Cortex.Graph.Safety
On this page
Imports
import Cortex.Graph.QuotientOverview
Safety-facing graph facts for the Cortex proof stack.
Context
Cortex.Graph.Relation gives Mokhov graph expressions their finite relation
denotation. Track 2 and Track 3 need more than the algebraic laws: they need a
shared path, acyclicity, and endpoint-closure vocabulary that can bridge the
relation model into Pulse DAGs and Wire rewrite validity.
This module deliberately stays inside Cortex.Graph.*. It does not import
Pulse or Wire; downstream tracks consume these declarations to avoid duplicating
reachability and topology-validity definitions.
Theorem Split
The page defines relation-level paths and acyclicity, proves endpoint closure for Mokhov relation constructors and denoted graph expressions, and lifts the acyclicity predicate through raw graph equality and the quotient carrier.
namespace Cortex.GraphRelation Reachability
namespace Relationvariable {α : Type}
Path relation source target is non-empty reachability through relation edges.
inductive Path (relation : Relation α) : α → α → Prop where
| direct {source target : α} :
(source, target) ∈ relation.edges → Path relation source target
| trans {source middle target : α} :
Path relation source middle →
Path relation middle target →
Path relation source target
Acyclic relation rules out non-empty paths from a node back to itself.
def Acyclic (relation : Relation α) : Prop :=
∀ node : α, ¬ Path relation node nodenamespace Path
Path.source_mem keeps a reachable source inside an endpoint-closed relation.
theorem source_mem
{relation : Relation α}
(hEndpoints : EdgeEndpointsInVertices relation)
{source target : α}
(hPath : Path relation source target) :
source ∈ relation.vertices := α:Typerelation:Relation αhEndpoints:relation.EdgeEndpointsInVerticessource:αtarget:αhPath:relation.Path source target⊢ source ∈ relation.vertices
induction hPath with
α:Typerelation:Relation αhEndpoints:relation.EdgeEndpointsInVerticessource:αtarget:αsource✝:αtarget✝:αhEdge:(source✝, target✝) ∈ relation.edges⊢ source✝ ∈ relation.vertices
All goals completed! 🐙
α:Typerelation:Relation αhEndpoints:relation.EdgeEndpointsInVerticessource:αtarget:αsource✝:αmiddle✝:αtarget✝:αa✝¹:relation.Path source✝ middle✝a✝:relation.Path middle✝ target✝ihLeft:source✝ ∈ relation.verticesa_ih✝:middle✝ ∈ relation.vertices⊢ source✝ ∈ relation.vertices
All goals completed! 🐙
Path.target_mem keeps a reachable target inside an endpoint-closed relation.
theorem target_mem
{relation : Relation α}
(hEndpoints : EdgeEndpointsInVertices relation)
{source target : α}
(hPath : Path relation source target) :
target ∈ relation.vertices := α:Typerelation:Relation αhEndpoints:relation.EdgeEndpointsInVerticessource:αtarget:αhPath:relation.Path source target⊢ target ∈ relation.vertices
induction hPath with
α:Typerelation:Relation αhEndpoints:relation.EdgeEndpointsInVerticessource:αtarget:αsource✝:αtarget✝:αhEdge:(source✝, target✝) ∈ relation.edges⊢ target✝ ∈ relation.vertices
All goals completed! 🐙
α:Typerelation:Relation αhEndpoints:relation.EdgeEndpointsInVerticessource:αtarget:αsource✝:αmiddle✝:αtarget✝:αa✝¹:relation.Path source✝ middle✝a✝:relation.Path middle✝ target✝a_ih✝:middle✝ ∈ relation.verticesihRight:target✝ ∈ relation.vertices⊢ target✝ ∈ relation.vertices
All goals completed! 🐙end PathRuntime-Style Edge Predicate
section RuntimeEdgePredicatevariable [DecidableEq α]
edgeBool relation source target is the boolean edge predicate for a finite relation.
def edgeBool (relation : Relation α) (source target : α) : Bool :=
decide ((source, target) ∈ relation.edges)
edgeBool_true_iff relates the boolean edge predicate to relation membership.
theorem edgeBool_true_iff
(relation : Relation α)
(source target : α) :
edgeBool relation source target = true ↔ (source, target) ∈ relation.edges := α:Typeinst✝:DecidableEq αrelation:Relation αsource:αtarget:α⊢ relation.edgeBool source target = true ↔ (source, target) ∈ relation.edges
All goals completed! 🐙
edgeBool_true_of_mem turns relation membership into a true runtime-style edge.
theorem edgeBool_true_of_mem
{relation : Relation α}
{source target : α}
(hEdge : (source, target) ∈ relation.edges) :
edgeBool relation source target = true :=
(edgeBool_true_iff relation source target).2 hEdge
Path.of_edgeBool_true turns a true runtime-style edge into relation reachability.
theorem Path.of_edgeBool_true
{relation : Relation α}
{source target : α}
(hEdge : edgeBool relation source target = true) :
Path relation source target :=
Path.direct ((edgeBool_true_iff relation source target).1 hEdge)
edgeBool_source_mem keeps runtime-style edge sources inside endpoint-closed relations.
theorem edgeBool_source_mem
{relation : Relation α}
(hEndpoints : EdgeEndpointsInVertices relation)
{source target : α}
(hEdge : edgeBool relation source target = true) :
source ∈ relation.vertices := α:Typeinst✝:DecidableEq αrelation:Relation αhEndpoints:relation.EdgeEndpointsInVerticessource:αtarget:αhEdge:relation.edgeBool source target = true⊢ source ∈ relation.vertices
α:Typeinst✝:DecidableEq αrelation:Relation αhEndpoints:relation.EdgeEndpointsInVerticessource:αtarget:αhEdge:relation.edgeBool source target = truehMember:(source, target) ∈ relation.edges⊢ source ∈ relation.vertices
All goals completed! 🐙
edgeBool_target_mem keeps runtime-style edge targets inside endpoint-closed relations.
theorem edgeBool_target_mem
{relation : Relation α}
(hEndpoints : EdgeEndpointsInVertices relation)
{source target : α}
(hEdge : edgeBool relation source target = true) :
target ∈ relation.vertices := α:Typeinst✝:DecidableEq αrelation:Relation αhEndpoints:relation.EdgeEndpointsInVerticessource:αtarget:αhEdge:relation.edgeBool source target = true⊢ target ∈ relation.vertices
α:Typeinst✝:DecidableEq αrelation:Relation αhEndpoints:relation.EdgeEndpointsInVerticessource:αtarget:αhEdge:relation.edgeBool source target = truehMember:(source, target) ∈ relation.edges⊢ target ∈ relation.vertices
All goals completed! 🐙end RuntimeEdgePredicateEndpoint Closure
empty_edgeEndpointsInVertices says the empty relation is endpoint-closed.
theorem empty_edgeEndpointsInVertices :
EdgeEndpointsInVertices (empty : Relation α) := α:Type⊢ empty.EdgeEndpointsInVertices
intro edge α:Typeedge:α × αhEdge:edge ∈ empty.edges⊢ edge.1 ∈ empty.vertices ∧ edge.2 ∈ empty.vertices
All goals completed! 🐙
vertex_edgeEndpointsInVertices says a singleton vertex relation is endpoint-closed.
theorem vertex_edgeEndpointsInVertices (vertexValue : α) :
EdgeEndpointsInVertices (vertex vertexValue) := α:TypevertexValue:α⊢ (vertex vertexValue).EdgeEndpointsInVertices
intro edge α:TypevertexValue:αedge:α × αhEdge:edge ∈ (vertex vertexValue).edges⊢ edge.1 ∈ (vertex vertexValue).vertices ∧ edge.2 ∈ (vertex vertexValue).vertices
All goals completed! 🐙section EndpointConstructorsvariable [DecidableEq α]
overlay_edgeEndpointsInVertices preserves endpoint closure under overlay.
theorem overlay_edgeEndpointsInVertices
{left right : Relation α}
(hLeft : EdgeEndpointsInVertices left)
(hRight : EdgeEndpointsInVertices right) :
EdgeEndpointsInVertices (overlay left right) := α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVertices⊢ (left.overlay right).EdgeEndpointsInVertices
intro edge α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.overlay right).edges⊢ edge.1 ∈ (left.overlay right).vertices ∧ edge.2 ∈ (left.overlay right).vertices
have hCases : edge ∈ left.edges ∨ edge ∈ right.edges := α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVertices⊢ (left.overlay right).EdgeEndpointsInVertices
All goals completed! 🐙
α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.overlay right).edgeshLeftEdge:edge ∈ left.edges⊢ edge.1 ∈ (left.overlay right).vertices ∧ edge.2 ∈ (left.overlay right).verticesα:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.overlay right).edgeshRightEdge:edge ∈ right.edges⊢ edge.1 ∈ (left.overlay right).vertices ∧ edge.2 ∈ (left.overlay right).vertices
α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.overlay right).edgeshLeftEdge:edge ∈ left.edges⊢ edge.1 ∈ (left.overlay right).vertices ∧ edge.2 ∈ (left.overlay right).vertices α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.overlay right).edgeshLeftEdge:edge ∈ left.edgeshSource:edge.1 ∈ left.verticeshTarget:edge.2 ∈ left.vertices⊢ edge.1 ∈ (left.overlay right).vertices ∧ edge.2 ∈ (left.overlay right).vertices
All goals completed! 🐙
α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.overlay right).edgeshRightEdge:edge ∈ right.edges⊢ edge.1 ∈ (left.overlay right).vertices ∧ edge.2 ∈ (left.overlay right).vertices α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.overlay right).edgeshRightEdge:edge ∈ right.edgeshSource:edge.1 ∈ right.verticeshTarget:edge.2 ∈ right.vertices⊢ edge.1 ∈ (left.overlay right).vertices ∧ edge.2 ∈ (left.overlay right).vertices
All goals completed! 🐙
connect_edgeEndpointsInVertices preserves endpoint closure under connect.
theorem connect_edgeEndpointsInVertices
{left right : Relation α}
(hLeft : EdgeEndpointsInVertices left)
(hRight : EdgeEndpointsInVertices right) :
EdgeEndpointsInVertices (connect left right) := α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVertices⊢ (left.connect right).EdgeEndpointsInVertices
intro edge α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.connect right).edges⊢ edge.1 ∈ (left.connect right).vertices ∧ edge.2 ∈ (left.connect right).vertices
have hCases :
edge ∈ left.edges ∨
edge ∈ right.edges ∨
edge.1 ∈ left.vertices ∧ edge.2 ∈ right.vertices := α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVertices⊢ (left.connect right).EdgeEndpointsInVertices
All goals completed! 🐙
α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.connect right).edgeshLeftEdge:edge ∈ left.edges⊢ edge.1 ∈ (left.connect right).vertices ∧ edge.2 ∈ (left.connect right).verticesα:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.connect right).edgeshRest:edge ∈ right.edges ∨ edge.1 ∈ left.vertices ∧ edge.2 ∈ right.vertices⊢ edge.1 ∈ (left.connect right).vertices ∧ edge.2 ∈ (left.connect right).vertices
α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.connect right).edgeshLeftEdge:edge ∈ left.edges⊢ edge.1 ∈ (left.connect right).vertices ∧ edge.2 ∈ (left.connect right).vertices α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.connect right).edgeshLeftEdge:edge ∈ left.edgeshSource:edge.1 ∈ left.verticeshTarget:edge.2 ∈ left.vertices⊢ edge.1 ∈ (left.connect right).vertices ∧ edge.2 ∈ (left.connect right).vertices
All goals completed! 🐙
α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.connect right).edgeshRest:edge ∈ right.edges ∨ edge.1 ∈ left.vertices ∧ edge.2 ∈ right.vertices⊢ edge.1 ∈ (left.connect right).vertices ∧ edge.2 ∈ (left.connect right).vertices α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.connect right).edgeshRightEdge:edge ∈ right.edges⊢ edge.1 ∈ (left.connect right).vertices ∧ edge.2 ∈ (left.connect right).verticesα:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.connect right).edgeshCross:edge.1 ∈ left.vertices ∧ edge.2 ∈ right.vertices⊢ edge.1 ∈ (left.connect right).vertices ∧ edge.2 ∈ (left.connect right).vertices
α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.connect right).edgeshRightEdge:edge ∈ right.edges⊢ edge.1 ∈ (left.connect right).vertices ∧ edge.2 ∈ (left.connect right).vertices α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.connect right).edgeshRightEdge:edge ∈ right.edgeshSource:edge.1 ∈ right.verticeshTarget:edge.2 ∈ right.vertices⊢ edge.1 ∈ (left.connect right).vertices ∧ edge.2 ∈ (left.connect right).vertices
All goals completed! 🐙
α:Typeinst✝:DecidableEq αleft:Relation αright:Relation αhLeft:left.EdgeEndpointsInVerticeshRight:right.EdgeEndpointsInVerticesedge:α × αhEdge:edge ∈ (left.connect right).edgeshCross:edge.1 ∈ left.vertices ∧ edge.2 ∈ right.vertices⊢ edge.1 ∈ (left.connect right).vertices ∧ edge.2 ∈ (left.connect right).vertices All goals completed! 🐙end EndpointConstructors
acyclic_of_eq transports relation acyclicity across relation equality.
