Skip to content

chore(release): v0.8.0 — honest i64 verification foundation#151

Merged
avrabe merged 1 commit into
mainfrom
release/v0.8.0-changelog
May 26, 2026
Merged

chore(release): v0.8.0 — honest i64 verification foundation#151
avrabe merged 1 commit into
mainfrom
release/v0.8.0-changelog

Conversation

@avrabe
Copy link
Copy Markdown
Contributor

@avrabe avrabe commented May 26, 2026

Summary

  • Bumps workspace + MODULE.bazel + 23 path-dep pins from 0.7.0 → 0.8.0
  • Promotes [Unreleased][0.8.0] - 2026-05-26 with re-framed theme + falsification statement
  • Re-narrates v0.8.0 from "i64 T1 result-correspondence parity" → "honest i64 verification foundation"

Why the theme changed mid-release

The originally-scoped theme ("i64 T1 parity", umbrella #147) was caught by its own falsification clause. A clean-room check of PR #149 (the foundation PR) surfaced that coq/Synth/Synth/Compilation.v modeled i64 ops as single 32-bit ARM instructions while the real Rust compiler emits proper ADDS R0,R0,R2; ADC R1,R1,R3 register-pair sequences. Per the umbrella's falsification clause, T1 proofs against the simplified model "prove a different operation than the compiler emits" — disqualifying.

Rather than overclaim, v0.8.0 ships the aligned model + proof tooling layer that makes the actual T1 lifts honest. v0.9.0 picks up the T2→T1 promotions against the now-correct model.

PRs included

Net verification delta

  • Before v0.8.0: 29 i64 theorems Qed against a model that proved the wrong operation (the low-32-bit slice of i64 ops).
  • After v0.8.0: 36 i64 theorems Qed against the correct model, plus 5 strategically-Admitted theorems openly listed in CHANGELOG and tracked for v0.9.0.

Falsification statement

v0.8.0 is wrong if:

  • The aligned Compilation.v clauses don't match what the Rust compiler emits (cross-check against docs/analysis/I64_CODEGEN_SURVEY.md)
  • bazel test //coq:verify_proofs goes red on a clean v0.8.0 checkout
  • Any of the 5 strategically-Admitted i64 theorems are claimed Qed anywhere

Test plan

  • CI green on this PR
  • After merge: tag v0.8.0, release.yml ships the 10-asset GitHub Release (4 binary tarballs + SHA256SUMS + 3 cosign artifacts + build-env.txt + toolchain SBOM)
  • After merge: publish-to-crates-io.yml republishes the workspace at 0.8.0 via CARGO_REGISTRY_TOKEN

@avrabe
chore(release): v0.8.0 — honest i64 verification foundation
8330fa7 
Bumps workspace version 0.7.0 → 0.8.0 and promotes the [Unreleased]
section to [0.8.0] with the re-framed theme and falsification
statement. Sweeps the 23 intra-workspace path-dep version pins to
0.8.0 (per the lesson from v0.7.0's release-tail) and bumps
MODULE.bazel module version.

Theme: aligned Compilation.v model + i64 proof tooling, not the
originally-scoped T1 parity. Re-framed honestly because the
falsification clause from the umbrella (#147) explicitly forbade
shipping T1 proofs against a simplified model that "proves a
different operation than the compiler emits" — which is what PR
#149's clean-room check surfaced. v0.9.0 picks up the actual
T2→T1 promotions against the now-aligned model.

PRs included:
  #148 docs(v0.8.0): defer F64↔I64 conversions — ARMv7-M FPv5 has no 64-bit VCVT
  #150 feat(coq): align Compilation.v i64 ops with real Rust codegen
  #149 feat(coq): i64 tactics + flag-correspondence lemmas (foundation)
@avrabe avrabe merged commit 021a043 into main May 26, 2026
8 of 11 checks passed
@avrabe avrabe deleted the release/v0.8.0-changelog branch May 26, 2026 20:02
@codecov
Copy link
Copy Markdown

codecov Bot commented May 26, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avrabe