fix(safety): re-enable post-optimization stack validation (H-17)#62
Open
fix(safety): re-enable post-optimization stack validation (H-17)#62
Conversation
Replace the disabled compositional block analysis (validate_module_blocks) with per-function validation (validate_function_with_context) that avoids the false positives caused by dead code and instruction count changes. Investigation findings: - Every optimization pass already calls guard.validate(func)? individually - Functions with unanalyzable instructions (Unknown, CallIndirect) are skipped by both the optimizer AND the validator — no gap exists - The compositional analyzer (validate_module_blocks) had false positives with its block-level decomposition; validate_function_with_context checks the whole function without decomposition - All 310 tests pass with validation re-enabled This closes STPA finding H-17 (stack validation disabled). Trace: H-17, SC-16 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Re-enables the post-optimization stack validation safety gate that was disabled due to false positives in the compositional block analyzer.
Root cause:
validate_module_blocksused compositional block-level decomposition that produced false positives when optimizations reorder or eliminate dead code. The fix replaces it withvalidate_function_with_contextwhich validates each function as a whole without decomposition.Key finding: Every optimization pass already runs
guard.validate(func)?individually, so per-pass validation was never disabled. The module-level check was defense-in-depth that had been bypassed. Functions with unanalyzable instructions are skipped by both the optimizer and the validator -- no coverage gap exists.Test plan
Trace: H-17, SC-16
🤖 Generated with Claude Code