Skip to content

ABI Layer 4: prove the FFI result-code seam is injective + faithful#48

Merged
hyperpolymath merged 5 commits into
mainfrom
claude/new-session-znxgm7
Jun 28, 2026
Merged

ABI Layer 4: prove the FFI result-code seam is injective + faithful#48
hyperpolymath merged 5 commits into
mainfrom
claude/new-session-znxgm7

Conversation

@hyperpolymath

Copy link
Copy Markdown
Owner

Summary

Layer 4 (seal the ABI↔FFI seam): proves the FFI result-code encoding (resultToInt) is a sound, lossless wire encoding — decoder intToResult with resultRoundTrip, from which resultToIntInjective is derived. Distinct ABI outcomes never collide on the C wire. Complements the structural abi-ffi-gate.py.

New module *.ABI.FfiSeam (imports Types). Positive + non-vacuity controls.

Testing

Idris2 0.7.0 --build → exit 0, zero warnings. Adversarial rejection confirmed. build/ removed. No believe_me/postulate/sorry.

🤖 Generated with Claude Code

https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx


Generated by Claude Code

claude and others added 4 commits June 27, 2026 19:41
New module K9iser.ABI.Semantics proves the repo's headline property
("Wrap configs into self-validating K9 contracts"): a config that
SATISFIES a "must"-contract (a required key present whose value lies
within an inclusive numeric range) provably validates, and a config that
VIOLATES it (missing key OR out-of-range value) provably does not.

- Faithful model: Config = assoc list (Key, Nat); Contract = key + [lo,hi].
- Headline proposition `Validates c cfg` has constructors only for the
  satisfying case (resolver equation + InRange via propositional LTE);
  no constructor exists for a missing key or out-of-range value.
- Sound + complete `decValidates : Dec (Validates c cfg)` and `decInRange`.
- Certifier `certify` into the ABI Result code, with `certifySound` and
  `certifyComplete`.
- Positive control `goodValidates` (replicas=5 in [1,10]) and two negative
  controls: `badRangeNotValidates` (replicas=0) and `missingNotValidates`.

ABI builds clean (exit 0, zero warnings). A deliberately false witness
for the out-of-range config is rejected by idris2 (non-vacuity verified).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Add a second, deeper machine-checked theorem over the existing Layer-2
Semantics model, raising the Idris2 ABI to Layer 3. Proves how config
validation behaves under CONJUNCTION of K9 contracts, distinct from the
Layer-2 single-contract soundness/completeness:

- ValidatesBoth / ValidatesAll: binary and n-ary conjunction over the
  existing Validates proposition.
- validatesAndIff / validatesAllConsIff: decomposition isomorphisms
  (real witness round-trips, = Refl).
- validatesBothSym: commutativity of conjunction.
- decValidatesAll: sound + complete decision, built compositionally
  from the Layer-2 decValidates.
- validatesAllAppend{Fwd,Bwd}: distribution of conjunction over list
  append (induction on the bundle).
- validatesAllWeaken: monotonicity / downward-closure.
- certifyAll{,Sound,Complete}: certifier into the ABI Result code.
- Positive controls (twoValidatesBoth / twoValidatesBundle) and
  negative / non-vacuity controls (mixedNotBoth / mixedNotBundle),
  all machine-checked; resolver equations proved via resolveHead /
  resolveSkip lemmas (String decEq does not reduce definitionally).

No believe_me / postulate / assert_total / sorry. %default total.
Registered last in k9iser-abi.ipkg. Clean build, zero warnings;
a deliberately-false ValidatesAll over the out-of-range config is
rejected by the type checker (non-vacuity confirmed).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
Prove resultToInt is a sound wire encoding: a faithful decoder
intToResult with resultRoundTrip (lossless), injectivity derived
from the round-trip, positive decode controls, and a machine-checked
non-vacuity control (distinct codes have distinct ints).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01A6PSzJWpRxtzGDjUCEh7Mx
@hyperpolymath hyperpolymath marked this pull request as ready for review June 28, 2026 06:44
Signed-off-by: Jonathan D.A. Jewell <6759885+hyperpolymath@users.noreply.github.com>
@hyperpolymath hyperpolymath merged commit b9d4b0e into main Jun 28, 2026
5 checks passed
@hyperpolymath hyperpolymath deleted the claude/new-session-znxgm7 branch June 28, 2026 06:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants