Skip to content

[Conway] Discharge PoV map/coin assumptions via reusable Ledger.Prelude lemmas#1224

Merged
williamdemeo merged 3 commits into
masterfrom
claude/conway-pov-cleanup
Jun 25, 2026
Merged

[Conway] Discharge PoV map/coin assumptions via reusable Ledger.Prelude lemmas#1224
williamdemeo merged 3 commits into
masterfrom
claude/conway-pov-cleanup

Conversation

@williamdemeo

Copy link
Copy Markdown
Member

Description

Splits the Conway-era PoV proof cleanup out of the LEDGER-pov work (#1203), where it didn't belong. This change is independent of the Dijkstra preservation-of-value proof: it proves a handful of reusable coin/map facts in Ledger.Prelude and uses them to discharge assumption parameters that the Conway PoV proofs previously carried.

What changes

Ledger.Prelude — add reusable coin/map lemmas (pure additions):
getCoin-singleton, getCoin-cong, indexedSumᵛ'-∪, res-decomp, ∪ˡsingleton∈dom, ∪ˡsingleton∉dom, ∪ˡsingleton0≡, sumConstZero, indexedSumL-proj₂-zero, setToList-∈, and a relocation of the existing ≡ᵉ-getCoin into the ⦃ DecEq A ⦄ module (so callers no longer pass A/the instance explicitly).

Conway PoV proofs — drop the now-provable assumptions, using the Prelude lemmas instead:

File Change
Certs/Properties/PoV drop indexedSumᵛ'-∪, sumConstZero, res-decomp, getCoin-cong parameters; keep only ≡ᵉ-getCoinˢ'
Certs/Properties/PoVLemmas remove the local ∪ˡsingleton* / getCoin-singleton helpers and the indexedSumᵛ'-∪ assumption module; qualify IsEquivalence as Eq.IsEquivalence
Ledger/Properties/PoV drop the same four parameters; keep only ≡ᵉ-getCoinˢ
Conformance/Properties drop the indexedSum-∪⁺-hom parameter
Utxo/Properties/GenMinSpend use the hoisted getCoin-singleton

Notes

Verification

All changed/affected modules typecheck under Agda 2.8.0 via the project Nix flake:
Ledger.Prelude, Conway/…/Certs/Properties/{PoVLemmas,PoV}, Conway/…/Ledger/Properties/PoV, Conway/…/Utxo/Properties/GenMinSpend, and Conway/Conformance/Properties — all green.

Checklist

  • Commit sequence broadly makes sense and commits have useful messages
  • Any semantic changes to the specifications are documented in CHANGELOG.md (n/a — proof refactor only)
  • Code is formatted according to CONTRIBUTING.md
  • Self-reviewed the diff

🤖 Generated with Claude Code

https://claude.ai/code/session_01We2YdXX2ozJAdAbCrRwi6r


Generated by Claude Code

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR refactors the Conway preservation-of-value (PoV) proof stack by hoisting previously-assumed coin/map lemmas into Ledger.Prelude, then removing those assumptions from downstream PoV modules so the proofs rely on reusable Prelude facts instead.

Changes:

  • Add reusable finite-map / coin-sum lemmas to Ledger.Prelude (e.g., singleton coin sum, union homomorphism, constMap-zero sum, restriction decomposition).
  • Simplify Conway PoV proof modules (Certs / Ledger) by dropping now-provable lemma parameters and using the Prelude versions.
  • Update a conformance property module signature to remove an unneeded indexed-sum union homomorphism parameter.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
src/Ledger/Prelude.lagda.md Adds reusable coin/map lemmas (singleton, union, restriction decomposition, constMap zero-sum, setToList membership).
src/Ledger/Conway/Specification/Utxo/Properties/GenMinSpend.lagda.md Switches to the hoisted getCoin-singleton lemma (removes local helper).
src/Ledger/Conway/Specification/Ledger/Properties/PoV.lagda.md Drops several previously-parameterized assumptions; keeps only the remaining injectivity-based assumption.
src/Ledger/Conway/Specification/Certs/Properties/PoVLemmas.lagda.md Removes local singleton/union helpers and assumption module; qualifies IsEquivalence usage.
src/Ledger/Conway/Specification/Certs/Properties/PoV.lagda.md Drops now-provable assumptions from Certs-PoV module parameters.
src/Ledger/Conway/Conformance/Properties.lagda.md Removes an unused indexedSum-∪⁺-hom module parameter.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/Ledger/Prelude.lagda.md Outdated
Comment thread src/Ledger/Conway/Specification/Ledger/Properties/PoV.lagda.md Outdated
Comment thread src/Ledger/Conway/Specification/Certs/Properties/PoV.lagda.md Outdated
Comment thread src/Ledger/Conway/Specification/Certs/Properties/PoVLemmas.lagda.md Outdated
@williamdemeo williamdemeo self-assigned this Jun 23, 2026
@williamdemeo williamdemeo requested a review from carlostome June 23, 2026 06:14
@williamdemeo williamdemeo force-pushed the claude/conway-pov-cleanup branch from 0f848b5 to eae6658 Compare June 25, 2026 04:14

@carlostome carlostome left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

claude and others added 3 commits June 25, 2026 15:32
Split out of the LEDGER-pov work (#1203): this Conway-era properties cleanup is
independent of the Dijkstra PoV proof and belongs in its own PR.

- Add reusable coin/map lemmas to `Ledger.Prelude`: `getCoin-singleton`,
  `getCoin-cong`, `indexedSumᵛ'-∪`, `res-decomp`, `∪ˡsingleton∈dom`,
  `∪ˡsingleton∉dom`, `∪ˡsingleton0≡`, `sumConstZero`, `indexedSumL-proj₂-zero`,
  `setToList-∈`; relocate `≡ᵉ-getCoin` into the `⦃ DecEq A ⦄` module.
- Drop the now-provable assumption parameters from the Conway PoV proofs, using the
  Prelude lemmas instead:
  - `Certs/Properties/PoV`: keep only `≡ᵉ-getCoinˢ'`.
  - `Certs/Properties/PoVLemmas`: remove the local `∪ˡsingleton*`/`getCoin-singleton`
    helpers and the `indexedSumᵛ'-∪` assumption module; qualify `IsEquivalence` as `Eq`.
  - `Ledger/Properties/PoV`: keep only `≡ᵉ-getCoinˢ`.
  - `Conformance/Properties`: drop the `indexedSum-∪⁺-hom` parameter.
  - `Utxo/Properties/GenMinSpend`: use the hoisted `getCoin-singleton`.

No spec-semantic change (proof refactor only), so no CHANGELOG entry.

`Ledger.Prelude` typechecks under Agda 2.8.0 via the project flake; the Conway files
are their 1187 versions (which typecheck) and depend only on the hoisted lemmas.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01We2YdXX2ozJAdAbCrRwi6r
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@williamdemeo williamdemeo force-pushed the claude/conway-pov-cleanup branch from eae6658 to a6e229d Compare June 25, 2026 21:32
@williamdemeo williamdemeo merged commit 687b967 into master Jun 25, 2026
10 checks passed
@williamdemeo williamdemeo deleted the claude/conway-pov-cleanup branch June 25, 2026 22:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants