Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

The Diamond-tier substrate

Source of truth: docs/specifications/sub/diamond-taxonomy.md in the canonical spec. The Diamond program runs in parallel to the book and is the deepest layer of contract enforcement.

The 4-stratum quorum (Semantic, Symbolic, Runtime, Extrinsic) is the floor: it answers “does the contract hold?”. The Diamond-tier substrate answers a stronger question: “which algebraic invariants of the contract hold, and at what depth?”

Concretely: each contract carries a growing portfolio of _diamond theorems in contracts/lean/, each proving a structural property that any conforming implementation must satisfy.

Refinement tiers

A contract can be discharged at increasing levels of confidence:

TierMeaningExample
BronzeThe equation type-checks by construction (rfl proof)Every Layer-1 equation gets a Bronze theorem for free
SilverThe equation holds for the intended canonical implementation42 equations at Silver as of v0.1.0
GoldThe equation holds as a subtype refinement — any value satisfying preconditions also satisfies postconditions12/12 contracts at Gold
PlatinumThe equation holds up to observational equivalence — the contract is closed under composition12/12 contracts at Platinum
DiamondAdditional algebraic theorems proving deeper invariants (extensionality, completeness, identity, round-trips)171 wired Diamond theorems at depth-13 UNIVERSAL

Higher tiers strictly entail lower tiers. Bronze is by construction; Diamond is by careful axiomatization.

What “depth-N UNIVERSAL” means

A Diamond program isn’t proved in one go — it grows monotonically. We say the substrate is at depth-N UNIVERSAL when every contract has at least N distinct Diamond theorem categories.

DepthStatus at v0.1.0
depth-1..13UNIVERSAL — all 12 contracts have ≥13 Diamond categories
depth-14+2 contracts: C-PY-INT-ARITH (depth-21) and C-COMPILE-RUST-TO-PTX-MMA (depth-20)

Eleven UNIVERSAL milestones (depth-3 through depth-13) have been achieved, each via a “broadening sweep” that extends a previously narrow-deep contract pattern out to the full 12-contract substrate.

The 13 recurring templates

By v0.1.0 the substrate had discovered 13 recurring algebraic templates that show up across many contracts:

#TemplateCoverage
1Structure extensionality32+ contracts
2Array.size structure11 contracts
3Enum distinctness3 contracts
4Nat structure1 contract
5Reverse involution1 contract
6String.length Nat-structure3 contracts
7Int-sign decomposition2 contracts
8Enum completeness3 contracts
9Gold-tier subtype extensionality11 contracts
10Tier-projection homomorphism (Silver→Bronze)9 contracts
11Canonical identity element10 contracts
12Bronze→Silver canonical-lift homomorphism10 contracts
13Bronze↔Silver round-trip identity10 contracts

Templates 10–13 form a compositional suite: lift Bronze→Silver, project Silver→Bronze, and the composition equals identity. This is the substrate-level proof that the canonical refinement-tier model is internally coherent.

Inspecting the Diamond state

$ xpile diamond
xpile diamond — Diamond-tier coverage (PMAT-249)

  contract                                 diamond  depth
  ------------------------------------------------------------
  C-PY-INT-ARITH                                21  depth-21+
  C-COMPILE-RUST-TO-PTX-MMA                     20  depth-20
  C-BASHRS-POSIX-IDEMPOTENCE                    13  depth-13
  C-FFI-CPYTHON-EXT                             13  depth-13
  C-NOTATION-LATEX-MATH-TO-EQUATION             13  depth-13
  ...

totals: 171 Diamond theorems across 12 contracts
  depth-1+..depth-13+: 12 contracts each (UNIVERSAL)
  depth-14+..depth-20+: 2 contracts each
  depth-21+: 1 contract

JSON output is available via xpile diamond --json and is parsed by the CI gate crates/xpile/tests/diamond_coverage.rs. The gate has 22 integration tests covering depth-1..depth-13 UNIVERSAL invariants — any regression fails the build.

What comes next