proof(coq): #133 rescue rebase + discharge eval_deterministic#24
Merged
Conversation
hyperpolymath
added a commit
that referenced
this pull request
May 20, 2026
…ate (#133) Updates the human + machine documentation to reflect the 2026-05-20 discharge of `eval_deterministic` (PR #24, this branch): - PROOF-STATUS-2026-05-18.md - axiom row: ~121 → ~120; `eval_deterministic` removed from the "example post-T0 audit" list with an explicit discharge note. - Tier-0 status: post-T0 marked "in progress" (1/~120 discharged). - "RESUME HERE" preamble: status block summarising the rebase + the proof shape + Print Assumptions report. - "Next frontier": ~121 → ~120, eval_deterministic noted as 1 discharged. - .machine_readable/6a2/STATE.a2ml - last-updated: 2026-02-05 → 2026-05-20. - components.coq-proofs: replaced the stale "81 Qed, 19 Admitted, 6 Defined, 63 Axioms" line (pre-rescue snapshot) with current state — 11/11 files compile, 0 Admitted, ~120 axioms with 1 discharged. - components.lean4-proofs: "syntax-complete, needs verification" replaced with "lake build 1631/1632 green, verified 2026-05-20". - components.agda-proofs: 40 → 60 (CNO.agda type-checks clean per PROOF-STATUS-2026-05-18 verification). - blockers.high: dropped "19 Admitted proofs" (rescue resolved them) and "No local coqc" (resolved); kept "Python interpreters violate RSR". - blockers.medium: added the ~120 axiom audit as a tracked item. - critical-next-actions: rotated to "PR #24 review + merge" then "Begin classification sweep of remaining ~120 axioms". - session-history: prepended 2026-05-20 (this work) and 2026-05-18 (rescue work) entries. - maintenance-status: refreshed to 2026-05-20, last-result = pass. - .machine_readable/META.scm + .machine_readable/6a2/META.a2ml - last-updated bumped to 2026-05-20 (A2ML side). - Architecture decisions: added ADR-006 (state_eq PC-exclusion, the semantic decision underpinning the rescue) and ADR-007 (this PR's discharge of eval_deterministic via step_deterministic_strong). No content changes outside docs; this is documentation-only and stacks on the proof commit `6f93e98` already in this PR. Refs hyperpolymath/standards#124 Refs hyperpolymath/standards#133 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
… ledger
The "100% complete / 0 Admitted" claim was inaccurate: proofs/coq/common/
CNO.v did not compile at all. This repairs the Tier-0 keystone.
CNO.v (now compiles clean under Coq 8.20):
- eval_app (both dirs): brittle inversion-autoname -> shape/derivation
- state_eq_refl: removed dead `unfold mem_eq` ("No such goal")
- cno_composition/empty_is_cno/nop_is_cno: robust nested split, fresh names
- SOUNDNESS FIX: state_eq drops the program-counter conjunct (every
instruction advances PC, so the old def made every non-empty CNO false;
nop_is_cno was unprovable). state_eq = memory + registers + I/O.
- cno_equiv_sym: inline component flip (no Symmetric instance)
- cno_eval_on_equal_states: real logic bug (wrong existential witness)
- state_eq/_trans/_sym: 4 -> 3 conjunct refactor
Complex.v (new): self-contained complex numbers (C = R*R). Replaces the
non-existent Coq.Complex.Complex; Coquelicot rejected (mathcomp2 + HB +
coq-elpi weight for shallow usage). Quantum files rewired to CNO.Complex;
build convention standardized to CNO.CNO / CNO.Complex.
PROOF-STATUS-2026-05-18.md: honest per-file proof-debt ledger correcting
the prior inaccurate completion docs.
Verified: Agda proofs/agda/CNO.agda clean; common/CNO.v and
common/Complex.v compile clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Not yet compiling — banking progress (long thread, timeout-prone): - QME: omega->lia (x3); qubit_dim lia-pow guarded (unfold+simpl); hadamard entries forced %R (C_scope captured real `/`); (k>=..)%nat - QuantumCNO: declared `Parameter Cexp`; removed 4 axioms now PROVED in CNO.Complex (Cmult_1_l/assoc, Cconj_RtoC/mult); moved global_phase axiom after its gate def; `exists (-θ)%R` Remaining: QME:167 (apply_matrix_2), QuantumCNO:194 (Cexp_add rewrite shape) — see PROOF-STATUS-2026-05-18.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Self-contained post-compaction hand-off: env/build loop, recurring bit-rot fix patterns, per-file error frontier. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Swarm WIP for standards#133 (Lean CNO cons-case + Coq tier-0 rebuild) was uncommitted in the shared clone with no branch. Only the 12 modified proof source files are committed (build artifacts excluded); NOT proof-checked yet — Phase-1 agent continues with coqc/lake as oracle. Adds .lake gitignore guard. Refs hyperpolymath/standards#124, #133
…ng (#133)
CNO.v previously declared `eval_deterministic` as an Axiom with an
in-file note that it "could be proven by induction on the evaluation
relation". This commit does that proof — the determinism is genuine, not
assumed.
Adds:
- Lemma `step_deterministic_strong : forall s i s1 s2,
step s i s1 -> step s i s2 -> s1 = s2`
(syntactic equality, not =st= — the `step` constructors produce
`mkState …` whose components are functions of the start state and
instruction; the auxiliary witnesses in `step_load`/`step_store`/
`step_add` are pinned by their hypotheses, e.g. `state_memory s
addr = val`, so two derivations yield the same `val`.)
- Theorem `eval_deterministic` (replacing the prior Axiom) — induction
on the eval derivation, with step_deterministic_strong forcing the
intermediate state to coincide so the IH closes the tail.
Verification:
- `coqc -R common CNO common/CNO.v` → exit 0 (Coq 8.18.0).
- `Print Assumptions eval_deterministic.` → "Closed under the global
context" (no axioms, no admits).
- `Print Assumptions cno_equiv_refl.` → likewise closed (the sole
in-tree caller of `eval_deterministic`, unchanged in name and type).
- All 11 Coq proof files under proofs/coq/{common,quantum,lambda,
physics,malbolge,category,filesystem} recompile clean.
- Full `lake build` over proofs/lean4 → 1631/1632 targets green
(Lean side untouched by this change; build re-verified for absence
of regression).
This addresses the residual `eval_deterministic` arm under
hyperpolymath/standards#133 (the rescue branch's `PROOF-STATUS-2026-05-18.md`
named it explicitly as a "post-T0 axiom audit" target). The ~120 other
Coq `Axiom`/`Parameter` declarations remain — they are separate audit
work (legitimate model assumption vs. avoidable proof shortcut).
Refs hyperpolymath/standards#124
Refs hyperpolymath/standards#133
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…ate (#133) Updates the human + machine documentation to reflect the 2026-05-20 discharge of `eval_deterministic` (PR #24, this branch): - PROOF-STATUS-2026-05-18.md - axiom row: ~121 → ~120; `eval_deterministic` removed from the "example post-T0 audit" list with an explicit discharge note. - Tier-0 status: post-T0 marked "in progress" (1/~120 discharged). - "RESUME HERE" preamble: status block summarising the rebase + the proof shape + Print Assumptions report. - "Next frontier": ~121 → ~120, eval_deterministic noted as 1 discharged. - .machine_readable/6a2/STATE.a2ml - last-updated: 2026-02-05 → 2026-05-20. - components.coq-proofs: replaced the stale "81 Qed, 19 Admitted, 6 Defined, 63 Axioms" line (pre-rescue snapshot) with current state — 11/11 files compile, 0 Admitted, ~120 axioms with 1 discharged. - components.lean4-proofs: "syntax-complete, needs verification" replaced with "lake build 1631/1632 green, verified 2026-05-20". - components.agda-proofs: 40 → 60 (CNO.agda type-checks clean per PROOF-STATUS-2026-05-18 verification). - blockers.high: dropped "19 Admitted proofs" (rescue resolved them) and "No local coqc" (resolved); kept "Python interpreters violate RSR". - blockers.medium: added the ~120 axiom audit as a tracked item. - critical-next-actions: rotated to "PR #24 review + merge" then "Begin classification sweep of remaining ~120 axioms". - session-history: prepended 2026-05-20 (this work) and 2026-05-18 (rescue work) entries. - maintenance-status: refreshed to 2026-05-20, last-result = pass. - .machine_readable/META.scm + .machine_readable/6a2/META.a2ml - last-updated bumped to 2026-05-20 (A2ML side). - Architecture decisions: added ADR-006 (state_eq PC-exclusion, the semantic decision underpinning the rescue) and ADR-007 (this PR's discharge of eval_deterministic via step_deterministic_strong). No content changes outside docs; this is documentation-only and stacks on the proof commit `6f93e98` already in this PR. Refs hyperpolymath/standards#124 Refs hyperpolymath/standards#133 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
force-pushed
the
rebase/133-rescue-onto-main
branch
from
0cd677d to
8ba25c4
Compare
hyperpolymath
added a commit
that referenced
this pull request
May 20, 2026
…actor (PR #26) Audit of the remaining ~120 axioms after PR #24 identified 2 genuinely unsound axioms and ~115 legitimate model-layer assumptions. **Deleted as unsound:** `eval_respects_state_eq_right` and `eval_respects_state_eq_left`. Both stated forms cannot hold under the rescue branch's PC-excluding `state_eq` (ADR-006) — eval propagates PC deterministically while `=st=` ignores it, so [eval p s s' /\ s' =st= s''] does not in general imply [eval p s s'']. The in-file TODO ("prove by induction") was unprovable. **Downstream refactor:** - `cno_eval_on_equal_states` re-proved using `cno_terminates` alone (different existential witnesses suffice — the lemma is a termination iff). - `cno_logically_reversible` re-proved after weakening the `logically_reversible` definition to observational form (uses `=st=` instead of strict `=`). No theory lost: `bennett_logical_implies_thermodynamic` body never used its hypothesis (explicit comment in source). **Verification:** all 11 Coq files compile clean; `Print Assumptions` on `cno_eval_on_equal_states` and `cno_logically_reversible` → "Closed under the global context"; `bennett_logical_implies_thermodynamic` depends only on the abstract `shannon_entropy` Parameter (model layer, not a proof escape). **Net effect:** 75 → 73 Axioms (deleted 2, no replacement). 42 Parameters unchanged. Remaining 73 + 42 are model-layer assumptions; discharging requires first defining the underlying Parameter (out of scope). **Docs:** PROOF-STATUS-2026-05-18.md ledger refreshed; ADR-008 added (META.scm + META.a2ml) recording the deletion + weakening + rationale; STATE.a2ml session-history prepended. Refs hyperpolymath/standards#124 Refs hyperpolymath/standards#133 🤖 Generated with [Claude Code](https://claude.com/claude-code)
hyperpolymath
added a commit
that referenced
this pull request
May 20, 2026
…n + downstream refactor (#31) Audit of the remaining ~120 Axiom/Parameter declarations after PR #24 identified TWO genuinely unsound axioms (the rest are legitimate model-layer assumptions about abstract Parameters — physics constants, quantum gate primitives, POSIX semantics, Y combinator non-termination, the intentionally-typed hom_functor). The unsound pair: Axiom eval_respects_state_eq_right : forall p s s' s'', eval p s s' -> s' =st= s'' -> eval p s s''. Axiom eval_respects_state_eq_left : forall p s s' s'', eval p s' s'' -> s =st= s' -> eval p s s''. These cannot hold under the rescue branch's PC-excluding [state_eq] (memory + registers + I/O — see ADR-006): two states can be [=st=] yet carry different [state_pc], while [eval] deterministically propagates PC through every step constructor. The axiomatised conclusion would force a syntactically-identical eval result, which is impossible without coincidental PC match. The TODO comment in CNO.v acknowledged "prove this axiom by induction on eval structure" — a proof attempt hits the PC mismatch and fails. This commit *deletes* both axioms outright and refactors the only two consumers: - [cno_eval_on_equal_states] (CNO.v, line ~662) — previously chose the same existential witness for both forward and backward directions, needing [eval_respects_state_eq_left]. The lemma states a termination *iff*; different witnesses suffice. Re-proved using [cno_terminates] alone (witnesses from is_CNO p, no axiom). `Print Assumptions cno_eval_on_equal_states.` → "Closed under the global context". - [cno_logically_reversible] (StatMech.v, line ~296) — previously produced [eval p s' s] from [eval p s' s''] + [s'' =st= s] via [eval_respects_state_eq_right]. Cannot hold; reflects the dual unsoundness. Resolved by weakening the *definition* of [logically_reversible] to observational reversibility: Definition logically_reversible (p : Program) : Prop := exists p_inv, forall s s', eval p s s' -> exists s'', eval p_inv s' s'' /\ s'' =st= s. This is the level at which thermodynamic reversibility actually holds: memory + registers + I/O are the bits of physical record; the PC is bookkeeping. No theory is lost — the only theorem citing the strong [logically_reversible] form is [bennett_logical_implies_thermodynamic], whose proof body never uses its hypothesis (explicit "the logically_reversible hypothesis is not used" comment in the source). `Print Assumptions cno_logically_reversible.` → "Closed under the global context". Verification (build-is-oracle): - `coqc -R common CNO common/CNO.v` exit 0 (Coq 8.18.0). - All 11 Coq files under proofs/coq/{common,quantum,lambda,physics, malbolge,category,filesystem} recompile clean. - `Print Assumptions {cno_eval_on_equal_states, cno_logically_reversible, bennett_logical_implies_thermodynamic}` — first two report "Closed under the global context"; the third reports only the abstract Parameter [shannon_entropy] (legitimate model layer, not a proof escape). Net effect on the axiom ledger: 75 → 73 Axioms (deleted 2, no replacement). 