tokitai-operator 0.1.0

Verified DL kernel compiler: formally-checked GEMM, p-adic, sheaf, contract-carrying ops. Paper-artifact grade.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143

//! Domain-level contract primitives.
//!
//! `Contract`, `ContractId`, `ContractSet`, `Claim`, `Condition`,
//! `Evidence`, `Scope` are the abstract data types that the
//! operator layer uses to express "what does this op require" and
//! "what does this op provide". The contract set is read by the
//! planner when discharging obligations and by the verifier when
//! generating the `audit_report`.
//!
//! Public types: `Contract`, `ContractId`, `ContractSet`, `Claim`,
//! `Condition`, `Evidence`, `Scope`.
//!
//! Source-of-truth: this file is the only place the contract
//! primitives are declared. The op modules (`src/op/*.rs`)
//! consume them through the `pub use` re-export in
//! `src/op/contract.rs`.
//!
use std::collections::BTreeSet;

#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub struct ContractId(pub u64);

#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub enum Claim {
    Associative,
    Commutative,
    Distributive,
    HasIdentity,
    HasInverse,
    Exact,
    Approximate,
    Deterministic,
    Local,
    CoverPreserving,
    RestrictionCompatible,
    Gluable,
    NonArchimedeanNorm,
    ValuationIdentity(String),
    PrecisionPreserved,
    PrecisionLossBounded(u32),
    BackendSemantic(String),
    /// A finite field specification: prime p and extension degree k.
    /// The element type is F_{p^k}; the modulus polynomial is
    /// provided by the domain at construction time.
    FiniteFieldSpec {
        prime: u64,
        extension_degree: usize,
    },
    Custom(String),
}

#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub enum Scope {
    Domain(String),
    Object(String),
    Operator(String),
    Rewrite(String),
    Backend(String),
    Global,
}

#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub enum Evidence {
    Axiom,
    Derived,
    Checked,
    Tested,
    ExternalProof(String),
    UnsafeAssumption,
}

#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub struct Condition {
    pub description: String,
}

impl Condition {
    pub fn new(description: impl Into<String>) -> Self {
        Self {
            description: description.into(),
        }
    }
}

#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub struct Contract {
    pub id: ContractId,
    pub claim: Claim,
    pub scope: Scope,
    pub evidence: Evidence,
    pub conditions: Vec<Condition>,
}

impl Contract {
    pub fn new(id: ContractId, claim: Claim, scope: Scope, evidence: Evidence) -> Self {
        Self {
            id,
            claim,
            scope,
            evidence,
            conditions: Vec::new(),
        }
    }
}

#[derive(Debug, Clone, Default, PartialEq, Eq)]
pub struct ContractSet {
    contracts: BTreeSet<Contract>,
}

impl ContractSet {
    pub fn new() -> Self {
        Self::default()
    }

    pub fn from_iter(contracts: impl IntoIterator<Item = Contract>) -> Self {
        Self {
            contracts: contracts.into_iter().collect(),
        }
    }

    pub fn insert(&mut self, contract: Contract) {
        self.contracts.insert(contract);
    }

    pub fn contains_claim(&self, claim: &Claim) -> bool {
        self.contracts
            .iter()
            .any(|contract| &contract.claim == claim)
    }

    pub fn iter(&self) -> impl Iterator<Item = &Contract> {
        self.contracts.iter()
    }

    pub fn extend(&mut self, other: ContractSet) {
        self.contracts.extend(other.contracts);
    }

    pub fn is_empty(&self) -> bool {
        self.contracts.is_empty()
    }
}