[Lean Squad] feat(fv): Tasks 5+10 — IsInRange (13 theorems, 0 sorry) + REPORT.md updated to 383 theorems (run 76)#73
Open
github-actions[bot] wants to merge 3 commits intomainfrom
Conversation
Task 5 (Proof Assistance): Add multi-step convergence theorems to SlewRate.lean. - slewIterate: N-step iterate of slewUpdate - slewIterate_steady: steady state is preserved under iteration - slewIterate_converges_up: starting ≤ target, N steps suffice when target - current ≤ max_step * N (proved 0-sorry) - slewIterate_converges_down: starting ≥ target, N steps suffice when current - target ≤ max_step * N (proved 0-sorry) - 4 native_decide spot-checks (0→10 in 4 steps, 10→0 in 2 steps, etc.) Key fix: replaced ring (Mathlib-only) with omega and simp [Int.mul_add] for the calc steps in the induction cases. Task 2 (Informal Spec Extraction): Write informal spec for crc32_signature. - specs/crc32_informal.md: purpose, preconditions, postconditions, edge cases, concrete examples (check value 0xCBF43926 for "123456789"), and formal properties suitable for Lean (fold/append, empty identity, determinism) - Identifies crc32_fold as highest-value target (justifies UAVCAN bootloader two-call chaining pattern) lake build: passed (31 jobs, Lean 4.29.0, 0 sorry) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…h targets (run 75) Task 5 (Proof Assistance): Add formal-verification/lean/FVSquad/Crc32Sig.lean - Models and proves properties of crc32_signature (CRC-32/ISO-HDLC, poly 0xEDB88320) - Used in UAVCAN bootloader for firmware-image integrity - 11 theorems: nil/singleton/cons/append/append3/init_zero/append_nil/two/split + 6 native_decide examples - Key result: crc32sig_append — fold/split streaming property (List.foldl_append) - Lean implementation model: crc32AddBit (1 bit step) + crc32Add (8-bit byte step) + crc32sig (fold) - Correspondence level: exact (UInt8/UInt32 modular arithmetic matches C uint8_t/uint32_t) - lake build: passed, Lean 4.29.0, 32 jobs, 0 sorry Task 1 (Research): Add 3 new research targets to TARGETS.md - Target 36: crc64_add_word (CRC-64-WE, src/lib/crc/crc.c) — fold/split with UInt64 - Target 37: math::isInRange (Limits.hpp:91) — pure boolean range predicate - Target 38: math::constrainFloatToInt16 (Limits.hpp:85) — float→int16 clamp safety Also: - CORRESPONDENCE.md updated: Crc32Sig section added (exact level), summary table row added - TARGETS.md: crc32_signature advanced to phase 5 ✅; crc16_signature updated to phase 5 ✅ > 🔄 Partial verification: `lake build` passed with Lean 4.29.0. 0 `sorry` remain. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…pdated to 383 theorems (run 76) Task 5: formal verification of math::isInRange - Source: src/lib/mathlib/math/Limits.hpp:91 - Adds FVSquad/IsInRange.lean — 13 theorems, 0 sorry - Adds specs/isInRange_informal.md - Properties proved: * isInRange_eq_true_iff: fundamental iff characterisation * isInRange_eq_false_iff: complement characterisation * isInRange_of_le_of_le: direct introduction rule * isInRange_min/max_in_range: bounds always in range * isInRange_self: every value in its own singleton interval * isInRange_singleton_iff: singleton ↔ equality * isInRange_empty: empty interval returns false for all val * isInRange_mono_bounds: widening interval preserves membership * isInRange_shift: shift invariance * isInRange_nonneg_iff, isInRange_symmetric_iff: specialisations * isInRange_eq_decide: decidable Bool characterisation Task 10: REPORT.md updated - 383 theorems, 110 evals, 0 sorry, 31 files (audited from source) - Status upgraded from 🔄 to ✅ (first 0-sorry milestone achieved in run 73) - File Inventory table corrected with actual per-file counts - Layer 7 expanded: Crc32Sig added (UAVCAN bootloader CRC-32/ISO-HDLC) - WrapAngle row updated: 0 sorry via axioms - Run history extended: runs 72–76 entries added Verification status: ✅ Proofs verified: lake build passed with Lean 4.29.0. 0 sorry remain. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🔬 Lean Squad automated formal verification — run 76
Task 5:
math::isInRangeFormal VerificationAdds
formal-verification/lean/FVSquad/IsInRange.lean— formal proofs ofmath::isInRangefromsrc/lib/mathlib/math/Limits.hpp(line 91), the genericclosed-interval predicate used throughout PX4 for range-checking sensor readings,
control outputs, and safety limits.
C++ Source
33 build jobs completed successfully.
TARGETS.md
Added target #39
math::isInRangeat Phase 5 (Proved).