Skip to main content

Crate arkhe_subset_rust_check

Crate arkhe_subset_rust_check 

Source
Expand description

§arkhe-subset-rust-check — Subset-Rust Purity Lint (E14.L1-Deny)

AST-level purity check for Action::compute bodies (E14.L1 — Compute Determinism Closure, L1 realisation). Detects determinism- breaking calls — clock / RNG / I/O / FFI — and bans unsafe blocks inside the scanned function. Returns a list of PurityViolations.

Spec body terminology (cryptographer cross-review):

  • E14.L1-Deny — build-time AST deny-list (this crate).
  • E14.L2-Allow — runtime host-import allow-list (WASM capability table, arkhe:hook/{state, emit, fuel, ...}). The L2 allow-list is the inverse of this L1 deny-list — compute-internal → external communication has exactly one channel (the host imports).

The two layers paired is the dual enforcement of E14 determinism contract — non-deterministic inputs are rejected at L1 (clock / RNG / I/O / FFI / threading), non-deterministic operations at L2 (FP / SIMD / wasm-side threading).

§Crate shape

Mirrors the arkhe-trait-default-check precedent: a syn-based lib that runs on stable Rust, integrated via the #[arkhe_pure] attribute macro shipped from arkhe-forge-macros. The macro path catches violations at every cargo check. Coverage assertion (“every Action::compute has the attribute”) is delegated to a separate workspace-wide scan in arkhe-trait-default-check.

§Spec anchor

  • E14 Compute Determinism Closure (MC) — Runtime axiom layer.
  • E14.L1-Deny — L1 Action::compute realisation (this crate + #[arkhe_pure]).

Structs§

Policy
Purity policy — exact path deny, namespace prefix deny, and an unsafe-block ban. The default deny_compute_impurity policy covers the 4-rule deny scope (Clock + RNG + I/O + FFI).
PurityViolation
One purity violation — a forbidden call site, prefix-matched namespace access, or unsafe block inside the scanned function. Carries the matching deny-list entry plus a span label for diagnostic output.

Functions§

check_purity
Scan a function for E14.L1-Deny purity violations under policy.
check_purity_default
Convenience wrapper — scan with the default deny_compute_impurity policy.