Skip to content

ci(kani,clippy): enforce the orphaned relay-mix-quad proofs (MIX-P05..08)#241

Merged
avrabe merged 1 commit into
mainfrom
feat/falcon-v1.102-enforce-mix-quad-proofs
Jun 27, 2026
Merged

ci(kani,clippy): enforce the orphaned relay-mix-quad proofs (MIX-P05..08)#241
avrabe merged 1 commit into
mainfrom
feat/falcon-v1.102-enforce-mix-quad-proofs

Conversation

@avrabe

@avrabe avrabe commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

What

Caught while scoping motor-failure reallocation: relay-mix-quad has 6 Kani harnesses (MIX-P05..P08) but was never in the dedicated Kani matrix. MIX-P08 (the single-rotor-out allocator — failed rotor → 0, healthy ∈ [floor,1]) ran only via FV-FALCON-FAULT-002's verification step; the rest ran nowhere in CI. Same orphaned-proof pattern closed this session for relay-param/fsm/preflight/calib/fsafe.

  • Add relay-mix-quad to .github/workflows/kani.yml + the -D warnings clippy gate.
  • 3 test-fn #[allow(clippy::needless_range_loop)] (index used in the failure message) — the verified mixer logic is untouched.
  • All 6 harnesses verify 6/6; 23 tests; clippy clean. FV-FALCON-FAULT-002 notes the enforcement.

Context (important)

The rotor-loss feature is already implemented + verified end-to-end — relay-iekf::RotorFaultDetector + mix_rotor_out + relay-geo::moment_reduced + the falcon-sitl-gz::fault_tolerance_chain_recovers_from_rotor_loss SITL chain test all pass. This PR is the gate-enforcement gap, not new feature code. (Verify-first caught that a planned new detector would have duplicated the existing RotorFaultDetector.)

Next: wire the existing pieces into the production FlightCore::step (currently only the SITL example composes them).

🤖 Generated with Claude Code

….08)

Caught while scoping motor-failure reallocation: relay-mix-quad has six Kani
harnesses (MIX-P05..P08 — the X-mixer bound, saturation-direction, thrust-floor,
and the MIX-P08 single-rotor-out allocator that pins the failed rotor to 0 and
keeps healthy rotors in [floor,1]) but the crate was NOT in the dedicated Kani
matrix. MIX-P08 ran only via FV-FALCON-FAULT-002's verification step; the rest
ran nowhere in CI. Same orphaned-proof pattern closed this session for
relay-param / relay-fsm / relay-preflight / relay-calib / relay-fsafe.

Add relay-mix-quad to .github/workflows/kani.yml + the -D warnings clippy gate
(3 test-fn #[allow(clippy::needless_range_loop)] where the index is used in the
failure message — the verified mixer logic is untouched). All six harnesses
verify 6/6; 23 tests; clippy clean. FV-FALCON-FAULT-002 notes the enforcement.

(Note: the rotor-loss FEATURE is already implemented + verified — RotorFaultDetector
+ mix_rotor_out + moment_reduced + the end-to-end SITL chain test all pass. This
is the gate-enforcement gap, not new feature code.)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@avrabe avrabe enabled auto-merge (squash) June 27, 2026 04:37
@avrabe avrabe merged commit d1d34ae into main Jun 27, 2026
39 checks passed
@avrabe avrabe deleted the feat/falcon-v1.102-enforce-mix-quad-proofs branch June 27, 2026 04:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant