Skip to content

Add annotation support for trait methods and verify that implementations satisfy them #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
coeff-aij wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add annotation support for trait methods and verify that implementations satisfy them #25

coeff-aij wants to merge 3 commits into from
+169 −46

Conversation

@coeff-aij
Copy link
Collaborator

@coeff-aij coeff-aij commented Feb 1, 2026

This feature allows users to annotate trait methods with predicates. The Thrust verifies that the concrete implementations of those methods and their associated predicates satisfy the annotations given in trait.

  • Example
    The specification for A::double() is expressed through the annotations on Double::double().
    The method refers to the predicate Double::is_double(), whose concrete implementation is provided by A::is_double().
// A is represented as Tuple<Int> in SMT-LIB2 format.
struct A {
    x: i64,
}

trait Double {
    // Support annotations in trait definitions
    #[thrust::predicate]
    fn is_double(self, doubled: Self) -> bool;

    // This annotations are applied to all implementors of the `Double` trait.
    #[thrust::requires(true)]
    #[thrust::ensures(is_double(*self, ^self))]
    fn double(&mut self);
}

impl Double for A {
    // Write concrete definitions for predicates in `impl` blocks
    #[thrust::predicate]
    fn is_double(self, doubled: Self) -> bool {
        // (tuple_proj<Int>.0 self) is equivalent to self.x
        // self.x * 2 == doubled.x is written as following:
        "(=
            (* (tuple_proj<Int>.0 self) 2)
            (tuple_proj<Int>.0 doubled)
        )"; true
    }

    // Check if this method complies with annotations in
    // trait definition.
    fn double(&mut self) {
        self.x += self.x;
    }
}

coeff-aij
coeff-aij commented Feb 1, 2026
View reviewed changes
src/analyze/local_def.rs Outdated
Comment on lines 287 to 290
if let Some(trait_item_id) = self.get_trait_item(){
tracing::info!("trait item fonud: {}", self.tcx.item_name(trait_item_id.into()).to_string());
let trait_require_annot = self.extract_require_annot(trait_item_id.into(), &param_resolver);
let trait_ensure_annot = self.extract_ensure_annot(trait_item_id.into(), &result_param_resolver);
Copy link
Collaborator Author

@coeff-aij coeff-aij Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can't create new instance of Analyzer for method definitions in trait because they don't appear in MIR. I have extended the self.extract_*_annot() so that they can analyze any definitions not only the one identified by self.local_def_id. This implementation works, but it could be refactored for a clearer architecture.

Copy link
Owner

@coord-e coord-e Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have extended the self.extract_*_annot() so that they can analyze any definitions not only the one identified by self.local_def_id. This implementation works, but it could be refactored for a clearer architecture.

Cool, could you move these extract_*_annot() functions that take DefId to analyze::Analyzer? I'm putting utilities that need tcx and aren't bound to crates, local defs, or basic blocks into analyze::Analyzer.

@coeff-aij coeff-aij requested a review from coord-e February 1, 2026 14:36
@coeff-aij coeff-aij marked this pull request as ready for review February 1, 2026 14:37
@coeff-aij
Copy link
Collaborator Author

coeff-aij commented Feb 1, 2026

We also need to verify that every predicate implementation defined in a trait is annotated with the #[thrust::predicate] attribute. (But I will postpone the implementation of this check for now.)

coord-e
coord-e reviewed Feb 2, 2026
View reviewed changes
coord-e
coord-e reviewed Feb 2, 2026
View reviewed changes
coeff-aij and others added 2 commits February 3, 2026 15:29
@coeff-aij
add: tests for annotations in traits
4c67ff5
@coeff-aij @coord-e
add: reference trait-side definitions for require/ensure annotations of
87d818c 
functions in impl blocks

Update src/analyze/local_def.rs

Co-authored-by: Hiromi Ogawa <me@coord-e.com>
@coeff-aij
Copy link
Collaborator Author

coeff-aij commented Feb 3, 2026

I've addressed your review comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coord-e coord-e coord-e left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@coeff-aij @coord-e