strata-org · MikaelMayer · Dec 31, 2025 · Dec 31, 2025 · Dec 31, 2025 · Dec 31, 2025
@@ -95,7 +95,10 @@ def specialCharsInSimpleSymbol := [
     ("caret", "^"),
     ("lt", "<"),
     ("gt", ">"),
-    ("at", "@")
+    ("at", "@"),
+    ("le", "<="),
+    ("ge", ">="),
+    ("implies", "=>")
   ]
 
 -- https://smt-lib.org/papers/smt-lib-reference-v2.7-r2025-07-07.pdf
@@ -159,7 +162,7 @@ category Symbol;
 op symbol (@[unwrap] s:SimpleSymbol) : Symbol => s;
 
 category Keyword;
-op kw_symbol (@[unwrap] s:SimpleSymbol) : Keyword => ":" s;
+op kw_symbol (@[unwrap] s:SimpleSymbol) : Keyword => ":" s:0;
 
 
 // 2. S-expressions
@@ -180,12 +183,12 @@ op sc_numeral_neg (@[unwrap] n:Num) : SpecConstant => "-" n:0;
 op sc_decimal_neg (@[unwrap] n:Decimal) : SpecConstant => "-" n:0;
 
 category SExpr;
-op se_spec_const (s:SpecConstant) : SExpr => s;
-op se_symbol (s:Symbol) : SExpr => s;
-op se_reserved (s:Reserved) : SExpr => s;
-op se_keyword (s:Keyword) : SExpr => s;
+op se_spec_const (s:SpecConstant) : SExpr => s:0;
+op se_symbol (s:Symbol) : SExpr => s:0;
+op se_reserved (s:Reserved) : SExpr => s:0;
+op se_keyword (s:Keyword) : SExpr => s:0;
 
-op se_ls (s:SpaceSepBy SExpr) : SExpr => "(" s ")";
+op se_ls (s:SpaceSepBy SExpr) : SExpr => "(" s:0 ")";
 
 
 category SMTIdentifier;
@@ -211,12 +214,12 @@ op smtsort_param (s:SMTIdentifier, @[nonempty] sl:SpaceSepBy SMTSort) : SMTSort
 
 // 5. Attributes
 category AttributeValue;
-op av_spec_constant (s:SpecConstant) : AttributeValue => s;
-op av_symbol (s:Symbol) : AttributeValue => s;
-op av_sel (s:Seq SExpr) : AttributeValue => "(" s ")";
+op av_spec_constant (s:SpecConstant) : AttributeValue => s:0;
+op av_symbol (s:Symbol) : AttributeValue => s:0;
+op av_sel (s:Seq SExpr) : AttributeValue => "(" s:0 ")";
 
 category Attribute;
-op att_kw (k:Keyword, av:Option AttributeValue) : Attribute => k av;
+op att_kw (k:Keyword, av:Option AttributeValue) : Attribute => k:0 " " av:0;
 
 
 // 6. Terms
@@ -239,18 +242,18 @@ op sorted_var (s:Symbol, so:SMTSort) : SortedVar => "(" s " " so ")";
 op spec_constant_term (sc:SpecConstant) : Term => sc;
 op qual_identifier (qi:QualIdentifier) : Term => qi;
 op qual_identifier_args (qi:QualIdentifier, @[nonempty] ts:SpaceSepBy Term) : Term =>
-  "(" qi " " ts ")";
+  "(" qi " " ts:0 ")";
 
 op let_smt (@[nonempty] vbps: SpaceSepBy ValBinding, t:Term) : Term =>
-  "(" "let" "(" vbps ")" t ")";
+  "(" "let " "(" vbps ")" t ")";
 op lambda_smt (@[nonempty] svs: SpaceSepBy SortedVar, t:Term) : Term =>
-  "(" "lambda" "(" svs ")" t ")";
+  "(" "lambda " "(" svs ")" t ")";
 op forall_smt (@[nonempty] svs: SpaceSepBy SortedVar, t:Term) : Term =>
-  "(" "forall" "(" svs ")" t ")";
+  "(" "forall " "(" svs ") " t ")";
 op exists_smt (@[nonempty] svs: SpaceSepBy SortedVar, t:Term) : Term =>
-  "(" "exists" "(" svs ")" t ")";
+  "(" "exists " "(" svs ") " t ")";
 op bang (t:Term, @[nonempty] attrs:SpaceSepBy Attribute) : Term =>
-  "(" "!" t " " attrs ")";
+  "(" "! " t:0 " " attrs:0 ")";
 
 
 // 7. Theories

@@ -32,6 +32,9 @@ private def mkSimpleSymbol (s:String):SimpleSymbol SourceRange :=
     | "lt" => .simple_symbol_lt SourceRange.none
     | "gt" => .simple_symbol_gt SourceRange.none
     | "at" => .simple_symbol_at SourceRange.none
+    | "le" => .simple_symbol_le SourceRange.none
+    | "ge" => .simple_symbol_ge SourceRange.none
+    | "implies" => .simple_symbol_implies SourceRange.none
     | _ => panic! s!"Unknown simple symbol: {name}")
   | .none =>
     .simple_symbol_qid SourceRange.none (mkQualifiedIdent s)
@@ -110,6 +113,35 @@ private def translateFromTermType (t:SMT.TermType):
     else
       return .smtsort_param srnone (mkIdentifier id) (Ann.mk srnone argtys_array)
 
+-- Helper function to convert a SMTDDM.Term to SExpr for use in pattern attributes
+def termToSExpr (t : SMTDDM.Term SourceRange) : SMTDDM.SExpr SourceRange :=
+  let srnone := SourceRange.none
+  match t with
+  | .qual_identifier _ qi =>
+      match qi with
+      | .qi_ident _ iden =>
+          match iden with
+          | .iden_simple _ sym => .se_symbol srnone sym
+          | _ => .se_symbol srnone (.symbol srnone (.simple_symbol_qid srnone (mkQualifiedIdent "term")))
+      | _ => .se_symbol srnone (.symbol srnone (.simple_symbol_qid srnone (mkQualifiedIdent "term")))
+  | .qual_identifier_args _ qi args =>
+      -- Function application in pattern: convert to nested S-expr
+      let qiSExpr := match qi with
+        | .qi_ident _ iden =>
+            match iden with
+            | .iden_simple _ sym => SMTDDM.SExpr.se_symbol srnone sym
+            | _ => .se_symbol srnone (.symbol srnone (.simple_symbol_qid srnone (mkQualifiedIdent "fn")))
+        | _ => .se_symbol srnone (.symbol srnone (.simple_symbol_qid srnone (mkQualifiedIdent "fn")))
+      -- Convert args array to SExpr list
+      let argsSExpr := args.val.map termToSExpr
+      .se_ls srnone (Ann.mk srnone ((qiSExpr :: argsSExpr.toList).toArray))
+  | _ => .se_symbol srnone (.symbol srnone (.simple_symbol_qid srnone (mkQualifiedIdent "term")))
+  decreasing_by
+    cases args
+    rename_i hargs
+    have := Array.sizeOf_lt_of_mem hargs
+    simp_all; omega
+
 def translateFromTerm (t:SMT.Term): Except String (SMTDDM.Term SourceRange) := do
   let srnone := SourceRange.none
   match t with
@@ -126,7 +158,7 @@ def translateFromTerm (t:SMT.Term): Except String (SMTDDM.Term SourceRange) := d
     else
       return (.qual_identifier_args srnone
         (.qi_ident srnone (mkIdentifier op.mkName)) (Ann.mk srnone args_array))
-  | .quant qkind args _tr body =>
+  | .quant qkind args tr body =>
     let args_sorted:List (SMTDDM.SortedVar SourceRange) <-
       args.mapM
         (fun ⟨name,ty⟩ => do
@@ -137,11 +169,37 @@ def translateFromTerm (t:SMT.Term): Except String (SMTDDM.Term SourceRange) := d
       throw "empty quantifier"
     else
       let body <- translateFromTerm body
+
+      -- Handle triggers/patterns
+      let bodyWithPattern <-
+        match tr with
+        | .app .triggers triggerTerms .trigger =>
+          if triggerTerms.isEmpty then
+            -- No patterns - return body as-is
+            pure body
+          else
+            -- Convert each trigger term to a SMTDDM.Term, then to SExpr
+            let triggerDDMTerms <- triggerTerms.mapM translateFromTerm
+            let triggerSExprs := triggerDDMTerms.map termToSExpr
+
+            -- Create the :pattern attribute
+            -- av_sel wraps the SExprs in parens, so we pass the array directly
+            let patternAttr : SMTDDM.Attribute SourceRange :=
+              .att_kw srnone
+                (.kw_symbol srnone (mkSimpleSymbol "pattern"))
+                (Ann.mk srnone (some (.av_sel srnone (Ann.mk srnone triggerSExprs.toArray))))
+
+            -- Wrap body with bang operator and pattern attribute
+            pure (.bang srnone body (Ann.mk srnone #[patternAttr]))
+        | _ =>
+          -- Unexpected trigger format - return body as-is
+          pure body
+
       match qkind with
       | .all =>
-        return .forall_smt srnone (Ann.mk srnone args_array) body
+        return .forall_smt srnone (Ann.mk srnone args_array) bodyWithPattern
       | .exist =>
-        return .exists_smt srnone (Ann.mk srnone args_array) body
+        return .exists_smt srnone (Ann.mk srnone args_array) bodyWithPattern
 
 
 private def dummy_prg_for_toString :=

@@ -246,7 +246,7 @@ def Op.mkName : Op → String
   | .not           => "not"
   | .and           => "and"
   | .or            => "or"
-  | .eq            => "eq"
+  | .eq            => "="
   | .ite           => "ite"
   | .implies       => "=>"
   | .distinct      => "distinct"

@@ -299,7 +299,7 @@ def Statement.mapMetadata [Inhabited N] (f : M → N) (s: Statement M) : Stateme
       -- Unlike List and Array, Option.map does not use `attach` by default for wf proofs
         ⟨f elseB.ann, elseB.val.attach.map (fun x => Statement.mapMetadata f x.1)⟩
   | .ifCase m cases => .ifCase (f m) ⟨f cases.ann, cases.val.map (fun o =>
-      match ho: o with
+      match _: o with
       | .oneIfCase m cond body => .oneIfCase (f m) (Expression.mapMetadata f cond) (Statement.mapMetadata f body))⟩
   | .loop m invariants body =>
       .loop (f m) ⟨f invariants.ann, invariants.val.map (Expression.mapMetadata f)⟩ (Statement.mapMetadata f body)
@@ -374,4 +374,25 @@ def Decl.toUnit [Inhabited (Expression Unit)] (d : Decl M) : Decl Unit :=
 def Program.toUnit [Inhabited (Expression Unit)] (p : Program M) : Program Unit :=
   p.mapMetadata (fun _ => ())
 
+/-- Extract metadata from any B3 statement -/
+def Statement.metadata : Statement M → M
+  | .check m _ => m
+  | .assert m _ => m
+  | .assume m _ => m
+  | .reach m _ => m
+  | .blockStmt m _ => m
+  | .probe m _ => m
+  | .varDecl m _ _ _ _ => m
+  | .assign m _ _ => m
+  | .reinit m _ => m
+  | .ifStmt m _ _ _ => m
+  | .ifCase m _ => m
+  | .choose m _ => m
+  | .loop m _ _ => m
+  | .labeledStmt m _ _ => m
+  | .exit m _ => m
+  | .returnStmt m => m
+  | .aForall m _ _ _ => m
+  | .call m _ _ => m
+
 end B3AST
@@ -0,0 +1,156 @@
+/-
+  Copyright Strata Contributors
+
+  SPDX-License-Identifier: Apache-2.0 OR MIT
+-/
+
+import Strata.Languages.B3.DDMTransform.DefinitionAST
+
+/-!
+# Function-to-Axiom Transformation
+
+Transforms B3 programs by splitting function definitions into declarations and axioms.
+
+While SMT-LIB 2.6 provides `define-fun-rec` for mutually recursive definitions,
+we use quantified axioms for broader solver compatibility and to maintain consistency
+with our verification approach. By converting function bodies to axioms with quantifiers,
+we enable verification of programs with mutually recursive functions across different
+SMT solvers.
+
+TODO: Add config option to use `define-fun` for non-recursive functions instead of
+quantified axioms. This could improve solver performance for simple function definitions.
+
+## Example: Simple Function
+
+Input:
+```
+function abs(x : int) : int {
+  if x >= 0 then x else -x
+}
+```
+
+Output:
+```
+function abs(x : int) : int
+
+axiom forall x : int pattern abs(x) abs(x) == (if x >= 0 then x else -x)
+```
+
+## Example: Mutually Recursive Functions
+
+Input:
+```
+function isEven(n : int) : int {
+  if n == 0 then 1 else isOdd(n - 1)
+}
+function isOdd(n : int) : int {
+  if n == 0 then 0 else isEven(n - 1)
+}
+```
+
+Output:
+```
+function isEven(n : int) : int
+function isOdd(n : int) : int
+
+axiom forall n : int pattern isEven(n) isEven(n) == (if n == 0 then 1 else isOdd(n - 1))
+axiom forall n : int pattern isOdd(n) isOdd(n) == (if n == 0 then 0 else isEven(n - 1))
+```
+
+## Example: Function with Precondition
+
+Input:
+```
+function sqrt(x : int) : int
+  when x >= 0
+{
+  ...
+}
+```
+
+Output:
+```
+function sqrt(x : int) : int
+
+axiom forall x : int pattern sqrt(x) (x >= 0) ==> (sqrt(x) == ...)
+```
+-/
+
+namespace Strata.B3.Transform
+
+open Strata.B3AST
+
+def transformFunctionDecl (decl : B3AST.Decl α) : Option (B3AST.Decl α × B3AST.Decl α) :=
+  match decl with
+  | .function _m name params resultType tag body =>
+      match body.val with
+      | some bodyAnn =>
+          match bodyAnn with
+          | FunctionBody.functionBody m whens bodyExpr =>
+              let funcDecl := B3AST.Decl.function m name params resultType tag (Ann.mk body.ann none)
+              let paramList := params.val.toList
+              let funcCallArgs : Array (Expression α) :=
+                params.val.mapIdx (fun i _param => Expression.id m i)
+              let funcCall := Expression.functionCall m name ⟨m, funcCallArgs⟩
+              let equality := Expression.binaryOp m (BinaryOp.eq m) funcCall bodyExpr
+              let axiomBody :=
+                if whens.val.isEmpty then
+                  equality
+                else
+                  let whenExprs := whens.val.toList.filterMap (fun w =>
+                    match w with | When.when _m cond => some cond)
+                  let whenConj := match whenExprs with
+                    | [] => Expression.literal whens.ann (Literal.boolLit whens.ann true)
+                    | first :: rest => rest.foldl (fun acc e =>
+                        Expression.binaryOp whens.ann (BinaryOp.and whens.ann) acc e
+                      ) first
+                  Expression.binaryOp whens.ann (BinaryOp.implies whens.ann) whenConj equality
+              -- Create pattern with function call
+              let pattern := Pattern.pattern m ⟨m, #[funcCall]⟩
+              let axiomExpr := paramList.foldr (fun param body =>
+                match param with
+                | FParameter.fParameter _m _inj paramName paramTy =>
+                    let varDecl := VarDecl.quantVarDecl m paramName paramTy
+                    Expression.quantifierExpr m
+                      (QuantifierKind.forall m)
+                      ⟨m, #[varDecl]⟩ ⟨m, #[pattern]⟩ body
+              ) axiomBody
+              let axiomDecl := Decl.axiom m ⟨m, #[]⟩ axiomExpr
+              some (funcDecl, axiomDecl)
+      | none => none
+  | _ => none
+
+def functionToAxiom (prog : B3AST.Program α) : B3AST.Program α :=
+  match prog with
+  | Program.program m decls =>
+      Id.run do
+        let mut typeDeclsRev : List (B3AST.Decl α) := []
+        let mut funcDeclsRev : List (B3AST.Decl α) := []
+        let mut funcAxiomsRev : List (B3AST.Decl α) := []
+        let mut otherDeclsRev : List (B3AST.Decl α) := []
+
+        for decl in decls.val.toList do
+          match decl with
+          | .typeDecl _ _ | .tagger _ _ _ =>
+              typeDeclsRev := decl :: typeDeclsRev
+          | .function _ _ _ _ _ body =>
+              match body.val with
+              | some bodyAnn =>
+                  match bodyAnn with
+                  | FunctionBody.functionBody _ _ _ =>
+                      match transformFunctionDecl decl with
+                      | some (funcDecl, axiomDecl) =>
+                          funcDeclsRev := funcDecl :: funcDeclsRev
+                          funcAxiomsRev := axiomDecl :: funcAxiomsRev
+                      | none => otherDeclsRev := decl :: otherDeclsRev
+              | none =>
+                  funcDeclsRev := decl :: funcDeclsRev
+          | .axiom _ _ _ =>
+              funcAxiomsRev := decl :: funcAxiomsRev
+          | _ =>
+              otherDeclsRev := decl :: otherDeclsRev
+
+        let finalDecls := typeDeclsRev.reverse ++ funcDeclsRev.reverse ++ funcAxiomsRev.reverse ++ otherDeclsRev.reverse
+        return Program.program m ⟨decls.ann, finalDecls.toArray⟩
+
+end Strata.B3.Transform