tokitai-operator 0.1.0

Verified DL kernel compiler: formally-checked GEMM, p-adic, sheaf, contract-carrying ops. Paper-artifact grade.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

//! First-class theory-contract witnesses.
//!
//! Promotes the p-adic valuation additivity identity and the
//! ultrametric inequality from prose into typed witness structures
//! that the verifier can re-check on samples. A witness is *evidence*:
//! it does not prove the identity in general, but it lets the
//! proof-replay report list which concrete samples were checked and
//! what the observed invariants were.
//!
//! P347 adds three witness types for the p-adic valuation theory:
//!   * `ValuationAdditivityWitness` — observed `v(x * y) == v(x) + v(y)`
//!   * `UltrametricWitness` — observed `v(x + y) >= min(v(x), v(y))`
//!   * `PrecisionPreservationWitness` — observed that precision
//!     is preserved across the operation under test.
//!
//! These are CPU-reference witnesses (no Lean, no formal proof) and
//! carry an `Evidence` tag of `Tested`. They are not new claims.

use serde::{Deserialize, Serialize};

/// A single sample (label, observed, expected) for a witness.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct WitnessSample<T> {
    pub label: String,
    pub observed: T,
    pub expected: T,
}

impl<T> WitnessSample<T> {
    pub fn new(label: impl Into<String>, observed: T, expected: T) -> Self {
        Self {
            label: label.into(),
            observed,
            expected,
        }
    }

    pub fn is_satisfied(&self) -> bool
    where
        T: PartialEq,
    {
        self.observed == self.expected
    }
}

/// Witness for the p-adic valuation additivity identity
/// `v(x * y) == v(x) + v(y)`. Each sample is a triple (v_x, v_y, v_xy)
/// stored as the expected value; the observed value is the same triple.
/// The witness is satisfied when the observed equals the expected.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct ValuationAdditivityWitness {
    pub prime: u64,
    pub samples: Vec<WitnessSample<(i64, i64, i64)>>,
}

impl ValuationAdditivityWitness {
    /// Build a witness from a list of (v_x, v_y, v_xy) samples.
    pub fn from_samples(prime: u64, samples: Vec<WitnessSample<(i64, i64, i64)>>) -> Self {
        Self { prime, samples }
    }

    /// Number of samples that satisfy the identity.
    pub fn passed(&self) -> usize {
        self.samples
            .iter()
            .filter(|s| s.observed == s.expected)
            .count()
    }

    /// Total number of samples.
    pub fn total(&self) -> usize {
        self.samples.len()
    }

    /// Did every sample satisfy the identity?
    pub fn is_satisfied(&self) -> bool {
        self.samples.iter().all(|s| s.observed == s.expected)
    }
}

/// Witness for the ultrametric inequality
/// `v(x + y) >= min(v(x), v(y))`. Each sample is the observed valuation
/// of `x + y`; the expected value is the lower bound `min(v(x), v(y))`.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct UltrametricWitness {
    pub prime: u64,
    pub samples: Vec<WitnessSample<i64>>,
}

impl UltrametricWitness {
    pub fn from_samples(prime: u64, samples: Vec<WitnessSample<i64>>) -> Self {
        Self { prime, samples }
    }

    /// Number of samples that satisfy the inequality.
    pub fn passed(&self) -> usize {
        self.samples
            .iter()
            .filter(|s| s.observed == s.expected)
            .count()
    }

    pub fn total(&self) -> usize {
        self.samples.len()
    }

    pub fn is_satisfied(&self) -> bool {
        self.samples.iter().all(|s| s.observed == s.expected)
    }
}

/// Witness for the precision-preservation identity:
/// a p-adic operation of precision `p^k` returns a value of precision
/// at least `p^k` (no precision loss). Each sample is the observed
/// precision; the expected is the lower bound.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
pub struct PrecisionPreservationWitness {
    pub prime: u64,
    pub precision: u32,
    pub samples: Vec<WitnessSample<u32>>,
}

impl PrecisionPreservationWitness {
    pub fn from_samples(prime: u64, precision: u32, samples: Vec<WitnessSample<u32>>) -> Self {
        Self {
            prime,
            precision,
            samples,
        }
    }

    pub fn passed(&self) -> usize {
        self.samples
            .iter()
            .filter(|s| s.observed == s.expected)
            .count()
    }

    pub fn total(&self) -> usize {
        self.samples.len()
    }

    pub fn is_satisfied(&self) -> bool {
        self.samples.iter().all(|s| s.observed == s.expected)
    }
}