Skip to content

FEAT-049 (v3.0): Component-Model handle-state / use-after-drop (REQ-003, MF-007)#88

Merged
avrabe merged 1 commit into
mainfrom
feat-049-handle-state
Jul 1, 2026
Merged

FEAT-049 (v3.0): Component-Model handle-state / use-after-drop (REQ-003, MF-007)#88
avrabe merged 1 commit into
mainfrom
feat-049-handle-state

Conversation

@avrabe

@avrabe avrabe commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

The moat — scry becomes the first sound analyzer to model Component-Model
resource-handle lifetimes (MF-007, the uncontested green field).

What lands

  • New crate scry-sai-handle (zero-dep, #![no_std]) — an affine
    handle-state lattice (Alive/Dropped/Top over concrete {alive,dropped})
    with drop/use transitions. γ-sweep asserts the lattice laws + transition
    soundness; admit-free Rocq proofs/rocq/Handle.v (verified locally with
    coqc — no Stdlib deps).
  • Analyzer compute_handle_findings: tracks each local's handle state across
    the canonical-ABI call sites — imports named [resource-drop] (drop),
    [method]/[resource-rep] (use) — and reports definite use-after-drop /
    double-drop faults on AnalysisResult.handle_findings. Straight-line and
    conservative at control flow (locals widen to Top = "maybe dropped" at any
    branch/merge, so a definite fault is never reported across paths).
  • scry-viz handle-faults panel.

Soundness claim (falsifiable)

A reported use-after-drop / double-drop is a DEFINITE fault: on the reported
path the handle is provably Dropped at the site. Correct owned/borrowed
lifetimes raise no finding (no false report). FALSE if any finding is
emitted for a handle that is not provably dropped at the site, or if a
straight-line drop-then-use goes unreported.

handle 6 / core 86 / viz 17 tests green; clippy + fmt clean; rivet validate
PASS. WIT mirror + frozen v1 JSON contract unchanged.

🤖 Generated with Claude Code

…03, MF-007)

The uncontested green field (MF-007): scry becomes the first sound analyzer to
model Component-Model resource-handle lifetimes.

New zero-dep #![no_std] crate scry-sai-handle: an affine handle-state lattice
(Alive/Dropped/Top over concrete {alive,dropped}) with drop/use transitions.
γ-sweep asserts the lattice laws + transition soundness; admit-free Rocq
proofs/rocq/Handle.v mechanizes join/order/transition soundness (verified
locally with coqc — no Stdlib deps).

Analyzer: compute_handle_findings tracks each local's handle state across the
canonical-ABI call sites (imports named `[resource-drop]` = drop,
`[method]`/`[resource-rep]` = use — the ABI's own convention, read from
import_func_meta) and reports DEFINITE use-after-drop / double-drop faults,
surfaced library-only on AnalysisResult.handle_findings. Straight-line and
conservative at control flow (all locals widen to Top = "maybe dropped" at any
branch/merge, so a definite fault is never reported across paths) — sound in
the "no false report" direction the AC requires. scry-viz handle-faults panel.

New-crate wiring: workspace members+default-members, BUILD.bazel + dep in
scry-analyze-core, proofs/rocq/BUILD.bazel target, scripts/publish.rs
leaf-before-core. handle 6 / core 86 / viz 17 green, clippy + fmt clean,
rivet PASS.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

📐 rivet artifact delta

PR: #88 Base SHA: a074ca59

Validation

head — `rivet validate` result
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-7 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-8 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-9 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SYS-1 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-2 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-3 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-4 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-5 (system-req, status: accepted) — missing: sys-integration-verification
  → run `rivet validate --explain SR-1` to see which link type and source types satisfy a gap

Result: PASS (80 warnings)
Schemas: common@0.3.0 (embedded), dev@0.2.0 (embedded), research@0.1.0 (embedded), research-ext@0.1.0 (on-disk), safety-case@0.1.0 (embedded), aspice@0.2.0 (embedded)
base — `rivet validate` result (for comparison)
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-7 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-8 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SR-9 (sw-req, status: accepted) — missing: sw-integration-verification, unit-verification
      → a `sw-integration-verification` `verifies` `sw-arch-component` or `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-arch-component` or `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `sw-integration-verification`
      → a `unit-verification` `verifies` `sw-detail-design`, not `sw-req` directly — add an intermediate `sw-detail-design` that traces to this artifact and is `verifies`-linked by the `unit-verification`
  SYS-1 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-2 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-3 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-4 (system-req, status: accepted) — missing: sys-integration-verification
  SYS-5 (system-req, status: accepted) — missing: sys-integration-verification
  → run `rivet validate --explain SR-1` to see which link type and source types satisfy a gap

Result: PASS (80 warnings)
Schemas: common@0.3.0 (embedded), dev@0.2.0 (embedded), research@0.1.0 (embedded), research-ext@0.1.0 (on-disk), safety-case@0.1.0 (embedded), aspice@0.2.0 (embedded)

Artifact stats

base head
Total artifacts 203 203
full stats — head
Artifact summary:
  academic-reference               24
  competitive-analysis             11
  design-decision                  17
  feature                          58
  market-finding                    7
  requirement                      17
  safety-context                    3
  safety-goal                       5
  safety-justification              3
  safety-solution                   6
  safety-strategy                   1
  stakeholder-req                   3
  sw-req                           13
  sw-verification                  13
  sys-verification                  5
  system-req                        5
  technology-evaluation            12
  TOTAL                           203

Orphan artifacts (no links): 11
  CA-001
  CA-002
  CA-003
  CA-004
  CA-005
  CA-006
  CA-007
  CA-008
  CA-009
  CA-010
  CA-011

Diagnostics: 0 error(s), 80 warning(s), 16 info(s)

Diff (base → head)

~ FEAT-049
  status: - proposed -> + accepted

0 added, 0 removed, 1 modified, 202 unchanged

AADL model — head

spar/scry.aadl: OK

Posted by the rivet-delta workflow. Informational only — does not gate the PR.

@avrabe avrabe merged commit 13091c6 into main Jul 1, 2026
12 checks passed
@avrabe avrabe deleted the feat-049-handle-state branch July 1, 2026 06:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant