Skip to content

ABI Layer 2: prove generated max is correct-by-construction (flagship Idris2 proof)#39

Merged
hyperpolymath merged 1 commit into
mainfrom
claude/new-session-znxgm7
Jun 27, 2026
Merged

ABI Layer 2: prove generated max is correct-by-construction (flagship Idris2 proof)#39
hyperpolymath merged 1 commit into
mainfrom
claude/new-session-znxgm7

Conversation

@hyperpolymath

Copy link
Copy Markdown
Owner

Summary

Raises dafniser's Idris2 ABI to Layer 2 with its first flagship semantic proof. Dafniser's headline is "generate correct-by-construction code"; this models a Dafny spec (precondition + postcondition + generated body) for a representative generated function — integer max — and proves in the type system that the generated body meets its postcondition (result ≥ a ∧ result ≥ b ∧ (result = a ∨ result = b)) for all inputs. Incorrect results are unprovable.

Mirrors the estate's flagship-proof pattern (InjectionFree / Partition / Octad): faithful model, a proposition with no inhabitant for the bad case, a sound+complete Dec, a certifier proven sound, and positive + negative controls.

Changes

  • Adds src/interface/abi/Dafniser/ABI/Semantics.idrMaxPost postcondition (LTE-backed), genMax returning result-with-proof, genMaxCorrect (all three conjuncts), decMaxPost, certifyMaxSound, a no-undershoot soundness lemma, positive control (MaxPost 7 3 7) and negative control (Not (MaxPost 7 3 2)).
  • Registers the module in dafniser-abi.ipkg.

RSR Quality Checklist

Required

  • Tests pass — ABI package builds clean (see Testing)
  • Linter clean — idris2 --build emits zero warnings
  • No banned language patterns
  • No banned functions (believe_me/postulate/sorry/assert_total) — proof is genuine
  • SPDX headers present on new files
  • No secrets

As Applicable

  • ABI/FFI changes validated — additive proof; no FFI symbols touched

Testing

Verified with Idris2 0.7.0: cd src/interface/abi && idris2 --build dafniser-abi.ipkg → exit 0, zero warnings (all modules). Adversarial check: a deliberately-false proof was rejected by the type checker (non-vacuity). build/ removed (not committed).

🤖 Generated with Claude Code

https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx


Generated by Claude Code

…ition

Add Dafniser.ABI.Semantics raising the Idris2 ABI to Layer 2 with a genuine,
machine-checked semantic proof of the repo's headline ("correct-by-construction
code generation").

Model: a Dafny spec as the postcondition MaxPost a b r — a real proposition
inhabited only when r dominates both inputs and equals one of them. The
generated body genMax returns its result paired with a MaxPost proof
(correct-by-construction). genMaxCorrect derives all three ensures conjuncts
(result>=a, result>=b, result==a||result==b) for all inputs; noUndershootLeft
refutes the bad case. A sound certifier (certifyMax/certifyMaxSound) emits the
ABI's VerificationResult. Positive control maxPositive : MaxPost 7 3 7 and
negative control maxNegative : Not (MaxPost 7 3 2) are machine-checked; an
adversarial false proof (MaxPost 7 3 2) is rejected by idris2, confirming
non-vacuity.

Builds clean (idris2 0.7.0, exit 0, zero warnings).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
@hyperpolymath hyperpolymath marked this pull request as ready for review June 27, 2026 19:45
@hyperpolymath hyperpolymath merged commit 05482ff into main Jun 27, 2026
22 of 24 checks passed
@hyperpolymath hyperpolymath deleted the claude/new-session-znxgm7 branch June 27, 2026 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants