formal-ledger-specifications - 2 commits this week

Home / IntersectMBO / formal-ledger-specifications

Insights Pull Requests

Apr 10, 5-6 PM (0)

Apr 10, 6-7 PM (0)

Apr 10, 7-8 PM (0)

Apr 10, 8-9 PM (0)

Apr 10, 9-10 PM (0)

Apr 10, 10-11 PM (0)

Apr 10, 11-12 AM (0)

Apr 11, 12-1 AM (0)

Apr 11, 1-2 AM (0)

Apr 11, 2-3 AM (0)

Apr 11, 3-4 AM (0)

Apr 11, 4-5 AM (0)

Apr 11, 5-6 AM (0)

Apr 11, 6-7 AM (0)

Apr 11, 7-8 AM (0)

Apr 11, 8-9 AM (0)

Apr 11, 9-10 AM (0)

Apr 11, 10-11 AM (0)

Apr 11, 11-12 PM (0)

Apr 11, 12-1 PM (0)

Apr 11, 1-2 PM (0)

Apr 11, 2-3 PM (0)

Apr 11, 3-4 PM (0)

Apr 11, 4-5 PM (0)

Apr 11, 5-6 PM (0)

Apr 11, 6-7 PM (0)

Apr 11, 7-8 PM (0)

Apr 11, 8-9 PM (0)

Apr 11, 9-10 PM (0)

Apr 11, 10-11 PM (0)

Apr 11, 11-12 AM (0)

Apr 12, 12-1 AM (0)

Apr 12, 1-2 AM (0)

Apr 12, 2-3 AM (0)

Apr 12, 3-4 AM (0)

Apr 12, 4-5 AM (0)

Apr 12, 5-6 AM (0)

Apr 12, 6-7 AM (0)

Apr 12, 7-8 AM (0)

Apr 12, 8-9 AM (0)

Apr 12, 9-10 AM (0)

Apr 12, 10-11 AM (0)

Apr 12, 11-12 PM (0)

Apr 12, 12-1 PM (0)

Apr 12, 1-2 PM (0)

Apr 12, 2-3 PM (0)

Apr 12, 3-4 PM (0)

Apr 12, 4-5 PM (0)

Apr 12, 5-6 PM (0)

Apr 12, 6-7 PM (0)

Apr 12, 7-8 PM (0)

Apr 12, 8-9 PM (0)

Apr 12, 9-10 PM (0)

Apr 12, 10-11 PM (0)

Apr 12, 11-12 AM (0)

Apr 13, 12-1 AM (0)

Apr 13, 1-2 AM (0)

Apr 13, 2-3 AM (0)

Apr 13, 3-4 AM (0)

Apr 13, 4-5 AM (0)

Apr 13, 5-6 AM (0)

Apr 13, 6-7 AM (0)

Apr 13, 7-8 AM (0)

Apr 13, 8-9 AM (0)

Apr 13, 9-10 AM (0)

Apr 13, 10-11 AM (0)

Apr 13, 11-12 PM (0)

Apr 13, 12-1 PM (0)

Apr 13, 1-2 PM (0)

Apr 13, 2-3 PM (0)

Apr 13, 3-4 PM (0)

Apr 13, 4-5 PM (0)

Apr 13, 5-6 PM (0)

Apr 13, 6-7 PM (0)

Apr 13, 7-8 PM (0)

Apr 13, 8-9 PM (0)

Apr 13, 9-10 PM (0)

Apr 13, 10-11 PM (0)

Apr 13, 11-12 AM (0)

Apr 14, 12-1 AM (0)

Apr 14, 1-2 AM (0)

Apr 14, 2-3 AM (0)

Apr 14, 3-4 AM (0)

Apr 14, 4-5 AM (0)

Apr 14, 5-6 AM (1)

Apr 14, 6-7 AM (0)

Apr 14, 7-8 AM (0)

Apr 14, 8-9 AM (0)

Apr 14, 9-10 AM (0)

Apr 14, 10-11 AM (0)

Apr 14, 11-12 PM (0)

Apr 14, 12-1 PM (0)

Apr 14, 1-2 PM (0)

Apr 14, 2-3 PM (0)

Apr 14, 3-4 PM (0)

Apr 14, 4-5 PM (0)

Apr 14, 5-6 PM (0)

Apr 14, 6-7 PM (0)

Apr 14, 7-8 PM (0)

Apr 14, 8-9 PM (0)

Apr 14, 9-10 PM (0)

Apr 14, 10-11 PM (0)

Apr 14, 11-12 AM (0)

Apr 15, 12-1 AM (0)

Apr 15, 1-2 AM (0)

Apr 15, 2-3 AM (0)

Apr 15, 3-4 AM (0)

Apr 15, 4-5 AM (0)

Apr 15, 5-6 AM (0)

Apr 15, 6-7 AM (0)

Apr 15, 7-8 AM (0)

Apr 15, 8-9 AM (0)

Apr 15, 9-10 AM (0)

