This requires a few pieces:
* Make node tags use `Fin n` intead of natural numbers. This makes
it possible to build a finite lattice over AST nodes, and also
ensure automatic, total indexing from CFG nodes into the AST that
created them. For this, use the elaborator to derive the ordering
statements etc. where possible.
* Adjust the forward framework to enable proofs that don't just state
correctness on the environment, but also on an arbitrary additional
state accumulated from traversing the trace.
* State the reaching definition analysis's correctness in terms
of this new framework.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This makes a finite-height proof for any `Fin n -> a` lattice
immediate, and precludes the need for IterProd and Prod altogether.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Introduce a finite-height lattice instance for Bool, then build the
reaching-definitions analysis on top of the forward framework:
* Spa/Lattice/Bool.lean: FiniteHeightLattice Bool (the two-element
lattice false ≤ true), making FiniteMap A Bool ks a finite-height
"power set" lattice for free.
* Spa/Analysis/Reaching.lean: DefSet prog = FiniteMap prog.State Bool
prog.states as the per-variable lattice of definition sites, with a
StmtEvaluator whose transfer function performs a strong update
(assignment to k at node s sets k's def-set to {s}).
The analysis computes a least fixed point and produces correct
reaching-definitions sets. Soundness (relating def-sets to actual
execution provenance) is deferred; not yet exposed in Spa.lean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Introduce [spa_e| ... ] for Expr and [spa| ... ] for Stmt, scoped to the
Spa namespace via a dedicated syntax category and macro_rules. This removes
the deeply nested .andThen / .basic (.assign ...) boilerplate when writing
programs; Main.lean's test programs are rewritten to use it.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Spa.Showable: port of Showable.agda (quoted strings, map format) for
output parity
- Spa.Analysis.Utils: eval_combine₂
- Spa.Lattice.AboveBelow.le_cases: order of the flat lattice by cases
- Spa.Analysis.Sign / Spa.Analysis.Constant: the four monotonicity
POSTULATES from the Agda files are now proved theorems (via le_cases);
interpretations, evaluator validity, analyze_correct per analysis
- Main + lake exe spa: runs both analyses on the Agda test program;
constant analysis folds unknown=0, sign analysis gives unknown=⊤
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Spa.Analysis.Forward.Lattices: VariableValues/StateVariables (FiniteMap
instantiations), fixed heights, variablesAt, joinForKey/joinAll, interpV
and its sup/foldr lemmas
- Spa.Analysis.Forward.Evaluation: StmtEvaluator/ExprEvaluator + validity
(the Agda Valid* instance records become plain Props)
- Spa.Analysis.Forward.Adapters: expr-to-stmt evaluator adapter + validity
- Spa.Analysis.Forward: updateAll, analyze, result (least fixpoint via the
gas-based Fixedpoint), walkTrace, analyze_correct — the framework's main
soundness theorem
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Spa.Lattice.IterProd: k-fold product, recursive Lattice instance,
fixed height k*hA + hB, bot = build of bottoms
- Spa.Lattice.FiniteMap: spine-pinned assoc lists ({l // l.map fst = ks});
with = the 1100-line Map.agda collapses into positional 'combine'.
Same lemma inventory (membership, locate, updating, GeneralizedUpdate,
valuesAt, Provenance-union, le_of_mem_mem) — Nodup is now an explicit
hypothesis where the Agda Map carried it intrinsically. Fixed height
|ks|*hB still via transport along the IterProd isomorphism, which no
longer needs Unique ks (representation is canonical).
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- lean/ lake project pinned to Lean v4.17.0 + mathlib v4.17.0
- Spa.Lattice: fold monotonicity, FixedHeight/BoundedChains (LTSeries-based),
FiniteHeightLattice, chain-bottom-is-least; the rest of Lattice.agda,
Chain.agda and Equivalence.agda lift into mathlib (see LEAN_MIGRATION.md)
- Spa.Fixedpoint: gas-based least-fixpoint computation (doStep/fix/aFix)
- Spa.Isomorphism: FixedHeight transport along monotone inverse pairs
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
