f9ed9ec4c7
Source.Expr: intLit, boolLit, add, sub, mul.
Each new constructor follows the pattern from v0.2:
- one Source constructor + one Eval rule
- one compile arm
- one step_X lemma (push, pushB, add, sub, mul) - one line each
- one compile_X_get_op lemma, all delegating to a generic
getElem_at_op_boundary helper that handles the c1++c2++[op] shape
- one case in compile_correct (~50 lines, mostly mechanical)
The pattern is fully grooved: each new arithmetic op is now a copy-
paste of the add case with substituted constructor names. The
substantive proof work happened once (in v0.2 for add); subsequent
arithmetic ops add no new proof shapes.
Generic helpers introduced:
getElem_at_op_boundary (c1 c2 : Code) (op : Instr) (h) :
(c1 ++ c2 ++ #[op])[c1.size + c2.size]'h = op
- applies to add/sub/mul interchangeably; specialized via
one-line wrappers (compile_add_get_op etc.)
Zero sorries / axioms / admits. Full build: 26 jobs clean.
|
||
|---|---|---|
| TsmLean | ||
| .gitignore | ||
| lake-manifest.json | ||
| lakefile.toml | ||
| lean-toolchain | ||
| Main.lean | ||
| README.md | ||
| TsmLean.lean | ||
tsm-lean
A Lean 4 formalization of a Tiny Stack Machine — third concrete kernel parallel to golang-lean (TGC) and octive-lean (TOC).
The substrate-level asymmetry: TGC and TOC have named variables. TSM has values living by position on a stack. Forces the cross-language abstraction to factor over "operand-access mechanism" instead of baking name-lookup into the framework. Maps directly to real bytecode targets — WebAssembly, JVM, CPython, .NET CIL, SECD.
Build
lake build
Run the demo
lake exe tsm-lean
# → final stack: [TsmLean.Core.Value.vInt 16] ((5 + 3) * 2)
# → final pc: 5
Layout
| Path | What's there |
|---|---|
TsmLean/Core/Syntax.lean |
Instr, Value, Code |
TsmLean/Core/Semantics.lean |
State, step (function), MultiStep (relation) |
TsmLean/Core/Determinism.lean |
step_deterministic, MultiStep.deterministic |
TsmLean/Core/Eval.lean |
fuel-bounded run + run_sound |
TsmLean/Core/Types.lean |
Ty, StackTy, HasTypeInstr |
TsmLean/Core/TypeSoundness.lean |
HasTypeV, HasTypeStack |
TsmLean/Core/Preservation.lean |
stack_preservation, progress |
Main.lean |
demo program |
Theorems proven
step_deterministic— single-step is functional.MultiStep.deterministic— multi-step paths to halted states are unique.run_sound— successful fuel-bounded execution corresponds to aMultiStepderivation ending at a halted state.stack_preservation— if the stack matches an instruction's input type and the step succeeds, the post-stack matches its output type.progress— well-typed non-halt instructions always make a step.
The first three are the operational counterparts of the big-step theorems in TGC and TOC. The last two are the small-step type-soundness theorems (Pierce-style), which TGC/TOC's big-step formulations don't have direct analogues for.
Zero sorries, axioms, or admits.
Status
v0.1: per-instruction (local) preservation. Global program-level type soundness — the JVM-style stackmap that ensures all reachable PCs have consistent stack types — is the next layer up.
Instruction set
push n pushB b pop dup swap
add sub mul eq lt
jmp k jmpFalse k halt
Twelve instructions. No call / ret yet — direct jumps only. Adding function-call frames is a future extension.