Apr 15, 10-11 AM (0)

Apr 15, 11-12 PM (0)

Apr 15, 12-1 PM (0)

Apr 15, 1-2 PM (0)

Apr 15, 2-3 PM (0)

Apr 15, 3-4 PM (0)

Apr 15, 4-5 PM (0)

Apr 15, 5-6 PM (0)

Apr 15, 6-7 PM (0)

Apr 15, 7-8 PM (0)

Apr 15, 8-9 PM (0)

Apr 15, 9-10 PM (0)

Apr 15, 10-11 PM (0)

Apr 15, 11-12 AM (0)

Apr 16, 12-1 AM (0)

Apr 16, 1-2 AM (0)

Apr 16, 2-3 AM (0)

Apr 16, 3-4 AM (0)

Apr 16, 4-5 AM (0)

Apr 16, 5-6 AM (0)

Apr 16, 6-7 AM (0)

Apr 16, 7-8 AM (0)

Apr 16, 8-9 AM (0)

Apr 16, 9-10 AM (0)

Apr 16, 10-11 AM (0)

Apr 16, 11-12 PM (0)

Apr 16, 12-1 PM (0)

Apr 16, 1-2 PM (0)

Apr 16, 2-3 PM (0)

Apr 16, 3-4 PM (0)

Apr 16, 4-5 PM (0)

Apr 16, 5-6 PM (0)

Apr 16, 6-7 PM (0)

Apr 16, 7-8 PM (0)

Apr 16, 8-9 PM (0)

Apr 16, 9-10 PM (0)

Apr 16, 10-11 PM (1)

Apr 16, 11-12 AM (0)

Apr 17, 12-1 AM (0)

Apr 17, 1-2 AM (0)

Apr 17, 2-3 AM (0)

Apr 17, 3-4 AM (0)

Apr 17, 4-5 AM (0)

Apr 17, 5-6 AM (0)

Apr 17, 6-7 AM (0)

Apr 17, 7-8 AM (0)

Apr 17, 8-9 AM (0)

Apr 17, 9-10 AM (0)

Apr 17, 10-11 AM (0)

Apr 17, 11-12 PM (0)

Apr 17, 12-1 PM (0)

Apr 17, 1-2 PM (0)

Apr 17, 2-3 PM (0)

Apr 17, 3-4 PM (0)

Apr 17, 4-5 PM (0)

Apr 17, 5-6 PM (0)

2 commits this week Apr 10, 2026 - Apr 17, 2026

williamdemeo · Thu, 16 Apr 26 23:52:38 +0000 · formal-ledger-specifications

CIP-159-11: LEDGER-pov structure with LEDGER-I proved (#1123)

State and partially prove the Dijkstra LEDGER preservation-of-value
theorem with the corrected HasCoin-LedgerState that includes deposits.

- LEDGER-I (invalid case): Fully proved via utxow-pov-invalid.
- LEDGER-V (valid case): Equational chain with holes, to be filled.

The HasCoin-LedgerState total is:
  getCoin utxoSt + rewardsBalance(certState) + coinFromDeposits(certState)

Key insight: SUBLEDGERS-pov cannot be proved independently because
individual SUBUTXO rules have no balance premise — only the batch-level
consumedBatch ≡ producedBatch constrains the total. The LEDGER-V proof
must reason about the entire step at once.

431ec1bc · 1123-cip-159-11-prove-pov-and-invariants · 4/233 ++ 57 --

williamdemeo · Tue, 14 Apr 26 06:02:10 +0000 · formal-ledger-specifications

CIP-159-11: Initial PoV property module skeletons (#1123)

Add preservation-of-value property modules for the Dijkstra era,
adapted from the Conway PoV proof structure for CIP-159 (partial
withdrawals and direct deposits).

New modules:
- Certs.Properties.PoVLemmas: CERT-pov, POST-CERT-pov, sts-pov,
  PRE-CERT-pov (adapted for applyWithdrawals subtraction semantics)
- Certs.Properties.PoV: CERTS-pov top-level theorem
- Certs.Properties.ApplyWithdrawalsPov: Key new lemma showing
  applyWithdrawals decreases rewardsBalance by exactly getCoin wdrls
- Ledger.Properties.PoV: HasCoin instances, LEDGER-pov statement
  with proof sketch for direct deposit cancellation

Design notes:
- PRE-CERT-pov delegates to applyWithdrawals-pov (fold induction)
  instead of Conway's constMap/res-decomp/sumConstZero chain
- LEDGER-pov identifies the applyDirectDeposits cancellation as the
  main new proof obligation vs Conway
- applyWithdrawals-pov is structured as three layers: single-step
  (applyOne-pov), fold induction (foldl-applyOne-pov), top-level

Status: Skeleton with holes; does not yet fully typecheck.

f8a60cf7 · 1123-cip-159-11-prove-pov-and-invariants · 4/646 ++ 0 --

Showing 2 of 2 recent commits. Check out IntersectMBO on GitHub to see more.