|
| 1 | +// SPDX-License-Identifier: PMPL-1.0-or-later |
| 2 | +// Copyright (c) 2026 Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk> |
| 3 | += KitchenSpeak Proofs |
| 4 | +:toc: |
| 5 | +:icons: font |
| 6 | + |
| 7 | +Proof-assistant lowerings of the worked examples in |
| 8 | +`kitchenspeak/examples/`. |
| 9 | + |
| 10 | +The target proof assistant is Agda (per |
| 11 | +`kitchenspeak/decisions/0001-proof-assistant.adoc`). The directory |
| 12 | +layout leaves room for a future Lean 4 port. |
| 13 | + |
| 14 | +== Layout |
| 15 | + |
| 16 | +[cols="1,3"] |
| 17 | +|=== |
| 18 | +| Path | Contents |
| 19 | + |
| 20 | +| `agda/` |
| 21 | +| Agda 2.6.x + stdlib 2.0+ proofs. Current target. |
| 22 | + |
| 23 | +| `lean/` _(future)_ |
| 24 | +| Lean 4 ports, after the Agda proofs stabilise. Not present at v1.0. |
| 25 | +|=== |
| 26 | + |
| 27 | +== Current proofs |
| 28 | + |
| 29 | +[cols="1,1,2"] |
| 30 | +|=== |
| 31 | +| File | Corresponding example | What's proved |
| 32 | + |
| 33 | +| `agda/Dough.agda` |
| 34 | +| `examples/` (dough is specified in `SPEC.adoc`; no `.ks` yet) |
| 35 | +| Termination, safety (on_fail totality), echo-witness extraction for |
| 36 | + the dough-kneading program. |
| 37 | +|=== |
| 38 | + |
| 39 | +== Running the proofs |
| 40 | + |
| 41 | +At v1.0, Agda is not yet part of the repository's environment flake. |
| 42 | +To check these files locally: |
| 43 | + |
| 44 | +[source,bash] |
| 45 | +---- |
| 46 | +# Install Agda 2.6.4+ with stdlib 2.0+ via your package manager or Nix. |
| 47 | +# Point AGDA_DIR at the stdlib include. |
| 48 | +
|
| 49 | +agda --library-file=libraries kitchenspeak/proofs/agda/Dough.agda |
| 50 | +---- |
| 51 | + |
| 52 | +A future ADR may add Agda to the repository's `flake.nix` once the |
| 53 | +class-project scope settles. Until then, installation is |
| 54 | +student-local per ADR 0001's "Open questions" §2. |
| 55 | + |
| 56 | +[NOTE] |
| 57 | +==== |
| 58 | +The proofs in this directory have not been run in the session that |
| 59 | +authored them — Agda is not installed in the authoring environment. |
| 60 | +They are written against Agda 2.6.x + stdlib 2.0+ conventions and |
| 61 | +verified by careful reading. When Agda becomes available to the |
| 62 | +class, running the type-checker should be the first exercise. |
| 63 | +==== |
| 64 | + |
| 65 | +== Why each proof files earns its keep |
| 66 | + |
| 67 | +=== `Dough.agda` |
| 68 | + |
| 69 | +Exercises the Linear + Dyadic + Choreographic + Echo quadrant. Shows |
| 70 | +how the three production-mandatory constructs (`max_duration`, |
| 71 | +`on_fail`, `proving @w`) lower to, respectively: |
| 72 | + |
| 73 | +* structural recursion on a fuel parameter (termination), |
| 74 | +* exhaustive pattern match (safety / `on_fail ABORT`), |
| 75 | +* an existential `Σ`-type bundling the classifier's time-stamped |
| 76 | + event (echo witness). |
| 77 | + |
| 78 | +Linearity is enforced by inspection of signatures, with a note |
| 79 | +explaining the discipline; a QTT-Agda port would elevate this to a |
| 80 | +compile-time check without changing the proof shape. |
0 commit comments