Skip to content

ABI: make Idris2 proofs genuinely compile + add machine-checked theorems#34

Merged
hyperpolymath merged 3 commits into
mainfrom
claude/iseriser-proofs-review-rtdcwb
Jun 26, 2026
Merged

ABI: make Idris2 proofs genuinely compile + add machine-checked theorems#34
hyperpolymath merged 3 commits into
mainfrom
claude/iseriser-proofs-review-rtdcwb

Conversation

@hyperpolymath

Copy link
Copy Markdown
Owner

Idris2 ABI proofs — genuinely compile + machine-checked theorems

Part of the family-wide ABI-proofs review. The hand-written ABI did not typecheck under Idris2 0.7.0; this makes it real and verified, following the merged iseriser reference.

Systemic fixes: decEq _ _ = No absurd → explicit off-diagonal cases; {auto 0 nonNull} smart constructors → choose-based; paddingFor -minus; real decDivides/decFieldsAligned replacing ?fieldsAlignedProof; honest offsetInBounds; thisPlatform de-%runElab'd; buildable nested layout + ipkg; new Proofs.idr with real theorems.

Verified: idris2 --build clean (0/0); adversarial re-verify found no believe_me/postulate/holes.

🤖 Generated with Claude Code


Generated by Claude Code

Jonathan D.A. Jewell and others added 3 commits June 26, 2026 11:20
The governance/licence-consistency check requires an SPDX-License-Identifier
header on the LICENSE file and a `license` field in the manifest. The LICENSE
body is MPL-2.0 text, so stamp `SPDX-License-Identifier: MPL-2.0` (matching the
actual body) and set `license = "MPL-2.0"` (replacing `license-file`).

Verified with standards/scripts/check-licence-consistency.sh (passes).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DF9CcCuL4YJoqs26eHsYiA
Make the repo's licensing single and consistent, matching the wokelangiser
reference policy and the merged iseriser pattern:

- Remove contradictory PMPL-1.0-or-later / Palimpsest self-claims from README
  badges/footers, QUICKSTART, RSR_OUTLINE, STATE-VISUALIZER, and machine-readable
  governance (META, stapeln, deny.toml allow-list, copilot/AGENTIC SPDX
  directives, Trust/Must LICENSE-content checks, per-project CLAUDE.md).
- Encode the docs split in REUSE dep5: *.adoc/*.md/docs/** -> CC-BY-SA-4.0,
  everything else -> MPL-2.0.
- READMEs show MPL-2.0 (code) + CC-BY-SA-4.0 (docs) badges; full texts live in
  LICENSES/; root LICENSE stays MPL-2.0 for GitHub's licence chip.

Preserves legitimate non-self references: cargo-deny's AGPL deny-list, the
"never use AGPL" estate policy, and the Contributor Covenant CoC.

Verified: standards/scripts/check-licence-consistency.sh passes; no residual
PMPL/Palimpsest self-claims remain.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DF9CcCuL4YJoqs26eHsYiA
….7.0

The src/interface/abi/{Types,Layout,Foreign}.idr files were scaffolded from a
template and never compiler-checked. This makes them typecheck cleanly (zero
errors, zero warnings) under Idris2 0.7.0 with real, non-faked proofs, and adds
a machine-checked theorem module.

Buildability:
- Moved flat files into the Lustreiser.ABI namespace dir
  (src/interface/abi/Lustreiser/ABI/{Types,Layout,Foreign}.idr) so file paths
  match module namespaces.
- Added src/interface/abi/lustreiser-abi.ipkg listing all four modules.

Systemic fixes:
- Types.thisPlatform: replaced the %runElab stub (needs ElabReflection) with a
  plain value (Linux).
- DecEq TemporalOperator and DecEq Result: replaced the non-compiling
  `decEq _ _ = No absurd` catch-all with explicit off-diagonal cases
  `No (\case Refl impossible)` for every ordered pair of distinct constructors.
- createHandle: replaced `Just (MkHandle ptr)` (unsolved `So (ptr /= 0)` auto
  proof) with a `choose`-based smart constructor supplying {nonNull = ok}.
- Layout.paddingFor: `alignment - ...` (no Neg for Nat) -> `minus alignment ...`.
- Added decDivides (sound Maybe (Divides n m) via div + decEq) and replaced the
  unprovable alignUpCorrect/Refl with alignUpDivides routed through decDivides.
- checkCABI: implemented decFieldsAligned and removed the ?fieldsAlignedProof
  hole; returns a genuine CABICompliant witness or Left.
- offsetInBounds: changed the unsound universally-true `So (...)` return type to
  `Maybe (So (...))` decided via choose.
- Concrete StructLayout values (lustrePortLayout, lustreContextLayout) now supply
  their erased auto-implicit proofs explicitly ({sizeCorrect = Oh},
  {aligned = DivideBy 4 Refl}; 32 = 4 * 8).
- verifyLayout now discharges both erased obligations with real witnesses.
- Lifted NodeLayout's invalid record `where` helper (totalBufferSize) to a
  top-level function.
- Renamed shadowing Vect-length implicits to unique names to clear all
  "implicitly bind lowercase names" warnings.
- Foreign: declared prim__getString locally per-function (where blocks) matching
  the working reference, fixing the Bits64/Ptr String unification error.

Real theorems (src/interface/abi/Lustreiser/ABI/Proofs.idr):
- lustrePortCompliant, lustreContextCompliant: CABICompliant proofs built
  directly from per-field DivideBy k Refl witnesses (offset = k * alignment).
- okIsZero, deadlineViolationIsFive, clockErrorIsSix: pin the result-code
  encoding the Zig FFI depends on.
- preIsStateful, fbyIsStateful, whenIsStateless, mergeIsStateless: pin the
  temporal-operator state classification.

Build: `cd src/interface/abi && idris2 --build lustreiser-abi.ipkg` exits 0 with
zero errors and zero warnings.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01DF9CcCuL4YJoqs26eHsYiA
@hyperpolymath hyperpolymath marked this pull request as ready for review June 26, 2026 14:53
@hyperpolymath hyperpolymath merged commit 6c1a419 into main Jun 26, 2026
20 of 22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants