Skip to content

Make Rocq formal proofs gating (rocq-proofs is continue-on-error) #169

Description

@avrabe

Expected standard (the "full circle"): a formal-verification asset should be (1) wired into CI, (2) gating — not continue-on-error — so a regression actually blocks the merge, and (3) complete — no sorry/axioms standing in for proofs. When any link is missing, the proof exists but cannot stop a regression, so the loop is open. Maybe there is a reason here; if so it should be documented — otherwise it should follow the standard.

Found: the rocq-proofs job (.github/workflows/ci.yml:361-366) runs with continue-on-error: true. The optimization semantic-preservation proofs (WasmSemantics, ConstantFolding/StrengthReduction correctness, and the rocq-of-rust translation link) run and report, but a proof regression passes the build silently.

Recommend: remove continue-on-error from rocq-proofs so proof breakage blocks merge. If non-gating is intentional (runtime, flakiness), document why and/or move to a gating nightly.

Noticed during a kiln verification-corpus audit comparing how each PulseEngine repo wires its proofs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions