docs(lean4): add Rust cross-references to formal specs
Add documentation comments linking Lean 4 specifications to their corresponding Rust implementations (tree_predict, mlp_predict_32, PackedNode). Reference TorchLean arXiv ID for future axiom replacement. Signed-off-by: Sienna Meridian Satterwhite <sienna@sunbeam.pt>
This commit is contained in:
@@ -2,13 +2,23 @@ import Sunbeam.Model.Basic
|
|||||||
|
|
||||||
namespace Sunbeam
|
namespace Sunbeam
|
||||||
|
|
||||||
/-- A decision tree node (inductive = automatic termination for structural recursion). -/
|
/-- A decision tree node (inductive = automatic termination for structural recursion).
|
||||||
|
|
||||||
|
This is an abstract specification of the Rust packed-array representation:
|
||||||
|
`type PackedNode = (u8, f32, u16, u16)` — `(feature_index, threshold, left, right)`
|
||||||
|
Leaf nodes in Rust use `feature_index = 255`; the threshold encodes the decision:
|
||||||
|
`< 0.25` → Allow, `> 0.75` → Block, otherwise → Defer.
|
||||||
|
Here we use an inductive type so that structural recursion gives automatic termination. -/
|
||||||
inductive TreeNode where
|
inductive TreeNode where
|
||||||
| leaf (decision : Decision) : TreeNode
|
| leaf (decision : Decision) : TreeNode
|
||||||
| split (featureIdx : Nat) (threshold : Float) (left right : TreeNode) : TreeNode
|
| split (featureIdx : Nat) (threshold : Float) (left right : TreeNode) : TreeNode
|
||||||
deriving Repr
|
deriving Repr
|
||||||
|
|
||||||
/-- Tree prediction by structural recursion (termination is automatic). -/
|
/-- Tree prediction by structural recursion (termination is automatic).
|
||||||
|
|
||||||
|
Corresponds to `ensemble::tree::tree_predict` in Rust, which loops over a flat
|
||||||
|
packed-node array. The semantic behavior is identical: split nodes compare
|
||||||
|
`input[featureIdx]` against `threshold` and branch left/right. -/
|
||||||
def treePredictAux {n : Nat} (input : Fin n → Float) : TreeNode → Decision
|
def treePredictAux {n : Nat} (input : Fin n → Float) : TreeNode → Decision
|
||||||
| .leaf d => d
|
| .leaf d => d
|
||||||
| .split idx thr left right =>
|
| .split idx thr left right =>
|
||||||
|
|||||||
@@ -4,7 +4,11 @@ import Sunbeam.Model.ReLU
|
|||||||
|
|
||||||
namespace Sunbeam
|
namespace Sunbeam
|
||||||
|
|
||||||
/-- Weights for a 2-layer MLP (input → hidden → scalar output). -/
|
/-- Weights for a 2-layer MLP (input → hidden → scalar output).
|
||||||
|
|
||||||
|
Corresponds to `ensemble::mlp::mlp_predict_32` in Rust, which uses const generic
|
||||||
|
`INPUT` and a fixed hidden dimension of 32. Here `hiddenDim` is a parameter so
|
||||||
|
structural properties can be proved generically. -/
|
||||||
structure MLPWeights (inputDim hiddenDim : Nat) where
|
structure MLPWeights (inputDim hiddenDim : Nat) where
|
||||||
w1 : Fin hiddenDim → FloatVec inputDim
|
w1 : Fin hiddenDim → FloatVec inputDim
|
||||||
b1 : FloatVec hiddenDim
|
b1 : FloatVec hiddenDim
|
||||||
|
|||||||
@@ -13,8 +13,8 @@ float inputs. They cannot be proved inside Lean because `Float` operations are
|
|||||||
`@[extern]` (opaque to the kernel). The axioms form a documented trust boundary:
|
`@[extern]` (opaque to the kernel). The axioms form a documented trust boundary:
|
||||||
we trust the C runtime's `exp` implementation.
|
we trust the C runtime's `exp` implementation.
|
||||||
|
|
||||||
When TorchLean ships its verified Float32 kernel, these axioms can be replaced
|
When TorchLean (arXiv:2602.22631) ships its verified Float32 kernel, these
|
||||||
with proofs against that kernel.
|
axioms can be replaced with proofs against that kernel.
|
||||||
-/
|
-/
|
||||||
|
|
||||||
/-- Sigmoid output is always positive: exp(-x) ≥ 0 ⟹ 1+exp(-x) ≥ 1 ⟹ 1/(1+exp(-x)) > 0. -/
|
/-- Sigmoid output is always positive: exp(-x) ≥ 0 ⟹ 1+exp(-x) ≥ 1 ⟹ 1/(1+exp(-x)) > 0. -/
|
||||||
|
|||||||
Reference in New Issue
Block a user