Skip to main content

Z3ArmValidator

Struct Z3ArmValidator 

Source
pub struct Z3ArmValidator;
Expand description

Z3-backed validator for the WASM → ARM selection pattern.

For each call the validator:

  1. Allocates symbolic 32-bit inputs (a limb pair per i64 operand).
  2. Builds the WASM op’s reference result from those inputs.
  3. Builds the ARM sequence’s result by symbolically executing it.
  4. Asserts the negation of equivalence and checks satisfiability: unsat ⇒ equivalent for all inputs (accept), sat ⇒ counterexample (reject).

The validator is trusted code: it is the small, auditable piece that replaces ~150 per-op Rocq proofs. Every formula it builds is 32-bit bitvector arithmetic that a reviewer can check by hand.

Implementations§

Source§

impl Z3ArmValidator

Source

pub fn new() -> Self

Construct a fresh validator. Callers should wrap any sequence of validate calls in crate::with_verification_context (a no-op for the default ordeal engine; configures Z3’s thread-local context when the differential oracle is compiled in).

Trait Implementations§

Source§

impl Default for Z3ArmValidator

Source§

fn default() -> Self

Returns the “default value” for a type. Read more
Source§

impl Validator<WasmOp, ArmOp> for Z3ArmValidator

Source§

fn validate( &self, sel: &CertifiedSelection<WasmOp, ArmOp>, ) -> Result<Witness, ValidationError>

Validate sel. Returns Ok(Witness) iff the selection is semantically equivalent to the source op.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V