GOTO backend: Core-to-GOTO translation, CBMC pipeline tests, and CI

[tautschnig]

Description of changes:

Core-to-GOTO translation

Translate Strata Core programs to CProver GOTO binary format for CBMC
verification. Covers all Imperative statement types, Core commands,
procedure contracts, calls, axioms, datatypes, and source locations.

ToCProverGOTO.lean:

• Handle block, ite, loop, exit, funcDecl statements
• Emit loop invariants (#spec_loop_invariant) and measures (#spec_decreases)
• Detect unresolved exit statements (targeting nonexistent labels) and abort
• Extract helpers: emitGoto, emitCondGoto, emitLabel, patchGotoTargets

LambdaToCProverGOTO.lean (new, in Strata/Backends/CBMC/GOTO/):

• Map all arithmetic, comparison, boolean, bitvector, real, string,
  and regex operators to GOTO equivalents
• Signed BV operations (SDiv, SMod, SLt, SLe, SGt, SGe): cast operands
  to signedbv via typecast so CBMC interprets them correctly
• Euclidean integer division/modulo (Int.Div, Int.SafeDiv, Int.Mod,
  Int.SafeMod): encode as compound expressions built from truncating
  div/mod with correction terms
• BV hex encoding for all widths (was 32-bit only)
• Support BV extract, old(expr), quantifiers, ternary, Map.const

CoreToCProverGOTO.lean (new, in Strata/Backends/CBMC/GOTO/):

• End-to-end Core program to GOTO translation
• Call LHS type lookup from program context (not hardcoded)

InstToJson.lean:

• Extend JSON serialization for GOTO programs with function entries
• Deduplicate symbol collection and operator JSON generation

StrataMain.lean:

• Add coreAnalyzeToGoto, laurelAnalyzeToGoto, pyAnalyzeToGoto commands
• Translate procedure calls to FUNCTION_CALL instructions at any nesting
• Lift local funcDecl to top-level GOTO functions
• Emit contracts, axioms, distinct decls, global variables
• Propagate source locations from metadata to GOTO instructions

Code reorganization

Production GOTO translation code moved from StrataTest/ to
Strata/Backends/CBMC/GOTO/ (LambdaToCProverGOTO.lean,
CoreToCProverGOTO.lean). Test files in StrataTest/ now import from
the production modules and contain only test code.

Tests and CI

• Unit tests for expression, type, and statement translation
• E2E tests for the Core-to-GOTO contracts pipeline (49 test cases)
• Laurel and Python CBMC pipeline test suites with property-level
  expected output matching (CBMC properties checked by line number)
• CI workflow (cbmc.yml) builds CBMC from source with string support,
  regex, and bounds-check patches; runs all CBMC test suites
• Laurel pipeline uses --z3 for SMT-based string reasoning

Documentation

• CoreToGOTO_Gaps.md: translation coverage, soundness principles,
  operator semantics decisions, and remaining open gaps

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[atomb]

One general comment on this: I have plans to add unstructured CFGs in Strata (started in #202), and it would probably make sense in the long run to have a a pipeline that does Strata Stmt -> Strata CFG -> GOTO instruction CFG. I'd paused work on #202 because it wasn't clear what we'd use it for right now, but I could finish it up and merge it if you think it'd be useful for this PR.

[tautschnig]

One general comment on this: I have plans to add unstructured CFGs in Strata (started in #202), and it would probably make sense in the long run to have a a pipeline that does Strata Stmt -> Strata CFG -> GOTO instruction CFG. I'd paused work on #202 because it wasn't clear what we'd use it for right now, but I could finish it up and merge it if you think it'd be useful for this PR.

There'll certainly be interactions between your PR and this one, but I'm happy for these to be worked on in either order: if #202 goes in first, this PR will be updated, else #202 should likely include changes to GOTO instruction support (which I'm then happy to contribute myself).

[Copilot]

Pull request overview

This PR extends the transformation functionality from imperative commands to GOTO instructions by adding support for all statement types (.block, .ite, .loop, and .goto), not just the previously-supported .cmd statements.

Key Changes:

• Implemented mutual recursive functions Stmt.toGotoInstructions and Block.toGotoInstructions to handle all statement constructors
• Added comprehensive test coverage with 10 test cases covering basic, nested, and edge-case scenarios

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
Strata/DL/Imperative/ToCProverGOTO.lean	Adds mutual recursive transformation functions for statements and blocks, handling control flow constructs (blocks, conditionals, loops, gotos) with proper label generation and GOTO instruction patching
StrataTest/Backends/CBMC/ToCProverGOTO.lean	Adds 10 comprehensive test cases covering all new statement types including basic transformations, nested control flow, empty branches/bodies, and assertions/assumptions within control structures

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[atomb]

One general comment on this: I have plans to add unstructured CFGs in Strata (started in #202), and it would probably make sense in the long run to have a a pipeline that does Strata Stmt -> Strata CFG -> GOTO instruction CFG. I'd paused work on #202 because it wasn't clear what we'd use it for right now, but I could finish it up and merge it if you think it'd be useful for this PR.

There'll certainly be interactions between your PR and this one, but I'm happy for these to be worked on in either order: if #202 goes in first, this PR will be updated, else #202 should likely include changes to GOTO instruction support (which I'm then happy to contribute myself).

I mostly just wanted to make sure we're both aware of each other's work. Since this PR seems just about ready to go, and #202 still needs some tests which I won't have a chance to add right away, let's go ahead and merge this one and update #202 later.

[andrewmwells-amazon]

I'd expect .py or .python.st.ion

[tautschnig]

What's wrong with .py.ion?

[atomb]

I think #472 is basically ready to merge, and it replaces .goto with .exit, which would require a few changes to this PR (though from a quick look it seems like they wouldn't be very large).

[shigoel]

Do you think there's a different default for when the fileMap isn't available that'd be sensible here? I think we've run into this elsewhere too.

[tautschnig]

It's now using byte offset as a rough indicator, but I'm not sure what else can be done when no information is available.?

[tautschnig]

I think #472 is basically ready to merge, and it replaces .goto with .exit, which would require a few changes to this PR (though from a quick look it seems like they wouldn't be very large).

Those changes are now included.

[Copilot]

Pull request overview

Copilot reviewed 48 out of 49 changed files in this pull request and generated no new comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[keyboardDrummer]

Can't you pass 1d source locations to the back-end? In the common case, a FileMap will not be available at this point so you can not generate the 2d locations.

[tautschnig]

The current code already falls back to 1D byte offsets when no FileMap is available. All current callers (coreAnalyzeToGoto, laurelAnalyzeToGoto, pyAnalyzeToGoto) do provide a FileMap built from the source file.

[keyboardDrummer]

All current callers (coreAnalyzeToGoto, laurelAnalyzeToGoto, pyAnalyzeToGoto) do provide a FileMap built from the source file.

Front-ends generally will not pass a FileMap to Strata. They will pass Ion without a FileMap. The FileMap might not even be available on the machine where Strata is executing.

The current code already falls back to 1D byte offsets when no FileMap is available.

Shouldn't that be the default? Does it enable reconstructing 2D locations near the front of Strata?