Skip to content

fix: kernel: move level parameter count and thm-is-prop checks for robustness#12817

Merged
nomeata merged 9 commits intomasterfrom
joachim/kernel-delta-level-check
Mar 5, 2026
Merged

fix: kernel: move level parameter count and thm-is-prop checks for robustness#12817
nomeata merged 9 commits intomasterfrom
joachim/kernel-delta-level-check

Conversation

@nomeata
Copy link
Collaborator

@nomeata nomeata commented Mar 5, 2026

This PR moves the universe-level-count check from unfold_definition_core into is_delta, establishing the invariant that if is_delta succeeds then unfold_definition also succeeds. This prevents a crash (SIGSEGV or garbled error) that occurred when call sites in lazy_delta_reduction_step unconditionally dereferenced the result of unfold_definition even on a level-parameter-count mismatch.

Additionally, moves the is_prop check for theorem types in add_theorem to occur after check_constant_val, so the type is verified to be well-formed before is_prop evaluates it. This prevents is_prop from being called on an ill-typed term when a malformed theorem declaration is supplied.

Fixes #10577.

Copilot AI and others added 9 commits February 28, 2026 08:55
Initial plan
547ac1e
@nomeata
fix: move level param check into is_delta to prevent crash (#10577)
8361416 
The kernel would crash (access uninitialized memory) when `is_delta`
succeeded for a constant whose supplied universe-level count did not match
its declaration's level-parameter count.  `unfold_definition_core` had the
count check, so it returned `none_expr()` in that case.  Call sites in
`lazy_delta_reduction_step` unconditionally dereferenced that result,
causing undefined behaviour (garbled error or SIGSEGV).

Fix: add the level-parameter-count check to `is_delta` and remove the now-
redundant check from `unfold_definition_core`.  This establishes the
invariant: if `is_delta` succeeds then `unfold_definition` will also
succeed.

Add a regression test from the fuzzer-discovered reproducer in #10577.

Co-authored-by: nomeata <148037+nomeata@users.noreply.github.com>
@nomeata
No additional changes - finalizing PR state
5f32014 
Co-authored-by: nomeata <148037+nomeata@users.noreply.github.com>
@nomeata
chore: remove accidentally committed CodeQL build artifacts and add t…
4390e29 
…o .gitignore

Co-authored-by: nomeata <148037+nomeata@users.noreply.github.com>
@nomeata
chore: revert unrelated .gitignore changes
6d15f48 
Co-authored-by: nomeata <148037+nomeata@users.noreply.github.com>
@nomeata
fix: move thm-is-prop check after check_constant_val in add_theorem f…
525b532 
…or robustness

Co-authored-by: nomeata <148037+nomeata@users.noreply.github.com>
@nomeata
chore: remove accidentally committed CodeQL build artifacts
31630a8 
Co-authored-by: nomeata <148037+nomeata@users.noreply.github.com>
@nomeata
Apply suggestion from @nomeata
02a499c
@nomeata
Update tests
ced9901
@nomeata nomeata requested a review from leodemoura as a code owner March 5, 2026 17:02
@nomeata nomeata added the changelog-language Language features and metaprograms label Mar 5, 2026
@nomeata nomeata mentioned this pull request Mar 5, 2026
Closed
@nomeata nomeata added this pull request to the merge queue Mar 5, 2026
@github-actions github-actions bot added the toolchain-available A toolchain is available for this PR, at leanprover/lean4-pr-releases:pr-release-NNNN label Mar 5, 2026
@mathlib-lean-pr-testing
Copy link

mathlib-lean-pr-testing bot commented Mar 5, 2026

Mathlib CI status (docs):

  • ❗ Mathlib CI can not be attempted yet, as the nightly-testing-2026-02-28 tag does not exist there yet. We will retry when you push more commits. If you rebase your branch onto nightly-with-mathlib, Mathlib CI should run now. You can force Mathlib CI using the force-mathlib-ci label. (2026-03-05 18:23:05)

@leanprover-bot
Copy link
Collaborator

leanprover-bot commented Mar 5, 2026

Reference manual CI status:

  • ❗ Reference manual CI can not be attempted yet, as the nightly-testing-2026-02-28 tag does not exist there yet. We will retry when you push more commits. If you rebase your branch onto nightly-with-manual, reference manual CI should run now. You can force reference manual CI using the force-manual-ci label. (2026-03-05 18:23:07)

Merged via the queue into master with commit 6ebe573 Mar 5, 2026
39 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leodemoura leodemoura Awaiting requested review from leodemoura leodemoura is a code owner

Assignees

No one assigned

Labels

changelog-language Language features and metaprograms toolchain-available A toolchain is available for this PR, at leanprover/lean4-pr-releases:pr-release-NNNN

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Kernel accesses uninitialized memory

3 participants

@nomeata @leanprover-bot