theorem acyclic_of_eq
{left right : Relation α}
(hEq : left = right)
(hAcyclic : Acyclic left) :
Acyclic right := α:Typeleft:Relation αright:Relation αhEq:left = righthAcyclic:left.Acyclic⊢ right.Acyclic
α:Typeleft:Relation αhAcyclic:left.Acyclic⊢ left.Acyclic
All goals completed! 🐙
acyclic_iff_of_eq states relation acyclicity is invariant under equality.
theorem acyclic_iff_of_eq
{left right : Relation α}
(hEq : left = right) :
Acyclic left ↔ Acyclic right :=
⟨acyclic_of_eq hEq, acyclic_of_eq hEq.symm⟩end RelationGraph Expression Safety
variable {α : Type} [DecidableEq α]
denote_edgeEndpointsInVertices says every denoted graph relation is endpoint-closed.
theorem denote_edgeEndpointsInVertices (graph : Graph α) :
Relation.EdgeEndpointsInVertices (denote graph) := α:Typeinst✝:DecidableEq αgraph:Graph α⊢ (denote graph).EdgeEndpointsInVertices
induction graph with
α:Typeinst✝:DecidableEq α⊢ (denote Graph.empty).EdgeEndpointsInVertices
All goals completed! 🐙
α:Typeinst✝:DecidableEq αvertexValue:α⊢ (denote (Graph.vertex vertexValue)).EdgeEndpointsInVertices
All goals completed! 🐙
α:Typeinst✝:DecidableEq αleft:Graph αright:Graph αleftIH:(denote left).EdgeEndpointsInVerticesrightIH:(denote right).EdgeEndpointsInVertices⊢ (denote (left.overlay right)).EdgeEndpointsInVertices
All goals completed! 🐙
α:Typeinst✝:DecidableEq αleft:Graph αright:Graph αleftIH:(denote left).EdgeEndpointsInVerticesrightIH:(denote right).EdgeEndpointsInVertices⊢ (denote (left.connect right)).EdgeEndpointsInVertices
All goals completed! 🐙
GraphPath graph source target is reachability through the graph denotation.
def GraphPath (graph : Graph α) (source target : α) : Prop :=
Relation.Path (denote graph) source target
GraphAcyclic graph rules out non-empty denotational cycles.
def GraphAcyclic (graph : Graph α) : Prop :=
Relation.Acyclic (denote graph)
graphAcyclic_iff_no_graphPath unfolds graph acyclicity through graph paths.
theorem graphAcyclic_iff_no_graphPath (graph : Graph α) :
GraphAcyclic graph ↔ ∀ node : α, ¬ GraphPath graph node node :=
Iff.rfl
graphAcyclic_no_self rules out self-reachability in an acyclic graph.
theorem graphAcyclic_no_self
{graph : Graph α}
(hAcyclic : GraphAcyclic graph)
(node : α) :
¬ GraphPath graph node node :=
hAcyclic node
graphAcyclic_false_of_path eliminates a cyclic path witness.
theorem graphAcyclic_false_of_path
{graph : Graph α}
{node : α}
(hAcyclic : GraphAcyclic graph)
(hPath : GraphPath graph node node) :
False :=
hAcyclic node hPath
graphPath_source_mem keeps graph-path sources inside the denoted vertex set.
theorem graphPath_source_mem
{graph : Graph α}
{source target : α}
(hPath : GraphPath graph source target) :
source ∈ (denote graph).vertices :=
Relation.Path.source_mem (denote_edgeEndpointsInVertices graph) hPath
graphPath_target_mem keeps graph-path targets inside the denoted vertex set.
theorem graphPath_target_mem
{graph : Graph α}
{source target : α}
(hPath : GraphPath graph source target) :
target ∈ (denote graph).vertices :=
Relation.Path.target_mem (denote_edgeEndpointsInVertices graph) hPathnamespace GraphEq
GraphEq.acyclic transports graph acyclicity across denotational graph equality.
theorem acyclic
{left right : Graph α}
(hEq : GraphEq left right)
(hAcyclic : GraphAcyclic left) :
GraphAcyclic right :=
Relation.acyclic_of_eq hEq hAcyclic
GraphEq.acyclic_iff says graph acyclicity is invariant under GraphEq.
theorem acyclic_iff
{left right : Graph α}
(hEq : GraphEq left right) :
GraphAcyclic left ↔ GraphAcyclic right :=
⟨acyclic hEq, acyclic hEq.symm⟩end GraphEqQuotient Safety
namespace AlgGraph
AlgGraph.Path graph source target is reachability through a quotient graph denotation.
def Path (graph : AlgGraph α) (source target : α) : Prop :=
Relation.Path (denote graph) source target
AlgGraph.Acyclic graph is acyclicity of a quotient graph's relation denotation.
def Acyclic (graph : AlgGraph α) : Prop :=
Relation.Acyclic (denote graph)
path_ofGraph identifies quotient reachability with raw graph reachability.
theorem path_ofGraph
(graph : Graph α)
(source target : α) :
Path (ofGraph graph) source target ↔ GraphPath graph source target :=
Iff.rfl
acyclic_ofGraph identifies quotient acyclicity with raw graph acyclicity.
theorem acyclic_ofGraph (graph : Graph α) :
Acyclic (ofGraph graph) ↔ GraphAcyclic graph :=
Iff.rfl
denote_edgeEndpointsInVertices says quotient graph denotations are endpoint-closed.
theorem denote_edgeEndpointsInVertices (graph : AlgGraph α) :
Relation.EdgeEndpointsInVertices (denote graph) := α:Typeinst✝:DecidableEq αgraph:AlgGraph α⊢ graph.denote.EdgeEndpointsInVertices
α:Typeinst✝:DecidableEq αgraph:AlgGraph α⊢ ∀ (a : Graph α), (denote ⟦a⟧).EdgeEndpointsInVertices
α:Typeinst✝:DecidableEq αgraph:AlgGraph αrawGraph:Graph α⊢ (denote ⟦rawGraph⟧).EdgeEndpointsInVertices
All goals completed! 🐙
path_source_mem keeps quotient-path sources inside the quotient denotation.
theorem path_source_mem
{graph : AlgGraph α}
{source target : α}
(hPath : Path graph source target) :
source ∈ (denote graph).vertices :=
Relation.Path.source_mem (denote_edgeEndpointsInVertices graph) hPath
path_target_mem keeps quotient-path targets inside the quotient denotation.
theorem path_target_mem
{graph : AlgGraph α}
{source target : α}
(hPath : Path graph source target) :
target ∈ (denote graph).vertices :=
Relation.Path.target_mem (denote_edgeEndpointsInVertices graph) hPath
acyclic_congr transports quotient acyclicity across raw GraphEq representatives.
theorem acyclic_congr
{left right : Graph α}
(hEq : GraphEq left right) :
Acyclic (ofGraph left) ↔ Acyclic (ofGraph right) := α:Typeinst✝:DecidableEq αleft:Graph αright:Graph αhEq:GraphEq left right⊢ (ofGraph left).Acyclic ↔ (ofGraph right).Acyclic
α:Typeinst✝:DecidableEq αleft:Graph αright:Graph αhEq:GraphEq left right⊢ GraphAcyclic left ↔ GraphAcyclic right
All goals completed! 🐙end AlgGraphend Cortex.Graph