42 Parameters unchanged. Docs reconciled in the same commit: - PROOF-STATUS-2026-05-18.md: post-T0 audit table refreshed; 3 discharges shipped (eval_deterministic + the 2 unsound ones); remainder classified as legitimate model-layer assumptions. - .machine_readable/6a2/STATE.a2ml: components.coq-proofs note rebuilt; session-history prepended. - .machine_readable/6a2/META.a2ml + META.scm: ADR-008 added recording the deletion + refactor + rationale. Refs hyperpolymath/standards#124 Refs hyperpolymath/standards#133 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hyperpolymath
added a commit
that referenced
this pull request
May 20, 2026
…n + downstream refactor (#32) Audit of the remaining ~120 Axiom/Parameter declarations after PR #24 identified TWO genuinely unsound axioms (the rest are legitimate model-layer assumptions about abstract Parameters — physics constants, quantum gate primitives, POSIX semantics, Y combinator non-termination, the intentionally-typed hom_functor). The unsound pair: Axiom eval_respects_state_eq_right : forall p s s' s'', eval p s s' -> s' =st= s'' -> eval p s s''. Axiom eval_respects_state_eq_left : forall p s s' s'', eval p s' s'' -> s =st= s' -> eval p s s''. These cannot hold under the rescue branch's PC-excluding [state_eq] (memory + registers + I/O — see ADR-006): two states can be [=st=] yet carry different [state_pc], while [eval] deterministically propagates PC through every step constructor. The axiomatised conclusion would force a syntactically-identical eval result, which is impossible without coincidental PC match. The TODO comment in CNO.v acknowledged "prove this axiom by induction on eval structure" — a proof attempt hits the PC mismatch and fails. This commit *deletes* both axioms outright and refactors the only two consumers: - [cno_eval_on_equal_states] (CNO.v, line ~662) — previously chose the same existential witness for both forward and backward directions, needing [eval_respects_state_eq_left]. The lemma states a termination *iff*; different witnesses suffice. Re-proved using [cno_terminates] alone (witnesses from is_CNO p, no axiom). `Print Assumptions cno_eval_on_equal_states.` → "Closed under the global context". - [cno_logically_reversible] (StatMech.v, line ~296) — previously produced [eval p s' s] from [eval p s' s''] + [s'' =st= s] via [eval_respects_state_eq_right]. Cannot hold; reflects the dual unsoundness. Resolved by weakening the *definition* of [logically_reversible] to observational reversibility: Definition logically_reversible (p : Program) : Prop := exists p_inv, forall s s', eval p s s' -> exists s'', eval p_inv s' s'' /\ s'' =st= s. This is the level at which thermodynamic reversibility actually holds: memory + registers + I/O are the bits of physical record; the PC is bookkeeping. No theory is lost — the only theorem citing the strong [logically_reversible] form is [bennett_logical_implies_thermodynamic], whose proof body never uses its hypothesis (explicit "the logically_reversible hypothesis is not used" comment in the source). `Print Assumptions cno_logically_reversible.` → "Closed under the global context". Verification (build-is-oracle): - `coqc -R common CNO common/CNO.v` exit 0 (Coq 8.18.0). - All 11 Coq files under proofs/coq/{common,quantum,lambda,physics, malbolge,category,filesystem} recompile clean. - `Print Assumptions {cno_eval_on_equal_states, cno_logically_reversible, bennett_logical_implies_thermodynamic}` — first two report "Closed under the global context"; the third reports only the abstract Parameter [shannon_entropy] (legitimate model layer, not a proof escape). Net effect on the axiom ledger: 75 → 73 Axioms (deleted 2, no replacement). 42 Parameters unchanged. Docs reconciled in the same commit: - PROOF-STATUS-2026-05-18.md: post-T0 audit table refreshed; 3 discharges shipped (eval_deterministic + the 2 unsound ones); remainder classified as legitimate model-layer assumptions. - .machine_readable/6a2/STATE.a2ml: components.coq-proofs note rebuilt; session-history prepended. - .machine_readable/6a2/META.a2ml + META.scm: ADR-008 added recording the deletion + refactor + rationale. Refs hyperpolymath/standards#124 Refs hyperpolymath/standards#133 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 20, 2026
🔍 Hypatia Security ScanFindings: 65 issues detected
View findings[
{
"reason": "Stray AI.a2ml in root -- use 0-AI-MANIFEST.a2ml only",
"type": "banned",
"file": "AI.a2ml",
"action": "delete",
"rule_module": "root_hygiene",
"severity": "high"
},
{
"reason": "Superseded by 0-AI-MANIFEST.a2ml",
"type": "banned",
"file": "AI.djot",
"action": "delete",
"rule_module": "root_hygiene",
"severity": "high"
},
{
"reason": "No test directory or test files found",
"type": "no_tests",
"file": "/home/runner/work/absolute-zero/absolute-zero",
"action": "flag",
"rule_module": "honest_completion",
"severity": "high",
"deduction": 20
},
{
"reason": "Issue in quality.yml",
"type": "missing_workflow",
"file": "quality.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Issue in security-policy.yml",
"type": "missing_workflow",
"file": "security-policy.yml",
"action": "create",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
"type": "unpinned_action",
"file": "governance.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Action actions/checkout@v6.0.2 needs attention",
"type": "unpinned_action",
"file": "jekyll-gh-pages.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action actions/configure-pages@v6 needs attention",
"type": "unpinned_action",
"file": "jekyll-gh-pages.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action actions/jekyll-build-pages@v1 needs attention",
"type": "unpinned_action",
"file": "jekyll-gh-pages.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Action actions/upload-pages-artifact@v5 needs attention",
"type": "unpinned_action",
"file": "jekyll-gh-pages.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two-part deliverable under
hyperpolymath/standards#133(the absolute-zero arm of the estate proof-debt epicstandards#124):Rebase the long-standing
proof-debt/standards-133-coq-rescue-wipbranch onto currentorigin/main(it was 4 ahead / 7 behind; rebase was clean, no conflicts). This restores main soundness eligibility — the rescue work was originally committed 2026-05-18 in an[UNVERIFIED]state withPROOF-STATUS-2026-05-18.mdnoting "the keystone Coq fileCNO.vdid not compile at all" before the repair.Discharge
eval_deterministic— the file's standout proof-debt postulate. CNO.v previously declared it as anAxiomwith an in-file admission that it "could be proven by induction on the evaluation relation". This PR does that proof:Lemma step_deterministic_strong— syntactic equality of step results given matching inputs (step s i s1 → step s i s2 → s1 = s2). Holds becausestepconstructors emitmkState …whose components are functions of the start state + instruction, and the auxiliary witnesses instep_load/step_store/step_addare pinned by their hypotheses (e.g.state_memory s addr = val).Theorem eval_deterministic(replacing the priorAxiom, same name and type — the sole in-tree callercno_equiv_reflis unchanged) — induction on the eval derivation;step_deterministic_strongforces the intermediate state to coincide so the IH closes the tail.Verification (build-is-oracle)
coqc -R common CNO common/CNO.v→ exit 0 on Coq 8.18.0 (rescue branch was originally repaired against 8.20.1; the new proof is portable).Print Assumptions eval_deterministic.→ "Closed under the global context" (no axioms, no admits).Print Assumptions step_deterministic_strong.→ likewise closed.Print Assumptions cno_equiv_refl.→ likewise closed (downstream consumer).proofs/coq/{common,quantum,lambda,physics,malbolge,category,filesystem}recompile clean.lake buildoverproofs/lean4→ 1631/1632 targets green (Lean untouched by this change; re-verified for absence of regression).What this does NOT close
Per the rescue branch's own
PROOF-STATUS-2026-05-18.md, there are still ~120 other CoqAxiom/Parameterdeclarations across the corpus (cno_decidable,eval_respects_state_eq_left/right, the physics/quantum model assumptions, etc.). That is a separate audit task — classify legitimate model assumptions vs avoidable proof shortcuts. This PR addresses the single most-cited one and the only one the file itself flagged as "could be proven".Test plan
coqc -R common CNO common/CNO.vexit 0 (verified locally)Print Assumptions eval_deterministic.reports "Closed under the global context" (verified locally)lake buildgreen (verified locally, 1631/1632)Refs hyperpolymath/standards#124
Refs hyperpolymath/standards#133
🤖 Generated with Claude Code