Merged
Conversation
- Extend closure callee setup (`setupCalleeClosure2`) to accept closure-env references whose pointee resolves to `typeInfoFunType` (in addition to `typeInfoVoidType`). - Add `isFunType(TypeInfo)` helper predicate used by that guard. - In the fix commit, refresh `closure_access_struct-fail.main.expected` to show the behavior change from stuck frontier to terminal `#EndProgram`. - Cleanup after fix: - rename `closure_access_struct-fail.rs` -> `closure_access_struct.rs` - remove `show/closure_access_struct-fail.main.expected` - remove this case from `PROVE_RS_SHOW_SPECS`
## Summary
- Relax `_extract_tag` to accept both signed and unsigned `PrimitiveInt`
tag metadata (`signed=_`).
- Keep discriminant decoding based on raw tag bits (`int.from_bytes(...,
signed=False)`), which is what variant dispatch needs.
- Add a decode fixture for signed-tag metadata
(`enum-3-variants-0-fields-signed-tag`).
- Update the prove-rs case to a passing case and refresh its `show`
snapshot.
## Problem (concrete case)
This PR is motivated by:
`kmir/src/tests/integration/data/prove-rs/transmute-u8-to-enum-changed-discriminant-signed.rs`
```rust
#[repr(i8)]
enum AccountState {
Uninitialized = 0,
Initialized = 1,
Frozen = -1,
}
// main checks both byte-level and signed views of the same discriminant bits:
// 255 maps to Frozen in the u8 path
// -1 maps to Frozen in the i8 path
```
For this enum layout, the tag scalar metadata can be `signed=true` (I8),
even though the stored discriminant bytes are still valid raw bytes for
dispatch.
## Red (before this fix)
`_extract_tag` only matched `PrimitiveInt(..., signed=False)`. When
metadata was signed, decode failed with:
```text
ValueError: Unsupported tag: Initialized(value=PrimitiveInt(length=I8, signed=True), ...)
```
That blocked the signed-discriminant path in proving.
## Green (after this fix)
- `_extract_tag` now accepts either signedness metadata.
- The same bytes are decoded as unsigned raw bits for dispatch.
- The concrete program above now proves in integration tests:
- input case is now
`transmute-u8-to-enum-changed-discriminant-signed.rs`
- expected proof snapshot is
`show/transmute-u8-to-enum-changed-discriminant-signed.main.expected`
- terminal `#EndProgram` is reached for `main`
## Why this is the right scope
This change fixes tag extraction compatibility for signed discriminant
metadata without changing enum dispatch semantics beyond that path. It
is covered by both:
- decode-value fixture (`enum-3-variants-0-fields-signed-tag`) and
- end-to-end prove-rs integration snapshot for the concrete Rust program
above.
---------
Co-authored-by: automergerpr-permission-manager[bot] <190534181+automergerpr-permission-manager[bot]@users.noreply.github.com>
#956 added handles `FunType` for closures instead of `VoidType` for that come from [stable mir json 129](runtimeverification/stable-mir-json#129) for `setupCalleeClosure2`. This PR adds the same thing to `setupCalleeClosure`. (Fixes regressed proofs for P-Token) - Added explicit `FnOnce` test `closure_fnonce_tuple_arg.rs` - Fixed `and_then_closure.rs`
Stevengre
approved these changes
Mar 4, 2026
dkcumming
added a commit
to runtimeverification/solana-token
that referenced
this pull request
Mar 10, 2026
- fix(rt): handle fun-type closure env refs in callee setup [956](runtimeverification/mir-semantics#956) - fix(decode): accept signed enum tag scalars in _extract_tag [954](runtimeverification/mir-semantics#954) - Added check for FunType in setupCalleeClosure [969](runtimeverification/mir-semantics#969) - Merge in latest master [973](runtimeverification/mir-semantics#973) - fix(kompile): map linked NormalSym functions to monoItemFn(noBody) [953](runtimeverification/mir-semantics#953) - fix(rt): generalize direct-tag enum decoding to any variant count and discriminant [955](runtimeverification/mir-semantics#955) - fix(spl-token): encode multisig signers as pubkey aggregates [958](runtimeverification/mir-semantics#958) - fix(rt): closure aggregate + #setTupleArgs fallback [952](runtimeverification/mir-semantics#952) - fix(rt): bug fix for castKindPtrToPtr [974](runtimeverification/mir-semantics#974) - fix(rt): repair closure callee setup for iter-eq repro [957](runtimeverification/mir-semantics#957) - Change the number of signers from 11 to 3 [982](runtimeverification/mir-semantics#982) - Merging latest master into feature/p-token [981](runtimeverification/mir-semantics#981)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
FunTypein `setupCalleeClosure 969