ABI Layer 2: prove C-binding signature preservation — flagship Idris2 proof#36
Merged
Merged
Conversation
Add Nimiser.ABI.Semantics, a machine-checked semantic proof that the Nim->C code generator preserves source signatures: same name, same arity, and every argument/return type lowered by the canonical injective nimToC mapping. An arity or type mismatch is unrepresentable as a SigPreserved witness. Contents: - Faithful model: NimT / CT type universes, NimSig / CSig signatures, total nimToC lowering, genBinding code generator. - Headline property SigPreserved with no constructor for any mismatch. - genBindingPreserves: the generator ALWAYS preserves (soundness). - nimToCInjective: the lowering is injective (non-vacuity engine). - decSigPreserved: sound + complete Dec decision procedure. - certifyBinding + certifyBindingSound tied to the project Result type; generatedAlwaysCertifies corollary. - Positive control samplePreserved (explicit witness) and three negative controls (wrong return type, wrong arity, wrong arg type), all machine-checked. Build: idris2 --build nimiser-abi.ipkg exits 0, zero warnings. Adversarial false proof (claiming a type-mismatched binding is preserved) is rejected by the type-checker, confirming non-vacuity. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Raises nimiser's Idris2 ABI to Layer 2 with its first flagship semantic proof. nimiser's headline is generating high-performance C libraries via Nim metaprogramming; the correctness obligation is that the generated C binding preserves the source signature — arity and per-argument type lowering. This proves
SigPreservedwith a sound+completeDec, so an arity/type mismatch is unrepresentable.Mirrors the estate flagship-proof pattern:
NimSig/CSigmodel,ArgsLower/SigPreservedpropositions, sound+completeDec, certifier proven sound, positive + negative controls.Changes
src/interface/abi/Nimiser/ABI/Semantics.idr— type loweringArgsLower,SigPreserved, sound+complete decision,certifyBinding/soundness, positive + negative controls.nimiser-abi.ipkg.RSR Quality Checklist
Required
As Applicable
Testing
Verified with Idris2 0.7.0:
idris2 --build nimiser-abi.ipkg→ exit 0, zero warnings. Adversarial check: a deliberately-false proof was rejected.build/removed.🤖 Generated with Claude Code
https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Generated by Claude Code