Add support for checking inductive types and constructors (rebased)#18
Merged
GasStationManager merged 3 commits intomainfrom Mar 6, 2026
Merged
Add support for checking inductive types and constructors (rebased)#18GasStationManager merged 3 commits intomainfrom
GasStationManager merged 3 commits intomainfrom
Conversation
added 3 commits
March 6, 2026 10:59
…om PR #7) - Add equivCtor to check constructor equivalence - Add equivInduct to check inductive type equivalence with constructor lookup - Add CheckFailure.inductCheck and CheckFailure.ctorCheck cases - Update processFileDeclarations to include inductive and constructor - Update checkTargets to handle inductives (with full hashmap lookup for constructors) - Constructor check added to Info.toFailureMode for simple cases Rebased onto current main (post file-split refactor).
Add import check in replayFile for submission files: - Reject files with empty imports (prelude files) - Warn if Init is not imported directly This prevents attacks where submissions use 'prelude' to redefine kernel types (e.g., False) and shadow allowed axiom names (e.g., propext) to prove anything.
Replaces the simple prelude check with a stronger import superset check. Submissions must import at least everything the target imports, preventing attacks that redefine types by omitting imports (e.g., redefining FermatLastTheorem := True by not importing Mathlib). - Add readImports helper to extract imports without full replay - Add checkImportSuperset that verifies every target import is present - Still catches prelude attack (empty imports) as a special case - Clear error messages listing missing imports
This was referenced Mar 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Rebased version of #7 onto current main (post file-split refactor).
Changes
equivCtorto check constructor equivalence (name, type, levelParams, induct, cidx, numParams, numFields, isUnsafe)equivInductto check inductive type equivalence, including checking each constructor viaequivCtorusing hashmap lookup functionsCheckFailure.inductCheckandCheckFailure.ctorCheckcasesprocessFileDeclarationsto include "inductive" and "constructor"checkTargetsto handle inductives (with full hashmap lookup for constructor verification)Info.toFailureModefor simple casesVerified
lake build✅lake build safe_verify✅Supersedes #7.