'*| + +rule Extend_tableinst: + {TYPE at `[n..m] rt, REFS ref*} `<= {TYPE at `[n'..m] rt, REFS ref'*} + -- if n <= n' + -- if |ref*| <= |ref'*| + +rule Extend_funcinst: + {TYPE dt, MODULE mm, CODE fc} `<= {TYPE dt, MODULE mm, CODE fc} + +rule Extend_datainst: + {BYTES b*} `<= {BYTES b'*} + -- if b* = b'* \/ b'* = eps + +rule Extend_eleminst: + {TYPE rt, REFS ref*} `<= {TYPE rt, REFS ref'*} + -- if ref* = ref'* \/ ref'* = eps + +rule Extend_structinst: + {TYPE dt, FIELDS fv*} `<= {TYPE dt, FIELDS fv'*} + -- Expand: dt ~~ STRUCT (mut? zt)* + -- (if mut? = MUT \/ fv = fv')* + +rule Extend_arrayinst: + {TYPE dt, FIELDS fv*} `<= {TYPE dt, FIELDS fv'*} + -- Expand: dt ~~ ARRAY (mut? zt) + -- (if mut? = MUT \/ fv = fv')* + +rule Extend_exninst: + {TAG ta, FIELDS val*} `<= {TAG ta, FIELDS val*} + + +rule Extend_store: + s `<= s' + -- (Extend_taginst: s.TAGS[a] `<= s'.TAGS[a] )^(a<|s.TAGS|) + -- (Extend_globalinst: s.GLOBALS[a] `<= s'.GLOBALS[a] )^(a<|s.GLOBALS|) + ---- + -- (Extend_meminst: s.MEMS[a] `<= s'.MEMS[a] )^(a<|s.MEMS|) + -- (Extend_tableinst: s.TABLES[a] `<= s'.TABLES[a] )^(a<|s.TABLES|) + ---- + -- (Extend_funcinst: s.FUNCS[a] `<= s'.FUNCS[a] )^(a<|s.FUNCS|) + -- (Extend_datainst: s.DATAS[a] `<= s'.DATAS[a] )^(a<|s.DATAS|) + ---- + -- (Extend_eleminst: s.ELEMS[a] `<= s'.ELEMS[a] )^(a<|s.ELEMS|) + -- (Extend_structinst: s.STRUCTS[a] `<= s'.STRUCTS[a] )^(a<|s.STRUCTS|) + ---- + -- (Extend_arrayinst: s.ARRAYS[a] `<= s'.ARRAYS[a] )^(a<|s.ARRAYS|) + -- (Extend_exninst: s.EXNS[a] `<= s'.EXNS[a] )^(a<|s.EXNS|) + + +;; Configurations + +relation Localval_ok: store |- val? : localtype +relation Frame_ok: store |- frame : context +relation State_ok: |- state : context +relation Config_ok: |- config : OK + +rule Localval_ok/set: + s |- val : SET t + -- Val_ok: s |- val : t + +rule Localval_ok/unset: + s |- eps : UNSET BOT + +rule Frame_ok: + s |- {LOCALS (val?)*, MODULE moduleinst} : C ++ {LOCALS lct*} + -- Moduleinst_ok: s |- moduleinst : C + -- (Localval_ok: s |- val? : lct)* + +rule State_ok: + |- s; f : C + -- Store_ok: |- s : OK + -- Frame_ok: s |- f : C + +rule Config_ok: + |- z; instr* : OK + -- State_ok: |- z : C + -- Expr_ok: C |- instr* : t* diff --git a/specification/wasm-latest/2.1-validation.types.spectec b/specification/wasm-latest/2.1-validation.types.spectec index eac31a1408..692f986dea 100644 --- a/specification/wasm-latest/2.1-validation.types.spectec +++ b/specification/wasm-latest/2.1-validation.types.spectec @@ -24,6 +24,9 @@ rule Heaptype_ok/typeuse: C |- typeuse : OK -- Typeuse_ok: C |- typeuse : OK +rule Heaptype_ok/bot: + C |- BOT : OK + rule Reftype_ok: C |- REF NULL? heaptype : OK -- Heaptype_ok: C |- heaptype : OK diff --git a/specification/wasm-latest/2.3-validation.instructions.spectec b/specification/wasm-latest/2.3-validation.instructions.spectec index a893c85c13..9990490585 100644 --- a/specification/wasm-latest/2.3-validation.instructions.spectec +++ b/specification/wasm-latest/2.3-validation.instructions.spectec @@ -637,7 +637,7 @@ rule Instrs_ok/frame: rule Expr_ok: C |- instr* : t* - -- Instrs_ok: C |- instr* : eps ->_(eps) t* + -- Instrs_ok: C |- instr* : eps -> t* ;; Constant expressions diff --git a/specification/wasm-latest/4.1-execution.values.spectec b/specification/wasm-latest/4.1-execution.values.spectec index b6951b99ee..6237c93ac0 100644 --- a/specification/wasm-latest/4.1-execution.values.spectec +++ b/specification/wasm-latest/4.1-execution.values.spectec @@ -81,6 +81,23 @@ rule Val_ok/ref: -- Ref_ok: s |- ref : rt +;; Field values + +relation Packval_ok: store |- packval : packtype +relation Fieldval_ok: store |- fieldval : storagetype + +rule Packval_ok: + s |- PACK pt c : pt + +rule Fieldval_ok/val: + s |- val : t + -- Val_ok: s |- val : t + +rule Fieldval_ok/packval: + s |- packval : pt + -- Packval_ok: s |- packval : pt + + ;; External addresses relation Externaddr_ok: store |- externaddr : externtype hint(macro "%externaddr") diff --git a/specification/wasm-latest/7.1-soundness.configurations.spectec b/specification/wasm-latest/7.1-soundness.configurations.spectec new file mode 100644 index 0000000000..37ba3f4d39 --- /dev/null +++ b/specification/wasm-latest/7.1-soundness.configurations.spectec @@ -0,0 +1,339 @@ +;; Administrative instructions + +relation Instr_ok2: store; context |- instr : instrtype +relation Instrs_ok2: store; context |- instr* : instrtype +relation Expr_ok2: store; context |- expr : resulttype + +rule Instr_ok2/plain: + s; C |- instr : t_1* ->_(x*) t_2* + -- Instr_ok: C |- instr : t_1* ->_(x*) t_2* + +rule Instr_ok2/ref: + s; C |- ref : eps -> rt + -- Ref_ok: s |- ref : rt + +rule Instr_ok2/label: + s; C |- LABEL_ n `{instr'*} instr* : eps -> t* + -- Instrs_ok2: s; C |- instr'* : t'^n ->_(x'*) t* + -- Instrs_ok2: s; {LABELS (t')^n} ++ C |- instr* : eps ->_(x*) t* + +rule Instr_ok2/frame: + s; C |- FRAME_ n `{f} instr* : eps -> t^n + -- Frame_ok: s |- f : C' + -- Expr_ok2: s; C' |- instr* : t^n + +rule Instr_ok2/handler: + s; C |- HANDLER_ n `{catch*} instr* : t_1* -> t_2* + -- (Catch_ok: C |- catch : OK)* + -- Instrs_ok2: s; C |- instr* : t_1* ->_(x*) t_2* + +rule Instr_ok2/trap: + s; C |- TRAP : t_1* -> t_2* + -- Instrtype_ok: C |- t_1* -> t_2* : OK + + +rule Instrs_ok2/empty: + s; C |- eps : eps -> eps + +rule Instrs_ok2/seq: + s; C |- instr_1 instr_2* : t_1* ->_(x_1* x_2*) t_3* + -- Instr_ok2: s; C |- instr_1 : t_1* ->_(x_1*) t_2* + -- (if C.LOCALS[x_1] = init t)* + -- Instrs_ok2: s; $with_locals(C, x_1*, (SET t)*) |- instr_2* : t_2* ->_(x_2*) t_3* + +rule Instrs_ok2/sub: + s; C |- instr* : it' + -- Instrs_ok2: s; C |- instr* : it + -- Instrtype_sub: C |- it <: it' + -- Instrtype_ok: C |- it' : OK + +;; TODO(3, rossberg): allow omitting parens +rule Instrs_ok2/frame: + s; C |- instr* : (t* t_1*) ->_(x*) (t* t_2*) + -- Instrs_ok2: s; C |- instr* : t_1* ->_(x*) t_2* + -- Resulttype_ok: C |- t* : OK + + +rule Expr_ok2: + s; C |- instr* : t* + -- Instrs_ok2: s; C |- instr* : eps -> t* + + +;; Instances + +relation Taginst_ok: store |- taginst : tagtype +relation Globalinst_ok: store |- globalinst : globaltype +relation Meminst_ok: store |- meminst : memtype +relation Tableinst_ok: store |- tableinst : tabletype +relation Funcinst_ok: store |- funcinst : deftype +relation Datainst_ok: store |- datainst : datatype +relation Eleminst_ok: store |- eleminst : elemtype +relation Exportinst_ok: store |- exportinst : OK +relation Structinst_ok: store |- structinst : OK +relation Arrayinst_ok: store |- arrayinst : OK +relation Exninst_ok: store |- exninst : OK + +rule Taginst_ok: + s |- {TYPE jt} : jt + -- Tagtype_ok: {} |- jt : OK + +rule Globalinst_ok: + s |- {TYPE mut? t, VALUE val} : mut? t + -- Globaltype_ok: {} |- mut? t : OK + -- Val_ok: s |- val : t + +rule Meminst_ok: + s |- {TYPE at `[n..m] PAGE, BYTES b*} : at `[n..m] PAGE + -- Memtype_ok: {} |- at `[n..m] PAGE : OK + -- if |b*| = $(n * $($(64 * $Ki))) + +rule Tableinst_ok: + s |- {TYPE at `[n..m] rt, REFS ref*} : at `[n..m] rt + -- Tabletype_ok: {} |- at `[n..m] rt : OK + -- if |ref*| = n + -- (Ref_ok: s |- ref : rt)* + +rule Funcinst_ok: + s |- {TYPE dt, MODULE moduleinst, CODE func} : dt + -- Deftype_ok: {} |- dt : OK + -- Moduleinst_ok: s |- moduleinst : C + ---- + -- Func_ok: C |- func : dt' + -- Deftype_sub: C |- dt' <: dt + +rule Datainst_ok: + s |- {BYTES b*} : OK + +rule Eleminst_ok: + s |- {TYPE rt, REFS ref*} : rt + -- Reftype_ok: {} |- rt : OK + -- (Ref_ok: s |- ref : rt)* + +rule Exportinst_ok: + s |- {NAME nm, ADDR xa} : OK + -- Externaddr_ok: s |- xa : xt + + +rule Structinst_ok: + s |- {TYPE dt, FIELDS fv*} : OK + -- Expand: dt ~~ STRUCT (mut? zt)* + -- (Fieldval_ok: s |- fv : zt)* + +rule Arrayinst_ok: + s |- {TYPE dt, FIELDS fv*} : OK + -- Expand: dt ~~ ARRAY (mut? zt) + -- (Fieldval_ok: s |- fv : zt)* + +rule Exninst_ok: + s |- {TAG ta, FIELDS val*} : OK + -- if dt = s.TAGS[ta].TYPE + -- Expand: dt ~~ FUNC t* -> eps + -- (Val_ok: s |- val : t)* + + +;; Modules + +relation Moduleinst_ok: store |- moduleinst : context + +rule Moduleinst_ok: + s |- { TYPES deftype*, + TAGS tagaddr*, + GLOBALS globaladdr*, + MEMS memaddr*, + TABLES tableaddr*, + FUNCS funcaddr*, + DATAS dataaddr*, + ELEMS elemaddr*, + EXPORTS exportinst* } : + { TYPES deftype*, + RECS subtype*, + TAGS tagtype*, + GLOBALS globaltype*, + MEMS memtype*, + TABLES tabletype*, + FUNCS deftype_F*, + DATAS datatype*, + ELEMS elemtype*, + REFS (i)^(i<|funcaddr*|) + } + -- (Deftype_ok: {} |- deftype : OK)* + -- (Externaddr_ok: s |- TAG tagaddr : TAG tagtype)* + ---- + -- (Externaddr_ok: s |- GLOBAL globaladdr : GLOBAL globaltype)* + -- (Externaddr_ok: s |- FUNC funcaddr : FUNC deftype_F)* + ---- + -- (Externaddr_ok: s |- MEM memaddr : MEM memtype)* + -- (Externaddr_ok: s |- TABLE tableaddr : TABLE tabletype)* + ---- + -- (Datainst_ok: s |- s.DATAS[dataaddr] : datatype)* + -- (Eleminst_ok: s |- s.ELEMS[elemaddr] : elemtype)* + ---- + -- (Exportinst_ok: s |- exportinst : OK)* + -- if $disjoint_(name, (exportinst.NAME)*) + ---- + -- (if exportinst.ADDR <- (TAG tagaddr)* (GLOBAL globaladdr)* (MEM memaddr)* (TABLE tableaddr)* (FUNC funcaddr)*)* + + +;; Store + +relation Store_ok: |- store : OK + +rule Store_ok: + |- s : OK + -- (Taginst_ok: s |- taginst : tagtype)* + -- (Globalinst_ok: s |- globalinst : globaltype)* + ---- + -- (Meminst_ok: s |- meminst : memtype)* + -- (Tableinst_ok: s |- tableinst : tabletype)* + ---- + -- (Funcinst_ok: s |- funcinst : deftype)* + -- (Datainst_ok: s |- datainst : datatype)* + -- (Eleminst_ok: s |- eleminst : elemtype)* + ---- + -- (Structinst_ok: s |- structinst : OK)* + -- (Arrayinst_ok: s |- arrayinst : OK)* + -- (Exninst_ok: s |- exninst : OK)* + ---- + -- (NotImmReachable: `~ (REF.STRUCT_ADDR a) >>_s (REF.STRUCT_ADDR a))^(a<|structinst*|) + -- (NotImmReachable: `~ (REF.ARRAY_ADDR a) >>_s (REF.ARRAY_ADDR a))^(a<|arrayinst*|) + -- (NotImmReachable: `~ (REF.EXN_ADDR a) >>_s (REF.EXN_ADDR a))^(a<|exninst*|) + ---- + -- if s = {TAGS taginst*, GLOBALS globalinst*, MEMS meminst*, TABLES tableinst*, FUNCS funcinst*, + DATAS datainst*, ELEMS eleminst*, STRUCTS structinst*, ARRAYS arrayinst*, EXNS exninst*} + + +relation ImmReachable: fieldval >>_store fieldval +relation NotImmReachable: `~ fieldval >>_store fieldval + +;; HACK: emulate premise negation +;; TODO(rossberg): directly support negation in IL +def $NotImmReachable(fieldval, store, fieldval) : bool +def $NotImmReachable(fv_1, s, fv_2) = false -- ImmReachable: fv_1 >>_s fv_2 +def $NotImmReachable(fv_1, s, fv_2) = true -- otherwise + +rule NotImmReachable: `~ fv_1 >>_s fv_2 -- if $NotImmReachable(fv_1, s, fv_2) + + +rule ImmReachable/trans: + fv_1 >>_s fv_2 + -- ImmReachable: fv_1 >>_s fv' + -- ImmReachable: fv' >>_s fv_2 + +rule ImmReachable/ref.struct: + (REF.STRUCT_ADDR a) >>_s s.STRUCTS[a].FIELDS[i] + -- Expand: s.STRUCTS[a].TYPE ~~ STRUCT ft* + -- if ft*[i] = zt + +rule ImmReachable/ref.array: + (REF.ARRAY_ADDR a) >>_s s.ARRAYS[a].FIELDS[i] + -- Expand: s.ARRAYS[a].TYPE ~~ ARRAY zt + +rule ImmReachable/ref.exn: + (REF.EXN_ADDR a) >>_s s.EXNS[a].FIELDS[i] + +rule ImmReachable/ref.extern: + (REF.EXTERN ref) >>_s ref + + +;; Store extension + +relation Extend_taginst: taginst `<= taginst +relation Extend_globalinst: globalinst `<= globalinst +relation Extend_meminst: meminst `<= meminst +relation Extend_tableinst: tableinst `<= tableinst +relation Extend_funcinst: funcinst `<= funcinst +relation Extend_datainst: datainst `<= datainst +relation Extend_eleminst: eleminst `<= eleminst +relation Extend_structinst: structinst `<= structinst +relation Extend_arrayinst: arrayinst `<= arrayinst +relation Extend_exninst: exninst `<= exninst +relation Extend_store: store `<= store + +rule Extend_taginst: + {TYPE jt} `<= {TYPE jt} + +rule Extend_globalinst: + {TYPE mut? t, VALUE val} `<= {TYPE mut? t, VALUE val'} + -- if mut? = MUT \/ val = val' + +rule Extend_meminst: + {TYPE at `[n..m] PAGE, BYTES b*} `<= {TYPE at `[n'..m] PAGE, BYTES b'*} + -- if n <= n' + -- if |b*| <= |b'*| + +rule Extend_tableinst: + {TYPE at `[n..m] rt, REFS ref*} `<= {TYPE at `[n'..m] rt, REFS ref'*} + -- if n <= n' + -- if |ref*| <= |ref'*| + +rule Extend_funcinst: + {TYPE dt, MODULE mm, CODE fc} `<= {TYPE dt, MODULE mm, CODE fc} + +rule Extend_datainst: + {BYTES b*} `<= {BYTES b'*} + -- if b* = b'* \/ b'* = eps + +rule Extend_eleminst: + {TYPE rt, REFS ref*} `<= {TYPE rt, REFS ref'*} + -- if ref* = ref'* \/ ref'* = eps + +rule Extend_structinst: + {TYPE dt, FIELDS fv*} `<= {TYPE dt, FIELDS fv'*} + -- Expand: dt ~~ STRUCT (mut? zt)* + -- (if mut? = MUT \/ fv = fv')* + +rule Extend_arrayinst: + {TYPE dt, FIELDS fv*} `<= {TYPE dt, FIELDS fv'*} + -- Expand: dt ~~ ARRAY (mut? zt) + -- (if mut? = MUT \/ fv = fv')* + +rule Extend_exninst: + {TAG ta, FIELDS val*} `<= {TAG ta, FIELDS val*} + + +rule Extend_store: + s `<= s' + -- (Extend_taginst: s.TAGS[a] `<= s'.TAGS[a] )^(a<|s.TAGS|) + -- (Extend_globalinst: s.GLOBALS[a] `<= s'.GLOBALS[a] )^(a<|s.GLOBALS|) + ---- + -- (Extend_meminst: s.MEMS[a] `<= s'.MEMS[a] )^(a<|s.MEMS|) + -- (Extend_tableinst: s.TABLES[a] `<= s'.TABLES[a] )^(a<|s.TABLES|) + ---- + -- (Extend_funcinst: s.FUNCS[a] `<= s'.FUNCS[a] )^(a<|s.FUNCS|) + -- (Extend_datainst: s.DATAS[a] `<= s'.DATAS[a] )^(a<|s.DATAS|) + ---- + -- (Extend_eleminst: s.ELEMS[a] `<= s'.ELEMS[a] )^(a<|s.ELEMS|) + -- (Extend_structinst: s.STRUCTS[a] `<= s'.STRUCTS[a] )^(a<|s.STRUCTS|) + ---- + -- (Extend_arrayinst: s.ARRAYS[a] `<= s'.ARRAYS[a] )^(a<|s.ARRAYS|) + -- (Extend_exninst: s.EXNS[a] `<= s'.EXNS[a] )^(a<|s.EXNS|) + + +;; Configurations + +relation Localval_ok: store |- val? : localtype +relation Frame_ok: store |- frame : context +relation State_ok: |- state : context +relation Config_ok: |- config : OK + +rule Localval_ok/set: + s |- val : SET t + -- Val_ok: s |- val : t + +rule Localval_ok/unset: + s |- eps : UNSET BOT + +rule Frame_ok: + s |- {LOCALS (val?)*, MODULE moduleinst} : C ++ {LOCALS lct*} + -- Moduleinst_ok: s |- moduleinst : C + -- (Localval_ok: s |- val? : lct)* + +rule State_ok: + |- s; f : C + -- Store_ok: |- s : OK + -- Frame_ok: s |- f : C + +rule Config_ok: + |- z; instr* : OK + -- State_ok: |- z : C + -- Expr_ok: C |- instr* : t* diff --git a/spectec/test-frontend/TEST.md b/spectec/test-frontend/TEST.md index 5aae8c8475..9f4e56f9b1 100644 --- a/spectec/test-frontend/TEST.md +++ b/spectec/test-frontend/TEST.md @@ -2792,98 +2792,102 @@ relation Heaptype_ok: `%|-%:OK`(context, heaptype) `%|-%:OK`(C, (typeuse : typeuse <: heaptype)) -- Typeuse_ok: `%|-%:OK`(C, typeuse) + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:27.1-28.16 + rule bot{C : context}: + `%|-%:OK`(C, BOT_heaptype) + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:10.1-10.91 relation Reftype_ok: `%|-%:OK`(context, reftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:27.1-29.37 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:30.1-32.37 rule _{C : context, heaptype : heaptype}: `%|-%:OK`(C, REF_reftype(NULL_null?{}, heaptype)) -- Heaptype_ok: `%|-%:OK`(C, heaptype) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:11.1-11.91 relation Valtype_ok: `%|-%:OK`(context, valtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:31.1-33.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:34.1-36.35 rule num{C : context, numtype : numtype}: `%|-%:OK`(C, (numtype : numtype <: valtype)) -- Numtype_ok: `%|-%:OK`(C, numtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:35.1-37.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:38.1-40.35 rule vec{C : context, vectype : vectype}: `%|-%:OK`(C, (vectype : vectype <: valtype)) -- Vectype_ok: `%|-%:OK`(C, vectype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:39.1-41.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:42.1-44.35 rule ref{C : context, reftype : reftype}: `%|-%:OK`(C, (reftype : reftype <: valtype)) -- Reftype_ok: `%|-%:OK`(C, reftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:43.1-44.16 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:46.1-47.16 rule bot{C : context}: `%|-%:OK`(C, BOT_valtype) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:12.1-12.94 relation Typeuse_ok: `%|-%:OK`(context, typeuse) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:99.1-101.30 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:102.1-104.30 rule typeidx{C : context, typeidx : typeidx, dt : deftype}: `%|-%:OK`(C, _IDX_typeuse(typeidx)) -- if (C.TYPES_context[typeidx!`%`_typeidx.0] = dt) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:103.1-105.23 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:106.1-108.23 rule rec{C : context, i : n, st : subtype}: `%|-%:OK`(C, REC_typeuse(i)) -- if (C.RECS_context[i] = st) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:107.1-109.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:110.1-112.35 rule deftype{C : context, deftype : deftype}: `%|-%:OK`(C, (deftype : deftype <: typeuse)) -- Deftype_ok: `%|-%:OK`(C, deftype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:49.1-49.100 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:52.1-52.100 relation Resulttype_ok: `%|-%:OK`(context, resulttype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:52.1-54.32 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:55.1-57.32 rule _{C : context, `t*` : valtype*}: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) -- (Valtype_ok: `%|-%:OK`(C, t))*{t <- `t*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:85.1-85.104 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:88.1-88.104 relation Fieldtype_ok: `%|-%:OK`(context, fieldtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:123.1-125.43 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:126.1-128.43 rule _{C : context, storagetype : storagetype}: `%|-%:OK`(C, `%%`_fieldtype(MUT_mut?{}, storagetype)) -- Storagetype_ok: `%|-%:OK`(C, storagetype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:86.1-86.106 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:89.1-89.106 relation Storagetype_ok: `%|-%:OK`(context, storagetype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:115.1-117.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:118.1-120.35 rule val{C : context, valtype : valtype}: `%|-%:OK`(C, (valtype : valtype <: storagetype)) -- Valtype_ok: `%|-%:OK`(C, valtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:119.1-121.37 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:122.1-124.37 rule pack{C : context, packtype : packtype}: `%|-%:OK`(C, (packtype : packtype <: storagetype)) -- Packtype_ok: `%|-%:OK`(C, packtype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:87.1-87.103 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:90.1-90.103 relation Comptype_ok: `%|-%:OK`(context, comptype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:128.1-130.42 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:131.1-133.42 rule struct{C : context, `fieldtype*` : fieldtype*}: `%|-%:OK`(C, STRUCT_comptype(`%`_list(fieldtype*{fieldtype <- `fieldtype*`}))) -- (Fieldtype_ok: `%|-%:OK`(C, fieldtype))*{fieldtype <- `fieldtype*`} - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:132.1-134.39 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:135.1-137.39 rule array{C : context, fieldtype : fieldtype}: `%|-%:OK`(C, ARRAY_comptype(fieldtype)) -- Fieldtype_ok: `%|-%:OK`(C, fieldtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:136.1-139.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:139.1-142.35 rule func{C : context, `t_1*` : valtype*, `t_2*` : valtype*}: `%|-%:OK`(C, `FUNC%->%`_comptype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t_1*{t_1 <- `t_1*`})) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t_2*{t_2 <- `t_2*`})) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:88.1-88.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:91.1-91.126 relation Subtype_ok: `%|-%:%`(context, subtype, oktypeidx) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:142.1-149.49 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:145.1-152.49 rule _{C : context, `x*` : idx*, comptype : comptype, x_0 : idx, `comptype'*` : comptype*, `x'**` : idx**}: `%|-%:%`(C, SUB_subtype(FINAL_final?{}, _IDX_typeuse(x)*{x <- `x*`}, comptype), OK_oktypeidx(x_0)) -- if (|x*{x <- `x*`}| <= 1) @@ -2892,26 +2896,26 @@ relation Subtype_ok: `%|-%:%`(context, subtype, oktypeidx) -- Comptype_ok: `%|-%:OK`(C, comptype) -- (Comptype_sub: `%|-%<:%`(C, comptype, comptype'))*{comptype' <- `comptype'*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:89.1-89.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:92.1-92.126 relation Rectype_ok: `%|-%:%`(context, rectype, oktypeidx) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:171.1-172.23 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:174.1-175.23 rule empty{C : context, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidx(x)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:174.1-177.48 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:177.1-180.48 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Subtype_ok: `%|-%:%`(C, subtype_1, OK_oktypeidx(x)) -- Rectype_ok: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(`%`_typeidx((x!`%`_idx.0 + 1)))) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:179.1-181.60 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:182.1-184.60 rule _rec2{C : context, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Rectype_ok2: `%|-%:%`({TYPES [], RECS subtype*{subtype <- `subtype*`}, TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []} +++ C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, 0)) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:90.1-90.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:93.1-93.126 relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:161.1-168.49 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:164.1-171.49 rule _{C : context, `typeuse*` : typeuse*, compttype : comptype, x : idx, i : nat, `comptype'*` : comptype*, `typeuse'**` : typeuse**, comptype : comptype}: `%|-%:%`(C, SUB_subtype(FINAL_final?{}, typeuse*{typeuse <- `typeuse*`}, compttype), OK_oktypeidxnat(x, i)) -- if (|typeuse*{typeuse <- `typeuse*`}| <= 1) @@ -2920,28 +2924,28 @@ relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) -- Comptype_ok: `%|-%:OK`(C, comptype) -- (Comptype_sub: `%|-%<:%`(C, comptype, comptype'))*{comptype' <- `comptype'*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:91.1-91.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:94.1-94.126 relation Rectype_ok2: `%|-%:%`(context, rectype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:183.1-184.24 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:186.1-187.24 rule empty{C : context, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidxnat(x, i)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:186.1-189.55 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:189.1-192.55 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, i)) -- Subtype_ok2: `%|-%:%`(C, subtype_1, OK_oktypeidxnat(x, i)) -- Rectype_ok2: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(`%`_typeidx((x!`%`_idx.0 + 1)), (i + 1))) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:92.1-92.102 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:95.1-95.102 relation Deftype_ok: `%|-%:OK`(context, deftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:192.1-196.14 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:195.1-199.14 rule _{C : context, rectype : rectype, i : n, x : idx, n : n, `subtype*` : subtype*}: `%|-%:OK`(C, _DEF_deftype(rectype, i)) -- Rectype_ok: `%|-%:%`(C, rectype, OK_oktypeidx(x)) -- if (rectype = REC_rectype(`%`_list(subtype^n{subtype <- `subtype*`}))) -- if (i < n) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:95.1-95.108 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:98.1-98.108 relation Comptype_sub: `%|-%<:%`(context, comptype, comptype) ;; ../../../../specification/wasm-latest/2.2-validation.subtyping.spectec:169.1-171.41 rule struct{C : context, `ft_1*` : fieldtype*, `ft'_1*` : fieldtype*, `ft_2*` : fieldtype*}: @@ -2959,7 +2963,7 @@ relation Comptype_sub: `%|-%<:%`(context, comptype, comptype) -- Resulttype_sub: `%|-%<:%`(C, `%`_resulttype(t_21*{t_21 <- `t_21*`}), `%`_resulttype(t_11*{t_11 <- `t_11*`})) -- Resulttype_sub: `%|-%<:%`(C, `%`_resulttype(t_12*{t_12 <- `t_12*`}), `%`_resulttype(t_22*{t_22 <- `t_22*`})) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:96.1-96.107 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:99.1-99.107 relation Deftype_sub: `%|-%<:%`(context, deftype, deftype) ;; ../../../../specification/wasm-latest/2.2-validation.subtyping.spectec:183.1-185.66 rule refl{C : context, deftype_1 : deftype, deftype_2 : deftype}: @@ -5915,37 +5919,55 @@ relation Val_ok: `%|-%:%`(store, val, valtype) `%|-%:%`(s, (ref : ref <: val), (rt : reftype <: valtype)) -- Ref_ok: `%|-%:%`(s, ref, rt) +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec +relation Packval_ok: `%|-%:%`(store, packval, packtype) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule _{s : store, pt : packtype, c : iN($psizenn(pt))}: + `%|-%:%`(s, PACK_packval(pt, c), pt) + +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec +relation Fieldval_ok: `%|-%:%`(store, fieldval, storagetype) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule val{s : store, val : val, t : valtype}: + `%|-%:%`(s, (val : val <: fieldval), (t : valtype <: storagetype)) + -- Val_ok: `%|-%:%`(s, val, t) + + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule packval{s : store, packval : packval, pt : packtype}: + `%|-%:%`(s, (packval : packval <: fieldval), (pt : packtype <: storagetype)) + -- Packval_ok: `%|-%:%`(s, packval, pt) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec rec { -;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:86.1-86.84 +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:103.1-103.84 relation Externaddr_ok: `%|-%:%`(store, externaddr, externtype) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:88.1-90.28 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:105.1-107.28 rule tag{s : store, a : addr, taginst : taginst}: `%|-%:%`(s, TAG_externaddr(a), TAG_externtype(taginst.TYPE_taginst)) -- if (s.TAGS_store[a] = taginst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:92.1-94.34 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:109.1-111.34 rule global{s : store, a : addr, globalinst : globalinst}: `%|-%:%`(s, GLOBAL_externaddr(a), GLOBAL_externtype(globalinst.TYPE_globalinst)) -- if (s.GLOBALS_store[a] = globalinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:96.1-98.28 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:113.1-115.28 rule mem{s : store, a : addr, meminst : meminst}: `%|-%:%`(s, MEM_externaddr(a), MEM_externtype(meminst.TYPE_meminst)) -- if (s.MEMS_store[a] = meminst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:100.1-102.32 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:117.1-119.32 rule table{s : store, a : addr, tableinst : tableinst}: `%|-%:%`(s, TABLE_externaddr(a), TABLE_externtype(tableinst.TYPE_tableinst)) -- if (s.TABLES_store[a] = tableinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:104.1-106.30 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:121.1-123.30 rule func{s : store, a : addr, funcinst : funcinst}: `%|-%:%`(s, FUNC_externaddr(a), FUNC_externtype((funcinst.TYPE_funcinst : deftype <: typeuse))) -- if (s.FUNCS_store[a] = funcinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:108.1-111.37 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:125.1-128.37 rule sub{s : store, externaddr : externaddr, xt : externtype, xt' : externtype}: `%|-%:%`(s, externaddr, xt) -- Externaddr_ok: `%|-%:%`(s, externaddr, xt') @@ -7633,6 +7655,372 @@ def $ordered(decl*) : bool ;; ../../../../specification/wasm-latest/6.4-text.modules.spectec def $ordered{`decl_1*` : decl*, import : import, `decl_2*` : decl*}(decl_1*{decl_1 <- `decl_1*`} ++ [(import : import <: decl)] ++ decl_2*{decl_2 <- `decl_2*`}) = (((((($importsd(decl_1*{decl_1 <- `decl_1*`}) = []) /\ ($tagsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($globalsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($memsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($tablesd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($funcsd(decl_1*{decl_1 <- `decl_1*`}) = [])) +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Localval_ok: `%|-%:%`(store, val?, localtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule set{s : store, val : val, t : valtype}: + `%|-%:%`(s, ?(val), `%%`_localtype(SET_init, t)) + -- Val_ok: `%|-%:%`(s, val, t) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule unset{s : store}: + `%|-%:%`(s, ?(), `%%`_localtype(UNSET_init, BOT_valtype)) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Datainst_ok: `%|-%:%`(store, datainst, datatype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `b*` : byte*}: + `%|-%:%`(s, {BYTES b*{b <- `b*`}}, OK_datatype) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Eleminst_ok: `%|-%:%`(store, eleminst, elemtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, rt : reftype, `ref*` : ref*}: + `%|-%:%`(s, {TYPE rt, REFS ref*{ref <- `ref*`}}, rt) + -- Reftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, rt) + -- (Ref_ok: `%|-%:%`(s, ref, rt))*{ref <- `ref*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Exportinst_ok: `%|-%:OK`(store, exportinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, nm : name, xa : externaddr, xt : externtype}: + `%|-%:OK`(s, {NAME nm, ADDR xa}) + -- Externaddr_ok: `%|-%:%`(s, xa, xt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Moduleinst_ok: `%|-%:%`(store, moduleinst, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `deftype*` : deftype*, `tagaddr*` : tagaddr*, `globaladdr*` : globaladdr*, `memaddr*` : memaddr*, `tableaddr*` : tableaddr*, `funcaddr*` : funcaddr*, `dataaddr*` : dataaddr*, `elemaddr*` : elemaddr*, `exportinst*` : exportinst*, `subtype*` : subtype*, `tagtype*` : tagtype*, `globaltype*` : globaltype*, `memtype*` : memtype*, `tabletype*` : tabletype*, `deftype_F*` : deftype*, `datatype*` : datatype*, `elemtype*` : elemtype*}: + `%|-%:%`(s, {TYPES deftype*{deftype <- `deftype*`}, TAGS tagaddr*{tagaddr <- `tagaddr*`}, GLOBALS globaladdr*{globaladdr <- `globaladdr*`}, MEMS memaddr*{memaddr <- `memaddr*`}, TABLES tableaddr*{tableaddr <- `tableaddr*`}, FUNCS funcaddr*{funcaddr <- `funcaddr*`}, DATAS dataaddr*{dataaddr <- `dataaddr*`}, ELEMS elemaddr*{elemaddr <- `elemaddr*`}, EXPORTS exportinst*{exportinst <- `exportinst*`}}, {TYPES deftype*{deftype <- `deftype*`}, RECS subtype*{subtype <- `subtype*`}, TAGS tagtype*{tagtype <- `tagtype*`}, GLOBALS globaltype*{globaltype <- `globaltype*`}, MEMS memtype*{memtype <- `memtype*`}, TABLES tabletype*{tabletype <- `tabletype*`}, FUNCS deftype_F*{deftype_F <- `deftype_F*`}, DATAS datatype*{datatype <- `datatype*`}, ELEMS elemtype*{elemtype <- `elemtype*`}, LOCALS [], LABELS [], RETURN ?(), REFS `%`_funcidx(i)^(i<|funcaddr*{funcaddr <- `funcaddr*`}|){}}) + -- (Deftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, deftype))*{deftype <- `deftype*`} + -- (Externaddr_ok: `%|-%:%`(s, TAG_externaddr(tagaddr), TAG_externtype(tagtype)))*{tagaddr <- `tagaddr*`, tagtype <- `tagtype*`} + -- (Externaddr_ok: `%|-%:%`(s, GLOBAL_externaddr(globaladdr), GLOBAL_externtype(globaltype)))*{globaladdr <- `globaladdr*`, globaltype <- `globaltype*`} + -- (Externaddr_ok: `%|-%:%`(s, FUNC_externaddr(funcaddr), FUNC_externtype((deftype_F : deftype <: typeuse))))*{deftype_F <- `deftype_F*`, funcaddr <- `funcaddr*`} + -- (Externaddr_ok: `%|-%:%`(s, MEM_externaddr(memaddr), MEM_externtype(memtype)))*{memaddr <- `memaddr*`, memtype <- `memtype*`} + -- (Externaddr_ok: `%|-%:%`(s, TABLE_externaddr(tableaddr), TABLE_externtype(tabletype)))*{tableaddr <- `tableaddr*`, tabletype <- `tabletype*`} + -- (Datainst_ok: `%|-%:%`(s, s.DATAS_store[dataaddr], datatype))*{dataaddr <- `dataaddr*`, datatype <- `datatype*`} + -- (Eleminst_ok: `%|-%:%`(s, s.ELEMS_store[elemaddr], elemtype))*{elemaddr <- `elemaddr*`, elemtype <- `elemtype*`} + -- (Exportinst_ok: `%|-%:OK`(s, exportinst))*{exportinst <- `exportinst*`} + -- if $disjoint_(syntax name, exportinst.NAME_exportinst*{exportinst <- `exportinst*`}) + -- (if (exportinst.ADDR_exportinst <- TAG_externaddr(tagaddr)*{tagaddr <- `tagaddr*`} ++ GLOBAL_externaddr(globaladdr)*{globaladdr <- `globaladdr*`} ++ MEM_externaddr(memaddr)*{memaddr <- `memaddr*`} ++ TABLE_externaddr(tableaddr)*{tableaddr <- `tableaddr*`} ++ FUNC_externaddr(funcaddr)*{funcaddr <- `funcaddr*`}))*{exportinst <- `exportinst*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Frame_ok: `%|-%:%`(store, frame, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `val?*` : val?*, moduleinst : moduleinst, C : context, `lct*` : localtype*}: + `%|-%:%`(s, {LOCALS val?{val <- `val?`}*{`val?` <- `val?*`}, MODULE moduleinst}, C +++ {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS lct*{lct <- `lct*`}, LABELS [], RETURN ?(), REFS []}) + -- Moduleinst_ok: `%|-%:%`(s, moduleinst, C) + -- (Localval_ok: `%|-%:%`(s, val?{val <- `val?`}, lct))*{lct <- `lct*`, `val?` <- `val?*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +rec { + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-3.56 +relation Instr_ok2: `%;%|-%:%`(store, context, instr, instrtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-9.46 + rule plain{s : store, C : context, instr : instr, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Instr_ok: `%|-%:%`(C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:11.1-13.27 + rule ref{s : store, C : context, ref : ref, rt : reftype}: + `%;%|-%:%`(s, C, (ref : ref <: instr), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([(rt : reftype <: valtype)]))) + -- Ref_ok: `%|-%:%`(s, ref, rt) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:15.1-18.68 + rule label{s : store, C : context, n : n, `instr'*` : instr*, `instr*` : instr*, `t*` : valtype*, `t'*` : valtype*, `x'*` : idx*, `x*` : idx*}: + `%;%|-%:%`(s, C, `LABEL_%{%}%`_instr(n, instr'*{instr' <- `instr'*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr'*{instr' <- `instr'*`}, `%->_%%`_instrtype(`%`_resulttype(t'^n{t' <- `t'*`}), x'*{x' <- `x'*`}, `%`_resulttype(t*{t <- `t*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [`%`_resulttype(t'^n{t' <- `t'*`})], RETURN ?(), REFS []} +++ C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:20.1-23.37 + rule frame{s : store, C : context, n : n, f : frame, `instr*` : instr*, `t*` : valtype*, C' : context}: + `%;%|-%:%`(s, C, `FRAME_%{%}%`_instr(n, f, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t^n{t <- `t*`}))) + -- Frame_ok: `%|-%:%`(s, f, C') + -- Expr_ok2: `%;%|-%:%`(s, C', instr*{instr <- `instr*`}, `%`_resulttype(t^n{t <- `t*`})) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:25.1-28.52 + rule handler{s : store, C : context, n : n, `catch*` : catch*, `instr*` : instr*, `t_1*` : valtype*, `t_2*` : valtype*, `x*` : idx*}: + `%;%|-%:%`(s, C, `HANDLER_%{%}%`_instr(n, catch*{catch <- `catch*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- (Catch_ok: `%|-%:OK`(C, catch))*{catch <- `catch*`} + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:30.1-32.42 + rule trap{s : store, C : context, `t_1*` : valtype*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, TRAP_instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Instrtype_ok: `%|-%:OK`(C, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:4.1-4.58 +relation Instrs_ok2: `%;%|-%:%`(store, context, instr*, instrtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:35.1-36.27 + rule empty{s : store, C : context}: + `%;%|-%:%`(s, C, [], `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([]))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-42.86 + rule seq{s : store, C : context, instr_1 : instr, `instr_2*` : instr*, `t_1*` : valtype*, `x_1*` : idx*, `x_2*` : idx*, `t_3*` : valtype*, `t_2*` : valtype*, `init*` : init*, `t*` : valtype*}: + `%;%|-%:%`(s, C, [instr_1] ++ instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`} ++ x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) + -- Instr_ok2: `%;%|-%:%`(s, C, instr_1, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- (if (C.LOCALS_context[x_1!`%`_idx.0] = `%%`_localtype(init, t)))*{init <- `init*`, t <- `t*`, x_1 <- `x_1*`} + -- Instrs_ok2: `%;%|-%:%`(s, $with_locals(C, x_1*{x_1 <- `x_1*`}, `%%`_localtype(SET_init, t)*{t <- `t*`}), instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_2*{t_2 <- `t_2*`}), x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:44.1-48.33 + rule sub{s : store, C : context, `instr*` : instr*, it' : instrtype, it : instrtype}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it') + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it) + -- Instrtype_sub: `%|-%<:%`(C, it, it') + -- Instrtype_ok: `%|-%:OK`(C, it') + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:51.1-54.33 + rule frame{s : store, C : context, `instr*` : instr*, `t*` : valtype*, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t*{t <- `t*`} ++ t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`} ++ t_2*{t_2 <- `t_2*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-5.55 +relation Expr_ok2: `%;%|-%:%`(store, context, expr, resulttype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:57.1-59.44 + rule _{s : store, C : context, `instr*` : instr*, `t*` : valtype*}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) +} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Taginst_ok: `%|-%:%`(store, taginst, tagtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, jt : tagtype}: + `%|-%:%`(s, {TYPE jt}, jt) + -- Tagtype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, jt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Globalinst_ok: `%|-%:%`(store, globalinst, globaltype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `mut?` : mut?, t : valtype, val : val}: + `%|-%:%`(s, {TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val}, `%%`_globaltype(mut?{mut <- `mut?`}, t)) + -- Globaltype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%`_globaltype(mut?{mut <- `mut?`}, t)) + -- Val_ok: `%|-%:%`(s, val, t) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Meminst_ok: `%|-%:%`(store, meminst, memtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, at : addrtype, n : n, m : m, `b*` : byte*}: + `%|-%:%`(s, {TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m)))), BYTES b*{b <- `b*`}}, `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))))) + -- Memtype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))))) + -- if (|b*{b <- `b*`}| = (n * (64 * $Ki))) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Tableinst_ok: `%|-%:%`(store, tableinst, tabletype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, at : addrtype, n : n, m : m, rt : reftype, `ref*` : ref*}: + `%|-%:%`(s, {TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt), REFS ref*{ref <- `ref*`}}, `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt)) + -- Tabletype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt)) + -- if (|ref*{ref <- `ref*`}| = n) + -- (Ref_ok: `%|-%:%`(s, ref, rt))*{ref <- `ref*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Funcinst_ok: `%|-%:%`(store, funcinst, deftype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, moduleinst : moduleinst, func : func, C : context, dt' : deftype}: + `%|-%:%`(s, {TYPE dt, MODULE moduleinst, CODE (func : func <: funccode)}, dt) + -- Deftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, dt) + -- Moduleinst_ok: `%|-%:%`(s, moduleinst, C) + -- Func_ok: `%|-%:%`(C, func, dt') + -- Deftype_sub: `%|-%<:%`(C, dt', dt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Structinst_ok: `%|-%:OK`(store, structinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, `fv*` : fieldval*, `mut?*` : mut?*, `zt*` : storagetype*}: + `%|-%:OK`(s, {TYPE dt, FIELDS fv*{fv <- `fv*`}}) + -- Expand: `%~~%`(dt, STRUCT_comptype(`%`_list(`%%`_fieldtype(mut?{mut <- `mut?`}, zt)*{`mut?` <- `mut?*`, zt <- `zt*`}))) + -- (Fieldval_ok: `%|-%:%`(s, fv, zt))*{fv <- `fv*`, zt <- `zt*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Arrayinst_ok: `%|-%:OK`(store, arrayinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, `fv*` : fieldval*, `mut?` : mut?, zt : storagetype}: + `%|-%:OK`(s, {TYPE dt, FIELDS fv*{fv <- `fv*`}}) + -- Expand: `%~~%`(dt, ARRAY_comptype(`%%`_fieldtype(mut?{mut <- `mut?`}, zt))) + -- (Fieldval_ok: `%|-%:%`(s, fv, zt))*{fv <- `fv*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Exninst_ok: `%|-%:OK`(store, exninst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, ta : tagaddr, `val*` : val*, dt : deftype, `t*` : valtype*}: + `%|-%:OK`(s, {TAG ta, FIELDS val*{val <- `val*`}}) + -- if ((dt : deftype <: typeuse) = s.TAGS_store[ta].TYPE_taginst) + -- Expand: `%~~%`(dt, `FUNC%->%`_comptype(`%`_resulttype(t*{t <- `t*`}), `%`_resulttype([]))) + -- (Val_ok: `%|-%:%`(s, val, t))*{t <- `t*`, val <- `val*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +rec { + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:205.1-205.50 +relation ImmReachable: `%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:217.1-220.33 + rule trans{fv_1 : fieldval, s : store, fv_2 : fieldval, fv' : fieldval}: + `%>>_%%`(fv_1, s, fv_2) + -- ImmReachable: `%>>_%%`(fv_1, s, fv') + -- ImmReachable: `%>>_%%`(fv', s, fv_2) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.20 + rule `ref.struct`{a : addr, s : store, i : nat, `ft*` : fieldtype*, zt : storagetype}: + `%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, s.STRUCTS_store[a].FIELDS_structinst[i]) + -- Expand: `%~~%`(s.STRUCTS_store[a].TYPE_structinst, STRUCT_comptype(`%`_list(ft*{ft <- `ft*`}))) + -- if (ft*{ft <- `ft*`}[i] = `%%`_fieldtype(?(), zt)) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-229.42 + rule `ref.array`{a : addr, s : store, i : nat, zt : storagetype}: + `%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, s.ARRAYS_store[a].FIELDS_arrayinst[i]) + -- Expand: `%~~%`(s.ARRAYS_store[a].TYPE_arrayinst, ARRAY_comptype(`%%`_fieldtype(?(), zt))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:231.1-232.44 + rule `ref.exn`{a : addr, s : store, i : nat}: + `%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, (s.EXNS_store[a].FIELDS_exninst[i] : val <: fieldval)) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:234.1-235.28 + rule `ref.extern`{ref : ref, s : store}: + `%>>_%%`(`REF.EXTERN`_fieldval(ref), s, (ref : ref <: fieldval)) +} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +def $NotImmReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false + -- ImmReachable: `%>>_%%`(fv_1, s, fv_2) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true + -- otherwise + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation NotImmReachable: `~%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{fv_1 : fieldval, s : store, fv_2 : fieldval}: + `~%>>_%%`(fv_1, s, fv_2) + -- if $NotImmReachable(fv_1, s, fv_2) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Store_ok: `|-%:OK`(store) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `taginst*` : taginst*, `tagtype*` : tagtype*, `globalinst*` : globalinst*, `globaltype*` : globaltype*, `meminst*` : meminst*, `memtype*` : memtype*, `tableinst*` : tableinst*, `tabletype*` : tabletype*, `deftype*` : deftype*, `funcinst*` : funcinst*, `datainst*` : datainst*, `datatype*` : datatype*, `eleminst*` : eleminst*, `elemtype*` : elemtype*, `structinst*` : structinst*, `arrayinst*` : arrayinst*, `exninst*` : exninst*}: + `|-%:OK`(s) + -- (Taginst_ok: `%|-%:%`(s, taginst, tagtype))*{taginst <- `taginst*`, tagtype <- `tagtype*`} + -- (Globalinst_ok: `%|-%:%`(s, globalinst, globaltype))*{globalinst <- `globalinst*`, globaltype <- `globaltype*`} + -- (Meminst_ok: `%|-%:%`(s, meminst, memtype))*{meminst <- `meminst*`, memtype <- `memtype*`} + -- (Tableinst_ok: `%|-%:%`(s, tableinst, tabletype))*{tableinst <- `tableinst*`, tabletype <- `tabletype*`} + -- (Funcinst_ok: `%|-%:%`(s, funcinst, deftype))*{deftype <- `deftype*`, funcinst <- `funcinst*`} + -- (Datainst_ok: `%|-%:%`(s, datainst, datatype))*{datainst <- `datainst*`, datatype <- `datatype*`} + -- (Eleminst_ok: `%|-%:%`(s, eleminst, elemtype))*{eleminst <- `eleminst*`, elemtype <- `elemtype*`} + -- (Structinst_ok: `%|-%:OK`(s, structinst))*{structinst <- `structinst*`} + -- (Arrayinst_ok: `%|-%:OK`(s, arrayinst))*{arrayinst <- `arrayinst*`} + -- (Exninst_ok: `%|-%:OK`(s, exninst))*{exninst <- `exninst*`} + -- (NotImmReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} + -- (NotImmReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} + -- (NotImmReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} + -- if (s = {TAGS taginst*{taginst <- `taginst*`}, GLOBALS globalinst*{globalinst <- `globalinst*`}, MEMS meminst*{meminst <- `meminst*`}, TABLES tableinst*{tableinst <- `tableinst*`}, FUNCS funcinst*{funcinst <- `funcinst*`}, DATAS datainst*{datainst <- `datainst*`}, ELEMS eleminst*{eleminst <- `eleminst*`}, STRUCTS structinst*{structinst <- `structinst*`}, ARRAYS arrayinst*{arrayinst <- `arrayinst*`}, EXNS exninst*{exninst <- `exninst*`}}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_taginst: `%<=%`(taginst, taginst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{jt : tagtype}: + `%<=%`({TYPE jt}, {TYPE jt}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_globalinst: `%<=%`(globalinst, globalinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{`mut?` : mut?, t : valtype, val : val, val' : val}: + `%<=%`({TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val}, {TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val'}) + -- if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (val = val')) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_meminst: `%<=%`(meminst, meminst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{at : addrtype, n : n, m : m, `b*` : byte*, n' : n, `b'*` : byte*}: + `%<=%`({TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m)))), BYTES b*{b <- `b*`}}, {TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n'), ?(`%`_u64(m)))), BYTES b'*{b' <- `b'*`}}) + -- if (n <= n') + -- if (|b*{b <- `b*`}| <= |b'*{b' <- `b'*`}|) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_tableinst: `%<=%`(tableinst, tableinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{at : addrtype, n : n, m : m, rt : reftype, `ref*` : ref*, n' : n, `ref'*` : ref*}: + `%<=%`({TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt), REFS ref*{ref <- `ref*`}}, {TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n'), ?(`%`_u64(m))), rt), REFS ref'*{ref' <- `ref'*`}}) + -- if (n <= n') + -- if (|ref*{ref <- `ref*`}| <= |ref'*{ref' <- `ref'*`}|) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_funcinst: `%<=%`(funcinst, funcinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, mm : moduleinst, fc : funccode}: + `%<=%`({TYPE dt, MODULE mm, CODE fc}, {TYPE dt, MODULE mm, CODE fc}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_datainst: `%<=%`(datainst, datainst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{`b*` : byte*, `b'*` : byte*}: + `%<=%`({BYTES b*{b <- `b*`}}, {BYTES b'*{b' <- `b'*`}}) + -- if ((b*{b <- `b*`} = b'*{b' <- `b'*`}) \/ (b'*{b' <- `b'*`} = [])) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_eleminst: `%<=%`(eleminst, eleminst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{rt : reftype, `ref*` : ref*, `ref'*` : ref*}: + `%<=%`({TYPE rt, REFS ref*{ref <- `ref*`}}, {TYPE rt, REFS ref'*{ref' <- `ref'*`}}) + -- if ((ref*{ref <- `ref*`} = ref'*{ref' <- `ref'*`}) \/ (ref'*{ref' <- `ref'*`} = [])) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_structinst: `%<=%`(structinst, structinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, `fv*` : fieldval*, `fv'*` : fieldval*, `mut?*` : mut?*, `zt*` : storagetype*}: + `%<=%`({TYPE dt, FIELDS fv*{fv <- `fv*`}}, {TYPE dt, FIELDS fv'*{fv' <- `fv'*`}}) + -- Expand: `%~~%`(dt, STRUCT_comptype(`%`_list(`%%`_fieldtype(mut?{mut <- `mut?`}, zt)*{`mut?` <- `mut?*`, zt <- `zt*`}))) + -- (if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (fv = fv')))*{fv <- `fv*`, fv' <- `fv'*`, `mut?` <- `mut?*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_arrayinst: `%<=%`(arrayinst, arrayinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, `fv*` : fieldval*, `fv'*` : fieldval*, `mut?` : mut?, zt : storagetype}: + `%<=%`({TYPE dt, FIELDS fv*{fv <- `fv*`}}, {TYPE dt, FIELDS fv'*{fv' <- `fv'*`}}) + -- Expand: `%~~%`(dt, ARRAY_comptype(`%%`_fieldtype(mut?{mut <- `mut?`}, zt))) + -- (if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (fv = fv')))*{fv <- `fv*`, fv' <- `fv'*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_exninst: `%<=%`(exninst, exninst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{ta : tagaddr, `val*` : val*}: + `%<=%`({TAG ta, FIELDS val*{val <- `val*`}}, {TAG ta, FIELDS val*{val <- `val*`}}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_store: `%<=%`(store, store) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, s' : store}: + `%<=%`(s, s') + -- (Extend_taginst: `%<=%`(s.TAGS_store[a], s'.TAGS_store[a]))^(a<|s.TAGS_store|){} + -- (Extend_globalinst: `%<=%`(s.GLOBALS_store[a], s'.GLOBALS_store[a]))^(a<|s.GLOBALS_store|){} + -- (Extend_meminst: `%<=%`(s.MEMS_store[a], s'.MEMS_store[a]))^(a<|s.MEMS_store|){} + -- (Extend_tableinst: `%<=%`(s.TABLES_store[a], s'.TABLES_store[a]))^(a<|s.TABLES_store|){} + -- (Extend_funcinst: `%<=%`(s.FUNCS_store[a], s'.FUNCS_store[a]))^(a<|s.FUNCS_store|){} + -- (Extend_datainst: `%<=%`(s.DATAS_store[a], s'.DATAS_store[a]))^(a<|s.DATAS_store|){} + -- (Extend_eleminst: `%<=%`(s.ELEMS_store[a], s'.ELEMS_store[a]))^(a<|s.ELEMS_store|){} + -- (Extend_structinst: `%<=%`(s.STRUCTS_store[a], s'.STRUCTS_store[a]))^(a<|s.STRUCTS_store|){} + -- (Extend_arrayinst: `%<=%`(s.ARRAYS_store[a], s'.ARRAYS_store[a]))^(a<|s.ARRAYS_store|){} + -- (Extend_exninst: `%<=%`(s.EXNS_store[a], s'.EXNS_store[a]))^(a<|s.EXNS_store|){} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation State_ok: `|-%:%`(state, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, f : frame, C : context}: + `|-%:%`(`%;%`_state(s, f), C) + -- Store_ok: `|-%:OK`(s) + -- Frame_ok: `%|-%:%`(s, f, C) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Config_ok: `|-%:OK`(config) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{z : state, `instr*` : instr*, C : context, `t*` : valtype*}: + `|-%:OK`(`%;%`_config(z, instr*{instr <- `instr*`})) + -- State_ok: `|-%:%`(z, C) + -- Expr_ok: `%|-%:%`(C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) + ;; ../../../../specification/wasm-latest/X.1-notation.syntax.spectec syntax A = nat From 3ccf58916d969ac4939a89d46e8157c913ab8b05 Mon Sep 17 00:00:00 2001 From: Andreas Rossberg Date: Fri, 27 Mar 2026 08:44:37 +0100 Subject: [PATCH 02/15] [spectec] Fix sideconditions pass --- document/core/Makefile | 2 +- spectec/src/backend-latex/render.ml | 2 + spectec/src/il/valid.ml | 2 +- spectec/src/middlend/sideconditions.ml | 11 + spectec/test-interpreter/TEST.md | 4 + spectec/test-latex/Makefile | 4 +- spectec/test-latex/TEST.md | 794 ++++++++++++- spectec/test-middlend/TEST.md | 1464 ++++++++++++++++++++++-- 8 files changed, 2155 insertions(+), 128 deletions(-) diff --git a/document/core/Makefile b/document/core/Makefile index 699c2b5c2e..e11e7894ec 100644 --- a/document/core/Makefile +++ b/document/core/Makefile @@ -352,7 +352,7 @@ latex: latexpdf: $(GENERATED) $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex @echo "Running LaTeX files through pdflatex..." - $(MAKE) -C $(BUILDDIR)/latex LATEXMKOPTS=" $(BUILDDIR)/latex/LOG 2>&1 || cat $(BUILDDIR)/latex/LOG + $(MAKE) -C $(BUILDDIR)/latex LATEXMKOPTS=" -file-line-error -halt-on-error" all-pdf >$(BUILDDIR)/latex/LOG 2>&1 || cat $(BUILDDIR)/latex/LOG @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." .PHONY: latexpdfja diff --git a/spectec/src/backend-latex/render.ml b/spectec/src/backend-latex/render.ml index ff455dae04..72bd922499 100644 --- a/spectec/src/backend-latex/render.ml +++ b/spectec/src/backend-latex/render.ml @@ -1084,6 +1084,8 @@ Printf.eprintf "[render_atom %s @ %s] id=%s def=%s macros: %s (%s)\n%!" | Sup -> "\\geq" | SqArrow | SqArrowSub -> "\\hookrightarrow" | SqArrowStar | SqArrowStarSub -> "\\hookrightarrow^\\ast" + | Prec | PrecSub -> "\\prec" + | Succ | SuccSub -> "\\succ" | Cat -> "\\oplus" | Bar -> "\\mid" | BigAnd -> "\\bigwedge" diff --git a/spectec/src/il/valid.ml b/spectec/src/il/valid.ml index 7a0fe7eb65..d115058333 100644 --- a/spectec/src/il/valid.ml +++ b/spectec/src/il/valid.ml @@ -193,7 +193,7 @@ and valid_iterexp ?(side = `Rhs) env (it, xes) at : iter * Env.t = (fun (it', _) -> il_iter it') ) @@ fun _ -> let env' = valid_iter ~side env it in - if xes = [] && it <= List1 && side = `Rhs then error at "empty iteration"; + if xes = [] && it <= List1 && side = `Rhs then error at "vacuous iteration"; let it' = match it with Opt -> Opt | _ -> List in it', List.fold_left (fun env' (x, e) -> diff --git a/spectec/src/middlend/sideconditions.ml b/spectec/src/middlend/sideconditions.ml index 5000d56768..e0238a885c 100644 --- a/spectec/src/middlend/sideconditions.ml +++ b/spectec/src/middlend/sideconditions.ml @@ -161,7 +161,18 @@ let rec implies prem1 prem2 = Il.Eq.eq_prem prem1 prem2 || | IterPr (prem2', _) -> implies prem1 prem2' | _ -> false +(* Remove empty premise iterators *) +let rec flatten_empty_iter prem = + match prem.it with + | IterPr (prem', iterexp) -> + let prem'' = flatten_empty_iter prem' in + (match iterexp with + | ((Opt | List | List1), []) -> prem'' + | _ -> IterPr (prem'', iterexp) $ prem.at) + | _ -> prem + let reduce_prems prems = prems + |> List.map flatten_empty_iter |> Util.Lib.List.filter_not is_true |> Util.Lib.List.nub implies diff --git a/spectec/test-interpreter/TEST.md b/spectec/test-interpreter/TEST.md index 1540225f42..eeda9ed40d 100644 --- a/spectec/test-interpreter/TEST.md +++ b/spectec/test-interpreter/TEST.md @@ -9,6 +9,7 @@ spectec 0.5 generator == Running pass sideconditions... == IL Validation after pass sideconditions... == Translating to AL... +../../../_specification/wasm-latest/7.1-soundness.configurations.spectec:211.62-211.76: translate_rulepr: Yet `(fv_1, s, fv_2)` == Initializing interpreter... == Interpreting... 42 @@ -21,6 +22,7 @@ spectec 0.5 generator == Running pass sideconditions... == IL Validation after pass sideconditions... == Translating to AL... +../../../_specification/wasm-latest/7.1-soundness.configurations.spectec:211.62-211.76: translate_rulepr: Yet `(fv_1, s, fv_2)` == Initializing interpreter... == Interpreting... 42 @@ -33,6 +35,7 @@ spectec 0.5 generator == Running pass sideconditions... == IL Validation after pass sideconditions... == Translating to AL... +../../../_specification/wasm-latest/7.1-soundness.configurations.spectec:211.62-211.76: translate_rulepr: Yet `(fv_1, s, fv_2)` == Initializing interpreter... == Interpreting... - print_i32: 10 @@ -113,6 +116,7 @@ spectec 0.5 generator == Running pass sideconditions... == IL Validation after pass sideconditions... == Translating to AL... +../../../_specification/wasm-3.0/7.1-soundness.configurations.spectec:211.62-211.76: translate_rulepr: Yet `(fv_1, s, fv_2)` == Initializing interpreter... == Interpreting... - print_i32: 83 diff --git a/spectec/test-latex/Makefile b/spectec/test-latex/Makefile index e08fa4dcf6..a227c0e578 100644 --- a/spectec/test-latex/Makefile +++ b/spectec/test-latex/Makefile @@ -48,7 +48,7 @@ $(GENOUTNAME)-%.tex: $(GENOUTNAME).tex $(GENOUTNAME)-%.pdf: $(GENOUTNAME)-%.tex $(EXE) $(GENINNAME)-%.tex ln -f $(GENINNAME)-$*.tex $(GENINNAME).tex - pdflatex $< + pdflatex -halt-on-error -file-line-error $< rm $(GENINNAME).tex test-test: $(TESTFILES:%.$(EXT)=test-%.pdf) @@ -59,7 +59,7 @@ test-%.tex: %.$(EXT) $(EXE) test-%.pdf: test-%.tex $(GENOUTNAME).tex ln -f $< $(GENINNAME).tex ln -f $(GENOUTNAME).tex $< - pdflatex $< + pdflatex -halt-on-error -file-line-error $< rm $(GENINNAME).tex $< diff --git a/spectec/test-latex/TEST.md b/spectec/test-latex/TEST.md index 07faa4f442..c5883e5c1e 100644 --- a/spectec/test-latex/TEST.md +++ b/spectec/test-latex/TEST.md @@ -4636,6 +4636,16 @@ C \vdash {\mathit{typeuse}} : \mathsf{ok} \end{array} $$ +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +}{ +C \vdash \mathsf{bot} : \mathsf{ok} +} \, {[\textsc{\scriptsize K{-}heap{-}bot}]} +\qquad +\end{array} +$$ + $$ \begin{array}{@{}c@{}}\displaystyle \frac{ @@ -7326,7 +7336,7 @@ $$ $$ \begin{array}{@{}c@{}}\displaystyle \frac{ -C \vdash {{\mathit{instr}}^\ast} : \epsilon \rightarrow_{\epsilon} {t^\ast} +C \vdash {{\mathit{instr}}^\ast} : \epsilon \rightarrow {t^\ast} }{ C \vdash {{\mathit{instr}}^\ast} : {t^\ast} } \, {[\textsc{\scriptsize T{-}expr}]} @@ -9536,6 +9546,44 @@ $$ \vspace{1ex} +$\boxed{{\mathit{store}} \vdash {\mathit{packval}} : {\mathit{packtype}}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{fieldval}} : {\mathit{storagetype}}}$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +}{ +s \vdash {\mathit{pt}}{.}\mathsf{pack}~c : {\mathit{pt}} +} \, {[\textsc{\scriptsize Packval\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s \vdash {\mathit{val}} : t +}{ +s \vdash {\mathit{val}} : t +} \, {[\textsc{\scriptsize Fieldval\_ok{-}val}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s \vdash {\mathit{packval}} : {\mathit{pt}} +}{ +s \vdash {\mathit{packval}} : {\mathit{pt}} +} \, {[\textsc{\scriptsize Fieldval\_ok{-}packval}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + $\boxed{{\mathit{store}} \vdash {\mathit{externaddr}} : {\mathit{externtype}}}$ $$ @@ -13967,6 +14015,750 @@ $$ \end{array} $$ +$\boxed{{\mathit{store}} ; {\mathit{context}} \vdash {\mathit{instr}} : {\mathit{instrtype}}}$ + +$\boxed{{\mathit{store}} ; {\mathit{context}} \vdash {{\mathit{instr}}^\ast} : {\mathit{instrtype}}}$ + +$\boxed{{\mathit{store}} ; {\mathit{context}} \vdash {\mathit{expr}} : {\mathit{resulttype}}}$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +C \vdash {\mathit{instr}} : {t_1^\ast} \rightarrow_{{x^\ast}} {t_2^\ast} +}{ +s ; C \vdash {\mathit{instr}} : {t_1^\ast} \rightarrow_{{x^\ast}} {t_2^\ast} +} \, {[\textsc{\scriptsize Instr\_ok2{-}plain}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s \vdash {\mathit{ref}} : {\mathit{rt}} +}{ +s ; C \vdash {\mathit{ref}} : \epsilon \rightarrow {\mathit{rt}} +} \, {[\textsc{\scriptsize Instr\_ok2{-}ref}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s ; C \vdash {{\mathit{instr}'}^\ast} : {{t'}^{n}} \rightarrow_{{{x'}^\ast}} {t^\ast} + \qquad +s ; \{ \mathsf{labels}~{({t'})^{n}} \} \oplus C \vdash {{\mathit{instr}}^\ast} : \epsilon \rightarrow_{{x^\ast}} {t^\ast} +}{ +s ; C \vdash {{\mathsf{label}}_{n}}{\{ {{\mathit{instr}'}^\ast} \}}~{{\mathit{instr}}^\ast} : \epsilon \rightarrow {t^\ast} +} \, {[\textsc{\scriptsize Instr\_ok2{-}label}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s \vdash f : {C'} + \qquad +s ; {C'} \vdash {{\mathit{instr}}^\ast} : {t^{n}} +}{ +s ; C \vdash {{\mathsf{frame}}_{n}}{\{ f \}}~{{\mathit{instr}}^\ast} : \epsilon \rightarrow {t^{n}} +} \, {[\textsc{\scriptsize Instr\_ok2{-}frame}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +(C \vdash {\mathit{catch}} : \mathsf{ok})^\ast + \qquad +s ; C \vdash {{\mathit{instr}}^\ast} : {t_1^\ast} \rightarrow_{{x^\ast}} {t_2^\ast} +}{ +s ; C \vdash {{\mathsf{handler}}_{n}}{\{ {{\mathit{catch}}^\ast} \}}~{{\mathit{instr}}^\ast} : {t_1^\ast} \rightarrow {t_2^\ast} +} \, {[\textsc{\scriptsize Instr\_ok2{-}handler}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +C \vdash {t_1^\ast} \rightarrow {t_2^\ast} : \mathsf{ok} +}{ +s ; C \vdash \mathsf{trap} : {t_1^\ast} \rightarrow {t_2^\ast} +} \, {[\textsc{\scriptsize Instr\_ok2{-}trap}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +}{ +s ; C \vdash \epsilon : \epsilon \rightarrow \epsilon +} \, {[\textsc{\scriptsize Instrs\_ok2{-}empty}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s ; C \vdash {\mathit{instr}}_1 : {t_1^\ast} \rightarrow_{{x_1^\ast}} {t_2^\ast} + \qquad +(C{.}\mathsf{locals}{}[x_1] = {\mathit{init}}~t)^\ast + \qquad +s ; C{}[{.}\mathsf{local}{}[{x_1^\ast}] = {(\mathsf{set}~t)^\ast}] \vdash {{\mathit{instr}}_2^\ast} : {t_2^\ast} \rightarrow_{{x_2^\ast}} {t_3^\ast} +}{ +s ; C \vdash {\mathit{instr}}_1~{{\mathit{instr}}_2^\ast} : {t_1^\ast} \rightarrow_{{x_1^\ast}~{x_2^\ast}} {t_3^\ast} +} \, {[\textsc{\scriptsize Instrs\_ok2{-}seq}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s ; C \vdash {{\mathit{instr}}^\ast} : {\mathit{it}} + \qquad +C \vdash {\mathit{it}} \leq {\mathit{it}'} + \qquad +C \vdash {\mathit{it}'} : \mathsf{ok} +}{ +s ; C \vdash {{\mathit{instr}}^\ast} : {\mathit{it}'} +} \, {[\textsc{\scriptsize Instrs\_ok2{-}sub}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s ; C \vdash {{\mathit{instr}}^\ast} : {t_1^\ast} \rightarrow_{{x^\ast}} {t_2^\ast} + \qquad +C \vdash {t^\ast} : \mathsf{ok} +}{ +s ; C \vdash {{\mathit{instr}}^\ast} : ({t^\ast}~{t_1^\ast}) \rightarrow_{{x^\ast}} ({t^\ast}~{t_2^\ast}) +} \, {[\textsc{\scriptsize Instrs\_ok2{-}frame}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s ; C \vdash {{\mathit{instr}}^\ast} : \epsilon \rightarrow {t^\ast} +}{ +s ; C \vdash {{\mathit{instr}}^\ast} : {t^\ast} +} \, {[\textsc{\scriptsize Expr\_ok2}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + +$\boxed{{\mathit{store}} \vdash {\mathit{taginst}} : {\mathit{tagtype}}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{globalinst}} : {\mathit{globaltype}}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{meminst}} : {\mathit{memtype}}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{tableinst}} : {\mathit{tabletype}}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{funcinst}} : {\mathit{deftype}}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{datainst}} : {\mathit{datatype}}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{eleminst}} : {\mathit{elemtype}}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{exportinst}} : \mathsf{ok}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{structinst}} : \mathsf{ok}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{arrayinst}} : \mathsf{ok}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{exninst}} : \mathsf{ok}}$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +\{ \} \vdash {\mathit{jt}} : \mathsf{ok} +}{ +s \vdash \{ \mathsf{type}~{\mathit{jt}} \} : {\mathit{jt}} +} \, {[\textsc{\scriptsize Taginst\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +\{ \} \vdash {\mathsf{mut}^?}~t : \mathsf{ok} + \qquad +s \vdash {\mathit{val}} : t +}{ +s \vdash \{ \mathsf{type}~{\mathsf{mut}^?}~t,\;\allowbreak \mathsf{value}~{\mathit{val}} \} : {\mathsf{mut}^?}~t +} \, {[\textsc{\scriptsize Globalinst\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +\{ \} \vdash {\mathit{at}}~{}[ n .. m ]~\mathsf{page} : \mathsf{ok} + \qquad +{|{b^\ast}|} = n \cdot 64 \, {\mathrm{Ki}} +}{ +s \vdash \{ \mathsf{type}~{\mathit{at}}~{}[ n .. m ]~\mathsf{page},\;\allowbreak \mathsf{bytes}~{b^\ast} \} : {\mathit{at}}~{}[ n .. m ]~\mathsf{page} +} \, {[\textsc{\scriptsize Meminst\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +\{ \} \vdash {\mathit{at}}~{}[ n .. m ]~{\mathit{rt}} : \mathsf{ok} + \qquad +{|{{\mathit{ref}}^\ast}|} = n + \qquad +(s \vdash {\mathit{ref}} : {\mathit{rt}})^\ast +}{ +s \vdash \{ \mathsf{type}~{\mathit{at}}~{}[ n .. m ]~{\mathit{rt}},\;\allowbreak \mathsf{refs}~{{\mathit{ref}}^\ast} \} : {\mathit{at}}~{}[ n .. m ]~{\mathit{rt}} +} \, {[\textsc{\scriptsize Tableinst\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +\begin{array}{@{}c@{}} +\{ \} \vdash {\mathit{dt}} : \mathsf{ok} + \qquad +s \vdash {\mathit{moduleinst}} : C + \\ +C \vdash {\mathit{func}} : {\mathit{dt}'} + \qquad +C \vdash {\mathit{dt}'} \leq {\mathit{dt}} +\end{array} +}{ +s \vdash \{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{module}~{\mathit{moduleinst}},\;\allowbreak \mathsf{code}~{\mathit{func}} \} : {\mathit{dt}} +} \, {[\textsc{\scriptsize Funcinst\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +}{ +s \vdash \{ \mathsf{bytes}~{b^\ast} \} : \mathsf{ok} +} \, {[\textsc{\scriptsize Datainst\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +\{ \} \vdash {\mathit{rt}} : \mathsf{ok} + \qquad +(s \vdash {\mathit{ref}} : {\mathit{rt}})^\ast +}{ +s \vdash \{ \mathsf{type}~{\mathit{rt}},\;\allowbreak \mathsf{refs}~{{\mathit{ref}}^\ast} \} : {\mathit{rt}} +} \, {[\textsc{\scriptsize Eleminst\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s \vdash {\mathit{xa}} : {\mathit{xt}} +}{ +s \vdash \{ \mathsf{name}~{\mathit{nm}},\;\allowbreak \mathsf{addr}~{\mathit{xa}} \} : \mathsf{ok} +} \, {[\textsc{\scriptsize Exportinst\_ok}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{\mathit{dt}} \approx \mathsf{struct}~{({\mathsf{mut}^?}~{\mathit{zt}})^\ast} + \qquad +(s \vdash {\mathit{fv}} : {\mathit{zt}})^\ast +}{ +s \vdash \{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{fields}~{{\mathit{fv}}^\ast} \} : \mathsf{ok} +} \, {[\textsc{\scriptsize Structinst\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{\mathit{dt}} \approx \mathsf{array}~({\mathsf{mut}^?}~{\mathit{zt}}) + \qquad +(s \vdash {\mathit{fv}} : {\mathit{zt}})^\ast +}{ +s \vdash \{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{fields}~{{\mathit{fv}}^\ast} \} : \mathsf{ok} +} \, {[\textsc{\scriptsize Arrayinst\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{\mathit{dt}} = s{.}\mathsf{tags}{}[{\mathit{ta}}]{.}\mathsf{type} + \qquad +{\mathit{dt}} \approx \mathsf{func}~{t^\ast} \rightarrow \epsilon + \qquad +(s \vdash {\mathit{val}} : t)^\ast +}{ +s \vdash \{ \mathsf{tag}~{\mathit{ta}},\;\allowbreak \mathsf{fields}~{{\mathit{val}}^\ast} \} : \mathsf{ok} +} \, {[\textsc{\scriptsize Exninst\_ok}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + +$\boxed{{\mathit{store}} \vdash {\mathit{moduleinst}} : {\mathit{context}}}$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +\begin{array}{@{}c@{}} +(\{ \} \vdash {\mathit{deftype}} : \mathsf{ok})^\ast + \qquad +(s \vdash \mathsf{tag}~{\mathit{tagaddr}} : \mathsf{tag}~{\mathit{tagtype}})^\ast + \\ +(s \vdash \mathsf{global}~{\mathit{globaladdr}} : \mathsf{global}~{\mathit{globaltype}})^\ast + \qquad +(s \vdash \mathsf{func}~{\mathit{funcaddr}} : \mathsf{func}~{\mathit{deftype}}_{\mathsf{f}})^\ast + \\ +(s \vdash \mathsf{mem}~{\mathit{memaddr}} : \mathsf{mem}~{\mathit{memtype}})^\ast + \qquad +(s \vdash \mathsf{table}~{\mathit{tableaddr}} : \mathsf{table}~{\mathit{tabletype}})^\ast + \\ +(s \vdash s{.}\mathsf{datas}{}[{\mathit{dataaddr}}] : {\mathit{datatype}})^\ast + \qquad +(s \vdash s{.}\mathsf{elems}{}[{\mathit{elemaddr}}] : {\mathit{elemtype}})^\ast + \\ +(s \vdash {\mathit{exportinst}} : \mathsf{ok})^\ast + \qquad +{({\mathit{exportinst}}{.}\mathsf{name})^\ast}~{\mathrm{disjoint}} + \\ +({\mathit{exportinst}}{.}\mathsf{addr} \in {(\mathsf{tag}~{\mathit{tagaddr}})^\ast}~{(\mathsf{global}~{\mathit{globaladdr}})^\ast}~{(\mathsf{mem}~{\mathit{memaddr}})^\ast}~{(\mathsf{table}~{\mathit{tableaddr}})^\ast}~{(\mathsf{func}~{\mathit{funcaddr}})^\ast})^\ast +\end{array} +}{ +s \vdash \{ \begin{array}[t]{@{}l@{}} +\mathsf{types}~{{\mathit{deftype}}^\ast},\; \\ + \mathsf{tags}~{{\mathit{tagaddr}}^\ast},\; \\ + \mathsf{globals}~{{\mathit{globaladdr}}^\ast},\; \\ + \mathsf{mems}~{{\mathit{memaddr}}^\ast},\; \\ + \mathsf{tables}~{{\mathit{tableaddr}}^\ast},\; \\ + \mathsf{funcs}~{{\mathit{funcaddr}}^\ast},\; \\ + \mathsf{datas}~{{\mathit{dataaddr}}^\ast},\; \\ + \mathsf{elems}~{{\mathit{elemaddr}}^\ast},\; \\ + \mathsf{exports}~{{\mathit{exportinst}}^\ast} \}\end{array} : \{ \begin{array}[t]{@{}l@{}} +\mathsf{types}~{{\mathit{deftype}}^\ast},\; \\ + \mathsf{recs}~{{\mathit{subtype}}^\ast},\; \\ + \mathsf{tags}~{{\mathit{tagtype}}^\ast},\; \\ + \mathsf{globals}~{{\mathit{globaltype}}^\ast},\; \\ + \mathsf{mems}~{{\mathit{memtype}}^\ast},\; \\ + \mathsf{tables}~{{\mathit{tabletype}}^\ast},\; \\ + \mathsf{funcs}~{{\mathit{deftype}}_{\mathsf{f}}^\ast},\; \\ + \mathsf{datas}~{{\mathit{datatype}}^\ast},\; \\ + \mathsf{elems}~{{\mathit{elemtype}}^\ast},\; \\ + \mathsf{refs}~{(i)^{i<{|{{\mathit{funcaddr}}^\ast}|}}} \}\end{array} +} \, {[\textsc{\scriptsize Moduleinst\_ok}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + +$\boxed{{\vdash}\, {\mathit{store}} : \mathsf{ok}}$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +\begin{array}{@{}c@{}} +(s \vdash {\mathit{taginst}} : {\mathit{tagtype}})^\ast + \qquad +(s \vdash {\mathit{globalinst}} : {\mathit{globaltype}})^\ast + \\ +(s \vdash {\mathit{meminst}} : {\mathit{memtype}})^\ast + \qquad +(s \vdash {\mathit{tableinst}} : {\mathit{tabletype}})^\ast + \\ +(s \vdash {\mathit{funcinst}} : {\mathit{deftype}})^\ast + \qquad +(s \vdash {\mathit{datainst}} : {\mathit{datatype}})^\ast + \qquad +(s \vdash {\mathit{eleminst}} : {\mathit{elemtype}})^\ast + \\ +(s \vdash {\mathit{structinst}} : \mathsf{ok})^\ast + \qquad +(s \vdash {\mathit{arrayinst}} : \mathsf{ok})^\ast + \qquad +(s \vdash {\mathit{exninst}} : \mathsf{ok})^\ast + \\ +(\neg~(\mathsf{ref{.}struct}~a) \succ_{s} (\mathsf{ref{.}struct}~a))^{a<{|{{\mathit{structinst}}^\ast}|}} + \qquad +(\neg~(\mathsf{ref{.}array}~a) \succ_{s} (\mathsf{ref{.}array}~a))^{a<{|{{\mathit{arrayinst}}^\ast}|}} + \qquad +(\neg~(\mathsf{ref{.}exn}~a) \succ_{s} (\mathsf{ref{.}exn}~a))^{a<{|{{\mathit{exninst}}^\ast}|}} + \\ +s = \{ \begin{array}[t]{@{}l@{}} +\mathsf{tags}~{{\mathit{taginst}}^\ast},\; \mathsf{globals}~{{\mathit{globalinst}}^\ast},\; \mathsf{mems}~{{\mathit{meminst}}^\ast},\; \mathsf{tables}~{{\mathit{tableinst}}^\ast},\; \mathsf{funcs}~{{\mathit{funcinst}}^\ast},\; \\ + \mathsf{datas}~{{\mathit{datainst}}^\ast},\; \mathsf{elems}~{{\mathit{eleminst}}^\ast},\; \mathsf{structs}~{{\mathit{structinst}}^\ast},\; \mathsf{arrays}~{{\mathit{arrayinst}}^\ast},\; \mathsf{exns}~{{\mathit{exninst}}^\ast} \}\end{array} +\end{array} +}{ +{\vdash}\, s : \mathsf{ok} +} \, {[\textsc{\scriptsize Store\_ok}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + +$\boxed{{\mathit{fieldval}} \succ_{{\mathit{store}}} {\mathit{fieldval}}}$ + +$\boxed{\neg~{\mathit{fieldval}} \succ_{{\mathit{store}}} {\mathit{fieldval}}}$ + +$$ +\begin{array}[t]{@{}lcl@{}l@{}} +{\mathrm{NotImmReachable}}({\mathit{fv}}_1, s, {\mathit{fv}}_2) & = & \mathsf{false} & \quad \mbox{if}~ {\mathit{fv}}_1 \succ_{s} {\mathit{fv}}_2 \\ +{\mathrm{NotImmReachable}}({\mathit{fv}}_1, s, {\mathit{fv}}_2) & = & \mathsf{true} & \quad \mbox{otherwise} \\ +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{\mathrm{NotImmReachable}}({\mathit{fv}}_1, s, {\mathit{fv}}_2) +}{ +\neg~{\mathit{fv}}_1 \succ_{s} {\mathit{fv}}_2 +} \, {[\textsc{\scriptsize NotImmReachable}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{\mathit{fv}}_1 \succ_{s} {\mathit{fv}'} + \qquad +{\mathit{fv}'} \succ_{s} {\mathit{fv}}_2 +}{ +{\mathit{fv}}_1 \succ_{s} {\mathit{fv}}_2 +} \, {[\textsc{\scriptsize ImmReachable{-}trans}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s{.}\mathsf{structs}{}[a]{.}\mathsf{type} \approx \mathsf{struct}~{{\mathit{ft}}^\ast} + \qquad +{{\mathit{ft}}^\ast}{}[i] = {\mathit{zt}} +}{ +(\mathsf{ref{.}struct}~a) \succ_{s} s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i] +} \, {[\textsc{\scriptsize ImmReachable{-}ref.struct}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s{.}\mathsf{arrays}{}[a]{.}\mathsf{type} \approx \mathsf{array}~{\mathit{zt}} +}{ +(\mathsf{ref{.}array}~a) \succ_{s} s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i] +} \, {[\textsc{\scriptsize ImmReachable{-}ref.array}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +}{ +(\mathsf{ref{.}exn}~a) \succ_{s} s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i] +} \, {[\textsc{\scriptsize ImmReachable{-}ref.exn}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +}{ +(\mathsf{ref{.}extern}~{\mathit{ref}}) \succ_{s} {\mathit{ref}} +} \, {[\textsc{\scriptsize ImmReachable{-}ref.extern}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + +$\boxed{{\mathit{taginst}}~\leq~{\mathit{taginst}}}$ + +$\boxed{{\mathit{globalinst}}~\leq~{\mathit{globalinst}}}$ + +$\boxed{{\mathit{meminst}}~\leq~{\mathit{meminst}}}$ + +$\boxed{{\mathit{tableinst}}~\leq~{\mathit{tableinst}}}$ + +$\boxed{{\mathit{funcinst}}~\leq~{\mathit{funcinst}}}$ + +$\boxed{{\mathit{datainst}}~\leq~{\mathit{datainst}}}$ + +$\boxed{{\mathit{eleminst}}~\leq~{\mathit{eleminst}}}$ + +$\boxed{{\mathit{structinst}}~\leq~{\mathit{structinst}}}$ + +$\boxed{{\mathit{arrayinst}}~\leq~{\mathit{arrayinst}}}$ + +$\boxed{{\mathit{exninst}}~\leq~{\mathit{exninst}}}$ + +$\boxed{{\mathit{store}}~\leq~{\mathit{store}}}$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +}{ +\{ \mathsf{type}~{\mathit{jt}} \}~\leq~\{ \mathsf{type}~{\mathit{jt}} \} +} \, {[\textsc{\scriptsize Extend\_taginst}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{\mathsf{mut}^?} = \mathsf{mut} \lor {\mathit{val}} = {\mathit{val}'} +}{ +\{ \mathsf{type}~{\mathsf{mut}^?}~t,\;\allowbreak \mathsf{value}~{\mathit{val}} \}~\leq~\{ \mathsf{type}~{\mathsf{mut}^?}~t,\;\allowbreak \mathsf{value}~{\mathit{val}'} \} +} \, {[\textsc{\scriptsize Extend\_globalinst}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +n \leq {n'} + \qquad +{|{b^\ast}|} \leq {|{{b'}^\ast}|} +}{ +\{ \mathsf{type}~{\mathit{at}}~{}[ n .. m ]~\mathsf{page},\;\allowbreak \mathsf{bytes}~{b^\ast} \}~\leq~\{ \mathsf{type}~{\mathit{at}}~{}[ {n'} .. m ]~\mathsf{page},\;\allowbreak \mathsf{bytes}~{{b'}^\ast} \} +} \, {[\textsc{\scriptsize Extend\_meminst}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +n \leq {n'} + \qquad +{|{{\mathit{ref}}^\ast}|} \leq {|{{\mathit{ref}'}^\ast}|} +}{ +\{ \mathsf{type}~{\mathit{at}}~{}[ n .. m ]~{\mathit{rt}},\;\allowbreak \mathsf{refs}~{{\mathit{ref}}^\ast} \}~\leq~\{ \mathsf{type}~{\mathit{at}}~{}[ {n'} .. m ]~{\mathit{rt}},\;\allowbreak \mathsf{refs}~{{\mathit{ref}'}^\ast} \} +} \, {[\textsc{\scriptsize Extend\_tableinst}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +}{ +\{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{module}~{\mathit{mm}},\;\allowbreak \mathsf{code}~{\mathit{fc}} \}~\leq~\{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{module}~{\mathit{mm}},\;\allowbreak \mathsf{code}~{\mathit{fc}} \} +} \, {[\textsc{\scriptsize Extend\_funcinst}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{b^\ast} = {{b'}^\ast} \lor {{b'}^\ast} = \epsilon +}{ +\{ \mathsf{bytes}~{b^\ast} \}~\leq~\{ \mathsf{bytes}~{{b'}^\ast} \} +} \, {[\textsc{\scriptsize Extend\_datainst}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{{\mathit{ref}}^\ast} = {{\mathit{ref}'}^\ast} \lor {{\mathit{ref}'}^\ast} = \epsilon +}{ +\{ \mathsf{type}~{\mathit{rt}},\;\allowbreak \mathsf{refs}~{{\mathit{ref}}^\ast} \}~\leq~\{ \mathsf{type}~{\mathit{rt}},\;\allowbreak \mathsf{refs}~{{\mathit{ref}'}^\ast} \} +} \, {[\textsc{\scriptsize Extend\_eleminst}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{\mathit{dt}} \approx \mathsf{struct}~{({\mathsf{mut}^?}~{\mathit{zt}})^\ast} + \qquad +({\mathsf{mut}^?} = \mathsf{mut} \lor {\mathit{fv}} = {\mathit{fv}'})^\ast +}{ +\{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{fields}~{{\mathit{fv}}^\ast} \}~\leq~\{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{fields}~{{\mathit{fv}'}^\ast} \} +} \, {[\textsc{\scriptsize Extend\_structinst}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{\mathit{dt}} \approx \mathsf{array}~({\mathsf{mut}^?}~{\mathit{zt}}) + \qquad +({\mathsf{mut}^?} = \mathsf{mut} \lor {\mathit{fv}} = {\mathit{fv}'})^\ast +}{ +\{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{fields}~{{\mathit{fv}}^\ast} \}~\leq~\{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{fields}~{{\mathit{fv}'}^\ast} \} +} \, {[\textsc{\scriptsize Extend\_arrayinst}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +}{ +\{ \mathsf{tag}~{\mathit{ta}},\;\allowbreak \mathsf{fields}~{{\mathit{val}}^\ast} \}~\leq~\{ \mathsf{tag}~{\mathit{ta}},\;\allowbreak \mathsf{fields}~{{\mathit{val}}^\ast} \} +} \, {[\textsc{\scriptsize Extend\_exninst}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +\begin{array}{@{}c@{}} +(s{.}\mathsf{tags}{}[a]~\leq~{s'}{.}\mathsf{tags}{}[a])^{a<{|s{.}\mathsf{tags}|}} + \qquad +(s{.}\mathsf{globals}{}[a]~\leq~{s'}{.}\mathsf{globals}{}[a])^{a<{|s{.}\mathsf{globals}|}} + \\ +(s{.}\mathsf{mems}{}[a]~\leq~{s'}{.}\mathsf{mems}{}[a])^{a<{|s{.}\mathsf{mems}|}} + \qquad +(s{.}\mathsf{tables}{}[a]~\leq~{s'}{.}\mathsf{tables}{}[a])^{a<{|s{.}\mathsf{tables}|}} + \\ +(s{.}\mathsf{funcs}{}[a]~\leq~{s'}{.}\mathsf{funcs}{}[a])^{a<{|s{.}\mathsf{funcs}|}} + \qquad +(s{.}\mathsf{datas}{}[a]~\leq~{s'}{.}\mathsf{datas}{}[a])^{a<{|s{.}\mathsf{datas}|}} + \\ +(s{.}\mathsf{elems}{}[a]~\leq~{s'}{.}\mathsf{elems}{}[a])^{a<{|s{.}\mathsf{elems}|}} + \qquad +(s{.}\mathsf{structs}{}[a]~\leq~{s'}{.}\mathsf{structs}{}[a])^{a<{|s{.}\mathsf{structs}|}} + \\ +(s{.}\mathsf{arrays}{}[a]~\leq~{s'}{.}\mathsf{arrays}{}[a])^{a<{|s{.}\mathsf{arrays}|}} + \qquad +(s{.}\mathsf{exns}{}[a]~\leq~{s'}{.}\mathsf{exns}{}[a])^{a<{|s{.}\mathsf{exns}|}} +\end{array} +}{ +s~\leq~{s'} +} \, {[\textsc{\scriptsize Extend\_store}]} +\qquad +\end{array} +$$ + +\vspace{1ex} + +$\boxed{{\mathit{store}} \vdash {{\mathit{val}}^?} : {\mathit{localtype}}}$ + +$\boxed{{\mathit{store}} \vdash {\mathit{frame}} : {\mathit{context}}}$ + +$\boxed{{\vdash}\, {\mathit{state}} : {\mathit{context}}}$ + +$\boxed{{\vdash}\, {\mathit{config}} : \mathsf{ok}}$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s \vdash {\mathit{val}} : t +}{ +s \vdash {\mathit{val}} : \mathsf{set}~t +} \, {[\textsc{\scriptsize Localval\_ok{-}set}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +}{ +s \vdash \epsilon : \mathsf{unset}~\mathsf{bot} +} \, {[\textsc{\scriptsize Localval\_ok{-}unset}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +s \vdash {\mathit{moduleinst}} : C + \qquad +(s \vdash {{\mathit{val}}^?} : {{\mathit{lt}}})^\ast +}{ +s \vdash \{ \mathsf{locals}~{({{\mathit{val}}^?})^\ast},\;\allowbreak \mathsf{module}~{\mathit{moduleinst}} \} : C \oplus \{ \mathsf{locals}~{{{\mathit{lt}}}^\ast} \} +} \, {[\textsc{\scriptsize Frame\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{\vdash}\, s : \mathsf{ok} + \qquad +s \vdash f : C +}{ +{\vdash}\, s ; f : C +} \, {[\textsc{\scriptsize State\_ok}]} +\qquad +\end{array} +$$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +{\vdash}\, z : C + \qquad +C \vdash {{\mathit{instr}}^\ast} : {t^\ast} +}{ +{\vdash}\, z ; {{\mathit{instr}}^\ast} : \mathsf{ok} +} \, {[\textsc{\scriptsize Config\_ok}]} +\qquad +\end{array} +$$ + \vspace{1ex} $$ diff --git a/spectec/test-middlend/TEST.md b/spectec/test-middlend/TEST.md index 52de5c986f..61300662d5 100644 --- a/spectec/test-middlend/TEST.md +++ b/spectec/test-middlend/TEST.md @@ -2782,98 +2782,102 @@ relation Heaptype_ok: `%|-%:OK`(context, heaptype) `%|-%:OK`(C, (typeuse : typeuse <: heaptype)) -- Typeuse_ok: `%|-%:OK`(C, typeuse) + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:27.1-28.16 + rule bot{C : context}: + `%|-%:OK`(C, BOT_heaptype) + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:10.1-10.91 relation Reftype_ok: `%|-%:OK`(context, reftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:27.1-29.37 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:30.1-32.37 rule _{C : context, heaptype : heaptype}: `%|-%:OK`(C, REF_reftype(NULL_null?{}, heaptype)) -- Heaptype_ok: `%|-%:OK`(C, heaptype) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:11.1-11.91 relation Valtype_ok: `%|-%:OK`(context, valtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:31.1-33.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:34.1-36.35 rule num{C : context, numtype : numtype}: `%|-%:OK`(C, (numtype : numtype <: valtype)) -- Numtype_ok: `%|-%:OK`(C, numtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:35.1-37.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:38.1-40.35 rule vec{C : context, vectype : vectype}: `%|-%:OK`(C, (vectype : vectype <: valtype)) -- Vectype_ok: `%|-%:OK`(C, vectype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:39.1-41.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:42.1-44.35 rule ref{C : context, reftype : reftype}: `%|-%:OK`(C, (reftype : reftype <: valtype)) -- Reftype_ok: `%|-%:OK`(C, reftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:43.1-44.16 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:46.1-47.16 rule bot{C : context}: `%|-%:OK`(C, BOT_valtype) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:12.1-12.94 relation Typeuse_ok: `%|-%:OK`(context, typeuse) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:99.1-101.30 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:102.1-104.30 rule typeidx{C : context, typeidx : typeidx, dt : deftype}: `%|-%:OK`(C, _IDX_typeuse(typeidx)) -- if (C.TYPES_context[typeidx!`%`_typeidx.0] = dt) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:103.1-105.23 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:106.1-108.23 rule rec{C : context, i : n, st : subtype}: `%|-%:OK`(C, REC_typeuse(i)) -- if (C.RECS_context[i] = st) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:107.1-109.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:110.1-112.35 rule deftype{C : context, deftype : deftype}: `%|-%:OK`(C, (deftype : deftype <: typeuse)) -- Deftype_ok: `%|-%:OK`(C, deftype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:49.1-49.100 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:52.1-52.100 relation Resulttype_ok: `%|-%:OK`(context, resulttype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:52.1-54.32 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:55.1-57.32 rule _{C : context, `t*` : valtype*}: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) -- (Valtype_ok: `%|-%:OK`(C, t))*{t <- `t*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:85.1-85.104 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:88.1-88.104 relation Fieldtype_ok: `%|-%:OK`(context, fieldtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:123.1-125.43 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:126.1-128.43 rule _{C : context, storagetype : storagetype}: `%|-%:OK`(C, `%%`_fieldtype(MUT_mut?{}, storagetype)) -- Storagetype_ok: `%|-%:OK`(C, storagetype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:86.1-86.106 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:89.1-89.106 relation Storagetype_ok: `%|-%:OK`(context, storagetype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:115.1-117.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:118.1-120.35 rule val{C : context, valtype : valtype}: `%|-%:OK`(C, (valtype : valtype <: storagetype)) -- Valtype_ok: `%|-%:OK`(C, valtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:119.1-121.37 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:122.1-124.37 rule pack{C : context, packtype : packtype}: `%|-%:OK`(C, (packtype : packtype <: storagetype)) -- Packtype_ok: `%|-%:OK`(C, packtype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:87.1-87.103 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:90.1-90.103 relation Comptype_ok: `%|-%:OK`(context, comptype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:128.1-130.42 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:131.1-133.42 rule struct{C : context, `fieldtype*` : fieldtype*}: `%|-%:OK`(C, STRUCT_comptype(`%`_list(fieldtype*{fieldtype <- `fieldtype*`}))) -- (Fieldtype_ok: `%|-%:OK`(C, fieldtype))*{fieldtype <- `fieldtype*`} - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:132.1-134.39 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:135.1-137.39 rule array{C : context, fieldtype : fieldtype}: `%|-%:OK`(C, ARRAY_comptype(fieldtype)) -- Fieldtype_ok: `%|-%:OK`(C, fieldtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:136.1-139.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:139.1-142.35 rule func{C : context, `t_1*` : valtype*, `t_2*` : valtype*}: `%|-%:OK`(C, `FUNC%->%`_comptype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t_1*{t_1 <- `t_1*`})) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t_2*{t_2 <- `t_2*`})) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:88.1-88.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:91.1-91.126 relation Subtype_ok: `%|-%:%`(context, subtype, oktypeidx) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:142.1-149.49 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:145.1-152.49 rule _{C : context, `x*` : idx*, comptype : comptype, x_0 : idx, `comptype'*` : comptype*, `x'**` : idx**}: `%|-%:%`(C, SUB_subtype(FINAL_final?{}, _IDX_typeuse(x)*{x <- `x*`}, comptype), OK_oktypeidx(x_0)) -- if (|x*{x <- `x*`}| <= 1) @@ -2882,26 +2886,26 @@ relation Subtype_ok: `%|-%:%`(context, subtype, oktypeidx) -- Comptype_ok: `%|-%:OK`(C, comptype) -- (Comptype_sub: `%|-%<:%`(C, comptype, comptype'))*{comptype' <- `comptype'*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:89.1-89.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:92.1-92.126 relation Rectype_ok: `%|-%:%`(context, rectype, oktypeidx) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:171.1-172.23 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:174.1-175.23 rule empty{C : context, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidx(x)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:174.1-177.48 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:177.1-180.48 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Subtype_ok: `%|-%:%`(C, subtype_1, OK_oktypeidx(x)) -- Rectype_ok: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(`%`_typeidx((x!`%`_idx.0 + 1)))) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:179.1-181.60 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:182.1-184.60 rule _rec2{C : context, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Rectype_ok2: `%|-%:%`({TYPES [], RECS subtype*{subtype <- `subtype*`}, TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []} +++ C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, 0)) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:90.1-90.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:93.1-93.126 relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:161.1-168.49 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:164.1-171.49 rule _{C : context, `typeuse*` : typeuse*, compttype : comptype, x : idx, i : nat, `comptype'*` : comptype*, `typeuse'**` : typeuse**, comptype : comptype}: `%|-%:%`(C, SUB_subtype(FINAL_final?{}, typeuse*{typeuse <- `typeuse*`}, compttype), OK_oktypeidxnat(x, i)) -- if (|typeuse*{typeuse <- `typeuse*`}| <= 1) @@ -2910,28 +2914,28 @@ relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) -- Comptype_ok: `%|-%:OK`(C, comptype) -- (Comptype_sub: `%|-%<:%`(C, comptype, comptype'))*{comptype' <- `comptype'*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:91.1-91.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:94.1-94.126 relation Rectype_ok2: `%|-%:%`(context, rectype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:183.1-184.24 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:186.1-187.24 rule empty{C : context, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidxnat(x, i)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:186.1-189.55 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:189.1-192.55 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, i)) -- Subtype_ok2: `%|-%:%`(C, subtype_1, OK_oktypeidxnat(x, i)) -- Rectype_ok2: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(`%`_typeidx((x!`%`_idx.0 + 1)), (i + 1))) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:92.1-92.102 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:95.1-95.102 relation Deftype_ok: `%|-%:OK`(context, deftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:192.1-196.14 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:195.1-199.14 rule _{C : context, rectype : rectype, i : n, x : idx, n : n, `subtype*` : subtype*}: `%|-%:OK`(C, _DEF_deftype(rectype, i)) -- Rectype_ok: `%|-%:%`(C, rectype, OK_oktypeidx(x)) -- if (rectype = REC_rectype(`%`_list(subtype^n{subtype <- `subtype*`}))) -- if (i < n) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:95.1-95.108 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:98.1-98.108 relation Comptype_sub: `%|-%<:%`(context, comptype, comptype) ;; ../../../../specification/wasm-latest/2.2-validation.subtyping.spectec:169.1-171.41 rule struct{C : context, `ft_1*` : fieldtype*, `ft'_1*` : fieldtype*, `ft_2*` : fieldtype*}: @@ -2949,7 +2953,7 @@ relation Comptype_sub: `%|-%<:%`(context, comptype, comptype) -- Resulttype_sub: `%|-%<:%`(C, `%`_resulttype(t_21*{t_21 <- `t_21*`}), `%`_resulttype(t_11*{t_11 <- `t_11*`})) -- Resulttype_sub: `%|-%<:%`(C, `%`_resulttype(t_12*{t_12 <- `t_12*`}), `%`_resulttype(t_22*{t_22 <- `t_22*`})) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:96.1-96.107 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:99.1-99.107 relation Deftype_sub: `%|-%<:%`(context, deftype, deftype) ;; ../../../../specification/wasm-latest/2.2-validation.subtyping.spectec:183.1-185.66 rule refl{C : context, deftype_1 : deftype, deftype_2 : deftype}: @@ -5905,37 +5909,55 @@ relation Val_ok: `%|-%:%`(store, val, valtype) `%|-%:%`(s, (ref : ref <: val), (rt : reftype <: valtype)) -- Ref_ok: `%|-%:%`(s, ref, rt) +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec +relation Packval_ok: `%|-%:%`(store, packval, packtype) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule _{s : store, pt : packtype, c : iN($psizenn(pt))}: + `%|-%:%`(s, PACK_packval(pt, c), pt) + +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec +relation Fieldval_ok: `%|-%:%`(store, fieldval, storagetype) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule val{s : store, val : val, t : valtype}: + `%|-%:%`(s, (val : val <: fieldval), (t : valtype <: storagetype)) + -- Val_ok: `%|-%:%`(s, val, t) + + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule packval{s : store, packval : packval, pt : packtype}: + `%|-%:%`(s, (packval : packval <: fieldval), (pt : packtype <: storagetype)) + -- Packval_ok: `%|-%:%`(s, packval, pt) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec rec { -;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:86.1-86.84 +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:103.1-103.84 relation Externaddr_ok: `%|-%:%`(store, externaddr, externtype) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:88.1-90.28 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:105.1-107.28 rule tag{s : store, a : addr, taginst : taginst}: `%|-%:%`(s, TAG_externaddr(a), TAG_externtype(taginst.TYPE_taginst)) -- if (s.TAGS_store[a] = taginst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:92.1-94.34 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:109.1-111.34 rule global{s : store, a : addr, globalinst : globalinst}: `%|-%:%`(s, GLOBAL_externaddr(a), GLOBAL_externtype(globalinst.TYPE_globalinst)) -- if (s.GLOBALS_store[a] = globalinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:96.1-98.28 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:113.1-115.28 rule mem{s : store, a : addr, meminst : meminst}: `%|-%:%`(s, MEM_externaddr(a), MEM_externtype(meminst.TYPE_meminst)) -- if (s.MEMS_store[a] = meminst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:100.1-102.32 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:117.1-119.32 rule table{s : store, a : addr, tableinst : tableinst}: `%|-%:%`(s, TABLE_externaddr(a), TABLE_externtype(tableinst.TYPE_tableinst)) -- if (s.TABLES_store[a] = tableinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:104.1-106.30 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:121.1-123.30 rule func{s : store, a : addr, funcinst : funcinst}: `%|-%:%`(s, FUNC_externaddr(a), FUNC_externtype((funcinst.TYPE_funcinst : deftype <: typeuse))) -- if (s.FUNCS_store[a] = funcinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:108.1-111.37 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:125.1-128.37 rule sub{s : store, externaddr : externaddr, xt : externtype, xt' : externtype}: `%|-%:%`(s, externaddr, xt) -- Externaddr_ok: `%|-%:%`(s, externaddr, xt') @@ -7623,6 +7645,372 @@ def $ordered(decl*) : bool ;; ../../../../specification/wasm-latest/6.4-text.modules.spectec def $ordered{`decl_1*` : decl*, import : import, `decl_2*` : decl*}(decl_1*{decl_1 <- `decl_1*`} ++ [(import : import <: decl)] ++ decl_2*{decl_2 <- `decl_2*`}) = (((((($importsd(decl_1*{decl_1 <- `decl_1*`}) = []) /\ ($tagsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($globalsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($memsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($tablesd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($funcsd(decl_1*{decl_1 <- `decl_1*`}) = [])) +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Localval_ok: `%|-%:%`(store, val?, localtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule set{s : store, val : val, t : valtype}: + `%|-%:%`(s, ?(val), `%%`_localtype(SET_init, t)) + -- Val_ok: `%|-%:%`(s, val, t) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule unset{s : store}: + `%|-%:%`(s, ?(), `%%`_localtype(UNSET_init, BOT_valtype)) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Datainst_ok: `%|-%:%`(store, datainst, datatype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `b*` : byte*}: + `%|-%:%`(s, {BYTES b*{b <- `b*`}}, OK_datatype) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Eleminst_ok: `%|-%:%`(store, eleminst, elemtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, rt : reftype, `ref*` : ref*}: + `%|-%:%`(s, {TYPE rt, REFS ref*{ref <- `ref*`}}, rt) + -- Reftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, rt) + -- (Ref_ok: `%|-%:%`(s, ref, rt))*{ref <- `ref*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Exportinst_ok: `%|-%:OK`(store, exportinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, nm : name, xa : externaddr, xt : externtype}: + `%|-%:OK`(s, {NAME nm, ADDR xa}) + -- Externaddr_ok: `%|-%:%`(s, xa, xt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Moduleinst_ok: `%|-%:%`(store, moduleinst, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `deftype*` : deftype*, `tagaddr*` : tagaddr*, `globaladdr*` : globaladdr*, `memaddr*` : memaddr*, `tableaddr*` : tableaddr*, `funcaddr*` : funcaddr*, `dataaddr*` : dataaddr*, `elemaddr*` : elemaddr*, `exportinst*` : exportinst*, `subtype*` : subtype*, `tagtype*` : tagtype*, `globaltype*` : globaltype*, `memtype*` : memtype*, `tabletype*` : tabletype*, `deftype_F*` : deftype*, `datatype*` : datatype*, `elemtype*` : elemtype*}: + `%|-%:%`(s, {TYPES deftype*{deftype <- `deftype*`}, TAGS tagaddr*{tagaddr <- `tagaddr*`}, GLOBALS globaladdr*{globaladdr <- `globaladdr*`}, MEMS memaddr*{memaddr <- `memaddr*`}, TABLES tableaddr*{tableaddr <- `tableaddr*`}, FUNCS funcaddr*{funcaddr <- `funcaddr*`}, DATAS dataaddr*{dataaddr <- `dataaddr*`}, ELEMS elemaddr*{elemaddr <- `elemaddr*`}, EXPORTS exportinst*{exportinst <- `exportinst*`}}, {TYPES deftype*{deftype <- `deftype*`}, RECS subtype*{subtype <- `subtype*`}, TAGS tagtype*{tagtype <- `tagtype*`}, GLOBALS globaltype*{globaltype <- `globaltype*`}, MEMS memtype*{memtype <- `memtype*`}, TABLES tabletype*{tabletype <- `tabletype*`}, FUNCS deftype_F*{deftype_F <- `deftype_F*`}, DATAS datatype*{datatype <- `datatype*`}, ELEMS elemtype*{elemtype <- `elemtype*`}, LOCALS [], LABELS [], RETURN ?(), REFS `%`_funcidx(i)^(i<|funcaddr*{funcaddr <- `funcaddr*`}|){}}) + -- (Deftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, deftype))*{deftype <- `deftype*`} + -- (Externaddr_ok: `%|-%:%`(s, TAG_externaddr(tagaddr), TAG_externtype(tagtype)))*{tagaddr <- `tagaddr*`, tagtype <- `tagtype*`} + -- (Externaddr_ok: `%|-%:%`(s, GLOBAL_externaddr(globaladdr), GLOBAL_externtype(globaltype)))*{globaladdr <- `globaladdr*`, globaltype <- `globaltype*`} + -- (Externaddr_ok: `%|-%:%`(s, FUNC_externaddr(funcaddr), FUNC_externtype((deftype_F : deftype <: typeuse))))*{deftype_F <- `deftype_F*`, funcaddr <- `funcaddr*`} + -- (Externaddr_ok: `%|-%:%`(s, MEM_externaddr(memaddr), MEM_externtype(memtype)))*{memaddr <- `memaddr*`, memtype <- `memtype*`} + -- (Externaddr_ok: `%|-%:%`(s, TABLE_externaddr(tableaddr), TABLE_externtype(tabletype)))*{tableaddr <- `tableaddr*`, tabletype <- `tabletype*`} + -- (Datainst_ok: `%|-%:%`(s, s.DATAS_store[dataaddr], datatype))*{dataaddr <- `dataaddr*`, datatype <- `datatype*`} + -- (Eleminst_ok: `%|-%:%`(s, s.ELEMS_store[elemaddr], elemtype))*{elemaddr <- `elemaddr*`, elemtype <- `elemtype*`} + -- (Exportinst_ok: `%|-%:OK`(s, exportinst))*{exportinst <- `exportinst*`} + -- if $disjoint_(syntax name, exportinst.NAME_exportinst*{exportinst <- `exportinst*`}) + -- (if (exportinst.ADDR_exportinst <- TAG_externaddr(tagaddr)*{tagaddr <- `tagaddr*`} ++ GLOBAL_externaddr(globaladdr)*{globaladdr <- `globaladdr*`} ++ MEM_externaddr(memaddr)*{memaddr <- `memaddr*`} ++ TABLE_externaddr(tableaddr)*{tableaddr <- `tableaddr*`} ++ FUNC_externaddr(funcaddr)*{funcaddr <- `funcaddr*`}))*{exportinst <- `exportinst*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Frame_ok: `%|-%:%`(store, frame, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `val?*` : val?*, moduleinst : moduleinst, C : context, `lct*` : localtype*}: + `%|-%:%`(s, {LOCALS val?{val <- `val?`}*{`val?` <- `val?*`}, MODULE moduleinst}, C +++ {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS lct*{lct <- `lct*`}, LABELS [], RETURN ?(), REFS []}) + -- Moduleinst_ok: `%|-%:%`(s, moduleinst, C) + -- (Localval_ok: `%|-%:%`(s, val?{val <- `val?`}, lct))*{lct <- `lct*`, `val?` <- `val?*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +rec { + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-3.56 +relation Instr_ok2: `%;%|-%:%`(store, context, instr, instrtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-9.46 + rule plain{s : store, C : context, instr : instr, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Instr_ok: `%|-%:%`(C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:11.1-13.27 + rule ref{s : store, C : context, ref : ref, rt : reftype}: + `%;%|-%:%`(s, C, (ref : ref <: instr), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([(rt : reftype <: valtype)]))) + -- Ref_ok: `%|-%:%`(s, ref, rt) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:15.1-18.68 + rule label{s : store, C : context, n : n, `instr'*` : instr*, `instr*` : instr*, `t*` : valtype*, `t'*` : valtype*, `x'*` : idx*, `x*` : idx*}: + `%;%|-%:%`(s, C, `LABEL_%{%}%`_instr(n, instr'*{instr' <- `instr'*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr'*{instr' <- `instr'*`}, `%->_%%`_instrtype(`%`_resulttype(t'^n{t' <- `t'*`}), x'*{x' <- `x'*`}, `%`_resulttype(t*{t <- `t*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [`%`_resulttype(t'^n{t' <- `t'*`})], RETURN ?(), REFS []} +++ C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:20.1-23.37 + rule frame{s : store, C : context, n : n, f : frame, `instr*` : instr*, `t*` : valtype*, C' : context}: + `%;%|-%:%`(s, C, `FRAME_%{%}%`_instr(n, f, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t^n{t <- `t*`}))) + -- Frame_ok: `%|-%:%`(s, f, C') + -- Expr_ok2: `%;%|-%:%`(s, C', instr*{instr <- `instr*`}, `%`_resulttype(t^n{t <- `t*`})) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:25.1-28.52 + rule handler{s : store, C : context, n : n, `catch*` : catch*, `instr*` : instr*, `t_1*` : valtype*, `t_2*` : valtype*, `x*` : idx*}: + `%;%|-%:%`(s, C, `HANDLER_%{%}%`_instr(n, catch*{catch <- `catch*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- (Catch_ok: `%|-%:OK`(C, catch))*{catch <- `catch*`} + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:30.1-32.42 + rule trap{s : store, C : context, `t_1*` : valtype*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, TRAP_instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Instrtype_ok: `%|-%:OK`(C, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:4.1-4.58 +relation Instrs_ok2: `%;%|-%:%`(store, context, instr*, instrtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:35.1-36.27 + rule empty{s : store, C : context}: + `%;%|-%:%`(s, C, [], `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([]))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-42.86 + rule seq{s : store, C : context, instr_1 : instr, `instr_2*` : instr*, `t_1*` : valtype*, `x_1*` : idx*, `x_2*` : idx*, `t_3*` : valtype*, `t_2*` : valtype*, `init*` : init*, `t*` : valtype*}: + `%;%|-%:%`(s, C, [instr_1] ++ instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`} ++ x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) + -- Instr_ok2: `%;%|-%:%`(s, C, instr_1, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- (if (C.LOCALS_context[x_1!`%`_idx.0] = `%%`_localtype(init, t)))*{init <- `init*`, t <- `t*`, x_1 <- `x_1*`} + -- Instrs_ok2: `%;%|-%:%`(s, $with_locals(C, x_1*{x_1 <- `x_1*`}, `%%`_localtype(SET_init, t)*{t <- `t*`}), instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_2*{t_2 <- `t_2*`}), x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:44.1-48.33 + rule sub{s : store, C : context, `instr*` : instr*, it' : instrtype, it : instrtype}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it') + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it) + -- Instrtype_sub: `%|-%<:%`(C, it, it') + -- Instrtype_ok: `%|-%:OK`(C, it') + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:51.1-54.33 + rule frame{s : store, C : context, `instr*` : instr*, `t*` : valtype*, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t*{t <- `t*`} ++ t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`} ++ t_2*{t_2 <- `t_2*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-5.55 +relation Expr_ok2: `%;%|-%:%`(store, context, expr, resulttype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:57.1-59.44 + rule _{s : store, C : context, `instr*` : instr*, `t*` : valtype*}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) +} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Taginst_ok: `%|-%:%`(store, taginst, tagtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, jt : tagtype}: + `%|-%:%`(s, {TYPE jt}, jt) + -- Tagtype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, jt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Globalinst_ok: `%|-%:%`(store, globalinst, globaltype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `mut?` : mut?, t : valtype, val : val}: + `%|-%:%`(s, {TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val}, `%%`_globaltype(mut?{mut <- `mut?`}, t)) + -- Globaltype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%`_globaltype(mut?{mut <- `mut?`}, t)) + -- Val_ok: `%|-%:%`(s, val, t) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Meminst_ok: `%|-%:%`(store, meminst, memtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, at : addrtype, n : n, m : m, `b*` : byte*}: + `%|-%:%`(s, {TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m)))), BYTES b*{b <- `b*`}}, `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))))) + -- Memtype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))))) + -- if (|b*{b <- `b*`}| = (n * (64 * $Ki))) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Tableinst_ok: `%|-%:%`(store, tableinst, tabletype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, at : addrtype, n : n, m : m, rt : reftype, `ref*` : ref*}: + `%|-%:%`(s, {TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt), REFS ref*{ref <- `ref*`}}, `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt)) + -- Tabletype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt)) + -- if (|ref*{ref <- `ref*`}| = n) + -- (Ref_ok: `%|-%:%`(s, ref, rt))*{ref <- `ref*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Funcinst_ok: `%|-%:%`(store, funcinst, deftype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, moduleinst : moduleinst, func : func, C : context, dt' : deftype}: + `%|-%:%`(s, {TYPE dt, MODULE moduleinst, CODE (func : func <: funccode)}, dt) + -- Deftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, dt) + -- Moduleinst_ok: `%|-%:%`(s, moduleinst, C) + -- Func_ok: `%|-%:%`(C, func, dt') + -- Deftype_sub: `%|-%<:%`(C, dt', dt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Structinst_ok: `%|-%:OK`(store, structinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, `fv*` : fieldval*, `mut?*` : mut?*, `zt*` : storagetype*}: + `%|-%:OK`(s, {TYPE dt, FIELDS fv*{fv <- `fv*`}}) + -- Expand: `%~~%`(dt, STRUCT_comptype(`%`_list(`%%`_fieldtype(mut?{mut <- `mut?`}, zt)*{`mut?` <- `mut?*`, zt <- `zt*`}))) + -- (Fieldval_ok: `%|-%:%`(s, fv, zt))*{fv <- `fv*`, zt <- `zt*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Arrayinst_ok: `%|-%:OK`(store, arrayinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, `fv*` : fieldval*, `mut?` : mut?, zt : storagetype}: + `%|-%:OK`(s, {TYPE dt, FIELDS fv*{fv <- `fv*`}}) + -- Expand: `%~~%`(dt, ARRAY_comptype(`%%`_fieldtype(mut?{mut <- `mut?`}, zt))) + -- (Fieldval_ok: `%|-%:%`(s, fv, zt))*{fv <- `fv*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Exninst_ok: `%|-%:OK`(store, exninst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, ta : tagaddr, `val*` : val*, dt : deftype, `t*` : valtype*}: + `%|-%:OK`(s, {TAG ta, FIELDS val*{val <- `val*`}}) + -- if ((dt : deftype <: typeuse) = s.TAGS_store[ta].TYPE_taginst) + -- Expand: `%~~%`(dt, `FUNC%->%`_comptype(`%`_resulttype(t*{t <- `t*`}), `%`_resulttype([]))) + -- (Val_ok: `%|-%:%`(s, val, t))*{t <- `t*`, val <- `val*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +rec { + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:205.1-205.50 +relation ImmReachable: `%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:217.1-220.33 + rule trans{fv_1 : fieldval, s : store, fv_2 : fieldval, fv' : fieldval}: + `%>>_%%`(fv_1, s, fv_2) + -- ImmReachable: `%>>_%%`(fv_1, s, fv') + -- ImmReachable: `%>>_%%`(fv', s, fv_2) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.20 + rule `ref.struct`{a : addr, s : store, i : nat, `ft*` : fieldtype*, zt : storagetype}: + `%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, s.STRUCTS_store[a].FIELDS_structinst[i]) + -- Expand: `%~~%`(s.STRUCTS_store[a].TYPE_structinst, STRUCT_comptype(`%`_list(ft*{ft <- `ft*`}))) + -- if (ft*{ft <- `ft*`}[i] = `%%`_fieldtype(?(), zt)) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-229.42 + rule `ref.array`{a : addr, s : store, i : nat, zt : storagetype}: + `%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, s.ARRAYS_store[a].FIELDS_arrayinst[i]) + -- Expand: `%~~%`(s.ARRAYS_store[a].TYPE_arrayinst, ARRAY_comptype(`%%`_fieldtype(?(), zt))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:231.1-232.44 + rule `ref.exn`{a : addr, s : store, i : nat}: + `%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, (s.EXNS_store[a].FIELDS_exninst[i] : val <: fieldval)) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:234.1-235.28 + rule `ref.extern`{ref : ref, s : store}: + `%>>_%%`(`REF.EXTERN`_fieldval(ref), s, (ref : ref <: fieldval)) +} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +def $NotImmReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false + -- ImmReachable: `%>>_%%`(fv_1, s, fv_2) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true + -- otherwise + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation NotImmReachable: `~%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{fv_1 : fieldval, s : store, fv_2 : fieldval}: + `~%>>_%%`(fv_1, s, fv_2) + -- if $NotImmReachable(fv_1, s, fv_2) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Store_ok: `|-%:OK`(store) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `taginst*` : taginst*, `tagtype*` : tagtype*, `globalinst*` : globalinst*, `globaltype*` : globaltype*, `meminst*` : meminst*, `memtype*` : memtype*, `tableinst*` : tableinst*, `tabletype*` : tabletype*, `deftype*` : deftype*, `funcinst*` : funcinst*, `datainst*` : datainst*, `datatype*` : datatype*, `eleminst*` : eleminst*, `elemtype*` : elemtype*, `structinst*` : structinst*, `arrayinst*` : arrayinst*, `exninst*` : exninst*}: + `|-%:OK`(s) + -- (Taginst_ok: `%|-%:%`(s, taginst, tagtype))*{taginst <- `taginst*`, tagtype <- `tagtype*`} + -- (Globalinst_ok: `%|-%:%`(s, globalinst, globaltype))*{globalinst <- `globalinst*`, globaltype <- `globaltype*`} + -- (Meminst_ok: `%|-%:%`(s, meminst, memtype))*{meminst <- `meminst*`, memtype <- `memtype*`} + -- (Tableinst_ok: `%|-%:%`(s, tableinst, tabletype))*{tableinst <- `tableinst*`, tabletype <- `tabletype*`} + -- (Funcinst_ok: `%|-%:%`(s, funcinst, deftype))*{deftype <- `deftype*`, funcinst <- `funcinst*`} + -- (Datainst_ok: `%|-%:%`(s, datainst, datatype))*{datainst <- `datainst*`, datatype <- `datatype*`} + -- (Eleminst_ok: `%|-%:%`(s, eleminst, elemtype))*{eleminst <- `eleminst*`, elemtype <- `elemtype*`} + -- (Structinst_ok: `%|-%:OK`(s, structinst))*{structinst <- `structinst*`} + -- (Arrayinst_ok: `%|-%:OK`(s, arrayinst))*{arrayinst <- `arrayinst*`} + -- (Exninst_ok: `%|-%:OK`(s, exninst))*{exninst <- `exninst*`} + -- (NotImmReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} + -- (NotImmReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} + -- (NotImmReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} + -- if (s = {TAGS taginst*{taginst <- `taginst*`}, GLOBALS globalinst*{globalinst <- `globalinst*`}, MEMS meminst*{meminst <- `meminst*`}, TABLES tableinst*{tableinst <- `tableinst*`}, FUNCS funcinst*{funcinst <- `funcinst*`}, DATAS datainst*{datainst <- `datainst*`}, ELEMS eleminst*{eleminst <- `eleminst*`}, STRUCTS structinst*{structinst <- `structinst*`}, ARRAYS arrayinst*{arrayinst <- `arrayinst*`}, EXNS exninst*{exninst <- `exninst*`}}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_taginst: `%<=%`(taginst, taginst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{jt : tagtype}: + `%<=%`({TYPE jt}, {TYPE jt}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_globalinst: `%<=%`(globalinst, globalinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{`mut?` : mut?, t : valtype, val : val, val' : val}: + `%<=%`({TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val}, {TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val'}) + -- if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (val = val')) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_meminst: `%<=%`(meminst, meminst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{at : addrtype, n : n, m : m, `b*` : byte*, n' : n, `b'*` : byte*}: + `%<=%`({TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m)))), BYTES b*{b <- `b*`}}, {TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n'), ?(`%`_u64(m)))), BYTES b'*{b' <- `b'*`}}) + -- if (n <= n') + -- if (|b*{b <- `b*`}| <= |b'*{b' <- `b'*`}|) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_tableinst: `%<=%`(tableinst, tableinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{at : addrtype, n : n, m : m, rt : reftype, `ref*` : ref*, n' : n, `ref'*` : ref*}: + `%<=%`({TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt), REFS ref*{ref <- `ref*`}}, {TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n'), ?(`%`_u64(m))), rt), REFS ref'*{ref' <- `ref'*`}}) + -- if (n <= n') + -- if (|ref*{ref <- `ref*`}| <= |ref'*{ref' <- `ref'*`}|) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_funcinst: `%<=%`(funcinst, funcinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, mm : moduleinst, fc : funccode}: + `%<=%`({TYPE dt, MODULE mm, CODE fc}, {TYPE dt, MODULE mm, CODE fc}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_datainst: `%<=%`(datainst, datainst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{`b*` : byte*, `b'*` : byte*}: + `%<=%`({BYTES b*{b <- `b*`}}, {BYTES b'*{b' <- `b'*`}}) + -- if ((b*{b <- `b*`} = b'*{b' <- `b'*`}) \/ (b'*{b' <- `b'*`} = [])) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_eleminst: `%<=%`(eleminst, eleminst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{rt : reftype, `ref*` : ref*, `ref'*` : ref*}: + `%<=%`({TYPE rt, REFS ref*{ref <- `ref*`}}, {TYPE rt, REFS ref'*{ref' <- `ref'*`}}) + -- if ((ref*{ref <- `ref*`} = ref'*{ref' <- `ref'*`}) \/ (ref'*{ref' <- `ref'*`} = [])) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_structinst: `%<=%`(structinst, structinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, `fv*` : fieldval*, `fv'*` : fieldval*, `mut?*` : mut?*, `zt*` : storagetype*}: + `%<=%`({TYPE dt, FIELDS fv*{fv <- `fv*`}}, {TYPE dt, FIELDS fv'*{fv' <- `fv'*`}}) + -- Expand: `%~~%`(dt, STRUCT_comptype(`%`_list(`%%`_fieldtype(mut?{mut <- `mut?`}, zt)*{`mut?` <- `mut?*`, zt <- `zt*`}))) + -- (if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (fv = fv')))*{fv <- `fv*`, fv' <- `fv'*`, `mut?` <- `mut?*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_arrayinst: `%<=%`(arrayinst, arrayinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, `fv*` : fieldval*, `fv'*` : fieldval*, `mut?` : mut?, zt : storagetype}: + `%<=%`({TYPE dt, FIELDS fv*{fv <- `fv*`}}, {TYPE dt, FIELDS fv'*{fv' <- `fv'*`}}) + -- Expand: `%~~%`(dt, ARRAY_comptype(`%%`_fieldtype(mut?{mut <- `mut?`}, zt))) + -- (if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (fv = fv')))*{fv <- `fv*`, fv' <- `fv'*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_exninst: `%<=%`(exninst, exninst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{ta : tagaddr, `val*` : val*}: + `%<=%`({TAG ta, FIELDS val*{val <- `val*`}}, {TAG ta, FIELDS val*{val <- `val*`}}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_store: `%<=%`(store, store) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, s' : store}: + `%<=%`(s, s') + -- (Extend_taginst: `%<=%`(s.TAGS_store[a], s'.TAGS_store[a]))^(a<|s.TAGS_store|){} + -- (Extend_globalinst: `%<=%`(s.GLOBALS_store[a], s'.GLOBALS_store[a]))^(a<|s.GLOBALS_store|){} + -- (Extend_meminst: `%<=%`(s.MEMS_store[a], s'.MEMS_store[a]))^(a<|s.MEMS_store|){} + -- (Extend_tableinst: `%<=%`(s.TABLES_store[a], s'.TABLES_store[a]))^(a<|s.TABLES_store|){} + -- (Extend_funcinst: `%<=%`(s.FUNCS_store[a], s'.FUNCS_store[a]))^(a<|s.FUNCS_store|){} + -- (Extend_datainst: `%<=%`(s.DATAS_store[a], s'.DATAS_store[a]))^(a<|s.DATAS_store|){} + -- (Extend_eleminst: `%<=%`(s.ELEMS_store[a], s'.ELEMS_store[a]))^(a<|s.ELEMS_store|){} + -- (Extend_structinst: `%<=%`(s.STRUCTS_store[a], s'.STRUCTS_store[a]))^(a<|s.STRUCTS_store|){} + -- (Extend_arrayinst: `%<=%`(s.ARRAYS_store[a], s'.ARRAYS_store[a]))^(a<|s.ARRAYS_store|){} + -- (Extend_exninst: `%<=%`(s.EXNS_store[a], s'.EXNS_store[a]))^(a<|s.EXNS_store|){} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation State_ok: `|-%:%`(state, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, f : frame, C : context}: + `|-%:%`(`%;%`_state(s, f), C) + -- Store_ok: `|-%:OK`(s) + -- Frame_ok: `%|-%:%`(s, f, C) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Config_ok: `|-%:OK`(config) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{z : state, `instr*` : instr*, C : context, `t*` : valtype*}: + `|-%:OK`(`%;%`_config(z, instr*{instr <- `instr*`})) + -- State_ok: `|-%:%`(z, C) + -- Expr_ok: `%|-%:%`(C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) + ;; ../../../../specification/wasm-latest/X.1-notation.syntax.spectec syntax A = nat @@ -14206,98 +14594,102 @@ relation Heaptype_ok: `%|-%:OK`(context, heaptype) `%|-%:OK`(C, (typeuse : typeuse <: heaptype)) -- Typeuse_ok: `%|-%:OK`(C, typeuse) + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:27.1-28.16 + rule bot{C : context}: + `%|-%:OK`(C, BOT_heaptype) + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:10.1-10.91 relation Reftype_ok: `%|-%:OK`(context, reftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:27.1-29.37 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:30.1-32.37 rule _{C : context, heaptype : heaptype}: `%|-%:OK`(C, REF_reftype(NULL_null?{}, heaptype)) -- Heaptype_ok: `%|-%:OK`(C, heaptype) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:11.1-11.91 relation Valtype_ok: `%|-%:OK`(context, valtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:31.1-33.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:34.1-36.35 rule num{C : context, numtype : numtype}: `%|-%:OK`(C, (numtype : numtype <: valtype)) -- Numtype_ok: `%|-%:OK`(C, numtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:35.1-37.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:38.1-40.35 rule vec{C : context, vectype : vectype}: `%|-%:OK`(C, (vectype : vectype <: valtype)) -- Vectype_ok: `%|-%:OK`(C, vectype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:39.1-41.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:42.1-44.35 rule ref{C : context, reftype : reftype}: `%|-%:OK`(C, (reftype : reftype <: valtype)) -- Reftype_ok: `%|-%:OK`(C, reftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:43.1-44.16 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:46.1-47.16 rule bot{C : context}: `%|-%:OK`(C, BOT_valtype) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:12.1-12.94 relation Typeuse_ok: `%|-%:OK`(context, typeuse) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:99.1-101.30 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:102.1-104.30 rule typeidx{C : context, typeidx : typeidx, dt : deftype}: `%|-%:OK`(C, _IDX_typeuse(typeidx)) -- if (C.TYPES_context[typeidx!`%`_typeidx.0] = dt) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:103.1-105.23 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:106.1-108.23 rule rec{C : context, i : n, st : subtype}: `%|-%:OK`(C, REC_typeuse(i)) -- if (C.RECS_context[i] = st) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:107.1-109.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:110.1-112.35 rule deftype{C : context, deftype : deftype}: `%|-%:OK`(C, (deftype : deftype <: typeuse)) -- Deftype_ok: `%|-%:OK`(C, deftype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:49.1-49.100 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:52.1-52.100 relation Resulttype_ok: `%|-%:OK`(context, resulttype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:52.1-54.32 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:55.1-57.32 rule _{C : context, `t*` : valtype*}: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) -- (Valtype_ok: `%|-%:OK`(C, t))*{t <- `t*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:85.1-85.104 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:88.1-88.104 relation Fieldtype_ok: `%|-%:OK`(context, fieldtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:123.1-125.43 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:126.1-128.43 rule _{C : context, storagetype : storagetype}: `%|-%:OK`(C, `%%`_fieldtype(MUT_mut?{}, storagetype)) -- Storagetype_ok: `%|-%:OK`(C, storagetype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:86.1-86.106 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:89.1-89.106 relation Storagetype_ok: `%|-%:OK`(context, storagetype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:115.1-117.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:118.1-120.35 rule val{C : context, valtype : valtype}: `%|-%:OK`(C, (valtype : valtype <: storagetype)) -- Valtype_ok: `%|-%:OK`(C, valtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:119.1-121.37 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:122.1-124.37 rule pack{C : context, packtype : packtype}: `%|-%:OK`(C, (packtype : packtype <: storagetype)) -- Packtype_ok: `%|-%:OK`(C, packtype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:87.1-87.103 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:90.1-90.103 relation Comptype_ok: `%|-%:OK`(context, comptype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:128.1-130.42 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:131.1-133.42 rule struct{C : context, `fieldtype*` : fieldtype*}: `%|-%:OK`(C, STRUCT_comptype(`%`_list(fieldtype*{fieldtype <- `fieldtype*`}))) -- (Fieldtype_ok: `%|-%:OK`(C, fieldtype))*{fieldtype <- `fieldtype*`} - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:132.1-134.39 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:135.1-137.39 rule array{C : context, fieldtype : fieldtype}: `%|-%:OK`(C, ARRAY_comptype(fieldtype)) -- Fieldtype_ok: `%|-%:OK`(C, fieldtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:136.1-139.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:139.1-142.35 rule func{C : context, `t_1*` : valtype*, `t_2*` : valtype*}: `%|-%:OK`(C, `FUNC%->%`_comptype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t_1*{t_1 <- `t_1*`})) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t_2*{t_2 <- `t_2*`})) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:88.1-88.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:91.1-91.126 relation Subtype_ok: `%|-%:%`(context, subtype, oktypeidx) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:142.1-149.49 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:145.1-152.49 rule _{C : context, `x*` : idx*, comptype : comptype, x_0 : idx, `comptype'*` : comptype*, `x'**` : idx**}: `%|-%:%`(C, SUB_subtype(FINAL_final?{}, _IDX_typeuse(x)*{x <- `x*`}, comptype), OK_oktypeidx(x_0)) -- if (|x*{x <- `x*`}| <= 1) @@ -14306,26 +14698,26 @@ relation Subtype_ok: `%|-%:%`(context, subtype, oktypeidx) -- Comptype_ok: `%|-%:OK`(C, comptype) -- (Comptype_sub: `%|-%<:%`(C, comptype, comptype'))*{comptype' <- `comptype'*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:89.1-89.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:92.1-92.126 relation Rectype_ok: `%|-%:%`(context, rectype, oktypeidx) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:171.1-172.23 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:174.1-175.23 rule empty{C : context, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidx(x)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:174.1-177.48 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:177.1-180.48 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Subtype_ok: `%|-%:%`(C, subtype_1, OK_oktypeidx(x)) -- Rectype_ok: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(`%`_typeidx((x!`%`_idx.0 + 1)))) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:179.1-181.60 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:182.1-184.60 rule _rec2{C : context, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Rectype_ok2: `%|-%:%`({TYPES [], RECS subtype*{subtype <- `subtype*`}, TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []} +++ C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, 0)) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:90.1-90.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:93.1-93.126 relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:161.1-168.49 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:164.1-171.49 rule _{C : context, `typeuse*` : typeuse*, compttype : comptype, x : idx, i : nat, `comptype'*` : comptype*, `typeuse'**` : typeuse**, comptype : comptype}: `%|-%:%`(C, SUB_subtype(FINAL_final?{}, typeuse*{typeuse <- `typeuse*`}, compttype), OK_oktypeidxnat(x, i)) -- if (|typeuse*{typeuse <- `typeuse*`}| <= 1) @@ -14334,28 +14726,28 @@ relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) -- Comptype_ok: `%|-%:OK`(C, comptype) -- (Comptype_sub: `%|-%<:%`(C, comptype, comptype'))*{comptype' <- `comptype'*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:91.1-91.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:94.1-94.126 relation Rectype_ok2: `%|-%:%`(context, rectype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:183.1-184.24 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:186.1-187.24 rule empty{C : context, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidxnat(x, i)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:186.1-189.55 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:189.1-192.55 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, i)) -- Subtype_ok2: `%|-%:%`(C, subtype_1, OK_oktypeidxnat(x, i)) -- Rectype_ok2: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(`%`_typeidx((x!`%`_idx.0 + 1)), (i + 1))) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:92.1-92.102 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:95.1-95.102 relation Deftype_ok: `%|-%:OK`(context, deftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:192.1-196.14 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:195.1-199.14 rule _{C : context, rectype : rectype, i : n, x : idx, n : n, `subtype*` : subtype*}: `%|-%:OK`(C, _DEF_deftype(rectype, i)) -- Rectype_ok: `%|-%:%`(C, rectype, OK_oktypeidx(x)) -- if (rectype = REC_rectype(`%`_list(subtype^n{subtype <- `subtype*`}))) -- if (i < n) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:95.1-95.108 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:98.1-98.108 relation Comptype_sub: `%|-%<:%`(context, comptype, comptype) ;; ../../../../specification/wasm-latest/2.2-validation.subtyping.spectec:169.1-171.41 rule struct{C : context, `ft_1*` : fieldtype*, `ft'_1*` : fieldtype*, `ft_2*` : fieldtype*}: @@ -14373,7 +14765,7 @@ relation Comptype_sub: `%|-%<:%`(context, comptype, comptype) -- Resulttype_sub: `%|-%<:%`(C, `%`_resulttype(t_21*{t_21 <- `t_21*`}), `%`_resulttype(t_11*{t_11 <- `t_11*`})) -- Resulttype_sub: `%|-%<:%`(C, `%`_resulttype(t_12*{t_12 <- `t_12*`}), `%`_resulttype(t_22*{t_22 <- `t_22*`})) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:96.1-96.107 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:99.1-99.107 relation Deftype_sub: `%|-%<:%`(context, deftype, deftype) ;; ../../../../specification/wasm-latest/2.2-validation.subtyping.spectec:183.1-185.66 rule refl{C : context, deftype_1 : deftype, deftype_2 : deftype}: @@ -17331,37 +17723,55 @@ relation Val_ok: `%|-%:%`(store, val, valtype) `%|-%:%`(s, (ref : ref <: val), (rt : reftype <: valtype)) -- Ref_ok: `%|-%:%`(s, ref, rt) +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec +relation Packval_ok: `%|-%:%`(store, packval, packtype) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule _{s : store, pt : packtype, c : iN($psizenn(pt))}: + `%|-%:%`(s, PACK_packval(pt, c), pt) + +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec +relation Fieldval_ok: `%|-%:%`(store, fieldval, storagetype) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule val{s : store, val : val, t : valtype}: + `%|-%:%`(s, (val : val <: fieldval), (t : valtype <: storagetype)) + -- Val_ok: `%|-%:%`(s, val, t) + + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule packval{s : store, packval : packval, pt : packtype}: + `%|-%:%`(s, (packval : packval <: fieldval), (pt : packtype <: storagetype)) + -- Packval_ok: `%|-%:%`(s, packval, pt) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec rec { -;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:86.1-86.84 +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:103.1-103.84 relation Externaddr_ok: `%|-%:%`(store, externaddr, externtype) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:88.1-90.28 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:105.1-107.28 rule tag{s : store, a : addr, taginst : taginst}: `%|-%:%`(s, TAG_externaddr(a), TAG_externtype(taginst.TYPE_taginst)) -- if (s.TAGS_store[a] = taginst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:92.1-94.34 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:109.1-111.34 rule global{s : store, a : addr, globalinst : globalinst}: `%|-%:%`(s, GLOBAL_externaddr(a), GLOBAL_externtype(globalinst.TYPE_globalinst)) -- if (s.GLOBALS_store[a] = globalinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:96.1-98.28 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:113.1-115.28 rule mem{s : store, a : addr, meminst : meminst}: `%|-%:%`(s, MEM_externaddr(a), MEM_externtype(meminst.TYPE_meminst)) -- if (s.MEMS_store[a] = meminst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:100.1-102.32 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:117.1-119.32 rule table{s : store, a : addr, tableinst : tableinst}: `%|-%:%`(s, TABLE_externaddr(a), TABLE_externtype(tableinst.TYPE_tableinst)) -- if (s.TABLES_store[a] = tableinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:104.1-106.30 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:121.1-123.30 rule func{s : store, a : addr, funcinst : funcinst}: `%|-%:%`(s, FUNC_externaddr(a), FUNC_externtype((funcinst.TYPE_funcinst : deftype <: typeuse))) -- if (s.FUNCS_store[a] = funcinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:108.1-111.37 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:125.1-128.37 rule sub{s : store, externaddr : externaddr, xt : externtype, xt' : externtype}: `%|-%:%`(s, externaddr, xt) -- Externaddr_ok: `%|-%:%`(s, externaddr, xt') @@ -19049,6 +19459,372 @@ def $ordered(decl*) : bool ;; ../../../../specification/wasm-latest/6.4-text.modules.spectec def $ordered{`decl_1*` : decl*, import : import, `decl_2*` : decl*}(decl_1*{decl_1 <- `decl_1*`} ++ [(import : import <: decl)] ++ decl_2*{decl_2 <- `decl_2*`}) = (((((($importsd(decl_1*{decl_1 <- `decl_1*`}) = []) /\ ($tagsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($globalsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($memsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($tablesd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($funcsd(decl_1*{decl_1 <- `decl_1*`}) = [])) +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Localval_ok: `%|-%:%`(store, val?, localtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule set{s : store, val : val, t : valtype}: + `%|-%:%`(s, ?(val), `%%`_localtype(SET_init, t)) + -- Val_ok: `%|-%:%`(s, val, t) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule unset{s : store}: + `%|-%:%`(s, ?(), `%%`_localtype(UNSET_init, BOT_valtype)) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Datainst_ok: `%|-%:%`(store, datainst, datatype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `b*` : byte*}: + `%|-%:%`(s, {BYTES b*{b <- `b*`}}, OK_datatype) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Eleminst_ok: `%|-%:%`(store, eleminst, elemtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, rt : reftype, `ref*` : ref*}: + `%|-%:%`(s, {TYPE rt, REFS ref*{ref <- `ref*`}}, rt) + -- Reftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, rt) + -- (Ref_ok: `%|-%:%`(s, ref, rt))*{ref <- `ref*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Exportinst_ok: `%|-%:OK`(store, exportinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, nm : name, xa : externaddr, xt : externtype}: + `%|-%:OK`(s, {NAME nm, ADDR xa}) + -- Externaddr_ok: `%|-%:%`(s, xa, xt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Moduleinst_ok: `%|-%:%`(store, moduleinst, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `deftype*` : deftype*, `tagaddr*` : tagaddr*, `globaladdr*` : globaladdr*, `memaddr*` : memaddr*, `tableaddr*` : tableaddr*, `funcaddr*` : funcaddr*, `dataaddr*` : dataaddr*, `elemaddr*` : elemaddr*, `exportinst*` : exportinst*, `subtype*` : subtype*, `tagtype*` : tagtype*, `globaltype*` : globaltype*, `memtype*` : memtype*, `tabletype*` : tabletype*, `deftype_F*` : deftype*, `datatype*` : datatype*, `elemtype*` : elemtype*}: + `%|-%:%`(s, {TYPES deftype*{deftype <- `deftype*`}, TAGS tagaddr*{tagaddr <- `tagaddr*`}, GLOBALS globaladdr*{globaladdr <- `globaladdr*`}, MEMS memaddr*{memaddr <- `memaddr*`}, TABLES tableaddr*{tableaddr <- `tableaddr*`}, FUNCS funcaddr*{funcaddr <- `funcaddr*`}, DATAS dataaddr*{dataaddr <- `dataaddr*`}, ELEMS elemaddr*{elemaddr <- `elemaddr*`}, EXPORTS exportinst*{exportinst <- `exportinst*`}}, {TYPES deftype*{deftype <- `deftype*`}, RECS subtype*{subtype <- `subtype*`}, TAGS tagtype*{tagtype <- `tagtype*`}, GLOBALS globaltype*{globaltype <- `globaltype*`}, MEMS memtype*{memtype <- `memtype*`}, TABLES tabletype*{tabletype <- `tabletype*`}, FUNCS deftype_F*{deftype_F <- `deftype_F*`}, DATAS datatype*{datatype <- `datatype*`}, ELEMS elemtype*{elemtype <- `elemtype*`}, LOCALS [], LABELS [], RETURN ?(), REFS `%`_funcidx(i)^(i<|funcaddr*{funcaddr <- `funcaddr*`}|){}}) + -- (Deftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, deftype))*{deftype <- `deftype*`} + -- (Externaddr_ok: `%|-%:%`(s, TAG_externaddr(tagaddr), TAG_externtype(tagtype)))*{tagaddr <- `tagaddr*`, tagtype <- `tagtype*`} + -- (Externaddr_ok: `%|-%:%`(s, GLOBAL_externaddr(globaladdr), GLOBAL_externtype(globaltype)))*{globaladdr <- `globaladdr*`, globaltype <- `globaltype*`} + -- (Externaddr_ok: `%|-%:%`(s, FUNC_externaddr(funcaddr), FUNC_externtype((deftype_F : deftype <: typeuse))))*{deftype_F <- `deftype_F*`, funcaddr <- `funcaddr*`} + -- (Externaddr_ok: `%|-%:%`(s, MEM_externaddr(memaddr), MEM_externtype(memtype)))*{memaddr <- `memaddr*`, memtype <- `memtype*`} + -- (Externaddr_ok: `%|-%:%`(s, TABLE_externaddr(tableaddr), TABLE_externtype(tabletype)))*{tableaddr <- `tableaddr*`, tabletype <- `tabletype*`} + -- (Datainst_ok: `%|-%:%`(s, s.DATAS_store[dataaddr], datatype))*{dataaddr <- `dataaddr*`, datatype <- `datatype*`} + -- (Eleminst_ok: `%|-%:%`(s, s.ELEMS_store[elemaddr], elemtype))*{elemaddr <- `elemaddr*`, elemtype <- `elemtype*`} + -- (Exportinst_ok: `%|-%:OK`(s, exportinst))*{exportinst <- `exportinst*`} + -- if $disjoint_(syntax name, exportinst.NAME_exportinst*{exportinst <- `exportinst*`}) + -- (if (exportinst.ADDR_exportinst <- TAG_externaddr(tagaddr)*{tagaddr <- `tagaddr*`} ++ GLOBAL_externaddr(globaladdr)*{globaladdr <- `globaladdr*`} ++ MEM_externaddr(memaddr)*{memaddr <- `memaddr*`} ++ TABLE_externaddr(tableaddr)*{tableaddr <- `tableaddr*`} ++ FUNC_externaddr(funcaddr)*{funcaddr <- `funcaddr*`}))*{exportinst <- `exportinst*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Frame_ok: `%|-%:%`(store, frame, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `val?*` : val?*, moduleinst : moduleinst, C : context, `lct*` : localtype*}: + `%|-%:%`(s, {LOCALS val?{val <- `val?`}*{`val?` <- `val?*`}, MODULE moduleinst}, C +++ {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS lct*{lct <- `lct*`}, LABELS [], RETURN ?(), REFS []}) + -- Moduleinst_ok: `%|-%:%`(s, moduleinst, C) + -- (Localval_ok: `%|-%:%`(s, val?{val <- `val?`}, lct))*{lct <- `lct*`, `val?` <- `val?*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +rec { + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-3.56 +relation Instr_ok2: `%;%|-%:%`(store, context, instr, instrtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-9.46 + rule plain{s : store, C : context, instr : instr, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Instr_ok: `%|-%:%`(C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:11.1-13.27 + rule ref{s : store, C : context, ref : ref, rt : reftype}: + `%;%|-%:%`(s, C, (ref : ref <: instr), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([(rt : reftype <: valtype)]))) + -- Ref_ok: `%|-%:%`(s, ref, rt) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:15.1-18.68 + rule label{s : store, C : context, n : n, `instr'*` : instr*, `instr*` : instr*, `t*` : valtype*, `t'*` : valtype*, `x'*` : idx*, `x*` : idx*}: + `%;%|-%:%`(s, C, `LABEL_%{%}%`_instr(n, instr'*{instr' <- `instr'*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr'*{instr' <- `instr'*`}, `%->_%%`_instrtype(`%`_resulttype(t'^n{t' <- `t'*`}), x'*{x' <- `x'*`}, `%`_resulttype(t*{t <- `t*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [`%`_resulttype(t'^n{t' <- `t'*`})], RETURN ?(), REFS []} +++ C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:20.1-23.37 + rule frame{s : store, C : context, n : n, f : frame, `instr*` : instr*, `t*` : valtype*, C' : context}: + `%;%|-%:%`(s, C, `FRAME_%{%}%`_instr(n, f, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t^n{t <- `t*`}))) + -- Frame_ok: `%|-%:%`(s, f, C') + -- Expr_ok2: `%;%|-%:%`(s, C', instr*{instr <- `instr*`}, `%`_resulttype(t^n{t <- `t*`})) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:25.1-28.52 + rule handler{s : store, C : context, n : n, `catch*` : catch*, `instr*` : instr*, `t_1*` : valtype*, `t_2*` : valtype*, `x*` : idx*}: + `%;%|-%:%`(s, C, `HANDLER_%{%}%`_instr(n, catch*{catch <- `catch*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- (Catch_ok: `%|-%:OK`(C, catch))*{catch <- `catch*`} + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:30.1-32.42 + rule trap{s : store, C : context, `t_1*` : valtype*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, TRAP_instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Instrtype_ok: `%|-%:OK`(C, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:4.1-4.58 +relation Instrs_ok2: `%;%|-%:%`(store, context, instr*, instrtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:35.1-36.27 + rule empty{s : store, C : context}: + `%;%|-%:%`(s, C, [], `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([]))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-42.86 + rule seq{s : store, C : context, instr_1 : instr, `instr_2*` : instr*, `t_1*` : valtype*, `x_1*` : idx*, `x_2*` : idx*, `t_3*` : valtype*, `t_2*` : valtype*, `init*` : init*, `t*` : valtype*}: + `%;%|-%:%`(s, C, [instr_1] ++ instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`} ++ x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) + -- Instr_ok2: `%;%|-%:%`(s, C, instr_1, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- (if (C.LOCALS_context[x_1!`%`_idx.0] = `%%`_localtype(init, t)))*{init <- `init*`, t <- `t*`, x_1 <- `x_1*`} + -- Instrs_ok2: `%;%|-%:%`(s, $with_locals(C, x_1*{x_1 <- `x_1*`}, `%%`_localtype(SET_init, t)*{t <- `t*`}), instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_2*{t_2 <- `t_2*`}), x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:44.1-48.33 + rule sub{s : store, C : context, `instr*` : instr*, it' : instrtype, it : instrtype}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it') + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it) + -- Instrtype_sub: `%|-%<:%`(C, it, it') + -- Instrtype_ok: `%|-%:OK`(C, it') + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:51.1-54.33 + rule frame{s : store, C : context, `instr*` : instr*, `t*` : valtype*, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t*{t <- `t*`} ++ t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`} ++ t_2*{t_2 <- `t_2*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-5.55 +relation Expr_ok2: `%;%|-%:%`(store, context, expr, resulttype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:57.1-59.44 + rule _{s : store, C : context, `instr*` : instr*, `t*` : valtype*}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) +} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Taginst_ok: `%|-%:%`(store, taginst, tagtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, jt : tagtype}: + `%|-%:%`(s, {TYPE jt}, jt) + -- Tagtype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, jt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Globalinst_ok: `%|-%:%`(store, globalinst, globaltype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `mut?` : mut?, t : valtype, val : val}: + `%|-%:%`(s, {TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val}, `%%`_globaltype(mut?{mut <- `mut?`}, t)) + -- Globaltype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%`_globaltype(mut?{mut <- `mut?`}, t)) + -- Val_ok: `%|-%:%`(s, val, t) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Meminst_ok: `%|-%:%`(store, meminst, memtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, at : addrtype, n : n, m : m, `b*` : byte*}: + `%|-%:%`(s, {TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m)))), BYTES b*{b <- `b*`}}, `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))))) + -- Memtype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))))) + -- if (|b*{b <- `b*`}| = (n * (64 * $Ki))) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Tableinst_ok: `%|-%:%`(store, tableinst, tabletype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, at : addrtype, n : n, m : m, rt : reftype, `ref*` : ref*}: + `%|-%:%`(s, {TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt), REFS ref*{ref <- `ref*`}}, `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt)) + -- Tabletype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt)) + -- if (|ref*{ref <- `ref*`}| = n) + -- (Ref_ok: `%|-%:%`(s, ref, rt))*{ref <- `ref*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Funcinst_ok: `%|-%:%`(store, funcinst, deftype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, moduleinst : moduleinst, func : func, C : context, dt' : deftype}: + `%|-%:%`(s, {TYPE dt, MODULE moduleinst, CODE (func : func <: funccode)}, dt) + -- Deftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, dt) + -- Moduleinst_ok: `%|-%:%`(s, moduleinst, C) + -- Func_ok: `%|-%:%`(C, func, dt') + -- Deftype_sub: `%|-%<:%`(C, dt', dt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Structinst_ok: `%|-%:OK`(store, structinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, `fv*` : fieldval*, `mut?*` : mut?*, `zt*` : storagetype*}: + `%|-%:OK`(s, {TYPE dt, FIELDS fv*{fv <- `fv*`}}) + -- Expand: `%~~%`(dt, STRUCT_comptype(`%`_list(`%%`_fieldtype(mut?{mut <- `mut?`}, zt)*{`mut?` <- `mut?*`, zt <- `zt*`}))) + -- (Fieldval_ok: `%|-%:%`(s, fv, zt))*{fv <- `fv*`, zt <- `zt*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Arrayinst_ok: `%|-%:OK`(store, arrayinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, `fv*` : fieldval*, `mut?` : mut?, zt : storagetype}: + `%|-%:OK`(s, {TYPE dt, FIELDS fv*{fv <- `fv*`}}) + -- Expand: `%~~%`(dt, ARRAY_comptype(`%%`_fieldtype(mut?{mut <- `mut?`}, zt))) + -- (Fieldval_ok: `%|-%:%`(s, fv, zt))*{fv <- `fv*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Exninst_ok: `%|-%:OK`(store, exninst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, ta : tagaddr, `val*` : val*, dt : deftype, `t*` : valtype*}: + `%|-%:OK`(s, {TAG ta, FIELDS val*{val <- `val*`}}) + -- if ((dt : deftype <: typeuse) = s.TAGS_store[ta].TYPE_taginst) + -- Expand: `%~~%`(dt, `FUNC%->%`_comptype(`%`_resulttype(t*{t <- `t*`}), `%`_resulttype([]))) + -- (Val_ok: `%|-%:%`(s, val, t))*{t <- `t*`, val <- `val*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +rec { + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:205.1-205.50 +relation ImmReachable: `%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:217.1-220.33 + rule trans{fv_1 : fieldval, s : store, fv_2 : fieldval, fv' : fieldval}: + `%>>_%%`(fv_1, s, fv_2) + -- ImmReachable: `%>>_%%`(fv_1, s, fv') + -- ImmReachable: `%>>_%%`(fv', s, fv_2) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.20 + rule `ref.struct`{a : addr, s : store, i : nat, `ft*` : fieldtype*, zt : storagetype}: + `%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, s.STRUCTS_store[a].FIELDS_structinst[i]) + -- Expand: `%~~%`(s.STRUCTS_store[a].TYPE_structinst, STRUCT_comptype(`%`_list(ft*{ft <- `ft*`}))) + -- if (ft*{ft <- `ft*`}[i] = `%%`_fieldtype(?(), zt)) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-229.42 + rule `ref.array`{a : addr, s : store, i : nat, zt : storagetype}: + `%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, s.ARRAYS_store[a].FIELDS_arrayinst[i]) + -- Expand: `%~~%`(s.ARRAYS_store[a].TYPE_arrayinst, ARRAY_comptype(`%%`_fieldtype(?(), zt))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:231.1-232.44 + rule `ref.exn`{a : addr, s : store, i : nat}: + `%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, (s.EXNS_store[a].FIELDS_exninst[i] : val <: fieldval)) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:234.1-235.28 + rule `ref.extern`{ref : ref, s : store}: + `%>>_%%`(`REF.EXTERN`_fieldval(ref), s, (ref : ref <: fieldval)) +} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +def $NotImmReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false + -- ImmReachable: `%>>_%%`(fv_1, s, fv_2) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true + -- otherwise + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation NotImmReachable: `~%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{fv_1 : fieldval, s : store, fv_2 : fieldval}: + `~%>>_%%`(fv_1, s, fv_2) + -- if $NotImmReachable(fv_1, s, fv_2) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Store_ok: `|-%:OK`(store) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `taginst*` : taginst*, `tagtype*` : tagtype*, `globalinst*` : globalinst*, `globaltype*` : globaltype*, `meminst*` : meminst*, `memtype*` : memtype*, `tableinst*` : tableinst*, `tabletype*` : tabletype*, `deftype*` : deftype*, `funcinst*` : funcinst*, `datainst*` : datainst*, `datatype*` : datatype*, `eleminst*` : eleminst*, `elemtype*` : elemtype*, `structinst*` : structinst*, `arrayinst*` : arrayinst*, `exninst*` : exninst*}: + `|-%:OK`(s) + -- (Taginst_ok: `%|-%:%`(s, taginst, tagtype))*{taginst <- `taginst*`, tagtype <- `tagtype*`} + -- (Globalinst_ok: `%|-%:%`(s, globalinst, globaltype))*{globalinst <- `globalinst*`, globaltype <- `globaltype*`} + -- (Meminst_ok: `%|-%:%`(s, meminst, memtype))*{meminst <- `meminst*`, memtype <- `memtype*`} + -- (Tableinst_ok: `%|-%:%`(s, tableinst, tabletype))*{tableinst <- `tableinst*`, tabletype <- `tabletype*`} + -- (Funcinst_ok: `%|-%:%`(s, funcinst, deftype))*{deftype <- `deftype*`, funcinst <- `funcinst*`} + -- (Datainst_ok: `%|-%:%`(s, datainst, datatype))*{datainst <- `datainst*`, datatype <- `datatype*`} + -- (Eleminst_ok: `%|-%:%`(s, eleminst, elemtype))*{eleminst <- `eleminst*`, elemtype <- `elemtype*`} + -- (Structinst_ok: `%|-%:OK`(s, structinst))*{structinst <- `structinst*`} + -- (Arrayinst_ok: `%|-%:OK`(s, arrayinst))*{arrayinst <- `arrayinst*`} + -- (Exninst_ok: `%|-%:OK`(s, exninst))*{exninst <- `exninst*`} + -- (NotImmReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} + -- (NotImmReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} + -- (NotImmReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} + -- if (s = {TAGS taginst*{taginst <- `taginst*`}, GLOBALS globalinst*{globalinst <- `globalinst*`}, MEMS meminst*{meminst <- `meminst*`}, TABLES tableinst*{tableinst <- `tableinst*`}, FUNCS funcinst*{funcinst <- `funcinst*`}, DATAS datainst*{datainst <- `datainst*`}, ELEMS eleminst*{eleminst <- `eleminst*`}, STRUCTS structinst*{structinst <- `structinst*`}, ARRAYS arrayinst*{arrayinst <- `arrayinst*`}, EXNS exninst*{exninst <- `exninst*`}}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_taginst: `%<=%`(taginst, taginst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{jt : tagtype}: + `%<=%`({TYPE jt}, {TYPE jt}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_globalinst: `%<=%`(globalinst, globalinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{`mut?` : mut?, t : valtype, val : val, val' : val}: + `%<=%`({TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val}, {TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val'}) + -- if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (val = val')) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_meminst: `%<=%`(meminst, meminst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{at : addrtype, n : n, m : m, `b*` : byte*, n' : n, `b'*` : byte*}: + `%<=%`({TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m)))), BYTES b*{b <- `b*`}}, {TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n'), ?(`%`_u64(m)))), BYTES b'*{b' <- `b'*`}}) + -- if (n <= n') + -- if (|b*{b <- `b*`}| <= |b'*{b' <- `b'*`}|) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_tableinst: `%<=%`(tableinst, tableinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{at : addrtype, n : n, m : m, rt : reftype, `ref*` : ref*, n' : n, `ref'*` : ref*}: + `%<=%`({TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt), REFS ref*{ref <- `ref*`}}, {TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n'), ?(`%`_u64(m))), rt), REFS ref'*{ref' <- `ref'*`}}) + -- if (n <= n') + -- if (|ref*{ref <- `ref*`}| <= |ref'*{ref' <- `ref'*`}|) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_funcinst: `%<=%`(funcinst, funcinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, mm : moduleinst, fc : funccode}: + `%<=%`({TYPE dt, MODULE mm, CODE fc}, {TYPE dt, MODULE mm, CODE fc}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_datainst: `%<=%`(datainst, datainst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{`b*` : byte*, `b'*` : byte*}: + `%<=%`({BYTES b*{b <- `b*`}}, {BYTES b'*{b' <- `b'*`}}) + -- if ((b*{b <- `b*`} = b'*{b' <- `b'*`}) \/ (b'*{b' <- `b'*`} = [])) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_eleminst: `%<=%`(eleminst, eleminst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{rt : reftype, `ref*` : ref*, `ref'*` : ref*}: + `%<=%`({TYPE rt, REFS ref*{ref <- `ref*`}}, {TYPE rt, REFS ref'*{ref' <- `ref'*`}}) + -- if ((ref*{ref <- `ref*`} = ref'*{ref' <- `ref'*`}) \/ (ref'*{ref' <- `ref'*`} = [])) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_structinst: `%<=%`(structinst, structinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, `fv*` : fieldval*, `fv'*` : fieldval*, `mut?*` : mut?*, `zt*` : storagetype*}: + `%<=%`({TYPE dt, FIELDS fv*{fv <- `fv*`}}, {TYPE dt, FIELDS fv'*{fv' <- `fv'*`}}) + -- Expand: `%~~%`(dt, STRUCT_comptype(`%`_list(`%%`_fieldtype(mut?{mut <- `mut?`}, zt)*{`mut?` <- `mut?*`, zt <- `zt*`}))) + -- (if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (fv = fv')))*{fv <- `fv*`, fv' <- `fv'*`, `mut?` <- `mut?*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_arrayinst: `%<=%`(arrayinst, arrayinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, `fv*` : fieldval*, `fv'*` : fieldval*, `mut?` : mut?, zt : storagetype}: + `%<=%`({TYPE dt, FIELDS fv*{fv <- `fv*`}}, {TYPE dt, FIELDS fv'*{fv' <- `fv'*`}}) + -- Expand: `%~~%`(dt, ARRAY_comptype(`%%`_fieldtype(mut?{mut <- `mut?`}, zt))) + -- (if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (fv = fv')))*{fv <- `fv*`, fv' <- `fv'*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_exninst: `%<=%`(exninst, exninst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{ta : tagaddr, `val*` : val*}: + `%<=%`({TAG ta, FIELDS val*{val <- `val*`}}, {TAG ta, FIELDS val*{val <- `val*`}}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_store: `%<=%`(store, store) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, s' : store}: + `%<=%`(s, s') + -- (Extend_taginst: `%<=%`(s.TAGS_store[a], s'.TAGS_store[a]))^(a<|s.TAGS_store|){} + -- (Extend_globalinst: `%<=%`(s.GLOBALS_store[a], s'.GLOBALS_store[a]))^(a<|s.GLOBALS_store|){} + -- (Extend_meminst: `%<=%`(s.MEMS_store[a], s'.MEMS_store[a]))^(a<|s.MEMS_store|){} + -- (Extend_tableinst: `%<=%`(s.TABLES_store[a], s'.TABLES_store[a]))^(a<|s.TABLES_store|){} + -- (Extend_funcinst: `%<=%`(s.FUNCS_store[a], s'.FUNCS_store[a]))^(a<|s.FUNCS_store|){} + -- (Extend_datainst: `%<=%`(s.DATAS_store[a], s'.DATAS_store[a]))^(a<|s.DATAS_store|){} + -- (Extend_eleminst: `%<=%`(s.ELEMS_store[a], s'.ELEMS_store[a]))^(a<|s.ELEMS_store|){} + -- (Extend_structinst: `%<=%`(s.STRUCTS_store[a], s'.STRUCTS_store[a]))^(a<|s.STRUCTS_store|){} + -- (Extend_arrayinst: `%<=%`(s.ARRAYS_store[a], s'.ARRAYS_store[a]))^(a<|s.ARRAYS_store|){} + -- (Extend_exninst: `%<=%`(s.EXNS_store[a], s'.EXNS_store[a]))^(a<|s.EXNS_store|){} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation State_ok: `|-%:%`(state, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, f : frame, C : context}: + `|-%:%`(`%;%`_state(s, f), C) + -- Store_ok: `|-%:OK`(s) + -- Frame_ok: `%|-%:%`(s, f, C) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Config_ok: `|-%:OK`(config) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{z : state, `instr*` : instr*, C : context, `t*` : valtype*}: + `|-%:OK`(`%;%`_config(z, instr*{instr <- `instr*`})) + -- State_ok: `|-%:%`(z, C) + -- Expr_ok: `%|-%:%`(C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) + ;; ../../../../specification/wasm-latest/X.1-notation.syntax.spectec syntax A = nat @@ -25632,100 +26408,104 @@ relation Heaptype_ok: `%|-%:OK`(context, heaptype) `%|-%:OK`(C, (typeuse : typeuse <: heaptype)) -- Typeuse_ok: `%|-%:OK`(C, typeuse) + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:27.1-28.16 + rule bot{C : context}: + `%|-%:OK`(C, BOT_heaptype) + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:10.1-10.91 relation Reftype_ok: `%|-%:OK`(context, reftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:27.1-29.37 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:30.1-32.37 rule _{C : context, heaptype : heaptype}: `%|-%:OK`(C, REF_reftype(NULL_null?{}, heaptype)) -- Heaptype_ok: `%|-%:OK`(C, heaptype) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:11.1-11.91 relation Valtype_ok: `%|-%:OK`(context, valtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:31.1-33.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:34.1-36.35 rule num{C : context, numtype : numtype}: `%|-%:OK`(C, (numtype : numtype <: valtype)) -- Numtype_ok: `%|-%:OK`(C, numtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:35.1-37.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:38.1-40.35 rule vec{C : context, vectype : vectype}: `%|-%:OK`(C, (vectype : vectype <: valtype)) -- Vectype_ok: `%|-%:OK`(C, vectype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:39.1-41.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:42.1-44.35 rule ref{C : context, reftype : reftype}: `%|-%:OK`(C, (reftype : reftype <: valtype)) -- Reftype_ok: `%|-%:OK`(C, reftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:43.1-44.16 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:46.1-47.16 rule bot{C : context}: `%|-%:OK`(C, BOT_valtype) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:12.1-12.94 relation Typeuse_ok: `%|-%:OK`(context, typeuse) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:99.1-101.30 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:102.1-104.30 rule typeidx{C : context, typeidx : typeidx, dt : deftype}: `%|-%:OK`(C, _IDX_typeuse(typeidx)) -- if (typeidx!`%`_typeidx.0 < |C.TYPES_context|) -- if (C.TYPES_context[typeidx!`%`_typeidx.0] = dt) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:103.1-105.23 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:106.1-108.23 rule rec{C : context, i : n, st : subtype}: `%|-%:OK`(C, REC_typeuse(i)) -- if (i < |C.RECS_context|) -- if (C.RECS_context[i] = st) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:107.1-109.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:110.1-112.35 rule deftype{C : context, deftype : deftype}: `%|-%:OK`(C, (deftype : deftype <: typeuse)) -- Deftype_ok: `%|-%:OK`(C, deftype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:49.1-49.100 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:52.1-52.100 relation Resulttype_ok: `%|-%:OK`(context, resulttype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:52.1-54.32 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:55.1-57.32 rule _{C : context, `t*` : valtype*}: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) -- (Valtype_ok: `%|-%:OK`(C, t))*{t <- `t*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:85.1-85.104 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:88.1-88.104 relation Fieldtype_ok: `%|-%:OK`(context, fieldtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:123.1-125.43 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:126.1-128.43 rule _{C : context, storagetype : storagetype}: `%|-%:OK`(C, `%%`_fieldtype(MUT_mut?{}, storagetype)) -- Storagetype_ok: `%|-%:OK`(C, storagetype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:86.1-86.106 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:89.1-89.106 relation Storagetype_ok: `%|-%:OK`(context, storagetype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:115.1-117.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:118.1-120.35 rule val{C : context, valtype : valtype}: `%|-%:OK`(C, (valtype : valtype <: storagetype)) -- Valtype_ok: `%|-%:OK`(C, valtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:119.1-121.37 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:122.1-124.37 rule pack{C : context, packtype : packtype}: `%|-%:OK`(C, (packtype : packtype <: storagetype)) -- Packtype_ok: `%|-%:OK`(C, packtype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:87.1-87.103 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:90.1-90.103 relation Comptype_ok: `%|-%:OK`(context, comptype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:128.1-130.42 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:131.1-133.42 rule struct{C : context, `fieldtype*` : fieldtype*}: `%|-%:OK`(C, STRUCT_comptype(`%`_list(fieldtype*{fieldtype <- `fieldtype*`}))) -- (Fieldtype_ok: `%|-%:OK`(C, fieldtype))*{fieldtype <- `fieldtype*`} - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:132.1-134.39 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:135.1-137.39 rule array{C : context, fieldtype : fieldtype}: `%|-%:OK`(C, ARRAY_comptype(fieldtype)) -- Fieldtype_ok: `%|-%:OK`(C, fieldtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:136.1-139.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:139.1-142.35 rule func{C : context, `t_1*` : valtype*, `t_2*` : valtype*}: `%|-%:OK`(C, `FUNC%->%`_comptype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t_1*{t_1 <- `t_1*`})) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t_2*{t_2 <- `t_2*`})) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:88.1-88.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:91.1-91.126 relation Subtype_ok: `%|-%:%`(context, subtype, oktypeidx) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:142.1-149.49 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:145.1-152.49 rule _{C : context, `x*` : idx*, comptype : comptype, x_0 : idx, `comptype'*` : comptype*, `x'**` : idx**}: `%|-%:%`(C, SUB_subtype(FINAL_final?{}, _IDX_typeuse(x)*{x <- `x*`}, comptype), OK_oktypeidx(x_0)) -- if (|x*{x <- `x*`}| <= 1) @@ -25737,26 +26517,26 @@ relation Subtype_ok: `%|-%:%`(context, subtype, oktypeidx) -- Comptype_ok: `%|-%:OK`(C, comptype) -- (Comptype_sub: `%|-%<:%`(C, comptype, comptype'))*{comptype' <- `comptype'*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:89.1-89.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:92.1-92.126 relation Rectype_ok: `%|-%:%`(context, rectype, oktypeidx) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:171.1-172.23 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:174.1-175.23 rule empty{C : context, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidx(x)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:174.1-177.48 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:177.1-180.48 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Subtype_ok: `%|-%:%`(C, subtype_1, OK_oktypeidx(x)) -- Rectype_ok: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(`%`_typeidx((x!`%`_idx.0 + 1)))) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:179.1-181.60 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:182.1-184.60 rule _rec2{C : context, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Rectype_ok2: `%|-%:%`({TYPES [], RECS subtype*{subtype <- `subtype*`}, TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []} +++ C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, 0)) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:90.1-90.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:93.1-93.126 relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:161.1-168.49 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:164.1-171.49 rule _{C : context, `typeuse*` : typeuse*, compttype : comptype, x : idx, i : nat, `comptype'*` : comptype*, `typeuse'**` : typeuse**, comptype : comptype}: `%|-%:%`(C, SUB_subtype(FINAL_final?{}, typeuse*{typeuse <- `typeuse*`}, compttype), OK_oktypeidxnat(x, i)) -- if (|typeuse*{typeuse <- `typeuse*`}| <= 1) @@ -25767,28 +26547,28 @@ relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) -- Comptype_ok: `%|-%:OK`(C, comptype) -- (Comptype_sub: `%|-%<:%`(C, comptype, comptype'))*{comptype' <- `comptype'*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:91.1-91.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:94.1-94.126 relation Rectype_ok2: `%|-%:%`(context, rectype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:183.1-184.24 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:186.1-187.24 rule empty{C : context, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidxnat(x, i)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:186.1-189.55 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:189.1-192.55 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, i)) -- Subtype_ok2: `%|-%:%`(C, subtype_1, OK_oktypeidxnat(x, i)) -- Rectype_ok2: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(`%`_typeidx((x!`%`_idx.0 + 1)), (i + 1))) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:92.1-92.102 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:95.1-95.102 relation Deftype_ok: `%|-%:OK`(context, deftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:192.1-196.14 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:195.1-199.14 rule _{C : context, rectype : rectype, i : n, x : idx, n : n, `subtype*` : subtype*}: `%|-%:OK`(C, _DEF_deftype(rectype, i)) -- Rectype_ok: `%|-%:%`(C, rectype, OK_oktypeidx(x)) -- if (rectype = REC_rectype(`%`_list(subtype^n{subtype <- `subtype*`}))) -- if (i < n) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:95.1-95.108 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:98.1-98.108 relation Comptype_sub: `%|-%<:%`(context, comptype, comptype) ;; ../../../../specification/wasm-latest/2.2-validation.subtyping.spectec:169.1-171.41 rule struct{C : context, `ft_1*` : fieldtype*, `ft'_1*` : fieldtype*, `ft_2*` : fieldtype*}: @@ -25807,7 +26587,7 @@ relation Comptype_sub: `%|-%<:%`(context, comptype, comptype) -- Resulttype_sub: `%|-%<:%`(C, `%`_resulttype(t_21*{t_21 <- `t_21*`}), `%`_resulttype(t_11*{t_11 <- `t_11*`})) -- Resulttype_sub: `%|-%<:%`(C, `%`_resulttype(t_12*{t_12 <- `t_12*`}), `%`_resulttype(t_22*{t_22 <- `t_22*`})) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:96.1-96.107 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:99.1-99.107 relation Deftype_sub: `%|-%<:%`(context, deftype, deftype) ;; ../../../../specification/wasm-latest/2.2-validation.subtyping.spectec:183.1-185.66 rule refl{C : context, deftype_1 : deftype, deftype_2 : deftype}: @@ -28885,42 +29665,60 @@ relation Val_ok: `%|-%:%`(store, val, valtype) `%|-%:%`(s, (ref : ref <: val), (rt : reftype <: valtype)) -- Ref_ok: `%|-%:%`(s, ref, rt) +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec +relation Packval_ok: `%|-%:%`(store, packval, packtype) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule _{s : store, pt : packtype, c : iN($psizenn(pt))}: + `%|-%:%`(s, PACK_packval(pt, c), pt) + +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec +relation Fieldval_ok: `%|-%:%`(store, fieldval, storagetype) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule val{s : store, val : val, t : valtype}: + `%|-%:%`(s, (val : val <: fieldval), (t : valtype <: storagetype)) + -- Val_ok: `%|-%:%`(s, val, t) + + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec + rule packval{s : store, packval : packval, pt : packtype}: + `%|-%:%`(s, (packval : packval <: fieldval), (pt : packtype <: storagetype)) + -- Packval_ok: `%|-%:%`(s, packval, pt) + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec rec { -;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:86.1-86.84 +;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:103.1-103.84 relation Externaddr_ok: `%|-%:%`(store, externaddr, externtype) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:88.1-90.28 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:105.1-107.28 rule tag{s : store, a : addr, taginst : taginst}: `%|-%:%`(s, TAG_externaddr(a), TAG_externtype(taginst.TYPE_taginst)) -- if (a < |s.TAGS_store|) -- if (s.TAGS_store[a] = taginst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:92.1-94.34 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:109.1-111.34 rule global{s : store, a : addr, globalinst : globalinst}: `%|-%:%`(s, GLOBAL_externaddr(a), GLOBAL_externtype(globalinst.TYPE_globalinst)) -- if (a < |s.GLOBALS_store|) -- if (s.GLOBALS_store[a] = globalinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:96.1-98.28 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:113.1-115.28 rule mem{s : store, a : addr, meminst : meminst}: `%|-%:%`(s, MEM_externaddr(a), MEM_externtype(meminst.TYPE_meminst)) -- if (a < |s.MEMS_store|) -- if (s.MEMS_store[a] = meminst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:100.1-102.32 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:117.1-119.32 rule table{s : store, a : addr, tableinst : tableinst}: `%|-%:%`(s, TABLE_externaddr(a), TABLE_externtype(tableinst.TYPE_tableinst)) -- if (a < |s.TABLES_store|) -- if (s.TABLES_store[a] = tableinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:104.1-106.30 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:121.1-123.30 rule func{s : store, a : addr, funcinst : funcinst}: `%|-%:%`(s, FUNC_externaddr(a), FUNC_externtype((funcinst.TYPE_funcinst : deftype <: typeuse))) -- if (a < |s.FUNCS_store|) -- if (s.FUNCS_store[a] = funcinst) - ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:108.1-111.37 + ;; ../../../../specification/wasm-latest/4.1-execution.values.spectec:125.1-128.37 rule sub{s : store, externaddr : externaddr, xt : externtype, xt' : externtype}: `%|-%:%`(s, externaddr, xt) -- Externaddr_ok: `%|-%:%`(s, externaddr, xt') @@ -30654,6 +31452,426 @@ def $ordered(decl*) : bool ;; ../../../../specification/wasm-latest/6.4-text.modules.spectec def $ordered{`decl_1*` : decl*, import : import, `decl_2*` : decl*}(decl_1*{decl_1 <- `decl_1*`} ++ [(import : import <: decl)] ++ decl_2*{decl_2 <- `decl_2*`}) = (((((($importsd(decl_1*{decl_1 <- `decl_1*`}) = []) /\ ($tagsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($globalsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($memsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($tablesd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($funcsd(decl_1*{decl_1 <- `decl_1*`}) = [])) +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Localval_ok: `%|-%:%`(store, val?, localtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule set{s : store, val : val, t : valtype}: + `%|-%:%`(s, ?(val), `%%`_localtype(SET_init, t)) + -- Val_ok: `%|-%:%`(s, val, t) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule unset{s : store}: + `%|-%:%`(s, ?(), `%%`_localtype(UNSET_init, BOT_valtype)) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Datainst_ok: `%|-%:%`(store, datainst, datatype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `b*` : byte*}: + `%|-%:%`(s, {BYTES b*{b <- `b*`}}, OK_datatype) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Eleminst_ok: `%|-%:%`(store, eleminst, elemtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, rt : reftype, `ref*` : ref*}: + `%|-%:%`(s, {TYPE rt, REFS ref*{ref <- `ref*`}}, rt) + -- Reftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, rt) + -- (Ref_ok: `%|-%:%`(s, ref, rt))*{ref <- `ref*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Exportinst_ok: `%|-%:OK`(store, exportinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, nm : name, xa : externaddr, xt : externtype}: + `%|-%:OK`(s, {NAME nm, ADDR xa}) + -- Externaddr_ok: `%|-%:%`(s, xa, xt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Moduleinst_ok: `%|-%:%`(store, moduleinst, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `deftype*` : deftype*, `tagaddr*` : tagaddr*, `globaladdr*` : globaladdr*, `memaddr*` : memaddr*, `tableaddr*` : tableaddr*, `funcaddr*` : funcaddr*, `dataaddr*` : dataaddr*, `elemaddr*` : elemaddr*, `exportinst*` : exportinst*, `subtype*` : subtype*, `tagtype*` : tagtype*, `globaltype*` : globaltype*, `memtype*` : memtype*, `tabletype*` : tabletype*, `deftype_F*` : deftype*, `datatype*` : datatype*, `elemtype*` : elemtype*}: + `%|-%:%`(s, {TYPES deftype*{deftype <- `deftype*`}, TAGS tagaddr*{tagaddr <- `tagaddr*`}, GLOBALS globaladdr*{globaladdr <- `globaladdr*`}, MEMS memaddr*{memaddr <- `memaddr*`}, TABLES tableaddr*{tableaddr <- `tableaddr*`}, FUNCS funcaddr*{funcaddr <- `funcaddr*`}, DATAS dataaddr*{dataaddr <- `dataaddr*`}, ELEMS elemaddr*{elemaddr <- `elemaddr*`}, EXPORTS exportinst*{exportinst <- `exportinst*`}}, {TYPES deftype*{deftype <- `deftype*`}, RECS subtype*{subtype <- `subtype*`}, TAGS tagtype*{tagtype <- `tagtype*`}, GLOBALS globaltype*{globaltype <- `globaltype*`}, MEMS memtype*{memtype <- `memtype*`}, TABLES tabletype*{tabletype <- `tabletype*`}, FUNCS deftype_F*{deftype_F <- `deftype_F*`}, DATAS datatype*{datatype <- `datatype*`}, ELEMS elemtype*{elemtype <- `elemtype*`}, LOCALS [], LABELS [], RETURN ?(), REFS `%`_funcidx(i)^(i<|funcaddr*{funcaddr <- `funcaddr*`}|){}}) + -- (Deftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, deftype))*{deftype <- `deftype*`} + -- if (|`tagaddr*`| = |`tagtype*`|) + -- (Externaddr_ok: `%|-%:%`(s, TAG_externaddr(tagaddr), TAG_externtype(tagtype)))*{tagaddr <- `tagaddr*`, tagtype <- `tagtype*`} + -- if (|`globaladdr*`| = |`globaltype*`|) + -- (Externaddr_ok: `%|-%:%`(s, GLOBAL_externaddr(globaladdr), GLOBAL_externtype(globaltype)))*{globaladdr <- `globaladdr*`, globaltype <- `globaltype*`} + -- if (|`deftype_F*`| = |`funcaddr*`|) + -- (Externaddr_ok: `%|-%:%`(s, FUNC_externaddr(funcaddr), FUNC_externtype((deftype_F : deftype <: typeuse))))*{deftype_F <- `deftype_F*`, funcaddr <- `funcaddr*`} + -- if (|`memaddr*`| = |`memtype*`|) + -- (Externaddr_ok: `%|-%:%`(s, MEM_externaddr(memaddr), MEM_externtype(memtype)))*{memaddr <- `memaddr*`, memtype <- `memtype*`} + -- if (|`tableaddr*`| = |`tabletype*`|) + -- (Externaddr_ok: `%|-%:%`(s, TABLE_externaddr(tableaddr), TABLE_externtype(tabletype)))*{tableaddr <- `tableaddr*`, tabletype <- `tabletype*`} + -- if (|`dataaddr*`| = |`datatype*`|) + -- (if (dataaddr < |s.DATAS_store|))*{dataaddr <- `dataaddr*`} + -- (Datainst_ok: `%|-%:%`(s, s.DATAS_store[dataaddr], datatype))*{dataaddr <- `dataaddr*`, datatype <- `datatype*`} + -- if (|`elemaddr*`| = |`elemtype*`|) + -- (if (elemaddr < |s.ELEMS_store|))*{elemaddr <- `elemaddr*`} + -- (Eleminst_ok: `%|-%:%`(s, s.ELEMS_store[elemaddr], elemtype))*{elemaddr <- `elemaddr*`, elemtype <- `elemtype*`} + -- (Exportinst_ok: `%|-%:OK`(s, exportinst))*{exportinst <- `exportinst*`} + -- if $disjoint_(syntax name, exportinst.NAME_exportinst*{exportinst <- `exportinst*`}) + -- if (|TAG_externaddr(tagaddr)*{tagaddr <- `tagaddr*`} ++ GLOBAL_externaddr(globaladdr)*{globaladdr <- `globaladdr*`} ++ MEM_externaddr(memaddr)*{memaddr <- `memaddr*`} ++ TABLE_externaddr(tableaddr)*{tableaddr <- `tableaddr*`} ++ FUNC_externaddr(funcaddr)*{funcaddr <- `funcaddr*`}| > 0) + -- (if (exportinst.ADDR_exportinst <- TAG_externaddr(tagaddr)*{tagaddr <- `tagaddr*`} ++ GLOBAL_externaddr(globaladdr)*{globaladdr <- `globaladdr*`} ++ MEM_externaddr(memaddr)*{memaddr <- `memaddr*`} ++ TABLE_externaddr(tableaddr)*{tableaddr <- `tableaddr*`} ++ FUNC_externaddr(funcaddr)*{funcaddr <- `funcaddr*`}))*{exportinst <- `exportinst*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Frame_ok: `%|-%:%`(store, frame, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `val?*` : val?*, moduleinst : moduleinst, C : context, `lct*` : localtype*}: + `%|-%:%`(s, {LOCALS val?{val <- `val?`}*{`val?` <- `val?*`}, MODULE moduleinst}, C +++ {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS lct*{lct <- `lct*`}, LABELS [], RETURN ?(), REFS []}) + -- Moduleinst_ok: `%|-%:%`(s, moduleinst, C) + -- if (|`lct*`| = |`val?*`|) + -- (Localval_ok: `%|-%:%`(s, val?{val <- `val?`}, lct))*{lct <- `lct*`, `val?` <- `val?*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +rec { + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-3.56 +relation Instr_ok2: `%;%|-%:%`(store, context, instr, instrtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-9.46 + rule plain{s : store, C : context, instr : instr, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Instr_ok: `%|-%:%`(C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:11.1-13.27 + rule ref{s : store, C : context, ref : ref, rt : reftype}: + `%;%|-%:%`(s, C, (ref : ref <: instr), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([(rt : reftype <: valtype)]))) + -- Ref_ok: `%|-%:%`(s, ref, rt) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:15.1-18.68 + rule label{s : store, C : context, n : n, `instr'*` : instr*, `instr*` : instr*, `t*` : valtype*, `t'*` : valtype*, `x'*` : idx*, `x*` : idx*}: + `%;%|-%:%`(s, C, `LABEL_%{%}%`_instr(n, instr'*{instr' <- `instr'*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr'*{instr' <- `instr'*`}, `%->_%%`_instrtype(`%`_resulttype(t'^n{t' <- `t'*`}), x'*{x' <- `x'*`}, `%`_resulttype(t*{t <- `t*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [`%`_resulttype(t'^n{t' <- `t'*`})], RETURN ?(), REFS []} +++ C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:20.1-23.37 + rule frame{s : store, C : context, n : n, f : frame, `instr*` : instr*, `t*` : valtype*, C' : context}: + `%;%|-%:%`(s, C, `FRAME_%{%}%`_instr(n, f, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t^n{t <- `t*`}))) + -- Frame_ok: `%|-%:%`(s, f, C') + -- Expr_ok2: `%;%|-%:%`(s, C', instr*{instr <- `instr*`}, `%`_resulttype(t^n{t <- `t*`})) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:25.1-28.52 + rule handler{s : store, C : context, n : n, `catch*` : catch*, `instr*` : instr*, `t_1*` : valtype*, `t_2*` : valtype*, `x*` : idx*}: + `%;%|-%:%`(s, C, `HANDLER_%{%}%`_instr(n, catch*{catch <- `catch*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- (Catch_ok: `%|-%:OK`(C, catch))*{catch <- `catch*`} + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:30.1-32.42 + rule trap{s : store, C : context, `t_1*` : valtype*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, TRAP_instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Instrtype_ok: `%|-%:OK`(C, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:4.1-4.58 +relation Instrs_ok2: `%;%|-%:%`(store, context, instr*, instrtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:35.1-36.27 + rule empty{s : store, C : context}: + `%;%|-%:%`(s, C, [], `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([]))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-42.86 + rule seq{s : store, C : context, instr_1 : instr, `instr_2*` : instr*, `t_1*` : valtype*, `x_1*` : idx*, `x_2*` : idx*, `t_3*` : valtype*, `t_2*` : valtype*, `init*` : init*, `t*` : valtype*}: + `%;%|-%:%`(s, C, [instr_1] ++ instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`} ++ x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) + -- Instr_ok2: `%;%|-%:%`(s, C, instr_1, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- if (|`init*`| = |`t*`|) + -- if (|`init*`| = |`x_1*`|) + -- (if (x_1!`%`_idx.0 < |C.LOCALS_context|))*{x_1 <- `x_1*`} + -- (if (C.LOCALS_context[x_1!`%`_idx.0] = `%%`_localtype(init, t)))*{init <- `init*`, t <- `t*`, x_1 <- `x_1*`} + -- Instrs_ok2: `%;%|-%:%`(s, $with_locals(C, x_1*{x_1 <- `x_1*`}, `%%`_localtype(SET_init, t)*{t <- `t*`}), instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_2*{t_2 <- `t_2*`}), x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:44.1-48.33 + rule sub{s : store, C : context, `instr*` : instr*, it' : instrtype, it : instrtype}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it') + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it) + -- Instrtype_sub: `%|-%<:%`(C, it, it') + -- Instrtype_ok: `%|-%:OK`(C, it') + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:51.1-54.33 + rule frame{s : store, C : context, `instr*` : instr*, `t*` : valtype*, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t*{t <- `t*`} ++ t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`} ++ t_2*{t_2 <- `t_2*`}))) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) + -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-5.55 +relation Expr_ok2: `%;%|-%:%`(store, context, expr, resulttype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:57.1-59.44 + rule _{s : store, C : context, `instr*` : instr*, `t*` : valtype*}: + `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) + -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) +} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Taginst_ok: `%|-%:%`(store, taginst, tagtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, jt : tagtype}: + `%|-%:%`(s, {TYPE jt}, jt) + -- Tagtype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, jt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Globalinst_ok: `%|-%:%`(store, globalinst, globaltype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `mut?` : mut?, t : valtype, val : val}: + `%|-%:%`(s, {TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val}, `%%`_globaltype(mut?{mut <- `mut?`}, t)) + -- Globaltype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%`_globaltype(mut?{mut <- `mut?`}, t)) + -- Val_ok: `%|-%:%`(s, val, t) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Meminst_ok: `%|-%:%`(store, meminst, memtype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, at : addrtype, n : n, m : m, `b*` : byte*}: + `%|-%:%`(s, {TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m)))), BYTES b*{b <- `b*`}}, `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))))) + -- Memtype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))))) + -- if (|b*{b <- `b*`}| = (n * (64 * $Ki))) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Tableinst_ok: `%|-%:%`(store, tableinst, tabletype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, at : addrtype, n : n, m : m, rt : reftype, `ref*` : ref*}: + `%|-%:%`(s, {TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt), REFS ref*{ref <- `ref*`}}, `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt)) + -- Tabletype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt)) + -- if (|ref*{ref <- `ref*`}| = n) + -- (Ref_ok: `%|-%:%`(s, ref, rt))*{ref <- `ref*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Funcinst_ok: `%|-%:%`(store, funcinst, deftype) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, moduleinst : moduleinst, func : func, C : context, dt' : deftype}: + `%|-%:%`(s, {TYPE dt, MODULE moduleinst, CODE (func : func <: funccode)}, dt) + -- Deftype_ok: `%|-%:OK`({TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, dt) + -- Moduleinst_ok: `%|-%:%`(s, moduleinst, C) + -- Func_ok: `%|-%:%`(C, func, dt') + -- Deftype_sub: `%|-%<:%`(C, dt', dt) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Structinst_ok: `%|-%:OK`(store, structinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, `fv*` : fieldval*, `mut?*` : mut?*, `zt*` : storagetype*}: + `%|-%:OK`(s, {TYPE dt, FIELDS fv*{fv <- `fv*`}}) + -- Expand: `%~~%`(dt, STRUCT_comptype(`%`_list(`%%`_fieldtype(mut?{mut <- `mut?`}, zt)*{`mut?` <- `mut?*`, zt <- `zt*`}))) + -- if (|`fv*`| = |`zt*`|) + -- (Fieldval_ok: `%|-%:%`(s, fv, zt))*{fv <- `fv*`, zt <- `zt*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Arrayinst_ok: `%|-%:OK`(store, arrayinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, dt : deftype, `fv*` : fieldval*, `mut?` : mut?, zt : storagetype}: + `%|-%:OK`(s, {TYPE dt, FIELDS fv*{fv <- `fv*`}}) + -- Expand: `%~~%`(dt, ARRAY_comptype(`%%`_fieldtype(mut?{mut <- `mut?`}, zt))) + -- (Fieldval_ok: `%|-%:%`(s, fv, zt))*{fv <- `fv*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Exninst_ok: `%|-%:OK`(store, exninst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, ta : tagaddr, `val*` : val*, dt : deftype, `t*` : valtype*}: + `%|-%:OK`(s, {TAG ta, FIELDS val*{val <- `val*`}}) + -- if (ta < |s.TAGS_store|) + -- if ((dt : deftype <: typeuse) = s.TAGS_store[ta].TYPE_taginst) + -- Expand: `%~~%`(dt, `FUNC%->%`_comptype(`%`_resulttype(t*{t <- `t*`}), `%`_resulttype([]))) + -- if (|`t*`| = |`val*`|) + -- (Val_ok: `%|-%:%`(s, val, t))*{t <- `t*`, val <- `val*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +rec { + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:205.1-205.50 +relation ImmReachable: `%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:217.1-220.33 + rule trans{fv_1 : fieldval, s : store, fv_2 : fieldval, fv' : fieldval}: + `%>>_%%`(fv_1, s, fv_2) + -- ImmReachable: `%>>_%%`(fv_1, s, fv') + -- ImmReachable: `%>>_%%`(fv', s, fv_2) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.20 + rule `ref.struct`{a : addr, s : store, i : nat, `ft*` : fieldtype*, zt : storagetype}: + `%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, s.STRUCTS_store[a].FIELDS_structinst[i]) + -- if (i < |s.STRUCTS_store[a].FIELDS_structinst|) + -- if (a < |s.STRUCTS_store|) + -- Expand: `%~~%`(s.STRUCTS_store[a].TYPE_structinst, STRUCT_comptype(`%`_list(ft*{ft <- `ft*`}))) + -- if (i < |ft*{ft <- `ft*`}|) + -- if (ft*{ft <- `ft*`}[i] = `%%`_fieldtype(?(), zt)) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-229.42 + rule `ref.array`{a : addr, s : store, i : nat, zt : storagetype}: + `%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, s.ARRAYS_store[a].FIELDS_arrayinst[i]) + -- if (i < |s.ARRAYS_store[a].FIELDS_arrayinst|) + -- if (a < |s.ARRAYS_store|) + -- Expand: `%~~%`(s.ARRAYS_store[a].TYPE_arrayinst, ARRAY_comptype(`%%`_fieldtype(?(), zt))) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:231.1-232.44 + rule `ref.exn`{a : addr, s : store, i : nat}: + `%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, (s.EXNS_store[a].FIELDS_exninst[i] : val <: fieldval)) + -- if (i < |s.EXNS_store[a].FIELDS_exninst|) + -- if (a < |s.EXNS_store|) + + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:234.1-235.28 + rule `ref.extern`{ref : ref, s : store}: + `%>>_%%`(`REF.EXTERN`_fieldval(ref), s, (ref : ref <: fieldval)) +} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +def $NotImmReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false + -- ImmReachable: `%>>_%%`(fv_1, s, fv_2) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true + -- otherwise + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation NotImmReachable: `~%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{fv_1 : fieldval, s : store, fv_2 : fieldval}: + `~%>>_%%`(fv_1, s, fv_2) + -- if $NotImmReachable(fv_1, s, fv_2) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Store_ok: `|-%:OK`(store) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, `taginst*` : taginst*, `tagtype*` : tagtype*, `globalinst*` : globalinst*, `globaltype*` : globaltype*, `meminst*` : meminst*, `memtype*` : memtype*, `tableinst*` : tableinst*, `tabletype*` : tabletype*, `deftype*` : deftype*, `funcinst*` : funcinst*, `datainst*` : datainst*, `datatype*` : datatype*, `eleminst*` : eleminst*, `elemtype*` : elemtype*, `structinst*` : structinst*, `arrayinst*` : arrayinst*, `exninst*` : exninst*}: + `|-%:OK`(s) + -- if (|`taginst*`| = |`tagtype*`|) + -- (Taginst_ok: `%|-%:%`(s, taginst, tagtype))*{taginst <- `taginst*`, tagtype <- `tagtype*`} + -- if (|`globalinst*`| = |`globaltype*`|) + -- (Globalinst_ok: `%|-%:%`(s, globalinst, globaltype))*{globalinst <- `globalinst*`, globaltype <- `globaltype*`} + -- if (|`meminst*`| = |`memtype*`|) + -- (Meminst_ok: `%|-%:%`(s, meminst, memtype))*{meminst <- `meminst*`, memtype <- `memtype*`} + -- if (|`tableinst*`| = |`tabletype*`|) + -- (Tableinst_ok: `%|-%:%`(s, tableinst, tabletype))*{tableinst <- `tableinst*`, tabletype <- `tabletype*`} + -- if (|`deftype*`| = |`funcinst*`|) + -- (Funcinst_ok: `%|-%:%`(s, funcinst, deftype))*{deftype <- `deftype*`, funcinst <- `funcinst*`} + -- if (|`datainst*`| = |`datatype*`|) + -- (Datainst_ok: `%|-%:%`(s, datainst, datatype))*{datainst <- `datainst*`, datatype <- `datatype*`} + -- if (|`eleminst*`| = |`elemtype*`|) + -- (Eleminst_ok: `%|-%:%`(s, eleminst, elemtype))*{eleminst <- `eleminst*`, elemtype <- `elemtype*`} + -- (Structinst_ok: `%|-%:OK`(s, structinst))*{structinst <- `structinst*`} + -- (Arrayinst_ok: `%|-%:OK`(s, arrayinst))*{arrayinst <- `arrayinst*`} + -- (Exninst_ok: `%|-%:OK`(s, exninst))*{exninst <- `exninst*`} + -- (NotImmReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} + -- (NotImmReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} + -- (NotImmReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} + -- if (s = {TAGS taginst*{taginst <- `taginst*`}, GLOBALS globalinst*{globalinst <- `globalinst*`}, MEMS meminst*{meminst <- `meminst*`}, TABLES tableinst*{tableinst <- `tableinst*`}, FUNCS funcinst*{funcinst <- `funcinst*`}, DATAS datainst*{datainst <- `datainst*`}, ELEMS eleminst*{eleminst <- `eleminst*`}, STRUCTS structinst*{structinst <- `structinst*`}, ARRAYS arrayinst*{arrayinst <- `arrayinst*`}, EXNS exninst*{exninst <- `exninst*`}}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_taginst: `%<=%`(taginst, taginst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{jt : tagtype}: + `%<=%`({TYPE jt}, {TYPE jt}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_globalinst: `%<=%`(globalinst, globalinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{`mut?` : mut?, t : valtype, val : val, val' : val}: + `%<=%`({TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val}, {TYPE `%%`_globaltype(mut?{mut <- `mut?`}, t), VALUE val'}) + -- if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (val = val')) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_meminst: `%<=%`(meminst, meminst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{at : addrtype, n : n, m : m, `b*` : byte*, n' : n, `b'*` : byte*}: + `%<=%`({TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m)))), BYTES b*{b <- `b*`}}, {TYPE `%%PAGE`_memtype(at, `[%..%]`_limits(`%`_u64(n'), ?(`%`_u64(m)))), BYTES b'*{b' <- `b'*`}}) + -- if (n <= n') + -- if (|b*{b <- `b*`}| <= |b'*{b' <- `b'*`}|) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_tableinst: `%<=%`(tableinst, tableinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{at : addrtype, n : n, m : m, rt : reftype, `ref*` : ref*, n' : n, `ref'*` : ref*}: + `%<=%`({TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n), ?(`%`_u64(m))), rt), REFS ref*{ref <- `ref*`}}, {TYPE `%%%`_tabletype(at, `[%..%]`_limits(`%`_u64(n'), ?(`%`_u64(m))), rt), REFS ref'*{ref' <- `ref'*`}}) + -- if (n <= n') + -- if (|ref*{ref <- `ref*`}| <= |ref'*{ref' <- `ref'*`}|) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_funcinst: `%<=%`(funcinst, funcinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, mm : moduleinst, fc : funccode}: + `%<=%`({TYPE dt, MODULE mm, CODE fc}, {TYPE dt, MODULE mm, CODE fc}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_datainst: `%<=%`(datainst, datainst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{`b*` : byte*, `b'*` : byte*}: + `%<=%`({BYTES b*{b <- `b*`}}, {BYTES b'*{b' <- `b'*`}}) + -- if ((b*{b <- `b*`} = b'*{b' <- `b'*`}) \/ (b'*{b' <- `b'*`} = [])) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_eleminst: `%<=%`(eleminst, eleminst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{rt : reftype, `ref*` : ref*, `ref'*` : ref*}: + `%<=%`({TYPE rt, REFS ref*{ref <- `ref*`}}, {TYPE rt, REFS ref'*{ref' <- `ref'*`}}) + -- if ((ref*{ref <- `ref*`} = ref'*{ref' <- `ref'*`}) \/ (ref'*{ref' <- `ref'*`} = [])) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_structinst: `%<=%`(structinst, structinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, `fv*` : fieldval*, `fv'*` : fieldval*, `mut?*` : mut?*, `zt*` : storagetype*}: + `%<=%`({TYPE dt, FIELDS fv*{fv <- `fv*`}}, {TYPE dt, FIELDS fv'*{fv' <- `fv'*`}}) + -- Expand: `%~~%`(dt, STRUCT_comptype(`%`_list(`%%`_fieldtype(mut?{mut <- `mut?`}, zt)*{`mut?` <- `mut?*`, zt <- `zt*`}))) + -- if (|`fv*`| = |`fv'*`|) + -- if (|`fv*`| = |`mut?*`|) + -- (if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (fv = fv')))*{fv <- `fv*`, fv' <- `fv'*`, `mut?` <- `mut?*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_arrayinst: `%<=%`(arrayinst, arrayinst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{dt : deftype, `fv*` : fieldval*, `fv'*` : fieldval*, `mut?` : mut?, zt : storagetype}: + `%<=%`({TYPE dt, FIELDS fv*{fv <- `fv*`}}, {TYPE dt, FIELDS fv'*{fv' <- `fv'*`}}) + -- Expand: `%~~%`(dt, ARRAY_comptype(`%%`_fieldtype(mut?{mut <- `mut?`}, zt))) + -- if (|`fv*`| = |`fv'*`|) + -- (if ((mut?{mut <- `mut?`} = ?(MUT_mut)) \/ (fv = fv')))*{fv <- `fv*`, fv' <- `fv'*`} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_exninst: `%<=%`(exninst, exninst) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{ta : tagaddr, `val*` : val*}: + `%<=%`({TAG ta, FIELDS val*{val <- `val*`}}, {TAG ta, FIELDS val*{val <- `val*`}}) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Extend_store: `%<=%`(store, store) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, s' : store}: + `%<=%`(s, s') + -- (if (a < |s.TAGS_store|))^(a<|s.TAGS_store|){} + -- (if (a < |s'.TAGS_store|))^(a<|s.TAGS_store|){} + -- (Extend_taginst: `%<=%`(s.TAGS_store[a], s'.TAGS_store[a]))^(a<|s.TAGS_store|){} + -- (if (a < |s.GLOBALS_store|))^(a<|s.GLOBALS_store|){} + -- (if (a < |s'.GLOBALS_store|))^(a<|s.GLOBALS_store|){} + -- (Extend_globalinst: `%<=%`(s.GLOBALS_store[a], s'.GLOBALS_store[a]))^(a<|s.GLOBALS_store|){} + -- (if (a < |s.MEMS_store|))^(a<|s.MEMS_store|){} + -- (if (a < |s'.MEMS_store|))^(a<|s.MEMS_store|){} + -- (Extend_meminst: `%<=%`(s.MEMS_store[a], s'.MEMS_store[a]))^(a<|s.MEMS_store|){} + -- (if (a < |s.TABLES_store|))^(a<|s.TABLES_store|){} + -- (if (a < |s'.TABLES_store|))^(a<|s.TABLES_store|){} + -- (Extend_tableinst: `%<=%`(s.TABLES_store[a], s'.TABLES_store[a]))^(a<|s.TABLES_store|){} + -- (if (a < |s.FUNCS_store|))^(a<|s.FUNCS_store|){} + -- (if (a < |s'.FUNCS_store|))^(a<|s.FUNCS_store|){} + -- (Extend_funcinst: `%<=%`(s.FUNCS_store[a], s'.FUNCS_store[a]))^(a<|s.FUNCS_store|){} + -- (if (a < |s.DATAS_store|))^(a<|s.DATAS_store|){} + -- (if (a < |s'.DATAS_store|))^(a<|s.DATAS_store|){} + -- (Extend_datainst: `%<=%`(s.DATAS_store[a], s'.DATAS_store[a]))^(a<|s.DATAS_store|){} + -- (if (a < |s.ELEMS_store|))^(a<|s.ELEMS_store|){} + -- (if (a < |s'.ELEMS_store|))^(a<|s.ELEMS_store|){} + -- (Extend_eleminst: `%<=%`(s.ELEMS_store[a], s'.ELEMS_store[a]))^(a<|s.ELEMS_store|){} + -- (if (a < |s.STRUCTS_store|))^(a<|s.STRUCTS_store|){} + -- (if (a < |s'.STRUCTS_store|))^(a<|s.STRUCTS_store|){} + -- (Extend_structinst: `%<=%`(s.STRUCTS_store[a], s'.STRUCTS_store[a]))^(a<|s.STRUCTS_store|){} + -- (if (a < |s.ARRAYS_store|))^(a<|s.ARRAYS_store|){} + -- (if (a < |s'.ARRAYS_store|))^(a<|s.ARRAYS_store|){} + -- (Extend_arrayinst: `%<=%`(s.ARRAYS_store[a], s'.ARRAYS_store[a]))^(a<|s.ARRAYS_store|){} + -- (if (a < |s.EXNS_store|))^(a<|s.EXNS_store|){} + -- (if (a < |s'.EXNS_store|))^(a<|s.EXNS_store|){} + -- (Extend_exninst: `%<=%`(s.EXNS_store[a], s'.EXNS_store[a]))^(a<|s.EXNS_store|){} + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation State_ok: `|-%:%`(state, context) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{s : store, f : frame, C : context}: + `|-%:%`(`%;%`_state(s, f), C) + -- Store_ok: `|-%:OK`(s) + -- Frame_ok: `%|-%:%`(s, f, C) + +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec +relation Config_ok: `|-%:OK`(config) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec + rule _{z : state, `instr*` : instr*, C : context, `t*` : valtype*}: + `|-%:OK`(`%;%`_config(z, instr*{instr <- `instr*`})) + -- State_ok: `|-%:%`(z, C) + -- Expr_ok: `%|-%:%`(C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) + ;; ../../../../specification/wasm-latest/X.1-notation.syntax.spectec syntax A = nat From d3ee633bea606ba2bf795bc041d3d3526ef71eeb Mon Sep 17 00:00:00 2001 From: Andreas Rossberg Date: Thu, 16 Apr 2026 17:43:04 +0200 Subject: [PATCH 03/15] [spectec] Add wf rule for contexts --- document/core/appendix/properties.rst | 8 ++ document/core/util/macros.def | 5 ++ .../wasm-3.0/2.1-validation.types.spectec | 5 ++ .../wasm-3.0/7.0-soundness.contexts.spectec | 35 ++++++++ .../wasm-latest/2.1-validation.types.spectec | 5 ++ .../7.0-soundness.contexts.spectec | 35 ++++++++ spectec/test-frontend/TEST.md | 86 ++++++++++++------- spectec/test-latex/TEST.md | 67 +++++++++++++++ 8 files changed, 217 insertions(+), 29 deletions(-) create mode 100644 specification/wasm-3.0/7.0-soundness.contexts.spectec create mode 100644 specification/wasm-latest/7.0-soundness.contexts.spectec diff --git a/document/core/appendix/properties.rst b/document/core/appendix/properties.rst index c04d2be17d..4a8e451562 100644 --- a/document/core/appendix/properties.rst +++ b/document/core/appendix/properties.rst @@ -287,6 +287,14 @@ Results } +.. _valid-localtype: +.. _valid-context: + +.. todo + Context Validity + ~~~~~~~~~~~~~~~~ + + .. _module-context: .. _valid-store: diff --git a/document/core/util/macros.def b/document/core/util/macros.def index 341ace26cf..fce5bc2e93 100644 --- a/document/core/util/macros.def +++ b/document/core/util/macros.def @@ -1183,6 +1183,7 @@ .. |vdashtabletype| mathdef:: \xref{valid/types}{valid-tabletype}{\vdash} .. |vdashmemtype| mathdef:: \xref{valid/types}{valid-memtype}{\vdash} .. |vdashglobaltype| mathdef:: \xref{valid/types}{valid-globaltype}{\vdash} +.. |vdashlocaltype| mathdef:: \xref{appendix/properties}{valid-localtype}{\vdash} .. |vdashtagtype| mathdef:: \xref{valid/types}{valid-tagtype}{\vdash} .. |vdashexterntype| mathdef:: \xref{valid/types}{valid-externtype}{\vdash} .. |vdashdeftype| mathdef:: \xref{appendix/properties}{valid-deftype}{\vdash} @@ -1209,6 +1210,7 @@ .. |OKtabletype| mathdef:: \xref{valid/types}{valid-tabletype}{\K{ok}} .. |OKmemtype| mathdef:: \xref{valid/types}{valid-memtype}{\K{ok}} .. |OKglobaltype| mathdef:: \xref{valid/types}{valid-globaltype}{\K{ok}} +.. |OKlocaltype| mathdef:: \xref{appendix/properties}{valid-localtype}{\K{ok}} .. |OKtagtype| mathdef:: \xref{valid/types}{valid-tagtype}{\K{ok}} .. |OKexterntype| mathdef:: \xref{valid/types}{valid-externtype}{\K{ok}} .. |OKlimits| mathdef:: \xref{valid/types}{valid-limits}{\K{ok}} @@ -1302,6 +1304,9 @@ .. |zeroop| mathdef:: \xref{syntax/instructions}{aux-zeroop}{\F{zeroop}} .. |halfop| mathdef:: \xref{syntax/instructions}{aux-halfop}{\F{halfop}} +.. |vdashcontext| mathdef:: \xref{appendix/properties}{valid-context}{\vdash} +.. |OKcontext| mathdef:: \xref{appendix/properties}{valid-context}{\K{ok}} + .. Execution .. --------- diff --git a/specification/wasm-3.0/2.1-validation.types.spectec b/specification/wasm-3.0/2.1-validation.types.spectec index 692f986dea..c0fe556d08 100644 --- a/specification/wasm-3.0/2.1-validation.types.spectec +++ b/specification/wasm-3.0/2.1-validation.types.spectec @@ -49,9 +49,14 @@ rule Valtype_ok/bot: ;; Result & instruction types +relation Localtype_ok: context |- localtype : OK hint(name "K-local") hint(macro "%localtype") relation Resulttype_ok: context |- resulttype : OK hint(name "K-result") hint(macro "%resulttype") relation Instrtype_ok: context |- instrtype : OK hint(name "K-instr") hint(macro "%instrtype") +rule Localtype_ok: + C |- init t : OK + -- Valtype_ok: C |- t : OK + rule Resulttype_ok: C |- t* : OK -- (Valtype_ok: C |- t : OK)* diff --git a/specification/wasm-3.0/7.0-soundness.contexts.spectec b/specification/wasm-3.0/7.0-soundness.contexts.spectec new file mode 100644 index 0000000000..fcddfe5bb1 --- /dev/null +++ b/specification/wasm-3.0/7.0-soundness.contexts.spectec @@ -0,0 +1,35 @@ +;; Contexts + +relation Context_ok: |- context : OK hint(macro "%context") + +rule Context_ok: + |- C : OK + -- if C = + { TYPES dt^n, + RECS st^m, + TAGS jt*, + GLOBALS gt*, + MEMS mt*, + TABLES tt*, + FUNCS dt_F*, + DATAS ok*, + ELEMS et*, + LOCALS lct*, + LABELS rt*, + RETURN rt'?, + REFS x* + } + -- if C_0 = {TYPES dt^n} + -- (Deftype_ok: {TYPES dt^n[0 : i]} |- dt : OK)^(i t_2)* + -- (Reftype_ok: C_0 |- et : OK)* + -- (Localtype_ok: C_0 |- lct : OK)* + -- (Resulttype_ok: C_0 |- rt : OK)* + -- (Resulttype_ok: C_0 |- rt' : OK)? + -- (if x < |dt_F*|)* diff --git a/specification/wasm-latest/2.1-validation.types.spectec b/specification/wasm-latest/2.1-validation.types.spectec index 692f986dea..c0fe556d08 100644 --- a/specification/wasm-latest/2.1-validation.types.spectec +++ b/specification/wasm-latest/2.1-validation.types.spectec @@ -49,9 +49,14 @@ rule Valtype_ok/bot: ;; Result & instruction types +relation Localtype_ok: context |- localtype : OK hint(name "K-local") hint(macro "%localtype") relation Resulttype_ok: context |- resulttype : OK hint(name "K-result") hint(macro "%resulttype") relation Instrtype_ok: context |- instrtype : OK hint(name "K-instr") hint(macro "%instrtype") +rule Localtype_ok: + C |- init t : OK + -- Valtype_ok: C |- t : OK + rule Resulttype_ok: C |- t* : OK -- (Valtype_ok: C |- t : OK)* diff --git a/specification/wasm-latest/7.0-soundness.contexts.spectec b/specification/wasm-latest/7.0-soundness.contexts.spectec new file mode 100644 index 0000000000..fcddfe5bb1 --- /dev/null +++ b/specification/wasm-latest/7.0-soundness.contexts.spectec @@ -0,0 +1,35 @@ +;; Contexts + +relation Context_ok: |- context : OK hint(macro "%context") + +rule Context_ok: + |- C : OK + -- if C = + { TYPES dt^n, + RECS st^m, + TAGS jt*, + GLOBALS gt*, + MEMS mt*, + TABLES tt*, + FUNCS dt_F*, + DATAS ok*, + ELEMS et*, + LOCALS lct*, + LABELS rt*, + RETURN rt'?, + REFS x* + } + -- if C_0 = {TYPES dt^n} + -- (Deftype_ok: {TYPES dt^n[0 : i]} |- dt : OK)^(i t_2)* + -- (Reftype_ok: C_0 |- et : OK)* + -- (Localtype_ok: C_0 |- lct : OK)* + -- (Resulttype_ok: C_0 |- rt : OK)* + -- (Resulttype_ok: C_0 |- rt' : OK)? + -- (if x < |dt_F*|)* diff --git a/spectec/test-frontend/TEST.md b/spectec/test-frontend/TEST.md index 9f4e56f9b1..49ac87c308 100644 --- a/spectec/test-frontend/TEST.md +++ b/spectec/test-frontend/TEST.md @@ -2826,68 +2826,68 @@ relation Valtype_ok: `%|-%:OK`(context, valtype) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:12.1-12.94 relation Typeuse_ok: `%|-%:OK`(context, typeuse) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:102.1-104.30 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:107.1-109.30 rule typeidx{C : context, typeidx : typeidx, dt : deftype}: `%|-%:OK`(C, _IDX_typeuse(typeidx)) -- if (C.TYPES_context[typeidx!`%`_typeidx.0] = dt) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:106.1-108.23 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:111.1-113.23 rule rec{C : context, i : n, st : subtype}: `%|-%:OK`(C, REC_typeuse(i)) -- if (C.RECS_context[i] = st) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:110.1-112.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:115.1-117.35 rule deftype{C : context, deftype : deftype}: `%|-%:OK`(C, (deftype : deftype <: typeuse)) -- Deftype_ok: `%|-%:OK`(C, deftype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:52.1-52.100 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:53.1-53.100 relation Resulttype_ok: `%|-%:OK`(context, resulttype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:55.1-57.32 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:60.1-62.32 rule _{C : context, `t*` : valtype*}: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) -- (Valtype_ok: `%|-%:OK`(C, t))*{t <- `t*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:88.1-88.104 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:93.1-93.104 relation Fieldtype_ok: `%|-%:OK`(context, fieldtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:126.1-128.43 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:131.1-133.43 rule _{C : context, storagetype : storagetype}: `%|-%:OK`(C, `%%`_fieldtype(MUT_mut?{}, storagetype)) -- Storagetype_ok: `%|-%:OK`(C, storagetype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:89.1-89.106 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:94.1-94.106 relation Storagetype_ok: `%|-%:OK`(context, storagetype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:118.1-120.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:123.1-125.35 rule val{C : context, valtype : valtype}: `%|-%:OK`(C, (valtype : valtype <: storagetype)) -- Valtype_ok: `%|-%:OK`(C, valtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:122.1-124.37 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:127.1-129.37 rule pack{C : context, packtype : packtype}: `%|-%:OK`(C, (packtype : packtype <: storagetype)) -- Packtype_ok: `%|-%:OK`(C, packtype) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:90.1-90.103 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:95.1-95.103 relation Comptype_ok: `%|-%:OK`(context, comptype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:131.1-133.42 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:136.1-138.42 rule struct{C : context, `fieldtype*` : fieldtype*}: `%|-%:OK`(C, STRUCT_comptype(`%`_list(fieldtype*{fieldtype <- `fieldtype*`}))) -- (Fieldtype_ok: `%|-%:OK`(C, fieldtype))*{fieldtype <- `fieldtype*`} - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:135.1-137.39 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:140.1-142.39 rule array{C : context, fieldtype : fieldtype}: `%|-%:OK`(C, ARRAY_comptype(fieldtype)) -- Fieldtype_ok: `%|-%:OK`(C, fieldtype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:139.1-142.35 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:144.1-147.35 rule func{C : context, `t_1*` : valtype*, `t_2*` : valtype*}: `%|-%:OK`(C, `FUNC%->%`_comptype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t_1*{t_1 <- `t_1*`})) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t_2*{t_2 <- `t_2*`})) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:91.1-91.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:96.1-96.126 relation Subtype_ok: `%|-%:%`(context, subtype, oktypeidx) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:145.1-152.49 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:150.1-157.49 rule _{C : context, `x*` : idx*, comptype : comptype, x_0 : idx, `comptype'*` : comptype*, `x'**` : idx**}: `%|-%:%`(C, SUB_subtype(FINAL_final?{}, _IDX_typeuse(x)*{x <- `x*`}, comptype), OK_oktypeidx(x_0)) -- if (|x*{x <- `x*`}| <= 1) @@ -2896,26 +2896,26 @@ relation Subtype_ok: `%|-%:%`(context, subtype, oktypeidx) -- Comptype_ok: `%|-%:OK`(C, comptype) -- (Comptype_sub: `%|-%<:%`(C, comptype, comptype'))*{comptype' <- `comptype'*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:92.1-92.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:97.1-97.126 relation Rectype_ok: `%|-%:%`(context, rectype, oktypeidx) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:174.1-175.23 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:179.1-180.23 rule empty{C : context, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidx(x)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:177.1-180.48 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:182.1-185.48 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Subtype_ok: `%|-%:%`(C, subtype_1, OK_oktypeidx(x)) -- Rectype_ok: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(`%`_typeidx((x!`%`_idx.0 + 1)))) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:182.1-184.60 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:187.1-189.60 rule _rec2{C : context, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Rectype_ok2: `%|-%:%`({TYPES [], RECS subtype*{subtype <- `subtype*`}, TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []} +++ C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, 0)) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:93.1-93.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:98.1-98.126 relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:164.1-171.49 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:169.1-176.49 rule _{C : context, `typeuse*` : typeuse*, compttype : comptype, x : idx, i : nat, `comptype'*` : comptype*, `typeuse'**` : typeuse**, comptype : comptype}: `%|-%:%`(C, SUB_subtype(FINAL_final?{}, typeuse*{typeuse <- `typeuse*`}, compttype), OK_oktypeidxnat(x, i)) -- if (|typeuse*{typeuse <- `typeuse*`}| <= 1) @@ -2924,28 +2924,28 @@ relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) -- Comptype_ok: `%|-%:OK`(C, comptype) -- (Comptype_sub: `%|-%<:%`(C, comptype, comptype'))*{comptype' <- `comptype'*`} -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:94.1-94.126 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:99.1-99.126 relation Rectype_ok2: `%|-%:%`(context, rectype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:186.1-187.24 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:191.1-192.24 rule empty{C : context, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidxnat(x, i)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:189.1-192.55 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:194.1-197.55 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, i)) -- Subtype_ok2: `%|-%:%`(C, subtype_1, OK_oktypeidxnat(x, i)) -- Rectype_ok2: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(`%`_typeidx((x!`%`_idx.0 + 1)), (i + 1))) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:95.1-95.102 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:100.1-100.102 relation Deftype_ok: `%|-%:OK`(context, deftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:195.1-199.14 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:200.1-204.14 rule _{C : context, rectype : rectype, i : n, x : idx, n : n, `subtype*` : subtype*}: `%|-%:OK`(C, _DEF_deftype(rectype, i)) -- Rectype_ok: `%|-%:%`(C, rectype, OK_oktypeidx(x)) -- if (rectype = REC_rectype(`%`_list(subtype^n{subtype <- `subtype*`}))) -- if (i < n) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:98.1-98.108 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:103.1-103.108 relation Comptype_sub: `%|-%<:%`(context, comptype, comptype) ;; ../../../../specification/wasm-latest/2.2-validation.subtyping.spectec:169.1-171.41 rule struct{C : context, `ft_1*` : fieldtype*, `ft'_1*` : fieldtype*, `ft_2*` : fieldtype*}: @@ -2963,7 +2963,7 @@ relation Comptype_sub: `%|-%<:%`(context, comptype, comptype) -- Resulttype_sub: `%|-%<:%`(C, `%`_resulttype(t_21*{t_21 <- `t_21*`}), `%`_resulttype(t_11*{t_11 <- `t_11*`})) -- Resulttype_sub: `%|-%<:%`(C, `%`_resulttype(t_12*{t_12 <- `t_12*`}), `%`_resulttype(t_22*{t_22 <- `t_22*`})) -;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:99.1-99.107 +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:104.1-104.107 relation Deftype_sub: `%|-%<:%`(context, deftype, deftype) ;; ../../../../specification/wasm-latest/2.2-validation.subtyping.spectec:183.1-185.66 rule refl{C : context, deftype_1 : deftype, deftype_2 : deftype}: @@ -3134,6 +3134,13 @@ relation Fieldtype_sub: `%|-%<:%`(context, fieldtype, fieldtype) -- Storagetype_sub: `%|-%<:%`(C, zt_2, zt_1) } +;; ../../../../specification/wasm-latest/2.1-validation.types.spectec +relation Localtype_ok: `%|-%:OK`(context, localtype) + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec + rule _{C : context, init : init, t : valtype}: + `%|-%:OK`(C, `%%`_localtype(init, t)) + -- Valtype_ok: `%|-%:OK`(C, t) + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec relation Instrtype_ok: `%|-%:OK`(context, instrtype) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec @@ -7655,6 +7662,27 @@ def $ordered(decl*) : bool ;; ../../../../specification/wasm-latest/6.4-text.modules.spectec def $ordered{`decl_1*` : decl*, import : import, `decl_2*` : decl*}(decl_1*{decl_1 <- `decl_1*`} ++ [(import : import <: decl)] ++ decl_2*{decl_2 <- `decl_2*`}) = (((((($importsd(decl_1*{decl_1 <- `decl_1*`}) = []) /\ ($tagsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($globalsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($memsd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($tablesd(decl_1*{decl_1 <- `decl_1*`}) = [])) /\ ($funcsd(decl_1*{decl_1 <- `decl_1*`}) = [])) +;; ../../../../specification/wasm-latest/7.0-soundness.contexts.spectec +relation Context_ok: `|-%:OK`(context) + ;; ../../../../specification/wasm-latest/7.0-soundness.contexts.spectec + rule _{C : context, n : n, `dt*` : deftype*, m : m, `st*` : subtype*, `jt*` : tagtype*, `gt*` : globaltype*, `mt*` : memtype*, `tt*` : tabletype*, `dt_F*` : deftype*, `ok*` : datatype*, `et*` : elemtype*, `lct*` : localtype*, `rt*` : reftype*, `rt'?` : reftype?, `x*` : idx*, C_0 : context, `t_1*` : valtype*, `t_2*` : valtype*}: + `|-%:OK`(C) + -- if (C = {TYPES dt^n{dt <- `dt*`}, RECS st^m{st <- `st*`}, TAGS jt*{jt <- `jt*`}, GLOBALS gt*{gt <- `gt*`}, MEMS mt*{mt <- `mt*`}, TABLES tt*{tt <- `tt*`}, FUNCS dt_F*{dt_F <- `dt_F*`}, DATAS ok*{ok <- `ok*`}, ELEMS et*{et <- `et*`}, LOCALS lct*{lct <- `lct*`}, LABELS [`%`_resulttype((rt : reftype <: valtype)*{rt <- `rt*`})], RETURN ?(`%`_resulttype(lift((rt' : reftype <: valtype)?{rt' <- `rt'?`}))), REFS x*{x <- `x*`}}) + -- if (C_0 = {TYPES dt^n{dt <- `dt*`}, RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}) + -- (Deftype_ok: `%|-%:OK`({TYPES dt^n{dt <- `dt*`}[0 : i], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []}, dt))^(i%`_comptype(`%`_resulttype([t_1]), `%`_resulttype([t_2]))))*{dt_F <- `dt_F*`, t_1 <- `t_1*`, t_2 <- `t_2*`} + -- (Reftype_ok: `%|-%:OK`(C_0, et))*{et <- `et*`} + -- (Localtype_ok: `%|-%:OK`(C_0, lct))*{lct <- `lct*`} + -- (Resulttype_ok: `%|-%:OK`(C_0, `%`_resulttype([(rt : reftype <: valtype)])))*{rt <- `rt*`} + -- (Resulttype_ok: `%|-%:OK`(C_0, `%`_resulttype([(rt' : reftype <: valtype)])))?{rt' <- `rt'?`} + -- (if (x!`%`_idx.0 < |dt_F*{dt_F <- `dt_F*`}|))*{x <- `x*`} + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec relation Localval_ok: `%|-%:%`(store, val?, localtype) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec diff --git a/spectec/test-latex/TEST.md b/spectec/test-latex/TEST.md index c5883e5c1e..f636828edd 100644 --- a/spectec/test-latex/TEST.md +++ b/spectec/test-latex/TEST.md @@ -4702,10 +4702,23 @@ $$ \vspace{1ex} +$\boxed{{\mathit{context}} \vdash {\mathit{localtype}} : \mathsf{ok}}$ + $\boxed{{\mathit{context}} \vdash {\mathit{resulttype}} : \mathsf{ok}}$ $\boxed{{\mathit{context}} \vdash {\mathit{instrtype}} : \mathsf{ok}}$ +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +C \vdash t : \mathsf{ok} +}{ +C \vdash {\mathit{init}}~t : \mathsf{ok} +} \, {[\textsc{\scriptsize K{-}local}]} +\qquad +\end{array} +$$ + $$ \begin{array}{@{}c@{}}\displaystyle \frac{ @@ -14015,6 +14028,60 @@ $$ \end{array} $$ +$\boxed{{\vdash}\, {\mathit{context}} : \mathsf{ok}}$ + +$$ +\begin{array}{@{}c@{}}\displaystyle +\frac{ +C = \{ \begin{array}[t]{@{}l@{}} +\mathsf{types}~{{\mathit{dt}}^{n}},\; \\ + \mathsf{recs}~{{\mathit{st}}^{m}},\; \\ + \mathsf{tags}~{{\mathit{jt}}^\ast},\; \\ + \mathsf{globals}~{{\mathit{gt}}^\ast},\; \\ + \mathsf{mems}~{{\mathit{mt}}^\ast},\; \\ + \mathsf{tables}~{{\mathit{tt}}^\ast},\; \\ + \mathsf{funcs}~{{\mathit{dt}}_{\mathsf{f}}^\ast},\; \\ + \mathsf{datas}~{{\mathit{ok}}^\ast},\; \\ + \mathsf{elems}~{{\mathit{et}}^\ast},\; \\ + \mathsf{locals}~{{{\mathit{lt}}}^\ast},\; \\ + \mathsf{labels}~{{\mathit{rt}}^\ast},\; \\ + \mathsf{return}~{{\mathit{rt}'}^?},\; \\ + \mathsf{refs}~{x^\ast} \}\end{array} + \qquad +C_0 = \{ \mathsf{types}~{{\mathit{dt}}^{n}} \} + \qquad +(\{ \mathsf{types}~{{\mathit{dt}}^{n}}{}[0 : i] \} \vdash {\mathit{dt}} : \mathsf{ok})^{i Date: Fri, 17 Apr 2026 10:24:15 +0200 Subject: [PATCH 04/15] Fix Subtype_ok invocation --- specification/wasm-latest/2.1-validation.types.spectec | 2 +- specification/wasm-latest/7.0-soundness.contexts.spectec | 2 +- spectec/test-frontend/TEST.md | 4 ++-- spectec/test-latex/TEST.md | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/specification/wasm-latest/2.1-validation.types.spectec b/specification/wasm-latest/2.1-validation.types.spectec index c0fe556d08..26547f752d 100644 --- a/specification/wasm-latest/2.1-validation.types.spectec +++ b/specification/wasm-latest/2.1-validation.types.spectec @@ -184,7 +184,7 @@ rule Rectype_ok/cons: -- Subtype_ok: C |- subtype_1 : OK(x) -- Rectype_ok: C |- REC subtype* : OK($(x+1)) -rule Rectype_ok/_rec2: +rule Rectype_ok/rec2: C |- REC subtype* : OK(x) -- Rectype_ok2: C, RECS subtype* |- REC subtype* : OK x 0 diff --git a/specification/wasm-latest/7.0-soundness.contexts.spectec b/specification/wasm-latest/7.0-soundness.contexts.spectec index fcddfe5bb1..0401088363 100644 --- a/specification/wasm-latest/7.0-soundness.contexts.spectec +++ b/specification/wasm-latest/7.0-soundness.contexts.spectec @@ -21,7 +21,7 @@ rule Context_ok: } -- if C_0 = {TYPES dt^n} -- (Deftype_ok: {TYPES dt^n[0 : i]} |- dt : OK)^(i Date: Fri, 17 Apr 2026 10:50:55 +0200 Subject: [PATCH 05/15] Ass missing wf-premise in Subtype_ok2 rule --- .../wasm-latest/2.1-validation.types.spectec | 1 + spectec/test-frontend/TEST.md | 15 ++++++++------- spectec/test-latex/TEST.md | 2 ++ 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/specification/wasm-latest/2.1-validation.types.spectec b/specification/wasm-latest/2.1-validation.types.spectec index 26547f752d..6ded8415a6 100644 --- a/specification/wasm-latest/2.1-validation.types.spectec +++ b/specification/wasm-latest/2.1-validation.types.spectec @@ -169,6 +169,7 @@ def $unrollht(C, REC i) = C.RECS[i] rule Subtype_ok2: C |- SUB FINAL? typeuse* compttype : OK x i -- if |typeuse*| <= 1 + -- (Typeuse_ok: C |- typeuse : OK)* -- (if $before(typeuse, x, i))* -- (if $unrollht(C, typeuse) = SUB typeuse'* comptype')* ---- diff --git a/spectec/test-frontend/TEST.md b/spectec/test-frontend/TEST.md index 064b58f74f..c3641176e5 100644 --- a/spectec/test-frontend/TEST.md +++ b/spectec/test-frontend/TEST.md @@ -2898,27 +2898,28 @@ relation Subtype_ok: `%|-%:%`(context, subtype, oktypeidx) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:97.1-97.126 relation Rectype_ok: `%|-%:%`(context, rectype, oktypeidx) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:179.1-180.23 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:180.1-181.23 rule empty{C : context, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidx(x)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:182.1-185.48 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:183.1-186.48 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Subtype_ok: `%|-%:%`(C, subtype_1, OK_oktypeidx(x)) -- Rectype_ok: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(`%`_typeidx((x!`%`_idx.0 + 1)))) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:187.1-189.60 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:188.1-190.60 rule rec2{C : context, `subtype*` : subtype*, x : idx}: `%|-%:%`(C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidx(x)) -- Rectype_ok2: `%|-%:%`({TYPES [], RECS subtype*{subtype <- `subtype*`}, TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [], RETURN ?(), REFS []} +++ C, REC_rectype(`%`_list(subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, 0)) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:98.1-98.126 relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:169.1-176.49 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:169.1-177.49 rule _{C : context, `typeuse*` : typeuse*, compttype : comptype, x : idx, i : nat, `comptype'*` : comptype*, `typeuse'**` : typeuse**, comptype : comptype}: `%|-%:%`(C, SUB_subtype(FINAL_final?{}, typeuse*{typeuse <- `typeuse*`}, compttype), OK_oktypeidxnat(x, i)) -- if (|typeuse*{typeuse <- `typeuse*`}| <= 1) + -- (Typeuse_ok: `%|-%:OK`(C, typeuse))*{typeuse <- `typeuse*`} -- (if $before(typeuse, x, i))*{typeuse <- `typeuse*`} -- (if ($unrollht(C, (typeuse : typeuse <: heaptype)) = SUB_subtype(?(), typeuse'*{typeuse' <- `typeuse'*`}, comptype')))*{comptype' <- `comptype'*`, typeuse <- `typeuse*`, `typeuse'*` <- `typeuse'**`} -- Comptype_ok: `%|-%:OK`(C, comptype) @@ -2926,11 +2927,11 @@ relation Subtype_ok2: `%|-%:%`(context, subtype, oktypeidxnat) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:99.1-99.126 relation Rectype_ok2: `%|-%:%`(context, rectype, oktypeidxnat) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:191.1-192.24 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:192.1-193.24 rule empty{C : context, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([])), OK_oktypeidxnat(x, i)) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:194.1-197.55 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:195.1-198.55 rule cons{C : context, subtype_1 : subtype, `subtype*` : subtype*, x : idx, i : nat}: `%|-%:%`(C, REC_rectype(`%`_list([subtype_1] ++ subtype*{subtype <- `subtype*`})), OK_oktypeidxnat(x, i)) -- Subtype_ok2: `%|-%:%`(C, subtype_1, OK_oktypeidxnat(x, i)) @@ -2938,7 +2939,7 @@ relation Rectype_ok2: `%|-%:%`(context, rectype, oktypeidxnat) ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:100.1-100.102 relation Deftype_ok: `%|-%:OK`(context, deftype) - ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:200.1-204.14 + ;; ../../../../specification/wasm-latest/2.1-validation.types.spectec:201.1-205.14 rule _{C : context, rectype : rectype, i : n, x : idx, n : n, `subtype*` : subtype*}: `%|-%:OK`(C, _DEF_deftype(rectype, i)) -- Rectype_ok: `%|-%:%`(C, rectype, OK_oktypeidx(x)) diff --git a/spectec/test-latex/TEST.md b/spectec/test-latex/TEST.md index dd7b0681af..81b32d8401 100644 --- a/spectec/test-latex/TEST.md +++ b/spectec/test-latex/TEST.md @@ -4957,6 +4957,8 @@ $$ \begin{array}{@{}c@{}} {|{{\mathit{typeuse}}^\ast}|} \leq 1 \qquad +(C \vdash {\mathit{typeuse}} : \mathsf{ok})^\ast + \qquad ({\mathit{typeuse}} \prec x, i)^\ast \qquad ({{\mathrm{unroll}}}_{C}({\mathit{typeuse}}) = \mathsf{sub}~{{\mathit{typeuse}'}^\ast}~{\mathit{comptype}'})^\ast From 5fc15841e8f7cbebc052d0d621d97424d3fb220e Mon Sep 17 00:00:00 2001 From: Andreas Rossberg Date: Fri, 17 Apr 2026 11:17:13 +0200 Subject: [PATCH 06/15] Sync 3.0 --- specification/wasm-3.0/2.1-validation.types.spectec | 3 ++- specification/wasm-3.0/7.0-soundness.contexts.spectec | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/specification/wasm-3.0/2.1-validation.types.spectec b/specification/wasm-3.0/2.1-validation.types.spectec index c0fe556d08..6ded8415a6 100644 --- a/specification/wasm-3.0/2.1-validation.types.spectec +++ b/specification/wasm-3.0/2.1-validation.types.spectec @@ -169,6 +169,7 @@ def $unrollht(C, REC i) = C.RECS[i] rule Subtype_ok2: C |- SUB FINAL? typeuse* compttype : OK x i -- if |typeuse*| <= 1 + -- (Typeuse_ok: C |- typeuse : OK)* -- (if $before(typeuse, x, i))* -- (if $unrollht(C, typeuse) = SUB typeuse'* comptype')* ---- @@ -184,7 +185,7 @@ rule Rectype_ok/cons: -- Subtype_ok: C |- subtype_1 : OK(x) -- Rectype_ok: C |- REC subtype* : OK($(x+1)) -rule Rectype_ok/_rec2: +rule Rectype_ok/rec2: C |- REC subtype* : OK(x) -- Rectype_ok2: C, RECS subtype* |- REC subtype* : OK x 0 diff --git a/specification/wasm-3.0/7.0-soundness.contexts.spectec b/specification/wasm-3.0/7.0-soundness.contexts.spectec index fcddfe5bb1..0401088363 100644 --- a/specification/wasm-3.0/7.0-soundness.contexts.spectec +++ b/specification/wasm-3.0/7.0-soundness.contexts.spectec @@ -21,7 +21,7 @@ rule Context_ok: } -- if C_0 = {TYPES dt^n} -- (Deftype_ok: {TYPES dt^n[0 : i]} |- dt : OK)^(i Date: Mon, 20 Apr 2026 17:51:07 +0200 Subject: [PATCH 07/15] Fix Rectype_ok --- .../wasm-latest/2.1-validation.types.spectec | 7 +- .../7.0-soundness.contexts.spectec | 2 +- spectec/test-frontend/TEST.md | 77 +++++++++---------- spectec/test-latex/TEST.md | 17 +--- 4 files changed, 45 insertions(+), 58 deletions(-) diff --git a/specification/wasm-latest/2.1-validation.types.spectec b/specification/wasm-latest/2.1-validation.types.spectec index 6ded8415a6..fb2c8cffe0 100644 --- a/specification/wasm-latest/2.1-validation.types.spectec +++ b/specification/wasm-latest/2.1-validation.types.spectec @@ -185,9 +185,6 @@ rule Rectype_ok/cons: -- Subtype_ok: C |- subtype_1 : OK(x) -- Rectype_ok: C |- REC subtype* : OK($(x+1)) -rule Rectype_ok/rec2: - C |- REC subtype* : OK(x) - -- Rectype_ok2: C, RECS subtype* |- REC subtype* : OK x 0 rule Rectype_ok2/empty: C |- REC eps : OK x i @@ -195,12 +192,12 @@ rule Rectype_ok2/empty: rule Rectype_ok2/cons: C |- REC (subtype_1 subtype*) : OK x i -- Subtype_ok2: C |- subtype_1 : OK x i - -- Rectype_ok2: C |- REC subtype* : OK $(x+1) $(i+1) + -- Rectype_ok2: C |- REC subtype* : OK x $(i+1) rule Deftype_ok: C |- _DEF rectype i : OK - -- Rectype_ok: C |- rectype : OK(x) + -- Rectype_ok2: C, RECS subtype^n |- rectype : OK x 0 -- if rectype = REC subtype^n -- if i < n diff --git a/specification/wasm-latest/7.0-soundness.contexts.spectec b/specification/wasm-latest/7.0-soundness.contexts.spectec index 0401088363..fcddfe5bb1 100644 --- a/specification/wasm-latest/7.0-soundness.contexts.spectec +++ b/specification/wasm-latest/7.0-soundness.contexts.spectec @@ -21,7 +21,7 @@ rule Context_ok: } -- if C_0 = {TYPES dt^n} -- (Deftype_ok: {TYPES dt^n[0 : i]} |- dt : OK)^(i Date: Tue, 21 Apr 2026 11:33:13 +0200 Subject: [PATCH 08/15] Port back to 3.0 --- specification/wasm-3.0/2.1-validation.types.spectec | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/specification/wasm-3.0/2.1-validation.types.spectec b/specification/wasm-3.0/2.1-validation.types.spectec index 6ded8415a6..fb2c8cffe0 100644 --- a/specification/wasm-3.0/2.1-validation.types.spectec +++ b/specification/wasm-3.0/2.1-validation.types.spectec @@ -185,9 +185,6 @@ rule Rectype_ok/cons: -- Subtype_ok: C |- subtype_1 : OK(x) -- Rectype_ok: C |- REC subtype* : OK($(x+1)) -rule Rectype_ok/rec2: - C |- REC subtype* : OK(x) - -- Rectype_ok2: C, RECS subtype* |- REC subtype* : OK x 0 rule Rectype_ok2/empty: C |- REC eps : OK x i @@ -195,12 +192,12 @@ rule Rectype_ok2/empty: rule Rectype_ok2/cons: C |- REC (subtype_1 subtype*) : OK x i -- Subtype_ok2: C |- subtype_1 : OK x i - -- Rectype_ok2: C |- REC subtype* : OK $(x+1) $(i+1) + -- Rectype_ok2: C |- REC subtype* : OK x $(i+1) rule Deftype_ok: C |- _DEF rectype i : OK - -- Rectype_ok: C |- rectype : OK(x) + -- Rectype_ok2: C, RECS subtype^n |- rectype : OK x 0 -- if rectype = REC subtype^n -- if i < n From 715af66446d61c525bbda28aae0874d053e0e3e2 Mon Sep 17 00:00:00 2001 From: Andreas Rossberg Date: Tue, 21 Apr 2026 11:57:24 +0200 Subject: [PATCH 09/15] One more --- specification/wasm-3.0/7.0-soundness.contexts.spectec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specification/wasm-3.0/7.0-soundness.contexts.spectec b/specification/wasm-3.0/7.0-soundness.contexts.spectec index 0401088363..fcddfe5bb1 100644 --- a/specification/wasm-3.0/7.0-soundness.contexts.spectec +++ b/specification/wasm-3.0/7.0-soundness.contexts.spectec @@ -21,7 +21,7 @@ rule Context_ok: } -- if C_0 = {TYPES dt^n} -- (Deftype_ok: {TYPES dt^n[0 : i]} |- dt : OK)^(i Date: Wed, 22 Apr 2026 15:32:31 +0900 Subject: [PATCH 10/15] Hotfix for prose generation --- .../wasm-3.0/7.1-soundness.configurations.spectec | 5 +++++ spectec/src/al/al_util.ml | 1 + spectec/src/al/ast.ml | 1 + spectec/src/al/eq.ml | 1 + spectec/src/al/free.ml | 3 ++- spectec/src/al/print.ml | 5 +++++ spectec/src/al/valid.ml | 2 ++ spectec/src/al/walk.ml | 3 ++- spectec/src/backend-prose/gen.ml | 10 +++++++++- spectec/src/backend-prose/print.ml | 1 + spectec/src/backend-prose/render.ml | 4 +++- spectec/src/il2al/translate.ml | 5 ++--- spectec/src/il2al/transpile.ml | 2 +- 13 files changed, 35 insertions(+), 8 deletions(-) diff --git a/specification/wasm-3.0/7.1-soundness.configurations.spectec b/specification/wasm-3.0/7.1-soundness.configurations.spectec index 37ba3f4d39..dd9909e0c2 100644 --- a/specification/wasm-3.0/7.1-soundness.configurations.spectec +++ b/specification/wasm-3.0/7.1-soundness.configurations.spectec @@ -1,8 +1,11 @@ ;; Administrative instructions relation Instr_ok2: store; context |- instr : instrtype + hint(prose "%3 is valid with %4") relation Instrs_ok2: store; context |- instr* : instrtype + hint(prose "%3 is valid with %4") relation Expr_ok2: store; context |- expr : resulttype + hint(prose "%3 is valid with %4") rule Instr_ok2/plain: s; C |- instr : t_1* ->_(x*) t_2* @@ -203,7 +206,9 @@ rule Store_ok: relation ImmReachable: fieldval >>_store fieldval + hint(prose "%3 is immediately reachable from %1") relation NotImmReachable: `~ fieldval >>_store fieldval + hint(prose "%3 is not immediately reachable from %1") ;; HACK: emulate premise negation ;; TODO(rossberg): directly support negation in IL diff --git a/spectec/src/al/al_util.ml b/spectec/src/al/al_util.ml index 4f8a2275dd..fa73af6af1 100644 --- a/spectec/src/al/al_util.ml +++ b/spectec/src/al/al_util.ml @@ -78,6 +78,7 @@ let hasTypeE ?(at = no) ~note (e, ty) = HasTypeE (e, ty) |> mk_expr at note let topValueE ?(at = no) ~note e_opt = TopValueE e_opt |> mk_expr at note let topValuesE ?(at = no) ~note e = TopValuesE e |> mk_expr at note let subE ?(at = no) ~note (id, ty) = SubE (id, ty) |> mk_expr at note +let relE ?(at = no) ~note (id, el) = RelE (id, el) |> mk_expr at note let yetE ?(at = no) ~note s = YetE s |> mk_expr at note let expA ?(at = no) e = ExpA e $ at diff --git a/spectec/src/al/ast.ml b/spectec/src/al/ast.ml index 53ef0a2ee0..0e00e4efe6 100644 --- a/spectec/src/al/ast.ml +++ b/spectec/src/al/ast.ml @@ -98,6 +98,7 @@ and expr' = | TopValuesE of expr (* "at least expr number of values on the top of the stack" *) (* Administrative Instructions *) | SubE of id * typ (* varid, with specific type *) + | RelE of id * expr list (* Placeholder for untranslated relations *) | YetE of string (* for future not yet implemented feature *) and path = path' phrase diff --git a/spectec/src/al/eq.ml b/spectec/src/al/eq.ml index db662358c2..1a7c9be392 100644 --- a/spectec/src/al/eq.ml +++ b/spectec/src/al/eq.ml @@ -50,6 +50,7 @@ let rec eq_expr e1 e2 = | TopValueE eo1, TopValueE eo2 -> eq_expr_opt eo1 eo2 | TopValuesE e1, TopValuesE e2 -> eq_expr e1 e2 | SubE (i1, t1), SubE (i2, t2) -> i1 = i2 && Il.Eq.eq_typ t1 t2 + | RelE (id1, el1), RelE (id2, el2) -> id1 = id2 && eq_exprs el1 el2 | YetE s1, YetE s2 -> s1 = s2 | _ -> false diff --git a/spectec/src/al/free.ml b/spectec/src/al/free.ml index 55e095d772..4d574d0beb 100644 --- a/spectec/src/al/free.ml +++ b/spectec/src/al/free.ml @@ -37,7 +37,8 @@ let rec free_expr expr = | InvCallE (_, _, al) -> free_list free_arg al | TupE el | ListE el - | CaseE (_, el) -> free_list free_expr el + | CaseE (_, el) + | RelE (_, el) -> free_list free_expr el | StrE r -> free_list (fun (_, e) -> free_expr !e) r | AccE (e, p) -> free_expr e @ free_path p | ExtE (e1, ps, e2, _) diff --git a/spectec/src/al/print.ml b/spectec/src/al/print.ml index 4d8ff82fd2..4b8b0e382b 100644 --- a/spectec/src/al/print.ml +++ b/spectec/src/al/print.ml @@ -186,6 +186,7 @@ and string_of_expr expr = sprintf "%s <: %s" (string_of_expr e1) (string_of_expr e2) + | RelE (id, es) -> sprintf "rel(%s, [%s])" id (string_of_exprs ", " es) | YetE s -> sprintf "YetE (%s)" s and string_of_exprs sep = string_of_list string_of_expr sep @@ -504,6 +505,10 @@ and structured_string_of_expr expr = Printf.sprintf "Matches (%s, %s)" (structured_string_of_expr e1) (structured_string_of_expr e2) + | RelE (id, el) -> + Printf.sprintf "RelE (%s, [%s])" + id + (structured_string_of_exprs el) | YetE s -> "YetE (" ^ s ^ ")" and structured_string_of_exprs el = string_of_list structured_string_of_expr ", " el diff --git a/spectec/src/al/valid.ml b/spectec/src/al/valid.ml index fe90248c01..e3b2388374 100644 --- a/spectec/src/al/valid.ml +++ b/spectec/src/al/valid.ml @@ -632,6 +632,8 @@ and valid_expr env (expr: expr) : unit = valid_expr env expr1; check_bool source expr.note; check_num source expr1.note + | RelE (_, exprs) -> + List.iter (valid_expr env) exprs | SubE _ | YetE _ -> error_valid "invalid expression" source "" ) diff --git a/spectec/src/al/walk.ml b/spectec/src/al/walk.ml index adc0d4b92b..3f32a9b7b2 100644 --- a/spectec/src/al/walk.ml +++ b/spectec/src/al/walk.ml @@ -46,7 +46,7 @@ let walk_expr (walker: unit_walker) (expr: expr) : unit = walker.walk_expr walker e1; walker.walk_expr walker e2 | CallE (_, al) | InvCallE (_, _, al) -> List.iter (walker.walk_arg walker) al - | TupE el | ListE el | CaseE (_, el) -> + | TupE el | ListE el | CaseE (_, el) | RelE (_, el) -> List.iter (walker.walk_expr walker) el | StrE r -> List.iter (fun (_, e) -> walker.walk_expr walker !e) r | AccE (e, p) -> walker.walk_expr walker e; walk_path walker p @@ -163,6 +163,7 @@ let walk_expr (walker: walker) (expr: expr) : expr = | TopValueE e_opt -> TopValueE (Option.map walk_expr e_opt) | TopValuesE e -> TopValuesE (walk_expr e) | MatchE (e1, e2) -> MatchE (walk_expr e1, walk_expr e2) + | RelE (id, el) -> RelE (id, List.map walk_expr el) in { expr with it } diff --git a/spectec/src/backend-prose/gen.ml b/spectec/src/backend-prose/gen.ml index 29e8389a7c..ad44ce4592 100644 --- a/spectec/src/backend-prose/gen.ml +++ b/spectec/src/backend-prose/gen.ml @@ -34,9 +34,17 @@ let flatten_rec def = | Ast.RecD defs -> defs | _ -> [ def ] +(* List of relation names that appear in the prose of the validation rules *) +let validation_helper_relations = [ + "Expand"; + "Expand_use"; + "ImmReachable"; + "NotImmReachable" +] let is_validation_helper_relation def = match def.it with - | Ast.RelD (id, _, _, _, _) -> id.it = "Expand" || id.it = "Expand_use" + | Ast.RelD (id, _, _, _, _) -> + List.mem id.it validation_helper_relations | _ -> false (* NOTE: Assume validation relation is `|-` *) let is_validation_relation def = diff --git a/spectec/src/backend-prose/print.ml b/spectec/src/backend-prose/print.ml index c12405a632..5c523a44a6 100644 --- a/spectec/src/backend-prose/print.ml +++ b/spectec/src/backend-prose/print.ml @@ -166,6 +166,7 @@ and string_of_expr expr = sprintf "%s matches %s" (string_of_expr e1) (string_of_expr e2) + | RelE (id, el) -> sprintf "the relation %s(%s) holds" id (string_of_exprs ", " el) | YetE s -> sprintf "YetE (%s)" s and string_of_exprs sep = diff --git a/spectec/src/backend-prose/render.ml b/spectec/src/backend-prose/render.ml index bacc5e9110..75ba54d68e 100644 --- a/spectec/src/backend-prose/render.ml +++ b/spectec/src/backend-prose/render.ml @@ -680,7 +680,9 @@ and render_expr' env expr = | [arg] -> sprintf "the type of %s" arg | _ -> error expr.at "Invalid arity for relation call"; ) - else error expr.at ("Not supported relation call: " ^ id) + else + (* error expr.at ("Not supported relation call: " ^ id) *) + sprintf "%s(%s)" id (String.concat ", " args) ) | Al.Ast.InvCallE (id, nl, al) -> let lhs_variable = diff --git a/spectec/src/il2al/translate.ml b/spectec/src/il2al/translate.ml index 4d56bea331..3b0c9c9399 100644 --- a/spectec/src/il2al/translate.ml +++ b/spectec/src/il2al/translate.ml @@ -923,9 +923,8 @@ let translate_rulepr id exp = | name, el when String.ends_with ~suffix: "_const" name -> [ assertI (callE (name, el |> List.map expA) ~at ~note:boolT) ~at:at] - | _ -> - print_yet exp.at "translate_rulepr" ("`" ^ Il.Print.string_of_exp exp ^ "`"); - [ yetI ("TODO: translate_rulepr " ^ id.it) ~at ] + | name, el -> + [ ifI (relE (name, el) ~at ~note:boolT, [], []) ~at ] let rec translate_iterpr pr (iter, xes) = let instrs = translate_prem pr in diff --git a/spectec/src/il2al/transpile.ml b/spectec/src/il2al/transpile.ml index 38dd5b72a6..64606cc7f4 100644 --- a/spectec/src/il2al/transpile.ml +++ b/spectec/src/il2al/transpile.ml @@ -894,7 +894,7 @@ let rec enhance_readability instrs = in if !loop_cnt = 0 || Eq.eq_instrs instrs instrs' then ( - if !loop_cnt = 0 then print_endline "[WARNING] enhance_readability did not reach fixpoint. (Hint: Missed case for eq.ml?)"; + if !loop_cnt = 0 then print_endline "[WARNING] enhance_readability did not reach fixpoint. (Hint: Missed case for al/eq.ml?)"; loop_cnt := loop_max; instrs ) else ( From f4eca41e09527d3355c822779bb29da966ee4c9b Mon Sep 17 00:00:00 2001 From: Andreas Rossberg Date: Wed, 22 Apr 2026 09:27:54 +0200 Subject: [PATCH 11/15] Test expects; rename --- .../7.1-soundness.configurations.spectec | 38 +- .../7.1-soundness.configurations.spectec | 39 +- spectec/src/backend-prose/gen.ml | 4 +- spectec/test-frontend/TEST.md | 64 +- spectec/test-interpreter/TEST.md | 4 - spectec/test-latex/TEST.md | 18 +- spectec/test-middlend/TEST.md | 192 +- spectec/test-prose/TEST.md | 1559 +++++++++++++++-- spectec/test-splice/TEST.md | 101 +- 9 files changed, 1646 insertions(+), 373 deletions(-) diff --git a/specification/wasm-3.0/7.1-soundness.configurations.spectec b/specification/wasm-3.0/7.1-soundness.configurations.spectec index dd9909e0c2..d059ee9a63 100644 --- a/specification/wasm-3.0/7.1-soundness.configurations.spectec +++ b/specification/wasm-3.0/7.1-soundness.configurations.spectec @@ -197,46 +197,46 @@ rule Store_ok: -- (Arrayinst_ok: s |- arrayinst : OK)* -- (Exninst_ok: s |- exninst : OK)* ---- - -- (NotImmReachable: `~ (REF.STRUCT_ADDR a) >>_s (REF.STRUCT_ADDR a))^(a<|structinst*|) - -- (NotImmReachable: `~ (REF.ARRAY_ADDR a) >>_s (REF.ARRAY_ADDR a))^(a<|arrayinst*|) - -- (NotImmReachable: `~ (REF.EXN_ADDR a) >>_s (REF.EXN_ADDR a))^(a<|exninst*|) + -- (NotImmutReachable: `~ (REF.STRUCT_ADDR a) >>_s (REF.STRUCT_ADDR a))^(a<|structinst*|) + -- (NotImmutReachable: `~ (REF.ARRAY_ADDR a) >>_s (REF.ARRAY_ADDR a))^(a<|arrayinst*|) + -- (NotImmutReachable: `~ (REF.EXN_ADDR a) >>_s (REF.EXN_ADDR a))^(a<|exninst*|) ---- -- if s = {TAGS taginst*, GLOBALS globalinst*, MEMS meminst*, TABLES tableinst*, FUNCS funcinst*, DATAS datainst*, ELEMS eleminst*, STRUCTS structinst*, ARRAYS arrayinst*, EXNS exninst*} -relation ImmReachable: fieldval >>_store fieldval - hint(prose "%3 is immediately reachable from %1") -relation NotImmReachable: `~ fieldval >>_store fieldval - hint(prose "%3 is not immediately reachable from %1") +relation ImmutReachable: fieldval >>_store fieldval + hint(prose "%3 is immutably reachable from %1") +relation NotImmutReachable: `~ fieldval >>_store fieldval + hint(prose "%3 is not immutably reachable from %1") ;; HACK: emulate premise negation -;; TODO(rossberg): directly support negation in IL -def $NotImmReachable(fieldval, store, fieldval) : bool -def $NotImmReachable(fv_1, s, fv_2) = false -- ImmReachable: fv_1 >>_s fv_2 -def $NotImmReachable(fv_1, s, fv_2) = true -- otherwise +;; TODO(rossberg): directly support negation in EL +def $NotImmutReachable(fieldval, store, fieldval) : bool +def $NotImmutReachable(fv_1, s, fv_2) = false -- ImmutReachable: fv_1 >>_s fv_2 +def $NotImmutReachable(fv_1, s, fv_2) = true -- otherwise -rule NotImmReachable: `~ fv_1 >>_s fv_2 -- if $NotImmReachable(fv_1, s, fv_2) +rule NotImmutReachable: `~ fv_1 >>_s fv_2 -- if $NotImmutReachable(fv_1, s, fv_2) -rule ImmReachable/trans: +rule ImmutReachable/trans: fv_1 >>_s fv_2 - -- ImmReachable: fv_1 >>_s fv' - -- ImmReachable: fv' >>_s fv_2 + -- ImmutReachable: fv_1 >>_s fv' + -- ImmutReachable: fv' >>_s fv_2 -rule ImmReachable/ref.struct: +rule ImmutReachable/ref.struct: (REF.STRUCT_ADDR a) >>_s s.STRUCTS[a].FIELDS[i] -- Expand: s.STRUCTS[a].TYPE ~~ STRUCT ft* -- if ft*[i] = zt -rule ImmReachable/ref.array: +rule ImmutReachable/ref.array: (REF.ARRAY_ADDR a) >>_s s.ARRAYS[a].FIELDS[i] -- Expand: s.ARRAYS[a].TYPE ~~ ARRAY zt -rule ImmReachable/ref.exn: +rule ImmutReachable/ref.exn: (REF.EXN_ADDR a) >>_s s.EXNS[a].FIELDS[i] -rule ImmReachable/ref.extern: +rule ImmutReachable/ref.extern: (REF.EXTERN ref) >>_s ref diff --git a/specification/wasm-latest/7.1-soundness.configurations.spectec b/specification/wasm-latest/7.1-soundness.configurations.spectec index 37ba3f4d39..d059ee9a63 100644 --- a/specification/wasm-latest/7.1-soundness.configurations.spectec +++ b/specification/wasm-latest/7.1-soundness.configurations.spectec @@ -1,8 +1,11 @@ ;; Administrative instructions relation Instr_ok2: store; context |- instr : instrtype + hint(prose "%3 is valid with %4") relation Instrs_ok2: store; context |- instr* : instrtype + hint(prose "%3 is valid with %4") relation Expr_ok2: store; context |- expr : resulttype + hint(prose "%3 is valid with %4") rule Instr_ok2/plain: s; C |- instr : t_1* ->_(x*) t_2* @@ -194,44 +197,46 @@ rule Store_ok: -- (Arrayinst_ok: s |- arrayinst : OK)* -- (Exninst_ok: s |- exninst : OK)* ---- - -- (NotImmReachable: `~ (REF.STRUCT_ADDR a) >>_s (REF.STRUCT_ADDR a))^(a<|structinst*|) - -- (NotImmReachable: `~ (REF.ARRAY_ADDR a) >>_s (REF.ARRAY_ADDR a))^(a<|arrayinst*|) - -- (NotImmReachable: `~ (REF.EXN_ADDR a) >>_s (REF.EXN_ADDR a))^(a<|exninst*|) + -- (NotImmutReachable: `~ (REF.STRUCT_ADDR a) >>_s (REF.STRUCT_ADDR a))^(a<|structinst*|) + -- (NotImmutReachable: `~ (REF.ARRAY_ADDR a) >>_s (REF.ARRAY_ADDR a))^(a<|arrayinst*|) + -- (NotImmutReachable: `~ (REF.EXN_ADDR a) >>_s (REF.EXN_ADDR a))^(a<|exninst*|) ---- -- if s = {TAGS taginst*, GLOBALS globalinst*, MEMS meminst*, TABLES tableinst*, FUNCS funcinst*, DATAS datainst*, ELEMS eleminst*, STRUCTS structinst*, ARRAYS arrayinst*, EXNS exninst*} -relation ImmReachable: fieldval >>_store fieldval -relation NotImmReachable: `~ fieldval >>_store fieldval +relation ImmutReachable: fieldval >>_store fieldval + hint(prose "%3 is immutably reachable from %1") +relation NotImmutReachable: `~ fieldval >>_store fieldval + hint(prose "%3 is not immutably reachable from %1") ;; HACK: emulate premise negation -;; TODO(rossberg): directly support negation in IL -def $NotImmReachable(fieldval, store, fieldval) : bool -def $NotImmReachable(fv_1, s, fv_2) = false -- ImmReachable: fv_1 >>_s fv_2 -def $NotImmReachable(fv_1, s, fv_2) = true -- otherwise +;; TODO(rossberg): directly support negation in EL +def $NotImmutReachable(fieldval, store, fieldval) : bool +def $NotImmutReachable(fv_1, s, fv_2) = false -- ImmutReachable: fv_1 >>_s fv_2 +def $NotImmutReachable(fv_1, s, fv_2) = true -- otherwise -rule NotImmReachable: `~ fv_1 >>_s fv_2 -- if $NotImmReachable(fv_1, s, fv_2) +rule NotImmutReachable: `~ fv_1 >>_s fv_2 -- if $NotImmutReachable(fv_1, s, fv_2) -rule ImmReachable/trans: +rule ImmutReachable/trans: fv_1 >>_s fv_2 - -- ImmReachable: fv_1 >>_s fv' - -- ImmReachable: fv' >>_s fv_2 + -- ImmutReachable: fv_1 >>_s fv' + -- ImmutReachable: fv' >>_s fv_2 -rule ImmReachable/ref.struct: +rule ImmutReachable/ref.struct: (REF.STRUCT_ADDR a) >>_s s.STRUCTS[a].FIELDS[i] -- Expand: s.STRUCTS[a].TYPE ~~ STRUCT ft* -- if ft*[i] = zt -rule ImmReachable/ref.array: +rule ImmutReachable/ref.array: (REF.ARRAY_ADDR a) >>_s s.ARRAYS[a].FIELDS[i] -- Expand: s.ARRAYS[a].TYPE ~~ ARRAY zt -rule ImmReachable/ref.exn: +rule ImmutReachable/ref.exn: (REF.EXN_ADDR a) >>_s s.EXNS[a].FIELDS[i] -rule ImmReachable/ref.extern: +rule ImmutReachable/ref.extern: (REF.EXTERN ref) >>_s ref diff --git a/spectec/src/backend-prose/gen.ml b/spectec/src/backend-prose/gen.ml index ad44ce4592..a6631d7c65 100644 --- a/spectec/src/backend-prose/gen.ml +++ b/spectec/src/backend-prose/gen.ml @@ -38,8 +38,8 @@ let flatten_rec def = let validation_helper_relations = [ "Expand"; "Expand_use"; - "ImmReachable"; - "NotImmReachable" + "ImmutReachable"; + "NotImmutReachable" ] let is_validation_helper_relation def = match def.it with diff --git a/spectec/test-frontend/TEST.md b/spectec/test-frontend/TEST.md index 9a578035fb..4c0e2bfd15 100644 --- a/spectec/test-frontend/TEST.md +++ b/spectec/test-frontend/TEST.md @@ -7738,70 +7738,70 @@ relation Frame_ok: `%|-%:%`(store, frame, context) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rec { -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-3.56 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-4.36 relation Instr_ok2: `%;%|-%:%`(store, context, instr, instrtype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-9.46 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:10.1-12.46 rule plain{s : store, C : context, instr : instr, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Instr_ok: `%|-%:%`(C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:11.1-13.27 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:14.1-16.27 rule ref{s : store, C : context, ref : ref, rt : reftype}: `%;%|-%:%`(s, C, (ref : ref <: instr), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([(rt : reftype <: valtype)]))) -- Ref_ok: `%|-%:%`(s, ref, rt) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:15.1-18.68 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:18.1-21.68 rule label{s : store, C : context, n : n, `instr'*` : instr*, `instr*` : instr*, `t*` : valtype*, `t'*` : valtype*, `x'*` : idx*, `x*` : idx*}: `%;%|-%:%`(s, C, `LABEL_%{%}%`_instr(n, instr'*{instr' <- `instr'*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) -- Instrs_ok2: `%;%|-%:%`(s, C, instr'*{instr' <- `instr'*`}, `%->_%%`_instrtype(`%`_resulttype(t'^n{t' <- `t'*`}), x'*{x' <- `x'*`}, `%`_resulttype(t*{t <- `t*`}))) -- Instrs_ok2: `%;%|-%:%`(s, {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [`%`_resulttype(t'^n{t' <- `t'*`})], RETURN ?(), REFS []} +++ C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:20.1-23.37 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:23.1-26.37 rule frame{s : store, C : context, n : n, f : frame, `instr*` : instr*, `t*` : valtype*, C' : context}: `%;%|-%:%`(s, C, `FRAME_%{%}%`_instr(n, f, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t^n{t <- `t*`}))) -- Frame_ok: `%|-%:%`(s, f, C') -- Expr_ok2: `%;%|-%:%`(s, C', instr*{instr <- `instr*`}, `%`_resulttype(t^n{t <- `t*`})) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:25.1-28.52 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:28.1-31.52 rule handler{s : store, C : context, n : n, `catch*` : catch*, `instr*` : instr*, `t_1*` : valtype*, `t_2*` : valtype*, `x*` : idx*}: `%;%|-%:%`(s, C, `HANDLER_%{%}%`_instr(n, catch*{catch <- `catch*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- (Catch_ok: `%|-%:OK`(C, catch))*{catch <- `catch*`} -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:30.1-32.42 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:33.1-35.42 rule trap{s : store, C : context, `t_1*` : valtype*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, TRAP_instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Instrtype_ok: `%|-%:OK`(C, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:4.1-4.58 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-6.36 relation Instrs_ok2: `%;%|-%:%`(store, context, instr*, instrtype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:35.1-36.27 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-39.27 rule empty{s : store, C : context}: `%;%|-%:%`(s, C, [], `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([]))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-42.86 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:41.1-45.86 rule seq{s : store, C : context, instr_1 : instr, `instr_2*` : instr*, `t_1*` : valtype*, `x_1*` : idx*, `x_2*` : idx*, `t_3*` : valtype*, `t_2*` : valtype*, `init*` : init*, `t*` : valtype*}: `%;%|-%:%`(s, C, [instr_1] ++ instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`} ++ x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) -- Instr_ok2: `%;%|-%:%`(s, C, instr_1, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- (if (C.LOCALS_context[x_1!`%`_idx.0] = `%%`_localtype(init, t)))*{init <- `init*`, t <- `t*`, x_1 <- `x_1*`} -- Instrs_ok2: `%;%|-%:%`(s, $with_locals(C, x_1*{x_1 <- `x_1*`}, `%%`_localtype(SET_init, t)*{t <- `t*`}), instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_2*{t_2 <- `t_2*`}), x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:44.1-48.33 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:47.1-51.33 rule sub{s : store, C : context, `instr*` : instr*, it' : instrtype, it : instrtype}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it') -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it) -- Instrtype_sub: `%|-%<:%`(C, it, it') -- Instrtype_ok: `%|-%:OK`(C, it') - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:51.1-54.33 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:54.1-57.33 rule frame{s : store, C : context, `instr*` : instr*, `t*` : valtype*, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t*{t <- `t*`} ++ t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`} ++ t_2*{t_2 <- `t_2*`}))) -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-5.55 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-8.36 relation Expr_ok2: `%;%|-%:%`(store, context, expr, resulttype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:57.1-59.44 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:60.1-62.44 rule _{s : store, C : context, `instr*` : instr*, `t*` : valtype*}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) @@ -7877,49 +7877,49 @@ relation Exninst_ok: `%|-%:OK`(store, exninst) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rec { -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:205.1-205.50 -relation ImmReachable: `%>>_%%`(fieldval, store, fieldval) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:217.1-220.33 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:208.1-209.50 +relation ImmutReachable: `%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.35 rule trans{fv_1 : fieldval, s : store, fv_2 : fieldval, fv' : fieldval}: `%>>_%%`(fv_1, s, fv_2) - -- ImmReachable: `%>>_%%`(fv_1, s, fv') - -- ImmReachable: `%>>_%%`(fv', s, fv_2) + -- ImmutReachable: `%>>_%%`(fv_1, s, fv') + -- ImmutReachable: `%>>_%%`(fv', s, fv_2) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.20 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-230.20 rule `ref.struct`{a : addr, s : store, i : nat, `ft*` : fieldtype*, zt : storagetype}: `%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, s.STRUCTS_store[a].FIELDS_structinst[i]) -- Expand: `%~~%`(s.STRUCTS_store[a].TYPE_structinst, STRUCT_comptype(`%`_list(ft*{ft <- `ft*`}))) -- if (ft*{ft <- `ft*`}[i] = `%%`_fieldtype(?(), zt)) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-229.42 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:232.1-234.42 rule `ref.array`{a : addr, s : store, i : nat, zt : storagetype}: `%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, s.ARRAYS_store[a].FIELDS_arrayinst[i]) -- Expand: `%~~%`(s.ARRAYS_store[a].TYPE_arrayinst, ARRAY_comptype(`%%`_fieldtype(?(), zt))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:231.1-232.44 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:236.1-237.44 rule `ref.exn`{a : addr, s : store, i : nat}: `%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, (s.EXNS_store[a].FIELDS_exninst[i] : val <: fieldval)) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:234.1-235.28 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:239.1-240.28 rule `ref.extern`{ref : ref, s : store}: `%>>_%%`(`REF.EXTERN`_fieldval(ref), s, (ref : ref <: fieldval)) } ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec -def $NotImmReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool +def $NotImmutReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec - def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false - -- ImmReachable: `%>>_%%`(fv_1, s, fv_2) + def $NotImmutReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false + -- ImmutReachable: `%>>_%%`(fv_1, s, fv_2) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec - def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true + def $NotImmutReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true -- otherwise ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec -relation NotImmReachable: `~%>>_%%`(fieldval, store, fieldval) +relation NotImmutReachable: `~%>>_%%`(fieldval, store, fieldval) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rule _{fv_1 : fieldval, s : store, fv_2 : fieldval}: `~%>>_%%`(fv_1, s, fv_2) - -- if $NotImmReachable(fv_1, s, fv_2) + -- if $NotImmutReachable(fv_1, s, fv_2) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec relation Store_ok: `|-%:OK`(store) @@ -7936,9 +7936,9 @@ relation Store_ok: `|-%:OK`(store) -- (Structinst_ok: `%|-%:OK`(s, structinst))*{structinst <- `structinst*`} -- (Arrayinst_ok: `%|-%:OK`(s, arrayinst))*{arrayinst <- `arrayinst*`} -- (Exninst_ok: `%|-%:OK`(s, exninst))*{exninst <- `exninst*`} - -- (NotImmReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} - -- (NotImmReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} - -- (NotImmReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} -- if (s = {TAGS taginst*{taginst <- `taginst*`}, GLOBALS globalinst*{globalinst <- `globalinst*`}, MEMS meminst*{meminst <- `meminst*`}, TABLES tableinst*{tableinst <- `tableinst*`}, FUNCS funcinst*{funcinst <- `funcinst*`}, DATAS datainst*{datainst <- `datainst*`}, ELEMS eleminst*{eleminst <- `eleminst*`}, STRUCTS structinst*{structinst <- `structinst*`}, ARRAYS arrayinst*{arrayinst <- `arrayinst*`}, EXNS exninst*{exninst <- `exninst*`}}) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec diff --git a/spectec/test-interpreter/TEST.md b/spectec/test-interpreter/TEST.md index eeda9ed40d..1540225f42 100644 --- a/spectec/test-interpreter/TEST.md +++ b/spectec/test-interpreter/TEST.md @@ -9,7 +9,6 @@ spectec 0.5 generator == Running pass sideconditions... == IL Validation after pass sideconditions... == Translating to AL... -../../../_specification/wasm-latest/7.1-soundness.configurations.spectec:211.62-211.76: translate_rulepr: Yet `(fv_1, s, fv_2)` == Initializing interpreter... == Interpreting... 42 @@ -22,7 +21,6 @@ spectec 0.5 generator == Running pass sideconditions... == IL Validation after pass sideconditions... == Translating to AL... -../../../_specification/wasm-latest/7.1-soundness.configurations.spectec:211.62-211.76: translate_rulepr: Yet `(fv_1, s, fv_2)` == Initializing interpreter... == Interpreting... 42 @@ -35,7 +33,6 @@ spectec 0.5 generator == Running pass sideconditions... == IL Validation after pass sideconditions... == Translating to AL... -../../../_specification/wasm-latest/7.1-soundness.configurations.spectec:211.62-211.76: translate_rulepr: Yet `(fv_1, s, fv_2)` == Initializing interpreter... == Interpreting... - print_i32: 10 @@ -116,7 +113,6 @@ spectec 0.5 generator == Running pass sideconditions... == IL Validation after pass sideconditions... == Translating to AL... -../../../_specification/wasm-3.0/7.1-soundness.configurations.spectec:211.62-211.76: translate_rulepr: Yet `(fv_1, s, fv_2)` == Initializing interpreter... == Interpreting... - print_i32: 83 diff --git a/spectec/test-latex/TEST.md b/spectec/test-latex/TEST.md index 8187fec9f7..739e2ff72e 100644 --- a/spectec/test-latex/TEST.md +++ b/spectec/test-latex/TEST.md @@ -14502,18 +14502,18 @@ $\boxed{\neg~{\mathit{fieldval}} \succ_{{\mathit{store}}} {\mathit{fieldval}}}$ $$ \begin{array}[t]{@{}lcl@{}l@{}} -{\mathrm{NotImmReachable}}({\mathit{fv}}_1, s, {\mathit{fv}}_2) & = & \mathsf{false} & \quad \mbox{if}~ {\mathit{fv}}_1 \succ_{s} {\mathit{fv}}_2 \\ -{\mathrm{NotImmReachable}}({\mathit{fv}}_1, s, {\mathit{fv}}_2) & = & \mathsf{true} & \quad \mbox{otherwise} \\ +{\mathrm{NotImmutReachable}}({\mathit{fv}}_1, s, {\mathit{fv}}_2) & = & \mathsf{false} & \quad \mbox{if}~ {\mathit{fv}}_1 \succ_{s} {\mathit{fv}}_2 \\ +{\mathrm{NotImmutReachable}}({\mathit{fv}}_1, s, {\mathit{fv}}_2) & = & \mathsf{true} & \quad \mbox{otherwise} \\ \end{array} $$ $$ \begin{array}{@{}c@{}}\displaystyle \frac{ -{\mathrm{NotImmReachable}}({\mathit{fv}}_1, s, {\mathit{fv}}_2) +{\mathrm{NotImmutReachable}}({\mathit{fv}}_1, s, {\mathit{fv}}_2) }{ \neg~{\mathit{fv}}_1 \succ_{s} {\mathit{fv}}_2 -} \, {[\textsc{\scriptsize NotImmReachable}]} +} \, {[\textsc{\scriptsize NotImmutReachable}]} \qquad \end{array} $$ @@ -14528,7 +14528,7 @@ $$ {\mathit{fv}'} \succ_{s} {\mathit{fv}}_2 }{ {\mathit{fv}}_1 \succ_{s} {\mathit{fv}}_2 -} \, {[\textsc{\scriptsize ImmReachable{-}trans}]} +} \, {[\textsc{\scriptsize ImmutReachable{-}trans}]} \qquad \end{array} $$ @@ -14541,7 +14541,7 @@ s{.}\mathsf{structs}{}[a]{.}\mathsf{type} \approx \mathsf{struct}~{{\mathit{ft}} {{\mathit{ft}}^\ast}{}[i] = {\mathit{zt}} }{ (\mathsf{ref{.}struct}~a) \succ_{s} s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i] -} \, {[\textsc{\scriptsize ImmReachable{-}ref.struct}]} +} \, {[\textsc{\scriptsize ImmutReachable{-}ref.struct}]} \qquad \end{array} $$ @@ -14552,7 +14552,7 @@ $$ s{.}\mathsf{arrays}{}[a]{.}\mathsf{type} \approx \mathsf{array}~{\mathit{zt}} }{ (\mathsf{ref{.}array}~a) \succ_{s} s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i] -} \, {[\textsc{\scriptsize ImmReachable{-}ref.array}]} +} \, {[\textsc{\scriptsize ImmutReachable{-}ref.array}]} \qquad \end{array} $$ @@ -14562,7 +14562,7 @@ $$ \frac{ }{ (\mathsf{ref{.}exn}~a) \succ_{s} s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i] -} \, {[\textsc{\scriptsize ImmReachable{-}ref.exn}]} +} \, {[\textsc{\scriptsize ImmutReachable{-}ref.exn}]} \qquad \end{array} $$ @@ -14572,7 +14572,7 @@ $$ \frac{ }{ (\mathsf{ref{.}extern}~{\mathit{ref}}) \succ_{s} {\mathit{ref}} -} \, {[\textsc{\scriptsize ImmReachable{-}ref.extern}]} +} \, {[\textsc{\scriptsize ImmutReachable{-}ref.extern}]} \qquad \end{array} $$ diff --git a/spectec/test-middlend/TEST.md b/spectec/test-middlend/TEST.md index 5dc72956a4..6a75185232 100644 --- a/spectec/test-middlend/TEST.md +++ b/spectec/test-middlend/TEST.md @@ -7728,70 +7728,70 @@ relation Frame_ok: `%|-%:%`(store, frame, context) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rec { -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-3.56 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-4.36 relation Instr_ok2: `%;%|-%:%`(store, context, instr, instrtype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-9.46 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:10.1-12.46 rule plain{s : store, C : context, instr : instr, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Instr_ok: `%|-%:%`(C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:11.1-13.27 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:14.1-16.27 rule ref{s : store, C : context, ref : ref, rt : reftype}: `%;%|-%:%`(s, C, (ref : ref <: instr), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([(rt : reftype <: valtype)]))) -- Ref_ok: `%|-%:%`(s, ref, rt) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:15.1-18.68 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:18.1-21.68 rule label{s : store, C : context, n : n, `instr'*` : instr*, `instr*` : instr*, `t*` : valtype*, `t'*` : valtype*, `x'*` : idx*, `x*` : idx*}: `%;%|-%:%`(s, C, `LABEL_%{%}%`_instr(n, instr'*{instr' <- `instr'*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) -- Instrs_ok2: `%;%|-%:%`(s, C, instr'*{instr' <- `instr'*`}, `%->_%%`_instrtype(`%`_resulttype(t'^n{t' <- `t'*`}), x'*{x' <- `x'*`}, `%`_resulttype(t*{t <- `t*`}))) -- Instrs_ok2: `%;%|-%:%`(s, {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [`%`_resulttype(t'^n{t' <- `t'*`})], RETURN ?(), REFS []} +++ C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:20.1-23.37 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:23.1-26.37 rule frame{s : store, C : context, n : n, f : frame, `instr*` : instr*, `t*` : valtype*, C' : context}: `%;%|-%:%`(s, C, `FRAME_%{%}%`_instr(n, f, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t^n{t <- `t*`}))) -- Frame_ok: `%|-%:%`(s, f, C') -- Expr_ok2: `%;%|-%:%`(s, C', instr*{instr <- `instr*`}, `%`_resulttype(t^n{t <- `t*`})) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:25.1-28.52 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:28.1-31.52 rule handler{s : store, C : context, n : n, `catch*` : catch*, `instr*` : instr*, `t_1*` : valtype*, `t_2*` : valtype*, `x*` : idx*}: `%;%|-%:%`(s, C, `HANDLER_%{%}%`_instr(n, catch*{catch <- `catch*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- (Catch_ok: `%|-%:OK`(C, catch))*{catch <- `catch*`} -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:30.1-32.42 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:33.1-35.42 rule trap{s : store, C : context, `t_1*` : valtype*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, TRAP_instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Instrtype_ok: `%|-%:OK`(C, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:4.1-4.58 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-6.36 relation Instrs_ok2: `%;%|-%:%`(store, context, instr*, instrtype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:35.1-36.27 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-39.27 rule empty{s : store, C : context}: `%;%|-%:%`(s, C, [], `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([]))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-42.86 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:41.1-45.86 rule seq{s : store, C : context, instr_1 : instr, `instr_2*` : instr*, `t_1*` : valtype*, `x_1*` : idx*, `x_2*` : idx*, `t_3*` : valtype*, `t_2*` : valtype*, `init*` : init*, `t*` : valtype*}: `%;%|-%:%`(s, C, [instr_1] ++ instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`} ++ x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) -- Instr_ok2: `%;%|-%:%`(s, C, instr_1, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- (if (C.LOCALS_context[x_1!`%`_idx.0] = `%%`_localtype(init, t)))*{init <- `init*`, t <- `t*`, x_1 <- `x_1*`} -- Instrs_ok2: `%;%|-%:%`(s, $with_locals(C, x_1*{x_1 <- `x_1*`}, `%%`_localtype(SET_init, t)*{t <- `t*`}), instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_2*{t_2 <- `t_2*`}), x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:44.1-48.33 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:47.1-51.33 rule sub{s : store, C : context, `instr*` : instr*, it' : instrtype, it : instrtype}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it') -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it) -- Instrtype_sub: `%|-%<:%`(C, it, it') -- Instrtype_ok: `%|-%:OK`(C, it') - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:51.1-54.33 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:54.1-57.33 rule frame{s : store, C : context, `instr*` : instr*, `t*` : valtype*, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t*{t <- `t*`} ++ t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`} ++ t_2*{t_2 <- `t_2*`}))) -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-5.55 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-8.36 relation Expr_ok2: `%;%|-%:%`(store, context, expr, resulttype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:57.1-59.44 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:60.1-62.44 rule _{s : store, C : context, `instr*` : instr*, `t*` : valtype*}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) @@ -7867,49 +7867,49 @@ relation Exninst_ok: `%|-%:OK`(store, exninst) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rec { -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:205.1-205.50 -relation ImmReachable: `%>>_%%`(fieldval, store, fieldval) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:217.1-220.33 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:208.1-209.50 +relation ImmutReachable: `%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.35 rule trans{fv_1 : fieldval, s : store, fv_2 : fieldval, fv' : fieldval}: `%>>_%%`(fv_1, s, fv_2) - -- ImmReachable: `%>>_%%`(fv_1, s, fv') - -- ImmReachable: `%>>_%%`(fv', s, fv_2) + -- ImmutReachable: `%>>_%%`(fv_1, s, fv') + -- ImmutReachable: `%>>_%%`(fv', s, fv_2) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.20 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-230.20 rule `ref.struct`{a : addr, s : store, i : nat, `ft*` : fieldtype*, zt : storagetype}: `%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, s.STRUCTS_store[a].FIELDS_structinst[i]) -- Expand: `%~~%`(s.STRUCTS_store[a].TYPE_structinst, STRUCT_comptype(`%`_list(ft*{ft <- `ft*`}))) -- if (ft*{ft <- `ft*`}[i] = `%%`_fieldtype(?(), zt)) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-229.42 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:232.1-234.42 rule `ref.array`{a : addr, s : store, i : nat, zt : storagetype}: `%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, s.ARRAYS_store[a].FIELDS_arrayinst[i]) -- Expand: `%~~%`(s.ARRAYS_store[a].TYPE_arrayinst, ARRAY_comptype(`%%`_fieldtype(?(), zt))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:231.1-232.44 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:236.1-237.44 rule `ref.exn`{a : addr, s : store, i : nat}: `%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, (s.EXNS_store[a].FIELDS_exninst[i] : val <: fieldval)) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:234.1-235.28 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:239.1-240.28 rule `ref.extern`{ref : ref, s : store}: `%>>_%%`(`REF.EXTERN`_fieldval(ref), s, (ref : ref <: fieldval)) } ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec -def $NotImmReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool +def $NotImmutReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec - def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false - -- ImmReachable: `%>>_%%`(fv_1, s, fv_2) + def $NotImmutReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false + -- ImmutReachable: `%>>_%%`(fv_1, s, fv_2) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec - def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true + def $NotImmutReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true -- otherwise ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec -relation NotImmReachable: `~%>>_%%`(fieldval, store, fieldval) +relation NotImmutReachable: `~%>>_%%`(fieldval, store, fieldval) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rule _{fv_1 : fieldval, s : store, fv_2 : fieldval}: `~%>>_%%`(fv_1, s, fv_2) - -- if $NotImmReachable(fv_1, s, fv_2) + -- if $NotImmutReachable(fv_1, s, fv_2) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec relation Store_ok: `|-%:OK`(store) @@ -7926,9 +7926,9 @@ relation Store_ok: `|-%:OK`(store) -- (Structinst_ok: `%|-%:OK`(s, structinst))*{structinst <- `structinst*`} -- (Arrayinst_ok: `%|-%:OK`(s, arrayinst))*{arrayinst <- `arrayinst*`} -- (Exninst_ok: `%|-%:OK`(s, exninst))*{exninst <- `exninst*`} - -- (NotImmReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} - -- (NotImmReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} - -- (NotImmReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} -- if (s = {TAGS taginst*{taginst <- `taginst*`}, GLOBALS globalinst*{globalinst <- `globalinst*`}, MEMS meminst*{meminst <- `meminst*`}, TABLES tableinst*{tableinst <- `tableinst*`}, FUNCS funcinst*{funcinst <- `funcinst*`}, DATAS datainst*{datainst <- `datainst*`}, ELEMS eleminst*{eleminst <- `eleminst*`}, STRUCTS structinst*{structinst <- `structinst*`}, ARRAYS arrayinst*{arrayinst <- `arrayinst*`}, EXNS exninst*{exninst <- `exninst*`}}) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec @@ -19565,70 +19565,70 @@ relation Frame_ok: `%|-%:%`(store, frame, context) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rec { -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-3.56 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-4.36 relation Instr_ok2: `%;%|-%:%`(store, context, instr, instrtype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-9.46 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:10.1-12.46 rule plain{s : store, C : context, instr : instr, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Instr_ok: `%|-%:%`(C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:11.1-13.27 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:14.1-16.27 rule ref{s : store, C : context, ref : ref, rt : reftype}: `%;%|-%:%`(s, C, (ref : ref <: instr), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([(rt : reftype <: valtype)]))) -- Ref_ok: `%|-%:%`(s, ref, rt) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:15.1-18.68 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:18.1-21.68 rule label{s : store, C : context, n : n, `instr'*` : instr*, `instr*` : instr*, `t*` : valtype*, `t'*` : valtype*, `x'*` : idx*, `x*` : idx*}: `%;%|-%:%`(s, C, `LABEL_%{%}%`_instr(n, instr'*{instr' <- `instr'*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) -- Instrs_ok2: `%;%|-%:%`(s, C, instr'*{instr' <- `instr'*`}, `%->_%%`_instrtype(`%`_resulttype(t'^n{t' <- `t'*`}), x'*{x' <- `x'*`}, `%`_resulttype(t*{t <- `t*`}))) -- Instrs_ok2: `%;%|-%:%`(s, {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [`%`_resulttype(t'^n{t' <- `t'*`})], RETURN ?(), REFS []} +++ C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:20.1-23.37 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:23.1-26.37 rule frame{s : store, C : context, n : n, f : frame, `instr*` : instr*, `t*` : valtype*, C' : context}: `%;%|-%:%`(s, C, `FRAME_%{%}%`_instr(n, f, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t^n{t <- `t*`}))) -- Frame_ok: `%|-%:%`(s, f, C') -- Expr_ok2: `%;%|-%:%`(s, C', instr*{instr <- `instr*`}, `%`_resulttype(t^n{t <- `t*`})) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:25.1-28.52 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:28.1-31.52 rule handler{s : store, C : context, n : n, `catch*` : catch*, `instr*` : instr*, `t_1*` : valtype*, `t_2*` : valtype*, `x*` : idx*}: `%;%|-%:%`(s, C, `HANDLER_%{%}%`_instr(n, catch*{catch <- `catch*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- (Catch_ok: `%|-%:OK`(C, catch))*{catch <- `catch*`} -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:30.1-32.42 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:33.1-35.42 rule trap{s : store, C : context, `t_1*` : valtype*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, TRAP_instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Instrtype_ok: `%|-%:OK`(C, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:4.1-4.58 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-6.36 relation Instrs_ok2: `%;%|-%:%`(store, context, instr*, instrtype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:35.1-36.27 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-39.27 rule empty{s : store, C : context}: `%;%|-%:%`(s, C, [], `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([]))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-42.86 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:41.1-45.86 rule seq{s : store, C : context, instr_1 : instr, `instr_2*` : instr*, `t_1*` : valtype*, `x_1*` : idx*, `x_2*` : idx*, `t_3*` : valtype*, `t_2*` : valtype*, `init*` : init*, `t*` : valtype*}: `%;%|-%:%`(s, C, [instr_1] ++ instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`} ++ x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) -- Instr_ok2: `%;%|-%:%`(s, C, instr_1, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- (if (C.LOCALS_context[x_1!`%`_idx.0] = `%%`_localtype(init, t)))*{init <- `init*`, t <- `t*`, x_1 <- `x_1*`} -- Instrs_ok2: `%;%|-%:%`(s, $with_locals(C, x_1*{x_1 <- `x_1*`}, `%%`_localtype(SET_init, t)*{t <- `t*`}), instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_2*{t_2 <- `t_2*`}), x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:44.1-48.33 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:47.1-51.33 rule sub{s : store, C : context, `instr*` : instr*, it' : instrtype, it : instrtype}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it') -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it) -- Instrtype_sub: `%|-%<:%`(C, it, it') -- Instrtype_ok: `%|-%:OK`(C, it') - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:51.1-54.33 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:54.1-57.33 rule frame{s : store, C : context, `instr*` : instr*, `t*` : valtype*, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t*{t <- `t*`} ++ t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`} ++ t_2*{t_2 <- `t_2*`}))) -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-5.55 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-8.36 relation Expr_ok2: `%;%|-%:%`(store, context, expr, resulttype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:57.1-59.44 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:60.1-62.44 rule _{s : store, C : context, `instr*` : instr*, `t*` : valtype*}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) @@ -19704,49 +19704,49 @@ relation Exninst_ok: `%|-%:OK`(store, exninst) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rec { -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:205.1-205.50 -relation ImmReachable: `%>>_%%`(fieldval, store, fieldval) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:217.1-220.33 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:208.1-209.50 +relation ImmutReachable: `%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.35 rule trans{fv_1 : fieldval, s : store, fv_2 : fieldval, fv' : fieldval}: `%>>_%%`(fv_1, s, fv_2) - -- ImmReachable: `%>>_%%`(fv_1, s, fv') - -- ImmReachable: `%>>_%%`(fv', s, fv_2) + -- ImmutReachable: `%>>_%%`(fv_1, s, fv') + -- ImmutReachable: `%>>_%%`(fv', s, fv_2) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.20 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-230.20 rule `ref.struct`{a : addr, s : store, i : nat, `ft*` : fieldtype*, zt : storagetype}: `%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, s.STRUCTS_store[a].FIELDS_structinst[i]) -- Expand: `%~~%`(s.STRUCTS_store[a].TYPE_structinst, STRUCT_comptype(`%`_list(ft*{ft <- `ft*`}))) -- if (ft*{ft <- `ft*`}[i] = `%%`_fieldtype(?(), zt)) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-229.42 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:232.1-234.42 rule `ref.array`{a : addr, s : store, i : nat, zt : storagetype}: `%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, s.ARRAYS_store[a].FIELDS_arrayinst[i]) -- Expand: `%~~%`(s.ARRAYS_store[a].TYPE_arrayinst, ARRAY_comptype(`%%`_fieldtype(?(), zt))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:231.1-232.44 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:236.1-237.44 rule `ref.exn`{a : addr, s : store, i : nat}: `%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, (s.EXNS_store[a].FIELDS_exninst[i] : val <: fieldval)) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:234.1-235.28 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:239.1-240.28 rule `ref.extern`{ref : ref, s : store}: `%>>_%%`(`REF.EXTERN`_fieldval(ref), s, (ref : ref <: fieldval)) } ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec -def $NotImmReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool +def $NotImmutReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec - def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false - -- ImmReachable: `%>>_%%`(fv_1, s, fv_2) + def $NotImmutReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false + -- ImmutReachable: `%>>_%%`(fv_1, s, fv_2) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec - def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true + def $NotImmutReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true -- otherwise ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec -relation NotImmReachable: `~%>>_%%`(fieldval, store, fieldval) +relation NotImmutReachable: `~%>>_%%`(fieldval, store, fieldval) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rule _{fv_1 : fieldval, s : store, fv_2 : fieldval}: `~%>>_%%`(fv_1, s, fv_2) - -- if $NotImmReachable(fv_1, s, fv_2) + -- if $NotImmutReachable(fv_1, s, fv_2) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec relation Store_ok: `|-%:OK`(store) @@ -19763,9 +19763,9 @@ relation Store_ok: `|-%:OK`(store) -- (Structinst_ok: `%|-%:OK`(s, structinst))*{structinst <- `structinst*`} -- (Arrayinst_ok: `%|-%:OK`(s, arrayinst))*{arrayinst <- `arrayinst*`} -- (Exninst_ok: `%|-%:OK`(s, exninst))*{exninst <- `exninst*`} - -- (NotImmReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} - -- (NotImmReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} - -- (NotImmReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} -- if (s = {TAGS taginst*{taginst <- `taginst*`}, GLOBALS globalinst*{globalinst <- `globalinst*`}, MEMS meminst*{meminst <- `meminst*`}, TABLES tableinst*{tableinst <- `tableinst*`}, FUNCS funcinst*{funcinst <- `funcinst*`}, DATAS datainst*{datainst <- `datainst*`}, ELEMS eleminst*{eleminst <- `eleminst*`}, STRUCTS structinst*{structinst <- `structinst*`}, ARRAYS arrayinst*{arrayinst <- `arrayinst*`}, EXNS exninst*{exninst <- `exninst*`}}) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec @@ -31594,48 +31594,48 @@ relation Frame_ok: `%|-%:%`(store, frame, context) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rec { -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-3.56 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:3.1-4.36 relation Instr_ok2: `%;%|-%:%`(store, context, instr, instrtype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-9.46 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:10.1-12.46 rule plain{s : store, C : context, instr : instr, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Instr_ok: `%|-%:%`(C, instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:11.1-13.27 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:14.1-16.27 rule ref{s : store, C : context, ref : ref, rt : reftype}: `%;%|-%:%`(s, C, (ref : ref <: instr), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([(rt : reftype <: valtype)]))) -- Ref_ok: `%|-%:%`(s, ref, rt) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:15.1-18.68 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:18.1-21.68 rule label{s : store, C : context, n : n, `instr'*` : instr*, `instr*` : instr*, `t*` : valtype*, `t'*` : valtype*, `x'*` : idx*, `x*` : idx*}: `%;%|-%:%`(s, C, `LABEL_%{%}%`_instr(n, instr'*{instr' <- `instr'*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) -- Instrs_ok2: `%;%|-%:%`(s, C, instr'*{instr' <- `instr'*`}, `%->_%%`_instrtype(`%`_resulttype(t'^n{t' <- `t'*`}), x'*{x' <- `x'*`}, `%`_resulttype(t*{t <- `t*`}))) -- Instrs_ok2: `%;%|-%:%`(s, {TYPES [], RECS [], TAGS [], GLOBALS [], MEMS [], TABLES [], FUNCS [], DATAS [], ELEMS [], LOCALS [], LABELS [`%`_resulttype(t'^n{t' <- `t'*`})], RETURN ?(), REFS []} +++ C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:20.1-23.37 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:23.1-26.37 rule frame{s : store, C : context, n : n, f : frame, `instr*` : instr*, `t*` : valtype*, C' : context}: `%;%|-%:%`(s, C, `FRAME_%{%}%`_instr(n, f, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t^n{t <- `t*`}))) -- Frame_ok: `%|-%:%`(s, f, C') -- Expr_ok2: `%;%|-%:%`(s, C', instr*{instr <- `instr*`}, `%`_resulttype(t^n{t <- `t*`})) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:25.1-28.52 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:28.1-31.52 rule handler{s : store, C : context, n : n, `catch*` : catch*, `instr*` : instr*, `t_1*` : valtype*, `t_2*` : valtype*, `x*` : idx*}: `%;%|-%:%`(s, C, `HANDLER_%{%}%`_instr(n, catch*{catch <- `catch*`}, instr*{instr <- `instr*`}), `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- (Catch_ok: `%|-%:OK`(C, catch))*{catch <- `catch*`} -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:30.1-32.42 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:33.1-35.42 rule trap{s : store, C : context, `t_1*` : valtype*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, TRAP_instr, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Instrtype_ok: `%|-%:OK`(C, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), [], `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:4.1-4.58 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-6.36 relation Instrs_ok2: `%;%|-%:%`(store, context, instr*, instrtype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:35.1-36.27 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-39.27 rule empty{s : store, C : context}: `%;%|-%:%`(s, C, [], `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype([]))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:38.1-42.86 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:41.1-45.86 rule seq{s : store, C : context, instr_1 : instr, `instr_2*` : instr*, `t_1*` : valtype*, `x_1*` : idx*, `x_2*` : idx*, `t_3*` : valtype*, `t_2*` : valtype*, `init*` : init*, `t*` : valtype*}: `%;%|-%:%`(s, C, [instr_1] ++ instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`} ++ x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) -- Instr_ok2: `%;%|-%:%`(s, C, instr_1, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x_1*{x_1 <- `x_1*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) @@ -31645,22 +31645,22 @@ relation Instrs_ok2: `%;%|-%:%`(store, context, instr*, instrtype) -- (if (C.LOCALS_context[x_1!`%`_idx.0] = `%%`_localtype(init, t)))*{init <- `init*`, t <- `t*`, x_1 <- `x_1*`} -- Instrs_ok2: `%;%|-%:%`(s, $with_locals(C, x_1*{x_1 <- `x_1*`}, `%%`_localtype(SET_init, t)*{t <- `t*`}), instr_2*{instr_2 <- `instr_2*`}, `%->_%%`_instrtype(`%`_resulttype(t_2*{t_2 <- `t_2*`}), x_2*{x_2 <- `x_2*`}, `%`_resulttype(t_3*{t_3 <- `t_3*`}))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:44.1-48.33 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:47.1-51.33 rule sub{s : store, C : context, `instr*` : instr*, it' : instrtype, it : instrtype}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it') -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, it) -- Instrtype_sub: `%|-%<:%`(C, it, it') -- Instrtype_ok: `%|-%:OK`(C, it') - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:51.1-54.33 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:54.1-57.33 rule frame{s : store, C : context, `instr*` : instr*, `t*` : valtype*, `t_1*` : valtype*, `x*` : idx*, `t_2*` : valtype*}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t*{t <- `t*`} ++ t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t*{t <- `t*`} ++ t_2*{t_2 <- `t_2*`}))) -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype(t_1*{t_1 <- `t_1*`}), x*{x <- `x*`}, `%`_resulttype(t_2*{t_2 <- `t_2*`}))) -- Resulttype_ok: `%|-%:OK`(C, `%`_resulttype(t*{t <- `t*`})) -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:5.1-5.55 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:7.1-8.36 relation Expr_ok2: `%;%|-%:%`(store, context, expr, resulttype) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:57.1-59.44 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:60.1-62.44 rule _{s : store, C : context, `instr*` : instr*, `t*` : valtype*}: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%`_resulttype(t*{t <- `t*`})) -- Instrs_ok2: `%;%|-%:%`(s, C, instr*{instr <- `instr*`}, `%->_%%`_instrtype(`%`_resulttype([]), [], `%`_resulttype(t*{t <- `t*`}))) @@ -31739,15 +31739,15 @@ relation Exninst_ok: `%|-%:OK`(store, exninst) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rec { -;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:205.1-205.50 -relation ImmReachable: `%>>_%%`(fieldval, store, fieldval) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:217.1-220.33 +;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:208.1-209.50 +relation ImmutReachable: `%>>_%%`(fieldval, store, fieldval) + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.35 rule trans{fv_1 : fieldval, s : store, fv_2 : fieldval, fv' : fieldval}: `%>>_%%`(fv_1, s, fv_2) - -- ImmReachable: `%>>_%%`(fv_1, s, fv') - -- ImmReachable: `%>>_%%`(fv', s, fv_2) + -- ImmutReachable: `%>>_%%`(fv_1, s, fv') + -- ImmutReachable: `%>>_%%`(fv', s, fv_2) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:222.1-225.20 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-230.20 rule `ref.struct`{a : addr, s : store, i : nat, `ft*` : fieldtype*, zt : storagetype}: `%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, s.STRUCTS_store[a].FIELDS_structinst[i]) -- if (i < |s.STRUCTS_store[a].FIELDS_structinst|) @@ -31756,39 +31756,39 @@ relation ImmReachable: `%>>_%%`(fieldval, store, fieldval) -- if (i < |ft*{ft <- `ft*`}|) -- if (ft*{ft <- `ft*`}[i] = `%%`_fieldtype(?(), zt)) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:227.1-229.42 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:232.1-234.42 rule `ref.array`{a : addr, s : store, i : nat, zt : storagetype}: `%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, s.ARRAYS_store[a].FIELDS_arrayinst[i]) -- if (i < |s.ARRAYS_store[a].FIELDS_arrayinst|) -- if (a < |s.ARRAYS_store|) -- Expand: `%~~%`(s.ARRAYS_store[a].TYPE_arrayinst, ARRAY_comptype(`%%`_fieldtype(?(), zt))) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:231.1-232.44 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:236.1-237.44 rule `ref.exn`{a : addr, s : store, i : nat}: `%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, (s.EXNS_store[a].FIELDS_exninst[i] : val <: fieldval)) -- if (i < |s.EXNS_store[a].FIELDS_exninst|) -- if (a < |s.EXNS_store|) - ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:234.1-235.28 + ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec:239.1-240.28 rule `ref.extern`{ref : ref, s : store}: `%>>_%%`(`REF.EXTERN`_fieldval(ref), s, (ref : ref <: fieldval)) } ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec -def $NotImmReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool +def $NotImmutReachable(fieldval : fieldval, store : store, fieldval : fieldval) : bool ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec - def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false - -- ImmReachable: `%>>_%%`(fv_1, s, fv_2) + def $NotImmutReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = false + -- ImmutReachable: `%>>_%%`(fv_1, s, fv_2) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec - def $NotImmReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true + def $NotImmutReachable{fv_1 : fieldval, s : store, fv_2 : fieldval}(fv_1, s, fv_2) = true -- otherwise ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec -relation NotImmReachable: `~%>>_%%`(fieldval, store, fieldval) +relation NotImmutReachable: `~%>>_%%`(fieldval, store, fieldval) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec rule _{fv_1 : fieldval, s : store, fv_2 : fieldval}: `~%>>_%%`(fv_1, s, fv_2) - -- if $NotImmReachable(fv_1, s, fv_2) + -- if $NotImmutReachable(fv_1, s, fv_2) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec relation Store_ok: `|-%:OK`(store) @@ -31812,9 +31812,9 @@ relation Store_ok: `|-%:OK`(store) -- (Structinst_ok: `%|-%:OK`(s, structinst))*{structinst <- `structinst*`} -- (Arrayinst_ok: `%|-%:OK`(s, arrayinst))*{arrayinst <- `arrayinst*`} -- (Exninst_ok: `%|-%:OK`(s, exninst))*{exninst <- `exninst*`} - -- (NotImmReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} - -- (NotImmReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} - -- (NotImmReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.STRUCT_ADDR`_fieldval(a), s, `REF.STRUCT_ADDR`_fieldval(a)))^(a<|structinst*{structinst <- `structinst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.ARRAY_ADDR`_fieldval(a), s, `REF.ARRAY_ADDR`_fieldval(a)))^(a<|arrayinst*{arrayinst <- `arrayinst*`}|){} + -- (NotImmutReachable: `~%>>_%%`(`REF.EXN_ADDR`_fieldval(a), s, `REF.EXN_ADDR`_fieldval(a)))^(a<|exninst*{exninst <- `exninst*`}|){} -- if (s = {TAGS taginst*{taginst <- `taginst*`}, GLOBALS globalinst*{globalinst <- `globalinst*`}, MEMS meminst*{meminst <- `meminst*`}, TABLES tableinst*{tableinst <- `tableinst*`}, FUNCS funcinst*{funcinst <- `funcinst*`}, DATAS datainst*{datainst <- `datainst*`}, ELEMS eleminst*{eleminst <- `eleminst*`}, STRUCTS structinst*{structinst <- `structinst*`}, ARRAYS arrayinst*{arrayinst <- `arrayinst*`}, EXNS exninst*{exninst <- `exninst*`}}) ;; ../../../../specification/wasm-latest/7.1-soundness.configurations.spectec diff --git a/spectec/test-prose/TEST.md b/spectec/test-prose/TEST.md index c5c11d112e..3f2b18735f 100644 --- a/spectec/test-prose/TEST.md +++ b/spectec/test-prose/TEST.md @@ -13798,6 +13798,9 @@ The heap type :math:`{\mathit{heaptype}}` is :ref:`valid ` if: * The heap type :math:`{\mathit{heaptype}}` is of the form :math:`{\mathit{typeuse}}`. * The type use :math:`{\mathit{typeuse}}` is :ref:`valid `. + * Or: + + * The heap type :math:`{\mathit{heaptype}}` is of the form :math:`\mathsf{bot}`. @@ -13815,6 +13818,11 @@ The heap type :math:`{\mathit{typeuse}}` is :ref:`valid ` if: +The heap type :math:`\mathsf{bot}` is always :ref:`valid `. + + + + The reference type :math:`(\mathsf{ref}~{\mathsf{null}^?}~{\mathit{heaptype}})` is :ref:`valid ` if: @@ -14032,63 +14040,6 @@ The composite type :math:`(\mathsf{func}~{t_1^\ast}~\rightarrow~{t_2^\ast})` is -The sub type :math:`(\mathsf{sub}~{\mathsf{final}^?}~{x^\ast}~{\mathit{comptype}})` is :ref:`valid ` for the type index :math:`x_0` if: - - - * The length of :math:`{x^\ast}` is less than or equal to :math:`1`. - - * For all :math:`x` in :math:`{x^\ast}`: - - * The index :math:`x` is less than :math:`x_0`. - - * The type :math:`C{.}\mathsf{types}{}[x]` exists. - - * The sub type :math:`{\mathrm{unroll}}(C{.}\mathsf{types}{}[x])` is of the form :math:`(\mathsf{sub}~{{x'}^\ast}~{\mathit{comptype}'})`. - - * :math:`{{\mathit{comptype}'}^\ast}` is the concatenation of all such :math:`{\mathit{comptype}'}`. - - * The composite type :math:`{\mathit{comptype}}` is :ref:`valid `. - - * For all :math:`{\mathit{comptype}'}` in :math:`{{\mathit{comptype}'}^\ast}`: - - * The composite type :math:`{\mathit{comptype}}` :ref:`matches ` the composite type :math:`{\mathit{comptype}'}`. - - - - -The recursive type :math:`(\mathsf{rec}~{{\mathit{subtype}}^\ast})` is :ref:`valid ` for the type index :math:`x` if: - - - * Either: - - * The sub type sequence :math:`{{\mathit{subtype}}^\ast}` is empty. - - * Or: - - * The sub type sequence :math:`{{\mathit{subtype}}^\ast}` is of the form :math:`{\mathit{subtype}}_1~{{\mathit{subtype}'}^\ast}`. - - * The sub type :math:`{\mathit{subtype}}_1` is :ref:`valid ` for the type index :math:`x`. - - * The recursive type :math:`(\mathsf{rec}~{{\mathit{subtype}'}^\ast})` is :ref:`valid ` for the type index :math:`x + 1`. - - - - -The recursive type :math:`(\mathsf{rec})` is :ref:`valid ` for the type index :math:`x`. - - - - -The recursive type :math:`(\mathsf{rec}~{\mathit{subtype}}_1~{{\mathit{subtype}}^\ast})` is :ref:`valid ` for the type index :math:`x` if: - - - * The sub type :math:`{\mathit{subtype}}_1` is :ref:`valid ` for the type index :math:`x`. - - * The recursive type :math:`(\mathsf{rec}~{{\mathit{subtype}}^\ast})` is :ref:`valid ` for the type index :math:`x + 1`. - - - - The sub type :math:`(\mathsf{sub}~{\mathsf{final}^?}~{{\mathit{typeuse}}^\ast}~{\mathit{comptype}})` is :ref:`valid ` for :math:`({\mathsf{ok}}{(x, i)})` if: @@ -14096,6 +14047,8 @@ The sub type :math:`(\mathsf{sub}~{\mathsf{final}^?}~{{\mathit{typeuse}}^\ast}~{ * For all :math:`{\mathit{typeuse}}` in :math:`{{\mathit{typeuse}}^\ast}`: + * The type use :math:`{\mathit{typeuse}}` is :ref:`valid `. + * :math:`{\mathit{typeuse}} \prec x, i` is true. * The sub type :math:`{{\mathrm{unroll}}}_{C}({\mathit{typeuse}})` is of the form :math:`(\mathsf{sub}~{{\mathit{typeuse}'}^\ast}~{\mathit{comptype}'})`. @@ -14124,7 +14077,7 @@ The recursive type :math:`(\mathsf{rec}~{{\mathit{subtype}}^\ast})` is :ref:`val * The sub type :math:`{\mathit{subtype}}_1` is :ref:`valid ` for :math:`({\mathsf{ok}}{(x, i)})`. - * The recursive type :math:`(\mathsf{rec}~{{\mathit{subtype}'}^\ast})` is :ref:`valid ` for :math:`({\mathsf{ok}}{(x + 1, i + 1)})`. + * The recursive type :math:`(\mathsf{rec}~{{\mathit{subtype}'}^\ast})` is :ref:`valid ` for :math:`({\mathsf{ok}}{(x, i + 1)})`. @@ -14139,7 +14092,7 @@ The recursive type :math:`(\mathsf{rec}~{\mathit{subtype}}_1~{{\mathit{subtype}} * The sub type :math:`{\mathit{subtype}}_1` is :ref:`valid ` for :math:`({\mathsf{ok}}{(x, i)})`. - * The recursive type :math:`(\mathsf{rec}~{{\mathit{subtype}}^\ast})` is :ref:`valid ` for :math:`({\mathsf{ok}}{(x + 1, i + 1)})`. + * The recursive type :math:`(\mathsf{rec}~{{\mathit{subtype}}^\ast})` is :ref:`valid ` for :math:`({\mathsf{ok}}{(x, i + 1)})`. @@ -14147,7 +14100,9 @@ The recursive type :math:`(\mathsf{rec}~{\mathit{subtype}}_1~{{\mathit{subtype}} The defined type :math:`({\mathit{rectype}} {.} i)` is :ref:`valid ` if: - * The recursive type :math:`{\mathit{rectype}}` is :ref:`valid ` for the type index :math:`x`. + * Let :math:`{C'}` be the same context as :math:`C`, but with the sub type sequence :math:`{{\mathit{subtype}}^{n}}` prepended to the field :math:`\mathsf{recs}`. + + * Under the context :math:`{C'}`, the recursive type :math:`{\mathit{rectype}}` is :ref:`valid ` for :math:`({\mathsf{ok}}{(x, 0)})`. * The recursive type :math:`{\mathit{rectype}}` is of the form :math:`(\mathsf{rec}~{{\mathit{subtype}}^{n}})`. @@ -14708,6 +14663,14 @@ The field type :math:`(\mathsf{mut}~{\mathit{zt}}_1)` :ref:`matches ` the +The local type :math:`({\mathit{init}}~t)` is :ref:`valid ` if: + + + * The value type :math:`t` is :ref:`valid `. + + + + The instruction type :math:`{t_1^\ast}~{\rightarrow}_{{x^\ast}}\,{t_2^\ast}` is :ref:`valid ` if: @@ -14760,6 +14723,63 @@ The :ref:`expansion ` of :math:`C` is :math:`{\mathit{compty +The sub type :math:`(\mathsf{sub}~{\mathsf{final}^?}~{x^\ast}~{\mathit{comptype}})` is :ref:`valid ` for the type index :math:`x_0` if: + + + * The length of :math:`{x^\ast}` is less than or equal to :math:`1`. + + * For all :math:`x` in :math:`{x^\ast}`: + + * The index :math:`x` is less than :math:`x_0`. + + * The type :math:`C{.}\mathsf{types}{}[x]` exists. + + * The sub type :math:`{\mathrm{unroll}}(C{.}\mathsf{types}{}[x])` is of the form :math:`(\mathsf{sub}~{{x'}^\ast}~{\mathit{comptype}'})`. + + * :math:`{{\mathit{comptype}'}^\ast}` is the concatenation of all such :math:`{\mathit{comptype}'}`. + + * The composite type :math:`{\mathit{comptype}}` is :ref:`valid `. + + * For all :math:`{\mathit{comptype}'}` in :math:`{{\mathit{comptype}'}^\ast}`: + + * The composite type :math:`{\mathit{comptype}}` :ref:`matches ` the composite type :math:`{\mathit{comptype}'}`. + + + + +The recursive type :math:`(\mathsf{rec}~{{\mathit{subtype}}^\ast})` is :ref:`valid ` for the type index :math:`x` if: + + + * Either: + + * The sub type sequence :math:`{{\mathit{subtype}}^\ast}` is empty. + + * Or: + + * The sub type sequence :math:`{{\mathit{subtype}}^\ast}` is of the form :math:`{\mathit{subtype}}_1~{{\mathit{subtype}'}^\ast}`. + + * The sub type :math:`{\mathit{subtype}}_1` is :ref:`valid ` for the type index :math:`x`. + + * The recursive type :math:`(\mathsf{rec}~{{\mathit{subtype}'}^\ast})` is :ref:`valid ` for the type index :math:`x + 1`. + + + + +The recursive type :math:`(\mathsf{rec})` is :ref:`valid ` for the type index :math:`x`. + + + + +The recursive type :math:`(\mathsf{rec}~{\mathit{subtype}}_1~{{\mathit{subtype}}^\ast})` is :ref:`valid ` for the type index :math:`x` if: + + + * The sub type :math:`{\mathit{subtype}}_1` is :ref:`valid ` for the type index :math:`x`. + + * The recursive type :math:`(\mathsf{rec}~{{\mathit{subtype}}^\ast})` is :ref:`valid ` for the type index :math:`x + 1`. + + + + The limits range :math:`{}[ n .. {m^?} ]` is :ref:`valid ` within :math:`k` if: @@ -17337,285 +17357,1031 @@ The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the * The reference value :math:`{\mathit{ref}'}` is not of the form :math:`\mathsf{ref{.}null}`. * Or: - * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}'}`. + * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}'}`. + + * The reference type :math:`{\mathit{rt}'}` :ref:`matches ` the reference type :math:`{\mathit{rt}}`. + + + + +The reference value :math:`\mathsf{ref{.}null}` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{null}~\mathsf{bot})`. + + + + +The reference value :math:`(\mathsf{ref{.}i{\scriptstyle 31}}~i)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{i{\scriptstyle 31}})`. + + + + +The reference value :math:`(\mathsf{ref{.}struct}~a)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~{\mathit{dt}})` if: + + + * The structure instance :math:`s{.}\mathsf{structs}{}[a]` exists. + + * The defined type :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{type}` is of the form :math:`{\mathit{dt}}`. + + + + +The reference value :math:`(\mathsf{ref{.}array}~a)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~{\mathit{dt}})` if: + + + * The array instance :math:`s{.}\mathsf{arrays}{}[a]` exists. + + * The defined type :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{type}` is of the form :math:`{\mathit{dt}}`. + + + + +The reference value :math:`(\mathsf{ref{.}func}~a)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~{\mathit{dt}})` if: + + + * The function instance :math:`s{.}\mathsf{funcs}{}[a]` exists. + + * The defined type :math:`s{.}\mathsf{funcs}{}[a]{.}\mathsf{type}` is of the form :math:`{\mathit{dt}}`. + + + + +The reference value :math:`(\mathsf{ref{.}exn}~a)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{exn})` if: + + + * The exception instance :math:`s{.}\mathsf{exns}{}[a]` exists. + + + + +The reference value :math:`(\mathsf{ref{.}host}~a)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{any})`. + + + + +The reference value :math:`(\mathsf{ref{.}extern}~{\mathit{ref}})` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{extern})` if: + + + * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{any})`. + + * The reference value :math:`{\mathit{ref}}` is not of the form :math:`\mathsf{ref{.}null}`. + + + + +The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}}` if: + + + * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}'}`. + + * The reference type :math:`{\mathit{rt}'}` :ref:`matches ` the reference type :math:`{\mathit{rt}}`. + + + + +The value :math:`{\mathit{val}}` is :ref:`valid ` with the value type :math:`{\mathit{valtype}}` if: + + + * Either: + + * The value :math:`{\mathit{val}}` is of the form :math:`{\mathit{num}}`. + + * The value type :math:`{\mathit{valtype}}` is of the form :math:`{\mathit{nt}}`. + + * The number value :math:`{\mathit{num}}` is :ref:`valid ` with the number type :math:`{\mathit{nt}}`. + + * Or: + + * The value :math:`{\mathit{val}}` is of the form :math:`{\mathit{vec}}`. + + * The value type :math:`{\mathit{valtype}}` is of the form :math:`{\mathit{vt}}`. + + * The vector value :math:`{\mathit{vec}}` is :ref:`valid ` with the vector type :math:`{\mathit{vt}}`. + * Or: + + * The value :math:`{\mathit{val}}` is of the form :math:`{\mathit{ref}}`. + + * The value type :math:`{\mathit{valtype}}` is of the form :math:`{\mathit{rt}}`. + + * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}}`. + + + + +The value :math:`{\mathit{num}}` is :ref:`valid ` with the value type :math:`{\mathit{nt}}` if: + + + * The number value :math:`{\mathit{num}}` is :ref:`valid ` with the number type :math:`{\mathit{nt}}`. + + + + +The value :math:`{\mathit{vec}}` is :ref:`valid ` with the value type :math:`{\mathit{vt}}` if: + + + * The vector value :math:`{\mathit{vec}}` is :ref:`valid ` with the vector type :math:`{\mathit{vt}}`. + + + + +The value :math:`{\mathit{ref}}` is :ref:`valid ` with the value type :math:`{\mathit{rt}}` if: + + + * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}}`. + + + + +The packed value :math:`({\mathit{pt}}{.}\mathsf{pack}~c)` is :ref:`valid ` with the packed type :math:`{\mathit{pt}}`. + + + + +The field value :math:`{\mathit{fieldval}}` is :ref:`valid ` with the storage type :math:`{\mathit{storagetype}}` if: + + + * Either: + + * The field value :math:`{\mathit{fieldval}}` is of the form :math:`{\mathit{val}}`. + + * The storage type :math:`{\mathit{storagetype}}` is of the form :math:`t`. + + * The value :math:`{\mathit{val}}` is :ref:`valid ` with the value type :math:`t`. + + * Or: + + * The field value :math:`{\mathit{fieldval}}` is of the form :math:`{\mathit{packval}}`. + + * The storage type :math:`{\mathit{storagetype}}` is of the form :math:`{\mathit{pt}}`. + + * The packed value :math:`{\mathit{packval}}` is :ref:`valid ` with the packed type :math:`{\mathit{pt}}`. + + + + +The field value :math:`{\mathit{val}}` is :ref:`valid ` with the storage type :math:`t` if: + + + * The value :math:`{\mathit{val}}` is :ref:`valid ` with the value type :math:`t`. + + + + +The field value :math:`{\mathit{packval}}` is :ref:`valid ` with the storage type :math:`{\mathit{pt}}` if: + + + * The packed value :math:`{\mathit{packval}}` is :ref:`valid ` with the packed type :math:`{\mathit{pt}}`. + + + + +The external address :math:`{\mathit{externaddr}}` is :ref:`valid ` with the external type :math:`{\mathit{externtype}}` if: + + + * Either: + + * The external address :math:`{\mathit{externaddr}}` is of the form :math:`(\mathsf{tag}~a)`. + + * The external type :math:`{\mathit{externtype}}` is of the form :math:`(\mathsf{tag}~{\mathit{taginst}}{.}\mathsf{type})`. + + * The tag instance :math:`s{.}\mathsf{tags}{}[a]` exists. + + * The tag instance :math:`s{.}\mathsf{tags}{}[a]` is of the form :math:`{\mathit{taginst}}`. + + * Or: + + * The external address :math:`{\mathit{externaddr}}` is of the form :math:`(\mathsf{global}~a)`. + + * The external type :math:`{\mathit{externtype}}` is of the form :math:`(\mathsf{global}~{\mathit{globalinst}}{.}\mathsf{type})`. + + * The global instance :math:`s{.}\mathsf{globals}{}[a]` exists. + + * The global instance :math:`s{.}\mathsf{globals}{}[a]` is of the form :math:`{\mathit{globalinst}}`. + * Or: + + * The external address :math:`{\mathit{externaddr}}` is of the form :math:`(\mathsf{mem}~a)`. + + * The external type :math:`{\mathit{externtype}}` is of the form :math:`(\mathsf{mem}~{\mathit{meminst}}{.}\mathsf{type})`. + + * The memory instance :math:`s{.}\mathsf{mems}{}[a]` exists. + + * The memory instance :math:`s{.}\mathsf{mems}{}[a]` is of the form :math:`{\mathit{meminst}}`. + * Or: + + * The external address :math:`{\mathit{externaddr}}` is of the form :math:`(\mathsf{table}~a)`. + + * The external type :math:`{\mathit{externtype}}` is of the form :math:`(\mathsf{table}~{\mathit{tableinst}}{.}\mathsf{type})`. + + * The table instance :math:`s{.}\mathsf{tables}{}[a]` exists. + + * The table instance :math:`s{.}\mathsf{tables}{}[a]` is of the form :math:`{\mathit{tableinst}}`. + * Or: + + * The external address :math:`{\mathit{externaddr}}` is of the form :math:`(\mathsf{func}~a)`. + + * The external type :math:`{\mathit{externtype}}` is of the form :math:`(\mathsf{func}~{\mathit{funcinst}}{.}\mathsf{type})`. + + * The function instance :math:`s{.}\mathsf{funcs}{}[a]` exists. + + * The function instance :math:`s{.}\mathsf{funcs}{}[a]` is of the form :math:`{\mathit{funcinst}}`. + * Or: + + * The external address :math:`{\mathit{externaddr}}` is :ref:`valid ` with the external type :math:`{\mathit{xt}'}`. + + * The external type :math:`{\mathit{xt}'}` :ref:`matches ` the external type :math:`{\mathit{externtype}}`. + + + + +The external address :math:`(\mathsf{tag}~a)` is :ref:`valid ` with the external type :math:`(\mathsf{tag}~{\mathit{taginst}}{.}\mathsf{type})` if: + + + * The tag instance :math:`s{.}\mathsf{tags}{}[a]` exists. + + * The tag instance :math:`s{.}\mathsf{tags}{}[a]` is of the form :math:`{\mathit{taginst}}`. + + + + +The external address :math:`(\mathsf{global}~a)` is :ref:`valid ` with the external type :math:`(\mathsf{global}~{\mathit{globalinst}}{.}\mathsf{type})` if: + + + * The global instance :math:`s{.}\mathsf{globals}{}[a]` exists. + + * The global instance :math:`s{.}\mathsf{globals}{}[a]` is of the form :math:`{\mathit{globalinst}}`. + + + + +The external address :math:`(\mathsf{mem}~a)` is :ref:`valid ` with the external type :math:`(\mathsf{mem}~{\mathit{meminst}}{.}\mathsf{type})` if: + + + * The memory instance :math:`s{.}\mathsf{mems}{}[a]` exists. + + * The memory instance :math:`s{.}\mathsf{mems}{}[a]` is of the form :math:`{\mathit{meminst}}`. + + + + +The external address :math:`(\mathsf{table}~a)` is :ref:`valid ` with the external type :math:`(\mathsf{table}~{\mathit{tableinst}}{.}\mathsf{type})` if: + + + * The table instance :math:`s{.}\mathsf{tables}{}[a]` exists. + + * The table instance :math:`s{.}\mathsf{tables}{}[a]` is of the form :math:`{\mathit{tableinst}}`. + + + + +The external address :math:`(\mathsf{func}~a)` is :ref:`valid ` with the external type :math:`(\mathsf{func}~{\mathit{funcinst}}{.}\mathsf{type})` if: + + + * The function instance :math:`s{.}\mathsf{funcs}{}[a]` exists. + + * The function instance :math:`s{.}\mathsf{funcs}{}[a]` is of the form :math:`{\mathit{funcinst}}`. + + + + +The external address :math:`{\mathit{externaddr}}` is :ref:`valid ` with the external type :math:`{\mathit{xt}}` if: + + + * The external address :math:`{\mathit{externaddr}}` is :ref:`valid ` with the external type :math:`{\mathit{xt}'}`. + + * The external type :math:`{\mathit{xt}'}` :ref:`matches ` the external type :math:`{\mathit{xt}}`. + + + + +The identifier context :math:`I` is :ref:`valid ` if: + + + * :math:`{\bigoplus}\, I{.}\mathsf{types}~{\mathrm{disjoint}}` is true. + + * :math:`{\bigoplus}\, I{.}\mathsf{tags}~{\mathrm{disjoint}}` is true. + + * :math:`{\bigoplus}\, I{.}\mathsf{globals}~{\mathrm{disjoint}}` is true. + + * :math:`{\bigoplus}\, I{.}\mathsf{mems}~{\mathrm{disjoint}}` is true. + + * :math:`{\bigoplus}\, I{.}\mathsf{tables}~{\mathrm{disjoint}}` is true. + + * :math:`{\bigoplus}\, I{.}\mathsf{funcs}~{\mathrm{disjoint}}` is true. + + * :math:`{\bigoplus}\, I{.}\mathsf{datas}~{\mathrm{disjoint}}` is true. + + * :math:`{\bigoplus}\, I{.}\mathsf{elems}~{\mathrm{disjoint}}` is true. + + * :math:`{\bigoplus}\, I{.}\mathsf{locals}~{\mathrm{disjoint}}` is true. + + * :math:`{\bigoplus}\, I{.}\mathsf{labels}~{\mathrm{disjoint}}` is true. + + * For all :math:`{{\mathit{field}}^\ast}` in :math:`{{{\mathit{field}}^\ast}^\ast}`: + + * :math:`{\bigoplus}\, {{\mathit{field}}^\ast}~{\mathrm{disjoint}}` is true. + + * The name sequence sequence :math:`{{{\mathit{field}}^\ast}^\ast}` is of the form :math:`I{.}\mathsf{fields}`. + + + + +The context :math:`C` is :ref:`valid ` if: + + + * The context :math:`C` is of the form :math:`\{ \mathsf{types}~{{\mathit{dt}}^{n}},\;\allowbreak \mathsf{recs}~{{\mathit{st}}^{m}},\;\allowbreak \mathsf{tags}~{{\mathit{jt}}^\ast},\;\allowbreak \mathsf{globals}~{{\mathit{gt}}^\ast},\;\allowbreak \mathsf{mems}~{{\mathit{mt}}^\ast},\;\allowbreak \mathsf{tables}~{{\mathit{tt}}^\ast},\;\allowbreak \mathsf{funcs}~{{\mathit{dt}}_{\mathsf{f}}^\ast},\;\allowbreak \mathsf{datas}~{{\mathit{ok}}^\ast},\;\allowbreak \mathsf{elems}~{{\mathit{et}}^\ast},\;\allowbreak \mathsf{locals}~{{{\mathit{lt}}}^\ast},\;\allowbreak \mathsf{labels}~{{\mathit{rt}}^\ast},\;\allowbreak \mathsf{return}~{{\mathit{rt}'}^?},\;\allowbreak \mathsf{refs}~{x^\ast} \}`. + + * The context :math:`C_0` is of the form :math:`\{ \mathsf{types}~{{\mathit{dt}}^{n}},\;\allowbreak \mathsf{return}~\epsilon \}`. + + * For all :math:`{\mathit{dt}}` in :math:`{{\mathit{dt}}^\ast}`: + + * Under the context :math:`\{ \mathsf{types}~{{\mathit{dt}}^{n}}{}[0 : i],\;\allowbreak \mathsf{return}~\epsilon \}`, the defined type :math:`{\mathit{dt}}` is :ref:`valid `. + + * For all :math:`{\mathit{st}}` in :math:`{{\mathit{st}}^\ast}`: + + * Under the context :math:`\{ \mathsf{types}~{{\mathit{dt}}^{n}},\;\allowbreak \mathsf{recs}~{{\mathit{st}}^{m}},\;\allowbreak \mathsf{return}~\epsilon \}`, the sub type :math:`{\mathit{st}}` is :ref:`valid ` for :math:`({\mathsf{ok}}{(n, i)})`. + + * For all :math:`{\mathit{jt}}` in :math:`{{\mathit{jt}}^\ast}`: + + * Under the context :math:`C_0`, the tag type :math:`{\mathit{jt}}` is :ref:`valid `. + + * For all :math:`{\mathit{gt}}` in :math:`{{\mathit{gt}}^\ast}`: + + * Under the context :math:`C_0`, the global type :math:`{\mathit{gt}}` is :ref:`valid `. + + * For all :math:`{\mathit{mt}}` in :math:`{{\mathit{mt}}^\ast}`: + + * Under the context :math:`C_0`, the memory type :math:`{\mathit{mt}}` is :ref:`valid `. + + * For all :math:`{\mathit{tt}}` in :math:`{{\mathit{tt}}^\ast}`: + + * Under the context :math:`C_0`, the table type :math:`{\mathit{tt}}` is :ref:`valid `. + + * For all :math:`{\mathit{dt}}_{\mathsf{f}}` in :math:`{{\mathit{dt}}_{\mathsf{f}}^\ast}`: + + * Under the context :math:`C_0`, the defined type :math:`{\mathit{dt}}_{\mathsf{f}}` is :ref:`valid `. + + * The :ref:`expansion ` of :math:`{\mathit{dt}}_{\mathsf{f}}` is :math:`(\mathsf{func}~t_1~\rightarrow~t_2)`. + + * For all :math:`{\mathit{et}}` in :math:`{{\mathit{et}}^\ast}`: + + * Under the context :math:`C_0`, the reference type :math:`{\mathit{et}}` is :ref:`valid `. + + * For all :math:`{{\mathit{lt}}}` in :math:`{{{\mathit{lt}}}^\ast}`: + + * Under the context :math:`C_0`, the local type :math:`{{\mathit{lt}}}` is :ref:`valid `. + + * For all :math:`{\mathit{rt}}` in :math:`{{\mathit{rt}}^\ast}`: + + * Under the context :math:`C_0`, the result type :math:`{\mathit{rt}}` is :ref:`valid `. + + * If :math:`{\mathit{rt}'}` is defined, then: + + * Under the context :math:`C_0`, the result type :math:`{\mathit{rt}'}` is :ref:`valid `. + + * For all :math:`x` in :math:`{x^\ast}`: + + * The length of :math:`{{\mathit{dt}}_{\mathsf{f}}^\ast}` is greater than :math:`x`. + + + + +The value :math:`{{\mathit{val}}^?}` is :ref:`valid ` with the local type :math:`({\mathit{init}}~t)` if: + + + * Either: + + * The value :math:`{{\mathit{val}}^?