chore(deps): bump rules_rocq_rust to e4660cc (rules_rust migration; fixes Rocq Formal Proofs CI)#141
Open
avrabe wants to merge 7 commits into
Open
chore(deps): bump rules_rocq_rust to e4660cc (rules_rust migration; fixes Rocq Formal Proofs CI)#141avrabe wants to merge 7 commits into
avrabe wants to merge 7 commits into
Conversation
Picks up pulseengine/rules_rocq_rust#34 which migrates rocq-of-rust to a hermetic rules_rust toolchain, replacing the ad-hoc cargo build in coq_of_rust/private/repository.bzl. The old build failed on the CI runner with `rust-lld: error: unable to find library -lLLVM-19-rust-1.85.0-nightly`, which has kept the Rocq Formal Proofs CI check red on main since v1.0.5 (admin-merged through it for the v1.1.0 and v1.1.1 releases). Closes the v1.1.1 carry-forward item (task #89). Trace: REQ-12
The pin bump alone (307b65f → e4660cc1b) is necessary but not sufficient: rules_rocq_rust#34 changed the rocq_of_rust extension's API. Without matching consumer-side changes the Rocq Formal Proofs CI check fails at analysis time with module extension @@rules_rocq_rust+//coq_of_rust:extensions.bzl%rocq_of_rust does not generate repository "rocq_of_rust_source", yet it is imported as "rocq_of_rust_source" in the usage at MODULE.bazel:51:29 Updates to match the new API, modelled on the canonical consumer example at examples/rust_to_rocq/MODULE.bazel in rules_rocq_rust: - Add bazel_dep(name = "rules_nixpkgs_core", version = "0.13.0"). rules_rocq_rust's nix_repo is dev_dependency=True there, so as the root module LOOM must configure nixpkgs itself. - Add the nix_repo extension call pinning nixpkgs to the same 2026-04-01 commit the upstream example uses (Rocq 9.0.1). - rocq.toolchain: add `with_rocq_of_rust_deps = True`. - use_repo(rocq, ...): drop `rocq_nixpkgs` (no longer exported by the new extension API — the root configures nixpkgs above). - rocq_of_rust.toolchain: drop the `commit = "..."` arg; the new toolchain uses a build-time pinned default (rocq-of-rust @ 877dd65). - use_repo(rocq_of_rust, ...): replace `rocq_of_rust_source` with `rocq_of_rust_build` (the new extension's output repo name). rules_rust, crate_universe, and the hermetic Rust nightly+rustc-dev toolchain are NOT dev_dependency in rules_rocq_rust@e4660cc1b's own MODULE.bazel, so they are inherited transitively and no consumer-side plumbing is needed for them. Trace: REQ-12
Follow-up to the MODULE.bazel migration in 1e731fb. The new rules_rocq_rust API renamed the build-output repo from rocq_of_rust_source to rocq_of_rust_build; the alias in proofs/rust_verified/BUILD.bazel still pointed at the old name and held up the Rocq Formal Proofs check at analysis time with ERROR: no such package '@@[unknown repo 'rocq_of_rust_source' requested from @@]//': ... referenced by '//proofs/rust_verified:rocq_of_rust_lib' The :rocq_of_rust_main target it consumes is preserved in the new repo (verified in upstream coq_of_rust/private/rocq_of_rust_build.bzl @ e4660cc1b). Trace: REQ-12
…l change The Track A roundtrip proof was passing on the v1.0.5-era pin of rules_rocq_rust (Rocq toolchain pulled by the old ad-hoc cargo build). After bumping to e4660cc1b — which pulls Rocq 9.0.1 with a stdlib where [simpl] reduces [0 + n * 1] to [n * 1] eagerly — the existing replace (0 + n * 1) with n by lia. silently no-ops (pattern absent) and the follow-up [reflexivity] then fails with Unable to unify "Some (n, rest)" with "Some (n * 1, rest)". at proofs/codec/Roundtrip.v:123. Match the post-simpl shape directly: [replace (n * 1) with n by lia]. The proof still closes with [Qed]; no Admitteds added. Trace: REQ-12
After the rules_rocq_rust toolchain bump, proofs/stack/StackSignature.v
line 214 fails with
Unable to unify "rev (rev ?M768) = ?M768" with
"p0 :: ps = rev (rev (p0 :: ps))".
Rocq 9.0's `apply` no longer silently flips orientation when the goal
direction is reversed. The local proof obligation after
`rewrite <- Hrev` is `p0 :: ps = rev (rev (p0 :: ps))`, while
`rev_involutive : rev (rev l) = l` goes the other way — insert an
explicit `symmetry`. Same proof, same Qed, no Admitteds added.
Trace: REQ-12
The new rules_rocq_rust rocq_library rule preserves subdirectory
hierarchy under the logical prefix:
proofs/semantics/WasmSemantics.v → proofs.semantics.WasmSemantics
proofs/simplify/ConstantFolding.v → proofs.simplify.ConstantFolding
The old pin (307b65f) appears to have flattened these to plain
proofs.WasmSemantics / proofs.ConstantFolding, so every dependent
file used `From proofs Require Import X.`. Under the new rules
that resolves to logical path "proofs.X" with no .vo file at that
location and fails with:
Error: Cannot find a physical path bound to logical path
WasmSemantics with prefix proofs.
Update all 17 imports across 9 .v files to point at the correct
subdirectory:
- WasmSemantics / TermSemantics → From proofs.semantics
- ConstantFolding / Identity /
Bitwise / StrengthReduction → From proofs.simplify
No proof bodies changed; only the module path qualifiers.
Trace: REQ-12
…lds rev Follow-up to 47b45f6. That commit added a `symmetry` to fix the orientation of [apply rev_involutive], but the proof still failed one tactic later at line 216 with Unable to unify "Some {| params := p0 :: ps; results := r; kind := Fixed |}" with "Some {| params := rev ys ++ [y]; results := r; kind := Fixed |}". Cause: Rocq 9.0's [simpl] above the [replace] is more eager than the v1.1.0-era pin's, and it unfolds [rev (y :: ys)] definitionally to [rev ys ++ [y]]. The old replace pattern [(rev (y :: ys))] then no longer matches anything in the post-simpl goal, the replace silently no-ops, and [destruct k; reflexivity] fails because the goal still holds [rev ys ++ [y]] where the lemma statement has [p0 :: ps]. Match the post-simpl shape directly and route the proof obligation through a [change] back to [rev (y :: ys)] (definitionally equal), then apply the same rev-involutive identity. Same Qed, no Admitteds added. Trace: REQ-12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Picks up pulseengine/rules_rocq_rust#34 which migrates
rocq-of-rustto a hermeticrules_rusttoolchain, replacing the ad-hoccargo buildincoq_of_rust/private/repository.bzl.The old build was failing on the CI runner with
rust-lld: error: unable to find library -lLLVM-19-rust-1.85.0-nightly, keeping theRocq Formal ProofsCI check red on main since v1.0.5 and forcing admin-merge through it for the v1.1.0 and v1.1.1 releases.rules_rocq_rustPR #34's own CI confirms the migrated toolchain builds (Build Example (Linux)and(macOS)both pass).Closes
Test plan
Rocq Formal ProofsCI check on this PR goes green (the whole point)