feat(formal): grow P-2 to the STLC with functions + the substitution lemma#629
Merged
Conversation
…Stlc.v) Wave-1 increment for P-2: adds what the first-order P2_Progress.v lacked — **functions, binders, and the substitution lemma**. Full progress + preservation for the simply-typed lambda calculus (base type TUnit + ->), call-by-value, named (nat) variables. Funext-free, so axiom-free (Print Assumptions: "Closed under the global context"; no Admitted): contexts are compared only on a term's FREE variables (free_in_context + context_invariance), never by function equality, so the development uses no functional_extensionality. Contents: free_in_context, context_invariance, subst_preserves_typing (the substitution lemma), canonical forms, progress (induction on typing), preservation (induction on the step relation). Discharges the Siblings_Stated P2 statements at the closed-term (empty-context) instantiation, as P2_Progress. Scope: simply-typed only — the QTT/affine quantities (substructural context-splitting discipline) are the remaining increment. Track now 10 files, 16 closure reports, no axioms. justfile/_CoqProject build P2_Stlc; .hypatia-ignore extends the Coq-not-V-lang carve-out; README + PROOF-NEEDS P-2 row updated (P2_Progress = first-order, P2_Stlc = STLC grown). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01KPG9mEQXFyA3k7NWAzMNMr
🔍 Hypatia Security ScanFindings: 41 issues detected
View findings[
{
"reason": "Action denoland/setup-deno@v2 needs attention",
"type": "unpinned_action",
"file": "publish-jsr.yml",
"action": "pin_sha",
"rule_module": "workflow_audit",
"severity": "medium"
},
{
"reason": "Issue in instant-sync.yml",
"type": "secret_action_without_presence_gate",
"file": "instant-sync.yml",
"action": "peter-evans/repository-dispatch",
"rule_module": "workflow_audit",
"severity": "high"
},
{
"reason": "Shell execution -- validate input before passing to shell (1 occurrences, CWE-78)",
"type": "js_exec_sync",
"file": "/home/runner/work/affinescript/affinescript/packages/affinescript-cli/mod.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "Shell execution -- validate input before passing to shell (2 occurrences, CWE-78)",
"type": "js_exec_sync",
"file": "/home/runner/work/affinescript/affinescript/packages/affine-vscode/mod.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "Shell execution -- validate input before passing to shell (1 occurrences, CWE-78)",
"type": "js_exec_sync",
"file": "/home/runner/work/affinescript/affinescript/affinescript-vite/src/affine-plugin-improved.js",
"action": "flag",
"rule_module": "code_safety",
"severity": "high"
},
{
"reason": "expect() in hot path (32 occurrences, CWE-754)",
"type": "expect_in_hot_path",
"file": "/home/runner/work/affinescript/affinescript/affinescriptiser/src/codegen/wasm_gen.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "expect() in hot path (29 occurrences, CWE-754)",
"type": "expect_in_hot_path",
"file": "/home/runner/work/affinescript/affinescript/affinescriptiser/src/codegen/affine_gen.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "unsafe block -- requires SAFETY comment (2 occurrences, CWE-676)",
"type": "unsafe_block",
"file": "/home/runner/work/affinescript/affinescript/runtime/src/panic.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "unsafe block -- requires SAFETY comment (1 occurrences, CWE-676)",
"type": "unsafe_block",
"file": "/home/runner/work/affinescript/affinescript/runtime/src/alloc.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
},
{
"reason": "unsafe block -- requires SAFETY comment (3 occurrences, CWE-676)",
"type": "unsafe_block",
"file": "/home/runner/work/affinescript/affinescript/runtime/src/ffi.rs",
"action": "flag",
"rule_module": "code_safety",
"severity": "medium"
}
]Powered by Hypatia Neurosymbolic CI/CD Intelligence |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
P-2, Wave 1: the STLC with functions. Adds what the first-order
P2_Progress.vlacked — functions, binders, and the substitution lemma. Full progress + preservation for the simply-typed lambda calculus (base typeTUnit+→), call-by-value, named (nat) variables.Axiom-free and funext-free
The substitution lemma's abstraction case normally wants context equality (
update_shadow/update_permute), which needsfunctional_extensionality— an axiom. This development avoids it entirely: contexts are compared only on a term's free variables (free_in_context+context_invariance), so it uses nofunctional_extensionalityandPrint Assumptionsstays "Closed under the global context". NoAdmitted.Contents
free_in_context·context_invariance·subst_preserves_typing(the substitution lemma) · canonical forms ·progress(induction on typing) ·preservation(induction on the step relation). Discharges theSiblings_StatedP2 statements at the closed-term (empty-context) instantiation, asP2_Progress.vdoes.Scope (honest)
Simply-typed only — the QTT/affine quantities (the substructural context-splitting discipline, the heart of "AffineScript is affine") are the remaining increment on top of this.
Track status
10 files, 16 closure reports, zero axioms.
P2_Progress.vstays as the first-order seed;P2_Stlc.vis the grown STLC (the K1/K1Let, P3Sound/P3Graph pattern).justfile/_CoqProjectbuild it;.hypatia-ignoreextends the Coq-.v-isn't-V-lang carve-out; README +PROOF-NEEDS.adocP-2 row updated.🤖 Generated with Claude Code
https://claude.ai/code/session_01KPG9mEQXFyA3k7NWAzMNMr
Generated by Claude Code