}` is of the form :math:`{\mathit{val}'}`. + + * The initialization status :math:`{\mathit{init}}` is of the form :math:`\mathsf{set}`. + + * The value :math:`{\mathit{val}'}` is :ref:`valid ` with the value type :math:`t`. + + * Or: + + * The value :math:`{{\mathit{val}}^?}` is absent. + + * The initialization status :math:`{\mathit{init}}` is of the form :math:`\mathsf{unset}`. + + * The value type :math:`t` is of the form :math:`\mathsf{bot}`. + + + + +The value :math:`{\mathit{val}}` is :ref:`valid ` with the local type :math:`(\mathsf{set}~t)` if: + + + * The value :math:`{\mathit{val}}` is :ref:`valid ` with the value type :math:`t`. + + + + +The value :math:`\epsilon` is :ref:`valid ` with the local type :math:`(\mathsf{unset}~\mathsf{bot})`. + + + + +The data instance :math:`\{ \mathsf{bytes}~{b^\ast} \}` is :ref:`valid ` with the data type :math:`\mathsf{ok}`. + + + + +The element instance :math:`\{ \mathsf{type}~{\mathit{rt}},\;\allowbreak \mathsf{refs}~{{\mathit{ref}}^\ast} \}` is :ref:`valid ` with the element type :math:`{\mathit{rt}}` if: + + + * Under the context :math:`\{ \mathsf{return}~\epsilon \}`, the reference type :math:`{\mathit{rt}}` is :ref:`valid `. + + * For all :math:`{\mathit{ref}}` in :math:`{{\mathit{ref}}^\ast}`: + + * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}}`. + + + + +The export instance :math:`\{ \mathsf{name}~{\mathit{nm}},\;\allowbreak \mathsf{addr}~{\mathit{xa}} \}` is :ref:`valid ` if: + + + * The external address :math:`{\mathit{xa}}` is :ref:`valid ` with the external type :math:`{\mathit{xt}}`. + + + + +The module instance :math:`\{ \mathsf{types}~{{\mathit{deftype}}^\ast},\;\allowbreak \mathsf{tags}~{{\mathit{tagaddr}}^\ast},\;\allowbreak \mathsf{globals}~{{\mathit{globaladdr}}^\ast},\;\allowbreak \mathsf{mems}~{{\mathit{memaddr}}^\ast},\;\allowbreak \mathsf{tables}~{{\mathit{tableaddr}}^\ast},\;\allowbreak \mathsf{funcs}~{{\mathit{funcaddr}}^\ast},\;\allowbreak \mathsf{datas}~{{\mathit{dataaddr}}^\ast},\;\allowbreak \mathsf{elems}~{{\mathit{elemaddr}}^\ast},\;\allowbreak \mathsf{exports}~{{\mathit{exportinst}}^\ast} \}` is :ref:`valid ` with the context :math:`\{ \mathsf{types}~{{\mathit{deftype}}^\ast},\;\allowbreak \mathsf{recs}~{{\mathit{subtype}}^\ast},\;\allowbreak \mathsf{tags}~{{\mathit{tagtype}}^\ast},\;\allowbreak \mathsf{globals}~{{\mathit{globaltype}}^\ast},\;\allowbreak \mathsf{mems}~{{\mathit{memtype}}^\ast},\;\allowbreak \mathsf{tables}~{{\mathit{tabletype}}^\ast},\;\allowbreak \mathsf{funcs}~{{\mathit{deftype}}_{\mathsf{f}}^\ast},\;\allowbreak \mathsf{datas}~{{\mathit{datatype}}^\ast},\;\allowbreak \mathsf{elems}~{{\mathit{elemtype}}^\ast},\;\allowbreak \mathsf{return}~\epsilon,\;\allowbreak \mathsf{refs}~{i^{i<{|{{\mathit{funcaddr}}^\ast}|}}} \}` if: + + + * For all :math:`{\mathit{deftype}}` in :math:`{{\mathit{deftype}}^\ast}`: + + * Under the context :math:`\{ \mathsf{return}~\epsilon \}`, the defined type :math:`{\mathit{deftype}}` is :ref:`valid `. + + * For all :math:`{\mathit{tagaddr}}` in :math:`{{\mathit{tagaddr}}^\ast}`, and corresponding :math:`{\mathit{tagtype}}` in :math:`{{\mathit{tagtype}}^\ast}`: + + * The external address :math:`(\mathsf{tag}~{\mathit{tagaddr}})` is :ref:`valid ` with the external type :math:`(\mathsf{tag}~{\mathit{tagtype}})`. + + * For all :math:`{\mathit{globaladdr}}` in :math:`{{\mathit{globaladdr}}^\ast}`, and corresponding :math:`{\mathit{globaltype}}` in :math:`{{\mathit{globaltype}}^\ast}`: + + * The external address :math:`(\mathsf{global}~{\mathit{globaladdr}})` is :ref:`valid ` with the external type :math:`(\mathsf{global}~{\mathit{globaltype}})`. + + * For all :math:`{\mathit{deftype}}_{\mathsf{f}}` in :math:`{{\mathit{deftype}}_{\mathsf{f}}^\ast}`, and corresponding :math:`{\mathit{funcaddr}}` in :math:`{{\mathit{funcaddr}}^\ast}`: + + * The external address :math:`(\mathsf{func}~{\mathit{funcaddr}})` is :ref:`valid ` with the external type :math:`(\mathsf{func}~{\mathit{deftype}}_{\mathsf{f}})`. + + * For all :math:`{\mathit{memaddr}}` in :math:`{{\mathit{memaddr}}^\ast}`, and corresponding :math:`{\mathit{memtype}}` in :math:`{{\mathit{memtype}}^\ast}`: + + * The external address :math:`(\mathsf{mem}~{\mathit{memaddr}})` is :ref:`valid ` with the external type :math:`(\mathsf{mem}~{\mathit{memtype}})`. + + * For all :math:`{\mathit{tableaddr}}` in :math:`{{\mathit{tableaddr}}^\ast}`, and corresponding :math:`{\mathit{tabletype}}` in :math:`{{\mathit{tabletype}}^\ast}`: + + * The external address :math:`(\mathsf{table}~{\mathit{tableaddr}})` is :ref:`valid ` with the external type :math:`(\mathsf{table}~{\mathit{tabletype}})`. + + * For all :math:`{\mathit{dataaddr}}` in :math:`{{\mathit{dataaddr}}^\ast}`: + + * The data instance :math:`s{.}\mathsf{datas}{}[{\mathit{dataaddr}}]` exists. + + * For all :math:`{\mathit{dataaddr}}` in :math:`{{\mathit{dataaddr}}^\ast}`, and corresponding :math:`{\mathit{datatype}}` in :math:`{{\mathit{datatype}}^\ast}`: + + * The data instance :math:`s{.}\mathsf{datas}{}[{\mathit{dataaddr}}]` is :ref:`valid ` with the data type :math:`{\mathit{datatype}}`. + + * For all :math:`{\mathit{elemaddr}}` in :math:`{{\mathit{elemaddr}}^\ast}`: + + * The element instance :math:`s{.}\mathsf{elems}{}[{\mathit{elemaddr}}]` exists. + + * For all :math:`{\mathit{elemaddr}}` in :math:`{{\mathit{elemaddr}}^\ast}`, and corresponding :math:`{\mathit{elemtype}}` in :math:`{{\mathit{elemtype}}^\ast}`: + + * The element instance :math:`s{.}\mathsf{elems}{}[{\mathit{elemaddr}}]` is :ref:`valid ` with the element type :math:`{\mathit{elemtype}}`. + + * For all :math:`{\mathit{exportinst}}` in :math:`{{\mathit{exportinst}}^\ast}`: + + * The export instance :math:`{\mathit{exportinst}}` is :ref:`valid `. + + * :math:`{{\mathit{exportinst}}{.}\mathsf{name}^\ast}~{\mathrm{disjoint}}` is true. + + * The length of :math:`{(\mathsf{tag}~{\mathit{tagaddr}})^\ast}~{(\mathsf{global}~{\mathit{globaladdr}})^\ast}~{(\mathsf{mem}~{\mathit{memaddr}})^\ast}~{(\mathsf{table}~{\mathit{tableaddr}})^\ast}~{(\mathsf{func}~{\mathit{funcaddr}})^\ast}` is greater than :math:`0`. + + * For all :math:`{\mathit{exportinst}}` in :math:`{{\mathit{exportinst}}^\ast}`: + + * :math:`{\mathit{exportinst}}{.}\mathsf{addr}` is contained in :math:`{(\mathsf{tag}~{\mathit{tagaddr}})^\ast}~{(\mathsf{global}~{\mathit{globaladdr}})^\ast}~{(\mathsf{mem}~{\mathit{memaddr}})^\ast}~{(\mathsf{table}~{\mathit{tableaddr}})^\ast}~{(\mathsf{func}~{\mathit{funcaddr}})^\ast}`. + + + + +The frame :math:`\{ \mathsf{locals}~{({{\mathit{val}}^?})^\ast},\;\allowbreak \mathsf{module}~{\mathit{moduleinst}} \}` is :ref:`valid ` with the context :math:`C` with the field :math:`\mathsf{locals}` appended by :math:`{{{\mathit{lt}}}^\ast}` if: + + + * The module instance :math:`{\mathit{moduleinst}}` is :ref:`valid ` with the context :math:`C`. + + * For all :math:`{{\mathit{lt}}}` in :math:`{{{\mathit{lt}}}^\ast}`, and corresponding :math:`{\mathit{val?}}` in :math:`{{\mathit{val?}}^\ast}`: + + * The value :math:`{{\mathit{val}}^?}` is :ref:`valid ` with the local type :math:`{{\mathit{lt}}}`. + + + + +:math:`{\mathit{instr}}` is valid with :math:`{{\mathit{valtype}}^\ast}~{\rightarrow}_{{{\mathit{localidx}}^\ast}}\,{{\mathit{valtype}'}^\ast}` if: + + + * Either: + + * The instruction :math:`{\mathit{instr}}` is :ref:`valid ` with the instruction type :math:`{{\mathit{valtype}}^\ast}~{\rightarrow}_{{{\mathit{localidx}}^\ast}}\,{{\mathit{valtype}'}^\ast}`. + + * Or: + + * The instruction :math:`{\mathit{instr}}` is of the form :math:`{\mathit{ref}}`. + + * The value type sequence :math:`{{\mathit{valtype}}^\ast}` is empty. + + * The local index sequence :math:`{{\mathit{localidx}}^\ast}` is empty. + + * The value type sequence :math:`{{\mathit{valtype}'}^\ast}` is of the form :math:`{\mathit{rt}}`. + + * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}}`. + * Or: + + * The instruction :math:`{\mathit{instr}}` is of the form :math:`({{\mathsf{label}}_{n}}{\{}~{{\mathit{instr}'}^\ast}~\}~{{\mathit{instr}''}^\ast})`. + + * The value type sequence :math:`{{\mathit{valtype}}^\ast}` is empty. + + * The local index sequence :math:`{{\mathit{localidx}}^\ast}` is empty. + + * :math:`{{\mathit{instr}'}^\ast}` is valid with :math:`{{t'}^{n}}~{\rightarrow}_{{{x'}^\ast}}\,{{\mathit{valtype}'}^\ast}`. + + * :math:`{{\mathit{instr}''}^\ast}` is valid with :math:`\epsilon~{\rightarrow}_{{x^\ast}}\,{{\mathit{valtype}'}^\ast}`. + * Or: + + * The instruction :math:`{\mathit{instr}}` is of the form :math:`({{\mathsf{frame}}_{n}}{\{}~f~\}~{{\mathit{instr}''}^\ast})`. + + * The value type sequence :math:`{{\mathit{valtype}}^\ast}` is empty. + + * The local index sequence :math:`{{\mathit{localidx}}^\ast}` is empty. + + * The frame :math:`f` is :ref:`valid ` with the context :math:`{C'}`. + + * :math:`{{\mathit{instr}''}^\ast}` is valid with :math:`{{\mathit{valtype}'}^{n}}`. + * Or: + + * The instruction :math:`{\mathit{instr}}` is of the form :math:`({{\mathsf{handler}}_{n}}{\{}~{{\mathit{catch}}^\ast}~\}~{{\mathit{instr}''}^\ast})`. + + * The local index sequence :math:`{{\mathit{localidx}}^\ast}` is empty. + + * For all :math:`{\mathit{catch}}` in :math:`{{\mathit{catch}}^\ast}`: + + * The catch clause :math:`{\mathit{catch}}` is :ref:`valid `. + + * :math:`{{\mathit{instr}''}^\ast}` is valid with :math:`{{\mathit{valtype}}^\ast}~{\rightarrow}_{{x^\ast}}\,{{\mathit{valtype}'}^\ast}`. + * Or: + + * The instruction :math:`{\mathit{instr}}` is of the form :math:`\mathsf{trap}`. + + * The local index sequence :math:`{{\mathit{localidx}}^\ast}` is empty. + + * The instruction type :math:`{{\mathit{valtype}}^\ast}~\rightarrow~{{\mathit{valtype}'}^\ast}` is :ref:`valid `. + + + + +:math:`{\mathit{instr}}` is valid with :math:`{t_1^\ast}~{\rightarrow}_{{x^\ast}}\,{t_2^\ast}` if: + + + * The instruction :math:`{\mathit{instr}}` is :ref:`valid ` with the instruction type :math:`{t_1^\ast}~{\rightarrow}_{{x^\ast}}\,{t_2^\ast}`. + + + + +:math:`{\mathit{ref}}` is valid with :math:`\epsilon~\rightarrow~{\mathit{rt}}` if: + + + * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}}`. + + + + +:math:`({{\mathsf{label}}_{n}}{\{}~{{\mathit{instr}'}^\ast}~\}~{{\mathit{instr}}^\ast})` is valid with :math:`\epsilon~\rightarrow~{t^\ast}` if: + + + * :math:`{{\mathit{instr}'}^\ast}` is valid with :math:`{{t'}^{n}}~{\rightarrow}_{{{x'}^\ast}}\,{t^\ast}`. + + * :math:`{{\mathit{instr}}^\ast}` is valid with :math:`\epsilon~{\rightarrow}_{{x^\ast}}\,{t^\ast}`. + + + + +:math:`({{\mathsf{frame}}_{n}}{\{}~f~\}~{{\mathit{instr}}^\ast})` is valid with :math:`\epsilon~\rightarrow~{t^{n}}` if: + + + * The frame :math:`f` is :ref:`valid ` with the context :math:`{C'}`. + + * :math:`{{\mathit{instr}}^\ast}` is valid with :math:`{t^{n}}`. + + + + +:math:`({{\mathsf{handler}}_{n}}{\{}~{{\mathit{catch}}^\ast}~\}~{{\mathit{instr}}^\ast})` is valid with :math:`{t_1^\ast}~\rightarrow~{t_2^\ast}` if: + + + * For all :math:`{\mathit{catch}}` in :math:`{{\mathit{catch}}^\ast}`: + + * The catch clause :math:`{\mathit{catch}}` is :ref:`valid `. + + * :math:`{{\mathit{instr}}^\ast}` is valid with :math:`{t_1^\ast}~{\rightarrow}_{{x^\ast}}\,{t_2^\ast}`. + + + + +:math:`\mathsf{trap}` is valid with :math:`{t_1^\ast}~\rightarrow~{t_2^\ast}` if: + + + * The instruction type :math:`{t_1^\ast}~\rightarrow~{t_2^\ast}` is :ref:`valid `. + + + + +:math:`{{\mathit{instr}}^\ast}` is valid with :math:`{\mathit{it}}` if: + + + * Either: + + * The instruction sequence :math:`{{\mathit{instr}}^\ast}` is empty. + + * The instruction type :math:`{\mathit{it}}` is of the form :math:`\epsilon~\rightarrow~\epsilon`. + + * Or: + + * The instruction sequence :math:`{{\mathit{instr}}^\ast}` is of the form :math:`{\mathit{instr}}_1~{{\mathit{instr}}_2^\ast}`. + + * The instruction type :math:`{\mathit{it}}` is of the form :math:`{t_1^\ast}~{\rightarrow}_{{x_1^\ast}~{x_2^\ast}}\,{t_3^\ast}`. + + * :math:`{\mathit{instr}}_1` is valid with :math:`{t_1^\ast}~{\rightarrow}_{{x_1^\ast}}\,{t_2^\ast}`. + + * For all :math:`x_1` in :math:`{x_1^\ast}`: + + * The local :math:`C{.}\mathsf{locals}{}[x_1]` exists. + + * The local :math:`C{.}\mathsf{locals}{}[x_1]` is of the form :math:`({\mathit{init}}~t)`. + + * :math:`{{\mathit{instr}}_2^\ast}` is valid with :math:`{t_2^\ast}~{\rightarrow}_{{x_2^\ast}}\,{t_3^\ast}`. + * Or: + + * :math:`{{\mathit{instr}}^\ast}` is valid with :math:`{\mathit{it}''}`. + + * The instruction type :math:`{\mathit{it}''}` :ref:`matches ` the instruction type :math:`{\mathit{it}}`. + + * The instruction type :math:`{\mathit{it}}` is :ref:`valid `. + * Or: + + * The instruction type :math:`{\mathit{it}}` is of the form :math:`{t^\ast}~{t_1^\ast}~{\rightarrow}_{{x^\ast}}\,{t^\ast}~{t_2^\ast}`. + + * :math:`{{\mathit{instr}}^\ast}` is valid with :math:`{t_1^\ast}~{\rightarrow}_{{x^\ast}}\,{t_2^\ast}`. + + * The result type :math:`{t^\ast}` is :ref:`valid `. + + + + +:math:`\epsilon` is valid with :math:`\epsilon~\rightarrow~\epsilon`. + + + + +:math:`{\mathit{instr}}_1~{{\mathit{instr}}_2^\ast}` is valid with :math:`{t_1^\ast}~{\rightarrow}_{{x_1^\ast}~{x_2^\ast}}\,{t_3^\ast}` if: + + + * :math:`{\mathit{instr}}_1` is valid with :math:`{t_1^\ast}~{\rightarrow}_{{x_1^\ast}}\,{t_2^\ast}`. + + * For all :math:`x_1` in :math:`{x_1^\ast}`: + + * The local :math:`C{.}\mathsf{locals}{}[x_1]` exists. + + * The local :math:`C{.}\mathsf{locals}{}[x_1]` is of the form :math:`({\mathit{init}}~t)`. + + * :math:`{t^\ast}` is the concatenation of all such :math:`t`. + + * :math:`{{\mathit{instr}}_2^\ast}` is valid with :math:`{t_2^\ast}~{\rightarrow}_{{x_2^\ast}}\,{t_3^\ast}`. + + + + +:math:`{{\mathit{instr}}^\ast}` is valid with :math:`{\mathit{it}}` if: + + + * :math:`{{\mathit{instr}}^\ast}` is valid with :math:`{\mathit{it}'}`. + + * The instruction type :math:`{\mathit{it}'}` :ref:`matches ` the instruction type :math:`{\mathit{it}}`. + + * The instruction type :math:`{\mathit{it}}` is :ref:`valid `. + + + + +:math:`{{\mathit{instr}}^\ast}` is valid with :math:`{t^\ast}~{t_1^\ast}~{\rightarrow}_{{x^\ast}}\,{t^\ast}~{t_2^\ast}` if: + + + * :math:`{{\mathit{instr}}^\ast}` is valid with :math:`{t_1^\ast}~{\rightarrow}_{{x^\ast}}\,{t_2^\ast}`. + + * The result type :math:`{t^\ast}` is :ref:`valid `. + + + + +:math:`{{\mathit{instr}}^\ast}` is valid with :math:`{t^\ast}` if: + + + * :math:`{{\mathit{instr}}^\ast}` is valid with :math:`\epsilon~\rightarrow~{t^\ast}`. + + + + +The tag instance :math:`\{ \mathsf{type}~{\mathit{jt}} \}` is :ref:`valid ` with the tag type :math:`{\mathit{jt}}` if: + - * The reference type :math:`{\mathit{rt}'}` :ref:`matches ` the reference type :math:`{\mathit{rt}}`. + * Under the context :math:`\{ \mathsf{return}~\epsilon \}`, the tag type :math:`{\mathit{jt}}` is :ref:`valid `. -The reference value :math:`\mathsf{ref{.}null}` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{null}~\mathsf{bot})`. +The global instance :math:`\{ \mathsf{type}~({\mathsf{mut}^?}~t),\;\allowbreak \mathsf{value}~{\mathit{val}} \}` is :ref:`valid ` with the global type :math:`({\mathsf{mut}^?}~t)` if: + * Under the context :math:`\{ \mathsf{return}~\epsilon \}`, the global type :math:`({\mathsf{mut}^?}~t)` is :ref:`valid `. + * The value :math:`{\mathit{val}}` is :ref:`valid ` with the value type :math:`t`. -The reference value :math:`(\mathsf{ref{.}i{\scriptstyle 31}}~i)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{i{\scriptstyle 31}})`. +The memory instance :math:`\{ \mathsf{type}~({\mathit{at}}~{}[ n .. m ]~\mathsf{page}),\;\allowbreak \mathsf{bytes}~{b^\ast} \}` is :ref:`valid ` with the memory type :math:`({\mathit{at}}~{}[ n .. m ]~\mathsf{page})` if: -The reference value :math:`(\mathsf{ref{.}struct}~a)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~{\mathit{dt}})` if: + * Under the context :math:`\{ \mathsf{return}~\epsilon \}`, the memory type :math:`({\mathit{at}}~{}[ n .. m ]~\mathsf{page})` is :ref:`valid `. - * The structure instance :math:`s{.}\mathsf{structs}{}[a]` exists. + * The length of :math:`{b^\ast}` is equal to :math:`n \cdot 64 \, {\mathrm{Ki}}`. - * The defined type :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{type}` is of the form :math:`{\mathit{dt}}`. +The table instance :math:`\{ \mathsf{type}~({\mathit{at}}~{}[ n .. m ]~{\mathit{rt}}),\;\allowbreak \mathsf{refs}~{{\mathit{ref}}^\ast} \}` is :ref:`valid ` with the table type :math:`({\mathit{at}}~{}[ n .. m ]~{\mathit{rt}})` if: -The reference value :math:`(\mathsf{ref{.}array}~a)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~{\mathit{dt}})` if: + * Under the context :math:`\{ \mathsf{return}~\epsilon \}`, the table type :math:`({\mathit{at}}~{}[ n .. m ]~{\mathit{rt}})` is :ref:`valid `. - * The array instance :math:`s{.}\mathsf{arrays}{}[a]` exists. + * The length of :math:`{{\mathit{ref}}^\ast}` is equal to :math:`n`. - * The defined type :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{type}` is of the form :math:`{\mathit{dt}}`. + * For all :math:`{\mathit{ref}}` in :math:`{{\mathit{ref}}^\ast}`: + * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}}`. -The reference value :math:`(\mathsf{ref{.}func}~a)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~{\mathit{dt}})` if: +The function instance :math:`\{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{module}~{\mathit{moduleinst}},\;\allowbreak \mathsf{code}~{\mathit{func}} \}` is :ref:`valid ` with the defined type :math:`{\mathit{dt}}` if: - * The function instance :math:`s{.}\mathsf{funcs}{}[a]` exists. - * The defined type :math:`s{.}\mathsf{funcs}{}[a]{.}\mathsf{type}` is of the form :math:`{\mathit{dt}}`. + * Under the context :math:`\{ \mathsf{return}~\epsilon \}`, the defined type :math:`{\mathit{dt}}` is :ref:`valid `. + * The module instance :math:`{\mathit{moduleinst}}` is :ref:`valid ` with the context :math:`C`. + * The function :math:`{\mathit{func}}` is :ref:`valid ` with the defined type :math:`{\mathit{dt}'}`. + * The defined type :math:`{\mathit{dt}'}` :ref:`matches ` the defined type :math:`{\mathit{dt}}`. -The reference value :math:`(\mathsf{ref{.}exn}~a)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{exn})` if: - * The exception instance :math:`s{.}\mathsf{exns}{}[a]` exists. +The structure instance :math:`\{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{fields}~{{\mathit{fv}}^\ast} \}` is :ref:`valid ` if: + * The :ref:`expansion ` of :math:`{\mathit{dt}}` is :math:`(\mathsf{struct}~{({\mathsf{mut}^?}~{\mathit{zt}})^\ast})`. -The reference value :math:`(\mathsf{ref{.}host}~a)` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{any})`. + * For all :math:`{\mathit{fv}}` in :math:`{{\mathit{fv}}^\ast}`, and corresponding :math:`{\mathit{zt}}` in :math:`{{\mathit{zt}}^\ast}`: + * The field value :math:`{\mathit{fv}}` is :ref:`valid ` with the storage type :math:`{\mathit{zt}}`. -The reference value :math:`(\mathsf{ref{.}extern}~{\mathit{ref}})` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{extern})` if: +The array instance :math:`\{ \mathsf{type}~{\mathit{dt}},\;\allowbreak \mathsf{fields}~{{\mathit{fv}}^\ast} \}` is :ref:`valid ` if: - * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`(\mathsf{ref}~\mathsf{any})`. - * The reference value :math:`{\mathit{ref}}` is not of the form :math:`\mathsf{ref{.}null}`. + * The :ref:`expansion ` of :math:`{\mathit{dt}}` is :math:`(\mathsf{array}~({\mathsf{mut}^?}~{\mathit{zt}}))`. + * For all :math:`{\mathit{fv}}` in :math:`{{\mathit{fv}}^\ast}`: + * The field value :math:`{\mathit{fv}}` is :ref:`valid ` with the storage type :math:`{\mathit{zt}}`. -The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}}` if: - * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}'}`. +The exception instance :math:`\{ \mathsf{tag}~{\mathit{ta}},\;\allowbreak \mathsf{fields}~{{\mathit{val}}^\ast} \}` is :ref:`valid ` if: - * The reference type :math:`{\mathit{rt}'}` :ref:`matches ` the reference type :math:`{\mathit{rt}}`. + * The tag instance :math:`s{.}\mathsf{tags}{}[{\mathit{ta}}]` exists. + * The tag type :math:`{\mathit{dt}}` is of the form :math:`s{.}\mathsf{tags}{}[{\mathit{ta}}]{.}\mathsf{type}`. + * The :ref:`expansion ` of :math:`{\mathit{dt}}` is :math:`(\mathsf{func}~{t^\ast}~\rightarrow)`. -The value :math:`{\mathit{val}}` is :ref:`valid ` with the value type :math:`{\mathit{valtype}}` if: + * For all :math:`t` in :math:`{t^\ast}`, and corresponding :math:`{\mathit{val}}` in :math:`{{\mathit{val}}^\ast}`: + * The value :math:`{\mathit{val}}` is :ref:`valid ` with the value type :math:`t`. - * Either: - * The value :math:`{\mathit{val}}` is of the form :math:`{\mathit{num}}`. - * The value type :math:`{\mathit{valtype}}` is of the form :math:`{\mathit{nt}}`. - * The number value :math:`{\mathit{num}}` is :ref:`valid ` with the number type :math:`{\mathit{nt}}`. +:math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}}_1` if: - * Or: - * The value :math:`{\mathit{val}}` is of the form :math:`{\mathit{vec}}`. + * Either: - * The value type :math:`{\mathit{valtype}}` is of the form :math:`{\mathit{vt}}`. + * :math:`{\mathit{fv}'}` is immutably reachable from :math:`{\mathit{fv}}_1`. + + * :math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}'}`. - * The vector value :math:`{\mathit{vec}}` is :ref:`valid ` with the vector type :math:`{\mathit{vt}}`. * Or: - * The value :math:`{\mathit{val}}` is of the form :math:`{\mathit{ref}}`. + * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}struct}~a)`. - * The value type :math:`{\mathit{valtype}}` is of the form :math:`{\mathit{rt}}`. + * The field value :math:`{\mathit{fv}}_2` is of the form :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]`. - * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}}`. + * The field value :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]` exists. + * The structure instance :math:`s{.}\mathsf{structs}{}[a]` exists. + * The :ref:`expansion ` of :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{struct}~{{\mathit{ft}}^\ast})`. + * The length of :math:`{{\mathit{ft}}^\ast}` is greater than :math:`i`. -The value :math:`{\mathit{num}}` is :ref:`valid ` with the value type :math:`{\mathit{nt}}` if: + * The field type :math:`{{\mathit{ft}}^\ast}{}[i]` is of the form :math:`(\epsilon~{\mathit{zt}})`. + * Or: + * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}array}~a)`. - * The number value :math:`{\mathit{num}}` is :ref:`valid ` with the number type :math:`{\mathit{nt}}`. + * The field value :math:`{\mathit{fv}}_2` is of the form :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]`. + * The field value :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]` exists. + * The array instance :math:`s{.}\mathsf{arrays}{}[a]` exists. + * The :ref:`expansion ` of :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{array}~(\epsilon~{\mathit{zt}}))`. + * Or: -The value :math:`{\mathit{vec}}` is :ref:`valid ` with the value type :math:`{\mathit{vt}}` if: + * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}exn}~a)`. + * The field value :math:`{\mathit{fv}}_2` is of the form :math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]`. - * The vector value :math:`{\mathit{vec}}` is :ref:`valid ` with the vector type :math:`{\mathit{vt}}`. + * The value :math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]` exists. + * The exception instance :math:`s{.}\mathsf{exns}{}[a]` exists. + * Or: + * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}extern}~{\mathit{ref}})`. + * The field value :math:`{\mathit{fv}}_2` is of the form :math:`{\mathit{ref}}`. -The value :math:`{\mathit{ref}}` is :ref:`valid ` with the value type :math:`{\mathit{rt}}` if: - * The reference value :math:`{\mathit{ref}}` is :ref:`valid ` with the reference type :math:`{\mathit{rt}}`. +:math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}}_1` if: + * :math:`{\mathit{fv}'}` is immutably reachable from :math:`{\mathit{fv}}_1`. -The external address :math:`{\mathit{externaddr}}` is :ref:`valid ` with the external type :math:`{\mathit{externtype}}` if: + * :math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}'}`. - * Either: - * The external address :math:`{\mathit{externaddr}}` is of the form :math:`(\mathsf{tag}~a)`. - * The external type :math:`{\mathit{externtype}}` is of the form :math:`(\mathsf{tag}~{\mathit{taginst}}{.}\mathsf{type})`. +:math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]` is immutably reachable from :math:`(\mathsf{ref{.}struct}~a)` if: - * The tag instance :math:`s{.}\mathsf{tags}{}[a]` exists. - * The tag instance :math:`s{.}\mathsf{tags}{}[a]` is of the form :math:`{\mathit{taginst}}`. + * The field value :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]` exists. - * Or: + * The structure instance :math:`s{.}\mathsf{structs}{}[a]` exists. - * The external address :math:`{\mathit{externaddr}}` is of the form :math:`(\mathsf{global}~a)`. + * The :ref:`expansion ` of :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{struct}~{{\mathit{ft}}^\ast})`. - * The external type :math:`{\mathit{externtype}}` is of the form :math:`(\mathsf{global}~{\mathit{globalinst}}{.}\mathsf{type})`. + * The length of :math:`{{\mathit{ft}}^\ast}` is greater than :math:`i`. - * The global instance :math:`s{.}\mathsf{globals}{}[a]` exists. + * The field type :math:`{{\mathit{ft}}^\ast}{}[i]` is of the form :math:`(\epsilon~{\mathit{zt}})`. - * The global instance :math:`s{.}\mathsf{globals}{}[a]` is of the form :math:`{\mathit{globalinst}}`. - * Or: - * The external address :math:`{\mathit{externaddr}}` is of the form :math:`(\mathsf{mem}~a)`. - * The external type :math:`{\mathit{externtype}}` is of the form :math:`(\mathsf{mem}~{\mathit{meminst}}{.}\mathsf{type})`. - * The memory instance :math:`s{.}\mathsf{mems}{}[a]` exists. +:math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]` is immutably reachable from :math:`(\mathsf{ref{.}array}~a)` if: - * The memory instance :math:`s{.}\mathsf{mems}{}[a]` is of the form :math:`{\mathit{meminst}}`. - * Or: - * The external address :math:`{\mathit{externaddr}}` is of the form :math:`(\mathsf{table}~a)`. + * The field value :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]` exists. - * The external type :math:`{\mathit{externtype}}` is of the form :math:`(\mathsf{table}~{\mathit{tableinst}}{.}\mathsf{type})`. + * The array instance :math:`s{.}\mathsf{arrays}{}[a]` exists. - * The table instance :math:`s{.}\mathsf{tables}{}[a]` exists. + * The :ref:`expansion ` of :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{array}~(\epsilon~{\mathit{zt}}))`. - * The table instance :math:`s{.}\mathsf{tables}{}[a]` is of the form :math:`{\mathit{tableinst}}`. - * Or: - * The external address :math:`{\mathit{externaddr}}` is of the form :math:`(\mathsf{func}~a)`. - * The external type :math:`{\mathit{externtype}}` is of the form :math:`(\mathsf{func}~{\mathit{funcinst}}{.}\mathsf{type})`. - * The function instance :math:`s{.}\mathsf{funcs}{}[a]` exists. +:math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]` is immutably reachable from :math:`(\mathsf{ref{.}exn}~a)` if: - * The function instance :math:`s{.}\mathsf{funcs}{}[a]` is of the form :math:`{\mathit{funcinst}}`. - * Or: - * The external address :math:`{\mathit{externaddr}}` is :ref:`valid ` with the external type :math:`{\mathit{xt}'}`. + * The value :math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]` exists. - * The external type :math:`{\mathit{xt}'}` :ref:`matches ` the external type :math:`{\mathit{externtype}}`. + * The exception instance :math:`s{.}\mathsf{exns}{}[a]` exists. -The external address :math:`(\mathsf{tag}~a)` is :ref:`valid ` with the external type :math:`(\mathsf{tag}~{\mathit{taginst}}{.}\mathsf{type})` if: +:math:`{\mathit{ref}}` is immutably reachable from :math:`(\mathsf{ref{.}extern}~{\mathit{ref}})`. - * The tag instance :math:`s{.}\mathsf{tags}{}[a]` exists. - * The tag instance :math:`s{.}\mathsf{tags}{}[a]` is of the form :math:`{\mathit{taginst}}`. +:math:`{\mathit{fv}}_2` is not immutably reachable from :math:`{\mathit{fv}}_1` if: + * NotImmutReachable(:math:`{\mathit{fv}}_1`, :math:`s`, :math:`{\mathit{fv}}_2`) is true. -The external address :math:`(\mathsf{global}~a)` is :ref:`valid ` with the external type :math:`(\mathsf{global}~{\mathit{globalinst}}{.}\mathsf{type})` if: - * The global instance :math:`s{.}\mathsf{globals}{}[a]` exists. - * The global instance :math:`s{.}\mathsf{globals}{}[a]` is of the form :math:`{\mathit{globalinst}}`. +The store :math:`s` is :ref:`valid ` if: + * For all : + * The tag instance :math:`{\mathit{taginst}}` is :ref:`valid ` with the tag type :math:`{\mathit{tagtype}}`. -The external address :math:`(\mathsf{mem}~a)` is :ref:`valid ` with the external type :math:`(\mathsf{mem}~{\mathit{meminst}}{.}\mathsf{type})` if: + * :math:`{{\mathit{taginst}}^\ast}` is the concatenation of all such :math:`{\mathit{taginst}}`. + * For all : - * The memory instance :math:`s{.}\mathsf{mems}{}[a]` exists. + * The global instance :math:`{\mathit{globalinst}}` is :ref:`valid ` with the global type :math:`{\mathit{globaltype}}`. - * The memory instance :math:`s{.}\mathsf{mems}{}[a]` is of the form :math:`{\mathit{meminst}}`. + * :math:`{{\mathit{globalinst}}^\ast}` is the concatenation of all such :math:`{\mathit{globalinst}}`. + * For all : + * The memory instance :math:`{\mathit{meminst}}` is :ref:`valid ` with the memory type :math:`{\mathit{memtype}}`. + * :math:`{{\mathit{meminst}}^\ast}` is the concatenation of all such :math:`{\mathit{meminst}}`. -The external address :math:`(\mathsf{table}~a)` is :ref:`valid ` with the external type :math:`(\mathsf{table}~{\mathit{tableinst}}{.}\mathsf{type})` if: + * For all : + * The table instance :math:`{\mathit{tableinst}}` is :ref:`valid ` with the table type :math:`{\mathit{tabletype}}`. - * The table instance :math:`s{.}\mathsf{tables}{}[a]` exists. + * :math:`{{\mathit{tableinst}}^\ast}` is the concatenation of all such :math:`{\mathit{tableinst}}`. - * The table instance :math:`s{.}\mathsf{tables}{}[a]` is of the form :math:`{\mathit{tableinst}}`. + * For all : + * The function instance :math:`{\mathit{funcinst}}` is :ref:`valid ` with the defined type :math:`{\mathit{deftype}}`. + * :math:`{{\mathit{funcinst}}^\ast}` is the concatenation of all such :math:`{\mathit{funcinst}}`. + * For all : -The external address :math:`(\mathsf{func}~a)` is :ref:`valid ` with the external type :math:`(\mathsf{func}~{\mathit{funcinst}}{.}\mathsf{type})` if: + * The data instance :math:`{\mathit{datainst}}` is :ref:`valid ` with the data type :math:`{\mathit{datatype}}`. + * :math:`{{\mathit{datainst}}^\ast}` is the concatenation of all such :math:`{\mathit{datainst}}`. - * The function instance :math:`s{.}\mathsf{funcs}{}[a]` exists. + * For all : - * The function instance :math:`s{.}\mathsf{funcs}{}[a]` is of the form :math:`{\mathit{funcinst}}`. + * The element instance :math:`{\mathit{eleminst}}` is :ref:`valid ` with the element type :math:`{\mathit{elemtype}}`. + * :math:`{{\mathit{eleminst}}^\ast}` is the concatenation of all such :math:`{\mathit{eleminst}}`. + * For all :math:`{\mathit{structinst}}` in :math:`{{\mathit{structinst}}^\ast}`: + * The structure instance :math:`{\mathit{structinst}}` is :ref:`valid `. -The external address :math:`{\mathit{externaddr}}` is :ref:`valid ` with the external type :math:`{\mathit{xt}}` if: + * For all :math:`{\mathit{arrayinst}}` in :math:`{{\mathit{arrayinst}}^\ast}`: + * The array instance :math:`{\mathit{arrayinst}}` is :ref:`valid `. - * The external address :math:`{\mathit{externaddr}}` is :ref:`valid ` with the external type :math:`{\mathit{xt}'}`. + * For all :math:`{\mathit{exninst}}` in :math:`{{\mathit{exninst}}^\ast}`: - * The external type :math:`{\mathit{xt}'}` :ref:`matches ` the external type :math:`{\mathit{xt}}`. + * The exception instance :math:`{\mathit{exninst}}` is :ref:`valid `. + * For all : + * :math:`(\mathsf{ref{.}struct}~a)` is not immutably reachable from :math:`(\mathsf{ref{.}struct}~a)`. + * :math:`(\mathsf{ref{.}array}~a)` is not immutably reachable from :math:`(\mathsf{ref{.}array}~a)`. -The identifier context :math:`I` is :ref:`valid ` if: + * :math:`(\mathsf{ref{.}exn}~a)` is not immutably reachable from :math:`(\mathsf{ref{.}exn}~a)`. + * The store :math:`s` is of the form :math:`\{ \mathsf{tags}~{{\mathit{taginst}}^\ast},\;\allowbreak \mathsf{globals}~{{\mathit{globalinst}}^\ast},\;\allowbreak \mathsf{mems}~{{\mathit{meminst}}^\ast},\;\allowbreak \mathsf{tables}~{{\mathit{tableinst}}^\ast},\;\allowbreak \mathsf{funcs}~{{\mathit{funcinst}}^\ast},\;\allowbreak \mathsf{datas}~{{\mathit{datainst}}^\ast},\;\allowbreak \mathsf{elems}~{{\mathit{eleminst}}^\ast},\;\allowbreak \mathsf{structs}~{{\mathit{structinst}}^\ast},\;\allowbreak \mathsf{arrays}~{{\mathit{arrayinst}}^\ast},\;\allowbreak \mathsf{exns}~{{\mathit{exninst}}^\ast} \}`. - * :math:`{\bigoplus}\, I{.}\mathsf{types}~{\mathrm{disjoint}}` is true. - * :math:`{\bigoplus}\, I{.}\mathsf{tags}~{\mathrm{disjoint}}` is true. - * :math:`{\bigoplus}\, I{.}\mathsf{globals}~{\mathrm{disjoint}}` is true. - * :math:`{\bigoplus}\, I{.}\mathsf{mems}~{\mathrm{disjoint}}` is true. +The state :math:`(s, f)` is :ref:`valid ` with the context :math:`C` if: - * :math:`{\bigoplus}\, I{.}\mathsf{tables}~{\mathrm{disjoint}}` is true. - * :math:`{\bigoplus}\, I{.}\mathsf{funcs}~{\mathrm{disjoint}}` is true. + * The store :math:`s` is :ref:`valid `. - * :math:`{\bigoplus}\, I{.}\mathsf{datas}~{\mathrm{disjoint}}` is true. + * The frame :math:`f` is :ref:`valid ` with the context :math:`C`. - * :math:`{\bigoplus}\, I{.}\mathsf{elems}~{\mathrm{disjoint}}` is true. - * :math:`{\bigoplus}\, I{.}\mathsf{locals}~{\mathrm{disjoint}}` is true. - * :math:`{\bigoplus}\, I{.}\mathsf{labels}~{\mathrm{disjoint}}` is true. - * For all :math:`{{\mathit{field}}^\ast}` in :math:`{{{\mathit{field}}^\ast}^\ast}`: +The configuration :math:`z~;~{{\mathit{instr}}^\ast}` is :ref:`valid ` if: - * :math:`{\bigoplus}\, {{\mathit{field}}^\ast}~{\mathrm{disjoint}}` is true. - * The name sequence sequence :math:`{{{\mathit{field}}^\ast}^\ast}` is of the form :math:`I{.}\mathsf{fields}`. + * The state :math:`z` is :ref:`valid ` with the context :math:`C`. + + * The expression :math:`{{\mathit{instr}}^\ast}` is :ref:`valid ` with the result type :math:`{t^\ast}`. @@ -26812,6 +27578,17 @@ The instruction sequence :math:`(\mathsf{block}~{\mathit{blocktype}}~{{\mathit{i #. Return :math:`{\mathrm{imports}}({{\mathit{decl}}_1^\ast}) = \epsilon` and :math:`{\mathrm{tags}}({{\mathit{decl}}_1^\ast}) = \epsilon` and :math:`{\mathrm{globals}}({{\mathit{decl}}_1^\ast}) = \epsilon` and :math:`{\mathrm{mems}}({{\mathit{decl}}_1^\ast}) = \epsilon` and :math:`{\mathrm{tables}}({{\mathit{decl}}_1^\ast}) = \epsilon` and :math:`{\mathrm{funcs}}({{\mathit{decl}}_1^\ast}) = \epsilon`. +NotImmutReachable(:math:`{\mathit{fv}}_1`, :math:`s`, :math:`{\mathit{fv}}_2`) +.............................................................................. + + +1. If `rel(ImmutReachable, [fv_1, s, fv_2])`, then: + + a. Return false. + +#. Return true. + + :math:`{{{\mathrm{allocX}}^\ast}}{(s, {{X''}^\ast}, {{Y''}^\ast})}` ................................................................... @@ -26893,6 +27670,8 @@ Heaptype_ok - Or: - heaptype is typeuse. - the type use typeuse is valid. + - Or: + - heaptype is BOT. Heaptype_ok/abs - the heap type absheaptype is always valid. @@ -26901,6 +27680,9 @@ Heaptype_ok/typeuse - the heap type typeuse is valid if: - typeuse is valid. +Heaptype_ok/bot +- the heap type BOT is always valid. + Reftype_ok - the reference type (REF NULL? heaptype) is valid if: - the heap type heaptype is valid. @@ -27012,39 +27794,11 @@ Comptype_ok/func - the result type t_1* is valid. - the result type t_2* is valid. -Subtype_ok -- the sub type (SUB FINAL? (_IDX x)* comptype) is valid for the type index (OK x_0) if: - - |x*| is less than or equal to 1. - - For all x in x*: - - the index x is less than x_0. - - the type C.TYPES[x] exists. - - the sub type $unrolldt(C.TYPES[x]) is (SUB ?() (_IDX x')* comptype'). - - comptype'* is the concatenation of all such comptype'. - - the composite type comptype is valid. - - For all comptype' in comptype'*: - - comptype matches the composite type comptype'. - -Rectype_ok -- the recursive type (REC subtype*) is valid for the type index (OK x) if: - - Either: - - the sub type sequence subtype* is []. - - Or: - - subtype* is [subtype_1] :: subtype'*. - - the sub type subtype_1 is valid for (OK x). - - the recursive type (REC subtype'*) is valid for the type index (OK (x + 1)). - -Rectype_ok/empty -- the recursive type (REC []) is valid for (OK x). - -Rectype_ok/cons -- the recursive type (REC [subtype_1] :: subtype*) is valid for the type index (OK x) if: - - the sub type subtype_1 is valid for (OK x). - - the recursive type (REC subtype*) is valid for the type index (OK (x + 1)). - Subtype_ok2 - the sub type (SUB FINAL? typeuse* comptype) is valid for (OK x i) if: - |typeuse*| is less than or equal to 1. - For all typeuse in typeuse*: + - the type use typeuse is valid. - $before(typeuse, x, i) is true. - the sub type $unrollht(C, typeuse) is (SUB ?() typeuse'* comptype'). - comptype'* is the concatenation of all such comptype'. @@ -27059,7 +27813,7 @@ Rectype_ok2 - Or: - subtype* is [subtype_1] :: subtype'*. - the sub type subtype_1 is valid for (OK x i). - - the recursive type (REC subtype'*) is valid for (OK (x + 1) (i + 1)). + - the recursive type (REC subtype'*) is valid for (OK x (i + 1)). Rectype_ok2/empty - the recursive type (REC []) is valid for (OK x i). @@ -27067,11 +27821,12 @@ Rectype_ok2/empty Rectype_ok2/cons - the recursive type (REC [subtype_1] :: subtype*) is valid for (OK x i) if: - the sub type subtype_1 is valid for (OK x i). - - the recursive type (REC subtype*) is valid for (OK (x + 1) (i + 1)). + - the recursive type (REC subtype*) is valid for (OK x (i + 1)). Deftype_ok - the defined type (_DEF rectype i) is valid if: - - the recursive type rectype is valid for the type index (OK x). + - the context C' is the context C with .RECS prepended by subtype^n. + - Under the context C', the recursive type rectype is valid for (OK x 0). - rectype is (REC subtype^n). - i is less than n. @@ -27364,6 +28119,10 @@ Fieldtype_sub/var - the storage type zt_1 matches the storage type zt_2. - zt_2 matches zt_1. +Localtype_ok +- the local type (init t) is valid if: + - the value type t is valid. + Instrtype_ok - the instruction type t_1* ->_ x* t_2* is valid if: - the result type t_1* is valid. @@ -27390,6 +28149,35 @@ Expand_use/typeidx - the type C.TYPES[typeidx] exists. - The :ref:`expansion ` of C.TYPES[typeidx] is comptype. +Subtype_ok +- the sub type (SUB FINAL? (_IDX x)* comptype) is valid for the type index (OK x_0) if: + - |x*| is less than or equal to 1. + - For all x in x*: + - the index x is less than x_0. + - the type C.TYPES[x] exists. + - the sub type $unrolldt(C.TYPES[x]) is (SUB ?() (_IDX x')* comptype'). + - comptype'* is the concatenation of all such comptype'. + - the composite type comptype is valid. + - For all comptype' in comptype'*: + - comptype matches the composite type comptype'. + +Rectype_ok +- the recursive type (REC subtype*) is valid for the type index (OK x) if: + - Either: + - the sub type sequence subtype* is []. + - Or: + - subtype* is [subtype_1] :: subtype'*. + - the sub type subtype_1 is valid for (OK x). + - the recursive type (REC subtype'*) is valid for the type index (OK (x + 1)). + +Rectype_ok/empty +- the recursive type (REC []) is valid for (OK x). + +Rectype_ok/cons +- the recursive type (REC [subtype_1] :: subtype*) is valid for the type index (OK x) if: + - the sub type subtype_1 is valid for (OK x). + - the recursive type (REC subtype*) is valid for the type index (OK (x + 1)). + Limits_ok - the limits range ([ n .. m? ]) is valid within k if: - n is less than or equal to k. @@ -28789,6 +29577,28 @@ Val_ok/ref - the value ref is valid with the value type rt if: - ref is valid with rt. +Packval_ok +- the packed value (PACK pt c) is valid with the packed type pt. + +Fieldval_ok +- the field value fieldval is valid with the storage type storagetype if: + - Either: + - fieldval is val. + - storagetype is t. + - the value val is valid with the value type t. + - Or: + - fieldval is packval. + - storagetype is pt. + - the packed value packval is valid with the packed type pt. + +Fieldval_ok/val +- the field value val is valid with the storage type t if: + - val is valid with t. + +Fieldval_ok/packval +- the field value packval is valid with the storage type pt if: + - packval is valid with pt. + Externaddr_ok - the external address externaddr is valid with the external type externtype if: - Either: @@ -28866,6 +29676,364 @@ Idctxt_ok - $disjoint_(`name, $concatopt_(`name, [?(field*)])) is true. - the name sequence sequence [?(field*)*] is I.FIELDS. +Context_ok +- the context C is valid if: + - C is { TYPES: dt^n; RECS: st^m; TAGS: jt*; GLOBALS: gt*; MEMS: mt*; TABLES: tt*; FUNCS: dt_F*; DATAS: ok*; ELEMS: et*; LOCALS: lct*; LABELS: [rt*]; RETURN: ?(rt'?); REFS: x* }. + - the context C_0 is { TYPES: dt^n; RETURN: ?() }. + - For all dt in dt*: + - Under the context { TYPES: dt^n[0 : i]; RETURN: ?() }, the defined type dt is valid. + - For all st in st*: + - Under the context { TYPES: dt^n; RECS: st^m; RETURN: ?() }, the sub type st is valid for (OK n i). + - For all jt in jt*: + - Under the context C_0, the tag type jt is valid. + - For all gt in gt*: + - Under the context C_0, the global type gt is valid. + - For all mt in mt*: + - Under the context C_0, the memory type mt is valid. + - For all tt in tt*: + - Under the context C_0, the table type tt is valid. + - For all dt_F in dt_F*: + - Under the context C_0, the defined type dt_F is valid. + - The :ref:`expansion ` of dt_F is (FUNC [t_1] -> [t_2]). + - For all et in et*: + - Under the context C_0, the reference type et is valid. + - For all lct in lct*: + - Under the context C_0, the local type lct is valid. + - For all rt in rt*: + - Under the context C_0, the result type [rt] is valid. + - If rt' is defined, then: + - Under the context C_0, the result type [rt'] is valid. + - For all x in x*: + - |dt_F*| is greater than x. + +Localval_ok +- the value val? is valid with the local type (init t) if: + - Either: + - val? is ?(val'). + - the initialization status init is SET. + - the value val' is valid with the value type t. + - Or: + - val? is ?(). + - init is UNSET. + - t is BOT. + +Localval_ok/set +- the value ?(val) is valid with the local type (SET t) if: + - the value val is valid with the value type t. + +Localval_ok/unset +- the value ?() is valid with the local type (UNSET BOT). + +Datainst_ok +- the data instance { BYTES: b* } is valid with the data type OK. + +Eleminst_ok +- the element instance { TYPE: rt; REFS: ref* } is valid with the element type rt if: + - Under the context { RETURN: ?() }, rt is valid. + - For all ref in ref*: + - the reference value ref is valid with rt. + +Exportinst_ok +- the export instance { NAME: nm; ADDR: xa } is valid if: + - the external address xa is valid with the external type xt. + +Moduleinst_ok +- the module instance { TYPES: deftype*; TAGS: tagaddr*; GLOBALS: globaladdr*; MEMS: memaddr*; TABLES: tableaddr*; FUNCS: funcaddr*; DATAS: dataaddr*; ELEMS: elemaddr*; EXPORTS: exportinst* } is valid with the context { TYPES: deftype*; RECS: subtype*; TAGS: tagtype*; GLOBALS: globaltype*; MEMS: memtype*; TABLES: tabletype*; FUNCS: deftype_F*; DATAS: datatype*; ELEMS: elemtype*; RETURN: ?(); REFS: i^(i<|funcaddr*|) } if: + - For all deftype in deftype*: + - Under the context { RETURN: ?() }, the defined type deftype is valid. + - For all tagaddr in tagaddr*, and corresponding tagtype in tagtype*: + - the external address (TAG tagaddr) is valid with the external type (TAG tagtype). + - For all globaladdr in globaladdr*, and corresponding globaltype in globaltype*: + - the external address (GLOBAL globaladdr) is valid with the external type (GLOBAL globaltype). + - For all deftype_F in deftype_F*, and corresponding funcaddr in funcaddr*: + - the external address (FUNC funcaddr) is valid with the external type (FUNC deftype_F). + - For all memaddr in memaddr*, and corresponding memtype in memtype*: + - the external address (MEM memaddr) is valid with the external type (MEM memtype). + - For all tableaddr in tableaddr*, and corresponding tabletype in tabletype*: + - the external address (TABLE tableaddr) is valid with the external type (TABLE tabletype). + - For all dataaddr in dataaddr*: + - the data instance s.DATAS[dataaddr] exists. + - For all dataaddr in dataaddr*, and corresponding datatype in datatype*: + - s.DATAS[dataaddr] is valid with the data type datatype. + - For all elemaddr in elemaddr*: + - the element instance s.ELEMS[elemaddr] exists. + - For all elemaddr in elemaddr*, and corresponding elemtype in elemtype*: + - s.ELEMS[elemaddr] is valid with the element type elemtype. + - For all exportinst in exportinst*: + - the export instance exportinst is valid. + - $disjoint_(`name, exportinst.NAME*) is true. + - |(TAG tagaddr)* :: (GLOBAL globaladdr)* :: (MEM memaddr)* :: (TABLE tableaddr)* :: (FUNC funcaddr)*| is greater than 0. + - For all exportinst in exportinst*: + - exportinst.ADDR is contained in (TAG tagaddr)* :: (GLOBAL globaladdr)* :: (MEM memaddr)* :: (TABLE tableaddr)* :: (FUNC funcaddr)*. + +Frame_ok +- the frame { LOCALS: val?*; MODULE: moduleinst } is valid with the context C with .LOCALS appended by lct* if: + - the module instance moduleinst is valid with the context C. + - For all lct in lct*, and corresponding val? in val?*: + - the value val? is valid with the local type lct. + +Instr_ok2 +- instr is valid with valtype* ->_ localidx* valtype'* if: + - Either: + - the instruction instr is valid with the instruction type valtype* ->_ localidx* valtype'*. + - Or: + - instr is ref. + - the value type sequence valtype* is []. + - the local index sequence localidx* is []. + - the value type sequence valtype'* is [rt]. + - the reference value ref is valid with the reference type rt. + - Or: + - instr is (LABEL_ n { instr'* } instr''*). + - valtype* is []. + - localidx* is []. + - instr'* is valid with t'^n ->_ x'* valtype'*. + - instr''* is valid with [] ->_ x* valtype'*. + - Or: + - instr is (FRAME_ n { f } instr''*). + - valtype* is []. + - localidx* is []. + - the frame f is valid with the context C'. + - instr''* is valid with valtype'^n. + - Or: + - instr is (HANDLER_ n { catch* } instr''*). + - localidx* is []. + - For all catch in catch*: + - the catch clause catch is valid. + - instr''* is valid with valtype* ->_ x* valtype'*. + - Or: + - instr is TRAP. + - localidx* is []. + - the instruction type valtype* -> valtype'* is valid. + +Instr_ok2/plain +- instr is valid with t_1* ->_ x* t_2* if: + - the instruction instr is valid with the instruction type t_1* ->_ x* t_2*. + +Instr_ok2/ref +- ref is valid with [] -> [rt] if: + - the reference value ref is valid with the reference type rt. + +Instr_ok2/label +- (LABEL_ n { instr'* } instr*) is valid with [] -> t* if: + - instr'* is valid with t'^n ->_ x'* t*. + - instr* is valid with [] ->_ x* t*. + +Instr_ok2/frame +- (FRAME_ n { f } instr*) is valid with [] -> t^n if: + - the frame f is valid with the context C'. + - instr* is valid with t^n. + +Instr_ok2/handler +- (HANDLER_ n { catch* } instr*) is valid with t_1* -> t_2* if: + - For all catch in catch*: + - the catch clause catch is valid. + - instr* is valid with t_1* ->_ x* t_2*. + +Instr_ok2/trap +- TRAP is valid with t_1* -> t_2* if: + - the instruction type t_1* -> t_2* is valid. + +Instrs_ok2 +- instr* is valid with it if: + - Either: + - the instruction sequence instr* is []. + - the instruction type it is [] -> []. + - Or: + - instr* is [instr_1] :: instr_2*. + - it is t_1* ->_ x_1* :: x_2* t_3*. + - instr_1 is valid with t_1* ->_ x_1* t_2*. + - For all x_1 in x_1*: + - the local C.LOCALS[x_1] exists. + - C.LOCALS[x_1] is (init t). + - instr_2* is valid with t_2* ->_ x_2* t_3*. + - Or: + - instr* is valid with it''. + - the instruction type it'' matches it. + - it is valid. + - Or: + - it is t* :: t_1* ->_ x* t* :: t_2*. + - instr* is valid with t_1* ->_ x* t_2*. + - the result type t* is valid. + +Instrs_ok2/empty +- [] is valid with [] -> []. + +Instrs_ok2/seq +- [instr_1] :: instr_2* is valid with t_1* ->_ x_1* :: x_2* t_3* if: + - instr_1 is valid with t_1* ->_ x_1* t_2*. + - For all x_1 in x_1*: + - the local C.LOCALS[x_1] exists. + - C.LOCALS[x_1] is (init t). + - t* is the concatenation of all such t. + - instr_2* is valid with t_2* ->_ x_2* t_3*. + +Instrs_ok2/sub +- instr* is valid with it if: + - instr* is valid with it'. + - the instruction type it' matches the instruction type it. + - it is valid. + +Instrs_ok2/frame +- instr* is valid with t* :: t_1* ->_ x* t* :: t_2* if: + - instr* is valid with t_1* ->_ x* t_2*. + - the result type t* is valid. + +Expr_ok2 +- instr* is valid with t* if: + - instr* is valid with [] -> t*. + +Taginst_ok +- the tag instance { TYPE: jt } is valid with the tag type jt if: + - Under the context { RETURN: ?() }, jt is valid. + +Globalinst_ok +- the global instance { TYPE: (mut? t); VALUE: val } is valid with the global type (mut? t) if: + - Under the context { RETURN: ?() }, (mut? t) is valid. + - the value val is valid with the value type t. + +Meminst_ok +- the memory instance { TYPE: at ([ n .. ?(m) ]) PAGE; BYTES: b* } is valid with the memory type at ([ n .. ?(m) ]) PAGE if: + - Under the context { RETURN: ?() }, at ([ n .. ?(m) ]) PAGE is valid. + - |b*| is (n * (64 * $Ki())). + +Tableinst_ok +- the table instance { TYPE: (at ([ n .. ?(m) ]) rt); REFS: ref* } is valid with the table type (at ([ n .. ?(m) ]) rt) if: + - Under the context { RETURN: ?() }, (at ([ n .. ?(m) ]) rt) is valid. + - |ref*| is n. + - For all ref in ref*: + - the reference value ref is valid with the reference type rt. + +Funcinst_ok +- the function instance { TYPE: dt; MODULE: moduleinst; CODE: func } is valid with the defined type dt if: + - Under the context { RETURN: ?() }, dt is valid. + - the module instance moduleinst is valid with the context C. + - the function func is valid with the defined type dt'. + - dt' matches dt. + +Structinst_ok +- the structure instance { TYPE: dt; FIELDS: fv* } is valid if: + - The :ref:`expansion ` of dt is (STRUCT (mut? zt)*). + - For all fv in fv*, and corresponding zt in zt*: + - the field value fv is valid with the storage type zt. + +Arrayinst_ok +- the array instance { TYPE: dt; FIELDS: fv* } is valid if: + - The :ref:`expansion ` of dt is (ARRAY (mut? zt)). + - For all fv in fv*: + - the field value fv is valid with the storage type zt. + +Exninst_ok +- the exception instance { TAG: ta; FIELDS: val* } is valid if: + - the tag instance s.TAGS[ta] exists. + - the tag type dt is s.TAGS[ta].TYPE. + - The :ref:`expansion ` of dt is (FUNC t* -> []). + - For all t in t*, and corresponding val in val*: + - the value val is valid with the value type t. + +ImmutReachable +- fv_2 is immutably reachable from fv_1 if: + - Either: + - fv' is immutably reachable from fv_1. + - fv_2 is immutably reachable from fv'. + - Or: + - the field value fv_1 is (REF.STRUCT_ADDR a). + - the field value fv_2 is s.STRUCTS[a].FIELDS[i]. + - the field value s.STRUCTS[a].FIELDS[i] exists. + - the structure instance s.STRUCTS[a] exists. + - The :ref:`expansion ` of s.STRUCTS[a].TYPE is (STRUCT ft*). + - |ft*| is greater than i. + - the field type ft*[i] is (?() zt). + - Or: + - fv_1 is (REF.ARRAY_ADDR a). + - fv_2 is s.ARRAYS[a].FIELDS[i]. + - the field value s.ARRAYS[a].FIELDS[i] exists. + - the array instance s.ARRAYS[a] exists. + - The :ref:`expansion ` of s.ARRAYS[a].TYPE is (ARRAY (?() zt)). + - Or: + - fv_1 is (REF.EXN_ADDR a). + - fv_2 is s.EXNS[a].FIELDS[i]. + - the value s.EXNS[a].FIELDS[i] exists. + - the exception instance s.EXNS[a] exists. + - Or: + - fv_1 is (REF.EXTERN ref). + - fv_2 is ref. + +ImmutReachable/trans +- fv_2 is immutably reachable from fv_1 if: + - fv' is immutably reachable from fv_1. + - fv_2 is immutably reachable from fv'. + +ImmutReachable/ref.struct +- s.STRUCTS[a].FIELDS[i] is immutably reachable from (REF.STRUCT_ADDR a) if: + - the field value s.STRUCTS[a].FIELDS[i] exists. + - the structure instance s.STRUCTS[a] exists. + - The :ref:`expansion ` of s.STRUCTS[a].TYPE is (STRUCT ft*). + - |ft*| is greater than i. + - the field type ft*[i] is (?() zt). + +ImmutReachable/ref.array +- s.ARRAYS[a].FIELDS[i] is immutably reachable from (REF.ARRAY_ADDR a) if: + - the field value s.ARRAYS[a].FIELDS[i] exists. + - the array instance s.ARRAYS[a] exists. + - The :ref:`expansion ` of s.ARRAYS[a].TYPE is (ARRAY (?() zt)). + +ImmutReachable/ref.exn +- s.EXNS[a].FIELDS[i] is immutably reachable from (REF.EXN_ADDR a) if: + - the value s.EXNS[a].FIELDS[i] exists. + - the exception instance s.EXNS[a] exists. + +ImmutReachable/ref.extern +- ref is immutably reachable from (REF.EXTERN ref). + +NotImmutReachable +- fv_2 is not immutably reachable from fv_1 if: + - $NotImmutReachable(fv_1, s, fv_2) is true. + +Store_ok +- the store s is valid if: + - For all : + - the tag instance taginst is valid with the tag type tagtype. + - taginst* is the concatenation of all such taginst. + - For all : + - the global instance globalinst is valid with the global type globaltype. + - globalinst* is the concatenation of all such globalinst. + - For all : + - the memory instance meminst is valid with the memory type memtype. + - meminst* is the concatenation of all such meminst. + - For all : + - the table instance tableinst is valid with the table type tabletype. + - tableinst* is the concatenation of all such tableinst. + - For all : + - the function instance funcinst is valid with the defined type deftype. + - funcinst* is the concatenation of all such funcinst. + - For all : + - the data instance datainst is valid with the data type datatype. + - datainst* is the concatenation of all such datainst. + - For all : + - the element instance eleminst is valid with the element type elemtype. + - eleminst* is the concatenation of all such eleminst. + - For all structinst in structinst*: + - the structure instance structinst is valid. + - For all arrayinst in arrayinst*: + - the array instance arrayinst is valid. + - For all exninst in exninst*: + - the exception instance exninst is valid. + - For all : + - (REF.STRUCT_ADDR a) is not immutably reachable from (REF.STRUCT_ADDR a). + - (REF.ARRAY_ADDR a) is not immutably reachable from (REF.ARRAY_ADDR a). + - (REF.EXN_ADDR a) is not immutably reachable from (REF.EXN_ADDR a). + - s is { TAGS: taginst*; GLOBALS: globalinst*; MEMS: meminst*; TABLES: tableinst*; FUNCS: funcinst*; DATAS: datainst*; ELEMS: eleminst*; STRUCTS: structinst*; ARRAYS: arrayinst*; EXNS: exninst* }. + +State_ok +- the state (s, f) is valid with the context C if: + - the store s is valid. + - the frame f is valid with C. + +Config_ok +- the configuration z ; instr* is valid if: + - the state z is valid with the context C. + - the expression instr* is valid with the result type t*. + NotationTypingInstrScheme - the instruction sequence [instr] is valid with the instruction type valtype* -> valtype'* if: - Either: @@ -33184,6 +34352,11 @@ ordered decl* 3. Let decl_1* :: [import] :: decl_2* be decl*. 4. Return (((((($importsd(decl_1*) = []) /\ ($tagsd(decl_1*) = [])) /\ ($globalsd(decl_1*) = [])) /\ ($memsd(decl_1*) = [])) /\ ($tablesd(decl_1*) = [])) /\ ($funcsd(decl_1*) = [])). +NotImmutReachable fv_1 s fv_2 +1. If the relation ImmutReachable(fv_1, s, fv_2) holds, then: + a. Return false. +2. Return true. + allocXs `X `Y s X''* Y''* 1. If (X''* = []), then: a. Assert: Due to validation, (Y''* = []). diff --git a/spectec/test-splice/TEST.md b/spectec/test-splice/TEST.md index 6f602b04e6..d666929f4e 100644 --- a/spectec/test-splice/TEST.md +++ b/spectec/test-splice/TEST.md @@ -946,6 +946,7 @@ warning: grammar `TuNplain` was never spliced warning: grammar `Tvaltype_` was never spliced warning: grammar `Tvar` was never spliced warning: grammar `Tvectype` was never spliced +warning: rule `Arrayinst_ok` was never spliced warning: rule `Blocktype_ok/valtype` was never spliced warning: rule `Blocktype_ok/typeidx` was never spliced warning: rule `Catch_ok/catch` was never spliced @@ -958,7 +959,10 @@ warning: rule `Comptype_ok/func` was never spliced warning: rule `Comptype_sub/struct` was never spliced warning: rule `Comptype_sub/array` was never spliced warning: rule `Comptype_sub/func` was never spliced +warning: rule `Config_ok` was never spliced +warning: rule `Context_ok` was never spliced warning: rule `Data_ok` was never spliced +warning: rule `Datainst_ok` was never spliced warning: rule `Datamode_ok/passive` was never spliced warning: rule `Datamode_ok/active` was never spliced warning: rule `Defaultable` was never spliced @@ -966,17 +970,32 @@ warning: rule `Deftype_ok` was never spliced warning: rule `Deftype_sub/refl` was never spliced warning: rule `Deftype_sub/super` was never spliced warning: rule `Elem_ok` was never spliced +warning: rule `Eleminst_ok` was never spliced warning: rule `Elemmode_ok/passive` was never spliced warning: rule `Elemmode_ok/declare` was never spliced warning: rule `Elemmode_ok/active` was never spliced warning: rule `Eval_expr` was never spliced +warning: rule `Exninst_ok` was never spliced warning: rule `Expand` was never spliced warning: rule `Expand_use/deftype` was never spliced warning: rule `Expand_use/typeidx` was never spliced warning: rule `Export_ok` was never spliced +warning: rule `Exportinst_ok` was never spliced warning: rule `Expr_const` was never spliced warning: rule `Expr_ok` was never spliced +warning: rule `Expr_ok2` was never spliced warning: rule `Expr_ok_const` was never spliced +warning: rule `Extend_arrayinst` was never spliced +warning: rule `Extend_datainst` was never spliced +warning: rule `Extend_eleminst` was never spliced +warning: rule `Extend_exninst` was never spliced +warning: rule `Extend_funcinst` was never spliced +warning: rule `Extend_globalinst` was never spliced +warning: rule `Extend_meminst` was never spliced +warning: rule `Extend_store` was never spliced +warning: rule `Extend_structinst` was never spliced +warning: rule `Extend_tableinst` was never spliced +warning: rule `Extend_taginst` was never spliced warning: rule `Externaddr_ok/tag` was never spliced warning: rule `Externaddr_ok/global` was never spliced warning: rule `Externaddr_ok/mem` was never spliced @@ -1001,8 +1020,13 @@ warning: rule `Externtype_sub/func` was never spliced warning: rule `Fieldtype_ok` was never spliced warning: rule `Fieldtype_sub/const` was never spliced warning: rule `Fieldtype_sub/var` was never spliced +warning: rule `Fieldval_ok/val` was never spliced +warning: rule `Fieldval_ok/packval` was never spliced +warning: rule `Frame_ok` was never spliced warning: rule `Func_ok` was never spliced +warning: rule `Funcinst_ok` was never spliced warning: rule `Global_ok` was never spliced +warning: rule `Globalinst_ok` was never spliced warning: rule `Globals_ok/empty` was never spliced warning: rule `Globals_ok/cons` was never spliced warning: rule `Globaltype_ok` was never spliced @@ -1010,6 +1034,7 @@ warning: rule `Globaltype_sub/const` was never spliced warning: rule `Globaltype_sub/var` was never spliced warning: rule `Heaptype_ok/abs` was never spliced warning: rule `Heaptype_ok/typeuse` was never spliced +warning: rule `Heaptype_ok/bot` was never spliced warning: rule `Heaptype_sub/refl` was never spliced warning: rule `Heaptype_sub/trans` was never spliced warning: rule `Heaptype_sub/eq-any` was never spliced @@ -1029,6 +1054,11 @@ warning: rule `Heaptype_sub/noexn` was never spliced warning: rule `Heaptype_sub/noextern` was never spliced warning: rule `Heaptype_sub/bot` was never spliced warning: rule `Idctxt_ok` was never spliced +warning: rule `ImmutReachable/trans` was never spliced +warning: rule `ImmutReachable/ref.struct` was never spliced +warning: rule `ImmutReachable/ref.array` was never spliced +warning: rule `ImmutReachable/ref.exn` was never spliced +warning: rule `ImmutReachable/ref.extern` was never spliced warning: rule `Import_ok` was never spliced warning: rule `Instr_const/const` was never spliced warning: rule `Instr_const/vconst` was never spliced @@ -1147,9 +1177,19 @@ warning: rule `Instr_ok/vextbinop` was never spliced warning: rule `Instr_ok/vextternop` was never spliced warning: rule `Instr_ok/vnarrow` was never spliced warning: rule `Instr_ok/vcvtop` was never spliced +warning: rule `Instr_ok2/plain` was never spliced +warning: rule `Instr_ok2/ref` was never spliced +warning: rule `Instr_ok2/label` was never spliced +warning: rule `Instr_ok2/frame` was never spliced +warning: rule `Instr_ok2/handler` was never spliced +warning: rule `Instr_ok2/trap` was never spliced warning: rule `Instrs_ok/empty` was spliced more than once warning: rule `Instrs_ok/sub` was never spliced warning: rule `Instrs_ok/frame` was spliced more than once +warning: rule `Instrs_ok2/empty` was never spliced +warning: rule `Instrs_ok2/seq` was never spliced +warning: rule `Instrs_ok2/sub` was never spliced +warning: rule `Instrs_ok2/frame` was never spliced warning: rule `Instrtype_ok` was never spliced warning: rule `Instrtype_sub` was never spliced warning: rule `Limits_ok` was never spliced @@ -1157,12 +1197,18 @@ warning: rule `Limits_sub/max` was never spliced warning: rule `Limits_sub/eps` was never spliced warning: rule `Local_ok/set` was never spliced warning: rule `Local_ok/unset` was never spliced +warning: rule `Localtype_ok` was never spliced +warning: rule `Localval_ok/set` was never spliced +warning: rule `Localval_ok/unset` was never spliced warning: rule `Mem_ok` was never spliced warning: rule `Memarg_ok` was never spliced +warning: rule `Meminst_ok` was never spliced warning: rule `Memtype_ok` was never spliced warning: rule `Memtype_sub` was never spliced warning: rule `Module_ok` was never spliced +warning: rule `Moduleinst_ok` was never spliced warning: rule `Nondefaultable` was never spliced +warning: rule `NotImmutReachable` was never spliced warning: rule `NotationReduct/2` was never spliced warning: rule `NotationReduct/3` was never spliced warning: rule `NotationReduct/4` was never spliced @@ -1175,9 +1221,9 @@ warning: rule `Numtype_ok` was never spliced warning: rule `Numtype_sub` was never spliced warning: rule `Packtype_ok` was never spliced warning: rule `Packtype_sub` was never spliced +warning: rule `Packval_ok` was never spliced warning: rule `Rectype_ok/empty` was never spliced warning: rule `Rectype_ok/cons` was never spliced -warning: rule `Rectype_ok/_rec2` was never spliced warning: rule `Rectype_ok2/empty` was never spliced warning: rule `Rectype_ok2/cons` was never spliced warning: rule `Ref_ok/null` was never spliced @@ -1195,6 +1241,7 @@ warning: rule `Reftype_sub/null` was never spliced warning: rule `Resulttype_ok` was never spliced warning: rule `Resulttype_sub` was never spliced warning: rule `Start_ok` was never spliced +warning: rule `State_ok` was never spliced warning: rule `Step/ctxt-instrs` was never spliced warning: rule `Step/ctxt-label` was never spliced warning: rule `Step/ctxt-handler` was never spliced @@ -1413,12 +1460,16 @@ warning: rule `Storagetype_ok/val` was never spliced warning: rule `Storagetype_ok/pack` was never spliced warning: rule `Storagetype_sub/val` was never spliced warning: rule `Storagetype_sub/pack` was never spliced +warning: rule `Store_ok` was never spliced +warning: rule `Structinst_ok` was never spliced warning: rule `Subtype_ok` was never spliced warning: rule `Subtype_ok2` was never spliced warning: rule `Table_ok` was never spliced +warning: rule `Tableinst_ok` was never spliced warning: rule `Tabletype_ok` was never spliced warning: rule `Tabletype_sub` was never spliced warning: rule `Tag_ok` was never spliced +warning: rule `Taginst_ok` was never spliced warning: rule `Tagtype_ok` was never spliced warning: rule `Tagtype_sub` was never spliced warning: rule `Type_ok` was never spliced @@ -1459,6 +1510,7 @@ warning: definition `NULLEXNREF` was never spliced warning: definition `NULLEXTERNREF` was never spliced warning: definition `NULLFUNCREF` was never spliced warning: definition `NULLREF` was never spliced +warning: definition `NotImmutReachable` was never spliced warning: definition `R_fmadd` was never spliced warning: definition `R_fmax` was never spliced warning: definition `R_fmin` was never spliced @@ -1898,6 +1950,7 @@ warning: definition `zbytes_` was never spliced warning: definition `zero` was never spliced warning: definition `zeroop` was never spliced warning: definition `zsize` was never spliced +warning: rule prose `Arrayinst_ok` was never spliced warning: rule prose `Blocktype_ok` was never spliced warning: rule prose `Blocktype_ok/typeidx` was never spliced warning: rule prose `Blocktype_ok/valtype` was never spliced @@ -1914,7 +1967,10 @@ warning: rule prose `Comptype_sub` was never spliced warning: rule prose `Comptype_sub/array` was never spliced warning: rule prose `Comptype_sub/func` was never spliced warning: rule prose `Comptype_sub/struct` was never spliced +warning: rule prose `Config_ok` was never spliced +warning: rule prose `Context_ok` was never spliced warning: rule prose `Data_ok` was never spliced +warning: rule prose `Datainst_ok` was never spliced warning: rule prose `Datamode_ok` was never spliced warning: rule prose `Datamode_ok/active` was never spliced warning: rule prose `Datamode_ok/passive` was never spliced @@ -1924,18 +1980,22 @@ warning: rule prose `Deftype_sub` was never spliced warning: rule prose `Deftype_sub/refl` was never spliced warning: rule prose `Deftype_sub/super` was never spliced warning: rule prose `Elem_ok` was never spliced +warning: rule prose `Eleminst_ok` was never spliced warning: rule prose `Elemmode_ok` was never spliced warning: rule prose `Elemmode_ok/active` was never spliced warning: rule prose `Elemmode_ok/declare` was never spliced warning: rule prose `Elemmode_ok/passive` was never spliced warning: rule prose `Eval_expr` was never spliced +warning: rule prose `Exninst_ok` was never spliced warning: rule prose `Expand` was never spliced warning: rule prose `Expand_use` was never spliced warning: rule prose `Expand_use/deftype` was never spliced warning: rule prose `Expand_use/typeidx` was never spliced warning: rule prose `Export_ok` was never spliced +warning: rule prose `Exportinst_ok` was never spliced warning: rule prose `Expr_const` was never spliced warning: rule prose `Expr_ok` was never spliced +warning: rule prose `Expr_ok2` was never spliced warning: rule prose `Externaddr_ok` was never spliced warning: rule prose `Externaddr_ok/func` was never spliced warning: rule prose `Externaddr_ok/global` was never spliced @@ -1965,8 +2025,14 @@ warning: rule prose `Fieldtype_ok` was never spliced warning: rule prose `Fieldtype_sub` was never spliced warning: rule prose `Fieldtype_sub/const` was never spliced warning: rule prose `Fieldtype_sub/var` was never spliced +warning: rule prose `Fieldval_ok` was never spliced +warning: rule prose `Fieldval_ok/packval` was never spliced +warning: rule prose `Fieldval_ok/val` was never spliced +warning: rule prose `Frame_ok` was never spliced warning: rule prose `Func_ok` was never spliced +warning: rule prose `Funcinst_ok` was never spliced warning: rule prose `Global_ok` was never spliced +warning: rule prose `Globalinst_ok` was never spliced warning: rule prose `Globals_ok` was never spliced warning: rule prose `Globals_ok/cons` was never spliced warning: rule prose `Globals_ok/empty` was never spliced @@ -1976,6 +2042,7 @@ warning: rule prose `Globaltype_sub/const` was never spliced warning: rule prose `Globaltype_sub/var` was never spliced warning: rule prose `Heaptype_ok` was never spliced warning: rule prose `Heaptype_ok/abs` was never spliced +warning: rule prose `Heaptype_ok/bot` was never spliced warning: rule prose `Heaptype_ok/typeuse` was never spliced warning: rule prose `Heaptype_sub` was never spliced warning: rule prose `Heaptype_sub/array` was never spliced @@ -1994,6 +2061,12 @@ warning: rule prose `Heaptype_sub/struct` was never spliced warning: rule prose `Heaptype_sub/trans` was never spliced warning: rule prose `Heaptype_sub/typeidx` was never spliced warning: rule prose `Idctxt_ok` was never spliced +warning: rule prose `ImmutReachable` was never spliced +warning: rule prose `ImmutReachable/ref.array` was never spliced +warning: rule prose `ImmutReachable/ref.exn` was never spliced +warning: rule prose `ImmutReachable/ref.extern` was never spliced +warning: rule prose `ImmutReachable/ref.struct` was never spliced +warning: rule prose `ImmutReachable/trans` was never spliced warning: rule prose `Import_ok` was never spliced warning: rule prose `Instr_const` was never spliced warning: rule prose `Instr_const/any.convert_extern` was never spliced @@ -2124,11 +2197,23 @@ warning: rule prose `Instr_ok/vvbinop` was never spliced warning: rule prose `Instr_ok/vvternop` was never spliced warning: rule prose `Instr_ok/vvtestop` was never spliced warning: rule prose `Instr_ok/vvunop` was never spliced +warning: rule prose `Instr_ok2` was never spliced +warning: rule prose `Instr_ok2/frame` was never spliced +warning: rule prose `Instr_ok2/handler` was never spliced +warning: rule prose `Instr_ok2/label` was never spliced +warning: rule prose `Instr_ok2/plain` was never spliced +warning: rule prose `Instr_ok2/ref` was never spliced +warning: rule prose `Instr_ok2/trap` was never spliced warning: rule prose `Instrs_ok` was never spliced warning: rule prose `Instrs_ok/empty` was never spliced warning: rule prose `Instrs_ok/frame` was never spliced warning: rule prose `Instrs_ok/seq` was never spliced warning: rule prose `Instrs_ok/sub` was never spliced +warning: rule prose `Instrs_ok2` was never spliced +warning: rule prose `Instrs_ok2/empty` was never spliced +warning: rule prose `Instrs_ok2/frame` was never spliced +warning: rule prose `Instrs_ok2/seq` was never spliced +warning: rule prose `Instrs_ok2/sub` was never spliced warning: rule prose `Instrtype_ok` was never spliced warning: rule prose `Instrtype_sub` was never spliced warning: rule prose `Limits_ok` was never spliced @@ -2138,12 +2223,19 @@ warning: rule prose `Limits_sub/max` was never spliced warning: rule prose `Local_ok` was never spliced warning: rule prose `Local_ok/set` was never spliced warning: rule prose `Local_ok/unset` was never spliced +warning: rule prose `Localtype_ok` was never spliced +warning: rule prose `Localval_ok` was never spliced +warning: rule prose `Localval_ok/set` was never spliced +warning: rule prose `Localval_ok/unset` was never spliced warning: rule prose `Mem_ok` was never spliced warning: rule prose `Memarg_ok` was never spliced +warning: rule prose `Meminst_ok` was never spliced warning: rule prose `Memtype_ok` was never spliced warning: rule prose `Memtype_sub` was never spliced warning: rule prose `Module_ok` was never spliced +warning: rule prose `Moduleinst_ok` was never spliced warning: rule prose `Nondefaultable` was never spliced +warning: rule prose `NotImmutReachable` was never spliced warning: rule prose `NotationTypingInstrScheme` was never spliced warning: rule prose `NotationTypingInstrScheme/block` was never spliced warning: rule prose `NotationTypingInstrScheme/global.get` was never spliced @@ -2153,6 +2245,7 @@ warning: rule prose `Numtype_ok` was never spliced warning: rule prose `Numtype_sub` was never spliced warning: rule prose `Packtype_ok` was never spliced warning: rule prose `Packtype_sub` was never spliced +warning: rule prose `Packval_ok` was never spliced warning: rule prose `Rectype_ok` was never spliced warning: rule prose `Rectype_ok/cons` was never spliced warning: rule prose `Rectype_ok/empty` was never spliced @@ -2176,6 +2269,7 @@ warning: rule prose `Reftype_sub/null` was never spliced warning: rule prose `Resulttype_ok` was never spliced warning: rule prose `Resulttype_sub` was never spliced warning: rule prose `Start_ok` was never spliced +warning: rule prose `State_ok` was never spliced warning: rule prose `Step/array.new_fixed` was never spliced warning: rule prose `Step/array.set` was never spliced warning: rule prose `Step/data.drop` was never spliced @@ -2302,12 +2396,16 @@ warning: rule prose `Storagetype_ok/val` was never spliced warning: rule prose `Storagetype_sub` was never spliced warning: rule prose `Storagetype_sub/pack` was never spliced warning: rule prose `Storagetype_sub/val` was never spliced +warning: rule prose `Store_ok` was never spliced +warning: rule prose `Structinst_ok` was never spliced warning: rule prose `Subtype_ok` was never spliced warning: rule prose `Subtype_ok2` was never spliced warning: rule prose `Table_ok` was never spliced +warning: rule prose `Tableinst_ok` was never spliced warning: rule prose `Tabletype_ok` was never spliced warning: rule prose `Tabletype_sub` was never spliced warning: rule prose `Tag_ok` was never spliced +warning: rule prose `Taginst_ok` was never spliced warning: rule prose `Tagtype_ok` was never spliced warning: rule prose `Tagtype_sub` was never spliced warning: rule prose `Type_ok` was never spliced @@ -2352,6 +2450,7 @@ warning: definition prose `NULLEXNREF` was never spliced warning: definition prose `NULLEXTERNREF` was never spliced warning: definition prose `NULLFUNCREF` was never spliced warning: definition prose `NULLREF` was never spliced +warning: definition prose `NotImmutReachable` was never spliced warning: definition prose `STRUCTREF` was never spliced warning: definition prose `add_arrayinst` was never spliced warning: definition prose `add_exninst` was never spliced From c26ec13f1c1335f137dffc7456c788561f8829cf Mon Sep 17 00:00:00 2001 From: DJ Date: Wed, 22 Apr 2026 17:13:04 +0900 Subject: [PATCH 12/15] Automate recursive detection of validation rules --- spectec/src/backend-prose/gen.ml | 70 +++++++++++++++++++++++--------- 1 file changed, 51 insertions(+), 19 deletions(-) diff --git a/spectec/src/backend-prose/gen.ml b/spectec/src/backend-prose/gen.ml index a6631d7c65..88554c4bf4 100644 --- a/spectec/src/backend-prose/gen.ml +++ b/spectec/src/backend-prose/gen.ml @@ -34,18 +34,6 @@ let flatten_rec def = | Ast.RecD defs -> defs | _ -> [ def ] -(* List of relation names that appear in the prose of the validation rules *) -let validation_helper_relations = [ - "Expand"; - "Expand_use"; - "ImmutReachable"; - "NotImmutReachable" -] -let is_validation_helper_relation def = - match def.it with - | Ast.RelD (id, _, _, _, _) -> - List.mem id.it validation_helper_relations - | _ -> false (* NOTE: Assume validation relation is `|-` *) let is_validation_relation def = match def.it with @@ -53,17 +41,60 @@ let is_validation_relation def = List.exists (List.exists (fun atom -> atom.it = Atom.Turnstile)) (Mixop.flatten mixop) | _ -> false -let extract_validation_il il = - il - |> List.concat_map flatten_rec - |> List.filter - (fun rel -> is_validation_relation rel || is_validation_helper_relation rel) +let rec dependent_rel_id_of_prem prem = + match prem.it with + | Ast.RulePr (id, _, _, _) -> [id] + | Ast.IterPr (prem', _) -> dependent_rel_id_of_prem prem' + | _ -> [] + +let dependent_rel_ids_of_rule rule = + match rule.it with + | Ast.RuleD (_, _, _, _, prems) -> List.concat_map dependent_rel_id_of_prem prems + +let dependent_rel_ids_of_rel rel = + match rel.it with + | Ast.RelD (_, _, _, _, rules) -> List.concat_map dependent_rel_ids_of_rule rules + | _ -> [] let rel_has_id id rel = match rel.it with - | Ast.RelD (id', _, _, _, _) -> id.it = id'.it + | Ast.RelD (id', _, _, _, _) -> Eq.eq_id id id' | _ -> false +let id_to_rel rels id = + List.find (rel_has_id id) rels + +let rec dedup ids = + match ids with + | [] -> [] + | hd :: tl -> + let tl' = List.filter (fun id -> not (Eq.eq_id hd id)) tl in + hd :: dedup tl' + +let extract_validation_il il = + let all_rels = List.concat_map flatten_rec il in + let validation_rels = List.filter is_validation_relation all_rels in + + (* Expand according to the premise dependency *) + let rec expand prev_rels new_rels = + let rels = new_rels @ prev_rels in + let is_new_rel_id id = List.for_all (Fun.negate (rel_has_id id)) rels in + + match new_rels with + | [] -> rels + | _ -> + let prem_rels = + new_rels + |> List.concat_map dependent_rel_ids_of_rel + |> dedup + |> List.filter is_new_rel_id + |> List.map (id_to_rel all_rels) + in + expand rels prem_rels + in + + expand [] validation_rels + let extract_prose_hint hintexp = match hintexp.it with | El.Ast.TextE hint -> Some hint @@ -293,7 +324,8 @@ let rec prem_to_instrs prem = let rel = match List.find_opt (rel_has_id id) !Langs.validation_il with | Some rel -> rel - | None -> failwith ("Unknown relation id: " ^ id.it) + | None -> failwith ( + Printf.sprintf "The relation %s is supposed to be included in `validation_il`. Hint: Plese fix `extract_validation_il`." id.it) in let frees = (Free.free_prem prem).varid in let args = exp_to_argexpr e in From c9874b1dcc8a12f8177f414d5388470f7dca250a Mon Sep 17 00:00:00 2001 From: DJ Date: Wed, 22 Apr 2026 18:38:36 +0900 Subject: [PATCH 13/15] Update test --- spectec/test-prose/TEST.md | 323 +++++++++--------------------------- spectec/test-splice/TEST.md | 6 - 2 files changed, 81 insertions(+), 248 deletions(-) diff --git a/spectec/test-prose/TEST.md b/spectec/test-prose/TEST.md index 3f2b18735f..c57d464d93 100644 --- a/spectec/test-prose/TEST.md +++ b/spectec/test-prose/TEST.md @@ -13748,35 +13748,81 @@ spectec 0.5 generator -The number type :math:`{\mathit{numtype}}` is always :ref:`valid `. +The :ref:`expansion ` of :math:`{\mathit{deftype}}` is :math:`{\mathit{comptype}}` if: + * The composite type :math:`{\mathrm{expand}}({\mathit{deftype}})` is of the form :math:`{\mathit{comptype}}`. -The vector type :math:`{\mathit{vectype}}` is always :ref:`valid `. +The :ref:`expansion ` of :math:`C` is :math:`{\mathit{comptype}}` if: -The packed type :math:`{\mathit{packtype}}` is always :ref:`valid `. + * Either: + + * The type use :math:`{\mathit{typeuse}}` is of the form :math:`{\mathit{deftype}}`. + * The :ref:`expansion ` of :math:`{\mathit{deftype}}` is :math:`{\mathit{comptype}}`. + * Or: + * The type use :math:`{\mathit{typeuse}}` is of the form :math:`{\mathit{typeidx}}`. -The packed type :math:`{\mathit{packtype}}` :ref:`matches ` only itself. + * The type :math:`C{.}\mathsf{types}{}[{\mathit{typeidx}}]` exists. + * The :ref:`expansion ` of :math:`C{.}\mathsf{types}{}[{\mathit{typeidx}}]` is :math:`{\mathit{comptype}}`. -The number type :math:`{\mathit{numtype}}` :ref:`matches ` only itself. +The :ref:`expansion ` of :math:`C` is :math:`{\mathit{comptype}}` if: + * The :ref:`expansion ` of :math:`{\mathit{deftype}}` is :math:`{\mathit{comptype}}`. -The :ref:`expansion ` of :math:`{\mathit{deftype}}` is :math:`{\mathit{comptype}}` if: - * The composite type :math:`{\mathrm{expand}}({\mathit{deftype}})` is of the form :math:`{\mathit{comptype}}`. + +The :ref:`expansion ` of :math:`C` is :math:`{\mathit{comptype}}` if: + + + * The type :math:`C{.}\mathsf{types}{}[{\mathit{typeidx}}]` exists. + + * The :ref:`expansion ` of :math:`C{.}\mathsf{types}{}[{\mathit{typeidx}}]` is :math:`{\mathit{comptype}}`. + + + + +:math:`{\mathit{fv}}_2` is not immutably reachable from :math:`{\mathit{fv}}_1` if: + + + * NotImmutReachable(:math:`{\mathit{fv}}_1`, :math:`s`, :math:`{\mathit{fv}}_2`) is true. + + + + +The number type :math:`{\mathit{numtype}}` is always :ref:`valid `. + + + + +The vector type :math:`{\mathit{vectype}}` is always :ref:`valid `. + + + + +The packed type :math:`{\mathit{packtype}}` is always :ref:`valid `. + + + + +The packed type :math:`{\mathit{packtype}}` :ref:`matches ` only itself. + + + + +The number type :math:`{\mathit{numtype}}` :ref:`matches ` only itself. @@ -14685,44 +14731,6 @@ The instruction type :math:`{t_1^\ast}~{\rightarrow}_{{x^\ast}}\,{t_2^\ast}` is -The :ref:`expansion ` of :math:`C` is :math:`{\mathit{comptype}}` if: - - - * Either: - - * The type use :math:`{\mathit{typeuse}}` is of the form :math:`{\mathit{deftype}}`. - - * The :ref:`expansion ` of :math:`{\mathit{deftype}}` is :math:`{\mathit{comptype}}`. - - * Or: - - * The type use :math:`{\mathit{typeuse}}` is of the form :math:`{\mathit{typeidx}}`. - - * The type :math:`C{.}\mathsf{types}{}[{\mathit{typeidx}}]` exists. - - * The :ref:`expansion ` of :math:`C{.}\mathsf{types}{}[{\mathit{typeidx}}]` is :math:`{\mathit{comptype}}`. - - - - -The :ref:`expansion ` of :math:`C` is :math:`{\mathit{comptype}}` if: - - - * The :ref:`expansion ` of :math:`{\mathit{deftype}}` is :math:`{\mathit{comptype}}`. - - - - -The :ref:`expansion ` of :math:`C` is :math:`{\mathit{comptype}}` if: - - - * The type :math:`C{.}\mathsf{types}{}[{\mathit{typeidx}}]` exists. - - * The :ref:`expansion ` of :math:`C{.}\mathsf{types}{}[{\mathit{typeidx}}]` is :math:`{\mathit{comptype}}`. - - - - The sub type :math:`(\mathsf{sub}~{\mathsf{final}^?}~{x^\ast}~{\mathit{comptype}})` is :ref:`valid ` for the type index :math:`x_0` if: @@ -18182,120 +18190,6 @@ The exception instance :math:`\{ \mathsf{tag}~{\mathit{ta}},\;\allowbreak \maths -:math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}}_1` if: - - - * Either: - - * :math:`{\mathit{fv}'}` is immutably reachable from :math:`{\mathit{fv}}_1`. - - * :math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}'}`. - - * Or: - - * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}struct}~a)`. - - * The field value :math:`{\mathit{fv}}_2` is of the form :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]`. - - * The field value :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]` exists. - - * The structure instance :math:`s{.}\mathsf{structs}{}[a]` exists. - - * The :ref:`expansion ` of :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{struct}~{{\mathit{ft}}^\ast})`. - - * The length of :math:`{{\mathit{ft}}^\ast}` is greater than :math:`i`. - - * The field type :math:`{{\mathit{ft}}^\ast}{}[i]` is of the form :math:`(\epsilon~{\mathit{zt}})`. - * Or: - - * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}array}~a)`. - - * The field value :math:`{\mathit{fv}}_2` is of the form :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]`. - - * The field value :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]` exists. - - * The array instance :math:`s{.}\mathsf{arrays}{}[a]` exists. - - * The :ref:`expansion ` of :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{array}~(\epsilon~{\mathit{zt}}))`. - * Or: - - * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}exn}~a)`. - - * The field value :math:`{\mathit{fv}}_2` is of the form :math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]`. - - * The value :math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]` exists. - - * The exception instance :math:`s{.}\mathsf{exns}{}[a]` exists. - * Or: - - * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}extern}~{\mathit{ref}})`. - - * The field value :math:`{\mathit{fv}}_2` is of the form :math:`{\mathit{ref}}`. - - - - -:math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}}_1` if: - - - * :math:`{\mathit{fv}'}` is immutably reachable from :math:`{\mathit{fv}}_1`. - - * :math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}'}`. - - - - -:math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]` is immutably reachable from :math:`(\mathsf{ref{.}struct}~a)` if: - - - * The field value :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]` exists. - - * The structure instance :math:`s{.}\mathsf{structs}{}[a]` exists. - - * The :ref:`expansion ` of :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{struct}~{{\mathit{ft}}^\ast})`. - - * The length of :math:`{{\mathit{ft}}^\ast}` is greater than :math:`i`. - - * The field type :math:`{{\mathit{ft}}^\ast}{}[i]` is of the form :math:`(\epsilon~{\mathit{zt}})`. - - - - -:math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]` is immutably reachable from :math:`(\mathsf{ref{.}array}~a)` if: - - - * The field value :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]` exists. - - * The array instance :math:`s{.}\mathsf{arrays}{}[a]` exists. - - * The :ref:`expansion ` of :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{array}~(\epsilon~{\mathit{zt}}))`. - - - - -:math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]` is immutably reachable from :math:`(\mathsf{ref{.}exn}~a)` if: - - - * The value :math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]` exists. - - * The exception instance :math:`s{.}\mathsf{exns}{}[a]` exists. - - - - -:math:`{\mathit{ref}}` is immutably reachable from :math:`(\mathsf{ref{.}extern}~{\mathit{ref}})`. - - - - -:math:`{\mathit{fv}}_2` is not immutably reachable from :math:`{\mathit{fv}}_1` if: - - - * NotImmutReachable(:math:`{\mathit{fv}}_1`, :math:`s`, :math:`{\mathit{fv}}_2`) is true. - - - - The store :math:`s` is :ref:`valid ` if: @@ -27641,6 +27535,33 @@ spectec 0.5 generator == IL Validation after pass sideconditions... == Translating to AL... == Prose Generation... +Expand +- The :ref:`expansion ` of deftype is comptype if: + - the composite type $expanddt(deftype) is comptype. + +Expand_use +- The :ref:`expansion ` of C is comptype if: + - Either: + - the type use typeuse is deftype. + - The :ref:`expansion ` of deftype is comptype. + - Or: + - typeuse is (_IDX typeidx). + - the type C.TYPES[typeidx] exists. + - The :ref:`expansion ` of C.TYPES[typeidx] is comptype. + +Expand_use/deftype +- The :ref:`expansion ` of C is comptype if: + - The :ref:`expansion ` of deftype is comptype. + +Expand_use/typeidx +- The :ref:`expansion ` of C is comptype if: + - the type C.TYPES[typeidx] exists. + - The :ref:`expansion ` of C.TYPES[typeidx] is comptype. + +NotImmutReachable +- fv_2 is not immutably reachable from fv_1 if: + - $NotImmutReachable(fv_1, s, fv_2) is true. + Numtype_ok - the number type numtype is always valid. @@ -27656,12 +27577,8 @@ Packtype_sub Numtype_sub - numtype matches only itself. -Expand -- The :ref:`expansion ` of deftype is comptype if: - - the composite type $expanddt(deftype) is comptype. - Vectype_sub -- the vector type vectype matches only itself. +- vectype matches only itself. Heaptype_ok - the heap type heaptype is valid if: @@ -28130,25 +28047,6 @@ Instrtype_ok - For all x in x*: - the local C.LOCALS[x] exists. -Expand_use -- The :ref:`expansion ` of C is comptype if: - - Either: - - the type use typeuse is deftype. - - The :ref:`expansion ` of deftype is comptype. - - Or: - - typeuse is (_IDX typeidx). - - the type C.TYPES[typeidx] exists. - - The :ref:`expansion ` of C.TYPES[typeidx] is comptype. - -Expand_use/deftype -- The :ref:`expansion ` of C is comptype if: - - The :ref:`expansion ` of deftype is comptype. - -Expand_use/typeidx -- The :ref:`expansion ` of C is comptype if: - - the type C.TYPES[typeidx] exists. - - The :ref:`expansion ` of C.TYPES[typeidx] is comptype. - Subtype_ok - the sub type (SUB FINAL? (_IDX x)* comptype) is valid for the type index (OK x_0) if: - |x*| is less than or equal to 1. @@ -29930,65 +29828,6 @@ Exninst_ok - For all t in t*, and corresponding val in val*: - the value val is valid with the value type t. -ImmutReachable -- fv_2 is immutably reachable from fv_1 if: - - Either: - - fv' is immutably reachable from fv_1. - - fv_2 is immutably reachable from fv'. - - Or: - - the field value fv_1 is (REF.STRUCT_ADDR a). - - the field value fv_2 is s.STRUCTS[a].FIELDS[i]. - - the field value s.STRUCTS[a].FIELDS[i] exists. - - the structure instance s.STRUCTS[a] exists. - - The :ref:`expansion ` of s.STRUCTS[a].TYPE is (STRUCT ft*). - - |ft*| is greater than i. - - the field type ft*[i] is (?() zt). - - Or: - - fv_1 is (REF.ARRAY_ADDR a). - - fv_2 is s.ARRAYS[a].FIELDS[i]. - - the field value s.ARRAYS[a].FIELDS[i] exists. - - the array instance s.ARRAYS[a] exists. - - The :ref:`expansion ` of s.ARRAYS[a].TYPE is (ARRAY (?() zt)). - - Or: - - fv_1 is (REF.EXN_ADDR a). - - fv_2 is s.EXNS[a].FIELDS[i]. - - the value s.EXNS[a].FIELDS[i] exists. - - the exception instance s.EXNS[a] exists. - - Or: - - fv_1 is (REF.EXTERN ref). - - fv_2 is ref. - -ImmutReachable/trans -- fv_2 is immutably reachable from fv_1 if: - - fv' is immutably reachable from fv_1. - - fv_2 is immutably reachable from fv'. - -ImmutReachable/ref.struct -- s.STRUCTS[a].FIELDS[i] is immutably reachable from (REF.STRUCT_ADDR a) if: - - the field value s.STRUCTS[a].FIELDS[i] exists. - - the structure instance s.STRUCTS[a] exists. - - The :ref:`expansion ` of s.STRUCTS[a].TYPE is (STRUCT ft*). - - |ft*| is greater than i. - - the field type ft*[i] is (?() zt). - -ImmutReachable/ref.array -- s.ARRAYS[a].FIELDS[i] is immutably reachable from (REF.ARRAY_ADDR a) if: - - the field value s.ARRAYS[a].FIELDS[i] exists. - - the array instance s.ARRAYS[a] exists. - - The :ref:`expansion ` of s.ARRAYS[a].TYPE is (ARRAY (?() zt)). - -ImmutReachable/ref.exn -- s.EXNS[a].FIELDS[i] is immutably reachable from (REF.EXN_ADDR a) if: - - the value s.EXNS[a].FIELDS[i] exists. - - the exception instance s.EXNS[a] exists. - -ImmutReachable/ref.extern -- ref is immutably reachable from (REF.EXTERN ref). - -NotImmutReachable -- fv_2 is not immutably reachable from fv_1 if: - - $NotImmutReachable(fv_1, s, fv_2) is true. - Store_ok - the store s is valid if: - For all : diff --git a/spectec/test-splice/TEST.md b/spectec/test-splice/TEST.md index d666929f4e..c1b589a597 100644 --- a/spectec/test-splice/TEST.md +++ b/spectec/test-splice/TEST.md @@ -2061,12 +2061,6 @@ warning: rule prose `Heaptype_sub/struct` was never spliced warning: rule prose `Heaptype_sub/trans` was never spliced warning: rule prose `Heaptype_sub/typeidx` was never spliced warning: rule prose `Idctxt_ok` was never spliced -warning: rule prose `ImmutReachable` was never spliced -warning: rule prose `ImmutReachable/ref.array` was never spliced -warning: rule prose `ImmutReachable/ref.exn` was never spliced -warning: rule prose `ImmutReachable/ref.extern` was never spliced -warning: rule prose `ImmutReachable/ref.struct` was never spliced -warning: rule prose `ImmutReachable/trans` was never spliced warning: rule prose `Import_ok` was never spliced warning: rule prose `Instr_const` was never spliced warning: rule prose `Instr_const/any.convert_extern` was never spliced From d2aba6080ce0b8486e42fce085222d0045550eaa Mon Sep 17 00:00:00 2001 From: DJ Date: Mon, 27 Apr 2026 18:55:08 +0900 Subject: [PATCH 14/15] Add dependency through function calls in premise --- spectec/src/backend-prose/gen.ml | 92 +++++++++++++++++++++++++------- 1 file changed, 72 insertions(+), 20 deletions(-) diff --git a/spectec/src/backend-prose/gen.ml b/spectec/src/backend-prose/gen.ml index 88554c4bf4..b3787fb864 100644 --- a/spectec/src/backend-prose/gen.ml +++ b/spectec/src/backend-prose/gen.ml @@ -41,28 +41,70 @@ let is_validation_relation def = List.exists (List.exists (fun atom -> atom.it = Atom.Turnstile)) (Mixop.flatten mixop) | _ -> false +let pairwise_concat xyss = + (* [(xs1, ys1); (xs2, ys2)] ==> (xs1@xs2, ys1@ys2) *) + let xss, yss = List.split xyss in + List.concat xss, List.concat yss + +let pairwise_concat_map f xs = List.map f xs |> pairwise_concat + +(* dependent_rei_id_of_X: (x:X) -> (rel_id list, func_id list) *) + +let dependent_rel_id_of_exp exp = + let func_ids = ref [] in + let collect_func_call e = + (match e.it with + | Ast.CallE (id, _) -> func_ids := id :: !func_ids + | _ -> () + ); + e + in + + let open Il2al.Il_walk in + let transformer = { base_transformer with + transform_exp = collect_func_call; + } in + ignore (transform_exp transformer exp); + + [], !func_ids + let rec dependent_rel_id_of_prem prem = match prem.it with - | Ast.RulePr (id, _, _, _) -> [id] + | Ast.IfPr exp -> dependent_rel_id_of_exp exp + | Ast.LetPr (exp1, exp2, _) -> pairwise_concat_map dependent_rel_id_of_exp [exp1; exp2] + | Ast.RulePr (id, _, _, exp) -> pairwise_concat [([id], []); dependent_rel_id_of_exp exp] | Ast.IterPr (prem', _) -> dependent_rel_id_of_prem prem' - | _ -> [] + | _ -> ([], []) -let dependent_rel_ids_of_rule rule = +let dependent_ids_of_rule rule = match rule.it with - | Ast.RuleD (_, _, _, _, prems) -> List.concat_map dependent_rel_id_of_prem prems + | Ast.RuleD (_, _, _, _, prems) -> pairwise_concat_map dependent_rel_id_of_prem prems -let dependent_rel_ids_of_rel rel = - match rel.it with - | Ast.RelD (_, _, _, _, rules) -> List.concat_map dependent_rel_ids_of_rule rules - | _ -> [] +let dependent_ids_of_clause clause = + match clause.it with + | Ast.DefD (_, _, _, prems) -> pairwise_concat_map dependent_rel_id_of_prem prems + +let dependent_ids_of_def def = + match def.it with + | Ast.RelD (_, _, _, _, rules) -> pairwise_concat_map dependent_ids_of_rule rules + | Ast.DecD (_, _, _, clauses) -> pairwise_concat_map dependent_ids_of_clause clauses + | _ -> ([], []) let rel_has_id id rel = match rel.it with | Ast.RelD (id', _, _, _, _) -> Eq.eq_id id id' | _ -> false -let id_to_rel rels id = - List.find (rel_has_id id) rels +let func_has_id id func = + match func.it with + | Ast.DecD (id', _, _, _) -> Eq.eq_id id id' + | _ -> false + +let id_to_rel defs id = + List.find (rel_has_id id) defs + +let id_to_func funcs id = + List.find (func_has_id id) funcs let rec dedup ids = match ids with @@ -72,28 +114,38 @@ let rec dedup ids = hd :: dedup tl' let extract_validation_il il = - let all_rels = List.concat_map flatten_rec il in - let validation_rels = List.filter is_validation_relation all_rels in + let all_defs = List.concat_map flatten_rec il in + let validation_rels = List.filter is_validation_relation all_defs in (* Expand according to the premise dependency *) - let rec expand prev_rels new_rels = + let rec expand (prev_rels, prev_funcs) (new_rels, new_funcs) = let rels = new_rels @ prev_rels in let is_new_rel_id id = List.for_all (Fun.negate (rel_has_id id)) rels in + let funcs = new_funcs @ prev_funcs in + let is_new_func_id id = List.for_all (Fun.negate (func_has_id id)) funcs in - match new_rels with + match new_rels @ new_funcs with | [] -> rels - | _ -> + | defs -> + let (rel_ids, func_ids) = pairwise_concat_map dependent_ids_of_def defs in + let prem_rels = - new_rels - |> List.concat_map dependent_rel_ids_of_rel + rel_ids |> dedup |> List.filter is_new_rel_id - |> List.map (id_to_rel all_rels) + |> List.map (id_to_rel all_defs) in - expand rels prem_rels + let prem_funcs = + func_ids + |> dedup + |> List.filter is_new_func_id + |> List.map (id_to_func all_defs) + in + + expand (rels, funcs) (prem_rels, prem_funcs) in - expand [] validation_rels + expand ([], []) (validation_rels, []) let extract_prose_hint hintexp = match hintexp.it with From 8f10f66d90dcac71ac6a4ff3d9d4df5d5f0f9253 Mon Sep 17 00:00:00 2001 From: DJ Date: Mon, 27 Apr 2026 18:55:54 +0900 Subject: [PATCH 15/15] Update test --- spectec/test-prose/TEST.md | 161 +++++++++++++++++++++++++++++++++++++ 1 file changed, 161 insertions(+) diff --git a/spectec/test-prose/TEST.md b/spectec/test-prose/TEST.md index c57d464d93..89acffe57c 100644 --- a/spectec/test-prose/TEST.md +++ b/spectec/test-prose/TEST.md @@ -13748,6 +13748,112 @@ spectec 0.5 generator +:math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}}_1` if: + + + * Either: + + * :math:`{\mathit{fv}'}` is immutably reachable from :math:`{\mathit{fv}}_1`. + + * :math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}'}`. + + * Or: + + * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}struct}~a)`. + + * The field value :math:`{\mathit{fv}}_2` is of the form :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]`. + + * The field value :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]` exists. + + * The structure instance :math:`s{.}\mathsf{structs}{}[a]` exists. + + * The :ref:`expansion ` of :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{struct}~{{\mathit{ft}}^\ast})`. + + * The length of :math:`{{\mathit{ft}}^\ast}` is greater than :math:`i`. + + * The field type :math:`{{\mathit{ft}}^\ast}{}[i]` is of the form :math:`(\epsilon~{\mathit{zt}})`. + * Or: + + * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}array}~a)`. + + * The field value :math:`{\mathit{fv}}_2` is of the form :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]`. + + * The field value :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]` exists. + + * The array instance :math:`s{.}\mathsf{arrays}{}[a]` exists. + + * The :ref:`expansion ` of :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{array}~(\epsilon~{\mathit{zt}}))`. + * Or: + + * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}exn}~a)`. + + * The field value :math:`{\mathit{fv}}_2` is of the form :math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]`. + + * The value :math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]` exists. + + * The exception instance :math:`s{.}\mathsf{exns}{}[a]` exists. + * Or: + + * The field value :math:`{\mathit{fv}}_1` is of the form :math:`(\mathsf{ref{.}extern}~{\mathit{ref}})`. + + * The field value :math:`{\mathit{fv}}_2` is of the form :math:`{\mathit{ref}}`. + + + + +:math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}}_1` if: + + + * :math:`{\mathit{fv}'}` is immutably reachable from :math:`{\mathit{fv}}_1`. + + * :math:`{\mathit{fv}}_2` is immutably reachable from :math:`{\mathit{fv}'}`. + + + + +:math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]` is immutably reachable from :math:`(\mathsf{ref{.}struct}~a)` if: + + + * The field value :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{fields}{}[i]` exists. + + * The structure instance :math:`s{.}\mathsf{structs}{}[a]` exists. + + * The :ref:`expansion ` of :math:`s{.}\mathsf{structs}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{struct}~{{\mathit{ft}}^\ast})`. + + * The length of :math:`{{\mathit{ft}}^\ast}` is greater than :math:`i`. + + * The field type :math:`{{\mathit{ft}}^\ast}{}[i]` is of the form :math:`(\epsilon~{\mathit{zt}})`. + + + + +:math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]` is immutably reachable from :math:`(\mathsf{ref{.}array}~a)` if: + + + * The field value :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{fields}{}[i]` exists. + + * The array instance :math:`s{.}\mathsf{arrays}{}[a]` exists. + + * The :ref:`expansion ` of :math:`s{.}\mathsf{arrays}{}[a]{.}\mathsf{type}` is :math:`(\mathsf{array}~(\epsilon~{\mathit{zt}}))`. + + + + +:math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]` is immutably reachable from :math:`(\mathsf{ref{.}exn}~a)` if: + + + * The value :math:`s{.}\mathsf{exns}{}[a]{.}\mathsf{fields}{}[i]` exists. + + * The exception instance :math:`s{.}\mathsf{exns}{}[a]` exists. + + + + +:math:`{\mathit{ref}}` is immutably reachable from :math:`(\mathsf{ref{.}extern}~{\mathit{ref}})`. + + + + The :ref:`expansion ` of :math:`{\mathit{deftype}}` is :math:`{\mathit{comptype}}` if: @@ -27535,6 +27641,61 @@ spectec 0.5 generator == IL Validation after pass sideconditions... == Translating to AL... == Prose Generation... +ImmutReachable +- fv_2 is immutably reachable from fv_1 if: + - Either: + - fv' is immutably reachable from fv_1. + - fv_2 is immutably reachable from fv'. + - Or: + - the field value fv_1 is (REF.STRUCT_ADDR a). + - the field value fv_2 is s.STRUCTS[a].FIELDS[i]. + - the field value s.STRUCTS[a].FIELDS[i] exists. + - the structure instance s.STRUCTS[a] exists. + - The :ref:`expansion ` of s.STRUCTS[a].TYPE is (STRUCT ft*). + - |ft*| is greater than i. + - the field type ft*[i] is (?() zt). + - Or: + - fv_1 is (REF.ARRAY_ADDR a). + - fv_2 is s.ARRAYS[a].FIELDS[i]. + - the field value s.ARRAYS[a].FIELDS[i] exists. + - the array instance s.ARRAYS[a] exists. + - The :ref:`expansion ` of s.ARRAYS[a].TYPE is (ARRAY (?() zt)). + - Or: + - fv_1 is (REF.EXN_ADDR a). + - fv_2 is s.EXNS[a].FIELDS[i]. + - the value s.EXNS[a].FIELDS[i] exists. + - the exception instance s.EXNS[a] exists. + - Or: + - fv_1 is (REF.EXTERN ref). + - fv_2 is ref. + +ImmutReachable/trans +- fv_2 is immutably reachable from fv_1 if: + - fv' is immutably reachable from fv_1. + - fv_2 is immutably reachable from fv'. + +ImmutReachable/ref.struct +- s.STRUCTS[a].FIELDS[i] is immutably reachable from (REF.STRUCT_ADDR a) if: + - the field value s.STRUCTS[a].FIELDS[i] exists. + - the structure instance s.STRUCTS[a] exists. + - The :ref:`expansion ` of s.STRUCTS[a].TYPE is (STRUCT ft*). + - |ft*| is greater than i. + - the field type ft*[i] is (?() zt). + +ImmutReachable/ref.array +- s.ARRAYS[a].FIELDS[i] is immutably reachable from (REF.ARRAY_ADDR a) if: + - the field value s.ARRAYS[a].FIELDS[i] exists. + - the array instance s.ARRAYS[a] exists. + - The :ref:`expansion ` of s.ARRAYS[a].TYPE is (ARRAY (?() zt)). + +ImmutReachable/ref.exn +- s.EXNS[a].FIELDS[i] is immutably reachable from (REF.EXN_ADDR a) if: + - the value s.EXNS[a].FIELDS[i] exists. + - the exception instance s.EXNS[a] exists. + +ImmutReachable/ref.extern +- ref is immutably reachable from (REF.EXTERN ref). + Expand - The :ref:`expansion ` of deftype is comptype if: - the composite type $expanddt(deftype) is comptype.